hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-19 05:54:00 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into format

Browse Source
This commit is contained in:
Geoffrey White
2023-01-03 15:14:55 +00:00
parent 640f894b00 b3a3957dc9
commit e05bb7fcee
622 changed files with 48367 additions and 10754 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
.github/actions/cache-query-compilation/action.yml vendored
View File

@@ -23,20 +23,19 @@ runs:
run: |
MERGE_BASE=$(git cat-file commit $GITHUB_SHA | grep '^parent ' | head -1 | cut -f 2 -d " ")
echo "merge_base=$MERGE_BASE" >> $GITHUB_ENV
- name: Restore read-only cache (PR)
- name: Restore cache (PR)
if: ${{ github.event_name == 'pull_request' }}
uses: erik-krogh/actions-cache@a88d0603fe5fb5606db9f002dfcadeb32b5f84c6
uses: actions/cache/restore@v3
with:
path: '**/.cache'
read-only: true
key: codeql-compile-${{ inputs.key }}-pr-${{ github.sha }}
restore-keys: |
codeql-compile-${{ inputs.key }}-${{ github.base_ref }}-${{ env.merge_base }}
codeql-compile-${{ inputs.key }}-${{ github.base_ref }}-
codeql-compile-${{ inputs.key }}-main-
- name: Fill cache (push)
- name: Fill cache (only branch push)
if: ${{ github.event_name != 'pull_request' }}
uses: erik-krogh/actions-cache@a88d0603fe5fb5606db9f002dfcadeb32b5f84c6
uses: actions/cache@v3
with:
path: '**/.cache'
key: codeql-compile-${{ inputs.key }}-${{ github.ref_name }}-${{ github.sha }} # just fill on main

11
.github/workflows/atm-check-query-suite.yml vendored
View File

@@ -13,7 +13,7 @@ on:
jobs:
atm-check-query-suite:
runs-on: ubuntu-latest
runs-on: ubuntu-latest-xl
steps:
- uses: actions/checkout@v3
@@ -23,6 +23,12 @@ jobs:
with:
channel: release
- name: Cache compilation cache
id: query-cache
uses: ./.github/actions/cache-query-compilation
with:
key: atm-suite
- name: Install ATM model
run: |
set -exu
@@ -50,10 +56,13 @@ jobs:
echo "SARIF_PATH=${SARIF_PATH}" >> "${GITHUB_ENV}"
codeql database analyze \
--threads=0 \
--ram 50000 \
--format sarif-latest \
--output "${SARIF_PATH}" \
--sarif-group-rules-by-pack \
-vv \
--compilation-cache "${{ steps.query-cache.outputs.cache-dir }}" \
-- \
"${DB_PATH}" \
"${QUERY_PACK}/${QUERY_SUITE}"

2
.github/workflows/close-stale.yml vendored
View File

@@ -12,7 +12,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/stale@v6
- uses: actions/stale@v7
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
stale-issue-message: 'This issue is stale because it has been open 14 days with no activity. Comment or remove the `Stale` label in order to avoid having this issue closed in 7 days.'

5
config/identical-files.json
View File

@@ -531,11 +531,6 @@
"ruby/ql/lib/codeql/ruby/internal/ConceptsShared.qll",
"javascript/ql/lib/semmle/javascript/internal/ConceptsShared.qll"
],
"Hostname Regexp queries": [
"javascript/ql/src/Security/CWE-020/HostnameRegexpShared.qll",
"python/ql/src/Security/CWE-020/HostnameRegexpShared.qll",
"ruby/ql/src/queries/security/cwe-020/HostnameRegexpShared.qll"
],
"ApiGraphModels": [
"javascript/ql/lib/semmle/javascript/frameworks/data/internal/ApiGraphModels.qll",
"ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModels.qll",

4
cpp/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 0.4.6
No user-facing changes.
## 0.4.5
No user-facing changes.

4
cpp/ql/lib/change-notes/2022-12-19-argv-as-parameter-flowsource.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* The `ArgvSource` flow source now uses the second parameter of `main` as its source instead of the uses of this parameter.

3
cpp/ql/lib/change-notes/released/0.4.6.md Normal file
View File

@@ -0,0 +1,3 @@
## 0.4.6
No user-facing changes.

2
cpp/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.4.5
lastReleaseVersion: 0.4.6

2
cpp/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/cpp-all
version: 0.4.6-dev
version: 0.5.0-dev
groups: cpp
dbscheme: semmlecode.cpp.dbscheme
extractor: cpp

32
cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/InstructionTag.qll
View File

@@ -72,7 +72,19 @@ newtype TInstructionTag =
AsmInputTag(int elementIndex) { exists(AsmStmt asm | exists(asm.getChild(elementIndex))) } or
ThisAddressTag() or
ThisLoadTag() or
StructuredBindingAccessTag()
StructuredBindingAccessTag() or
// The next three cases handle generation of the constants -1, 0 and 1 for __except handling.
TryExceptGenerateNegativeOne() or
TryExceptGenerateZero() or
TryExceptGenerateOne() or
// The next three cases handle generation of comparisons for __except handling.
TryExceptCompareNegativeOne() or
TryExceptCompareZero() or
TryExceptCompareOne() or
// The next three cases handle generation of branching for __except handling.
TryExceptCompareNegativeOneBranch() or
TryExceptCompareZeroBranch() or
TryExceptCompareOneBranch()
class InstructionTag extends TInstructionTag {
final string toString() { result = "Tag" }
@@ -224,4 +236,22 @@ string getInstructionTagId(TInstructionTag tag) {
tag = ThisLoadTag() and result = "ThisLoad"
or
tag = StructuredBindingAccessTag() and result = "StructuredBindingAccess"
or
tag = TryExceptCompareNegativeOne() and result = "TryExceptCompareNegativeOne"
or
tag = TryExceptCompareZero() and result = "TryExceptCompareZero"
or
tag = TryExceptCompareOne() and result = "TryExceptCompareOne"
or
tag = TryExceptGenerateNegativeOne() and result = "TryExceptGenerateNegativeOne"
or
tag = TryExceptGenerateZero() and result = "TryExceptGenerateNegativeOne"
or
tag = TryExceptGenerateOne() and result = "TryExceptGenerateOne"
or
tag = TryExceptCompareNegativeOneBranch() and result = "TryExceptCompareNegativeOneBranch"
or
tag = TryExceptCompareZeroBranch() and result = "TryExceptCompareZeroBranch"
or
tag = TryExceptCompareOneBranch() and result = "TryExceptCompareOneBranch"
}

1
cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedElement.qll
View File

@@ -675,6 +675,7 @@ newtype TTranslatedElement =
} or
// A statement
TTranslatedStmt(Stmt stmt) { translateStmt(stmt) } or
TTranslatedMicrosoftTryExceptHandler(MicrosoftTryExceptStmt stmt) or
// A function
TTranslatedFunction(Function func) { translateFunction(func) } or
// A constructor init list

284
cpp/ql/lib/semmle/code/cpp/ir/implementation/raw/internal/TranslatedStmt.qll
View File

@@ -13,6 +13,222 @@ private import TranslatedInitialization
TranslatedStmt getTranslatedStmt(Stmt stmt) { result.getAst() = stmt }
TranslatedMicrosoftTryExceptHandler getTranslatedMicrosoftTryExceptHandler(
MicrosoftTryExceptStmt tryExcept
) {
result.getAst() = tryExcept.getExcept()
}
class TranslatedMicrosoftTryExceptHandler extends TranslatedElement,
TTranslatedMicrosoftTryExceptHandler {
MicrosoftTryExceptStmt tryExcept;
TranslatedMicrosoftTryExceptHandler() { this = TTranslatedMicrosoftTryExceptHandler(tryExcept) }
final override string toString() { result = tryExcept.toString() }
final override Locatable getAst() { result = tryExcept.getExcept() }
override Instruction getFirstInstruction() { result = this.getChild(0).getFirstInstruction() }
override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
// t1 = -1
tag = TryExceptGenerateNegativeOne() and
opcode instanceof Opcode::Constant and
resultType = getIntType()
or
// t2 = cmp t1, condition
tag = TryExceptCompareNegativeOne() and
opcode instanceof Opcode::CompareEQ and
resultType = getBoolType()
or
// if t2 goto ... else goto ...
tag = TryExceptCompareNegativeOneBranch() and
opcode instanceof Opcode::ConditionalBranch and
resultType = getVoidType()
or
// t1 = 0
tag = TryExceptGenerateZero() and
opcode instanceof Opcode::Constant and
resultType = getIntType()
or
// t2 = cmp t1, condition
tag = TryExceptCompareZero() and
opcode instanceof Opcode::CompareEQ and
resultType = getBoolType()
or
// if t2 goto ... else goto ...
tag = TryExceptCompareZeroBranch() and
opcode instanceof Opcode::ConditionalBranch and
resultType = getVoidType()
or
// t1 = 1
tag = TryExceptGenerateOne() and
opcode instanceof Opcode::Constant and
resultType = getIntType()
or
// t2 = cmp t1, condition
tag = TryExceptCompareOne() and
opcode instanceof Opcode::CompareEQ and
resultType = getBoolType()
or
// if t2 goto ... else goto ...
tag = TryExceptCompareOneBranch() and
opcode instanceof Opcode::ConditionalBranch and
resultType = getVoidType()
or
// unwind stack
tag = UnwindTag() and
opcode instanceof Opcode::Unwind and
resultType = getVoidType()
}
final override Instruction getInstructionRegisterOperand(InstructionTag tag, OperandTag operandTag) {
tag = TryExceptCompareNegativeOne() and
(
operandTag instanceof LeftOperandTag and
result = this.getTranslatedCondition().getResult()
or
operandTag instanceof RightOperandTag and
result = this.getInstruction(TryExceptGenerateNegativeOne())
)
or
tag = TryExceptCompareNegativeOneBranch() and
operandTag instanceof ConditionOperandTag and
result = this.getInstruction(TryExceptCompareNegativeOne())
or
tag = TryExceptCompareZero() and
(
operandTag instanceof LeftOperandTag and
result = this.getTranslatedCondition().getResult()
or
operandTag instanceof RightOperandTag and
result = this.getInstruction(TryExceptGenerateZero())
)
or
tag = TryExceptCompareZeroBranch() and
operandTag instanceof ConditionOperandTag and
result = this.getInstruction(TryExceptCompareZero())
or
tag = TryExceptCompareOne() and
(
operandTag instanceof LeftOperandTag and
result = this.getTranslatedCondition().getResult()
or
operandTag instanceof RightOperandTag and
result = this.getInstruction(TryExceptGenerateOne())
)
or
tag = TryExceptCompareOneBranch() and
operandTag instanceof ConditionOperandTag and
result = this.getInstruction(TryExceptCompareOne())
}
override string getInstructionConstantValue(InstructionTag tag) {
tag = TryExceptGenerateNegativeOne() and
result = "-1"
or
tag = TryExceptGenerateZero() and
result = "0"
or
tag = TryExceptGenerateOne() and
result = "1"
}
override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) {
// Generate -1 -> Compare condition
tag = TryExceptGenerateNegativeOne() and
kind instanceof GotoEdge and
result = this.getInstruction(TryExceptCompareNegativeOne())
or
// Compare condition -> Branch
tag = TryExceptCompareNegativeOne() and
kind instanceof GotoEdge and
result = this.getInstruction(TryExceptCompareNegativeOneBranch())
or
// Branch -> Unwind or Generate 0
tag = TryExceptCompareNegativeOneBranch() and
(
kind instanceof TrueEdge and
// TODO: This is not really correct. The semantics of `EXCEPTION_CONTINUE_EXECUTION` is that
// we should continue execution at the point where the exception occurred. But we don't have
// any instruction to model this behavior.
result = this.getInstruction(UnwindTag())
or
kind instanceof FalseEdge and
result = this.getInstruction(TryExceptGenerateZero())
)
or
// Generate 0 -> Compare condition
tag = TryExceptGenerateZero() and
kind instanceof GotoEdge and
result = this.getInstruction(TryExceptCompareZero())
or
// Compare condition -> Branch
tag = TryExceptCompareZero() and
kind instanceof GotoEdge and
result = this.getInstruction(TryExceptCompareZeroBranch())
or
// Branch -> Unwind or Generate 1
tag = TryExceptCompareZeroBranch() and
(
kind instanceof TrueEdge and
result = this.getInstruction(UnwindTag())
or
kind instanceof FalseEdge and
result = this.getInstruction(TryExceptGenerateOne())
)
or
// Generate 1 -> Compare condition
tag = TryExceptGenerateOne() and
kind instanceof GotoEdge and
result = this.getInstruction(TryExceptCompareOne())
or
// Compare condition -> Branch
tag = TryExceptCompareOne() and
kind instanceof GotoEdge and
result = this.getInstruction(TryExceptCompareOneBranch())
or
// Branch -> Handler (the condition value is always 0, -1 or 1, and we've checked for 0 or -1 already.)
tag = TryExceptCompareOneBranch() and
(
kind instanceof TrueEdge and
result = this.getTranslatedHandler().getFirstInstruction()
)
or
// Unwind -> Parent
tag = UnwindTag() and
kind instanceof GotoEdge and
result = this.getParent().getChildSuccessor(this)
}
override Instruction getChildSuccessor(TranslatedElement child) {
child = this.getTranslatedCondition() and
result = this.getInstruction(TryExceptGenerateNegativeOne())
or
child = this.getTranslatedHandler() and
result = this.getParent().getChildSuccessor(this)
}
private TranslatedExpr getTranslatedCondition() {
result = getTranslatedExpr(tryExcept.getCondition())
}
private TranslatedStmt getTranslatedHandler() {
result = getTranslatedStmt(tryExcept.getExcept())
}
override TranslatedElement getChild(int id) {
id = 0 and
result = this.getTranslatedCondition()
or
id = 1 and
result = this.getTranslatedHandler()
}
final override Function getFunction() { result = tryExcept.getEnclosingFunction() }
}
abstract class TranslatedStmt extends TranslatedElement, TTranslatedStmt {
Stmt stmt;
@@ -249,15 +465,57 @@ class TranslatedUnreachableReturnStmt extends TranslatedReturnStmt {
}
/**
* The IR translation of a C++ `try` statement.
* A C/C++ `try` statement, or a `__try __except` or `__try __finally` statement.
*/
private class TryOrMicrosoftTryStmt extends Stmt {
TryOrMicrosoftTryStmt() {
this instanceof TryStmt or
this instanceof MicrosoftTryStmt
}
/** Gets the number of `catch block`s of this statement. */
int getNumberOfCatchClauses() {
result = this.(TryStmt).getNumberOfCatchClauses()
or
this instanceof MicrosoftTryExceptStmt and
result = 1
or
this instanceof MicrosoftTryFinallyStmt and
result = 0
}
/** Gets the `body` statement of this statement. */
Stmt getStmt() {
result = this.(TryStmt).getStmt()
or
result = this.(MicrosoftTryStmt).getStmt()
}
/** Gets the `i`th translated handler of this statement. */
TranslatedElement getTranslatedHandler(int index) {
result = getTranslatedStmt(this.(TryStmt).getChild(index + 1))
or
index = 0 and
result = getTranslatedMicrosoftTryExceptHandler(this)
}
/** Gets the `finally` statement (usually a BlockStmt), if any. */
Stmt getFinally() { result = this.(MicrosoftTryFinallyStmt).getFinally() }
}
/**
* The IR translation of a C++ `try` (or a `__try __except` or `__try __finally`) statement.
*/
class TranslatedTryStmt extends TranslatedStmt {
override TryStmt stmt;
override TryOrMicrosoftTryStmt stmt;
override TranslatedElement getChild(int id) {
id = 0 and result = getBody()
or
result = getHandler(id - 1)
or
id = stmt.getNumberOfCatchClauses() + 1 and
result = this.getFinally()
}
override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
@@ -269,8 +527,20 @@ class TranslatedTryStmt extends TranslatedStmt {
override Instruction getFirstInstruction() { result = getBody().getFirstInstruction() }
override Instruction getChildSuccessor(TranslatedElement child) {
// All children go to the successor of the `try`.
child = getAChild() and result = getParent().getChildSuccessor(this)
// All non-finally children go to the successor of the `try` if
// there is no finally block, but if there is a finally block
// then we go to that one.
child = [this.getBody(), this.getHandler(_)] and
(
not exists(this.getFinally()) and
result = this.getParent().getChildSuccessor(this)
or
result = this.getFinally().getFirstInstruction()
)
or
// And after the finally block we go to the successor of the `try`.
child = this.getFinally() and
result = this.getParent().getChildSuccessor(this)
}
final Instruction getNextHandler(TranslatedHandler handler) {
@@ -290,9 +560,9 @@ class TranslatedTryStmt extends TranslatedStmt {
result = getHandler(0).getFirstInstruction()
}
private TranslatedHandler getHandler(int index) {
result = getTranslatedStmt(stmt.getChild(index + 1))
}
private TranslatedElement getHandler(int index) { result = stmt.getTranslatedHandler(index) }
private TranslatedStmt getFinally() { result = getTranslatedStmt(stmt.getFinally()) }
private TranslatedStmt getBody() { result = getTranslatedStmt(stmt.getStmt()) }
}

2
cpp/ql/lib/semmle/code/cpp/security/FlowSources.qll
View File

@@ -92,7 +92,7 @@ private class ArgvSource extends LocalFlowSource {
exists(Function main, Parameter argv |
main.hasGlobalName("main") and
main.getParameter(1) = argv and
this.asExpr() = argv.getAnAccess()
this.asParameter() = argv
)
}

91
cpp/ql/src/AlertSuppression.ql
View File

@@ -5,78 +5,37 @@
* @id cpp/alert-suppression
*/
import cpp
private import codeql.util.suppression.AlertSuppression as AS
private import semmle.code.cpp.Element
/**
* An alert suppression comment.
*/
class SuppressionComment extends Comment {
string annotation;
string text;
class AstNode extends Locatable {
predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
}
SuppressionComment() {
(
this instanceof CppStyleComment and
// strip the beginning slashes
text = this.getContents().suffix(2)
or
this instanceof CStyleComment and
// strip both the beginning /* and the end */ the comment
exists(string text0 |
text0 = this.getContents().suffix(2) and
text = text0.prefix(text0.length() - 2)
) and
// The /* */ comment must be a single-line comment
not text.matches("%\n%")
class SingleLineComment extends Comment, AstNode {
private string text;
SingleLineComment() {
this instanceof CppStyleComment and
// strip the beginning slashes
text = this.getContents().suffix(2)
or
this instanceof CStyleComment and
// strip both the beginning /* and the end */ the comment
exists(string text0 |
text0 = this.getContents().suffix(2) and
text = text0.prefix(text0.length() - 2)
) and
(
// match `lgtm[...]` anywhere in the comment
annotation = text.regexpFind("(?i)\\blgtm\\s*\\[[^\\]]*\\]", _, _)
or
// match `lgtm` at the start of the comment and after semicolon
annotation = text.regexpFind("(?i)(?<=^|;)\\s*lgtm(?!\\B|\\s*\\[)", _, _).trim()
)
// The /* */ comment must be a single-line comment
not text.matches("%\n%")
}
/** Gets the text in this comment, excluding the leading //. */
string getText() { result = text }
/** Gets the suppression annotation in this comment. */
string getAnnotation() { result = annotation }
/**
* Holds if this comment applies to the range from column `startcolumn` of line `startline`
* to column `endcolumn` of line `endline` in file `filepath`.
*/
predicate covers(string filepath, int startline, int startcolumn, int endline, int endcolumn) {
this.getLocation().hasLocationInfo(filepath, startline, _, endline, endcolumn) and
startcolumn = 1
}
/** Gets the scope of this suppression. */
SuppressionScope getScope() { result = this }
}
/**
* The scope of an alert suppression comment.
*/
class SuppressionScope extends ElementBase instanceof SuppressionComment {
/**
* Holds if this element is at the specified location.
* The location spans column `startcolumn` of line `startline` to
* column `endcolumn` of line `endline` in file `filepath`.
* For more information, see
* [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
*/
predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
super.covers(filepath, startline, startcolumn, endline, endcolumn)
}
}
from SuppressionComment c
select c, // suppression comment
c.getText(), // text of suppression comment (excluding delimiters)
c.getAnnotation(), // text of suppression annotation
c.getScope() // scope of suppression
import AS::Make<AstNode, SingleLineComment>

4
cpp/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 0.4.6
No user-facing changes.
## 0.4.5
No user-facing changes.

2
cpp/ql/src/Security/CWE/CWE-022/TaintedPath.ql
View File

@@ -91,8 +91,6 @@ class TaintedPathConfiguration extends TaintTracking::Configuration {
)
}
override predicate isSanitizerIn(DataFlow::Node node) { this.isSource(node) }
override predicate isSanitizer(DataFlow::Node node) {
node.asExpr().(Call).getTarget().getUnspecifiedType() instanceof ArithmeticType
or

4
cpp/ql/src/change-notes/2022-12-19-alert-suppressions.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* The `AlertSuppression.ql` query has been updated to support the new `// codeql[query-id]` supression comments. These comments can be used to suppress an alert and must be placed on a blank line before the alert. In addition the legacy `// lgtm` and `// lgtm[query-id]` comments can now also be place on the line before an alert.

3
cpp/ql/src/change-notes/released/0.4.6.md Normal file
View File

@@ -0,0 +1,3 @@
## 0.4.6
No user-facing changes.

