hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-30 12:18:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into codeql-spark-run-22317536589

Browse Source
This commit is contained in:
Jon Janego
2026-02-23 11:52:17 -06:00
committed by GitHub
parent 365bae1f9c ada9c452f0
commit e14b4f1c5c
291 changed files with 11965 additions and 7775 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.bazelrc
View File

@@ -11,6 +11,8 @@ build --compilation_mode opt
common --override_module=semmle_code=%workspace%/misc/bazel/semmle_code_stub
build --repo_env=CC=clang --repo_env=CXX=clang++
# Disable Android SDK auto-detection (we don't use it, and rules_android has Bazel 9 compatibility issues)
build --repo_env=ANDROID_HOME=
# print test output, like sembuild does.
# Set to `errors` if this is too verbose.
@@ -34,7 +36,7 @@ common --@rules_dotnet//dotnet/settings:strict_deps=false
common --@rules_rust//rust/toolchain/channel=nightly
# Reduce this eventually to empty, once we've fixed all our usages of java, and https://github.com/bazel-contrib/rules_go/issues/4193 is fixed
common --incompatible_autoload_externally="+@rules_java,+@rules_shell"
common --incompatible_autoload_externally="+@rules_cc,+@rules_java,+@rules_shell"
build --java_language_version=17
build --tool_java_language_version=17

2
.bazelversion
View File

@@ -1 +1 @@
8.4.2
9.0.0

63
MODULE.bazel
View File

@@ -15,20 +15,22 @@ local_path_override(
# see https://registry.bazel.build/ for a list of available packages
bazel_dep(name = "platforms", version = "1.0.0")
bazel_dep(name = "rules_go", version = "0.56.1")
bazel_dep(name = "rules_cc", version = "0.2.16")
bazel_dep(name = "rules_go", version = "0.59.0")
bazel_dep(name = "rules_java", version = "9.0.3")
bazel_dep(name = "rules_pkg", version = "1.0.1")
bazel_dep(name = "rules_nodejs", version = "6.2.0-codeql.1")
bazel_dep(name = "rules_nodejs", version = "6.7.3")
bazel_dep(name = "rules_python", version = "0.40.0")
bazel_dep(name = "rules_shell", version = "0.5.0")
bazel_dep(name = "bazel_skylib", version = "1.8.1")
bazel_dep(name = "abseil-cpp", version = "20240116.1", repo_name = "absl")
bazel_dep(name = "nlohmann_json", version = "3.11.3", repo_name = "json")
bazel_dep(name = "fmt", version = "12.1.0-codeql.1")
bazel_dep(name = "rules_kotlin", version = "2.2.0-codeql.1")
bazel_dep(name = "gazelle", version = "0.40.0")
bazel_dep(name = "rules_kotlin", version = "2.2.2-codeql.1")
bazel_dep(name = "gazelle", version = "0.47.0")
bazel_dep(name = "rules_dotnet", version = "0.21.5-codeql.1")
bazel_dep(name = "googletest", version = "1.14.0.bcr.1")
bazel_dep(name = "rules_rust", version = "0.66.0")
bazel_dep(name = "rules_rust", version = "0.68.1.codeql.1")
bazel_dep(name = "zstd", version = "1.5.5.bcr.1")
bazel_dep(name = "buildifier_prebuilt", version = "6.4.0", dev_dependency = True)
@@ -41,7 +43,7 @@ RUST_EDITION = "2024"
# a nightly toolchain is required to enable experimental_use_cc_common_link, which we require internally
# we prefer to run the same version as internally, even if experimental_use_cc_common_link is not really
# required in this repo
RUST_VERSION = "nightly/2025-08-01"
RUST_VERSION = "nightly/2026-01-22"
rust = use_extension("@rules_rust//rust:extensions.bzl", "rust")
rust.toolchain(
@@ -53,26 +55,26 @@ rust.toolchain(
],
# generated by buildutils-internal/scripts/fill-rust-sha256s.py (internal repo)
sha256s = {
"2025-08-01/rustc-nightly-x86_64-unknown-linux-gnu.tar.xz": "9bbeaf5d3fc7247d31463a9083aa251c995cc50662c8219e7a2254d76a72a9a4",
"2025-08-01/rustc-nightly-x86_64-apple-darwin.tar.xz": "c9ea539a8eff0d5d162701f99f9e1aabe14dd0dfb420d62362817a5d09219de7",
"2025-08-01/rustc-nightly-aarch64-apple-darwin.tar.xz": "ae83feebbc39cfd982e4ecc8297731fe79c185173aee138467b334c5404b3773",
"2025-08-01/rustc-nightly-x86_64-pc-windows-msvc.tar.xz": "9f170c30d802a349be60cf52ec46260802093cb1013ad667fc0d528b7b10152f",
"2025-08-01/clippy-nightly-x86_64-unknown-linux-gnu.tar.xz": "9ae5f3cd8f557c4f6df522597c69d14398cf604cfaed2b83e767c4b77a7eaaf6",
"2025-08-01/clippy-nightly-x86_64-apple-darwin.tar.xz": "983cb9ee0b6b968188e04ab2d33743d54764b2681ce565e1b3f2b9135c696a3e",
"2025-08-01/clippy-nightly-aarch64-apple-darwin.tar.xz": "ed2219dbc49d088225e1b7c5c4390fa295066e071fddaa2714018f6bb39ddbf0",
"2025-08-01/clippy-nightly-x86_64-pc-windows-msvc.tar.xz": "911f40ab5cbdd686f40e00965271fe47c4805513a308ed01f30eafb25b448a50",
"2025-08-01/cargo-nightly-x86_64-unknown-linux-gnu.tar.xz": "106463c284e48e4904c717471eeec2be5cc83a9d2cae8d6e948b52438cad2e69",
"2025-08-01/cargo-nightly-x86_64-apple-darwin.tar.xz": "6ad35c40efc41a8c531ea43235058347b6902d98a9693bf0aed7fc16d5590cef",
"2025-08-01/cargo-nightly-aarch64-apple-darwin.tar.xz": "dd28c365e9d298abc3154c797720ad36a0058f131265c9978b4c8e4e37012c8a",
"2025-08-01/cargo-nightly-x86_64-pc-windows-msvc.tar.xz": "7b431286e12d6b3834b038f078389a00cac73f351e8c3152b2504a3c06420b3b",
"2025-08-01/llvm-tools-nightly-x86_64-unknown-linux-gnu.tar.xz": "e342e305d7927cc288d386983b2bc253cfad3776b113386e903d0b302648ef47",
"2025-08-01/llvm-tools-nightly-x86_64-apple-darwin.tar.xz": "e44dd3506524d85c37b3a54bcc91d01378fd2c590b2db5c5974d12f05c1b84d1",
"2025-08-01/llvm-tools-nightly-aarch64-apple-darwin.tar.xz": "0c1b5f46dd81be4a9227b10283a0fcaa39c14fea7e81aea6fd6d9887ff6cdc41",
"2025-08-01/llvm-tools-nightly-x86_64-pc-windows-msvc.tar.xz": "423e5fd11406adccbc31b8456ceb7375ce055cdf45e90d2c3babeb2d7f58383f",
"2025-08-01/rust-std-nightly-x86_64-unknown-linux-gnu.tar.xz": "3c0ceb46a252647a1d4c7116d9ccae684fa5e42aaf3296419febd2c962c3b41d",
"2025-08-01/rust-std-nightly-x86_64-apple-darwin.tar.xz": "3be416003cab10f767390a753d1d16ae4d26c7421c03c98992cf1943e5b0efe8",
"2025-08-01/rust-std-nightly-aarch64-apple-darwin.tar.xz": "4046ac0ef951cb056b5028a399124f60999fa37792eab69d008d8d7965f389b4",
"2025-08-01/rust-std-nightly-x86_64-pc-windows-msvc.tar.xz": "191ed9d8603c3a4fe5a7bbbc2feb72049078dae2df3d3b7d5dedf3abbf823e6e",
"2026-01-22/rustc-nightly-x86_64-unknown-linux-gnu.tar.xz": "88db619323cc1321630d124efa51ed02fabc5e020f08cfa0eda2c0ac1afbe69a",
"2026-01-22/rustc-nightly-x86_64-apple-darwin.tar.xz": "08484da3fa38db56f93629aeabdc0ae9ff8ed9704c0792d35259cbc849b3f54c",
"2026-01-22/rustc-nightly-aarch64-apple-darwin.tar.xz": "a39c0b21b7058e364ea1bd43144e42e4bf1efade036b2e82455f2afce194ee81",
"2026-01-22/rustc-nightly-x86_64-pc-windows-msvc.tar.xz": "d00248ee9850dbb6932b2578e32ff74fc7c429854c1aa071066ca31b65385a3b",
"2026-01-22/clippy-nightly-x86_64-unknown-linux-gnu.tar.xz": "70656a0ce994ffff16d5a35a7b170a0acd41e9bb54a589c96ed45bf97b094a4d",
"2026-01-22/clippy-nightly-x86_64-apple-darwin.tar.xz": "fe242519fa961522734733009705aec3c2d9a20cc57291f2aa614e5e6262c88f",
"2026-01-22/clippy-nightly-aarch64-apple-darwin.tar.xz": "38bb226363ec97c9722edf966cd58774a683e19fd2ff2a6030094445d51e06f9",
"2026-01-22/clippy-nightly-x86_64-pc-windows-msvc.tar.xz": "6da9b4470beea67abfebf046f141eee0d2a8db7c7a9e4e2294478734fd477228",
"2026-01-22/cargo-nightly-x86_64-unknown-linux-gnu.tar.xz": "99004e9d10c43a01499642f53bb3184d41137a95d65bfb217098840a9e79e892",
"2026-01-22/cargo-nightly-x86_64-apple-darwin.tar.xz": "6e021394cf8d8400ac6cfdfcef24e4d74f988e91eb8028b36de3a64ce3502990",
"2026-01-22/cargo-nightly-aarch64-apple-darwin.tar.xz": "4b2494cb69ab64132cddbc411a38ea9f1105e54d6f986e43168d54f79510c673",
"2026-01-22/cargo-nightly-x86_64-pc-windows-msvc.tar.xz": "c36613cf57407212d10d37b76e49a60ff42336e953cdff9e177283f530a83fc1",
"2026-01-22/llvm-tools-nightly-x86_64-unknown-linux-gnu.tar.xz": "0b123c5027dbd833aae6845ffe9bd07d309bf798746a7176aadaea68fbcbd05d",
"2026-01-22/llvm-tools-nightly-x86_64-apple-darwin.tar.xz": "a47864491ad5619158c950ab7570fb6e487d5117338585c27334d45824b406d8",
"2026-01-22/llvm-tools-nightly-aarch64-apple-darwin.tar.xz": "db9bc826d6e2e7e914505d50157682e516ceb90357e83d77abddc32c2d962f41",
"2026-01-22/llvm-tools-nightly-x86_64-pc-windows-msvc.tar.xz": "ffaa406932b2fe62e01dad61cf4ed34860a5d2a6f9306ca340d79e630d930039",
"2026-01-22/rust-std-nightly-x86_64-unknown-linux-gnu.tar.xz": "e9c0d5e06e18a4b509391b3088f29293e310cdc8ccc865be8fa3f09733326925",
"2026-01-22/rust-std-nightly-x86_64-apple-darwin.tar.xz": "25d75995cee679a4828ca9fe48c5a31a67c3b0846018440ef912e5a6208f53f6",
"2026-01-22/rust-std-nightly-aarch64-apple-darwin.tar.xz": "e4132bf3f2eed4684c86756a02315bcf481c23e675e3e25630fc604c9cb4594c",
"2026-01-22/rust-std-nightly-x86_64-pc-windows-msvc.tar.xz": "961bb535ef95ae8a5fa4e224cb94aff190f155c45a9bcf7a53e184b024aa41b1",
},
versions = [RUST_VERSION],
)
@@ -188,6 +190,15 @@ pip.parse(
)
use_repo(pip, "codegen_deps")
python = use_extension("@rules_python//python/extensions:python.bzl", "python")
python.toolchain(
is_default = True,
python_version = "3.12",
)
use_repo(python, "python_3_12", "python_versions")
register_toolchains("@python_versions//3.12:all")
swift_deps = use_extension("//swift/third_party:load.bzl", "swift_deps")
# following list can be kept in sync with `bazel mod tidy`

2
actions/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/actions-all
version: 0.4.28
version: 0.4.29-dev
library: true
warnOnImplicitThis: true
dependencies:

2
actions/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/actions-queries
version: 0.6.20
version: 0.6.21-dev
library: false
warnOnImplicitThis: true
groups: [actions, queries]

4
cpp/ql/lib/change-notes/2026-02-06-UncheckedLeapYearAfterModification_Refactor.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Refactored the "Year field changed using an arithmetic operation without checking for leap year" query (`cpp/leap-year/unchecked-after-arithmetic-year-modification`) to address large numbers of false positive results.

4
cpp/ql/lib/change-notes/2026-02-14-must-flow-fix.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: fix
---
* The `allowInterproceduralFlow` predicate of must-flow data flow configurations now correctly handles direct recursion.

4
cpp/ql/lib/change-notes/2026-02-14-must-flow.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: breaking
---
* `MustFlow`, the inter-procedural must-flow data flow analysis library, has been re-worked to use parameterized modules. Like in the case of data flow and taint tracking, instead of extending the `MustFlowConfiguration` class, the user should now implement a module with the `MustFlow::ConfigSig` signature, and instantiate the `MustFlow::Global` parameterized module with the implemented module.

2
cpp/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/cpp-all
version: 7.1.1
version: 7.1.2-dev
groups: cpp
dbscheme: semmlecode.cpp.dbscheme
extractor: cpp

25
cpp/ql/lib/semmle/code/cpp/commons/DateTime.qll
View File

@@ -14,7 +14,9 @@ class PackedTimeType extends Type {
}
}
private predicate timeType(string typeName) { typeName = ["_SYSTEMTIME", "SYSTEMTIME", "tm"] }
private predicate timeType(string typeName) {
typeName = ["_SYSTEMTIME", "SYSTEMTIME", "tm", "TIME_FIELDS", "_TIME_FIELDS", "PTIME_FIELDS"]
}
/**
* A type that is used to represent times and dates in an 'unpacked' form, that is,
@@ -95,3 +97,24 @@ class StructTmMonthFieldAccess extends MonthFieldAccess {
class StructTmYearFieldAccess extends YearFieldAccess {
StructTmYearFieldAccess() { this.getTarget().getName() = "tm_year" }
}
/**
* A `DayFieldAccess` for the `TIME_FIELDS` struct.
*/
class TimeFieldsDayFieldAccess extends DayFieldAccess {
TimeFieldsDayFieldAccess() { this.getTarget().getName() = "Day" }
}
/**
* A `MonthFieldAccess` for the `TIME_FIELDS` struct.
*/
class TimeFieldsMonthFieldAccess extends MonthFieldAccess {
TimeFieldsMonthFieldAccess() { this.getTarget().getName() = "Month" }
}
/**
* A `YearFieldAccess` for the `TIME_FIELDS` struct.
*/
class TimeFieldsYearFieldAccess extends YearFieldAccess {
TimeFieldsYearFieldAccess() { this.getTarget().getName() = "Year" }
}

32
cpp/ql/lib/semmle/code/cpp/internal/Overlay.qll
View File

@@ -34,6 +34,38 @@ private string getSingleLocationFilePath(@element e) {
macroinvocations(e, _, loc, _)
or
preprocdirects(e, _, loc)
or
diagnostics(e, _, _, _, _, loc)
or
usings(e, _, loc, _)
or
static_asserts(e, _, _, loc, _)
or
derivations(e, _, _, _, loc)
or
frienddecls(e, _, _, loc)
or
comments(e, _, loc)
or
exprs(e, _, loc)
or
stmts(e, _, loc)
or
initialisers(e, _, _, loc)
or
attributes(e, _, _, _, loc)
or
attribute_args(e, _, _, _, loc)
or
namequalifiers(e, _, _, loc)
or
enumconstants(e, _, _, _, _, loc)
or
type_mentions(e, _, loc, _)
or
lambda_capture(e, _, _, _, _, _, loc)
or
concept_templates(e, _, loc)
|
result = getLocationFilePath(loc)
)