2
cpp/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.4.5
lastReleaseVersion: 0.4.6

3
cpp/ql/src/qlpack.yml
View File

@@ -1,11 +1,12 @@
name: codeql/cpp-queries
version: 0.4.6-dev
version: 0.5.0-dev
groups:
- cpp
- queries
dependencies:
codeql/cpp-all: ${workspace}
codeql/suite-helpers: ${workspace}
codeql/util: ${workspace}
suites: codeql-suites
extractor: cpp
defaultSuiteFile: codeql-suites/cpp-code-scanning.qls

10
cpp/ql/test/experimental/query-tests/Security/CWE/CWE-078/WordexpTainted.expected
View File

@@ -1,11 +1,11 @@
edges
| test.cpp:23:20:23:23 | argv | test.cpp:29:13:29:20 | (const char *)... |
| test.cpp:23:20:23:23 | argv | test.cpp:29:13:29:20 | filePath |
| test.cpp:22:27:22:30 | argv | test.cpp:29:13:29:20 | (const char *)... |
| test.cpp:22:27:22:30 | argv | test.cpp:29:13:29:20 | filePath |
nodes
| test.cpp:23:20:23:23 | argv | semmle.label | argv |
| test.cpp:22:27:22:30 | argv | semmle.label | argv |
| test.cpp:29:13:29:20 | (const char *)... | semmle.label | (const char *)... |
| test.cpp:29:13:29:20 | filePath | semmle.label | filePath |
subpaths
#select
| test.cpp:29:13:29:20 | (const char *)... | test.cpp:23:20:23:23 | argv | test.cpp:29:13:29:20 | (const char *)... | Using user-supplied data in a `wordexp` command, without disabling command substitution, can make code vulnerable to command injection. |
| test.cpp:29:13:29:20 | filePath | test.cpp:23:20:23:23 | argv | test.cpp:29:13:29:20 | filePath | Using user-supplied data in a `wordexp` command, without disabling command substitution, can make code vulnerable to command injection. |
| test.cpp:29:13:29:20 | (const char *)... | test.cpp:22:27:22:30 | argv | test.cpp:29:13:29:20 | (const char *)... | Using user-supplied data in a `wordexp` command, without disabling command substitution, can make code vulnerable to command injection. |
| test.cpp:29:13:29:20 | filePath | test.cpp:22:27:22:30 | argv | test.cpp:29:13:29:20 | filePath | Using user-supplied data in a `wordexp` command, without disabling command substitution, can make code vulnerable to command injection. |

3
cpp/ql/test/library-tests/floats/float128/errors.expected
View File

@@ -1,4 +1,3 @@
| file://:0:0:0:0 | There was an error during this compilation |
| float128.cpp:1:39:1:39 | 128-bit floating-point types are not supported in this configuration |
| float128.cpp:2:30:2:30 | an attribute specifies a mode incompatible with '<error-type>' |
| float128.cpp:2:41:2:41 | invalid combination of type specifiers |
| float128.cpp:2:30:2:30 | 128-bit floating-point types are not supported in this configuration |

1
cpp/ql/test/library-tests/floats/float128/usertypes.expected
View File

@@ -1,4 +1,5 @@
| float128.cpp:1:50:1:60 | _Complex128 | file://:0:0:0:0 | <error-type> |
| float128.cpp:2:41:2:49 | _Float128 | file://:0:0:0:0 | <error-type> |
| float128.cpp:13:29:13:54 | __is_floating_point_helper<T> | float128.cpp:10:8:10:17 | false_type |
| float128.cpp:14:19:14:51 | __is_floating_point_helper<float> | float128.cpp:11:8:11:16 | true_type |
| float128.cpp:15:19:15:52 | __is_floating_point_helper<double> | float128.cpp:11:8:11:16 | true_type |

345
cpp/ql/test/library-tests/ir/ir/PrintAST.expected
View File

@@ -14822,3 +14822,348 @@ struct_init.cpp:
# 41| Type = [PointerType] Info *
# 41| ValueCategory = prvalue
# 42| getStmt(2): [ReturnStmt] return ...
try_except.c:
# 3| [TopLevelFunction] void ProbeFunction()
# 3| <params>:
# 4| [TopLevelFunction] void sink()
# 4| <params>:
# 6| [TopLevelFunction] void f()
# 6| <params>:
# 6| getEntryPoint(): [BlockStmt] { ... }
# 7| getStmt(0): [DeclStmt] declaration
# 7| getDeclarationEntry(0): [VariableDeclarationEntry] definition of x
# 7| Type = [IntType] int
# 7| getDeclarationEntry(1): [VariableDeclarationEntry] definition of y
# 7| Type = [IntType] int
# 7| getVariable().getInitializer(): [Initializer] initializer for y
# 7| getExpr(): [Literal] 0
# 7| Type = [IntType] int
# 7| Value = [Literal] 0
# 7| ValueCategory = prvalue
# 8| getStmt(1): [MicrosoftTryExceptStmt] __try { ... } __except( ... ) { ... }
# 8| getStmt(): [BlockStmt] { ... }
# 9| getStmt(0): [ExprStmt] ExprStmt
# 9| getExpr(): [FunctionCall] call to ProbeFunction
# 9| Type = [VoidType] void
# 9| ValueCategory = prvalue
# 9| getArgument(0): [Literal] 0
# 9| Type = [IntType] int
# 9| Value = [Literal] 0
# 9| ValueCategory = prvalue
# 10| getStmt(1): [ExprStmt] ExprStmt
# 10| getExpr(): [AssignExpr] ... = ...
# 10| Type = [IntType] int
# 10| ValueCategory = prvalue
# 10| getLValue(): [VariableAccess] x
# 10| Type = [IntType] int
# 10| ValueCategory = lvalue
# 10| getRValue(): [VariableAccess] y
# 10| Type = [IntType] int
# 10| ValueCategory = prvalue(load)
# 11| getStmt(2): [ExprStmt] ExprStmt
# 11| getExpr(): [FunctionCall] call to ProbeFunction
# 11| Type = [VoidType] void
# 11| ValueCategory = prvalue
# 11| getArgument(0): [Literal] 0
# 11| Type = [IntType] int
# 11| Value = [Literal] 0
# 11| ValueCategory = prvalue
# 13| getCondition(): [Literal] 0
# 13| Type = [IntType] int
# 13| Value = [Literal] 0
# 13| ValueCategory = prvalue
# 13| getExcept(): [BlockStmt] { ... }
# 14| getStmt(0): [ExprStmt] ExprStmt
# 14| getExpr(): [FunctionCall] call to sink
# 14| Type = [VoidType] void
# 14| ValueCategory = prvalue
# 14| getArgument(0): [VariableAccess] x
# 14| Type = [IntType] int
# 14| ValueCategory = prvalue(load)
# 16| getStmt(2): [ReturnStmt] return ...
# 18| [TopLevelFunction] void g()
# 18| <params>:
# 18| getEntryPoint(): [BlockStmt] { ... }
# 19| getStmt(0): [DeclStmt] declaration
# 19| getDeclarationEntry(0): [VariableDeclarationEntry] definition of x
# 19| Type = [IntType] int
# 19| getDeclarationEntry(1): [VariableDeclarationEntry] definition of y
# 19| Type = [IntType] int
# 19| getVariable().getInitializer(): [Initializer] initializer for y
# 19| getExpr(): [Literal] 0
# 19| Type = [IntType] int
# 19| Value = [Literal] 0
# 19| ValueCategory = prvalue
# 20| getStmt(1): [MicrosoftTryFinallyStmt] __try { ... } __finally { ... }
# 20| getStmt(): [BlockStmt] { ... }
# 21| getStmt(0): [ExprStmt] ExprStmt
# 21| getExpr(): [FunctionCall] call to ProbeFunction
# 21| Type = [VoidType] void
# 21| ValueCategory = prvalue
# 21| getArgument(0): [Literal] 0
# 21| Type = [IntType] int
# 21| Value = [Literal] 0
# 21| ValueCategory = prvalue
# 22| getStmt(1): [ExprStmt] ExprStmt
# 22| getExpr(): [AssignExpr] ... = ...
# 22| Type = [IntType] int
# 22| ValueCategory = prvalue
# 22| getLValue(): [VariableAccess] x
# 22| Type = [IntType] int
# 22| ValueCategory = lvalue
# 22| getRValue(): [VariableAccess] y
# 22| Type = [IntType] int
# 22| ValueCategory = prvalue(load)
# 23| getStmt(2): [ExprStmt] ExprStmt
# 23| getExpr(): [FunctionCall] call to ProbeFunction
# 23| Type = [VoidType] void
# 23| ValueCategory = prvalue
# 23| getArgument(0): [Literal] 0
# 23| Type = [IntType] int
# 23| Value = [Literal] 0
# 23| ValueCategory = prvalue
# 25| getFinally(): [BlockStmt] { ... }
# 26| getStmt(0): [ExprStmt] ExprStmt
# 26| getExpr(): [FunctionCall] call to sink
# 26| Type = [VoidType] void
# 26| ValueCategory = prvalue
# 26| getArgument(0): [VariableAccess] x
# 26| Type = [IntType] int
# 26| ValueCategory = prvalue(load)
# 28| getStmt(2): [ReturnStmt] return ...
# 30| [TopLevelFunction] void AfxThrowMemoryException()
# 30| <params>:
# 32| [TopLevelFunction] void h(int)
# 32| <params>:
# 32| getParameter(0): [Parameter] b
# 32| Type = [IntType] int
# 32| getEntryPoint(): [BlockStmt] { ... }
# 33| getStmt(0): [DeclStmt] declaration
# 33| getDeclarationEntry(0): [VariableDeclarationEntry] definition of x
# 33| Type = [IntType] int
# 33| getVariable().getInitializer(): [Initializer] initializer for x
# 33| getExpr(): [Literal] 0
# 33| Type = [IntType] int
# 33| Value = [Literal] 0
# 33| ValueCategory = prvalue
# 34| getStmt(1): [MicrosoftTryExceptStmt] __try { ... } __except( ... ) { ... }
# 34| getStmt(): [BlockStmt] { ... }
# 35| getStmt(0): [IfStmt] if (...) ...
# 35| getCondition(): [VariableAccess] b
# 35| Type = [IntType] int
# 35| ValueCategory = prvalue(load)
# 35| getThen(): [BlockStmt] { ... }
# 36| getStmt(0): [ExprStmt] ExprStmt
# 36| getExpr(): [FunctionCall] call to AfxThrowMemoryException
# 36| Type = [VoidType] void
# 36| ValueCategory = prvalue
# 39| getCondition(): [Literal] 1
# 39| Type = [IntType] int
# 39| Value = [Literal] 1
# 39| ValueCategory = prvalue
# 39| getExcept(): [BlockStmt] { ... }
# 40| getStmt(0): [ExprStmt] ExprStmt
# 40| getExpr(): [FunctionCall] call to sink
# 40| Type = [VoidType] void
# 40| ValueCategory = prvalue
# 40| getArgument(0): [VariableAccess] x
# 40| Type = [IntType] int
# 40| ValueCategory = prvalue(load)
# 42| getStmt(2): [ReturnStmt] return ...
try_except.cpp:
# 3| [TopLevelFunction] void ProbeFunction()
# 3| <params>:
# 4| [TopLevelFunction] void sink()
# 4| <params>:
# 6| [TopLevelFunction] void f_cpp()
# 6| <params>:
# 6| getEntryPoint(): [BlockStmt] { ... }
# 7| getStmt(0): [DeclStmt] declaration
# 7| getDeclarationEntry(0): [VariableDeclarationEntry] definition of x
# 7| Type = [IntType] int
# 7| getDeclarationEntry(1): [VariableDeclarationEntry] definition of y
# 7| Type = [IntType] int
# 7| getVariable().getInitializer(): [Initializer] initializer for y
# 7| getExpr(): [Literal] 0
# 7| Type = [IntType] int
# 7| Value = [Literal] 0
# 7| ValueCategory = prvalue
# 8| getStmt(1): [MicrosoftTryExceptStmt] __try { ... } __except( ... ) { ... }
# 8| getStmt(): [BlockStmt] { ... }
# 9| getStmt(0): [ExprStmt] ExprStmt
# 9| getExpr(): [FunctionCall] call to ProbeFunction
# 9| Type = [VoidType] void
# 9| ValueCategory = prvalue
# 9| getArgument(0): [Literal] 0
# 9| Type = [IntType] int
# 9| Value = [Literal] 0
# 9| ValueCategory = prvalue
# 10| getStmt(1): [ExprStmt] ExprStmt
# 10| getExpr(): [AssignExpr] ... = ...
# 10| Type = [IntType] int
# 10| ValueCategory = lvalue
# 10| getLValue(): [VariableAccess] x
# 10| Type = [IntType] int
# 10| ValueCategory = lvalue
# 10| getRValue(): [VariableAccess] y
# 10| Type = [IntType] int
# 10| ValueCategory = prvalue(load)
# 11| getStmt(2): [ExprStmt] ExprStmt
# 11| getExpr(): [FunctionCall] call to ProbeFunction
# 11| Type = [VoidType] void
# 11| ValueCategory = prvalue
# 11| getArgument(0): [Literal] 0
# 11| Type = [IntType] int
# 11| Value = [Literal] 0
# 11| ValueCategory = prvalue
# 13| getCondition(): [Literal] 0
# 13| Type = [IntType] int
# 13| Value = [Literal] 0
# 13| ValueCategory = prvalue
# 13| getExcept(): [BlockStmt] { ... }
# 14| getStmt(0): [ExprStmt] ExprStmt
# 14| getExpr(): [FunctionCall] call to sink
# 14| Type = [VoidType] void
# 14| ValueCategory = prvalue
# 14| getArgument(0): [VariableAccess] x
# 14| Type = [IntType] int
# 14| ValueCategory = prvalue(load)
# 16| getStmt(2): [ReturnStmt] return ...
# 18| [TopLevelFunction] void g_cpp()
# 18| <params>:
# 18| getEntryPoint(): [BlockStmt] { ... }
# 19| getStmt(0): [DeclStmt] declaration
# 19| getDeclarationEntry(0): [VariableDeclarationEntry] definition of x
# 19| Type = [IntType] int
# 19| getDeclarationEntry(1): [VariableDeclarationEntry] definition of y
# 19| Type = [IntType] int
# 19| getVariable().getInitializer(): [Initializer] initializer for y
# 19| getExpr(): [Literal] 0
# 19| Type = [IntType] int
# 19| Value = [Literal] 0
# 19| ValueCategory = prvalue
# 20| getStmt(1): [MicrosoftTryFinallyStmt] __try { ... } __finally { ... }
# 20| getStmt(): [BlockStmt] { ... }
# 21| getStmt(0): [ExprStmt] ExprStmt
# 21| getExpr(): [FunctionCall] call to ProbeFunction
# 21| Type = [VoidType] void
# 21| ValueCategory = prvalue
# 21| getArgument(0): [Literal] 0
# 21| Type = [IntType] int
# 21| Value = [Literal] 0
# 21| ValueCategory = prvalue
# 22| getStmt(1): [ExprStmt] ExprStmt
# 22| getExpr(): [AssignExpr] ... = ...
# 22| Type = [IntType] int
# 22| ValueCategory = lvalue
# 22| getLValue(): [VariableAccess] x
# 22| Type = [IntType] int
# 22| ValueCategory = lvalue
# 22| getRValue(): [VariableAccess] y
# 22| Type = [IntType] int
# 22| ValueCategory = prvalue(load)
# 23| getStmt(2): [ExprStmt] ExprStmt
# 23| getExpr(): [FunctionCall] call to ProbeFunction
# 23| Type = [VoidType] void
# 23| ValueCategory = prvalue
# 23| getArgument(0): [Literal] 0
# 23| Type = [IntType] int
# 23| Value = [Literal] 0
# 23| ValueCategory = prvalue
# 25| getFinally(): [BlockStmt] { ... }
# 26| getStmt(0): [ExprStmt] ExprStmt
# 26| getExpr(): [FunctionCall] call to sink
# 26| Type = [VoidType] void
# 26| ValueCategory = prvalue
# 26| getArgument(0): [VariableAccess] x
# 26| Type = [IntType] int
# 26| ValueCategory = prvalue(load)
# 28| getStmt(2): [ReturnStmt] return ...
# 30| [TopLevelFunction] void AfxThrowMemoryException()
# 30| <params>:
# 32| [TopLevelFunction] void h_cpp(int)
# 32| <params>:
# 32| getParameter(0): [Parameter] b
# 32| Type = [IntType] int
# 32| getEntryPoint(): [BlockStmt] { ... }
# 33| getStmt(0): [DeclStmt] declaration
# 33| getDeclarationEntry(0): [VariableDeclarationEntry] definition of x
# 33| Type = [IntType] int
# 33| getVariable().getInitializer(): [Initializer] initializer for x
# 33| getExpr(): [Literal] 0
# 33| Type = [IntType] int
# 33| Value = [Literal] 0
# 33| ValueCategory = prvalue
# 34| getStmt(1): [MicrosoftTryExceptStmt] __try { ... } __except( ... ) { ... }
# 34| getStmt(): [BlockStmt] { ... }
# 35| getStmt(0): [IfStmt] if (...) ...
# 35| getCondition(): [VariableAccess] b
# 35| Type = [IntType] int
# 35| ValueCategory = prvalue(load)
# 35| getThen(): [BlockStmt] { ... }
# 36| getStmt(0): [ExprStmt] ExprStmt
# 36| getExpr(): [FunctionCall] call to AfxThrowMemoryException
# 36| Type = [VoidType] void
# 36| ValueCategory = prvalue
# 35| getCondition().getFullyConverted(): [CStyleCast] (bool)...
# 35| Conversion = [BoolConversion] conversion to bool
# 35| Type = [BoolType] bool
# 35| ValueCategory = prvalue
# 39| getCondition(): [Literal] 1
# 39| Type = [IntType] int
# 39| Value = [Literal] 1
# 39| ValueCategory = prvalue
# 39| getExcept(): [BlockStmt] { ... }
# 40| getStmt(0): [ExprStmt] ExprStmt
# 40| getExpr(): [FunctionCall] call to sink
# 40| Type = [VoidType] void
# 40| ValueCategory = prvalue
# 40| getArgument(0): [VariableAccess] x
# 40| Type = [IntType] int
# 40| ValueCategory = prvalue(load)
# 42| getStmt(2): [ReturnStmt] return ...
# 44| [TopLevelFunction] void throw_cpp(int)
# 44| <params>:
# 44| getParameter(0): [Parameter] b
# 44| Type = [IntType] int
# 44| getEntryPoint(): [BlockStmt] { ... }
# 45| getStmt(0): [DeclStmt] declaration
# 45| getDeclarationEntry(0): [VariableDeclarationEntry] definition of x
# 45| Type = [IntType] int
# 45| getVariable().getInitializer(): [Initializer] initializer for x
# 45| getExpr(): [Literal] 0
# 45| Type = [IntType] int
# 45| Value = [Literal] 0
# 45| ValueCategory = prvalue
# 46| getStmt(1): [MicrosoftTryExceptStmt] __try { ... } __except( ... ) { ... }
# 46| getStmt(): [BlockStmt] { ... }
# 47| getStmt(0): [IfStmt] if (...) ...
# 47| getCondition(): [VariableAccess] b
# 47| Type = [IntType] int
# 47| ValueCategory = prvalue(load)
# 47| getThen(): [BlockStmt] { ... }
# 48| getStmt(0): [ExprStmt] ExprStmt
# 48| getExpr(): [ThrowExpr] throw ...
# 48| Type = [IntType] int
# 48| ValueCategory = prvalue
# 48| getExpr(): [Literal] 1
# 48| Type = [IntType] int
# 48| Value = [Literal] 1
# 48| ValueCategory = prvalue
# 47| getCondition().getFullyConverted(): [CStyleCast] (bool)...
# 47| Conversion = [BoolConversion] conversion to bool
# 47| Type = [BoolType] bool
# 47| ValueCategory = prvalue
# 51| getCondition(): [Literal] 1
# 51| Type = [IntType] int
# 51| Value = [Literal] 1
# 51| ValueCategory = prvalue
# 51| getExcept(): [BlockStmt] { ... }
# 52| getStmt(0): [ExprStmt] ExprStmt
# 52| getExpr(): [FunctionCall] call to sink
# 52| Type = [VoidType] void
# 52| ValueCategory = prvalue
# 52| getArgument(0): [VariableAccess] x
# 52| Type = [IntType] int
# 52| ValueCategory = prvalue(load)
# 54| getStmt(2): [ReturnStmt] return ...

159
cpp/ql/test/library-tests/ir/ir/operand_locations.expected
View File

@@ -9140,3 +9140,162 @@
| struct_init.cpp:41:21:41:32 | ChiTotal | total:m41_7 |
| struct_init.cpp:41:21:41:32 | SideEffect | ~m41_7 |
| struct_init.cpp:41:21:41:32 | Unary | r41_3 |
| try_except.c:6:6:6:6 | ChiPartial | partial:m6_3 |
| try_except.c:6:6:6:6 | ChiTotal | total:m6_2 |
| try_except.c:6:6:6:6 | SideEffect | ~m11_5 |
| try_except.c:7:7:7:7 | Address | &:r7_1 |
| try_except.c:7:10:7:10 | Address | &:r7_3 |
| try_except.c:7:13:7:14 | StoreValue | r7_4 |
| try_except.c:9:5:9:17 | CallTarget | func:r9_1 |
| try_except.c:9:5:9:17 | ChiPartial | partial:m9_4 |
| try_except.c:9:5:9:17 | ChiTotal | total:m6_4 |
| try_except.c:9:5:9:17 | SideEffect | ~m6_4 |
| try_except.c:9:19:9:19 | Arg(0) | 0:r9_2 |
| try_except.c:10:5:10:5 | Address | &:r10_3 |
| try_except.c:10:9:10:9 | Address | &:r10_1 |
| try_except.c:10:9:10:9 | Load | m7_5 |
| try_except.c:10:9:10:9 | StoreValue | r10_2 |
| try_except.c:11:5:11:17 | CallTarget | func:r11_1 |
| try_except.c:11:5:11:17 | ChiPartial | partial:m11_4 |
| try_except.c:11:5:11:17 | ChiTotal | total:m9_5 |
| try_except.c:11:5:11:17 | SideEffect | ~m9_5 |
| try_except.c:11:19:11:19 | Arg(0) | 0:r11_2 |
| try_except.c:18:6:18:6 | ChiPartial | partial:m18_3 |
| try_except.c:18:6:18:6 | ChiTotal | total:m18_2 |
| try_except.c:18:6:18:6 | SideEffect | ~m26_6 |
| try_except.c:19:7:19:7 | Address | &:r19_1 |
| try_except.c:19:10:19:10 | Address | &:r19_3 |
| try_except.c:19:13:19:14 | StoreValue | r19_4 |
| try_except.c:21:5:21:17 | CallTarget | func:r21_1 |
| try_except.c:21:5:21:17 | ChiPartial | partial:m21_4 |
| try_except.c:21:5:21:17 | ChiTotal | total:m18_4 |
| try_except.c:21:5:21:17 | SideEffect | ~m18_4 |
| try_except.c:21:19:21:19 | Arg(0) | 0:r21_2 |
| try_except.c:22:5:22:5 | Address | &:r22_3 |
| try_except.c:22:9:22:9 | Address | &:r22_1 |
| try_except.c:22:9:22:9 | Load | m19_5 |
| try_except.c:22:9:22:9 | StoreValue | r22_2 |
| try_except.c:23:5:23:17 | CallTarget | func:r23_1 |
| try_except.c:23:5:23:17 | ChiPartial | partial:m23_4 |
| try_except.c:23:5:23:17 | ChiTotal | total:m21_5 |
| try_except.c:23:5:23:17 | SideEffect | ~m21_5 |
| try_except.c:23:19:23:19 | Arg(0) | 0:r23_2 |
| try_except.c:26:5:26:8 | CallTarget | func:r26_1 |
| try_except.c:26:5:26:8 | ChiPartial | partial:m26_5 |
| try_except.c:26:5:26:8 | ChiTotal | total:m23_5 |
| try_except.c:26:5:26:8 | SideEffect | ~m23_5 |
| try_except.c:26:10:26:10 | Address | &:r26_2 |
| try_except.c:26:10:26:10 | Arg(0) | 0:r26_3 |
| try_except.c:26:10:26:10 | Load | m22_4 |
| try_except.c:32:6:32:6 | ChiPartial | partial:m32_3 |
| try_except.c:32:6:32:6 | ChiTotal | total:m32_2 |
| try_except.c:32:6:32:6 | SideEffect | ~m42_1 |
| try_except.c:32:12:32:12 | Address | &:r32_5 |
| try_except.c:33:7:33:7 | Address | &:r33_1 |
| try_except.c:33:10:33:11 | StoreValue | r33_2 |
| try_except.c:35:13:35:13 | Address | &:r35_1 |
| try_except.c:35:13:35:13 | Condition | r35_2 |
| try_except.c:35:13:35:13 | Load | m32_6 |
| try_except.c:36:13:36:35 | CallTarget | func:r36_1 |
| try_except.c:36:13:36:35 | ChiPartial | partial:m36_3 |
| try_except.c:36:13:36:35 | ChiTotal | total:m32_4 |
| try_except.c:36:13:36:35 | SideEffect | ~m32_4 |
| try_except.c:42:1:42:1 | Phi | from 0:~m32_4 |
| try_except.c:42:1:42:1 | Phi | from 1:~m36_4 |
| try_except.cpp:6:6:6:10 | ChiPartial | partial:m6_3 |
| try_except.cpp:6:6:6:10 | ChiTotal | total:m6_2 |
| try_except.cpp:6:6:6:10 | SideEffect | ~m11_5 |
| try_except.cpp:7:7:7:7 | Address | &:r7_1 |
| try_except.cpp:7:10:7:10 | Address | &:r7_3 |
| try_except.cpp:7:13:7:14 | StoreValue | r7_4 |
| try_except.cpp:9:5:9:17 | CallTarget | func:r9_1 |
| try_except.cpp:9:5:9:17 | ChiPartial | partial:m9_4 |
| try_except.cpp:9:5:9:17 | ChiTotal | total:m6_4 |
| try_except.cpp:9:5:9:17 | SideEffect | ~m6_4 |
| try_except.cpp:9:19:9:19 | Arg(0) | 0:r9_2 |
| try_except.cpp:10:5:10:5 | Address | &:r10_3 |
| try_except.cpp:10:9:10:9 | Address | &:r10_1 |
| try_except.cpp:10:9:10:9 | Load | m7_5 |
| try_except.cpp:10:9:10:9 | StoreValue | r10_2 |
| try_except.cpp:11:5:11:17 | CallTarget | func:r11_1 |
| try_except.cpp:11:5:11:17 | ChiPartial | partial:m11_4 |
| try_except.cpp:11:5:11:17 | ChiTotal | total:m9_5 |
| try_except.cpp:11:5:11:17 | SideEffect | ~m9_5 |
| try_except.cpp:11:19:11:19 | Arg(0) | 0:r11_2 |
| try_except.cpp:18:6:18:10 | ChiPartial | partial:m18_3 |
| try_except.cpp:18:6:18:10 | ChiTotal | total:m18_2 |
| try_except.cpp:18:6:18:10 | SideEffect | ~m26_6 |
| try_except.cpp:19:7:19:7 | Address | &:r19_1 |
| try_except.cpp:19:10:19:10 | Address | &:r19_3 |
| try_except.cpp:19:13:19:14 | StoreValue | r19_4 |
| try_except.cpp:21:5:21:17 | CallTarget | func:r21_1 |
| try_except.cpp:21:5:21:17 | ChiPartial | partial:m21_4 |
| try_except.cpp:21:5:21:17 | ChiTotal | total:m18_4 |
| try_except.cpp:21:5:21:17 | SideEffect | ~m18_4 |
| try_except.cpp:21:19:21:19 | Arg(0) | 0:r21_2 |
| try_except.cpp:22:5:22:5 | Address | &:r22_3 |
| try_except.cpp:22:9:22:9 | Address | &:r22_1 |
| try_except.cpp:22:9:22:9 | Load | m19_5 |
| try_except.cpp:22:9:22:9 | StoreValue | r22_2 |
| try_except.cpp:23:5:23:17 | CallTarget | func:r23_1 |
| try_except.cpp:23:5:23:17 | ChiPartial | partial:m23_4 |
| try_except.cpp:23:5:23:17 | ChiTotal | total:m21_5 |
| try_except.cpp:23:5:23:17 | SideEffect | ~m21_5 |
| try_except.cpp:23:19:23:19 | Arg(0) | 0:r23_2 |
| try_except.cpp:26:5:26:8 | CallTarget | func:r26_1 |
| try_except.cpp:26:5:26:8 | ChiPartial | partial:m26_5 |
| try_except.cpp:26:5:26:8 | ChiTotal | total:m23_5 |
| try_except.cpp:26:5:26:8 | SideEffect | ~m23_5 |
| try_except.cpp:26:10:26:10 | Address | &:r26_2 |
| try_except.cpp:26:10:26:10 | Arg(0) | 0:r26_3 |
| try_except.cpp:26:10:26:10 | Load | m22_4 |
| try_except.cpp:32:6:32:10 | ChiPartial | partial:m32_3 |
| try_except.cpp:32:6:32:10 | ChiTotal | total:m32_2 |
| try_except.cpp:32:6:32:10 | SideEffect | ~m42_1 |
| try_except.cpp:32:16:32:16 | Address | &:r32_5 |
| try_except.cpp:33:7:33:7 | Address | &:r33_1 |
| try_except.cpp:33:10:33:11 | StoreValue | r33_2 |
| try_except.cpp:35:13:35:13 | Address | &:r35_1 |
| try_except.cpp:35:13:35:13 | Condition | r35_4 |
| try_except.cpp:35:13:35:13 | Left | r35_2 |
| try_except.cpp:35:13:35:13 | Load | m32_6 |
| try_except.cpp:35:13:35:13 | Right | r35_3 |
| try_except.cpp:36:13:36:35 | CallTarget | func:r36_1 |
| try_except.cpp:36:13:36:35 | ChiPartial | partial:m36_3 |
| try_except.cpp:36:13:36:35 | ChiTotal | total:m32_4 |
| try_except.cpp:36:13:36:35 | SideEffect | ~m32_4 |
| try_except.cpp:42:1:42:1 | Phi | from 0:~m32_4 |
| try_except.cpp:42:1:42:1 | Phi | from 1:~m36_4 |
| try_except.cpp:44:6:44:14 | ChiPartial | partial:m44_3 |
| try_except.cpp:44:6:44:14 | ChiTotal | total:m44_2 |
| try_except.cpp:44:6:44:14 | SideEffect | ~m54_1 |
| try_except.cpp:44:20:44:20 | Address | &:r44_5 |
| try_except.cpp:45:7:45:7 | Address | &:r45_1 |
| try_except.cpp:45:10:45:11 | StoreValue | r45_2 |
| try_except.cpp:47:13:47:13 | Address | &:r47_1 |
| try_except.cpp:47:13:47:13 | Condition | r47_4 |
| try_except.cpp:47:13:47:13 | Left | r47_2 |
| try_except.cpp:47:13:47:13 | Load | m44_6 |
| try_except.cpp:47:13:47:13 | Right | r47_3 |
| try_except.cpp:48:13:48:19 | Address | &:r48_1 |
| try_except.cpp:48:13:48:19 | Address | &:r48_1 |
| try_except.cpp:48:13:48:19 | Load | m48_3 |
| try_except.cpp:48:19:48:19 | StoreValue | r48_2 |
| try_except.cpp:51:15:51:15 | Left | r51_7 |
| try_except.cpp:51:15:51:15 | Left | r51_7 |
| try_except.cpp:51:15:51:15 | Left | r51_7 |
| try_except.cpp:51:18:53:5 | Condition | r51_2 |
| try_except.cpp:51:18:53:5 | Condition | r51_5 |
| try_except.cpp:51:18:53:5 | Condition | r51_9 |
| try_except.cpp:51:18:53:5 | Right | r51_1 |
| try_except.cpp:51:18:53:5 | Right | r51_4 |
| try_except.cpp:51:18:53:5 | Right | r51_8 |
| try_except.cpp:52:9:52:12 | CallTarget | func:r52_1 |
| try_except.cpp:52:9:52:12 | ChiPartial | partial:m52_5 |
| try_except.cpp:52:9:52:12 | ChiTotal | total:m44_4 |
| try_except.cpp:52:9:52:12 | SideEffect | ~m44_4 |
| try_except.cpp:52:14:52:14 | Address | &:r52_2 |
| try_except.cpp:52:14:52:14 | Arg(0) | 0:r52_3 |
| try_except.cpp:52:14:52:14 | Load | m45_3 |
| try_except.cpp:54:1:54:1 | Phi | from 0:~m44_4 |
| try_except.cpp:54:1:54:1 | Phi | from 5:~m52_6 |

8
cpp/ql/test/library-tests/ir/ir/raw_consistency.expected
View File

@@ -19,6 +19,14 @@ useNotDominatedByDefinition
| ir.cpp:1486:8:1486:8 | Unary | Operand 'Unary' is not dominated by its definition in function '$@'. | ir.cpp:1486:8:1486:8 | void StructuredBindingDataMemberStruct::StructuredBindingDataMemberStruct() | void StructuredBindingDataMemberStruct::StructuredBindingDataMemberStruct() |
| ir.cpp:1751:51:1751:51 | Address | Operand 'Address' is not dominated by its definition in function '$@'. | ir.cpp:1750:5:1750:34 | int implicit_copy_constructor_test(CopyConstructorTestNonVirtualClass const&, CopyConstructorTestVirtualClass const&) | int implicit_copy_constructor_test(CopyConstructorTestNonVirtualClass const&, CopyConstructorTestVirtualClass const&) |
| ir.cpp:1752:48:1752:48 | Address | Operand 'Address' is not dominated by its definition in function '$@'. | ir.cpp:1750:5:1750:34 | int implicit_copy_constructor_test(CopyConstructorTestNonVirtualClass const&, CopyConstructorTestVirtualClass const&) | int implicit_copy_constructor_test(CopyConstructorTestNonVirtualClass const&, CopyConstructorTestVirtualClass const&) |
| try_except.c:13:13:13:13 | Left | Operand 'Left' is not dominated by its definition in function '$@'. | try_except.c:6:6:6:6 | void f() | void f() |
| try_except.c:13:13:13:13 | Left | Operand 'Left' is not dominated by its definition in function '$@'. | try_except.c:6:6:6:6 | void f() | void f() |
| try_except.c:39:15:39:15 | Left | Operand 'Left' is not dominated by its definition in function '$@'. | try_except.c:32:6:32:6 | void h(int) | void h(int) |
| try_except.c:39:15:39:15 | Left | Operand 'Left' is not dominated by its definition in function '$@'. | try_except.c:32:6:32:6 | void h(int) | void h(int) |
| try_except.cpp:13:13:13:13 | Left | Operand 'Left' is not dominated by its definition in function '$@'. | try_except.cpp:6:6:6:10 | void f_cpp() | void f_cpp() |
| try_except.cpp:13:13:13:13 | Left | Operand 'Left' is not dominated by its definition in function '$@'. | try_except.cpp:6:6:6:10 | void f_cpp() | void f_cpp() |
| try_except.cpp:39:15:39:15 | Left | Operand 'Left' is not dominated by its definition in function '$@'. | try_except.cpp:32:6:32:10 | void h_cpp(int) | void h_cpp(int) |
| try_except.cpp:39:15:39:15 | Left | Operand 'Left' is not dominated by its definition in function '$@'. | try_except.cpp:32:6:32:10 | void h_cpp(int) | void h_cpp(int) |
switchInstructionWithoutDefaultEdge
notMarkedAsConflated
wronglyMarkedAsConflated

387
cpp/ql/test/library-tests/ir/ir/raw_ir.expected
View File

@@ -10410,3 +10410,390 @@ struct_init.cpp:
# 36| v36_9(void) = ReturnVoid :
# 36| v36_10(void) = AliasedUse : ~m?
# 36| v36_11(void) = ExitFunction :
try_except.c:
# 6| void f()
# 6| Block 0
# 6| v6_1(void) = EnterFunction :
# 6| mu6_2(unknown) = AliasedDefinition :
# 6| mu6_3(unknown) = InitializeNonLocal :
# 7| r7_1(glval<int>) = VariableAddress[x] :
# 7| mu7_2(int) = Uninitialized[x] : &:r7_1
# 7| r7_3(glval<int>) = VariableAddress[y] :
# 7| r7_4(int) = Constant[0] :
# 7| mu7_5(int) = Store[y] : &:r7_3, r7_4
# 9| r9_1(glval<unknown>) = FunctionAddress[ProbeFunction] :
# 9| r9_2(int) = Constant[0] :
# 9| v9_3(void) = Call[ProbeFunction] : func:r9_1, 0:r9_2
# 9| mu9_4(unknown) = ^CallSideEffect : ~m?
# 10| r10_1(glval<int>) = VariableAddress[y] :
# 10| r10_2(int) = Load[y] : &:r10_1, ~m?
# 10| r10_3(glval<int>) = VariableAddress[x] :
# 10| mu10_4(int) = Store[x] : &:r10_3, r10_2
# 11| r11_1(glval<unknown>) = FunctionAddress[ProbeFunction] :
# 11| r11_2(int) = Constant[0] :
# 11| v11_3(void) = Call[ProbeFunction] : func:r11_1, 0:r11_2
# 11| mu11_4(unknown) = ^CallSideEffect : ~m?
#-----| Goto -> Block 6
# 13| Block 1
# 13| r13_1(int) = Constant[0] :
# 13| r13_2(bool) = CompareEQ : r13_8, r13_1
# 13| v13_3(void) = ConditionalBranch : r13_2
#-----| False -> Block 2
#-----| True -> Block 3
# 13| Block 2
# 13| r13_4(int) = Constant[1] :
# 13| r13_5(bool) = CompareEQ : r13_8, r13_4
# 13| v13_6(void) = ConditionalBranch : r13_5
#-----| True -> Block 5
# 13| Block 3
# 13| v13_7(void) = Unwind :
#-----| Goto -> Block 6
# 13| Block 4
# 13| r13_8(int) = Constant[0] :
# 13| r13_9(int) = Constant[-1] :
# 13| r13_10(bool) = CompareEQ : r13_8, r13_9
# 13| v13_11(void) = ConditionalBranch : r13_10
#-----| False -> Block 1
#-----| True -> Block 3
# 14| Block 5
# 14| r14_1(glval<unknown>) = FunctionAddress[sink] :
# 14| r14_2(glval<int>) = VariableAddress[x] :
# 14| r14_3(int) = Load[x] : &:r14_2, ~m?
# 14| v14_4(void) = Call[sink] : func:r14_1, 0:r14_3
# 14| mu14_5(unknown) = ^CallSideEffect : ~m?
#-----| Goto -> Block 6
# 16| Block 6
# 16| v16_1(void) = NoOp :
# 6| v6_4(void) = ReturnVoid :
# 6| v6_5(void) = AliasedUse : ~m?
# 6| v6_6(void) = ExitFunction :
# 18| void g()
# 18| Block 0
# 18| v18_1(void) = EnterFunction :
# 18| mu18_2(unknown) = AliasedDefinition :
# 18| mu18_3(unknown) = InitializeNonLocal :
# 19| r19_1(glval<int>) = VariableAddress[x] :
# 19| mu19_2(int) = Uninitialized[x] : &:r19_1
# 19| r19_3(glval<int>) = VariableAddress[y] :
# 19| r19_4(int) = Constant[0] :
# 19| mu19_5(int) = Store[y] : &:r19_3, r19_4
# 21| r21_1(glval<unknown>) = FunctionAddress[ProbeFunction] :
# 21| r21_2(int) = Constant[0] :
# 21| v21_3(void) = Call[ProbeFunction] : func:r21_1, 0:r21_2
# 21| mu21_4(unknown) = ^CallSideEffect : ~m?
# 22| r22_1(glval<int>) = VariableAddress[y] :
# 22| r22_2(int) = Load[y] : &:r22_1, ~m?
# 22| r22_3(glval<int>) = VariableAddress[x] :
# 22| mu22_4(int) = Store[x] : &:r22_3, r22_2
# 23| r23_1(glval<unknown>) = FunctionAddress[ProbeFunction] :
# 23| r23_2(int) = Constant[0] :
# 23| v23_3(void) = Call[ProbeFunction] : func:r23_1, 0:r23_2
# 23| mu23_4(unknown) = ^CallSideEffect : ~m?
# 26| r26_1(glval<unknown>) = FunctionAddress[sink] :
# 26| r26_2(glval<int>) = VariableAddress[x] :
# 26| r26_3(int) = Load[x] : &:r26_2, ~m?
# 26| v26_4(void) = Call[sink] : func:r26_1, 0:r26_3
# 26| mu26_5(unknown) = ^CallSideEffect : ~m?
# 28| v28_1(void) = NoOp :
# 18| v18_4(void) = ReturnVoid :
# 18| v18_5(void) = AliasedUse : ~m?
# 18| v18_6(void) = ExitFunction :
# 32| void h(int)
# 32| Block 0
# 32| v32_1(void) = EnterFunction :
# 32| mu32_2(unknown) = AliasedDefinition :
# 32| mu32_3(unknown) = InitializeNonLocal :
# 32| r32_4(glval<int>) = VariableAddress[b] :
# 32| mu32_5(int) = InitializeParameter[b] : &:r32_4
# 33| r33_1(glval<int>) = VariableAddress[x] :
# 33| r33_2(int) = Constant[0] :
# 33| mu33_3(int) = Store[x] : &:r33_1, r33_2
# 35| r35_1(glval<int>) = VariableAddress[b] :
# 35| r35_2(int) = Load[b] : &:r35_1, ~m?
# 35| v35_3(void) = ConditionalBranch : r35_2
#-----| False -> Block 7
#-----| True -> Block 1
# 36| Block 1
# 36| r36_1(glval<unknown>) = FunctionAddress[AfxThrowMemoryException] :
# 36| v36_2(void) = Call[AfxThrowMemoryException] : func:r36_1
# 36| mu36_3(unknown) = ^CallSideEffect : ~m?
#-----| Goto -> Block 7
# 39| Block 2
# 39| r39_1(int) = Constant[0] :
# 39| r39_2(bool) = CompareEQ : r39_8, r39_1
# 39| v39_3(void) = ConditionalBranch : r39_2
#-----| False -> Block 3
#-----| True -> Block 4
# 39| Block 3
# 39| r39_4(int) = Constant[1] :
# 39| r39_5(bool) = CompareEQ : r39_8, r39_4
# 39| v39_6(void) = ConditionalBranch : r39_5
#-----| True -> Block 6
# 39| Block 4
# 39| v39_7(void) = Unwind :
#-----| Goto -> Block 7
# 39| Block 5
# 39| r39_8(int) = Constant[1] :
# 39| r39_9(int) = Constant[-1] :
# 39| r39_10(bool) = CompareEQ : r39_8, r39_9
# 39| v39_11(void) = ConditionalBranch : r39_10
#-----| False -> Block 2
#-----| True -> Block 4
# 40| Block 6
# 40| r40_1(glval<unknown>) = FunctionAddress[sink] :
# 40| r40_2(glval<int>) = VariableAddress[x] :
# 40| r40_3(int) = Load[x] : &:r40_2, ~m?
# 40| v40_4(void) = Call[sink] : func:r40_1, 0:r40_3
# 40| mu40_5(unknown) = ^CallSideEffect : ~m?
#-----| Goto -> Block 7
# 42| Block 7
# 42| v42_1(void) = NoOp :
# 32| v32_6(void) = ReturnVoid :
# 32| v32_7(void) = AliasedUse : ~m?
# 32| v32_8(void) = ExitFunction :
try_except.cpp:
# 6| void f_cpp()
# 6| Block 0
# 6| v6_1(void) = EnterFunction :
# 6| mu6_2(unknown) = AliasedDefinition :
# 6| mu6_3(unknown) = InitializeNonLocal :
# 7| r7_1(glval<int>) = VariableAddress[x] :
# 7| mu7_2(int) = Uninitialized[x] : &:r7_1
# 7| r7_3(glval<int>) = VariableAddress[y] :
# 7| r7_4(int) = Constant[0] :
# 7| mu7_5(int) = Store[y] : &:r7_3, r7_4
# 9| r9_1(glval<unknown>) = FunctionAddress[ProbeFunction] :
# 9| r9_2(int) = Constant[0] :
# 9| v9_3(void) = Call[ProbeFunction] : func:r9_1, 0:r9_2
# 9| mu9_4(unknown) = ^CallSideEffect : ~m?
# 10| r10_1(glval<int>) = VariableAddress[y] :
# 10| r10_2(int) = Load[y] : &:r10_1, ~m?
# 10| r10_3(glval<int>) = VariableAddress[x] :
# 10| mu10_4(int) = Store[x] : &:r10_3, r10_2
# 11| r11_1(glval<unknown>) = FunctionAddress[ProbeFunction] :
# 11| r11_2(int) = Constant[0] :
# 11| v11_3(void) = Call[ProbeFunction] : func:r11_1, 0:r11_2
# 11| mu11_4(unknown) = ^CallSideEffect : ~m?
#-----| Goto -> Block 6
# 13| Block 1
# 13| r13_1(int) = Constant[0] :
# 13| r13_2(bool) = CompareEQ : r13_8, r13_1
# 13| v13_3(void) = ConditionalBranch : r13_2
#-----| False -> Block 2
#-----| True -> Block 3
# 13| Block 2
# 13| r13_4(int) = Constant[1] :
# 13| r13_5(bool) = CompareEQ : r13_8, r13_4
# 13| v13_6(void) = ConditionalBranch : r13_5
#-----| True -> Block 5
# 13| Block 3
# 13| v13_7(void) = Unwind :
#-----| Goto -> Block 6
# 13| Block 4
# 13| r13_8(int) = Constant[0] :
# 13| r13_9(int) = Constant[-1] :
# 13| r13_10(bool) = CompareEQ : r13_8, r13_9
# 13| v13_11(void) = ConditionalBranch : r13_10
#-----| False -> Block 1
#-----| True -> Block 3
# 14| Block 5
# 14| r14_1(glval<unknown>) = FunctionAddress[sink] :
# 14| r14_2(glval<int>) = VariableAddress[x] :
# 14| r14_3(int) = Load[x] : &:r14_2, ~m?
# 14| v14_4(void) = Call[sink] : func:r14_1, 0:r14_3
# 14| mu14_5(unknown) = ^CallSideEffect : ~m?
#-----| Goto -> Block 6
# 16| Block 6
# 16| v16_1(void) = NoOp :
# 6| v6_4(void) = ReturnVoid :
# 6| v6_5(void) = AliasedUse : ~m?
# 6| v6_6(void) = ExitFunction :
# 18| void g_cpp()
# 18| Block 0
# 18| v18_1(void) = EnterFunction :
# 18| mu18_2(unknown) = AliasedDefinition :
# 18| mu18_3(unknown) = InitializeNonLocal :
# 19| r19_1(glval<int>) = VariableAddress[x] :
# 19| mu19_2(int) = Uninitialized[x] : &:r19_1
# 19| r19_3(glval<int>) = VariableAddress[y] :
# 19| r19_4(int) = Constant[0] :
# 19| mu19_5(int) = Store[y] : &:r19_3, r19_4
# 21| r21_1(glval<unknown>) = FunctionAddress[ProbeFunction] :
# 21| r21_2(int) = Constant[0] :
# 21| v21_3(void) = Call[ProbeFunction] : func:r21_1, 0:r21_2
# 21| mu21_4(unknown) = ^CallSideEffect : ~m?
# 22| r22_1(glval<int>) = VariableAddress[y] :
# 22| r22_2(int) = Load[y] : &:r22_1, ~m?
# 22| r22_3(glval<int>) = VariableAddress[x] :
# 22| mu22_4(int) = Store[x] : &:r22_3, r22_2
# 23| r23_1(glval<unknown>) = FunctionAddress[ProbeFunction] :
# 23| r23_2(int) = Constant[0] :
# 23| v23_3(void) = Call[ProbeFunction] : func:r23_1, 0:r23_2
# 23| mu23_4(unknown) = ^CallSideEffect : ~m?
# 26| r26_1(glval<unknown>) = FunctionAddress[sink] :
# 26| r26_2(glval<int>) = VariableAddress[x] :
# 26| r26_3(int) = Load[x] : &:r26_2, ~m?
# 26| v26_4(void) = Call[sink] : func:r26_1, 0:r26_3
# 26| mu26_5(unknown) = ^CallSideEffect : ~m?
# 28| v28_1(void) = NoOp :
# 18| v18_4(void) = ReturnVoid :
# 18| v18_5(void) = AliasedUse : ~m?
# 18| v18_6(void) = ExitFunction :
# 32| void h_cpp(int)
# 32| Block 0
# 32| v32_1(void) = EnterFunction :
# 32| mu32_2(unknown) = AliasedDefinition :
# 32| mu32_3(unknown) = InitializeNonLocal :
# 32| r32_4(glval<int>) = VariableAddress[b] :
# 32| mu32_5(int) = InitializeParameter[b] : &:r32_4
# 33| r33_1(glval<int>) = VariableAddress[x] :
# 33| r33_2(int) = Constant[0] :
# 33| mu33_3(int) = Store[x] : &:r33_1, r33_2
# 35| r35_1(glval<int>) = VariableAddress[b] :
# 35| r35_2(int) = Load[b] : &:r35_1, ~m?
# 35| r35_3(int) = Constant[0] :
# 35| r35_4(bool) = CompareNE : r35_2, r35_3
# 35| v35_5(void) = ConditionalBranch : r35_4
#-----| False -> Block 7
#-----| True -> Block 1
# 36| Block 1
# 36| r36_1(glval<unknown>) = FunctionAddress[AfxThrowMemoryException] :
# 36| v36_2(void) = Call[AfxThrowMemoryException] : func:r36_1
# 36| mu36_3(unknown) = ^CallSideEffect : ~m?
#-----| Goto -> Block 7
# 39| Block 2
# 39| r39_1(int) = Constant[0] :
# 39| r39_2(bool) = CompareEQ : r39_8, r39_1
# 39| v39_3(void) = ConditionalBranch : r39_2
#-----| False -> Block 3
#-----| True -> Block 4
# 39| Block 3
# 39| r39_4(int) = Constant[1] :
# 39| r39_5(bool) = CompareEQ : r39_8, r39_4
# 39| v39_6(void) = ConditionalBranch : r39_5
#-----| True -> Block 6
# 39| Block 4
# 39| v39_7(void) = Unwind :
#-----| Goto -> Block 7
# 39| Block 5
# 39| r39_8(int) = Constant[1] :
# 39| r39_9(int) = Constant[-1] :
# 39| r39_10(bool) = CompareEQ : r39_8, r39_9
# 39| v39_11(void) = ConditionalBranch : r39_10
#-----| False -> Block 2
#-----| True -> Block 4
# 40| Block 6
# 40| r40_1(glval<unknown>) = FunctionAddress[sink] :
# 40| r40_2(glval<int>) = VariableAddress[x] :
# 40| r40_3(int) = Load[x] : &:r40_2, ~m?
# 40| v40_4(void) = Call[sink] : func:r40_1, 0:r40_3
# 40| mu40_5(unknown) = ^CallSideEffect : ~m?
#-----| Goto -> Block 7
# 42| Block 7
# 42| v42_1(void) = NoOp :
# 32| v32_6(void) = ReturnVoid :
# 32| v32_7(void) = AliasedUse : ~m?
# 32| v32_8(void) = ExitFunction :
# 44| void throw_cpp(int)
# 44| Block 0
# 44| v44_1(void) = EnterFunction :
# 44| mu44_2(unknown) = AliasedDefinition :
# 44| mu44_3(unknown) = InitializeNonLocal :
# 44| r44_4(glval<int>) = VariableAddress[b] :
# 44| mu44_5(int) = InitializeParameter[b] : &:r44_4
# 45| r45_1(glval<int>) = VariableAddress[x] :
# 45| r45_2(int) = Constant[0] :
# 45| mu45_3(int) = Store[x] : &:r45_1, r45_2
# 47| r47_1(glval<int>) = VariableAddress[b] :
# 47| r47_2(int) = Load[b] : &:r47_1, ~m?
# 47| r47_3(int) = Constant[0] :
# 47| r47_4(bool) = CompareNE : r47_2, r47_3
# 47| v47_5(void) = ConditionalBranch : r47_4
#-----| False -> Block 9
#-----| True -> Block 3
# 44| Block 1
# 44| v44_6(void) = AliasedUse : ~m?
# 44| v44_7(void) = ExitFunction :
# 44| Block 2
# 44| v44_8(void) = Unwind :
#-----| Goto -> Block 1
# 48| Block 3
# 48| r48_1(glval<int>) = VariableAddress[#throw48:13] :
# 48| r48_2(int) = Constant[1] :
# 48| mu48_3(int) = Store[#throw48:13] : &:r48_1, r48_2
# 48| v48_4(void) = ThrowValue : &:r48_1, ~m?
#-----| Exception -> Block 7
# 51| Block 4
# 51| r51_1(int) = Constant[0] :
# 51| r51_2(bool) = CompareEQ : r51_8, r51_1
# 51| v51_3(void) = ConditionalBranch : r51_2
#-----| False -> Block 5
#-----| True -> Block 6
# 51| Block 5
# 51| r51_4(int) = Constant[1] :
# 51| r51_5(bool) = CompareEQ : r51_8, r51_4
# 51| v51_6(void) = ConditionalBranch : r51_5
#-----| True -> Block 8
# 51| Block 6
# 51| v51_7(void) = Unwind :
#-----| Goto -> Block 9
# 51| Block 7
# 51| r51_8(int) = Constant[1] :
# 51| r51_9(int) = Constant[-1] :
# 51| r51_10(bool) = CompareEQ : r51_8, r51_9
# 51| v51_11(void) = ConditionalBranch : r51_10
#-----| False -> Block 4
#-----| True -> Block 6
# 52| Block 8
# 52| r52_1(glval<unknown>) = FunctionAddress[sink] :
# 52| r52_2(glval<int>) = VariableAddress[x] :
# 52| r52_3(int) = Load[x] : &:r52_2, ~m?
# 52| v52_4(void) = Call[sink] : func:r52_1, 0:r52_3
# 52| mu52_5(unknown) = ^CallSideEffect : ~m?
#-----| Goto -> Block 9
# 54| Block 9
# 54| v54_1(void) = NoOp :
# 44| v44_9(void) = ReturnVoid :
#-----| Goto -> Block 1