301
cpp/ql/lib/semmle/code/cpp/ir/dataflow/MustFlow.qll
View File

@@ -8,81 +8,143 @@ private import cpp
private import semmle.code.cpp.ir.IR
/**
* A configuration of a data flow analysis that performs must-flow analysis. This is different
* from `DataFlow.qll` which performs may-flow analysis (i.e., it finds paths where the source _may_
* flow to the sink).
*
* Like in `DataFlow.qll`, each use of the `MustFlow.qll` library must define its own unique extension
* of this abstract class. To create a configuration, extend this class with a subclass whose
* characteristic predicate is a unique singleton string and override `isSource`, `isSink` (and
* `isAdditionalFlowStep` if additional steps are required).
* Provides an inter-procedural must-flow data flow analysis.
*/
abstract class MustFlowConfiguration extends string {
bindingset[this]
MustFlowConfiguration() { any() }
module MustFlow {
/**
* Holds if `source` is a relevant data flow source.
* An input configuration of a data flow analysis that performs must-flow analysis. This is different
* from `DataFlow.qll` which performs may-flow analysis (i.e., it finds paths where the source _may_
* flow to the sink).
*/
abstract predicate isSource(Instruction source);
signature module ConfigSig {
/**
* Holds if `source` is a relevant data flow source.
*/
predicate isSource(Instruction source);
/**
* Holds if `sink` is a relevant data flow sink.
*/
abstract predicate isSink(Operand sink);
/**
* Holds if `sink` is a relevant data flow sink.
*/
predicate isSink(Operand sink);
/**
* Holds if data flow through `instr` is prohibited.
*/
predicate isBarrier(Instruction instr) { none() }
/**
* Holds if data flow through `instr` is prohibited.
*/
default predicate isBarrier(Instruction instr) { none() }
/**
* Holds if the additional flow step from `node1` to `node2` must be taken
* into account in the analysis.
*/
predicate isAdditionalFlowStep(Operand node1, Instruction node2) { none() }
/**
* Holds if the additional flow step from `node1` to `node2` must be taken
* into account in the analysis.
*/
default predicate isAdditionalFlowStep(Operand node1, Instruction node2) { none() }
/** Holds if this configuration allows flow from arguments to parameters. */
predicate allowInterproceduralFlow() { any() }
/**
* Holds if data must flow from `source` to `sink` for this configuration.
*
* The corresponding paths are generated from the end-points and the graph
* included in the module `PathGraph`.
*/
final predicate hasFlowPath(MustFlowPathNode source, MustFlowPathSink sink) {
this.isSource(source.getInstruction()) and
source.getASuccessor*() = sink
/** Holds if this configuration allows flow from arguments to parameters. */
default predicate allowInterproceduralFlow() { any() }
}
}
/** Holds if `node` flows from a source. */
pragma[nomagic]
private predicate flowsFromSource(Instruction node, MustFlowConfiguration config) {
not config.isBarrier(node) and
(
config.isSource(node)
or
exists(Instruction mid |
step(mid, node, config) and
flowsFromSource(mid, pragma[only_bind_into](config))
)
)
}
/**
* Constructs a global must-flow computation.
*/
module Global<ConfigSig Config> {
import Config
/** Holds if `node` flows to a sink. */
pragma[nomagic]
private predicate flowsToSink(Instruction node, MustFlowConfiguration config) {
flowsFromSource(node, pragma[only_bind_into](config)) and
(
config.isSink(node.getAUse())
or
exists(Instruction mid |
step(node, mid, config) and
flowsToSink(mid, pragma[only_bind_into](config))
)
)
/**
* Holds if data must flow from `source` to `sink`.
*
* The corresponding paths are generated from the end-points and the graph
* included in the module `PathGraph`.
*/
predicate flowPath(PathNode source, PathSink sink) {
isSource(source.getInstruction()) and
source.getASuccessor*() = sink
}
/** Holds if `node` flows from a source. */
pragma[nomagic]
private predicate flowsFromSource(Instruction node) {
not isBarrier(node) and
(
isSource(node)
or
exists(Instruction mid |
step(mid, node) and
flowsFromSource(mid)
)
)
}
/** Holds if `node` flows to a sink. */
pragma[nomagic]
private predicate flowsToSink(Instruction node) {
flowsFromSource(node) and
(
isSink(node.getAUse())
or
exists(Instruction mid |
step(node, mid) and
flowsToSink(mid)
)
)
}
/** Holds if `nodeFrom` flows to `nodeTo`. */
private predicate step(Instruction nodeFrom, Instruction nodeTo) {
Cached::localStep(nodeFrom, nodeTo)
or
allowInterproceduralFlow() and
Cached::flowThroughCallable(nodeFrom, nodeTo)
or
isAdditionalFlowStep(nodeFrom.getAUse(), nodeTo)
}
private newtype TLocalPathNode =
MkLocalPathNode(Instruction n) {
flowsToSink(n) and
(
isSource(n)
or
exists(PathNode mid | step(mid.getInstruction(), n))
)
}
/** A `Node` that is in a path from a source to a sink. */
class PathNode extends TLocalPathNode {
Instruction n;
PathNode() { this = MkLocalPathNode(n) }
/** Gets the underlying node. */
Instruction getInstruction() { result = n }
/** Gets a textual representation of this node. */
string toString() { result = n.getAst().toString() }
/** Gets the location of this element. */
Location getLocation() { result = n.getLocation() }
/** Gets a successor node, if any. */
PathNode getASuccessor() { step(this.getInstruction(), result.getInstruction()) }
}
private class PathSink extends PathNode {
PathSink() { isSink(this.getInstruction().getAUse()) }
}
/**
* Provides the query predicates needed to include a graph in a path-problem query.
*/
module PathGraph {
private predicate reach(PathNode n) { n instanceof PathSink or reach(n.getASuccessor()) }
/** Holds if `(a,b)` is an edge in the graph of data flow path explanations. */
query predicate edges(PathNode a, PathNode b) { a.getASuccessor() = b and reach(b) }
/** Holds if `n` is a node in the graph of data flow path explanations. */
query predicate nodes(PathNode n, string key, string val) {
reach(n) and key = "semmle.label" and val = n.toString()
}
}
}
}
cached
@@ -102,7 +164,7 @@ private module Cached {
not f.isVirtual() and
call.getPositionalArgument(n) = instr and
f = call.getStaticCallTarget() and
getEnclosingNonVirtualFunctionInitializeParameter(init, f) and
isEnclosingNonVirtualFunctionInitializeParameter(init, f) and
init.getParameter().getIndex() = pragma[only_bind_into](pragma[only_bind_out](n))
}
@@ -111,7 +173,7 @@ private module Cached {
* corresponding initialization instruction that receives the value of `instr` in `f`.
*/
pragma[noinline]
private predicate getPositionalArgumentInitParam(
private predicate isPositionalArgumentInitParam(
CallInstruction call, Instruction instr, InitializeParameterInstruction init, Function f
) {
exists(int n |
@@ -126,18 +188,18 @@ private module Cached {
* `instr` in `f`.
*/
pragma[noinline]
private predicate getThisArgumentInitParam(
private predicate isThisArgumentInitParam(
CallInstruction call, Instruction instr, InitializeParameterInstruction init, Function f
) {
not f.isVirtual() and
call.getStaticCallTarget() = f and
getEnclosingNonVirtualFunctionInitializeParameter(init, f) and
isEnclosingNonVirtualFunctionInitializeParameter(init, f) and
call.getThisArgument() = instr and
init.getIRVariable() instanceof IRThisVariable
}
/** Holds if `f` is the enclosing non-virtual function of `init`. */
private predicate getEnclosingNonVirtualFunctionInitializeParameter(
private predicate isEnclosingNonVirtualFunctionInitializeParameter(
InitializeParameterInstruction init, Function f
) {
not f.isVirtual() and
@@ -145,7 +207,7 @@ private module Cached {
}
/** Holds if `f` is the enclosing non-virtual function of `init`. */
private predicate getEnclosingNonVirtualFunctionInitializeIndirection(
private predicate isEnclosingNonVirtualFunctionInitializeIndirection(
InitializeIndirectionInstruction init, Function f
) {
not f.isVirtual() and
@@ -153,15 +215,16 @@ private module Cached {
}
/**
* Holds if `instr` is an argument (or argument indirection) to a call, and
* `succ` is the corresponding initialization instruction in the call target.
* Holds if `argument` is an argument (or argument indirection) to a call, and
* `parameter` is the corresponding initialization instruction in the call target.
*/
private predicate flowThroughCallable(Instruction argument, Instruction parameter) {
cached
predicate flowThroughCallable(Instruction argument, Instruction parameter) {
// Flow from an argument to a parameter
exists(CallInstruction call, InitializeParameterInstruction init | init = parameter |
getPositionalArgumentInitParam(call, argument, init, call.getStaticCallTarget())
isPositionalArgumentInitParam(call, argument, init, call.getStaticCallTarget())
or
getThisArgumentInitParam(call, argument, init, call.getStaticCallTarget())
isThisArgumentInitParam(call, argument, init, call.getStaticCallTarget())
)
or
// Flow from argument indirection to parameter indirection
@@ -170,7 +233,7 @@ private module Cached {
|
init = parameter and
read.getPrimaryInstruction() = call and
getEnclosingNonVirtualFunctionInitializeIndirection(init, call.getStaticCallTarget())
isEnclosingNonVirtualFunctionInitializeIndirection(init, call.getStaticCallTarget())
|
exists(int n |
read.getSideEffectOperand().getAnyDef() = argument and
@@ -205,92 +268,10 @@ private module Cached {
}
cached
predicate step(Instruction nodeFrom, Instruction nodeTo) {
predicate localStep(Instruction nodeFrom, Instruction nodeTo) {
exists(Operand mid |
instructionToOperandStep(nodeFrom, mid) and
operandToInstructionStep(mid, nodeTo)
)
or
flowThroughCallable(nodeFrom, nodeTo)
}
}
/**
* Gets the enclosing callable of `n`. Unlike `n.getEnclosingCallable()`, this
* predicate ensures that joins go from `n` to the result instead of the other
* way around.
*/
pragma[inline]
private IRFunction getEnclosingCallable(Instruction n) {
pragma[only_bind_into](result) = pragma[only_bind_out](n).getEnclosingIRFunction()
}
/** Holds if `nodeFrom` flows to `nodeTo`. */
private predicate step(Instruction nodeFrom, Instruction nodeTo, MustFlowConfiguration config) {
exists(config) and
Cached::step(pragma[only_bind_into](nodeFrom), pragma[only_bind_into](nodeTo)) and
(
config.allowInterproceduralFlow()
or
getEnclosingCallable(nodeFrom) = getEnclosingCallable(nodeTo)
)
or
config.isAdditionalFlowStep(nodeFrom.getAUse(), nodeTo)
}
private newtype TLocalPathNode =
MkLocalPathNode(Instruction n, MustFlowConfiguration config) {
flowsToSink(n, config) and
(
config.isSource(n)
or
exists(MustFlowPathNode mid | step(mid.getInstruction(), n, config))
)
}
/** A `Node` that is in a path from a source to a sink. */
class MustFlowPathNode extends TLocalPathNode {
Instruction n;
MustFlowPathNode() { this = MkLocalPathNode(n, _) }
/** Gets the underlying node. */
Instruction getInstruction() { result = n }
/** Gets a textual representation of this node. */
string toString() { result = n.getAst().toString() }
/** Gets the location of this element. */
Location getLocation() { result = n.getLocation() }
/** Gets a successor node, if any. */
MustFlowPathNode getASuccessor() {
step(this.getInstruction(), result.getInstruction(), this.getConfiguration())
}
/** Gets the associated configuration. */
MustFlowConfiguration getConfiguration() { this = MkLocalPathNode(_, result) }
}
private class MustFlowPathSink extends MustFlowPathNode {
MustFlowPathSink() { this.getConfiguration().isSink(this.getInstruction().getAUse()) }
}
/**
* Provides the query predicates needed to include a graph in a path-problem query.
*/
module PathGraph {
private predicate reach(MustFlowPathNode n) {
n instanceof MustFlowPathSink or reach(n.getASuccessor())
}
/** Holds if `(a,b)` is an edge in the graph of data flow path explanations. */
query predicate edges(MustFlowPathNode a, MustFlowPathNode b) {
a.getASuccessor() = b and reach(b)
}
/** Holds if `n` is a node in the graph of data flow path explanations. */
query predicate nodes(MustFlowPathNode n, string key, string val) {
reach(n) and key = "semmle.label" and val = n.toString()
}
}

77
cpp/ql/lib/semmle/code/cpp/rangeanalysis/SimpleRangeAnalysis.qll
View File

@@ -552,34 +552,47 @@ private module BoundsEstimate {
private float nrOfBoundsPhiGuard(RangeSsaDefinition def, StackVariable v) {
// If we have
//
// if (x < c) { e1 } else { e2 }
// e3
//
// then `{ e1 }` and `{ e2 }` are both guard phi nodes guarded by `x < c`.
// The range analysis propagates bounds on `x` into both branches, filtered
// by the condition. In this case all lower bounds flow to `{ e1 }` and only
// lower bounds that are smaller than `c` flow to `{ e2 }`.
//
// The largest number of bounds possible for `e3` is the number of bounds on `x` plus
// one. This happens when all bounds flow from `x` to `e1` to `e3` and the
// bound `c` can flow to `e2` to `e3`.
//
// We want to optimize our bounds estimate for `e3`, as that is the estimate
// that can continue propagating forward. We don't know how the existing
// bounds will be split between the different branches. That depends on
// whether the range analysis is tracking lower bounds or upper bounds, and
// on the meaning of the condition.
//
// As a heuristic we divide the number of bounds on `x` by 2 to "average"
// the effect of the condition and add 1 to account for the bound from the
// condition itself. This will approximate estimates inside the branches,
// but will give a good estimate after the branches are merged.
//
// This also handles cases such as this one
//
// if (x < c) { e1 }
// e2
// e3
//
// then `e2` is both a guard phi node (guarded by `x < c`) and a normal
// phi node (control is merged after the `if` statement).
//
// Assume `x` has `n` bounds. Then `n` bounds are propagated to the guard
// phi node `{ e1 }` and, since `{ e1 }` is input to `e2` as a normal phi
// node, `n` bounds are propagated to `e2`. If we also propagate the `n`
// bounds to `e2` as a guard phi node, then we square the number of
// bounds.
//
// However in practice `x < c` is going to cut down the number of bounds:
// The tracked bounds can't flow to both branches as that would require
// them to simultaneously be greater and smaller than `c`. To approximate
// this better, the contribution from a guard phi node that is also a
// normal phi node is 1.
exists(def.getAPhiInput(v)) and
isGuardPhiWithBound(def, v, _) and
result = 1
or
not exists(def.getAPhiInput(v)) and
// If there's different `access`es, then they refer to the same variable
// with the same lower bounds. Hence adding these guards make no sense (the
// implementation will take the union, but they'll be removed by
// deduplication). Hence we use `max` as an approximation.
result =
max(VariableAccess access | isGuardPhiWithBound(def, v, access) | nrOfBoundsExpr(access))
// where `e3` is both a guard phi node (guarded by `x < c`) and a normal
// phi node (control is merged after the `if` statement). Here half of the
// bounds flow into the branch and then to `e3` as a normal phi node and the
// "other" half flow from the condition to `e3` as a guard phi node.
exists(float varBounds |
// If there's different `access`es, then they refer to the same
// variable with the same lower bounds. Hence adding these guards makes no
// sense (the implementation will take the union, but they'll be removed by
// deduplication). Hence we use `max` as an approximation.
varBounds =
max(VariableAccess access | isGuardPhiWithBound(def, v, access) | nrOfBoundsExpr(access)) and
result = (varBounds + 1) / 2
)
or
def.isPhiNode(v) and
not isGuardPhiWithBound(def, v, _) and
@@ -2180,6 +2193,16 @@ module SimpleRangeAnalysisInternal {
/** Gets the estimate of the number of bounds for `e`. */
float estimateNrOfBounds(Expr e) { result = BoundsEstimate::nrOfBoundsExpr(e) }
/** Counts the numbers of lower bounds that are computed internally for `e`. */
float countNrOfLowerBounds(Expr e) {
result = strictcount(float lb | lb = getLowerBoundsImpl(e) | lb)
}
/** Counts the numbers of upper bounds that are computed internally for `e`. */
float countNrOfUpperBounds(Expr e) {
result = strictcount(float ub | ub = getUpperBoundsImpl(e) | ub)
}
}
/** Provides predicates for debugging the simple range analysis library. */
@@ -2208,7 +2231,7 @@ private module Debug {
*/
predicate countGetLowerBoundsImpl(Expr e, int n) {
e = getRelevantLocatable() and
n = strictcount(float lb | lb = getLowerBoundsImpl(e) | lb)
n = SimpleRangeAnalysisInternal::countNrOfLowerBounds(e)
}
float debugNrOfBounds(Expr e) {

34
cpp/ql/src/Likely Bugs/Leap Year/LeapYear.qll
View File

@@ -308,3 +308,37 @@ private module PossibleYearArithmeticOperationCheckConfig implements DataFlow::C
module PossibleYearArithmeticOperationCheckFlow =
TaintTracking::Global<PossibleYearArithmeticOperationCheckConfig>;
/**
* A time conversion function where either
* 1) an incorrect leap year date would result in an error that can be checked from the return value or
* 2) an incorrect leap year date is auto corrected (no checks required)
*/
class TimeConversionFunction extends Function {
boolean autoLeapYearCorrecting;
TimeConversionFunction() {
autoLeapYearCorrecting = false and
(
this.getName() =
[
"FileTimeToSystemTime", "SystemTimeToFileTime", "SystemTimeToTzSpecificLocalTime",
"SystemTimeToTzSpecificLocalTimeEx", "TzSpecificLocalTimeToSystemTime",
"TzSpecificLocalTimeToSystemTimeEx", "RtlLocalTimeToSystemTime",
"RtlTimeToSecondsSince1970", "_mkgmtime", "SetSystemTime", "VarUdateFromDate", "from_tm"
]
or
// Matches all forms of GetDateFormat, e.g. GetDateFormatA/W/Ex
this.getName().matches("GetDateFormat%")
)
or
autoLeapYearCorrecting = true and
this.getName() =
["mktime", "_mktime32", "_mktime64", "SystemTimeToVariantTime", "VariantTimeToSystemTime"]
}
/**
* Holds if the function is expected to auto convert a bad leap year date.
*/
predicate isAutoLeapYearCorrecting() { autoLeapYearCorrecting = true }
}