42
cpp/ql/test/library-tests/ir/ir/try_except.c Normal file
View File

@@ -0,0 +1,42 @@
// semmle-extractor-options: --microsoft
void ProbeFunction();
void sink();
void f() {
int x, y = 0;
__try {
ProbeFunction(0);
x = y;
ProbeFunction(0);
}
__except (0) {
sink(x);
}
}
void g() {
int x, y = 0;
__try {
ProbeFunction(0);
x = y;
ProbeFunction(0);
}
__finally {
sink(x);
}
}
void AfxThrowMemoryException();
void h(int b) {
int x = 0;
__try {
if (b) {
AfxThrowMemoryException();
}
}
__except (1) {
sink(x);
}
}

54
cpp/ql/test/library-tests/ir/ir/try_except.cpp Normal file
View File

@@ -0,0 +1,54 @@
// semmle-extractor-options: --microsoft
void ProbeFunction(...);
void sink(...);
void f_cpp() {
int x, y = 0;
__try {
ProbeFunction(0);
x = y;
ProbeFunction(0);
}
__except (0) {
sink(x);
}
}
void g_cpp() {
int x, y = 0;
__try {
ProbeFunction(0);
x = y;
ProbeFunction(0);
}
__finally {
sink(x);
}
}
void AfxThrowMemoryException();
void h_cpp(int b) {
int x = 0;
__try {
if (b) {
AfxThrowMemoryException();
}
}
__except (1) {
sink(x);
}
}
void throw_cpp(int b) {
int x = 0;
__try {
if (b) {
throw 1;
}
}
__except (1) {
sink(x);
}
}

6
cpp/ql/test/library-tests/syntax-zoo/aliased_ssa_consistency.expected
View File

@@ -13,10 +13,8 @@ instructionWithoutSuccessor
| condition_decls.cpp:41:22:41:23 | Chi: call to BoxedInt | Instruction 'Chi: call to BoxedInt' has no successors in function '$@'. | condition_decls.cpp:40:6:40:20 | void while_decl_bind(int) | void while_decl_bind(int) |
| condition_decls.cpp:48:52:48:53 | Chi: call to BoxedInt | Instruction 'Chi: call to BoxedInt' has no successors in function '$@'. | condition_decls.cpp:47:6:47:18 | void for_decl_bind(int) | void for_decl_bind(int) |
| misc.c:171:10:171:13 | Uninitialized: definition of str2 | Instruction 'Uninitialized: definition of str2' has no successors in function '$@'. | misc.c:168:6:168:8 | void vla() | void vla() |
| ms_try_except.cpp:3:9:3:9 | Uninitialized: definition of x | Instruction 'Uninitialized: definition of x' has no successors in function '$@'. | ms_try_except.cpp:2:6:2:18 | void ms_try_except(int) | void ms_try_except(int) |
| ms_try_mix.cpp:11:12:11:15 | Chi: call to C | Instruction 'Chi: call to C' has no successors in function '$@'. | ms_try_mix.cpp:10:6:10:18 | void ms_except_mix(int) | void ms_except_mix(int) |
| ms_try_mix.cpp:28:12:28:15 | Chi: call to C | Instruction 'Chi: call to C' has no successors in function '$@'. | ms_try_mix.cpp:27:6:27:19 | void ms_finally_mix(int) | void ms_finally_mix(int) |
| ms_try_mix.cpp:48:10:48:13 | Chi: call to C | Instruction 'Chi: call to C' has no successors in function '$@'. | ms_try_mix.cpp:47:6:47:28 | void ms_empty_finally_at_end() | void ms_empty_finally_at_end() |
| ms_try_mix.cpp:33:13:33:19 | ThrowValue: throw ... | Instruction 'ThrowValue: throw ...' has no successors in function '$@'. | ms_try_mix.cpp:27:6:27:19 | void ms_finally_mix(int) | void ms_finally_mix(int) |
| ms_try_mix.cpp:51:5:51:11 | ThrowValue: throw ... | Instruction 'ThrowValue: throw ...' has no successors in function '$@'. | ms_try_mix.cpp:47:6:47:28 | void ms_empty_finally_at_end() | void ms_empty_finally_at_end() |
| stmt_expr.cpp:27:5:27:15 | Store: ... = ... | Instruction 'Store: ... = ...' has no successors in function '$@'. | stmt_expr.cpp:21:6:21:6 | void stmtexpr::g(int) | void stmtexpr::g(int) |
| vla.c:5:9:5:14 | Uninitialized: definition of matrix | Instruction 'Uninitialized: definition of matrix' has no successors in function '$@'. | vla.c:3:5:3:8 | int main(int, char**) | int main(int, char**) |
| vla.c:11:6:11:16 | Chi: vla_typedef | Instruction 'Chi: vla_typedef' has no successors in function '$@'. | vla.c:11:6:11:16 | void vla_typedef() | void vla_typedef() |

22
cpp/ql/test/library-tests/syntax-zoo/dataflow-ir-consistency.expected
View File

@@ -2316,12 +2316,34 @@ postWithInFlow
| ms_assume.cpp:28:18:28:23 | buffer [post update] | PostUpdateNode should not be the target of local flow. |
| ms_assume.cpp:28:18:28:23 | buffer [post update] | PostUpdateNode should not be the target of local flow. |
| ms_assume.cpp:34:1:34:1 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_except.cpp:7:13:7:13 | x [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_except.cpp:14:13:14:13 | x [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_except.cpp:17:13:17:13 | x [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:11:7:11:10 | Argument this [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:11:7:11:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:14:11:14:14 | Argument this [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:14:11:14:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:16:13:16:19 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:18:11:18:14 | Argument this [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:18:11:18:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:21:11:21:14 | Argument this [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:21:11:21:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:24:7:24:10 | Argument this [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:24:7:24:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:28:7:28:10 | Argument this [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:28:7:28:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:31:11:31:14 | Argument this [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:31:11:31:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:33:13:33:19 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:35:11:35:14 | Argument this [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:35:11:35:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:38:11:38:14 | Argument this [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:38:11:38:14 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:41:7:41:10 | Argument this [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:41:7:41:10 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:48:5:48:8 | Argument this [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:48:5:48:8 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| ms_try_mix.cpp:51:5:51:11 | VariableAddress [post update] | PostUpdateNode should not be the target of local flow. |
| newexpr.cpp:8:2:8:20 | Call [post update] | PostUpdateNode should not be the target of local flow. |
| newexpr.cpp:8:2:8:20 | new [post update] | PostUpdateNode should not be the target of local flow. |
| newexpr.cpp:8:2:8:20 | new [post update] | PostUpdateNode should not be the target of local flow. |

22
cpp/ql/test/library-tests/syntax-zoo/raw_consistency.expected
View File

@@ -31,26 +31,8 @@ instructionWithoutSuccessor
| misc.c:174:17:174:22 | CallSideEffect: call to getInt | Instruction 'CallSideEffect: call to getInt' has no successors in function '$@'. | misc.c:168:6:168:8 | void vla() | void vla() |
| misc.c:174:30:174:35 | CallSideEffect: call to getInt | Instruction 'CallSideEffect: call to getInt' has no successors in function '$@'. | misc.c:168:6:168:8 | void vla() | void vla() |
| misc.c:174:55:174:60 | Store: (char ****)... | Instruction 'Store: (char ****)...' has no successors in function '$@'. | misc.c:168:6:168:8 | void vla() | void vla() |
| ms_try_except.cpp:3:9:3:9 | Uninitialized: definition of x | Instruction 'Uninitialized: definition of x' has no successors in function '$@'. | ms_try_except.cpp:2:6:2:18 | void ms_try_except(int) | void ms_try_except(int) |
| ms_try_except.cpp:7:13:7:17 | Store: ... = ... | Instruction 'Store: ... = ...' has no successors in function '$@'. | ms_try_except.cpp:2:6:2:18 | void ms_try_except(int) | void ms_try_except(int) |
| ms_try_except.cpp:9:19:9:19 | Load: j | Instruction 'Load: j' has no successors in function '$@'. | ms_try_except.cpp:2:6:2:18 | void ms_try_except(int) | void ms_try_except(int) |
| ms_try_except.cpp:10:13:10:17 | Store: ... = ... | Instruction 'Store: ... = ...' has no successors in function '$@'. | ms_try_except.cpp:2:6:2:18 | void ms_try_except(int) | void ms_try_except(int) |
| ms_try_except.cpp:14:13:14:17 | Store: ... = ... | Instruction 'Store: ... = ...' has no successors in function '$@'. | ms_try_except.cpp:2:6:2:18 | void ms_try_except(int) | void ms_try_except(int) |
| ms_try_except.cpp:17:13:17:17 | Store: ... = ... | Instruction 'Store: ... = ...' has no successors in function '$@'. | ms_try_except.cpp:2:6:2:18 | void ms_try_except(int) | void ms_try_except(int) |
| ms_try_except.cpp:19:17:19:21 | Sub: ... - ... | Instruction 'Sub: ... - ...' has no successors in function '$@'. | ms_try_except.cpp:2:6:2:18 | void ms_try_except(int) | void ms_try_except(int) |
| ms_try_except.cpp:20:9:20:13 | Store: ... = ... | Instruction 'Store: ... = ...' has no successors in function '$@'. | ms_try_except.cpp:2:6:2:18 | void ms_try_except(int) | void ms_try_except(int) |
| ms_try_mix.cpp:11:12:11:15 | IndirectMayWriteSideEffect: call to C | Instruction 'IndirectMayWriteSideEffect: call to C' has no successors in function '$@'. | ms_try_mix.cpp:10:6:10:18 | void ms_except_mix(int) | void ms_except_mix(int) |
| ms_try_mix.cpp:16:13:16:19 | ThrowValue: throw ... | Instruction 'ThrowValue: throw ...' has no successors in function '$@'. | ms_try_mix.cpp:10:6:10:18 | void ms_except_mix(int) | void ms_except_mix(int) |
| ms_try_mix.cpp:18:16:18:19 | IndirectMayWriteSideEffect: call to C | Instruction 'IndirectMayWriteSideEffect: call to C' has no successors in function '$@'. | ms_try_mix.cpp:10:6:10:18 | void ms_except_mix(int) | void ms_except_mix(int) |
| ms_try_mix.cpp:20:15:20:39 | Constant: 1 | Instruction 'Constant: 1' has no successors in function '$@'. | ms_try_mix.cpp:10:6:10:18 | void ms_except_mix(int) | void ms_except_mix(int) |
| ms_try_mix.cpp:21:16:21:19 | IndirectMayWriteSideEffect: call to C | Instruction 'IndirectMayWriteSideEffect: call to C' has no successors in function '$@'. | ms_try_mix.cpp:10:6:10:18 | void ms_except_mix(int) | void ms_except_mix(int) |
| ms_try_mix.cpp:28:12:28:15 | IndirectMayWriteSideEffect: call to C | Instruction 'IndirectMayWriteSideEffect: call to C' has no successors in function '$@'. | ms_try_mix.cpp:27:6:27:19 | void ms_finally_mix(int) | void ms_finally_mix(int) |
| ms_try_mix.cpp:33:13:33:19 | ThrowValue: throw ... | Instruction 'ThrowValue: throw ...' has no successors in function '$@'. | ms_try_mix.cpp:27:6:27:19 | void ms_finally_mix(int) | void ms_finally_mix(int) |
| ms_try_mix.cpp:35:16:35:19 | IndirectMayWriteSideEffect: call to C | Instruction 'IndirectMayWriteSideEffect: call to C' has no successors in function '$@'. | ms_try_mix.cpp:27:6:27:19 | void ms_finally_mix(int) | void ms_finally_mix(int) |
| ms_try_mix.cpp:38:16:38:19 | IndirectMayWriteSideEffect: call to C | Instruction 'IndirectMayWriteSideEffect: call to C' has no successors in function '$@'. | ms_try_mix.cpp:27:6:27:19 | void ms_finally_mix(int) | void ms_finally_mix(int) |
| ms_try_mix.cpp:48:10:48:13 | IndirectMayWriteSideEffect: call to C | Instruction 'IndirectMayWriteSideEffect: call to C' has no successors in function '$@'. | ms_try_mix.cpp:47:6:47:28 | void ms_empty_finally_at_end() | void ms_empty_finally_at_end() |
| ms_try_mix.cpp:51:5:51:11 | ThrowValue: throw ... | Instruction 'ThrowValue: throw ...' has no successors in function '$@'. | ms_try_mix.cpp:47:6:47:28 | void ms_empty_finally_at_end() | void ms_empty_finally_at_end() |
| ms_try_mix.cpp:53:13:54:3 | NoOp: { ... } | Instruction 'NoOp: { ... }' has no successors in function '$@'. | ms_try_mix.cpp:47:6:47:28 | void ms_empty_finally_at_end() | void ms_empty_finally_at_end() |
| stmt_expr.cpp:27:5:27:15 | Store: ... = ... | Instruction 'Store: ... = ...' has no successors in function '$@'. | stmt_expr.cpp:21:6:21:6 | void stmtexpr::g(int) | void stmtexpr::g(int) |
| stmt_expr.cpp:29:11:32:11 | CopyValue: (statement expression) | Instruction 'CopyValue: (statement expression)' has no successors in function '$@'. | stmt_expr.cpp:21:6:21:6 | void stmtexpr::g(int) | void stmtexpr::g(int) |
| stmt_in_type.cpp:5:53:5:53 | Constant: 1 | Instruction 'Constant: 1' has no successors in function '$@'. | stmt_in_type.cpp:2:6:2:12 | void cpp_fun() | void cpp_fun() |
@@ -135,6 +117,10 @@ backEdgeCountMismatch
useNotDominatedByDefinition
| VacuousDestructorCall.cpp:2:29:2:29 | Address | Operand 'Address' is not dominated by its definition in function '$@'. | VacuousDestructorCall.cpp:2:6:2:6 | void CallDestructor<int>(int, int*) | void CallDestructor<int>(int, int*) |
| misc.c:219:47:219:48 | Address | Operand 'Address' is not dominated by its definition in function '$@'. | misc.c:219:5:219:26 | int assign_designated_init(someStruct*) | int assign_designated_init(someStruct*) |
| ms_try_except.cpp:9:19:9:19 | Left | Operand 'Left' is not dominated by its definition in function '$@'. | ms_try_except.cpp:2:6:2:18 | void ms_try_except(int) | void ms_try_except(int) |
| ms_try_except.cpp:9:19:9:19 | Left | Operand 'Left' is not dominated by its definition in function '$@'. | ms_try_except.cpp:2:6:2:18 | void ms_try_except(int) | void ms_try_except(int) |
| ms_try_except.cpp:19:17:19:21 | Left | Operand 'Left' is not dominated by its definition in function '$@'. | ms_try_except.cpp:2:6:2:18 | void ms_try_except(int) | void ms_try_except(int) |
| ms_try_except.cpp:19:17:19:21 | Left | Operand 'Left' is not dominated by its definition in function '$@'. | ms_try_except.cpp:2:6:2:18 | void ms_try_except(int) | void ms_try_except(int) |
| static_init_templates.cpp:15:1:15:18 | Address | Operand 'Address' is not dominated by its definition in function '$@'. | static_init_templates.cpp:15:1:15:18 | void MyClass::MyClass() | void MyClass::MyClass() |
| try_catch.cpp:21:9:21:9 | Address | Operand 'Address' is not dominated by its definition in function '$@'. | try_catch.cpp:19:6:19:23 | void throw_from_nonstmt(int) | void throw_from_nonstmt(int) |
| vla.c:3:27:3:30 | Address | Operand 'Address' is not dominated by its definition in function '$@'. | vla.c:3:5:3:8 | int main(int, char**) | int main(int, char**) |

6
cpp/ql/test/library-tests/syntax-zoo/unaliased_ssa_consistency.expected
View File

@@ -13,10 +13,8 @@ instructionWithoutSuccessor
| condition_decls.cpp:41:22:41:23 | IndirectMayWriteSideEffect: call to BoxedInt | Instruction 'IndirectMayWriteSideEffect: call to BoxedInt' has no successors in function '$@'. | condition_decls.cpp:40:6:40:20 | void while_decl_bind(int) | void while_decl_bind(int) |
| condition_decls.cpp:48:52:48:53 | IndirectMayWriteSideEffect: call to BoxedInt | Instruction 'IndirectMayWriteSideEffect: call to BoxedInt' has no successors in function '$@'. | condition_decls.cpp:47:6:47:18 | void for_decl_bind(int) | void for_decl_bind(int) |
| misc.c:171:10:171:13 | Uninitialized: definition of str2 | Instruction 'Uninitialized: definition of str2' has no successors in function '$@'. | misc.c:168:6:168:8 | void vla() | void vla() |
| ms_try_except.cpp:3:9:3:9 | Uninitialized: definition of x | Instruction 'Uninitialized: definition of x' has no successors in function '$@'. | ms_try_except.cpp:2:6:2:18 | void ms_try_except(int) | void ms_try_except(int) |
| ms_try_mix.cpp:11:12:11:15 | IndirectMayWriteSideEffect: call to C | Instruction 'IndirectMayWriteSideEffect: call to C' has no successors in function '$@'. | ms_try_mix.cpp:10:6:10:18 | void ms_except_mix(int) | void ms_except_mix(int) |
| ms_try_mix.cpp:28:12:28:15 | IndirectMayWriteSideEffect: call to C | Instruction 'IndirectMayWriteSideEffect: call to C' has no successors in function '$@'. | ms_try_mix.cpp:27:6:27:19 | void ms_finally_mix(int) | void ms_finally_mix(int) |
| ms_try_mix.cpp:48:10:48:13 | IndirectMayWriteSideEffect: call to C | Instruction 'IndirectMayWriteSideEffect: call to C' has no successors in function '$@'. | ms_try_mix.cpp:47:6:47:28 | void ms_empty_finally_at_end() | void ms_empty_finally_at_end() |
| ms_try_mix.cpp:33:13:33:19 | ThrowValue: throw ... | Instruction 'ThrowValue: throw ...' has no successors in function '$@'. | ms_try_mix.cpp:27:6:27:19 | void ms_finally_mix(int) | void ms_finally_mix(int) |
| ms_try_mix.cpp:51:5:51:11 | ThrowValue: throw ... | Instruction 'ThrowValue: throw ...' has no successors in function '$@'. | ms_try_mix.cpp:47:6:47:28 | void ms_empty_finally_at_end() | void ms_empty_finally_at_end() |
| stmt_expr.cpp:27:5:27:15 | Store: ... = ... | Instruction 'Store: ... = ...' has no successors in function '$@'. | stmt_expr.cpp:21:6:21:6 | void stmtexpr::g(int) | void stmtexpr::g(int) |
| vla.c:5:9:5:14 | Uninitialized: definition of matrix | Instruction 'Uninitialized: definition of matrix' has no successors in function '$@'. | vla.c:3:5:3:8 | int main(int, char**) | int main(int, char**) |
| vla.c:11:6:11:16 | InitializeNonLocal: vla_typedef | Instruction 'InitializeNonLocal: vla_typedef' has no successors in function '$@'. | vla.c:11:6:11:16 | void vla_typedef() | void vla_typedef() |

180
cpp/ql/test/query-tests/AlertSuppression/AlertSuppression.expected
View File

@@ -1,58 +1,122 @@
| tst.c:1:12:1:18 | // lgtm | lgtm | lgtm | tst.c:1:1:1:18 | // lgtm |
| tst.c:2:1:2:30 | // lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:2:1:2:30 | // lgtm[js/debugger-statement] |
| tst.c:3:1:3:61 | // lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | tst.c:3:1:3:61 | // lgtm[js/debugger-statement, js/invocation-of-non-function] |
| tst.c:4:1:4:22 | // lgtm[@tag:nullness] | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tst.c:4:1:4:22 | // lgtm[@tag:nullness] |
| tst.c:5:1:5:44 | // lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | tst.c:5:1:5:44 | // lgtm[@tag:nullness,js/debugger-statement] |
| tst.c:6:1:6:28 | // lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | tst.c:6:1:6:28 | // lgtm[@expires:2017-06-11] |
| tst.c:7:1:7:70 | // lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] | tst.c:7:1:7:70 | // lgtm[js/invocation-of-non-function] because I know better than lgtm |
| tst.c:8:1:8:18 | // lgtm: blah blah | lgtm: blah blah | lgtm | tst.c:8:1:8:18 | // lgtm: blah blah |
| tst.c:9:1:9:32 | // lgtm blah blah #falsepositive | lgtm blah blah #falsepositive | lgtm | tst.c:9:1:9:32 | // lgtm blah blah #falsepositive |
| tst.c:10:1:10:39 | //lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | tst.c:10:1:10:39 | //lgtm [js/invocation-of-non-function] |
| tst.c:11:1:11:10 | /* lgtm */ | lgtm | lgtm | tst.c:11:1:11:10 | /* lgtm */ |
| tst.c:12:1:12:9 | // lgtm[] | lgtm[] | lgtm[] | tst.c:12:1:12:9 | // lgtm[] |
| tst.c:14:1:14:6 | //lgtm | lgtm | lgtm | tst.c:14:1:14:6 | //lgtm |
| tst.c:15:1:15:7 | //\tlgtm | \tlgtm | lgtm | tst.c:15:1:15:7 | //\tlgtm |
| tst.c:16:1:16:31 | // lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | tst.c:16:1:16:31 | // lgtm\t[js/debugger-statement] |
| tst.c:19:1:19:12 | // foo; lgtm | foo; lgtm | lgtm | tst.c:19:1:19:12 | // foo; lgtm |
| tst.c:20:1:20:35 | // foo; lgtm[js/debugger-statement] | foo; lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:20:1:20:35 | // foo; lgtm[js/debugger-statement] |
| tst.c:22:1:22:34 | // foo lgtm[js/debugger-statement] | foo lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:22:1:22:34 | // foo lgtm[js/debugger-statement] |
| tst.c:24:1:24:38 | // foo lgtm[js/debugger-statement] bar | foo lgtm[js/debugger-statement] bar | lgtm[js/debugger-statement] | tst.c:24:1:24:38 | // foo lgtm[js/debugger-statement] bar |
| tst.c:25:1:25:8 | // LGTM! | LGTM! | LGTM | tst.c:25:1:25:8 | // LGTM! |
| tst.c:26:1:26:30 | // LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | tst.c:26:1:26:30 | // LGTM[js/debugger-statement] |
| tst.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] | tst.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] |
| tst.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tst.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] |
| tst.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm | tst.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm |
| tst.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement] | tst.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm |
| tst.c:29:1:29:12 | /* lgtm[] */ | lgtm[] | lgtm[] | tst.c:29:1:29:12 | /* lgtm[] */ |
| tst.c:30:1:30:41 | /* lgtm[js/invocation-of-non-function] */ | lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tst.c:30:1:30:41 | /* lgtm[js/invocation-of-non-function] */ |
| tst.c:36:1:36:55 | /* lgtm[@tag:nullness,js/invocation-of-non-function] */ | lgtm[@tag:nullness,js/invocation-of-non-function] | lgtm[@tag:nullness,js/invocation-of-non-function] | tst.c:36:1:36:55 | /* lgtm[@tag:nullness,js/invocation-of-non-function] */ |
| tst.c:37:1:37:25 | /* lgtm[@tag:nullness] */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tst.c:37:1:37:25 | /* lgtm[@tag:nullness] */ |
| tstWindows.c:1:12:1:18 | // lgtm | lgtm | lgtm | tstWindows.c:1:1:1:18 | // lgtm |
| tstWindows.c:2:1:2:30 | // lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:2:1:2:30 | // lgtm[js/debugger-statement] |
| tstWindows.c:3:1:3:61 | // lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | tstWindows.c:3:1:3:61 | // lgtm[js/debugger-statement, js/invocation-of-non-function] |
| tstWindows.c:4:1:4:22 | // lgtm[@tag:nullness] | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tstWindows.c:4:1:4:22 | // lgtm[@tag:nullness] |
| tstWindows.c:5:1:5:44 | // lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | tstWindows.c:5:1:5:44 | // lgtm[@tag:nullness,js/debugger-statement] |
| tstWindows.c:6:1:6:28 | // lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | tstWindows.c:6:1:6:28 | // lgtm[@expires:2017-06-11] |
| tstWindows.c:7:1:7:70 | // lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] | tstWindows.c:7:1:7:70 | // lgtm[js/invocation-of-non-function] because I know better than lgtm |
| tstWindows.c:8:1:8:18 | // lgtm: blah blah | lgtm: blah blah | lgtm | tstWindows.c:8:1:8:18 | // lgtm: blah blah |
| tstWindows.c:9:1:9:32 | // lgtm blah blah #falsepositive | lgtm blah blah #falsepositive | lgtm | tstWindows.c:9:1:9:32 | // lgtm blah blah #falsepositive |
| tstWindows.c:10:1:10:39 | //lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | tstWindows.c:10:1:10:39 | //lgtm [js/invocation-of-non-function] |
| tstWindows.c:11:1:11:10 | /* lgtm */ | lgtm | lgtm | tstWindows.c:11:1:11:10 | /* lgtm */ |
| tstWindows.c:12:1:12:9 | // lgtm[] | lgtm[] | lgtm[] | tstWindows.c:12:1:12:9 | // lgtm[] |
| tstWindows.c:14:1:14:6 | //lgtm | lgtm | lgtm | tstWindows.c:14:1:14:6 | //lgtm |
| tstWindows.c:15:1:15:7 | //\tlgtm | \tlgtm | lgtm | tstWindows.c:15:1:15:7 | //\tlgtm |
| tstWindows.c:16:1:16:31 | // lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | tstWindows.c:16:1:16:31 | // lgtm\t[js/debugger-statement] |
| tstWindows.c:19:1:19:12 | // foo; lgtm | foo; lgtm | lgtm | tstWindows.c:19:1:19:12 | // foo; lgtm |
| tstWindows.c:20:1:20:35 | // foo; lgtm[js/debugger-statement] | foo; lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:20:1:20:35 | // foo; lgtm[js/debugger-statement] |
| tstWindows.c:22:1:22:34 | // foo lgtm[js/debugger-statement] | foo lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:22:1:22:34 | // foo lgtm[js/debugger-statement] |
| tstWindows.c:24:1:24:38 | // foo lgtm[js/debugger-statement] bar | foo lgtm[js/debugger-statement] bar | lgtm[js/debugger-statement] | tstWindows.c:24:1:24:38 | // foo lgtm[js/debugger-statement] bar |
| tstWindows.c:25:1:25:8 | // LGTM! | LGTM! | LGTM | tstWindows.c:25:1:25:8 | // LGTM! |
| tstWindows.c:26:1:26:30 | // LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | tstWindows.c:26:1:26:30 | // LGTM[js/debugger-statement] |
| tstWindows.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] | tstWindows.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] |
| tstWindows.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tstWindows.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] |
| tstWindows.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm | tstWindows.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm |
| tstWindows.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement] | tstWindows.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm |
| tstWindows.c:29:1:29:12 | /* lgtm[] */ | lgtm[] | lgtm[] | tstWindows.c:29:1:29:12 | /* lgtm[] */ |
| tstWindows.c:30:1:30:41 | /* lgtm[js/invocation-of-non-function] */ | lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tstWindows.c:30:1:30:41 | /* lgtm[js/invocation-of-non-function] */ |
| tstWindows.c:36:1:36:55 | /* lgtm[@tag:nullness,js/invocation-of-non-function] */ | lgtm[@tag:nullness,js/invocation-of-non-function] | lgtm[@tag:nullness,js/invocation-of-non-function] | tstWindows.c:36:1:36:55 | /* lgtm[@tag:nullness,js/invocation-of-non-function] */ |
| tstWindows.c:37:1:37:25 | /* lgtm[@tag:nullness] */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tstWindows.c:37:1:37:25 | /* lgtm[@tag:nullness] */ |
| tst.c:1:12:1:18 | // lgtm | lgtm | lgtm | tst.c:1:1:1:18 | suppression range |
| tst.c:2:1:2:30 | // lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:2:1:2:30 | suppression range |
| tst.c:2:1:2:30 | // lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:3:0:3:0 | suppression range |
| tst.c:3:1:3:61 | // lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | tst.c:3:1:3:61 | suppression range |
| tst.c:3:1:3:61 | // lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | tst.c:4:0:4:0 | suppression range |
| tst.c:4:1:4:22 | // lgtm[@tag:nullness] | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tst.c:4:1:4:22 | suppression range |
| tst.c:4:1:4:22 | // lgtm[@tag:nullness] | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tst.c:5:0:5:0 | suppression range |
| tst.c:5:1:5:44 | // lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | tst.c:5:1:5:44 | suppression range |
| tst.c:5:1:5:44 | // lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | tst.c:6:0:6:0 | suppression range |
| tst.c:6:1:6:28 | // lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | tst.c:6:1:6:28 | suppression range |
| tst.c:6:1:6:28 | // lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | tst.c:7:0:7:0 | suppression range |
| tst.c:7:1:7:70 | // lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] | tst.c:7:1:7:70 | suppression range |
| tst.c:7:1:7:70 | // lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] | tst.c:8:0:8:0 | suppression range |
| tst.c:8:1:8:18 | // lgtm: blah blah | lgtm: blah blah | lgtm | tst.c:8:1:8:18 | suppression range |
| tst.c:8:1:8:18 | // lgtm: blah blah | lgtm: blah blah | lgtm | tst.c:9:0:9:0 | suppression range |
| tst.c:9:1:9:32 | // lgtm blah blah #falsepositive | lgtm blah blah #falsepositive | lgtm | tst.c:9:1:9:32 | suppression range |
| tst.c:9:1:9:32 | // lgtm blah blah #falsepositive | lgtm blah blah #falsepositive | lgtm | tst.c:10:0:10:0 | suppression range |
| tst.c:10:1:10:39 | //lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | tst.c:10:1:10:39 | suppression range |
| tst.c:10:1:10:39 | //lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | tst.c:11:0:11:0 | suppression range |
| tst.c:11:1:11:10 | /* lgtm */ | lgtm | lgtm | tst.c:11:1:11:10 | suppression range |
| tst.c:11:1:11:10 | /* lgtm */ | lgtm | lgtm | tst.c:12:0:12:0 | suppression range |
| tst.c:12:1:12:9 | // lgtm[] | lgtm[] | lgtm[] | tst.c:12:1:12:9 | suppression range |
| tst.c:12:1:12:9 | // lgtm[] | lgtm[] | lgtm[] | tst.c:13:0:13:0 | suppression range |
| tst.c:14:1:14:6 | //lgtm | lgtm | lgtm | tst.c:14:1:14:6 | suppression range |
| tst.c:14:1:14:6 | //lgtm | lgtm | lgtm | tst.c:15:0:15:0 | suppression range |
| tst.c:15:1:15:7 | //\tlgtm | \tlgtm | lgtm | tst.c:15:1:15:7 | suppression range |
| tst.c:15:1:15:7 | //\tlgtm | \tlgtm | lgtm | tst.c:16:0:16:0 | suppression range |
| tst.c:16:1:16:31 | // lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | tst.c:16:1:16:31 | suppression range |
| tst.c:16:1:16:31 | // lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | tst.c:17:0:17:0 | suppression range |
| tst.c:19:1:19:12 | // foo; lgtm | foo; lgtm | lgtm | tst.c:19:1:19:12 | suppression range |
| tst.c:19:1:19:12 | // foo; lgtm | foo; lgtm | lgtm | tst.c:20:0:20:0 | suppression range |
| tst.c:20:1:20:35 | // foo; lgtm[js/debugger-statement] | foo; lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:20:1:20:35 | suppression range |
| tst.c:20:1:20:35 | // foo; lgtm[js/debugger-statement] | foo; lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:21:0:21:0 | suppression range |
| tst.c:22:1:22:34 | // foo lgtm[js/debugger-statement] | foo lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:22:1:22:34 | suppression range |
| tst.c:22:1:22:34 | // foo lgtm[js/debugger-statement] | foo lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:23:0:23:0 | suppression range |
| tst.c:24:1:24:38 | // foo lgtm[js/debugger-statement] bar | foo lgtm[js/debugger-statement] bar | lgtm[js/debugger-statement] | tst.c:24:1:24:38 | suppression range |
| tst.c:24:1:24:38 | // foo lgtm[js/debugger-statement] bar | foo lgtm[js/debugger-statement] bar | lgtm[js/debugger-statement] | tst.c:25:0:25:0 | suppression range |
| tst.c:25:1:25:8 | // LGTM! | LGTM! | LGTM | tst.c:25:1:25:8 | suppression range |
| tst.c:25:1:25:8 | // LGTM! | LGTM! | LGTM | tst.c:26:0:26:0 | suppression range |
| tst.c:26:1:26:30 | // LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | tst.c:26:1:26:30 | suppression range |
| tst.c:26:1:26:30 | // LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | tst.c:27:0:27:0 | suppression range |
| tst.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] | tst.c:27:1:27:70 | suppression range |
| tst.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] | tst.c:28:0:28:0 | suppression range |
| tst.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tst.c:27:1:27:70 | suppression range |
| tst.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tst.c:28:0:28:0 | suppression range |
| tst.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm | tst.c:28:1:28:36 | suppression range |
| tst.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm | tst.c:29:0:29:0 | suppression range |
| tst.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement] | tst.c:28:1:28:36 | suppression range |
| tst.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement] | tst.c:29:0:29:0 | suppression range |
| tst.c:29:1:29:12 | /* lgtm[] */ | lgtm[] | lgtm[] | tst.c:29:1:29:12 | suppression range |
| tst.c:29:1:29:12 | /* lgtm[] */ | lgtm[] | lgtm[] | tst.c:30:0:30:0 | suppression range |
| tst.c:30:1:30:41 | /* lgtm[js/invocation-of-non-function] */ | lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tst.c:30:1:30:41 | suppression range |
| tst.c:30:1:30:41 | /* lgtm[js/invocation-of-non-function] */ | lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tst.c:31:0:31:0 | suppression range |
| tst.c:36:1:36:55 | /* lgtm[@tag:nullness,js/invocation-of-non-function] */ | lgtm[@tag:nullness,js/invocation-of-non-function] | lgtm[@tag:nullness,js/invocation-of-non-function] | tst.c:36:1:36:55 | suppression range |
| tst.c:36:1:36:55 | /* lgtm[@tag:nullness,js/invocation-of-non-function] */ | lgtm[@tag:nullness,js/invocation-of-non-function] | lgtm[@tag:nullness,js/invocation-of-non-function] | tst.c:37:0:37:0 | suppression range |
| tst.c:37:1:37:25 | /* lgtm[@tag:nullness] */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tst.c:37:1:37:25 | suppression range |
| tst.c:37:1:37:25 | /* lgtm[@tag:nullness] */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tst.c:38:0:38:0 | suppression range |
| tst.c:38:1:38:32 | // codeql[js/debugger-statement] | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:39:0:39:0 | suppression range |
| tst.c:39:1:39:32 | // CODEQL[js/debugger-statement] | CODEQL[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:40:0:40:0 | suppression range |
| tst.c:40:1:40:69 | // codeql[js/debugger-statement] -- because I know better than codeql | codeql[js/debugger-statement] -- because I know better than codeql | lgtm[js/debugger-statement] | tst.c:41:0:41:0 | suppression range |
| tst.c:41:1:41:35 | /* codeql[js/debugger-statement] */ | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | tst.c:42:0:42:0 | suppression range |
| tstWindows.c:1:12:1:18 | // lgtm | lgtm | lgtm | tstWindows.c:1:1:1:18 | suppression range |
| tstWindows.c:2:1:2:30 | // lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:2:1:2:30 | suppression range |
| tstWindows.c:2:1:2:30 | // lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:3:0:3:0 | suppression range |
| tstWindows.c:3:1:3:61 | // lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | tstWindows.c:3:1:3:61 | suppression range |
| tstWindows.c:3:1:3:61 | // lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | lgtm[js/debugger-statement, js/invocation-of-non-function] | tstWindows.c:4:0:4:0 | suppression range |
| tstWindows.c:4:1:4:22 | // lgtm[@tag:nullness] | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tstWindows.c:4:1:4:22 | suppression range |
| tstWindows.c:4:1:4:22 | // lgtm[@tag:nullness] | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tstWindows.c:5:0:5:0 | suppression range |
| tstWindows.c:5:1:5:44 | // lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | tstWindows.c:5:1:5:44 | suppression range |
| tstWindows.c:5:1:5:44 | // lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | lgtm[@tag:nullness,js/debugger-statement] | tstWindows.c:6:0:6:0 | suppression range |
| tstWindows.c:6:1:6:28 | // lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | tstWindows.c:6:1:6:28 | suppression range |
| tstWindows.c:6:1:6:28 | // lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | tstWindows.c:7:0:7:0 | suppression range |
| tstWindows.c:7:1:7:70 | // lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] | tstWindows.c:7:1:7:70 | suppression range |
| tstWindows.c:7:1:7:70 | // lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] because I know better than lgtm | lgtm[js/invocation-of-non-function] | tstWindows.c:8:0:8:0 | suppression range |
| tstWindows.c:8:1:8:18 | // lgtm: blah blah | lgtm: blah blah | lgtm | tstWindows.c:8:1:8:18 | suppression range |
| tstWindows.c:8:1:8:18 | // lgtm: blah blah | lgtm: blah blah | lgtm | tstWindows.c:9:0:9:0 | suppression range |
| tstWindows.c:9:1:9:32 | // lgtm blah blah #falsepositive | lgtm blah blah #falsepositive | lgtm | tstWindows.c:9:1:9:32 | suppression range |
| tstWindows.c:9:1:9:32 | // lgtm blah blah #falsepositive | lgtm blah blah #falsepositive | lgtm | tstWindows.c:10:0:10:0 | suppression range |
| tstWindows.c:10:1:10:39 | //lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | tstWindows.c:10:1:10:39 | suppression range |
| tstWindows.c:10:1:10:39 | //lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | lgtm [js/invocation-of-non-function] | tstWindows.c:11:0:11:0 | suppression range |
| tstWindows.c:11:1:11:10 | /* lgtm */ | lgtm | lgtm | tstWindows.c:11:1:11:10 | suppression range |
| tstWindows.c:11:1:11:10 | /* lgtm */ | lgtm | lgtm | tstWindows.c:12:0:12:0 | suppression range |
| tstWindows.c:12:1:12:9 | // lgtm[] | lgtm[] | lgtm[] | tstWindows.c:12:1:12:9 | suppression range |
| tstWindows.c:12:1:12:9 | // lgtm[] | lgtm[] | lgtm[] | tstWindows.c:13:0:13:0 | suppression range |
| tstWindows.c:14:1:14:6 | //lgtm | lgtm | lgtm | tstWindows.c:14:1:14:6 | suppression range |
| tstWindows.c:14:1:14:6 | //lgtm | lgtm | lgtm | tstWindows.c:15:0:15:0 | suppression range |
| tstWindows.c:15:1:15:7 | //\tlgtm | \tlgtm | lgtm | tstWindows.c:15:1:15:7 | suppression range |
| tstWindows.c:15:1:15:7 | //\tlgtm | \tlgtm | lgtm | tstWindows.c:16:0:16:0 | suppression range |
| tstWindows.c:16:1:16:31 | // lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | tstWindows.c:16:1:16:31 | suppression range |
| tstWindows.c:16:1:16:31 | // lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | lgtm\t[js/debugger-statement] | tstWindows.c:17:0:17:0 | suppression range |
| tstWindows.c:19:1:19:12 | // foo; lgtm | foo; lgtm | lgtm | tstWindows.c:19:1:19:12 | suppression range |
| tstWindows.c:19:1:19:12 | // foo; lgtm | foo; lgtm | lgtm | tstWindows.c:20:0:20:0 | suppression range |
| tstWindows.c:20:1:20:35 | // foo; lgtm[js/debugger-statement] | foo; lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:20:1:20:35 | suppression range |
| tstWindows.c:20:1:20:35 | // foo; lgtm[js/debugger-statement] | foo; lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:21:0:21:0 | suppression range |
| tstWindows.c:22:1:22:34 | // foo lgtm[js/debugger-statement] | foo lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:22:1:22:34 | suppression range |
| tstWindows.c:22:1:22:34 | // foo lgtm[js/debugger-statement] | foo lgtm[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:23:0:23:0 | suppression range |
| tstWindows.c:24:1:24:38 | // foo lgtm[js/debugger-statement] bar | foo lgtm[js/debugger-statement] bar | lgtm[js/debugger-statement] | tstWindows.c:24:1:24:38 | suppression range |
| tstWindows.c:24:1:24:38 | // foo lgtm[js/debugger-statement] bar | foo lgtm[js/debugger-statement] bar | lgtm[js/debugger-statement] | tstWindows.c:25:0:25:0 | suppression range |
| tstWindows.c:25:1:25:8 | // LGTM! | LGTM! | LGTM | tstWindows.c:25:1:25:8 | suppression range |
| tstWindows.c:25:1:25:8 | // LGTM! | LGTM! | LGTM | tstWindows.c:26:0:26:0 | suppression range |
| tstWindows.c:26:1:26:30 | // LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | tstWindows.c:26:1:26:30 | suppression range |
| tstWindows.c:26:1:26:30 | // LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | LGTM[js/debugger-statement] | tstWindows.c:27:0:27:0 | suppression range |
| tstWindows.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] | tstWindows.c:27:1:27:70 | suppression range |
| tstWindows.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] | tstWindows.c:28:0:28:0 | suppression range |
| tstWindows.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tstWindows.c:27:1:27:70 | suppression range |
| tstWindows.c:27:1:27:70 | // lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/debugger-statement] and lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tstWindows.c:28:0:28:0 | suppression range |
| tstWindows.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm | tstWindows.c:28:1:28:36 | suppression range |
| tstWindows.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm | tstWindows.c:29:0:29:0 | suppression range |
| tstWindows.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement] | tstWindows.c:28:1:28:36 | suppression range |
| tstWindows.c:28:1:28:36 | // lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement]; lgtm | lgtm[js/debugger-statement] | tstWindows.c:29:0:29:0 | suppression range |
| tstWindows.c:29:1:29:12 | /* lgtm[] */ | lgtm[] | lgtm[] | tstWindows.c:29:1:29:12 | suppression range |
| tstWindows.c:29:1:29:12 | /* lgtm[] */ | lgtm[] | lgtm[] | tstWindows.c:30:0:30:0 | suppression range |
| tstWindows.c:30:1:30:41 | /* lgtm[js/invocation-of-non-function] */ | lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tstWindows.c:30:1:30:41 | suppression range |
| tstWindows.c:30:1:30:41 | /* lgtm[js/invocation-of-non-function] */ | lgtm[js/invocation-of-non-function] | lgtm[js/invocation-of-non-function] | tstWindows.c:31:0:31:0 | suppression range |
| tstWindows.c:36:1:36:55 | /* lgtm[@tag:nullness,js/invocation-of-non-function] */ | lgtm[@tag:nullness,js/invocation-of-non-function] | lgtm[@tag:nullness,js/invocation-of-non-function] | tstWindows.c:36:1:36:55 | suppression range |
| tstWindows.c:36:1:36:55 | /* lgtm[@tag:nullness,js/invocation-of-non-function] */ | lgtm[@tag:nullness,js/invocation-of-non-function] | lgtm[@tag:nullness,js/invocation-of-non-function] | tstWindows.c:37:0:37:0 | suppression range |
| tstWindows.c:37:1:37:25 | /* lgtm[@tag:nullness] */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tstWindows.c:37:1:37:25 | suppression range |
| tstWindows.c:37:1:37:25 | /* lgtm[@tag:nullness] */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | tstWindows.c:38:0:38:0 | suppression range |
| tstWindows.c:38:1:38:32 | // codeql[js/debugger-statement] | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:39:0:39:0 | suppression range |
| tstWindows.c:39:1:39:32 | // CODEQL[js/debugger-statement] | CODEQL[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:40:0:40:0 | suppression range |
| tstWindows.c:40:1:40:69 | // codeql[js/debugger-statement] -- because I know better than codeql | codeql[js/debugger-statement] -- because I know better than codeql | lgtm[js/debugger-statement] | tstWindows.c:41:0:41:0 | suppression range |
| tstWindows.c:41:1:41:35 | /* codeql[js/debugger-statement] */ | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | tstWindows.c:42:0:42:0 | suppression range |

9
cpp/ql/test/query-tests/AlertSuppression/tst.c
View File

@@ -34,4 +34,11 @@ int x = 0; // lgtm
*/
/* lgtm[@tag:nullness,js/invocation-of-non-function] */
/* lgtm[@tag:nullness] */
/* lgtm[@tag:nullness] */
// codeql[js/debugger-statement]
// CODEQL[js/debugger-statement]
// codeql[js/debugger-statement] -- because I know better than codeql
/* codeql[js/debugger-statement] */
/* codeql[js/debugger-statement]
*/
int y; // codeql[js/debugger-statement]

9
cpp/ql/test/query-tests/AlertSuppression/tstWindows.c
View File

@@ -34,4 +34,11 @@ int x = 0; // lgtm
*/
/* lgtm[@tag:nullness,js/invocation-of-non-function] */
/* lgtm[@tag:nullness] */
/* lgtm[@tag:nullness] */
// codeql[js/debugger-statement]
// CODEQL[js/debugger-statement]
// codeql[js/debugger-statement] -- because I know better than codeql
/* codeql[js/debugger-statement] */
/* codeql[js/debugger-statement]
*/
int y; // codeql[js/debugger-statement]

11
cpp/ql/test/query-tests/Security/CWE/CWE-022/semmle/tests/TaintedPath.expected
View File