879
cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql
View File

@@ -1,7 +1,7 @@
/**
* @name Year field changed using an arithmetic operation without checking for leap year
* @description A field that represents a year is being modified by an arithmetic operation, but no proper check for leap years can be detected afterwards.
* @kind problem
* @kind path-problem
* @problem.severity warning
* @id cpp/leap-year/unchecked-after-arithmetic-year-modification
* @precision medium
@@ -11,49 +11,844 @@
import cpp
import LeapYear
import semmle.code.cpp.controlflow.IRGuards
from Variable var, LeapYearFieldAccess yfa
where
exists(VariableAccess va |
yfa.getQualifier() = va and
var.getAnAccess() = va and
// The year is modified with an arithmetic operation. Avoid values that are likely false positives
yfa.isModifiedByArithmeticOperationNotForNormalization() and
// Avoid false positives
not (
// If there is a local check for leap year after the modification
exists(LeapYearFieldAccess yfacheck |
yfacheck.getQualifier() = var.getAnAccess() and
yfacheck.isUsedInCorrectLeapYearCheck() and
yfacheck.getBasicBlock() = yfa.getBasicBlock().getASuccessor*()
)
/**
* Functions whose operations should never be considered a
* source or sink of a dangerous leap year operation.
* The general concept is to add conversion functions
* that convert one time type to another. Often
* other ignorable operation heuristics will filter these,
* but some cases, the simplest approach is to simply filter
* the function entirely.
* Note that flow through these functions should still be allowed
* we just cannot start or end flow from an operation to a
* year assignment in one of these functions.
*/
class IgnorableFunction extends Function {
IgnorableFunction() {
// arithmetic in known time conversion functions may look like dangerous operations
// we assume all known time conversion functions are safe.
this instanceof TimeConversionFunction
or
// Helper utility in postgres with string time conversions
this.getName() = "DecodeISO8601Interval"
or
// helper utility for date conversions in qtbase
this.getName() = "adjacentDay"
or
// Windows API function that does timezone conversions
this.getName().matches("%SystemTimeToTzSpecificLocalTime%")
or
// Windows APIs that do time conversions
this.getName().matches("%localtime%\\_s%")
or
// Windows APIs that do time conversions
this.getName().matches("%SpecificLocalTimeToSystemTime%")
or
// postgres function for diffing timestamps, date for leap year
// is not applicable.
this.getName().toLowerCase().matches("%timestamp%age%")
or
// Reading byte streams often involves operations of some base, but that's
// not a real source of leap year issues.
this.getName().toLowerCase().matches("%read%bytes%")
or
// A postgres function for local time conversions
// conversion operations (from one time structure to another) are generally ignorable
this.getName() = "localsub"
or
// Indication of a calendar not applicable to
// gregorian leap year, e.g., Hijri, Persian, Hebrew
this.getName().toLowerCase().matches("%hijri%")
or
this.getFile().getBaseName().toLowerCase().matches("%hijri%")
or
this.getName().toLowerCase().matches("%persian%")
or
this.getFile().getBaseName().toLowerCase().matches("%persian%")
or
this.getName().toLowerCase().matches("%hebrew%")
or
this.getFile().getBaseName().toLowerCase().matches("%hebrew%")
or
// misc. from string/char converters heuristic
this.getName()
.toLowerCase()
.matches(["%char%to%", "%string%to%", "%from%char%", "%from%string%"])
or
// boost's gregorian.cpp has year manipulations that are checked in complex ways.
// ignore the entire file as a source or sink.
this.getFile().getAbsolutePath().toLowerCase().matches("%boost%gregorian.cpp%")
}
}
/**
* The set of expressions which are ignorable; either because they seem to not be part of a year mutation,
* or because they seem to be a conversion pattern of mapping date scalars.
*/
abstract class IgnorableOperation extends Expr { }
class IgnorableExprRem extends IgnorableOperation instanceof RemExpr { }
/**
* An operation with 10, 100, 1000, 10000 as an operand is often a sign of conversion
* or atoi.
*/
class IgnorableExpr10MultipleComponent extends IgnorableOperation {
IgnorableExpr10MultipleComponent() {
this.(Operation).getAnOperand().getValue().toInt() in [10, 100, 1000, 10000]
or
exists(AssignOperation a | a.getRValue() = this |
a.getRValue().getValue().toInt() in [10, 100, 1000, 10000]
)
}
}
/**
* An operation involving a sub expression with char literal `48`, ignore as a likely string conversion. For example: `X - '0'`
*/
class IgnorableExpr48Mapping extends IgnorableOperation {
IgnorableExpr48Mapping() {
this.(SubExpr).getRightOperand().getValue().toInt() = 48
or
exists(AssignSubExpr e | e.getRValue() = this | e.getRValue().getValue().toInt() = 48)
}
}
/**
* A binary or arithmetic operation whereby one of the components is textual or a string.
*/
class IgnorableCharLiteralArithmetic extends IgnorableOperation {
IgnorableCharLiteralArithmetic() {
this.(BinaryArithmeticOperation).getAnOperand() instanceof TextLiteral
or
this instanceof TextLiteral and
any(AssignArithmeticOperation arith).getRValue() = this
}
}
/**
* Constants often used in date conversions (from one date data type to another)
* Numerous examples exist, like 1900 or 2000 that convert years from one
* representation to another.
* Also '0' is sometimes observed as an atoi style conversion.
*/
bindingset[c]
predicate isLikelyConversionConstant(int c) {
exists(int i | i = c.abs() |
i =
[
146097, // days in 400-year Gregorian cycle
36524, // days in 100-year Gregorian subcycle
1461, // days in 4-year cycle (incl. 1 leap)
32044, // Fliegel-van Flandern JDN epoch shift
1721425, // JDN of 0001-01-01 (Gregorian)
1721119, // alt epoch offset
2400000, // MJD -> JDN conversion
2400001, // alt MJD -> JDN conversion
2141, // fixed-point month/day extraction
65536, // observed in some conversions
7834, // observed in some conversions
256, // observed in some conversions
292275056, // qdatetime.h Qt Core year range first year constant
292278994, // qdatetime.h Qt Core year range last year constant
1601, // Windows FILETIME epoch start year
1970, // Unix epoch start year
70, // Unix epoch start year short form
1899, // Observed in uses with 1900 to address off by one scenarios
1900, // Used when converting a 2 digit year
2000, // Used when converting a 2 digit year
1400, // Hijri base year, used when converting a 2 digit year
1980, // FAT filesystem epoch start year
227013, // constant observed for Hirji year conversion, and Hirji years are not applicable for gregorian leap year
10631, // constant observed for Hirji year conversion, and Hirji years are not applicable for gregorian leap year,
80, // 1980/01/01 is the start of the epoch on DOS
0
]
)
}
/**
* An `isLikelyConversionConstant` constant indicates conversion that is ignorable, e.g.,
* julian to gregorian conversion or conversions from linux time structs
* that start at 1900, etc.
*/
class IgnorableConstantArithmetic extends IgnorableOperation {
IgnorableConstantArithmetic() {
exists(int i | isLikelyConversionConstant(i) |
this.(Operation).getAnOperand().getValue().toInt() = i
or
// If there is a data flow from the variable that was modified to a function that seems to check for leap year
exists(VariableAccess source, ChecksForLeapYearFunctionCall fc |
source = var.getAnAccess() and
LeapYearCheckFlow::flow(DataFlow::exprNode(source), DataFlow::exprNode(fc.getAnArgument()))
)
or
// If there is a data flow from the field that was modified to a function that seems to check for leap year
exists(VariableAccess vacheck, YearFieldAccess yfacheck, ChecksForLeapYearFunctionCall fc |
vacheck = var.getAnAccess() and
yfacheck.getQualifier() = vacheck and
LeapYearCheckFlow::flow(DataFlow::exprNode(yfacheck), DataFlow::exprNode(fc.getAnArgument()))
)
or
// If there is a successor or predecessor that sets the month = 1
exists(MonthFieldAccess mfa, AssignExpr ae |
mfa.getQualifier() = var.getAnAccess() and
mfa.isModified() and
(
mfa.getBasicBlock() = yfa.getBasicBlock().getASuccessor*() or
yfa.getBasicBlock() = mfa.getBasicBlock().getASuccessor+()
) and
ae = mfa.getEnclosingElement() and
ae.getAnOperand().getValue().toInt() = 1
exists(AssignArithmeticOperation a | this = a.getRValue() |
a.getRValue().getValue().toInt() = i
)
)
}
}
// If a unary minus assume it is some sort of conversion
class IgnorableUnaryMinus extends IgnorableOperation {
IgnorableUnaryMinus() {
this instanceof UnaryMinusExpr
or
this.(Operation).getAnOperand() instanceof UnaryMinusExpr
}
}
/**
* An argument to a function is ignorable if the function that is called is an ignored function
*/
class OperationAsArgToIgnorableFunction extends IgnorableOperation {
OperationAsArgToIgnorableFunction() {
exists(Call c |
c.getAnArgument().getAChild*() = this and
c.getTarget() instanceof IgnorableFunction
)
}
}
/**
* A binary operation on two literals means the result is constant/known
* and the operation is basically ignorable (it's not a real operation but
* probably one visual simplicity what it means).
*/
class ConstantBinaryArithmeticOperation extends IgnorableOperation, BinaryArithmeticOperation {
ConstantBinaryArithmeticOperation() {
this.getLeftOperand() instanceof Literal and
this.getRightOperand() instanceof Literal
}
}
class IgnorableBinaryBitwiseOperation extends IgnorableOperation instanceof BinaryBitwiseOperation {
}
class IgnorableUnaryBitwiseOperation extends IgnorableOperation instanceof UnaryBitwiseOperation { }
class IgnorableAssignmentBitwiseOperation extends IgnorableOperation instanceof AssignBitwiseOperation
{ }
/**
* An arithmetic operation where one of the operands is a pointer or char type, ignore it
*/
class IgnorablePointerOrCharArithmetic extends IgnorableOperation {
IgnorablePointerOrCharArithmetic() {
this instanceof BinaryArithmeticOperation and
exists(Expr op | op = this.(BinaryArithmeticOperation).getAnOperand() |
op.getUnspecifiedType() instanceof PointerType
or
op.getUnspecifiedType() instanceof CharType
or
// Operations on calls to functions that accept char or char*
op.(Call).getAnArgument().getUnspecifiedType().stripType() instanceof CharType
or
// Operations on calls to functions named like "strlen", "wcslen", etc
// NOTE: workaround for cases where the wchar_t type is not a char, but an unsigned short
// unclear if there is a best way to filter cases like these out based on type info.
op.(Call).getTarget().getName().matches("%len%")
)
or
exists(AssignArithmeticOperation a | a.getRValue() = this |
exists(Expr op | op = a.getAnOperand() |
op.getUnspecifiedType() instanceof PointerType
or
op.getUnspecifiedType() instanceof CharType
or
// Operations on calls to functions that accept char or char*
op.(Call).getAnArgument().getUnspecifiedType().stripType() instanceof CharType
)
or
// Operations on calls to functions named like "strlen", "wcslen", etc
// for example `strlen(foo) + bar`
this.(BinaryArithmeticOperation).getAnOperand().(Call).getTarget().getName().matches("%len%")
)
}
}
/**
* Holds for an expression that is an add or similar operation that could flow to a Year field.
*/
predicate isOperationSourceCandidate(Expr e) {
not e instanceof IgnorableOperation and
exists(Function f |
f = e.getEnclosingFunction() and
not f instanceof IgnorableFunction
) and
(
e instanceof SubExpr
or
e instanceof AddExpr
or
e instanceof CrementOperation
or
e instanceof AssignSubExpr
or
e instanceof AssignAddExpr
)
select yfa,
"Field $@ on variable $@ has been modified, but no appropriate check for LeapYear was found.",
yfa.getTarget(), yfa.getTarget().toString(), var, var.toString()
}
/**
* A data flow that tracks an ignorable operation (such as a bitwise operation) to an operation source, so we may disqualify it.
*/
module IgnorableOperationToOperationSourceCandidateConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node n) { n.asExpr() instanceof IgnorableOperation }
predicate isSink(DataFlow::Node n) { isOperationSourceCandidate(n.asExpr()) }
// looking for sources and sinks in the same function
DataFlow::FlowFeature getAFeature() {
result instanceof DataFlow::FeatureEqualSourceSinkCallContext
}
}
module IgnorableOperationToOperationSourceCandidateFlow =
TaintTracking::Global<IgnorableOperationToOperationSourceCandidateConfig>;
/**
* The set of all expressions which is a candidate expression and also does not flow from to to some ignorable expression (eg. bitwise op)
* ```
* a = something <<< 2;
* myDate.year = a + 1; // invalid
* ...
* a = someDate.year + 1;
* myDate.year = a; // valid
* ```
*/
class OperationSource extends Expr {
OperationSource() {
isOperationSourceCandidate(this) and
// If the candidate came from an ignorable operation, ignore the candidate
// NOTE: we cannot easily flow the candidate to an ignorable operation as that can
// be tricky in practice, e.g., a mod operation on a year would be part of a leap year check
// but a mod operation ending in a year is more indicative of something to ignore (a conversion)
not exists(IgnorableOperationToOperationSourceCandidateFlow::PathNode sink |
sink.getNode().asExpr() = this and
sink.isSink()
)
}
}
class YearFieldAssignmentNode extends DataFlow::Node {
YearFieldAccess access;
YearFieldAssignmentNode() {
exists(Function f |
f = this.getEnclosingCallable().getUnderlyingCallable() and not f instanceof IgnorableFunction
) and
(
this.asDefinition().(Assignment).getLValue() = access
or
this.asDefinition().(CrementOperation).getOperand() = access
or
exists(Call c | c.getAnArgument() = access and this.asDefiningArgument() = access)
or
exists(Call c, AddressOfExpr aoe |
c.getAnArgument() = aoe and
aoe.getOperand() = access and
this.asDefiningArgument() = aoe
)
)
}
YearFieldAccess getYearFieldAccess() { result = access }
}
/**
* A DataFlow configuration for identifying flows from an identified source
* to the Year field of a date object.
*/
module OperationToYearAssignmentConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node n) { n.asExpr() instanceof OperationSource }
predicate isSink(DataFlow::Node n) {
n instanceof YearFieldAssignmentNode and
not isYearModifiedWithCheck(n) and
not isControlledByMonthEqualityCheckNonFebruary(n.asExpr())
}
predicate isBarrier(DataFlow::Node n) {
exists(ArrayExpr arr | arr.getArrayOffset() = n.asExpr())
or
n.getType().getUnspecifiedType() instanceof PointerType
or
n.getType().getUnspecifiedType() instanceof CharType
or
// If a type resembles "string" ignore flow (likely string conversion, currently ignored)
n.getType().getUnspecifiedType().stripType().getName().toLowerCase().matches("%string%")
or
n.asExpr() instanceof IgnorableOperation
or
// Flowing into variables that indicate likely non-gregorian years are barriers
// e.g., names similar to hijri, persian, lunar, chinese, hebrew, etc.
exists(Variable v |
v.getName()
.toLowerCase()
.matches(["%hijri%", "%persian%", "%lunar%", "%chinese%", "%hebrew%"]) and
v.getAnAccess() = [n.asIndirectExpr(), n.asExpr()]
)
or
isLeapYearCheckSink(n)
or
// this is a bit of a hack to address cases where a year is normalized and checked, but the
// normalized year is never itself assigned to the final year struct
// isLeapYear(getCivilYear(year))
// struct.year = year
// This is assuming a user would have done this all on one line though.
// setting a variable for the conversion and passing that separately would be more difficult to track
// considering this approach good enough for current observed false positives
exists(Expr arg |
isLeapYearCheckCall(_, arg) and arg.getAChild*() = [n.asExpr(), n.asIndirectExpr()]
)
or
// If as the flow progresses, the value holding a dangerous operation result
// is apparently being passed by address to some function, it is more than likely
// intended to be modified, and therefore, the definition is killed.
exists(Call c | c.getAnArgument().(AddressOfExpr).getAnOperand() = n.asIndirectExpr())
}