@@ -1,12 +1,11 @@
edges
| test.c:9:23:9:26 | argv | test.c:17:11:17:18 | fileName indirection |
| test.c:31:22:31:25 | argv | test.c:32:11:32:18 | fileName indirection |
| test.c:8:27:8:30 | argv | test.c:17:11:17:18 | fileName indirection |
| test.c:8:27:8:30 | argv | test.c:32:11:32:18 | fileName indirection |
| test.c:37:17:37:24 | scanf output argument | test.c:38:11:38:18 | fileName indirection |
| test.c:43:17:43:24 | scanf output argument | test.c:44:11:44:18 | fileName indirection |
nodes
| test.c:9:23:9:26 | argv | semmle.label | argv |
| test.c:8:27:8:30 | argv | semmle.label | argv |
| test.c:17:11:17:18 | fileName indirection | semmle.label | fileName indirection |
| test.c:31:22:31:25 | argv | semmle.label | argv |
| test.c:32:11:32:18 | fileName indirection | semmle.label | fileName indirection |
| test.c:37:17:37:24 | scanf output argument | semmle.label | scanf output argument |
| test.c:38:11:38:18 | fileName indirection | semmle.label | fileName indirection |
@@ -14,7 +13,7 @@ nodes
| test.c:44:11:44:18 | fileName indirection | semmle.label | fileName indirection |
subpaths
#select
| test.c:17:11:17:18 | fileName | test.c:9:23:9:26 | argv | test.c:17:11:17:18 | fileName indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:9:23:9:26 | argv | user input (a command-line argument) |
| test.c:32:11:32:18 | fileName | test.c:31:22:31:25 | argv | test.c:32:11:32:18 | fileName indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:31:22:31:25 | argv | user input (a command-line argument) |
| test.c:17:11:17:18 | fileName | test.c:8:27:8:30 | argv | test.c:17:11:17:18 | fileName indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:8:27:8:30 | argv | user input (a command-line argument) |
| test.c:32:11:32:18 | fileName | test.c:8:27:8:30 | argv | test.c:32:11:32:18 | fileName indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:8:27:8:30 | argv | user input (a command-line argument) |
| test.c:38:11:38:18 | fileName | test.c:37:17:37:24 | scanf output argument | test.c:38:11:38:18 | fileName indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:37:17:37:24 | scanf output argument | user input (value read by scanf) |
| test.c:44:11:44:18 | fileName | test.c:43:17:43:24 | scanf output argument | test.c:44:11:44:18 | fileName indirection | This argument to a file access function is derived from $@ and then passed to fopen(filename). | test.c:43:17:43:24 | scanf output argument | user input (value read by scanf) |

6
cpp/ql/test/query-tests/Security/CWE/CWE-078/semmle/ExecTainted/ExecTainted.expected
View File

@@ -1,5 +1,5 @@
edges
| test.cpp:16:20:16:23 | argv | test.cpp:22:45:22:52 | userName indirection |
| test.cpp:15:27:15:30 | argv | test.cpp:22:45:22:52 | userName indirection |
| test.cpp:22:13:22:20 | sprintf output argument | test.cpp:23:12:23:19 | command1 indirection |
| test.cpp:22:45:22:52 | userName indirection | test.cpp:22:13:22:20 | sprintf output argument |
| test.cpp:47:21:47:26 | call to getenv | test.cpp:50:35:50:43 | envCflags indirection |
@@ -74,7 +74,7 @@ edges
| test.cpp:220:19:220:26 | filename indirection | test.cpp:220:10:220:16 | strncat output argument |
| test.cpp:220:19:220:26 | filename indirection | test.cpp:220:10:220:16 | strncat output argument |
nodes
| test.cpp:16:20:16:23 | argv | semmle.label | argv |
| test.cpp:15:27:15:30 | argv | semmle.label | argv |
| test.cpp:22:13:22:20 | sprintf output argument | semmle.label | sprintf output argument |
| test.cpp:22:45:22:52 | userName indirection | semmle.label | userName indirection |
| test.cpp:23:12:23:19 | command1 indirection | semmle.label | command1 indirection |
@@ -161,7 +161,7 @@ subpaths
| test.cpp:196:26:196:33 | filename indirection | test.cpp:186:47:186:54 | *filename | test.cpp:188:11:188:17 | command [post update] | test.cpp:196:10:196:16 | command [post update] |
| test.cpp:196:26:196:33 | filename indirection | test.cpp:186:47:186:54 | *filename | test.cpp:188:11:188:17 | command [post update] | test.cpp:196:10:196:16 | command [post update] |
#select
| test.cpp:23:12:23:19 | command1 | test.cpp:16:20:16:23 | argv | test.cpp:23:12:23:19 | command1 indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:16:20:16:23 | argv | user input (a command-line argument) | test.cpp:22:13:22:20 | sprintf output argument | sprintf output argument |
| test.cpp:23:12:23:19 | command1 | test.cpp:15:27:15:30 | argv | test.cpp:23:12:23:19 | command1 indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:15:27:15:30 | argv | user input (a command-line argument) | test.cpp:22:13:22:20 | sprintf output argument | sprintf output argument |
| test.cpp:51:10:51:16 | command | test.cpp:47:21:47:26 | call to getenv | test.cpp:51:10:51:16 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:47:21:47:26 | call to getenv | user input (an environment variable) | test.cpp:50:11:50:17 | sprintf output argument | sprintf output argument |
| test.cpp:65:10:65:16 | command | test.cpp:62:9:62:16 | fread output argument | test.cpp:65:10:65:16 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to system(string). | test.cpp:62:9:62:16 | fread output argument | user input (string read by fread) | test.cpp:64:11:64:17 | strncat output argument | strncat output argument |
| test.cpp:85:32:85:38 | command | test.cpp:82:9:82:16 | fread output argument | test.cpp:85:32:85:38 | command indirection | This argument to an OS command is derived from $@, dangerously concatenated into $@, and then passed to execl. | test.cpp:82:9:82:16 | fread output argument | user input (string read by fread) | test.cpp:84:11:84:17 | strncat output argument | strncat output argument |

15
cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/OverflowDestination.expected
View File

@@ -1,5 +1,10 @@
edges
| overflowdestination.cpp:27:9:27:12 | argv | overflowdestination.cpp:30:17:30:20 | (const char *)... |
| main.cpp:6:27:6:30 | argv | main.cpp:7:33:7:36 | argv |
| main.cpp:6:27:6:30 | argv | main.cpp:7:33:7:36 | argv indirection |
| main.cpp:7:33:7:36 | argv | overflowdestination.cpp:23:45:23:48 | argv |
| main.cpp:7:33:7:36 | argv indirection | overflowdestination.cpp:23:45:23:48 | *argv |
| overflowdestination.cpp:23:45:23:48 | *argv | overflowdestination.cpp:30:17:30:20 | (const char *)... |
| overflowdestination.cpp:23:45:23:48 | argv | overflowdestination.cpp:30:17:30:20 | (const char *)... |
| overflowdestination.cpp:43:8:43:10 | fgets output argument | overflowdestination.cpp:46:15:46:17 | (const void *)... |
| overflowdestination.cpp:50:52:50:54 | *src | overflowdestination.cpp:50:52:50:54 | ReturnIndirection |
| overflowdestination.cpp:50:52:50:54 | src | overflowdestination.cpp:53:15:53:17 | (const void *)... |
@@ -17,7 +22,11 @@ edges
| overflowdestination.cpp:76:30:76:32 | src | overflowdestination.cpp:57:52:57:54 | src |
| overflowdestination.cpp:76:30:76:32 | src indirection | overflowdestination.cpp:57:52:57:54 | *src |
nodes
| overflowdestination.cpp:27:9:27:12 | argv | semmle.label | argv |
| main.cpp:6:27:6:30 | argv | semmle.label | argv |
| main.cpp:7:33:7:36 | argv | semmle.label | argv |
| main.cpp:7:33:7:36 | argv indirection | semmle.label | argv indirection |
| overflowdestination.cpp:23:45:23:48 | *argv | semmle.label | *argv |
| overflowdestination.cpp:23:45:23:48 | argv | semmle.label | argv |
| overflowdestination.cpp:30:17:30:20 | (const char *)... | semmle.label | (const char *)... |
| overflowdestination.cpp:43:8:43:10 | fgets output argument | semmle.label | fgets output argument |
| overflowdestination.cpp:46:15:46:17 | (const void *)... | semmle.label | (const void *)... |
@@ -37,7 +46,7 @@ nodes
subpaths
| overflowdestination.cpp:75:30:75:32 | src indirection | overflowdestination.cpp:50:52:50:54 | *src | overflowdestination.cpp:50:52:50:54 | ReturnIndirection | overflowdestination.cpp:75:30:75:32 | overflowdest_test2 output argument |
#select
| overflowdestination.cpp:30:2:30:8 | call to strncpy | overflowdestination.cpp:27:9:27:12 | argv | overflowdestination.cpp:30:17:30:20 | (const char *)... | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. |
| overflowdestination.cpp:30:2:30:8 | call to strncpy | main.cpp:6:27:6:30 | argv | overflowdestination.cpp:30:17:30:20 | (const char *)... | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. |
| overflowdestination.cpp:46:2:46:7 | call to memcpy | overflowdestination.cpp:43:8:43:10 | fgets output argument | overflowdestination.cpp:46:15:46:17 | (const void *)... | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. |
| overflowdestination.cpp:53:2:53:7 | call to memcpy | overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:53:15:53:17 | (const void *)... | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. |
| overflowdestination.cpp:64:2:64:7 | call to memcpy | overflowdestination.cpp:73:8:73:10 | fgets output argument | overflowdestination.cpp:64:16:64:19 | (const void *)... | To avoid overflow, this operation should be bounded by destination-buffer size, not source-buffer size. |

12
cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/main.cpp Normal file
View File

@@ -0,0 +1,12 @@
int overflowdesination_main(int argc, char **argv);
int test_buffer_overrun_main(int argc, char **argv);
int tests_restrict_main(int argc, char **argv);
int tests_main(int argc, char **argv);
int main(int argc, char **argv) {
overflowdesination_main(argc, argv);
test_buffer_overrun_main(argc, argv);
tests_restrict_main(argc, argv);
tests_main(argc, argv);
return 0;
}

2
cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/overflowdestination.cpp
View File

@@ -20,7 +20,7 @@ inline size_t min(size_t a, size_t b) {
}
}
int main(int argc, char* argv[]) {
int overflowdesination_main(int argc, char* argv[]) {
char param[20];
char *arg1;

2
cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/test_buffer_overrun.cpp
View File

@@ -29,7 +29,7 @@ void test_buffer_overrun_in_while_loop_using_array_indexing()
}
}
int main(int argc, char *argv[])
int test_buffer_overrun_main(int argc, char *argv[])
{
test_buffer_overrun_in_for_loop();
test_buffer_overrun_in_while_loop_using_pointer_arithmetic();

2
cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/tests.cpp
View File

@@ -603,7 +603,7 @@ void test22(bool b, const char* source) {
memcpy(dest, source, n); // GOOD
}
int main(int argc, char *argv[])
int tests_main(int argc, char *argv[])
{
long long arr17[19];

2
cpp/ql/test/query-tests/Security/CWE/CWE-119/semmle/tests/tests_restrict.c
View File

@@ -12,7 +12,7 @@ void test1()
memcpy(largebuf, smallbuf, 2); // BAD: source over-read
}
int main(int argc, char *argv[])
int tests_restrict_main(int argc, char *argv[])
{
test1();

14
cpp/ql/test/query-tests/Security/CWE/CWE-129/semmle/ImproperArrayIndexValidation/ImproperArrayIndexValidation.expected
View File

@@ -1,7 +1,7 @@
edges
| test1.c:8:16:8:19 | argv | test1.c:9:9:9:9 | i |
| test1.c:8:16:8:19 | argv | test1.c:11:9:11:9 | i |
| test1.c:8:16:8:19 | argv | test1.c:13:9:13:9 | i |
| test1.c:7:26:7:29 | argv | test1.c:9:9:9:9 | i |
| test1.c:7:26:7:29 | argv | test1.c:11:9:11:9 | i |
| test1.c:7:26:7:29 | argv | test1.c:13:9:13:9 | i |
| test1.c:9:9:9:9 | i | test1.c:16:16:16:16 | i |
| test1.c:11:9:11:9 | i | test1.c:32:16:32:16 | i |
| test1.c:13:9:13:9 | i | test1.c:48:16:48:16 | i |
@@ -9,7 +9,7 @@ edges
| test1.c:32:16:32:16 | i | test1.c:33:11:33:11 | i |
| test1.c:48:16:48:16 | i | test1.c:53:15:53:15 | j |
nodes
| test1.c:8:16:8:19 | argv | semmle.label | argv |
| test1.c:7:26:7:29 | argv | semmle.label | argv |
| test1.c:9:9:9:9 | i | semmle.label | i |
| test1.c:11:9:11:9 | i | semmle.label | i |
| test1.c:13:9:13:9 | i | semmle.label | i |
@@ -21,6 +21,6 @@ nodes
| test1.c:53:15:53:15 | j | semmle.label | j |
subpaths
#select
| test1.c:18:16:18:16 | i | test1.c:8:16:8:19 | argv | test1.c:18:16:18:16 | i | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:8:16:8:19 | argv | a command-line argument |
| test1.c:33:11:33:11 | i | test1.c:8:16:8:19 | argv | test1.c:33:11:33:11 | i | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:8:16:8:19 | argv | a command-line argument |
| test1.c:53:15:53:15 | j | test1.c:8:16:8:19 | argv | test1.c:53:15:53:15 | j | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:8:16:8:19 | argv | a command-line argument |
| test1.c:18:16:18:16 | i | test1.c:7:26:7:29 | argv | test1.c:18:16:18:16 | i | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:7:26:7:29 | argv | a command-line argument |
| test1.c:33:11:33:11 | i | test1.c:7:26:7:29 | argv | test1.c:33:11:33:11 | i | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:7:26:7:29 | argv | a command-line argument |
| test1.c:53:15:53:15 | j | test1.c:7:26:7:29 | argv | test1.c:53:15:53:15 | j | An array indexing expression depends on $@ that might be outside the bounds of the array. | test1.c:7:26:7:29 | argv | a command-line argument |

26
cpp/ql/test/query-tests/Security/CWE/CWE-190/semmle/TaintedAllocationSize/TaintedAllocationSize.expected
View File

@@ -1,10 +1,10 @@
edges
| test.cpp:40:21:40:24 | argv | test.cpp:43:38:43:44 | tainted |
| test.cpp:40:21:40:24 | argv | test.cpp:44:38:44:63 | ... * ... |
| test.cpp:40:21:40:24 | argv | test.cpp:46:38:46:63 | ... + ... |
| test.cpp:40:21:40:24 | argv | test.cpp:49:32:49:35 | size |
| test.cpp:40:21:40:24 | argv | test.cpp:50:26:50:29 | size |
| test.cpp:40:21:40:24 | argv | test.cpp:53:35:53:60 | ... * ... |
| test.cpp:39:27:39:30 | argv | test.cpp:43:38:43:44 | tainted |
| test.cpp:39:27:39:30 | argv | test.cpp:44:38:44:63 | ... * ... |
| test.cpp:39:27:39:30 | argv | test.cpp:46:38:46:63 | ... + ... |
| test.cpp:39:27:39:30 | argv | test.cpp:49:32:49:35 | size |
| test.cpp:39:27:39:30 | argv | test.cpp:50:26:50:29 | size |
| test.cpp:39:27:39:30 | argv | test.cpp:53:35:53:60 | ... * ... |
| test.cpp:124:18:124:23 | call to getenv | test.cpp:128:24:128:41 | ... * ... |
| test.cpp:133:19:133:24 | call to getenv | test.cpp:135:10:135:27 | ... * ... |
| test.cpp:148:20:148:25 | call to getenv | test.cpp:152:11:152:28 | ... * ... |
@@ -26,7 +26,7 @@ edges
| test.cpp:289:17:289:20 | size [post update] | test.cpp:291:11:291:28 | ... * ... |
| test.cpp:305:18:305:21 | size [post update] | test.cpp:308:10:308:27 | ... * ... |
nodes
| test.cpp:40:21:40:24 | argv | semmle.label | argv |
| test.cpp:39:27:39:30 | argv | semmle.label | argv |
| test.cpp:43:38:43:44 | tainted | semmle.label | tainted |
| test.cpp:44:38:44:63 | ... * ... | semmle.label | ... * ... |
| test.cpp:46:38:46:63 | ... + ... | semmle.label | ... + ... |
@@ -60,12 +60,12 @@ nodes
| test.cpp:308:10:308:27 | ... * ... | semmle.label | ... * ... |
subpaths
#select
| test.cpp:43:31:43:36 | call to malloc | test.cpp:40:21:40:24 | argv | test.cpp:43:38:43:44 | tainted | This allocation size is derived from $@ and might overflow. | test.cpp:40:21:40:24 | argv | user input (a command-line argument) |
| test.cpp:44:31:44:36 | call to malloc | test.cpp:40:21:40:24 | argv | test.cpp:44:38:44:63 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:40:21:40:24 | argv | user input (a command-line argument) |
| test.cpp:46:31:46:36 | call to malloc | test.cpp:40:21:40:24 | argv | test.cpp:46:38:46:63 | ... + ... | This allocation size is derived from $@ and might overflow. | test.cpp:40:21:40:24 | argv | user input (a command-line argument) |
| test.cpp:49:25:49:30 | call to malloc | test.cpp:40:21:40:24 | argv | test.cpp:49:32:49:35 | size | This allocation size is derived from $@ and might overflow. | test.cpp:40:21:40:24 | argv | user input (a command-line argument) |
| test.cpp:50:17:50:30 | new[] | test.cpp:40:21:40:24 | argv | test.cpp:50:26:50:29 | size | This allocation size is derived from $@ and might overflow. | test.cpp:40:21:40:24 | argv | user input (a command-line argument) |
| test.cpp:53:21:53:27 | call to realloc | test.cpp:40:21:40:24 | argv | test.cpp:53:35:53:60 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:40:21:40:24 | argv | user input (a command-line argument) |
| test.cpp:43:31:43:36 | call to malloc | test.cpp:39:27:39:30 | argv | test.cpp:43:38:43:44 | tainted | This allocation size is derived from $@ and might overflow. | test.cpp:39:27:39:30 | argv | user input (a command-line argument) |
| test.cpp:44:31:44:36 | call to malloc | test.cpp:39:27:39:30 | argv | test.cpp:44:38:44:63 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:39:27:39:30 | argv | user input (a command-line argument) |
| test.cpp:46:31:46:36 | call to malloc | test.cpp:39:27:39:30 | argv | test.cpp:46:38:46:63 | ... + ... | This allocation size is derived from $@ and might overflow. | test.cpp:39:27:39:30 | argv | user input (a command-line argument) |
| test.cpp:49:25:49:30 | call to malloc | test.cpp:39:27:39:30 | argv | test.cpp:49:32:49:35 | size | This allocation size is derived from $@ and might overflow. | test.cpp:39:27:39:30 | argv | user input (a command-line argument) |
| test.cpp:50:17:50:30 | new[] | test.cpp:39:27:39:30 | argv | test.cpp:50:26:50:29 | size | This allocation size is derived from $@ and might overflow. | test.cpp:39:27:39:30 | argv | user input (a command-line argument) |
| test.cpp:53:21:53:27 | call to realloc | test.cpp:39:27:39:30 | argv | test.cpp:53:35:53:60 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:39:27:39:30 | argv | user input (a command-line argument) |
| test.cpp:128:17:128:22 | call to malloc | test.cpp:124:18:124:23 | call to getenv | test.cpp:128:24:128:41 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:124:18:124:23 | call to getenv | user input (an environment variable) |
| test.cpp:135:3:135:8 | call to malloc | test.cpp:133:19:133:24 | call to getenv | test.cpp:135:10:135:27 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:133:19:133:24 | call to getenv | user input (an environment variable) |
| test.cpp:152:4:152:9 | call to malloc | test.cpp:148:20:148:25 | call to getenv | test.cpp:152:11:152:28 | ... * ... | This allocation size is derived from $@ and might overflow. | test.cpp:148:20:148:25 | call to getenv | user input (an environment variable) |

6
cpp/ql/test/query-tests/Security/CWE/CWE-311/semmle/tests/CleartextBufferWrite.expected
View File

@@ -1,10 +1,10 @@
edges
| test.cpp:54:17:54:20 | argv | test.cpp:58:25:58:29 | input |
| test.cpp:53:27:53:30 | argv | test.cpp:58:25:58:29 | input |
nodes
| test2.cpp:110:3:110:6 | call to gets | semmle.label | call to gets |
| test.cpp:54:17:54:20 | argv | semmle.label | argv |
| test.cpp:53:27:53:30 | argv | semmle.label | argv |
| test.cpp:58:25:58:29 | input | semmle.label | input |
subpaths
#select
| test2.cpp:110:3:110:6 | call to gets | test2.cpp:110:3:110:6 | call to gets | test2.cpp:110:3:110:6 | call to gets | This write into buffer 'password' may contain unencrypted data from $@. | test2.cpp:110:3:110:6 | call to gets | user input (string read by gets) |
| test.cpp:58:3:58:9 | call to sprintf | test.cpp:54:17:54:20 | argv | test.cpp:58:25:58:29 | input | This write into buffer 'passwd' may contain unencrypted data from $@. | test.cpp:54:17:54:20 | argv | user input (a command-line argument) |
| test.cpp:58:3:58:9 | call to sprintf | test.cpp:53:27:53:30 | argv | test.cpp:58:25:58:29 | input | This write into buffer 'passwd' may contain unencrypted data from $@. | test.cpp:53:27:53:30 | argv | user input (a command-line argument) |

8
csharp/extractor/Semmle.Extraction.CSharp/Entities/CommentBlock.cs
View File

@@ -1,5 +1,5 @@
using Semmle.Extraction.Entities;
using System.IO;
using Semmle.Util;
namespace Semmle.Extraction.CSharp.Entities
{
@@ -11,12 +11,8 @@ namespace Semmle.Extraction.CSharp.Entities
public override void Populate(TextWriter trapFile)
{
trapFile.commentblock(this);
var child = 0;
trapFile.commentblock_location(this, Context.CreateLocation(Symbol.Location));
foreach (var l in Symbol.CommentLines)
{
trapFile.commentblock_child(this, (CommentLine)l, child++);
}
Symbol.CommentLines.ForEach((l, child) => trapFile.commentblock_child(this, l, child));
}
public override bool NeedsPopulation => true;

36
csharp/extractor/Semmle.Extraction.CSharp/Entities/Compilations/Compilation.cs
View File

@@ -39,45 +39,29 @@ namespace Semmle.Extraction.CSharp.Entities
trapFile.compilation_assembly(this, assembly);
// Arguments
var index = 0;
foreach (var arg in Compilation.Settings.Args)
{
trapFile.compilation_args(this, index++, arg);
}
Compilation.Settings.Args.ForEach((arg, index) => trapFile.compilation_args(this, index, arg));
// Files
index = 0;
foreach (var file in Context.Compilation.SyntaxTrees.Select(tree => File.Create(Context, tree.FilePath)))
{
trapFile.compilation_compiling_files(this, index++, file);
}
Context.Compilation.SyntaxTrees.Select(tree => File.Create(Context, tree.FilePath)).ForEach((file, index) => trapFile.compilation_compiling_files(this, index, file));
// References
index = 0;
foreach (var file in Context.Compilation.References
Context.Compilation.References
.OfType<PortableExecutableReference>()
.Where(r => r.FilePath is not null)
.Select(r => File.Create(Context, r.FilePath!)))
{
trapFile.compilation_referencing_files(this, index++, file);
}
.Select(r => File.Create(Context, r.FilePath!))
.ForEach((file, index) => trapFile.compilation_referencing_files(this, index, file));
// Diagnostics
index = 0;
foreach (var diag in Context.Compilation.GetDiagnostics().Select(d => new Diagnostic(Context, d)))
{
trapFile.diagnostic_for(diag, this, 0, index++);
}
Context.Compilation
.GetDiagnostics()
.Select(d => new Diagnostic(Context, d))
.ForEach((diag, index) => trapFile.diagnostic_for(diag, this, 0, index));
}
public void PopulatePerformance(PerformanceMetrics p)
{
var trapFile = Context.TrapWriter.Writer;
var index = 0;
foreach (var metric in p.Metrics)
{
trapFile.compilation_time(this, -1, index++, metric);
}
p.Metrics.ForEach((metric, index) => trapFile.compilation_time(this, -1, index, metric));
trapFile.compilation_finished(this, (float)p.Total.Cpu.TotalSeconds, (float)p.Total.Elapsed.TotalSeconds);
}

7
csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/ArrayCreation.cs
View File

@@ -2,6 +2,7 @@ using Microsoft.CodeAnalysis;
using Microsoft.CodeAnalysis.CSharp;
using Microsoft.CodeAnalysis.CSharp.Syntax;
using Semmle.Extraction.Kinds;
using Semmle.Util;
using System.Collections.Generic;
using System.IO;
using System.Linq;
@@ -108,11 +109,7 @@ namespace Semmle.Extraction.CSharp.Entities.Expressions
if (length > 0)
{
var arrayInit = ArrayInitializer.CreateGenerated(cx, arrayCreation, InitializerIndex, location);
var child = 0;
foreach (var item in items)
{
Expression.CreateGenerated(cx, item, arrayInit, child++, location);
}
items.ForEach((item, child) => Expression.CreateGenerated(cx, item, arrayInit, child, location));
}
return arrayCreation;

8
csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Initializer.cs
View File

@@ -1,8 +1,8 @@
using Microsoft.CodeAnalysis;
using Microsoft.CodeAnalysis.CSharp;
using Microsoft.CodeAnalysis.CSharp.Syntax;
using Semmle.Extraction.Entities;
using Semmle.Extraction.Kinds;
using Semmle.Util;
using System.IO;
namespace Semmle.Extraction.CSharp.Entities.Expressions
@@ -146,11 +146,7 @@ namespace Semmle.Extraction.CSharp.Entities.Expressions
var init = (InitializerExpressionSyntax)i;
var addChild = 0;
foreach (var arg in init.Expressions)
{
Create(Context, arg, invocation, addChild++);
}
init.Expressions.ForEach((arg, child) => Create(Context, arg, invocation, child));
}
else
{

1
csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Patterns/BinaryPattern.cs
View File

@@ -1,7 +1,6 @@
using Microsoft.CodeAnalysis;
using Microsoft.CodeAnalysis.CSharp;
using Microsoft.CodeAnalysis.CSharp.Syntax;
using Semmle.Extraction.Entities;
using Semmle.Extraction.Kinds;
namespace Semmle.Extraction.CSharp.Entities.Expressions

1
csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Patterns/Pattern.cs
View File

@@ -1,7 +1,6 @@
using Microsoft.CodeAnalysis;
using Microsoft.CodeAnalysis.CSharp.Syntax;
using Microsoft.CodeAnalysis.CSharp;
using Semmle.Extraction.Entities;
namespace Semmle.Extraction.CSharp.Entities.Expressions
{

8
csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Patterns/PositionalPattern.cs
View File

@@ -1,6 +1,6 @@
using Microsoft.CodeAnalysis.CSharp.Syntax;
using Semmle.Extraction.Kinds;
using Semmle.Extraction.Entities;
using Semmle.Util;
namespace Semmle.Extraction.CSharp.Entities.Expressions
{
@@ -9,11 +9,7 @@ namespace Semmle.Extraction.CSharp.Entities.Expressions
internal PositionalPattern(Context cx, PositionalPatternClauseSyntax posPc, IExpressionParentEntity parent, int child) :
base(new ExpressionInfo(cx, null, cx.CreateLocation(posPc.GetLocation()), ExprKind.POSITIONAL_PATTERN, parent, child, false, null))
{
child = 0;
foreach (var sub in posPc.Subpatterns)
{
Expressions.Pattern.Create(cx, sub.Pattern, this, child++);
}
posPc.Subpatterns.ForEach((p, i) => Pattern.Create(cx, p.Pattern, this, i));
}
}
}

4
csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Patterns/PropertyPattern.cs
View File

@@ -1,8 +1,6 @@
using System;
using System.Collections.Generic;
using Microsoft.CodeAnalysis.CSharp.Syntax;
using Semmle.Extraction.Kinds;
using Semmle.Extraction.Entities;
namespace Semmle.Extraction.CSharp.Entities.Expressions
{
@@ -27,7 +25,7 @@ namespace Semmle.Extraction.CSharp.Entities.Expressions
private class AccessStepPack
{
public readonly List<AccessStep> Prefix = new List<AccessStep>();
public readonly List<AccessStep> Prefix = new();
public AccessStep Last { get; private set; }
public AccessStepPack Add(string identifier, Microsoft.CodeAnalysis.Location location)

1
csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Patterns/RecursivePattern.cs
View File

@@ -2,7 +2,6 @@ using Microsoft.CodeAnalysis;
using Microsoft.CodeAnalysis.CSharp.Syntax;
using Microsoft.CodeAnalysis.CSharp;
using Semmle.Extraction.Kinds;
using Semmle.Extraction.Entities;
namespace Semmle.Extraction.CSharp.Entities.Expressions
{

1
csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Patterns/RelationalPattern.cs
View File

@@ -2,7 +2,6 @@ using Microsoft.CodeAnalysis;
using Microsoft.CodeAnalysis.CSharp.Syntax;
using Microsoft.CodeAnalysis.CSharp;
using Semmle.Extraction.Kinds;
using Semmle.Extraction.Entities;
namespace Semmle.Extraction.CSharp.Entities.Expressions
{

1
csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Patterns/UnaryPattern.cs
View File

@@ -1,5 +1,4 @@
using Microsoft.CodeAnalysis.CSharp.Syntax;
using Semmle.Extraction.Entities;
using Semmle.Extraction.Kinds;
namespace Semmle.Extraction.CSharp.Entities.Expressions

8
csharp/extractor/Semmle.Extraction.CSharp/Entities/PreprocessorDirectives/PragmaWarningDirective.cs
View File

@@ -1,6 +1,7 @@
using Microsoft.CodeAnalysis;
using Microsoft.CodeAnalysis.CSharp;
using Microsoft.CodeAnalysis.CSharp.Syntax;
using Semmle.Util;
using System.IO;
namespace Semmle.Extraction.CSharp.Entities
@@ -15,12 +16,7 @@ namespace Semmle.Extraction.CSharp.Entities
protected override void PopulatePreprocessor(TextWriter trapFile)
{
trapFile.pragma_warnings(this, Symbol.DisableOrRestoreKeyword.IsKind(SyntaxKind.DisableKeyword) ? 0 : 1);
var childIndex = 0;
foreach (var code in Symbol.ErrorCodes)
{
trapFile.pragma_warning_error_codes(this, code.ToString(), childIndex++);
}
Symbol.ErrorCodes.ForEach((code, child) => trapFile.pragma_warning_error_codes(this, code.ToString(), child));
}
public static PragmaWarningDirective Create(Context cx, PragmaWarningDirectiveTriviaSyntax p) =>

4
csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 1.3.6
No user-facing changes.
## 1.3.5
No user-facing changes.

3
csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.3.6.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.3.6
No user-facing changes.

2
csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.3.5
lastReleaseVersion: 1.3.6

2
csharp/ql/campaigns/Solorigate/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-solorigate-all
version: 1.3.6-dev
version: 1.4.0-dev
groups:
- csharp
- solorigate

4
csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 1.3.6
No user-facing changes.
## 1.3.5
No user-facing changes.

3
csharp/ql/campaigns/Solorigate/src/change-notes/released/1.3.6.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.3.6
No user-facing changes.

2
csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.3.5
lastReleaseVersion: 1.3.6

2
csharp/ql/campaigns/Solorigate/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-solorigate-queries
version: 1.3.6-dev
version: 1.4.0-dev
groups:
- csharp
- solorigate

4
csharp/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 0.4.6
No user-facing changes.
## 0.4.5
No user-facing changes.

3
csharp/ql/lib/change-notes/released/0.4.6.md Normal file
View File

@@ -0,0 +1,3 @@
## 0.4.6
No user-facing changes.

2
csharp/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.4.5
lastReleaseVersion: 0.4.6

2
csharp/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-all
version: 0.4.6-dev
version: 0.5.0-dev
groups: csharp
dbscheme: semmlecode.csharp.dbscheme
extractor: csharp

6
csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll
View File

@@ -260,6 +260,12 @@ module Public {
* Holds if the neutral is auto generated.
*/
predicate isAutoGenerated() { neutralElement(this, true) }
/**
* Holds if the neutral has the given provenance where `true` is
* `generated` and `false` is `manual`.
*/
predicate hasProvenance(boolean generated) { neutralElement(this, generated) }
}
}

8
csharp/ql/lib/semmlecode.csharp.dbscheme.stats
View File

@@ -948,6 +948,14 @@
<k>@with_expr</k>
<v>101</v>
</e>
<e>
<k>@list_pattern_expr</k>
<v>0</v>
</e>
<e>
<k>@slice_pattern_expr</k>
<v>0</v>
</e>
<e>
<k>@xmldtd</k>
<v>40</v>

76
csharp/ql/src/AlertSuppression.ql
View File

@@ -5,68 +5,28 @@
* @id cs/alert-suppression
*/
import csharp
private import codeql.util.suppression.AlertSuppression as AS
private import semmle.code.csharp.Comments
/**
* An alert suppression comment.
*/
class SuppressionComment extends CommentLine {
string annotation;
SuppressionComment() {
// Must be either `// ...` or `/* ... */` on a single line.
this.getRawText().regexpMatch("//.*|/\\*.*\\*/") and
exists(string text | text = this.getText() |
// match `lgtm[...]` anywhere in the comment
annotation = text.regexpFind("(?i)\\blgtm\\s*\\[[^\\]]*\\]", _, _)
or
// match `lgtm` at the start of the comment and after semicolon
annotation = text.regexpFind("(?i)(?<=^|;)\\s*lgtm(?!\\B|\\s*\\[)", _, _).trim()
)
}
/** Gets the suppression annotation in this comment. */
string getAnnotation() { result = annotation }
/**
* Holds if this comment applies to the range from column `startcolumn` of line `startline`
* to column `endcolumn` of line `endline` in file `filepath`.
*/
predicate covers(string filepath, int startline, int startcolumn, int endline, int endcolumn) {
this.getLocation().hasLocationInfo(filepath, startline, _, endline, endcolumn) and
startcolumn = 1
}
/** Gets the scope of this suppression. */
SuppressionScope getScope() { this = result.getSuppressionComment() }
}
/**
* The scope of an alert suppression comment.
*/
class SuppressionScope extends @commentline instanceof SuppressionComment {
/** Gets a suppression comment with this scope. */
SuppressionComment getSuppressionComment() { result = this }
/**
* Holds if this element is at the specified location.
* The location spans column `startcolumn` of line `startline` to
* column `endcolumn` of line `endline` in file `filepath`.
* For more information, see
* [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
*/
class AstNode extends Element {
predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
super.covers(filepath, startline, startcolumn, endline, endcolumn)
this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
/** Gets a textual representation of this element. */
string toString() { result = "suppression range" }
}
from SuppressionComment c
select c, // suppression comment
c.getText(), // text of suppression comment (excluding delimiters)
c.getAnnotation(), // text of suppression annotation
c.getScope() // scope of suppression
class SingleLineComment extends CommentLine {
SingleLineComment() {
// Must be either `// ...` or `/* ... */` on a single line.
this.getRawText().regexpMatch("//.*|/\\*.*\\*/")
}
predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
this.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn)
}
}
import AS::Make<AstNode, SingleLineComment>

4
csharp/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 0.4.6
No user-facing changes.
## 0.4.5
No user-facing changes.

4
csharp/ql/src/change-notes/2022-12-19-alert-suppressions.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* The `AlertSuppression.ql` query has been updated to support the new `// codeql[query-id]` supression comments. These comments can be used to suppress an alert and must be placed on a blank line before the alert. In addition the legacy `// lgtm` and `// lgtm[query-id]` comments can now also be place on the line before an alert.

3
csharp/ql/src/change-notes/released/0.4.6.md Normal file
View File

@@ -0,0 +1,3 @@
## 0.4.6
No user-facing changes.

2
csharp/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.4.5
lastReleaseVersion: 0.4.6

3
csharp/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-queries
version: 0.4.6-dev
version: 0.5.0-dev
groups:
- csharp
- queries
@@ -9,3 +9,4 @@ defaultSuiteFile: codeql-suites/csharp-code-scanning.qls
dependencies:
codeql/csharp-all: ${workspace}
codeql/suite-helpers: ${workspace}
codeql/util: ${workspace}

1
csharp/ql/test/query-tests/AlertSuppression/.gitattributes vendored Normal file
View File

@@ -0,0 +1 @@
AlertSuppressionWindows.cs eol=crlf

8
csharp/ql/test/query-tests/AlertSuppression/AlertSuppression.cs
View File

@@ -26,3 +26,11 @@ class Dead { } // lgtm
// LGTM[cs/unused-reftype]
// lgtm[cs/unused-reftype] and lgtm[cs/unused-field]
// lgtm[cs/unused-reftype]; lgtm
// codeql[js/debugger-statement]
// CODEQL[js/debugger-statement]
// codeql[js/debugger-statement] -- because I know better than codeql
/* codeql[js/debugger-statement] */
/* codeql[js/debugger-statement]
*/
class End { } // codeql[js/debugger-statement]

60
csharp/ql/test/query-tests/AlertSuppression/AlertSuppression.expected
View File

@@ -1,54 +1,114 @@
| AlertSuppression.cs:1:16:1:22 | // ... | lgtm | lgtm | AlertSuppression.cs:1:1:1:22 | suppression range |
| AlertSuppression.cs:2:1:2:26 | // ... | lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppression.cs:2:1:2:26 | suppression range |
| AlertSuppression.cs:2:1:2:26 | // ... | lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppression.cs:3:0:3:0 | suppression range |
| AlertSuppression.cs:3:1:3:43 | // ... | lgtm[cs/unused-reftype, cs/unused-field] | lgtm[cs/unused-reftype, cs/unused-field] | AlertSuppression.cs:3:1:3:43 | suppression range |
| AlertSuppression.cs:3:1:3:43 | // ... | lgtm[cs/unused-reftype, cs/unused-field] | lgtm[cs/unused-reftype, cs/unused-field] | AlertSuppression.cs:4:0:4:0 | suppression range |
| AlertSuppression.cs:4:1:4:22 | // ... | lgtm[@tag:nullness] | lgtm[@tag:nullness] | AlertSuppression.cs:4:1:4:22 | suppression range |
| AlertSuppression.cs:4:1:4:22 | // ... | lgtm[@tag:nullness] | lgtm[@tag:nullness] | AlertSuppression.cs:5:0:5:0 | suppression range |
| AlertSuppression.cs:5:1:5:44 | // ... | lgtm[@tag:useless-code,cs/unused-reftype] | lgtm[@tag:useless-code,cs/unused-reftype] | AlertSuppression.cs:5:1:5:44 | suppression range |
| AlertSuppression.cs:5:1:5:44 | // ... | lgtm[@tag:useless-code,cs/unused-reftype] | lgtm[@tag:useless-code,cs/unused-reftype] | AlertSuppression.cs:6:0:6:0 | suppression range |
| AlertSuppression.cs:6:1:6:28 | // ... | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | AlertSuppression.cs:6:1:6:28 | suppression range |
| AlertSuppression.cs:6:1:6:28 | // ... | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | AlertSuppression.cs:7:0:7:0 | suppression range |
| AlertSuppression.cs:7:1:7:58 | // ... | lgtm[cs/unused-reftype] because I know better than lgtm | lgtm[cs/unused-reftype] | AlertSuppression.cs:7:1:7:58 | suppression range |
| AlertSuppression.cs:7:1:7:58 | // ... | lgtm[cs/unused-reftype] because I know better than lgtm | lgtm[cs/unused-reftype] | AlertSuppression.cs:8:0:8:0 | suppression range |
| AlertSuppression.cs:8:1:8:18 | // ... | lgtm: blah blah | lgtm | AlertSuppression.cs:8:1:8:18 | suppression range |
| AlertSuppression.cs:8:1:8:18 | // ... | lgtm: blah blah | lgtm | AlertSuppression.cs:9:0:9:0 | suppression range |
| AlertSuppression.cs:9:1:9:32 | // ... | lgtm blah blah #falsepositive | lgtm | AlertSuppression.cs:9:1:9:32 | suppression range |
| AlertSuppression.cs:9:1:9:32 | // ... | lgtm blah blah #falsepositive | lgtm | AlertSuppression.cs:10:0:10:0 | suppression range |
| AlertSuppression.cs:10:1:10:27 | // ... | lgtm [cs/unused-reftype] | lgtm [cs/unused-reftype] | AlertSuppression.cs:10:1:10:27 | suppression range |
| AlertSuppression.cs:10:1:10:27 | // ... | lgtm [cs/unused-reftype] | lgtm [cs/unused-reftype] | AlertSuppression.cs:11:0:11:0 | suppression range |
| AlertSuppression.cs:11:1:11:10 | /* ... */ | lgtm | lgtm | AlertSuppression.cs:11:1:11:10 | suppression range |
| AlertSuppression.cs:11:1:11:10 | /* ... */ | lgtm | lgtm | AlertSuppression.cs:12:0:12:0 | suppression range |
| AlertSuppression.cs:12:1:12:9 | // ... | lgtm[] | lgtm[] | AlertSuppression.cs:12:1:12:9 | suppression range |
| AlertSuppression.cs:12:1:12:9 | // ... | lgtm[] | lgtm[] | AlertSuppression.cs:13:0:13:0 | suppression range |
| AlertSuppression.cs:14:1:14:6 | // ... | lgtm | lgtm | AlertSuppression.cs:14:1:14:6 | suppression range |
| AlertSuppression.cs:14:1:14:6 | // ... | lgtm | lgtm | AlertSuppression.cs:15:0:15:0 | suppression range |
| AlertSuppression.cs:15:1:15:8 | // ... | lgtm | lgtm | AlertSuppression.cs:15:1:15:8 | suppression range |
| AlertSuppression.cs:15:1:15:8 | // ... | lgtm | lgtm | AlertSuppression.cs:16:0:16:0 | suppression range |
| AlertSuppression.cs:16:1:16:27 | // ... | lgtm [cs/unused-reftype] | lgtm [cs/unused-reftype] | AlertSuppression.cs:16:1:16:27 | suppression range |
| AlertSuppression.cs:16:1:16:27 | // ... | lgtm [cs/unused-reftype] | lgtm [cs/unused-reftype] | AlertSuppression.cs:17:0:17:0 | suppression range |
| AlertSuppression.cs:19:1:19:12 | // ... | foo; lgtm | lgtm | AlertSuppression.cs:19:1:19:12 | suppression range |
| AlertSuppression.cs:19:1:19:12 | // ... | foo; lgtm | lgtm | AlertSuppression.cs:20:0:20:0 | suppression range |
| AlertSuppression.cs:20:1:20:31 | // ... | foo; lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppression.cs:20:1:20:31 | suppression range |
| AlertSuppression.cs:20:1:20:31 | // ... | foo; lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppression.cs:21:0:21:0 | suppression range |
| AlertSuppression.cs:22:1:22:30 | // ... | foo lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppression.cs:22:1:22:30 | suppression range |
| AlertSuppression.cs:22:1:22:30 | // ... | foo lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppression.cs:23:0:23:0 | suppression range |
| AlertSuppression.cs:24:1:24:34 | // ... | foo lgtm[cs/unused-reftype] bar | lgtm[cs/unused-reftype] | AlertSuppression.cs:24:1:24:34 | suppression range |
| AlertSuppression.cs:24:1:24:34 | // ... | foo lgtm[cs/unused-reftype] bar | lgtm[cs/unused-reftype] | AlertSuppression.cs:25:0:25:0 | suppression range |
| AlertSuppression.cs:25:1:25:8 | // ... | LGTM! | LGTM | AlertSuppression.cs:25:1:25:8 | suppression range |
| AlertSuppression.cs:25:1:25:8 | // ... | LGTM! | LGTM | AlertSuppression.cs:26:0:26:0 | suppression range |
| AlertSuppression.cs:26:1:26:26 | // ... | LGTM[cs/unused-reftype] | LGTM[cs/unused-reftype] | AlertSuppression.cs:26:1:26:26 | suppression range |
| AlertSuppression.cs:26:1:26:26 | // ... | LGTM[cs/unused-reftype] | LGTM[cs/unused-reftype] | AlertSuppression.cs:27:0:27:0 | suppression range |
| AlertSuppression.cs:27:1:27:52 | // ... | lgtm[cs/unused-reftype] and lgtm[cs/unused-field] | lgtm[cs/unused-field] | AlertSuppression.cs:27:1:27:52 | suppression range |
| AlertSuppression.cs:27:1:27:52 | // ... | lgtm[cs/unused-reftype] and lgtm[cs/unused-field] | lgtm[cs/unused-field] | AlertSuppression.cs:28:0:28:0 | suppression range |
| AlertSuppression.cs:27:1:27:52 | // ... | lgtm[cs/unused-reftype] and lgtm[cs/unused-field] | lgtm[cs/unused-reftype] | AlertSuppression.cs:27:1:27:52 | suppression range |
| AlertSuppression.cs:27:1:27:52 | // ... | lgtm[cs/unused-reftype] and lgtm[cs/unused-field] | lgtm[cs/unused-reftype] | AlertSuppression.cs:28:0:28:0 | suppression range |
| AlertSuppression.cs:28:1:28:32 | // ... | lgtm[cs/unused-reftype]; lgtm | lgtm | AlertSuppression.cs:28:1:28:32 | suppression range |
| AlertSuppression.cs:28:1:28:32 | // ... | lgtm[cs/unused-reftype]; lgtm | lgtm | AlertSuppression.cs:29:0:29:0 | suppression range |
| AlertSuppression.cs:28:1:28:32 | // ... | lgtm[cs/unused-reftype]; lgtm | lgtm[cs/unused-reftype] | AlertSuppression.cs:28:1:28:32 | suppression range |
| AlertSuppression.cs:28:1:28:32 | // ... | lgtm[cs/unused-reftype]; lgtm | lgtm[cs/unused-reftype] | AlertSuppression.cs:29:0:29:0 | suppression range |
| AlertSuppression.cs:29:1:29:32 | // ... | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | AlertSuppression.cs:30:0:30:0 | suppression range |
| AlertSuppression.cs:30:1:30:32 | // ... | CODEQL[js/debugger-statement] | lgtm[js/debugger-statement] | AlertSuppression.cs:31:0:31:0 | suppression range |
| AlertSuppression.cs:31:1:31:69 | // ... | codeql[js/debugger-statement] -- because I know better than codeql | lgtm[js/debugger-statement] | AlertSuppression.cs:32:0:32:0 | suppression range |
| AlertSuppression.cs:32:1:32:35 | /* ... */ | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | AlertSuppression.cs:33:0:33:0 | suppression range |
| AlertSuppressionWindows.cs:1:17:1:23 | // ... | lgtm | lgtm | AlertSuppressionWindows.cs:1:1:1:23 | suppression range |
| AlertSuppressionWindows.cs:2:1:2:26 | // ... | lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:2:1:2:26 | suppression range |
| AlertSuppressionWindows.cs:2:1:2:26 | // ... | lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:3:0:3:0 | suppression range |
| AlertSuppressionWindows.cs:3:1:3:43 | // ... | lgtm[cs/unused-reftype, cs/unused-field] | lgtm[cs/unused-reftype, cs/unused-field] | AlertSuppressionWindows.cs:3:1:3:43 | suppression range |
| AlertSuppressionWindows.cs:3:1:3:43 | // ... | lgtm[cs/unused-reftype, cs/unused-field] | lgtm[cs/unused-reftype, cs/unused-field] | AlertSuppressionWindows.cs:4:0:4:0 | suppression range |
| AlertSuppressionWindows.cs:4:1:4:22 | // ... | lgtm[@tag:nullness] | lgtm[@tag:nullness] | AlertSuppressionWindows.cs:4:1:4:22 | suppression range |
| AlertSuppressionWindows.cs:4:1:4:22 | // ... | lgtm[@tag:nullness] | lgtm[@tag:nullness] | AlertSuppressionWindows.cs:5:0:5:0 | suppression range |
| AlertSuppressionWindows.cs:5:1:5:44 | // ... | lgtm[@tag:useless-code,cs/unused-reftype] | lgtm[@tag:useless-code,cs/unused-reftype] | AlertSuppressionWindows.cs:5:1:5:44 | suppression range |
| AlertSuppressionWindows.cs:5:1:5:44 | // ... | lgtm[@tag:useless-code,cs/unused-reftype] | lgtm[@tag:useless-code,cs/unused-reftype] | AlertSuppressionWindows.cs:6:0:6:0 | suppression range |
| AlertSuppressionWindows.cs:6:1:6:28 | // ... | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | AlertSuppressionWindows.cs:6:1:6:28 | suppression range |
| AlertSuppressionWindows.cs:6:1:6:28 | // ... | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | AlertSuppressionWindows.cs:7:0:7:0 | suppression range |
| AlertSuppressionWindows.cs:7:1:7:58 | // ... | lgtm[cs/unused-reftype] because I know better than lgtm | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:7:1:7:58 | suppression range |
| AlertSuppressionWindows.cs:7:1:7:58 | // ... | lgtm[cs/unused-reftype] because I know better than lgtm | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:8:0:8:0 | suppression range |
| AlertSuppressionWindows.cs:8:1:8:18 | // ... | lgtm: blah blah | lgtm | AlertSuppressionWindows.cs:8:1:8:18 | suppression range |
| AlertSuppressionWindows.cs:8:1:8:18 | // ... | lgtm: blah blah | lgtm | AlertSuppressionWindows.cs:9:0:9:0 | suppression range |
| AlertSuppressionWindows.cs:9:1:9:32 | // ... | lgtm blah blah #falsepositive | lgtm | AlertSuppressionWindows.cs:9:1:9:32 | suppression range |
| AlertSuppressionWindows.cs:9:1:9:32 | // ... | lgtm blah blah #falsepositive | lgtm | AlertSuppressionWindows.cs:10:0:10:0 | suppression range |
| AlertSuppressionWindows.cs:10:1:10:27 | // ... | lgtm [cs/unused-reftype] | lgtm [cs/unused-reftype] | AlertSuppressionWindows.cs:10:1:10:27 | suppression range |
| AlertSuppressionWindows.cs:10:1:10:27 | // ... | lgtm [cs/unused-reftype] | lgtm [cs/unused-reftype] | AlertSuppressionWindows.cs:11:0:11:0 | suppression range |
| AlertSuppressionWindows.cs:11:1:11:10 | /* ... */ | lgtm | lgtm | AlertSuppressionWindows.cs:11:1:11:10 | suppression range |
| AlertSuppressionWindows.cs:11:1:11:10 | /* ... */ | lgtm | lgtm | AlertSuppressionWindows.cs:12:0:12:0 | suppression range |
| AlertSuppressionWindows.cs:12:1:12:9 | // ... | lgtm[] | lgtm[] | AlertSuppressionWindows.cs:12:1:12:9 | suppression range |
| AlertSuppressionWindows.cs:12:1:12:9 | // ... | lgtm[] | lgtm[] | AlertSuppressionWindows.cs:13:0:13:0 | suppression range |
| AlertSuppressionWindows.cs:14:1:14:6 | // ... | lgtm | lgtm | AlertSuppressionWindows.cs:14:1:14:6 | suppression range |
| AlertSuppressionWindows.cs:14:1:14:6 | // ... | lgtm | lgtm | AlertSuppressionWindows.cs:15:0:15:0 | suppression range |
| AlertSuppressionWindows.cs:15:1:15:8 | // ... | lgtm | lgtm | AlertSuppressionWindows.cs:15:1:15:8 | suppression range |
| AlertSuppressionWindows.cs:15:1:15:8 | // ... | lgtm | lgtm | AlertSuppressionWindows.cs:16:0:16:0 | suppression range |
| AlertSuppressionWindows.cs:16:1:16:27 | // ... | lgtm [cs/unused-reftype] | lgtm [cs/unused-reftype] | AlertSuppressionWindows.cs:16:1:16:27 | suppression range |
| AlertSuppressionWindows.cs:16:1:16:27 | // ... | lgtm [cs/unused-reftype] | lgtm [cs/unused-reftype] | AlertSuppressionWindows.cs:17:0:17:0 | suppression range |
| AlertSuppressionWindows.cs:19:1:19:12 | // ... | foo; lgtm | lgtm | AlertSuppressionWindows.cs:19:1:19:12 | suppression range |
| AlertSuppressionWindows.cs:19:1:19:12 | // ... | foo; lgtm | lgtm | AlertSuppressionWindows.cs:20:0:20:0 | suppression range |
| AlertSuppressionWindows.cs:20:1:20:31 | // ... | foo; lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:20:1:20:31 | suppression range |
| AlertSuppressionWindows.cs:20:1:20:31 | // ... | foo; lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:21:0:21:0 | suppression range |
| AlertSuppressionWindows.cs:22:1:22:30 | // ... | foo lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:22:1:22:30 | suppression range |
| AlertSuppressionWindows.cs:22:1:22:30 | // ... | foo lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:23:0:23:0 | suppression range |
| AlertSuppressionWindows.cs:24:1:24:34 | // ... | foo lgtm[cs/unused-reftype] bar | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:24:1:24:34 | suppression range |
| AlertSuppressionWindows.cs:24:1:24:34 | // ... | foo lgtm[cs/unused-reftype] bar | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:25:0:25:0 | suppression range |
| AlertSuppressionWindows.cs:25:1:25:8 | // ... | LGTM! | LGTM | AlertSuppressionWindows.cs:25:1:25:8 | suppression range |
| AlertSuppressionWindows.cs:25:1:25:8 | // ... | LGTM! | LGTM | AlertSuppressionWindows.cs:26:0:26:0 | suppression range |
| AlertSuppressionWindows.cs:26:1:26:26 | // ... | LGTM[cs/unused-reftype] | LGTM[cs/unused-reftype] | AlertSuppressionWindows.cs:26:1:26:26 | suppression range |
| AlertSuppressionWindows.cs:26:1:26:26 | // ... | LGTM[cs/unused-reftype] | LGTM[cs/unused-reftype] | AlertSuppressionWindows.cs:27:0:27:0 | suppression range |
| AlertSuppressionWindows.cs:27:1:27:52 | // ... | lgtm[cs/unused-reftype] and lgtm[cs/unused-field] | lgtm[cs/unused-field] | AlertSuppressionWindows.cs:27:1:27:52 | suppression range |
| AlertSuppressionWindows.cs:27:1:27:52 | // ... | lgtm[cs/unused-reftype] and lgtm[cs/unused-field] | lgtm[cs/unused-field] | AlertSuppressionWindows.cs:28:0:28:0 | suppression range |
| AlertSuppressionWindows.cs:27:1:27:52 | // ... | lgtm[cs/unused-reftype] and lgtm[cs/unused-field] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:27:1:27:52 | suppression range |
| AlertSuppressionWindows.cs:27:1:27:52 | // ... | lgtm[cs/unused-reftype] and lgtm[cs/unused-field] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:28:0:28:0 | suppression range |
| AlertSuppressionWindows.cs:28:1:28:32 | // ... | lgtm[cs/unused-reftype]; lgtm | lgtm | AlertSuppressionWindows.cs:28:1:28:32 | suppression range |
| AlertSuppressionWindows.cs:28:1:28:32 | // ... | lgtm[cs/unused-reftype]; lgtm | lgtm | AlertSuppressionWindows.cs:29:0:29:0 | suppression range |
| AlertSuppressionWindows.cs:28:1:28:32 | // ... | lgtm[cs/unused-reftype]; lgtm | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:28:1:28:32 | suppression range |
| AlertSuppressionWindows.cs:28:1:28:32 | // ... | lgtm[cs/unused-reftype]; lgtm | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:29:0:29:0 | suppression range |
| AlertSuppressionWindows.cs:29:1:29:12 | /* ... */ | lgtm[] | lgtm[] | AlertSuppressionWindows.cs:29:1:29:12 | suppression range |
| AlertSuppressionWindows.cs:29:1:29:12 | /* ... */ | lgtm[] | lgtm[] | AlertSuppressionWindows.cs:30:0:30:0 | suppression range |
| AlertSuppressionWindows.cs:30:1:30:29 | /* ... */ | lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:30:1:30:29 | suppression range |
| AlertSuppressionWindows.cs:30:1:30:29 | /* ... */ | lgtm[cs/unused-reftype] | lgtm[cs/unused-reftype] | AlertSuppressionWindows.cs:31:0:31:0 | suppression range |
| AlertSuppressionWindows.cs:35:1:35:43 | /* ... */ | lgtm[@tag:nullness,cs/unused-reftype] | lgtm[@tag:nullness,cs/unused-reftype] | AlertSuppressionWindows.cs:35:1:35:43 | suppression range |
| AlertSuppressionWindows.cs:35:1:35:43 | /* ... */ | lgtm[@tag:nullness,cs/unused-reftype] | lgtm[@tag:nullness,cs/unused-reftype] | AlertSuppressionWindows.cs:36:0:36:0 | suppression range |
| AlertSuppressionWindows.cs:36:1:36:25 | /* ... */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | AlertSuppressionWindows.cs:36:1:36:25 | suppression range |
| AlertSuppressionWindows.cs:36:1:36:25 | /* ... */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | AlertSuppressionWindows.cs:37:0:37:0 | suppression range |
| AlertSuppressionWindows.cs:37:1:37:32 | // ... | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | AlertSuppressionWindows.cs:38:0:38:0 | suppression range |
| AlertSuppressionWindows.cs:38:1:38:32 | // ... | CODEQL[js/debugger-statement] | lgtm[js/debugger-statement] | AlertSuppressionWindows.cs:39:0:39:0 | suppression range |
| AlertSuppressionWindows.cs:39:1:39:69 | // ... | codeql[js/debugger-statement] -- because I know better than codeql | lgtm[js/debugger-statement] | AlertSuppressionWindows.cs:40:0:40:0 | suppression range |
| AlertSuppressionWindows.cs:40:1:40:35 | /* ... */ | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | AlertSuppressionWindows.cs:41:0:41:0 | suppression range |