/** Block flow out of an operation source to get the "closest" operation to the sink */
predicate isBarrierIn(DataFlow::Node n) { isSource(n) }
predicate isBarrierOut(DataFlow::Node n) { isSink(n) }
}
module OperationToYearAssignmentFlow = TaintTracking::Global<OperationToYearAssignmentConfig>;
predicate isLeapYearCheckSink(DataFlow::Node sink) {
exists(LeapYearGuardCondition lgc |
lgc.checkedYearAccess() = [sink.asExpr(), sink.asIndirectExpr()]
)
or
isLeapYearCheckCall(_, [sink.asExpr(), sink.asIndirectExpr()])
}
predicate yearAssignmentToCheckCommonSteps(DataFlow::Node node1, DataFlow::Node node2) {
// flow from a YearFieldAccess to the qualifier
node2.asExpr() = node1.asExpr().(YearFieldAccess).getQualifier*()
or
// getting the 'access' can be tricky at definitions (assignments especially)
// as dataflow uses asDefinition not asExpr.
// the YearFieldAssignmentNode holds the access in these cases
node1.(YearFieldAssignmentNode).getYearFieldAccess().getQualifier() = node2.asExpr()
or
// flow from a year access qualifier to a year field
exists(YearFieldAccess yfa | node2.asExpr() = yfa and node1.asExpr() = yfa.getQualifier())
or
node1.(YearFieldAssignmentNode).getYearFieldAccess().getQualifier() = node2.asExpr()
or
// Pass through any intermediate struct
exists(Assignment a |
a.getRValue() = node1.asExpr() and
node2.asExpr() = a.getLValue().(YearFieldAccess).getQualifier*()
)
or
// in cases of t.year = x and the value of x is checked, but the year t.year isn't directly checked
// flow from a year assignment node to an RHS if it is an assignment
// e.g.,
// t.year = x;
// isLeapYear(x);
// --> at this point there is no flow of t.year to a check, but only its raw value
// To detect the flow of 'x' to the isLeapYear check,
// flow from t.year to 'x' (at assignment, t.year = x, flow to the RHS to track use-use flow of x)
exists(YearFieldAssignmentNode yfan |
node1 = yfan and
node2.asExpr() = yfan.asDefinition().(Assignment).getRValue()
)
}
/**
* A flow configuration from a Year field access to some Leap year check or guard
*/
module YearAssignmentToLeapYearCheckConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source instanceof YearFieldAssignmentNode }
predicate isSink(DataFlow::Node sink) { isLeapYearCheckSink(sink) }
predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
yearAssignmentToCheckCommonSteps(node1, node2)
}
/**
* Enforcing the check must occur in the same call context as the source,
* i.e., do not return from the source function and check in a caller.
*/
DataFlow::FlowFeature getAFeature() { result instanceof DataFlow::FeatureHasSourceCallContext }
}
module YearAssignmentToLeapYearCheckFlow =
TaintTracking::Global<YearAssignmentToLeapYearCheckConfig>;
/** Does there exist a flow from the given YearFieldAccess to a Leap Year check or guard? */
predicate isYearModifiedWithCheck(YearFieldAssignmentNode n) {
exists(YearAssignmentToLeapYearCheckFlow::PathNode src |
src.isSource() and
src.getNode() = n
)
or
// If the time flows to a time conversion whose value/result is checked,
// assume the leap year is being handled.
exists(YearAssignmentToCheckedTimeConversionFlow::PathNode timeQualSrc |
timeQualSrc.isSource() and
timeQualSrc.getNode() = n
)
}
/**
* An expression which checks the value of a Month field `a->month == 1`.
*/
class MonthEqualityCheck extends EqualityOperation {
MonthEqualityCheck() { this.getAnOperand() instanceof MonthFieldAccess }
Expr getExprCompared() {
exists(Expr e |
e = this.getAnOperand() and
not e instanceof MonthFieldAccess and
result = e
)
}
}
final class FinalMonthEqualityCheck = MonthEqualityCheck;
class MonthEqualityCheckGuard extends GuardCondition, FinalMonthEqualityCheck { }
/**
* Verifies if the expression is guarded by a check on the Month property of a date struct, that is NOT February.
*/
bindingset[e]
pragma[inline_late]
predicate isControlledByMonthEqualityCheckNonFebruary(Expr e) {
exists(MonthEqualityCheckGuard monthGuard, Expr compared |
monthGuard.controls(e.getBasicBlock(), true) and
compared = monthGuard.getExprCompared() and
not compared.getValue().toInt() = 2
)
}
/**
* Flow from a year field access to a time conversion function
* that auto converts feb29 in non-leap year, or through a conversion function that doesn't
* auto convert to a sanity check guard of the result for error conditions.
*/
module YearAssignmentToCheckedTimeConversionConfig implements DataFlow::StateConfigSig {
// Flow state tracks if flow goes through a known time conversion function
// see `TimeConversionFunction`.
// A valid check with a time conversion function is either the case:
// 1) the year flows into a time conversion function, and the time conversion function's result is checked or
// 2) the year flows into a time conversion function that auto corrects for leap year, so no check is necessary.
class FlowState = boolean;
predicate isSource(DataFlow::Node source, FlowState state) {
source instanceof YearFieldAssignmentNode and
state = false
}
predicate isSink(DataFlow::Node sink, FlowState state) {
// Case 1: Flow through a time conversion function that requires a check,
// and we have arrived at a guard, implying the result was checked for possible error, including leap year error.
// state = true indicates the flow went through a time conversion function
state = true and
(
exists(IfStmt ifs | ifs.getCondition().getAChild*() = [sink.asExpr(), sink.asIndirectExpr()])
or
exists(ConditionalExpr ce |
ce.getCondition().getAChild*() = [sink.asExpr(), sink.asIndirectExpr()]
)
or
exists(Loop l | l.getCondition().getAChild*() = [sink.asExpr(), sink.asIndirectExpr()])
)
or
// Case 2: Flow through a time conversion function that auto corrects for leap year, so no check is necessary.
// state true or false, as flowing through a time conversion function is not necessary in this instance.
state in [true, false] and
exists(Call c, TimeConversionFunction f |
f.isAutoLeapYearCorrecting() and
c.getTarget() = f and
c.getAnArgument().getAChild*() = [sink.asExpr(), sink.asIndirectExpr()]
)
}
predicate isAdditionalFlowStep(
DataFlow::Node node1, FlowState state1, DataFlow::Node node2, FlowState state2
) {
state1 in [true, false] and
state2 = true and
exists(Call c |
c.getTarget() instanceof TimeConversionFunction and
c.getAnArgument().getAChild*() = [node1.asExpr(), node1.asIndirectExpr()] and
node2.asExpr() = c
)
}
predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
yearAssignmentToCheckCommonSteps(node1, node2)
}
DataFlow::FlowFeature getAFeature() { result instanceof DataFlow::FeatureHasSourceCallContext }
}
module YearAssignmentToCheckedTimeConversionFlow =
DataFlow::GlobalWithState<YearAssignmentToCheckedTimeConversionConfig>;
/**
* Finds flow from a parameter of a function to a leap year check.
* This is necessary to handle for scenarios like this:
*
* year = DANGEROUS_OP // source
* isLeap = isLeapYear(year);
* // logic based on isLeap
* struct.year = year; // sink
*
* In this case, we may flow a dangerous op to a year assignment, failing
* to barrier the flow through a leap year check, as the leap year check
* is nested, and dataflow does not progress down into the check and out.
* Instead, the point of this flow is to detect isLeapYear's argument
* is checked for leap year, making the isLeapYear call a barrier for
* the dangerous flow if we flow through the parameter identified to
* be checked.
*/
module ParameterToLeapYearCheckConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { exists(source.asParameter()) }
predicate isSink(DataFlow::Node sink) {
exists(LeapYearGuardCondition lgc |
lgc.checkedYearAccess() = [sink.asExpr(), sink.asIndirectExpr()]
)
}
predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
// flow from a YearFieldAccess to the qualifier
node2.asExpr() = node1.asExpr().(YearFieldAccess).getQualifier*()
or
// flow from a year access qualifier to a year field
exists(YearFieldAccess yfa | node2.asExpr() = yfa and node1.asExpr() = yfa.getQualifier())
}
/**
* Enforcing the check must occur in the same call context as the source,
* i.e., do not return from the source function and check in a caller.
*/
DataFlow::FlowFeature getAFeature() { result instanceof DataFlow::FeatureHasSourceCallContext }
}
// NOTE: I do not believe taint flow is necessary here as we should
// be flowing directyly from some parameter to a leap year check.
module ParameterToLeapYearCheckFlow = DataFlow::Global<ParameterToLeapYearCheckConfig>;
predicate isLeapYearCheckCall(Call c, Expr arg) {
exists(ParameterToLeapYearCheckFlow::PathNode src, Function f, int i |
src.isSource() and
f.getParameter(i) = src.getNode().asParameter() and
c.getTarget() = f and
c.getArgument(i) = arg
)
}
class LeapYearGuardCondition extends GuardCondition {
Expr yearSinkDiv4;
Expr yearSinkDiv100;
Expr yearSinkDiv400;
LeapYearGuardCondition() {
exists(
LogicalAndExpr andExpr, LogicalOrExpr orExpr, GuardCondition div4Check,
GuardCondition div100Check, GuardCondition div400Check, GuardValue gv
|
// canonical case:
// form: `(year % 4 == 0) && (year % 100 != 0 || year % 400 == 0)`
// `!((year % 4 == 0) && (year % 100 != 0 || year % 400 == 0))`
// `!(year % 4) && (year % 100 || !(year % 400))`
// Also accepting `((year & 3) == 0) && (year % 100 != 0 || year % 400 == 0)`
// and `(year % 4 == 0) && (year % 100 > 0 || year % 400 == 0)`
this = andExpr and
andExpr.hasOperands(div4Check, orExpr) and
orExpr.hasOperands(div100Check, div400Check) and
(
// year % 4 == 0
exists(RemExpr e |
div4Check.comparesEq(e, 0, true, gv) and
e.getRightOperand().getValue().toInt() = 4 and
yearSinkDiv4 = e.getLeftOperand()
)
or
// year & 3 == 0
exists(BitwiseAndExpr e |
div4Check.comparesEq(e, 0, true, gv) and
e.getRightOperand().getValue().toInt() = 3 and
yearSinkDiv4 = e.getLeftOperand()
)
) and
exists(RemExpr e |
// year % 100 != 0 or year % 100 > 0
(
div100Check.comparesEq(e, 0, false, gv) or
div100Check.comparesLt(e, 1, false, gv)
) and
e.getRightOperand().getValue().toInt() = 100 and
yearSinkDiv100 = e.getLeftOperand()
) and
// year % 400 == 0
exists(RemExpr e |
div400Check.comparesEq(e, 0, true, gv) and
e.getRightOperand().getValue().toInt() = 400 and
yearSinkDiv400 = e.getLeftOperand()
)
or
// Inverted logic case:
// `year % 4 != 0 || (year % 100 == 0 && year % 400 != 0)`
// or `year & 3 != 0 || (year % 100 == 0 && year % 400 != 0)`
// also accepting `year % 4 > 0 || (year % 100 == 0 && year % 400 > 0)`
this = orExpr and
orExpr.hasOperands(div4Check, andExpr) and
andExpr.hasOperands(div100Check, div400Check) and
(
// year % 4 != 0 or year % 4 > 0
exists(RemExpr e |
(
div4Check.comparesEq(e, 0, false, gv)
or
div4Check.comparesLt(e, 1, false, gv)
) and
e.getRightOperand().getValue().toInt() = 4 and
yearSinkDiv4 = e.getLeftOperand()
)
or
// year & 3 != 0
exists(BitwiseAndExpr e |
div4Check.comparesEq(e, 0, false, gv) and
e.getRightOperand().getValue().toInt() = 3 and
yearSinkDiv4 = e.getLeftOperand()
)
) and
// year % 100 == 0
exists(RemExpr e |
div100Check.comparesEq(e, 0, true, gv) and
e.getRightOperand().getValue().toInt() = 100 and
yearSinkDiv100 = e.getLeftOperand()
) and
// year % 400 != 0 or year % 400 > 0
exists(RemExpr e |
(
div400Check.comparesEq(e, 0, false, gv)
or
div400Check.comparesLt(e, 1, false, gv)
) and
e.getRightOperand().getValue().toInt() = 400 and
yearSinkDiv400 = e.getLeftOperand()
)
)
}
Expr getYearSinkDiv4() { result = yearSinkDiv4 }
Expr getYearSinkDiv100() { result = yearSinkDiv100 }
Expr getYearSinkDiv400() { result = yearSinkDiv400 }
/**
* Gets the variable access that is used in all 3 components of the leap year check
* e.g., see getYearSinkDiv4/100/400..
* If a field access is used, the qualifier and the field access are both returned
* in checked condition.
* NOTE: if the year is not checked using the same access in all 3 components, no result is returned.
* The typical case observed is a consistent variable access is used. If not, this may indicate a bug.
* We could check more accurately with a dataflow analysis, but this is likely sufficient for now.
*/
VariableAccess checkedYearAccess() {
exists(Variable var |
(
this.getYearSinkDiv4().getAChild*() = var.getAnAccess() and
this.getYearSinkDiv100().getAChild*() = var.getAnAccess() and
this.getYearSinkDiv400().getAChild*() = var.getAnAccess() and
result = var.getAnAccess() and
(
result = this.getYearSinkDiv4().getAChild*() or
result = this.getYearSinkDiv100().getAChild*() or
result = this.getYearSinkDiv400().getAChild*()
)
)
)
}
}
/**
* A difficult case to detect is if a year modification is tied to a month or day modification
* and the month or day is safe for leap year.
* e.g.,
* year++;
* month = 1;
* // alternative: day = 15;
* ... values eventually used in the same time struct
* If this is even more challenging if the struct the values end up in are not
* local (set inter-procedurally).
* This configuration looks for constants 1-31 flowing to a month or day assignment.
* It is assumed a user of this flow will check if the month/day source and month/day sink
* are in the same basic blocks as a year modification source and a year modification sink.
* It is also assumed a user will check if the constant source is a value that is ignorable
* e.g., if it is 2 and the sink is a month assignment, then it isn't ignorable or
* if the value is < 27 and is a day assignment, it is likely ignorable
*
* Obviously this does not handle all conditions (e.g., the month set in another block).
* It is meant to capture the most common cases of false positives.
*/
module CandidateConstantToDayOrMonthAssignmentConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) {
source.asExpr().getValue().toInt() in [1 .. 31] and
(
exists(Assignment a | a.getRValue() = source.asExpr())
or
exists(Call c | c.getAnArgument() = source.asExpr())
)
}
predicate isSink(DataFlow::Node sink) {
exists(Assignment a |
(a.getLValue() instanceof MonthFieldAccess or a.getLValue() instanceof DayFieldAccess) and
a.getRValue() = sink.asExpr()
)
}
}
// NOTE: only data flow here (no taint tracking) as we want the exact
// constant flowing to the month assignment
module CandidateConstantToDayOrMonthAssignmentFlow =
DataFlow::Global<CandidateConstantToDayOrMonthAssignmentConfig>;
/**
* Holds if value the assignment `a` resolves to (`dayOrMonthValSrcExpr`) doesn't represent February,
* and/or if it represents a day, is a 'safe' day (meaning the 27th or prior).
*/
bindingset[dayOrMonthValSrcExpr]
predicate isSafeValueForAssignmentOfMonthOrDayValue(Assignment a, Expr dayOrMonthValSrcExpr) {
a.getLValue() instanceof MonthFieldAccess and
dayOrMonthValSrcExpr.getValue().toInt() != 2
or
a.getLValue() instanceof DayFieldAccess and
dayOrMonthValSrcExpr.getValue().toInt() <= 27
}
import OperationToYearAssignmentFlow::PathGraph
from OperationToYearAssignmentFlow::PathNode src, OperationToYearAssignmentFlow::PathNode sink
where
OperationToYearAssignmentFlow::flowPath(src, sink) and
// Check if a month is set in the same block as the year operation source
// and the month value would indicate its set to any other month than february.
// Finds if the source year node is in the same block as a source month block
// and if the same for the sinks.
not exists(DataFlow::Node dayOrMonthValSrc, DataFlow::Node dayOrMonthValSink, Assignment a |
CandidateConstantToDayOrMonthAssignmentFlow::flow(dayOrMonthValSrc, dayOrMonthValSink) and
a.getRValue() = dayOrMonthValSink.asExpr() and
dayOrMonthValSink.getBasicBlock() = sink.getNode().getBasicBlock() and
exists(IRBlock dayOrMonthValBB |
dayOrMonthValBB = dayOrMonthValSrc.getBasicBlock() and
// The source of the day is set in the same block as the source for the year
// or the source for the day is set in the same block as the sink for the year
dayOrMonthValBB in [
src.getNode().getBasicBlock(),
sink.getNode().getBasicBlock()
]
) and
isSafeValueForAssignmentOfMonthOrDayValue(a, dayOrMonthValSrc.asExpr())
)
select sink, src, sink,
"Year field has been modified, but no appropriate check for LeapYear was found."

16
cpp/ql/src/Likely Bugs/Leap Year/UncheckedReturnValueForTimeFunctions.ql
View File

@@ -44,23 +44,9 @@ class SafeTimeGatheringFunction extends Function {
}
}
/**
* This list of APIs should check for the return value to detect problems during the conversion.
*/
class TimeConversionFunction extends Function {
TimeConversionFunction() {
this.getQualifiedName() =
[
"FileTimeToSystemTime", "SystemTimeToFileTime", "SystemTimeToTzSpecificLocalTime",
"SystemTimeToTzSpecificLocalTimeEx", "TzSpecificLocalTimeToSystemTime",
"TzSpecificLocalTimeToSystemTimeEx", "RtlLocalTimeToSystemTime",
"RtlTimeToSecondsSince1970", "_mkgmtime"
]
}
}
from FunctionCall fcall, TimeConversionFunction trf, Variable var
where
not trf.isAutoLeapYearCorrecting() and
fcall = trf.getACallToThisFunction() and
fcall instanceof ExprInVoidContext and
var.getUnderlyingType() instanceof UnpackedTimeType and

24
cpp/ql/src/Likely Bugs/Memory Management/ReturnStackAllocatedMemory.ql
View File

@@ -16,17 +16,15 @@
import cpp
import semmle.code.cpp.ir.IR
import semmle.code.cpp.ir.dataflow.MustFlow
import PathGraph
import ReturnStackAllocatedMemory::PathGraph
/** Holds if `f` has a name that we interpret as evidence of intentionally returning the value of the stack pointer. */
predicate intentionallyReturnsStackPointer(Function f) {
f.getName().toLowerCase().matches(["%stack%", "%sp%"])
}
class ReturnStackAllocatedMemoryConfig extends MustFlowConfiguration {
ReturnStackAllocatedMemoryConfig() { this = "ReturnStackAllocatedMemoryConfig" }
override predicate isSource(Instruction source) {
module ReturnStackAllocatedMemoryConfig implements MustFlow::ConfigSig {
predicate isSource(Instruction source) {
exists(Function func |
// Rule out FPs caused by extraction errors.
not func.hasErrors() and
@@ -50,7 +48,7 @@ class ReturnStackAllocatedMemoryConfig extends MustFlowConfiguration {
)
}
override predicate isSink(Operand sink) {
predicate isSink(Operand sink) {
// Holds if `sink` is a node that represents the `StoreInstruction` that is subsequently used in
// a `ReturnValueInstruction`.
// We use the `StoreInstruction` instead of the instruction that defines the
@@ -72,7 +70,7 @@ class ReturnStackAllocatedMemoryConfig extends MustFlowConfiguration {
// int* px = id(&x);
// }
// ```
override predicate allowInterproceduralFlow() { none() }
predicate allowInterproceduralFlow() { none() }
/**
* This configuration intentionally conflates addresses of fields and their object, and pointer offsets
@@ -87,20 +85,22 @@ class ReturnStackAllocatedMemoryConfig extends MustFlowConfiguration {
* }
* ```
*/
override predicate isAdditionalFlowStep(Operand node1, Instruction node2) {
predicate isAdditionalFlowStep(Operand node1, Instruction node2) {
node2.(FieldAddressInstruction).getObjectAddressOperand() = node1
or
node2.(PointerOffsetInstruction).getLeftOperand() = node1
}
override predicate isBarrier(Instruction n) { n.getResultType() instanceof ErroneousType }
predicate isBarrier(Instruction n) { n.getResultType() instanceof ErroneousType }
}
module ReturnStackAllocatedMemory = MustFlow::Global<ReturnStackAllocatedMemoryConfig>;
from
MustFlowPathNode source, MustFlowPathNode sink, Instruction instr,
ReturnStackAllocatedMemoryConfig conf
ReturnStackAllocatedMemory::PathNode source, ReturnStackAllocatedMemory::PathNode sink,
Instruction instr
where
conf.hasFlowPath(pragma[only_bind_into](source), pragma[only_bind_into](sink)) and
ReturnStackAllocatedMemory::flowPath(pragma[only_bind_into](source), pragma[only_bind_into](sink)) and
source.getInstruction() = instr
select sink.getInstruction(), source, sink, "May return stack-allocated memory from $@.",
instr.getAst(), instr.getAst().toString()

21
cpp/ql/src/Likely Bugs/Memory Management/UninitializedLocal.ql
View File

@@ -15,7 +15,7 @@
import cpp
import semmle.code.cpp.ir.IR
import semmle.code.cpp.ir.dataflow.MustFlow
import PathGraph
import UninitializedLocal::PathGraph
/**
* Auxiliary predicate: Types that don't require initialization
@@ -70,25 +70,26 @@ predicate isSinkImpl(Instruction sink, VariableAccess va) {
)
}
class MustFlow extends MustFlowConfiguration {
MustFlow() { this = "MustFlow" }
override predicate isSource(Instruction source) {
module UninitializedLocalConfig implements MustFlow::ConfigSig {
predicate isSource(Instruction source) {
source instanceof UninitializedInstruction and
exists(Type t | t = source.getResultType() | not allocatedType(t))
}
override predicate isSink(Operand sink) { isSinkImpl(sink.getDef(), _) }
predicate isSink(Operand sink) { isSinkImpl(sink.getDef(), _) }
override predicate allowInterproceduralFlow() { none() }
predicate allowInterproceduralFlow() { none() }
override predicate isBarrier(Instruction instr) { instr instanceof ChiInstruction }
predicate isBarrier(Instruction instr) { instr instanceof ChiInstruction }
}
module UninitializedLocal = MustFlow::Global<UninitializedLocalConfig>;
from
VariableAccess va, LocalVariable v, MustFlow conf, MustFlowPathNode source, MustFlowPathNode sink
VariableAccess va, LocalVariable v, UninitializedLocal::PathNode source,
UninitializedLocal::PathNode sink
where
conf.hasFlowPath(source, sink) and
UninitializedLocal::flowPath(source, sink) and
isSinkImpl(sink.getInstruction(), va) and
v = va.getTarget()
select va, source, sink, "The variable $@ may not be initialized at this access.", v, v.getName()

26
cpp/ql/src/Likely Bugs/OO/UnsafeUseOfThis.ql
View File

@@ -17,16 +17,16 @@
import cpp
import semmle.code.cpp.ir.IR
import semmle.code.cpp.ir.dataflow.MustFlow
import PathGraph
import UnsafeUseOfThis::PathGraph
class UnsafeUseOfThisConfig extends MustFlowConfiguration {
UnsafeUseOfThisConfig() { this = "UnsafeUseOfThisConfig" }
module UnsafeUseOfThisConfig implements MustFlow::ConfigSig {
predicate isSource(Instruction source) { isSource(source, _, _) }
override predicate isSource(Instruction source) { isSource(source, _, _) }
override predicate isSink(Operand sink) { isSink(sink, _) }
predicate isSink(Operand sink) { isSink(sink, _) }
}
module UnsafeUseOfThis = MustFlow::Global<UnsafeUseOfThisConfig>;
/** Holds if `sink` is a `this` pointer used by the call instruction `call`. */
predicate isSink(Operand sink, CallInstruction call) {
exists(PureVirtualFunction func |
@@ -66,19 +66,17 @@ predicate isSource(InitializeParameterInstruction source, string msg, Class c) {
* - `msg` is a string describing whether `source` is from a constructor or destructor.
*/
predicate flows(
MustFlowPathNode source, string msg, Class sourceClass, MustFlowPathNode sink,
UnsafeUseOfThis::PathNode source, string msg, Class sourceClass, UnsafeUseOfThis::PathNode sink,
CallInstruction call
) {
exists(UnsafeUseOfThisConfig conf |
conf.hasFlowPath(source, sink) and
isSource(source.getInstruction(), msg, sourceClass) and
isSink(sink.getInstruction().getAUse(), call)
)
UnsafeUseOfThis::flowPath(source, sink) and
isSource(source.getInstruction(), msg, sourceClass) and
isSink(sink.getInstruction().getAUse(), call)
}
from
MustFlowPathNode source, MustFlowPathNode sink, CallInstruction call, string msg,
Class sourceClass
UnsafeUseOfThis::PathNode source, UnsafeUseOfThis::PathNode sink, CallInstruction call,
string msg, Class sourceClass
where
flows(source, msg, sourceClass, sink, call) and
// Only raise an alert if there is no override of the pure virtual function in any base class.

2
cpp/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/cpp-queries
version: 1.5.11
version: 1.5.12-dev
groups:
- cpp
- queries

4
cpp/ql/test/library-tests/builtins/complex/builtin.expected
View File

@@ -1,4 +1,4 @@
| complex.c:3:23:3:51 | __builtin_complex | file://:0:0:0:0 | _Complex double | complex.c:3:41:3:44 | real | file://:0:0:0:0 | double | complex.c:3:47:3:50 | imag | file://:0:0:0:0 | double |
| complex.c:4:23:4:57 | __builtin_complex | file://:0:0:0:0 | _Complex double | complex.c:4:41:4:47 | 2.71828000000000003 | file://:0:0:0:0 | double | complex.c:4:50:4:56 | 3.141589999999999883 | file://:0:0:0:0 | double |
| complex.c:4:23:4:57 | __builtin_complex | file://:0:0:0:0 | _Complex double | complex.c:4:41:4:47 | 2.71828 | file://:0:0:0:0 | double | complex.c:4:50:4:56 | 3.14159 | file://:0:0:0:0 | double |
| complex.c:8:22:8:52 | __builtin_complex | file://:0:0:0:0 | _Complex float | complex.c:8:40:8:44 | realf | file://:0:0:0:0 | float | complex.c:8:47:8:51 | imagf | file://:0:0:0:0 | float |
| complex.c:9:22:9:52 | __builtin_complex | file://:0:0:0:0 | _Complex float | complex.c:9:40:9:44 | 1.230000019 | file://:0:0:0:0 | float | complex.c:9:47:9:51 | 4.559999943 | file://:0:0:0:0 | float |
| complex.c:9:22:9:52 | __builtin_complex | file://:0:0:0:0 | _Complex float | complex.c:9:40:9:44 | 1.23 | file://:0:0:0:0 | float | complex.c:9:47:9:51 | 4.56 | file://:0:0:0:0 | float |

12
cpp/ql/test/library-tests/controlflow/guards/GuardsCompare.expected
View File

@@ -298,16 +298,16 @@
| test.c:182:8:182:34 | ! ... | ! ... == 1 when ! ... is true |
| test.c:182:8:182:34 | ! ... | ... && ... != 0 when ! ... is false |
| test.c:182:8:182:34 | ! ... | ... && ... == 0 when ! ... is true |
| test.c:182:10:182:20 | ... >= ... | 9.999999999999999547e-07 < foo+1 when ... >= ... is true |
| test.c:182:10:182:20 | ... >= ... | 9.999999999999999547e-07 >= foo+1 when ... >= ... is false |
| test.c:182:10:182:20 | ... >= ... | 1.0E-6 < foo+1 when ... >= ... is true |
| test.c:182:10:182:20 | ... >= ... | 1.0E-6 >= foo+1 when ... >= ... is false |
| test.c:182:10:182:20 | ... >= ... | ... >= ... != 0 when ... >= ... is true |
| test.c:182:10:182:20 | ... >= ... | ... >= ... != 1 when ... >= ... is false |
| test.c:182:10:182:20 | ... >= ... | ... >= ... == 0 when ... >= ... is false |
| test.c:182:10:182:20 | ... >= ... | ... >= ... == 1 when ... >= ... is true |
| test.c:182:10:182:20 | ... >= ... | foo < 9.999999999999999547e-07+0 when ... >= ... is false |
| test.c:182:10:182:20 | ... >= ... | foo >= 9.999999999999999547e-07+0 when ... >= ... is true |
| test.c:182:10:182:20 | ... >= ... | foo < 1.0E-6+0 when ... >= ... is false |
| test.c:182:10:182:20 | ... >= ... | foo >= 1.0E-6+0 when ... >= ... is true |
| test.c:182:10:182:33 | ... && ... | 1.0 >= foo+1 when ... && ... is true |
| test.c:182:10:182:33 | ... && ... | 9.999999999999999547e-07 < foo+1 when ... && ... is true |
| test.c:182:10:182:33 | ... && ... | 1.0E-6 < foo+1 when ... && ... is true |
| test.c:182:10:182:33 | ... && ... | ! ... != 0 when ... && ... is false |
| test.c:182:10:182:33 | ... && ... | ! ... != 1 when ... && ... is true |
| test.c:182:10:182:33 | ... && ... | ! ... == 0 when ... && ... is true |
@@ -319,7 +319,7 @@
| test.c:182:10:182:33 | ... && ... | ... >= ... != 0 when ... && ... is true |
| test.c:182:10:182:33 | ... && ... | ... >= ... == 1 when ... && ... is true |
| test.c:182:10:182:33 | ... && ... | foo < 1.0+0 when ... && ... is true |
| test.c:182:10:182:33 | ... && ... | foo >= 9.999999999999999547e-07+0 when ... && ... is true |
| test.c:182:10:182:33 | ... && ... | foo >= 1.0E-6+0 when ... && ... is true |
| test.c:182:25:182:33 | ... < ... | 1.0 < foo+1 when ... < ... is false |
| test.c:182:25:182:33 | ... < ... | 1.0 >= foo+1 when ... < ... is true |
| test.c:182:25:182:33 | ... < ... | ... < ... != 0 when ... < ... is true |

12
cpp/ql/test/library-tests/controlflow/guards/GuardsEnsure.expected
View File

@@ -169,12 +169,12 @@ binary
| test.c:176:8:176:15 | ! ... | test.c:176:14:176:14 | b | < | test.c:176:10:176:10 | a | 1 | test.c:176:18:178:5 | { ... } |
| test.c:176:10:176:14 | ... < ... | test.c:176:10:176:10 | a | >= | test.c:176:14:176:14 | b | 0 | test.c:176:18:178:5 | { ... } |
| test.c:176:10:176:14 | ... < ... | test.c:176:14:176:14 | b | < | test.c:176:10:176:10 | a | 1 | test.c:176:18:178:5 | { ... } |
| test.c:182:10:182:20 | ... >= ... | test.c:182:10:182:12 | foo | >= | test.c:182:17:182:20 | 9.999999999999999547e-07 | 0 | test.c:181:25:182:20 | { ... } |
| test.c:182:10:182:20 | ... >= ... | test.c:182:10:182:12 | foo | >= | test.c:182:17:182:20 | 9.999999999999999547e-07 | 0 | test.c:182:25:182:33 | foo |
| test.c:182:10:182:20 | ... >= ... | test.c:182:17:182:20 | 9.999999999999999547e-07 | < | test.c:182:10:182:12 | foo | 1 | test.c:181:25:182:20 | { ... } |
| test.c:182:10:182:20 | ... >= ... | test.c:182:17:182:20 | 9.999999999999999547e-07 | < | test.c:182:10:182:12 | foo | 1 | test.c:182:25:182:33 | foo |
| test.c:182:10:182:33 | ... && ... | test.c:182:10:182:12 | foo | >= | test.c:182:17:182:20 | 9.999999999999999547e-07 | 0 | test.c:181:25:182:20 | { ... } |
| test.c:182:10:182:33 | ... && ... | test.c:182:17:182:20 | 9.999999999999999547e-07 | < | test.c:182:10:182:12 | foo | 1 | test.c:181:25:182:20 | { ... } |
| test.c:182:10:182:20 | ... >= ... | test.c:182:10:182:12 | foo | >= | test.c:182:17:182:20 | 1.0E-6 | 0 | test.c:181:25:182:20 | { ... } |
| test.c:182:10:182:20 | ... >= ... | test.c:182:10:182:12 | foo | >= | test.c:182:17:182:20 | 1.0E-6 | 0 | test.c:182:25:182:33 | foo |
| test.c:182:10:182:20 | ... >= ... | test.c:182:17:182:20 | 1.0E-6 | < | test.c:182:10:182:12 | foo | 1 | test.c:181:25:182:20 | { ... } |
| test.c:182:10:182:20 | ... >= ... | test.c:182:17:182:20 | 1.0E-6 | < | test.c:182:10:182:12 | foo | 1 | test.c:182:25:182:33 | foo |
| test.c:182:10:182:33 | ... && ... | test.c:182:10:182:12 | foo | >= | test.c:182:17:182:20 | 1.0E-6 | 0 | test.c:181:25:182:20 | { ... } |
| test.c:182:10:182:33 | ... && ... | test.c:182:17:182:20 | 1.0E-6 | < | test.c:182:10:182:12 | foo | 1 | test.c:181:25:182:20 | { ... } |
| test.c:182:10:182:33 | ... && ... | test.c:182:25:182:27 | foo | < | test.c:182:31:182:33 | 1.0 | 0 | test.c:181:25:182:20 | { ... } |
| test.c:182:10:182:33 | ... && ... | test.c:182:31:182:33 | 1.0 | >= | test.c:182:25:182:27 | foo | 1 | test.c:181:25:182:20 | { ... } |
| test.c:182:25:182:33 | ... < ... | test.c:182:25:182:27 | foo | < | test.c:182:31:182:33 | 1.0 | 0 | test.c:181:25:182:20 | { ... } |

1042
cpp/ql/test/library-tests/rangeanalysis/SimpleRangeAnalysis/lowerBound.expected
View File

File diff suppressed because it is too large Load Diff

10350
cpp/ql/test/library-tests/rangeanalysis/SimpleRangeAnalysis/nrOfBounds.expected
View File

File diff suppressed because it is too large Load Diff

16
cpp/ql/test/library-tests/rangeanalysis/SimpleRangeAnalysis/nrOfBounds.ql
View File

@@ -2,8 +2,20 @@ import cpp
import utils.test.InlineExpectationsTest
import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis
query predicate estimateNrOfBounds(Expr e, float nrOfBounds) {
nrOfBounds = SimpleRangeAnalysisInternal::estimateNrOfBounds(e)
query predicate estimateNrOfBounds(
Expr e, float nrOfBounds, float actualNrOfLowerBounds, float actualNrOfUpperBounds
) {
nrOfBounds = SimpleRangeAnalysisInternal::estimateNrOfBounds(e) and
(
actualNrOfLowerBounds = SimpleRangeAnalysisInternal::countNrOfLowerBounds(e)
or
not exists(SimpleRangeAnalysisInternal::countNrOfLowerBounds(e)) and actualNrOfLowerBounds = -1
) and
(
actualNrOfUpperBounds = SimpleRangeAnalysisInternal::countNrOfUpperBounds(e)
or
not exists(SimpleRangeAnalysisInternal::countNrOfUpperBounds(e)) and actualNrOfUpperBounds = -1
)
}
/**

144
cpp/ql/test/library-tests/rangeanalysis/SimpleRangeAnalysis/ternaryLower.expected
View File

@@ -77,77 +77,77 @@
| test.c:426:22:426:82 | ... ? ... : ... | 0.13204114 | 0.42186276 | 0.13204114 |
| test.c:426:26:426:69 | ... ? ... : ... | 0.42186276 | 0.42186276 | 0.44996679 |
| test.c:426:30:426:56 | ... ? ... : ... | 0.42186276 | 0.42186276 | 0.53843358 |
| test.c:468:4:642:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:468:5:470:49 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:471:6:553:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:472:8:490:41 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:475:10:479:21 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:475:31:475:79 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:477:13:479:21 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:484:12:489:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:485:12:485:60 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:487:15:489:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:491:6:510:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:494:8:498:19 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:494:29:494:77 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:496:11:498:19 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:499:6:499:54 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:503:10:507:21 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:503:31:503:79 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:505:13:507:21 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:508:9:510:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:512:10:531:43 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:515:12:520:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:516:12:516:60 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:518:15:520:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:525:14:530:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:526:14:526:62 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:528:17:530:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:532:9:553:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:535:14:540:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:536:14:536:62 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:538:17:540:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:541:12:541:60 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:545:12:550:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:546:12:546:60 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:548:15:550:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:551:11:553:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:554:9:556:51 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:557:9:642:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:558:14:577:47 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:561:16:566:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:562:16:562:64 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:564:19:566:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:571:18:576:29 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:572:18:572:66 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:574:21:576:29 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:578:12:599:29 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:581:14:586:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:582:14:582:62 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:584:17:586:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:587:12:587:60 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:591:16:596:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:592:16:592:64 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:594:19:596:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:597:15:599:29 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:601:12:620:45 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:604:14:609:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:605:14:605:62 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:607:17:609:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:614:16:619:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:615:16:615:64 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:617:19:619:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:621:11:642:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:624:16:629:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:625:16:625:64 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:627:19:629:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:630:14:630:62 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:634:14:639:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:635:14:635:62 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:637:17:639:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:640:13:642:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:668:20:668:36 | ... ? ... : ... | 0.0 | 0.0 | 100.0 |
| test.c:880:5:880:14 | ... ? ... : ... | 0.0 | 1.0 | 0.0 |
| test.c:881:5:881:14 | ... ? ... : ... | 0.0 | 0.0 | 1.0 |