8
csharp/ql/test/query-tests/AlertSuppression/AlertSuppressionWindows.cs
View File

@@ -34,3 +34,11 @@ class Dead2 { } // lgtm
*/
/* lgtm[@tag:nullness,cs/unused-reftype] */
/* lgtm[@tag:nullness] */
// codeql[js/debugger-statement]
// CODEQL[js/debugger-statement]
// codeql[js/debugger-statement] -- because I know better than codeql
/* codeql[js/debugger-statement] */
/* codeql[js/debugger-statement]
*/
class End2 { } // codeql[js/debugger-statement]

6
docs/codeql/codeql-language-guides/annotations-in-java.rst
View File

@@ -185,7 +185,7 @@ For more information about the class ``Call``, see ":doc:`Navigating the call gr
Improvements
~~~~~~~~~~~~
The Java standard library provides another annotation type ``java.lang.SupressWarnings`` that can be used to suppress certain categories of warnings. In particular, it can be used to turn off warnings about calls to deprecated methods. Therefore, it makes sense to improve our query to ignore calls to deprecated methods from inside methods that are marked with ``@SuppressWarnings("deprecated")``.
The Java standard library provides another annotation type ``java.lang.SupressWarnings`` that can be used to suppress certain categories of warnings. In particular, it can be used to turn off warnings about calls to deprecated methods. Therefore, it makes sense to improve our query to ignore calls to deprecated methods from inside methods that are marked with ``@SuppressWarnings("deprecation")``.
For instance, consider this slightly updated example:
@@ -198,7 +198,7 @@ For instance, consider this slightly updated example:
m();
}
@SuppressWarnings("deprecated")
@SuppressWarnings("deprecation")
void r() {
m();
}
@@ -206,7 +206,7 @@ For instance, consider this slightly updated example:
Here, the programmer has explicitly suppressed warnings about deprecated calls in ``A.r``, so our query should not flag the call to ``A.m`` any more.
To do so, we first introduce a class for representing all ``@SuppressWarnings`` annotations where the string ``deprecated`` occurs among the list of warnings to suppress:
To do so, we first introduce a class for representing all ``@SuppressWarnings`` annotations where the string ``deprecation`` occurs among the list of warnings to suppress:
.. code-block:: ql

101
docs/query-classification-and-display.md
View File

@@ -1,101 +0,0 @@
# Query classification and display
## Attributable Queries
The results of some queries are unsuitable for attribution to individual
developers. Most of them have a threshold value on which they trigger,
for example all metric violations and statistics based queries. The
results of such queries would all be attributed to the person pushing
the value over (or under) the threshold. Some queries only trigger when
another one doesn't. An example of this is the MaybeNull query which
only triggers if the AlwaysNull query doesn't. A small change in the
data flow could make an alert switch from AlwaysNull to MaybeNull (or
vice versa). As a result we attribute both a fix and an introduction to
the developer that changed the data flow. For this particular example
the funny attribution results are more a nuisance than a real problem;
the overall alert count remains unchanged. However, for the duplicate
and similar code queries the effects can be much more severe, as they
come in versions for "duplicate file" and "duplicate function" among
many others, where "duplicate function" only triggers if "duplicate
file" didn't. As a result adding some code to a duplicate file might
result in a "fix" of a "duplicate file" alert and an introduction of
many "duplicate function" alerts. This would be highly unfair.
Currently, only the duplicate and similar code queries exhibit this
"exchanging one for many" alerts when trying to attribute their results.
Therefore we currently exclude all duplicate code related alerts from
attribution.
The following queries are excluded from attribution:
- Metric violations, i.e. the ones with metadata properties like
 `@(error|warning|recommendation)-(to|from)`
- Queries with tag `non-attributable`
This check is applied when the results of a single attribution are
loaded into the datastore. This means that any change to this behaviour
will only take effect on newly attributed revisions but the historical
data remains unchanged.
## Query severity and precision
We currently classify queries on two axes, with some additional tags.
Those axes are severity and precision, and are defined using the
query-metadata properties `@problem.severity` and `@precision`.
For severity, we have the following categories:
- Error
- Warning
- Recommendation
These categories may change in the future.
For precision, we have the following categories:
- very-high
- high
- medium
- low
As [usual](https://en.wikipedia.org/wiki/Precision_and_recall),
precision is defined as the percentage of query results that are true
positives, i.e., precision = number of true positives / (number of true
positives + number of false positives). There is no hard-and-fast rule
for which precision ranges correspond to which categories.
We expect these categories to remain unchanged for the foreseeable
future.
### A note on precision
Intuitively, precision measures how well the query performs at finding the
results it is supposed to find, i.e., how well it implements its
(informal, unwritten) rule. So how precise a query is depends very much
on what we consider that rule to be. We generally try to sharpen our
rules to focus on results that a developer might actually be interested
in.
## Which queries to run and display on LGTM
The following queries are run:
Precision: | very-high | high | medium | low
---------------|-----------|---------|---------|----
Error | **Yes** | **Yes** | **Yes** | No
Warning | **Yes** | **Yes** | **Yes** | No
Recommendation | **Yes** | **Yes** | No | No
The following queries have their results displayed by default:
Precision: | very-high | high | medium | low
---------------|-----------|---------|--------|----
Error | **Yes** | **Yes** | No | No
Warning | **Yes** | **Yes** | No | No
Recommendation | **Yes** | No | No | No
Results for queries that are run but not displayed by default can be
made visible by editing the project configuration.
Queries from custom query packs (in-repo or site-wide) are always run
and displayed by default. They can be hidden by editing the project
config, and "disabled" by removing them from the query pack.

10
docs/supported-queries.md
View File

@@ -34,12 +34,8 @@ The process must begin with the first step and must conclude with the final step
Test the query on a number of large real-world projects to make sure it doesn't give too many false positive results. Adjust the `@precision` and `@problem.severity` attributes in accordance with the real-world results you observe. See the advice on query metadata below.
You can use the LGTM.com [query console](https://lgtm.com/query) to get an overview of true and false positive results on a large number of projects. The simplest way to do this is to:
1. [Create a list of prominent projects](https://lgtm.com/help/lgtm/managing-project-lists) on LGTM.
2. In the query console, [run your query against your custom project list](https://lgtm.com/help/lgtm/using-query-console).
3. Save links to your query console results and include them in discussions on issues and pull requests.
GitHub is running a private beta test of a new feature for testing CodeQL queries at scale from VS Code. To request access to the beta program, please respond to this [GitHub Discussion](https://github.com/orgs/community/discussions/40453).
5. **Test and improve performance**
There must be a balance between the execution time of a query and the value of its results: queries that are highly valuable and broadly applicable can be allowed to take longer to run. In all cases, you need to address any easy-to-fix performance issues before the query is put into production.
@@ -62,8 +58,6 @@ The process must begin with the first step and must conclude with the final step
- The severity is one of `error`, `warning`, or `recommendation`.
- The precision is one of `very-high`, `high`, `medium` or `low`. It may take a few iterations to get this right.
- Currently, LGTM runs all `error` or `warning` queries with a `very-high`, `high`, or `medium` precision. In addition, `recommendation` queries with `very-high` or `high` precision are run.
- However, results from `error` and `warning` queries with `medium` precision, as well as `recommendation` queries with `high` precision, are not shown by default.
c. All queries need an `@id`.

2
go/CONTRIBUTING.md
View File

@@ -44,7 +44,7 @@ Follow the steps below to help other users understand what your query does, and
4. **Make sure the `select` statement is compatible with the query type**
The `select` statement of your query must be compatible with the query type (determined by the `@kind` metadata property) for alert or path results to be displayed correctly in LGTM and Visual Studio Code.
The `select` statement of your query must be compatible with the query type (determined by the `@kind` metadata property) for alert or path results to be displayed correctly in query results.
For more information on `select` statement format, see [About CodeQL queries](https://codeql.github.com/docs/writing-codeql-queries/about-codeql-queries/#select-clause) on codeql.github.com.
5. **Write a query help file**

18
go/README.md
View File

@@ -1,8 +1,7 @@
# Go analysis support for CodeQL
This open-source repository contains the extractor, CodeQL libraries, and queries that power Go
support in [LGTM](https://lgtm.com) and the other CodeQL products that [GitHub](https://github.com)
makes available to its customers worldwide.
This sub-folder contains the extractor, CodeQL libraries, and queries that power Go
support for CodeQL.
It contains two major components:
- an extractor, itself written in Go, that parses Go source code and converts it into a database
@@ -10,11 +9,6 @@ It contains two major components:
- static analysis libraries and queries written in [CodeQL](https://codeql.github.com/docs/) that can be
used to analyze such a database to find coding mistakes or security vulnerabilities.
The goal of this project is to provide comprehensive static analysis support for Go in CodeQL.
For the queries and libraries that power CodeQL support for other languages, visit [the CodeQL
repository](https://github.com/github/codeql).
## Installation
Clone this repository.
@@ -30,15 +24,9 @@ Code workspace.
To analyze a Go codebase, either use the [CodeQL command-line
interface](https://codeql.github.com/docs/codeql-cli/) to create a database yourself, or
download a pre-built database from [LGTM.com](https://lgtm.com/). You can then run any of the
download a pre-built database from [GitHub.com](https://codeql.github.com/docs/codeql-cli/creating-codeql-databases/#downloading-databases-from-github-com). You can then run any of the
queries contained in this repository either on the command line or using the VS Code extension.
Note that the [lgtm.com](https://github.com/github/codeql/tree/lgtm.com) branch of this
repository corresponds to the version of the queries that is currently deployed on LGTM.com.
The [main](https://github.com/github/codeql/tree/main) branch may contain changes that
have not been deployed yet, so you may need to upgrade databases downloaded from LGTM.com before
running queries on them.
## Contributions
Contributions are welcome! Please see our [contribution guidelines](CONTRIBUTING.md) and our

4
go/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 0.3.6
No user-facing changes.
## 0.3.5
No user-facing changes.

3
go/ql/lib/change-notes/released/0.3.6.md Normal file
View File

@@ -0,0 +1,3 @@
## 0.3.6
No user-facing changes.

2
go/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.3.5
lastReleaseVersion: 0.3.6

2
go/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/go-all
version: 0.3.6-dev
version: 0.4.0-dev
groups: go
dbscheme: go.dbscheme
extractor: go

6
go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll
View File

@@ -260,6 +260,12 @@ module Public {
* Holds if the neutral is auto generated.
*/
predicate isAutoGenerated() { neutralElement(this, true) }
/**
* Holds if the neutral has the given provenance where `true` is
* `generated` and `false` is `manual`.
*/
predicate hasProvenance(boolean generated) { neutralElement(this, generated) }
}
}

7
go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImplSpecific.qll
View File

@@ -46,16 +46,17 @@ DataFlowType getReturnType(SummarizedCallable c, ReturnKind rk) { any() }
* Gets the type of the `i`th parameter in a synthesized call that targets a
* callback of type `t`.
*/
DataFlowType getCallbackParameterType(DataFlowType t, int i) { none() }
bindingset[t, pos]
DataFlowType getCallbackParameterType(DataFlowType t, ArgumentPosition pos) { any() }
/**
* Gets the return type of kind `rk` in a synthesized call that targets a
* callback of type `t`.
*/
DataFlowType getCallbackReturnType(DataFlowType t, ReturnKind rk) { none() }
DataFlowType getCallbackReturnType(DataFlowType t, ReturnKind rk) { any() }
/** Gets the type of synthetic global `sg`. */
DataFlowType getSyntheticGlobalType(SummaryComponent::SyntheticGlobal sg) { none() }
DataFlowType getSyntheticGlobalType(SummaryComponent::SyntheticGlobal sg) { any() }
/**
* Holds if an external flow summary exists for `c` with input specification

71
go/ql/src/AlertSuppression.ql
View File

@@ -5,73 +5,14 @@
* @id go/alert-suppression
*/
import go
private import codeql.util.suppression.AlertSuppression as AS
private import semmle.go.Comments as G
/**
* An alert suppression comment.
*/
class SuppressionComment extends Locatable {
string text;
string annotation;
SuppressionComment() {
text = this.(Comment).getText() and
class SingleLineComment extends G::Comment {
SingleLineComment() {
// suppression comments must be single-line
not text.matches("%\n%") and
(
// match `lgtm[...]` anywhere in the comment
annotation = text.regexpFind("(?i)\\blgtm\\s*\\[[^\\]]*\\]", _, _)
or
// match `lgtm` at the start of the comment and after semicolon
annotation = text.regexpFind("(?i)(?<=^|;)\\s*lgtm(?!\\B|\\s*\\[)", _, _).trim()
)
not this.getText().matches("%\n%")
}
/** Gets the text of this suppression comment, not including delimiters. */
string getText() { result = text }
/** Gets the suppression annotation in this comment. */
string getAnnotation() { result = annotation }
/**
* Holds if this comment applies to the range from column `startcolumn` of line `startline`
* to column `endcolumn` of line `endline` in file `filepath`.
*/
predicate covers(string filepath, int startline, int startcolumn, int endline, int endcolumn) {
this.getLocation().hasLocationInfo(filepath, startline, _, endline, endcolumn) and
startcolumn = 1
}
/** Gets the scope of this suppression. */
SuppressionScope getScope() { this = result.getSuppressionComment() }
}
/**
* The scope of an alert suppression comment.
*/
class SuppressionScope extends @locatable instanceof SuppressionComment {
/** Gets a suppression comment with this scope. */
SuppressionComment getSuppressionComment() { result = this }
/**
* Holds if this element is at the specified location.
* The location spans column `startcolumn` of line `startline` to
* column `endcolumn` of line `endline` in file `filepath`.
* For more information, see
* [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/).
*/
predicate hasLocationInfo(
string filepath, int startline, int startcolumn, int endline, int endcolumn
) {
super.covers(filepath, startline, startcolumn, endline, endcolumn)
}
/** Gets a textual representation of this element. */
string toString() { result = "suppression range" }
}
from SuppressionComment c
select c, // suppression comment
c.getText(), // text of suppression comment (excluding delimiters)
c.getAnnotation(), // text of suppression annotation
c.getScope() // scope of suppression
import AS::Make<G::Locatable, SingleLineComment>

4
go/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 0.3.6
No user-facing changes.
## 0.3.5
No user-facing changes.

4
go/ql/src/change-notes/2022-12-19-alert-suppressions.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* The `AlertSuppression.ql` query has been updated to support the new `// codeql[query-id]` supression comments. These comments can be used to suppress an alert and must be placed on a blank line before the alert. In addition the legacy `// lgtm` and `// lgtm[query-id]` comments can now also be place on the line before an alert.

3
go/ql/src/change-notes/released/0.3.6.md Normal file
View File

@@ -0,0 +1,3 @@
## 0.3.6
No user-facing changes.

2
go/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.3.5
lastReleaseVersion: 0.3.6

3
go/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/go-queries
version: 0.3.6-dev
version: 0.4.0-dev
groups:
- go
- queries
@@ -9,3 +9,4 @@ defaultSuiteFile: codeql-suites/go-code-scanning.qls
dependencies:
codeql/go-all: ${workspace}
codeql/suite-helpers: ${workspace}
codeql/util: ${workspace}

Some files were not shown because too many files have changed in this diff Show More