| test.c:485:4:659:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:485:5:487:49 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:488:6:570:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:489:8:507:41 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:492:10:496:21 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:492:31:492:79 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:494:13:496:21 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:501:12:506:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:502:12:502:60 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:504:15:506:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:508:6:527:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:511:8:515:19 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:511:29:511:77 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:513:11:515:19 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:516:6:516:54 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:520:10:524:21 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:520:31:520:79 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:522:13:524:21 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:525:9:527:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:529:10:548:43 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:532:12:537:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:533:12:533:60 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:535:15:537:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:542:14:547:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:543:14:543:62 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:545:17:547:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:549:9:570:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:552:14:557:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:553:14:553:62 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:555:17:557:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:558:12:558:60 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:562:12:567:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:563:12:563:60 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:565:15:567:23 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:568:11:570:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:571:9:573:51 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:574:9:659:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:575:14:594:47 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:578:16:583:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:579:16:579:64 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:581:19:583:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:588:18:593:29 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:589:18:589:66 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:591:21:593:29 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:595:12:616:29 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:598:14:603:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:599:14:599:62 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:601:17:603:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:604:12:604:60 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:608:16:613:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:609:16:609:64 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:611:19:613:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:614:15:616:29 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:618:12:637:45 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:621:14:626:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:622:14:622:62 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:624:17:626:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:631:16:636:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:632:16:632:64 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:634:19:636:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:638:11:659:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:641:16:646:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:642:16:642:64 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:644:19:646:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:647:14:647:62 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:651:14:656:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:652:14:652:62 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:654:17:656:25 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:657:13:659:27 | ... ? ... : ... | 0.0 | 0.0 | 0.0 |
| test.c:685:20:685:36 | ... ? ... : ... | 0.0 | 0.0 | 100.0 |
| test.c:897:5:897:14 | ... ? ... : ... | 0.0 | 1.0 | 0.0 |
| test.c:898:5:898:14 | ... ? ... : ... | 0.0 | 0.0 | 1.0 |
| test.cpp:121:3:121:12 | ... ? ... : ... | 0.0 | 1.0 | 0.0 |
| test.cpp:122:3:122:12 | ... ? ... : ... | 0.0 | 0.0 | 1.0 |

144
cpp/ql/test/library-tests/rangeanalysis/SimpleRangeAnalysis/ternaryUpper.expected
View File

@@ -77,77 +77,77 @@
| test.c:426:22:426:82 | ... ? ... : ... | 0.53843358 | 0.53843358 | 0.13204114 |
| test.c:426:26:426:69 | ... ? ... : ... | 0.53843358 | 0.53843358 | 0.44996679 |
| test.c:426:30:426:56 | ... ? ... : ... | 0.53843358 | 0.42186276 | 0.53843358 |
| test.c:468:4:642:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:468:5:470:49 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:471:6:553:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:472:8:490:41 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:475:10:479:21 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:475:31:475:79 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:477:13:479:21 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:484:12:489:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:485:12:485:60 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:487:15:489:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:491:6:510:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:494:8:498:19 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:494:29:494:77 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:496:11:498:19 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:499:6:499:54 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:503:10:507:21 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:503:31:503:79 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:505:13:507:21 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:508:9:510:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:512:10:531:43 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:515:12:520:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:516:12:516:60 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:518:15:520:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:525:14:530:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:526:14:526:62 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:528:17:530:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:532:9:553:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:535:14:540:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:536:14:536:62 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:538:17:540:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:541:12:541:60 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:545:12:550:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:546:12:546:60 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:548:15:550:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:551:11:553:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:554:9:556:51 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:557:9:642:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:558:14:577:47 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:561:16:566:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:562:16:562:64 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:564:19:566:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:571:18:576:29 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:572:18:572:66 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:574:21:576:29 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:578:12:599:29 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:581:14:586:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:582:14:582:62 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:584:17:586:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:587:12:587:60 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:591:16:596:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:592:16:592:64 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:594:19:596:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:597:15:599:29 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:601:12:620:45 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:604:14:609:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:605:14:605:62 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:607:17:609:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:614:16:619:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:615:16:615:64 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:617:19:619:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:621:11:642:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:624:16:629:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:625:16:625:64 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:627:19:629:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:630:14:630:62 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:634:14:639:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:635:14:635:62 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:637:17:639:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:640:13:642:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:668:20:668:36 | ... ? ... : ... | 100.0 | 99.0 | 100.0 |
| test.c:880:5:880:14 | ... ? ... : ... | 32767.0 | 32767.0 | 0.0 |
| test.c:881:5:881:14 | ... ? ... : ... | 32767.0 | 0.0 | 32767.0 |
| test.c:485:4:659:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:485:5:487:49 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:488:6:570:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:489:8:507:41 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:492:10:496:21 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:492:31:492:79 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:494:13:496:21 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:501:12:506:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:502:12:502:60 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:504:15:506:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:508:6:527:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:511:8:515:19 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:511:29:511:77 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:513:11:515:19 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:516:6:516:54 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:520:10:524:21 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:520:31:520:79 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:522:13:524:21 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:525:9:527:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:529:10:548:43 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:532:12:537:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:533:12:533:60 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:535:15:537:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:542:14:547:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:543:14:543:62 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:545:17:547:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:549:9:570:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:552:14:557:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:553:14:553:62 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:555:17:557:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:558:12:558:60 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:562:12:567:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:563:12:563:60 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:565:15:567:23 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:568:11:570:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:571:9:573:51 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:574:9:659:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:575:14:594:47 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:578:16:583:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:579:16:579:64 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:581:19:583:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:588:18:593:29 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:589:18:589:66 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:591:21:593:29 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:595:12:616:29 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:598:14:603:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:599:14:599:62 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:601:17:603:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:604:12:604:60 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:608:16:613:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:609:16:609:64 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:611:19:613:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:614:15:616:29 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:618:12:637:45 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:621:14:626:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:622:14:622:62 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:624:17:626:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:631:16:636:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:632:16:632:64 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:634:19:636:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:638:11:659:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:641:16:646:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:642:16:642:64 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:644:19:646:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:647:14:647:62 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:651:14:656:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:652:14:652:62 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:654:17:656:25 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:657:13:659:27 | ... ? ... : ... | 4.294967295E9 | 4.294967295E9 | 4.294967295E9 |
| test.c:685:20:685:36 | ... ? ... : ... | 100.0 | 99.0 | 100.0 |
| test.c:897:5:897:14 | ... ? ... : ... | 32767.0 | 32767.0 | 0.0 |
| test.c:898:5:898:14 | ... ? ... : ... | 32767.0 | 0.0 | 32767.0 |
| test.cpp:121:3:121:12 | ... ? ... : ... | 32767.0 | 32767.0 | 0.0 |
| test.cpp:122:3:122:12 | ... ? ... : ... | 32767.0 | 0.0 | 32767.0 |

17
cpp/ql/test/library-tests/rangeanalysis/SimpleRangeAnalysis/test.c
View File

@@ -446,6 +446,23 @@ int repeated_if_statements(unsigned int rhs) {
return rhs; // rhs has 6 bounds
}
int repeated_if_else_statements(unsigned int rhs) {
// Test how many bounds we estimate for repeated `if`-`else` statements that
// guard the same variable.
if (rhs < 10) { rhs << 1; } else { rhs << 2; }
if (rhs < 11) { rhs << 1; } else { rhs << 2; }
if (rhs < 12) { rhs << 1; } else { rhs << 2; }
if (rhs < 13) { rhs << 1; } else { rhs << 2; }
if (rhs < 14) { rhs << 1; } else { rhs << 2; }
if (rhs < 15) { rhs << 1; } else { rhs << 2; }
if (rhs < 16) { rhs << 1; } else { rhs << 2; }
if (rhs < 17) { rhs << 1; } else { rhs << 2; }
if (rhs < 18) { rhs << 1; } else { rhs << 2; }
if (rhs < 19) { rhs << 1; } else { rhs << 2; }
if (rhs < 20) { rhs << 1; } else { rhs << 2; }
return rhs; // rhs has 12 bounds
}
int ne_phi_nodes(int a, int b) {
if (a == 17) {
if (b == 23) {

1044
cpp/ql/test/library-tests/rangeanalysis/SimpleRangeAnalysis/upperBound.expected
View File

File diff suppressed because it is too large Load Diff

158
cpp/ql/test/query-tests/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification/UncheckedLeapYearAfterYearModification.expected
View File

@@ -1,15 +1,143 @@
| test.cpp:314:5:314:9 | wYear | Field $@ on variable $@ has been modified, but no appropriate check for LeapYear was found. | test.cpp:12:7:12:11 | wYear | wYear | test.cpp:309:13:309:14 | st | st |
| test.cpp:327:5:327:9 | wYear | Field $@ on variable $@ has been modified, but no appropriate check for LeapYear was found. | test.cpp:12:7:12:11 | wYear | wYear | test.cpp:322:13:322:14 | st | st |
| test.cpp:338:6:338:10 | wYear | Field $@ on variable $@ has been modified, but no appropriate check for LeapYear was found. | test.cpp:12:7:12:11 | wYear | wYear | test.cpp:333:62:333:63 | st | st |
| test.cpp:484:5:484:9 | wYear | Field $@ on variable $@ has been modified, but no appropriate check for LeapYear was found. | test.cpp:12:7:12:11 | wYear | wYear | test.cpp:480:13:480:14 | st | st |
| test.cpp:497:5:497:9 | wYear | Field $@ on variable $@ has been modified, but no appropriate check for LeapYear was found. | test.cpp:12:7:12:11 | wYear | wYear | test.cpp:492:13:492:14 | st | st |
| test.cpp:509:5:509:9 | wYear | Field $@ on variable $@ has been modified, but no appropriate check for LeapYear was found. | test.cpp:12:7:12:11 | wYear | wYear | test.cpp:505:13:505:14 | st | st |
| test.cpp:606:11:606:17 | tm_year | Field $@ on variable $@ has been modified, but no appropriate check for LeapYear was found. | test.cpp:56:6:56:12 | tm_year | tm_year | test.cpp:602:12:602:19 | timeinfo | timeinfo |
| test.cpp:634:11:634:17 | tm_year | Field $@ on variable $@ has been modified, but no appropriate check for LeapYear was found. | test.cpp:56:6:56:12 | tm_year | tm_year | test.cpp:628:12:628:19 | timeinfo | timeinfo |
| test.cpp:636:11:636:17 | tm_year | Field $@ on variable $@ has been modified, but no appropriate check for LeapYear was found. | test.cpp:56:6:56:12 | tm_year | tm_year | test.cpp:628:12:628:19 | timeinfo | timeinfo |
| test.cpp:640:5:640:9 | wYear | Field $@ on variable $@ has been modified, but no appropriate check for LeapYear was found. | test.cpp:12:7:12:11 | wYear | wYear | test.cpp:629:13:629:14 | st | st |
| test.cpp:642:5:642:9 | wYear | Field $@ on variable $@ has been modified, but no appropriate check for LeapYear was found. | test.cpp:12:7:12:11 | wYear | wYear | test.cpp:629:13:629:14 | st | st |
| test.cpp:718:5:718:9 | wYear | Field $@ on variable $@ has been modified, but no appropriate check for LeapYear was found. | test.cpp:12:7:12:11 | wYear | wYear | test.cpp:712:13:712:14 | st | st |
| test.cpp:731:5:731:9 | wYear | Field $@ on variable $@ has been modified, but no appropriate check for LeapYear was found. | test.cpp:12:7:12:11 | wYear | wYear | test.cpp:725:13:725:14 | st | st |
| test.cpp:732:5:732:9 | wYear | Field $@ on variable $@ has been modified, but no appropriate check for LeapYear was found. | test.cpp:12:7:12:11 | wYear | wYear | test.cpp:725:13:725:14 | st | st |
| test.cpp:733:5:733:9 | wYear | Field $@ on variable $@ has been modified, but no appropriate check for LeapYear was found. | test.cpp:12:7:12:11 | wYear | wYear | test.cpp:725:13:725:14 | st | st |
#select
| test.cpp:422:2:422:14 | ... += ... | test.cpp:422:2:422:14 | ... += ... | test.cpp:422:2:422:14 | ... += ... | Year field has been modified, but no appropriate check for LeapYear was found. |
| test.cpp:440:2:440:11 | ... ++ | test.cpp:440:2:440:11 | ... ++ | test.cpp:440:2:440:11 | ... ++ | Year field has been modified, but no appropriate check for LeapYear was found. |
| test.cpp:456:2:456:12 | ... ++ | test.cpp:456:2:456:12 | ... ++ | test.cpp:456:2:456:12 | ... ++ | Year field has been modified, but no appropriate check for LeapYear was found. |
| test.cpp:681:2:681:23 | ... += ... | test.cpp:681:2:681:23 | ... += ... | test.cpp:681:2:681:23 | ... += ... | Year field has been modified, but no appropriate check for LeapYear was found. |
| test.cpp:813:2:813:40 | ... = ... | test.cpp:813:21:813:40 | ... + ... | test.cpp:813:2:813:40 | ... = ... | Year field has been modified, but no appropriate check for LeapYear was found. |
| test.cpp:818:2:818:24 | ... = ... | test.cpp:818:13:818:24 | ... + ... | test.cpp:818:2:818:24 | ... = ... | Year field has been modified, but no appropriate check for LeapYear was found. |
| test.cpp:951:3:951:25 | ... = ... | test.cpp:951:14:951:25 | ... + ... | test.cpp:951:3:951:25 | ... = ... | Year field has been modified, but no appropriate check for LeapYear was found. |
| test.cpp:969:3:969:12 | ... ++ | test.cpp:969:3:969:12 | ... ++ | test.cpp:969:3:969:12 | ... ++ | Year field has been modified, but no appropriate check for LeapYear was found. |
| test.cpp:1031:2:1031:11 | ... ++ | test.cpp:1031:2:1031:11 | ... ++ | test.cpp:1031:2:1031:11 | ... ++ | Year field has been modified, but no appropriate check for LeapYear was found. |
| test.cpp:1051:16:1051:23 | increment_arg output argument | test.cpp:1039:2:1039:4 | ... ++ | test.cpp:1051:16:1051:23 | increment_arg output argument | Year field has been modified, but no appropriate check for LeapYear was found. |
| test.cpp:1055:27:1055:35 | increment_arg_by_pointer output argument | test.cpp:1043:2:1043:7 | ... ++ | test.cpp:1055:27:1055:35 | increment_arg_by_pointer output argument | Year field has been modified, but no appropriate check for LeapYear was found. |
| test.cpp:1109:2:1109:26 | ... = ... | test.cpp:1109:14:1109:26 | ... - ... | test.cpp:1109:2:1109:26 | ... = ... | Year field has been modified, but no appropriate check for LeapYear was found. |
| test.cpp:1160:2:1160:19 | ... = ... | test.cpp:1158:2:1158:15 | ... += ... | test.cpp:1160:2:1160:19 | ... = ... | Year field has been modified, but no appropriate check for LeapYear was found. |
| test.cpp:1199:2:1199:28 | ... = ... | test.cpp:1199:16:1199:28 | ... + ... | test.cpp:1199:2:1199:28 | ... = ... | Year field has been modified, but no appropriate check for LeapYear was found. |
| test.cpp:1214:2:1214:28 | ... = ... | test.cpp:1214:16:1214:28 | ... + ... | test.cpp:1214:2:1214:28 | ... = ... | Year field has been modified, but no appropriate check for LeapYear was found. |
| test.cpp:1228:2:1228:28 | ... = ... | test.cpp:1228:16:1228:28 | ... + ... | test.cpp:1228:2:1228:28 | ... = ... | Year field has been modified, but no appropriate check for LeapYear was found. |
| test.cpp:1242:2:1242:26 | ... = ... | test.cpp:1242:14:1242:26 | ... + ... | test.cpp:1242:2:1242:26 | ... = ... | Year field has been modified, but no appropriate check for LeapYear was found. |
| test.cpp:1256:2:1256:26 | ... = ... | test.cpp:1256:14:1256:26 | ... + ... | test.cpp:1256:2:1256:26 | ... = ... | Year field has been modified, but no appropriate check for LeapYear was found. |
| test.cpp:1262:2:1262:28 | ... = ... | test.cpp:1262:16:1262:28 | ... + ... | test.cpp:1262:2:1262:28 | ... = ... | Year field has been modified, but no appropriate check for LeapYear was found. |
| test.cpp:1274:2:1274:28 | ... = ... | test.cpp:1274:16:1274:28 | ... + ... | test.cpp:1274:2:1274:28 | ... = ... | Year field has been modified, but no appropriate check for LeapYear was found. |
| test.cpp:1287:2:1287:26 | ... = ... | test.cpp:1287:14:1287:26 | ... + ... | test.cpp:1287:2:1287:26 | ... = ... | Year field has been modified, but no appropriate check for LeapYear was found. |
| test.cpp:1299:2:1299:26 | ... = ... | test.cpp:1299:14:1299:26 | ... + ... | test.cpp:1299:2:1299:26 | ... = ... | Year field has been modified, but no appropriate check for LeapYear was found. |
| test.cpp:1341:2:1341:17 | ... = ... | test.cpp:1432:12:1432:17 | ... + ... | test.cpp:1341:2:1341:17 | ... = ... | Year field has been modified, but no appropriate check for LeapYear was found. |
| test.cpp:1341:2:1341:17 | ... = ... | test.cpp:1446:9:1446:16 | ... + ... | test.cpp:1341:2:1341:17 | ... = ... | Year field has been modified, but no appropriate check for LeapYear was found. |
| test.cpp:1341:2:1341:17 | ... = ... | test.cpp:1458:9:1458:16 | ... + ... | test.cpp:1341:2:1341:17 | ... = ... | Year field has been modified, but no appropriate check for LeapYear was found. |
| test.cpp:1515:2:1515:15 | ... = ... | test.cpp:1512:2:1512:10 | ... += ... | test.cpp:1515:2:1515:15 | ... = ... | Year field has been modified, but no appropriate check for LeapYear was found. |
| test.cpp:1545:2:1545:22 | ... += ... | test.cpp:1545:2:1545:22 | ... += ... | test.cpp:1545:2:1545:22 | ... += ... | Year field has been modified, but no appropriate check for LeapYear was found. |
| test.cpp:1553:2:1553:22 | ... += ... | test.cpp:1553:2:1553:22 | ... += ... | test.cpp:1553:2:1553:22 | ... += ... | Year field has been modified, but no appropriate check for LeapYear was found. |
| test.cpp:1632:2:1632:22 | ... += ... | test.cpp:1632:2:1632:22 | ... += ... | test.cpp:1632:2:1632:22 | ... += ... | Year field has been modified, but no appropriate check for LeapYear was found. |
| test.cpp:1644:2:1644:22 | ... += ... | test.cpp:1644:2:1644:22 | ... += ... | test.cpp:1644:2:1644:22 | ... += ... | Year field has been modified, but no appropriate check for LeapYear was found. |
| test.cpp:1677:2:1677:22 | ... += ... | test.cpp:1677:2:1677:22 | ... += ... | test.cpp:1677:2:1677:22 | ... += ... | Year field has been modified, but no appropriate check for LeapYear was found. |
| test.cpp:1753:2:1753:22 | ... += ... | test.cpp:1753:2:1753:22 | ... += ... | test.cpp:1753:2:1753:22 | ... += ... | Year field has been modified, but no appropriate check for LeapYear was found. |
edges
| test.cpp:813:21:813:40 | ... + ... | test.cpp:813:2:813:40 | ... = ... | provenance | |
| test.cpp:818:13:818:24 | ... + ... | test.cpp:818:2:818:24 | ... = ... | provenance | |
| test.cpp:951:14:951:25 | ... + ... | test.cpp:951:3:951:25 | ... = ... | provenance | |
| test.cpp:1038:26:1038:26 | *x | test.cpp:1051:16:1051:23 | increment_arg output argument | provenance | |
| test.cpp:1039:2:1039:4 | ... ++ | test.cpp:1038:26:1038:26 | *x | provenance | |
| test.cpp:1042:37:1042:37 | *x | test.cpp:1055:27:1055:35 | increment_arg_by_pointer output argument | provenance | |
| test.cpp:1043:2:1043:7 | ... ++ | test.cpp:1042:37:1042:37 | *x | provenance | |
| test.cpp:1109:14:1109:26 | ... - ... | test.cpp:1109:2:1109:26 | ... = ... | provenance | |
| test.cpp:1158:2:1158:15 | ... += ... | test.cpp:1160:2:1160:19 | ... = ... | provenance | |
| test.cpp:1199:16:1199:28 | ... + ... | test.cpp:1199:2:1199:28 | ... = ... | provenance | |
| test.cpp:1214:16:1214:28 | ... + ... | test.cpp:1214:2:1214:28 | ... = ... | provenance | |
| test.cpp:1228:16:1228:28 | ... + ... | test.cpp:1228:2:1228:28 | ... = ... | provenance | |
| test.cpp:1242:14:1242:26 | ... + ... | test.cpp:1242:2:1242:26 | ... = ... | provenance | |
| test.cpp:1256:14:1256:26 | ... + ... | test.cpp:1256:2:1256:26 | ... = ... | provenance | |
| test.cpp:1262:16:1262:28 | ... + ... | test.cpp:1262:2:1262:28 | ... = ... | provenance | |
| test.cpp:1274:16:1274:28 | ... + ... | test.cpp:1274:2:1274:28 | ... = ... | provenance | |
| test.cpp:1287:14:1287:26 | ... + ... | test.cpp:1287:2:1287:26 | ... = ... | provenance | |
| test.cpp:1299:14:1299:26 | ... + ... | test.cpp:1299:2:1299:26 | ... = ... | provenance | |
| test.cpp:1338:20:1338:23 | year | test.cpp:1341:2:1341:17 | ... = ... | provenance | |
| test.cpp:1351:15:1351:22 | ... + ... | test.cpp:1351:3:1351:22 | ... = ... | provenance | |
| test.cpp:1356:12:1356:17 | ... + ... | test.cpp:1338:20:1338:23 | year | provenance | |
| test.cpp:1365:15:1365:22 | ... + ... | test.cpp:1365:3:1365:22 | ... = ... | provenance | |
| test.cpp:1375:3:1375:20 | ... = ... | test.cpp:1377:12:1377:18 | yeartmp | provenance | |
| test.cpp:1375:13:1375:20 | ... + ... | test.cpp:1375:3:1375:20 | ... = ... | provenance | |
| test.cpp:1377:12:1377:18 | yeartmp | test.cpp:1338:20:1338:23 | year | provenance | |
| test.cpp:1420:15:1420:22 | ... + ... | test.cpp:1420:3:1420:22 | ... = ... | provenance | |
| test.cpp:1425:12:1425:17 | ... + ... | test.cpp:1338:20:1338:23 | year | provenance | |
| test.cpp:1432:12:1432:17 | ... + ... | test.cpp:1338:20:1338:23 | year | provenance | |
| test.cpp:1446:2:1446:16 | ... = ... | test.cpp:1450:3:1450:18 | ... = ... | provenance | |
| test.cpp:1446:2:1446:16 | ... = ... | test.cpp:1455:12:1455:15 | year | provenance | |
| test.cpp:1446:9:1446:16 | ... + ... | test.cpp:1446:2:1446:16 | ... = ... | provenance | |
| test.cpp:1455:12:1455:15 | year | test.cpp:1338:20:1338:23 | year | provenance | |
| test.cpp:1458:2:1458:16 | ... = ... | test.cpp:1464:12:1464:15 | year | provenance | |
| test.cpp:1458:9:1458:16 | ... + ... | test.cpp:1458:2:1458:16 | ... = ... | provenance | |
| test.cpp:1464:12:1464:15 | year | test.cpp:1338:20:1338:23 | year | provenance | |
| test.cpp:1512:2:1512:10 | ... += ... | test.cpp:1515:2:1515:15 | ... = ... | provenance | |
nodes
| test.cpp:422:2:422:14 | ... += ... | semmle.label | ... += ... |
| test.cpp:440:2:440:11 | ... ++ | semmle.label | ... ++ |
| test.cpp:456:2:456:12 | ... ++ | semmle.label | ... ++ |
| test.cpp:482:3:482:12 | ... ++ | semmle.label | ... ++ |
| test.cpp:681:2:681:23 | ... += ... | semmle.label | ... += ... |
| test.cpp:813:2:813:40 | ... = ... | semmle.label | ... = ... |
| test.cpp:813:21:813:40 | ... + ... | semmle.label | ... + ... |
| test.cpp:818:2:818:24 | ... = ... | semmle.label | ... = ... |
| test.cpp:818:13:818:24 | ... + ... | semmle.label | ... + ... |
| test.cpp:872:4:872:15 | ... ++ | semmle.label | ... ++ |
| test.cpp:951:3:951:25 | ... = ... | semmle.label | ... = ... |
| test.cpp:951:14:951:25 | ... + ... | semmle.label | ... + ... |
| test.cpp:969:3:969:12 | ... ++ | semmle.label | ... ++ |
| test.cpp:1031:2:1031:11 | ... ++ | semmle.label | ... ++ |
| test.cpp:1038:26:1038:26 | *x | semmle.label | *x |
| test.cpp:1039:2:1039:4 | ... ++ | semmle.label | ... ++ |
| test.cpp:1042:37:1042:37 | *x | semmle.label | *x |
| test.cpp:1043:2:1043:7 | ... ++ | semmle.label | ... ++ |
| test.cpp:1051:16:1051:23 | increment_arg output argument | semmle.label | increment_arg output argument |
| test.cpp:1055:27:1055:35 | increment_arg_by_pointer output argument | semmle.label | increment_arg_by_pointer output argument |
| test.cpp:1109:2:1109:26 | ... = ... | semmle.label | ... = ... |
| test.cpp:1109:14:1109:26 | ... - ... | semmle.label | ... - ... |
| test.cpp:1158:2:1158:15 | ... += ... | semmle.label | ... += ... |
| test.cpp:1160:2:1160:19 | ... = ... | semmle.label | ... = ... |
| test.cpp:1199:2:1199:28 | ... = ... | semmle.label | ... = ... |
| test.cpp:1199:16:1199:28 | ... + ... | semmle.label | ... + ... |
| test.cpp:1214:2:1214:28 | ... = ... | semmle.label | ... = ... |
| test.cpp:1214:16:1214:28 | ... + ... | semmle.label | ... + ... |
| test.cpp:1228:2:1228:28 | ... = ... | semmle.label | ... = ... |
| test.cpp:1228:16:1228:28 | ... + ... | semmle.label | ... + ... |
| test.cpp:1242:2:1242:26 | ... = ... | semmle.label | ... = ... |
| test.cpp:1242:14:1242:26 | ... + ... | semmle.label | ... + ... |
| test.cpp:1256:2:1256:26 | ... = ... | semmle.label | ... = ... |
| test.cpp:1256:14:1256:26 | ... + ... | semmle.label | ... + ... |
| test.cpp:1262:2:1262:28 | ... = ... | semmle.label | ... = ... |
| test.cpp:1262:16:1262:28 | ... + ... | semmle.label | ... + ... |
| test.cpp:1274:2:1274:28 | ... = ... | semmle.label | ... = ... |
| test.cpp:1274:16:1274:28 | ... + ... | semmle.label | ... + ... |
| test.cpp:1287:2:1287:26 | ... = ... | semmle.label | ... = ... |
| test.cpp:1287:14:1287:26 | ... + ... | semmle.label | ... + ... |
| test.cpp:1299:2:1299:26 | ... = ... | semmle.label | ... = ... |
| test.cpp:1299:14:1299:26 | ... + ... | semmle.label | ... + ... |
| test.cpp:1338:20:1338:23 | year | semmle.label | year |
| test.cpp:1341:2:1341:17 | ... = ... | semmle.label | ... = ... |
| test.cpp:1351:3:1351:22 | ... = ... | semmle.label | ... = ... |
| test.cpp:1351:15:1351:22 | ... + ... | semmle.label | ... + ... |
| test.cpp:1356:12:1356:17 | ... + ... | semmle.label | ... + ... |
| test.cpp:1365:3:1365:22 | ... = ... | semmle.label | ... = ... |
| test.cpp:1365:15:1365:22 | ... + ... | semmle.label | ... + ... |
| test.cpp:1375:3:1375:20 | ... = ... | semmle.label | ... = ... |
| test.cpp:1375:13:1375:20 | ... + ... | semmle.label | ... + ... |
| test.cpp:1377:12:1377:18 | yeartmp | semmle.label | yeartmp |
| test.cpp:1420:3:1420:22 | ... = ... | semmle.label | ... = ... |
| test.cpp:1420:15:1420:22 | ... + ... | semmle.label | ... + ... |
| test.cpp:1425:12:1425:17 | ... + ... | semmle.label | ... + ... |
| test.cpp:1432:12:1432:17 | ... + ... | semmle.label | ... + ... |
| test.cpp:1446:2:1446:16 | ... = ... | semmle.label | ... = ... |
| test.cpp:1446:9:1446:16 | ... + ... | semmle.label | ... + ... |
| test.cpp:1450:3:1450:18 | ... = ... | semmle.label | ... = ... |
| test.cpp:1455:12:1455:15 | year | semmle.label | year |
| test.cpp:1458:2:1458:16 | ... = ... | semmle.label | ... = ... |
| test.cpp:1458:9:1458:16 | ... + ... | semmle.label | ... + ... |
| test.cpp:1464:12:1464:15 | year | semmle.label | year |
| test.cpp:1512:2:1512:10 | ... += ... | semmle.label | ... += ... |
| test.cpp:1515:2:1515:15 | ... = ... | semmle.label | ... = ... |
| test.cpp:1545:2:1545:22 | ... += ... | semmle.label | ... += ... |
| test.cpp:1553:2:1553:22 | ... += ... | semmle.label | ... += ... |
| test.cpp:1632:2:1632:22 | ... += ... | semmle.label | ... += ... |
| test.cpp:1644:2:1644:22 | ... += ... | semmle.label | ... += ... |
| test.cpp:1677:2:1677:22 | ... += ... | semmle.label | ... += ... |
| test.cpp:1753:2:1753:22 | ... += ... | semmle.label | ... += ... |
subpaths

3
cpp/ql/test/query-tests/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification/UncheckedLeapYearAfterYearModification.qlref
View File

@@ -1 +1,2 @@
Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql
query: Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql
postprocess: utils/test/InlineExpectationsTestQuery.ql

11
cpp/ql/test/query-tests/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification/UncheckedReturnValueForTimeFunctions.expected
View File

@@ -1,5 +1,6 @@
| test.cpp:317:2:317:21 | call to SystemTimeToFileTime | Return value of $@ function should be verified to check for any error because variable $@ is not guaranteed to be safe. | test.cpp:63:1:63:20 | SystemTimeToFileTime | SystemTimeToFileTime | test.cpp:309:13:309:14 | st | st |
| test.cpp:330:2:330:21 | call to SystemTimeToFileTime | Return value of $@ function should be verified to check for any error because variable $@ is not guaranteed to be safe. | test.cpp:63:1:63:20 | SystemTimeToFileTime | SystemTimeToFileTime | test.cpp:322:13:322:14 | st | st |
| test.cpp:341:2:341:21 | call to SystemTimeToFileTime | Return value of $@ function should be verified to check for any error because variable $@ is not guaranteed to be safe. | test.cpp:63:1:63:20 | SystemTimeToFileTime | SystemTimeToFileTime | test.cpp:333:62:333:63 | st | st |
| test.cpp:720:2:720:21 | call to SystemTimeToFileTime | Return value of $@ function should be verified to check for any error because variable $@ is not guaranteed to be safe. | test.cpp:63:1:63:20 | SystemTimeToFileTime | SystemTimeToFileTime | test.cpp:712:13:712:14 | st | st |
| test.cpp:735:2:735:21 | call to SystemTimeToFileTime | Return value of $@ function should be verified to check for any error because variable $@ is not guaranteed to be safe. | test.cpp:63:1:63:20 | SystemTimeToFileTime | SystemTimeToFileTime | test.cpp:725:13:725:14 | st | st |
| test.cpp:425:2:425:21 | call to SystemTimeToFileTime | Return value of $@ function should be verified to check for any error because variable $@ is not guaranteed to be safe. | test.cpp:101:1:101:20 | SystemTimeToFileTime | SystemTimeToFileTime | test.cpp:417:13:417:14 | st | st |
| test.cpp:443:2:443:21 | call to SystemTimeToFileTime | Return value of $@ function should be verified to check for any error because variable $@ is not guaranteed to be safe. | test.cpp:101:1:101:20 | SystemTimeToFileTime | SystemTimeToFileTime | test.cpp:435:13:435:14 | st | st |
| test.cpp:459:2:459:21 | call to SystemTimeToFileTime | Return value of $@ function should be verified to check for any error because variable $@ is not guaranteed to be safe. | test.cpp:101:1:101:20 | SystemTimeToFileTime | SystemTimeToFileTime | test.cpp:451:62:451:63 | st | st |
| test.cpp:953:3:953:22 | call to SystemTimeToFileTime | Return value of $@ function should be verified to check for any error because variable $@ is not guaranteed to be safe. | test.cpp:101:1:101:20 | SystemTimeToFileTime | SystemTimeToFileTime | test.cpp:944:14:944:15 | st | st |
| test.cpp:971:3:971:22 | call to SystemTimeToFileTime | Return value of $@ function should be verified to check for any error because variable $@ is not guaranteed to be safe. | test.cpp:101:1:101:20 | SystemTimeToFileTime | SystemTimeToFileTime | test.cpp:962:14:962:15 | st | st |
| test.cpp:1035:2:1035:21 | call to SystemTimeToFileTime | Return value of $@ function should be verified to check for any error because variable $@ is not guaranteed to be safe. | test.cpp:101:1:101:20 | SystemTimeToFileTime | SystemTimeToFileTime | test.cpp:1025:13:1025:14 | st | st |

1246
cpp/ql/test/query-tests/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification/test.cpp
View File

File diff suppressed because it is too large Load Diff

5
cpp/ql/test/query-tests/Likely Bugs/Memory Management/ReturnStackAllocatedMemory/test.cpp
View File

@@ -250,3 +250,8 @@ void* test_strndupa(const char* s, size_t size) {
return s2; // BAD
}
int* f_rec(int *p) {
int x;
int* px = f_rec(&x); // GOOD
return p;
}

8
cpp/ql/test/query-tests/Likely Bugs/Underspecified Functions/MistypedFunctionArguments.expected
View File

@@ -2,10 +2,10 @@
| test.c:33:3:33:19 | call to not_yet_declared2 | Calling $@: argument $@ of type $@ is incompatible with parameter $@. | test.c:77:6:77:22 | not_yet_declared2 | not_yet_declared2 | test.c:33:21:33:22 | ca | ca | file://:0:0:0:0 | int[4] | int[4] | test.c:77:24:77:26 | (unnamed parameter 0) | int (unnamed parameter 0) |
| test.c:41:3:41:29 | call to declared_empty_defined_with | Calling $@: argument $@ of type $@ is incompatible with parameter $@. | test.c:78:6:78:32 | declared_empty_defined_with | declared_empty_defined_with | test.c:41:31:41:32 | & ... | & ... | file://:0:0:0:0 | int * | int * | test.c:78:38:78:38 | x | int x |
| test.c:45:3:45:27 | call to not_declared_defined_with | Calling $@: argument $@ of type $@ is incompatible with parameter $@. | test.c:81:6:81:30 | not_declared_defined_with | not_declared_defined_with | test.c:45:29:45:31 | 4 | 4 | file://:0:0:0:0 | long long | long long | test.c:81:36:81:36 | x | int x |
| test.c:45:3:45:27 | call to not_declared_defined_with | Calling $@: argument $@ of type $@ is incompatible with parameter $@. | test.c:81:6:81:30 | not_declared_defined_with | not_declared_defined_with | test.c:45:37:45:42 | 2500000000.0 | 2500000000.0 | file://:0:0:0:0 | float | float | test.c:81:50:81:50 | z | int z |
| test.c:48:3:48:24 | call to declared_with_pointers | Calling $@: argument $@ of type $@ is incompatible with parameter $@. | test.c:5:6:5:27 | declared_with_pointers | declared_with_pointers | test.c:48:26:48:31 | 3500000000000000.0 | 3500000000000000.0 | file://:0:0:0:0 | double | double | test.c:93:34:93:34 | x | int * x |
| test.c:45:3:45:27 | call to not_declared_defined_with | Calling $@: argument $@ of type $@ is incompatible with parameter $@. | test.c:81:6:81:30 | not_declared_defined_with | not_declared_defined_with | test.c:45:37:45:42 | 2.5E9 | 2.5E9 | file://:0:0:0:0 | float | float | test.c:81:50:81:50 | z | int z |
| test.c:48:3:48:24 | call to declared_with_pointers | Calling $@: argument $@ of type $@ is incompatible with parameter $@. | test.c:5:6:5:27 | declared_with_pointers | declared_with_pointers | test.c:48:26:48:31 | 3.5E15 | 3.5E15 | file://:0:0:0:0 | double | double | test.c:93:34:93:34 | x | int * x |
| test.c:48:3:48:24 | call to declared_with_pointers | Calling $@: argument $@ of type $@ is incompatible with parameter $@. | test.c:5:6:5:27 | declared_with_pointers | declared_with_pointers | test.c:48:34:48:34 | 0 | 0 | file://:0:0:0:0 | int | int | test.c:93:43:93:43 | y | void * y |
| test.c:48:3:48:24 | call to declared_with_pointers | Calling $@: argument $@ of type $@ is incompatible with parameter $@. | test.c:93:6:93:27 | declared_with_pointers | declared_with_pointers | test.c:48:26:48:31 | 3500000000000000.0 | 3500000000000000.0 | file://:0:0:0:0 | double | double | test.c:93:34:93:34 | x | int * x |
| test.c:48:3:48:24 | call to declared_with_pointers | Calling $@: argument $@ of type $@ is incompatible with parameter $@. | test.c:93:6:93:27 | declared_with_pointers | declared_with_pointers | test.c:48:26:48:31 | 3.5E15 | 3.5E15 | file://:0:0:0:0 | double | double | test.c:93:34:93:34 | x | int * x |
| test.c:48:3:48:24 | call to declared_with_pointers | Calling $@: argument $@ of type $@ is incompatible with parameter $@. | test.c:93:6:93:27 | declared_with_pointers | declared_with_pointers | test.c:48:34:48:34 | 0 | 0 | file://:0:0:0:0 | int | int | test.c:93:43:93:43 | y | void * y |
| test.c:50:3:50:21 | call to declared_with_array | Calling $@: argument $@ of type $@ is incompatible with parameter $@. | test.c:6:6:6:24 | declared_with_array | declared_with_array | test.c:50:23:50:24 | & ... | & ... | file://:0:0:0:0 | int * | int * | test.c:94:31:94:31 | a | char[6] a |
| test.c:50:3:50:21 | call to declared_with_array | Calling $@: argument $@ of type $@ is incompatible with parameter $@. | test.c:94:6:94:24 | declared_with_array | declared_with_array | test.c:50:23:50:24 | & ... | & ... | file://:0:0:0:0 | int * | int * | test.c:94:31:94:31 | a | char[6] a |
@@ -15,4 +15,4 @@
| test.c:58:3:58:24 | call to defined_with_long_long | Calling $@: argument $@ of type $@ is incompatible with parameter $@. | test.c:104:11:104:32 | defined_with_long_long | defined_with_long_long | test.c:58:26:58:28 | 99 | 99 | file://:0:0:0:0 | int | int | test.c:104:44:104:45 | ll | long long ll |
| test.c:59:3:59:24 | call to defined_with_long_long | Calling $@: argument $@ of type $@ is incompatible with parameter $@. | test.c:104:11:104:32 | defined_with_long_long | defined_with_long_long | test.c:59:26:59:26 | 3 | 3 | file://:0:0:0:0 | int | int | test.c:104:44:104:45 | ll | long long ll |
| test.c:61:3:61:21 | call to defined_with_double | Calling $@: argument $@ of type $@ is incompatible with parameter $@. | test.c:100:8:100:26 | defined_with_double | defined_with_double | test.c:61:23:61:25 | 2 | 2 | file://:0:0:0:0 | long long | long long | test.c:100:35:100:35 | d | double d |
| test.c:62:3:62:24 | call to defined_with_long_long | Calling $@: argument $@ of type $@ is incompatible with parameter $@. | test.c:104:11:104:32 | defined_with_long_long | defined_with_long_long | test.c:62:26:62:31 | 3500000000000000.0 | 3500000000000000.0 | file://:0:0:0:0 | double | double | test.c:104:44:104:45 | ll | long long ll |
| test.c:62:3:62:24 | call to defined_with_long_long | Calling $@: argument $@ of type $@ is incompatible with parameter $@. | test.c:104:11:104:32 | defined_with_long_long | defined_with_long_long | test.c:62:26:62:31 | 3.5E15 | 3.5E15 | file://:0:0:0:0 | double | double | test.c:104:44:104:45 | ll | long long ll |

12
csharp/extractor/Semmle.Extraction.CSharp/Entities/Event.cs
View File

@@ -11,6 +11,10 @@ namespace Semmle.Extraction.CSharp.Entities
private Event(Context cx, IEventSymbol init)
: base(cx, init) { }
protected override IEventSymbol BodyDeclaringSymbol => Symbol.PartialImplementationPart ?? Symbol;
public override Microsoft.CodeAnalysis.Location? ReportingLocation => BodyDeclaringSymbol.Locations.BestOrDefault();
public override void WriteId(EscapingTextWriter trapFile)
{
trapFile.WriteSubId(ContainingType!);
@@ -27,13 +31,13 @@ namespace Semmle.Extraction.CSharp.Entities
var type = Type.Create(Context, Symbol.Type);
trapFile.events(this, Symbol.GetName(), ContainingType!, type.TypeRef, Create(Context, Symbol.OriginalDefinition));
var adder = Symbol.AddMethod;
var remover = Symbol.RemoveMethod;
var adder = BodyDeclaringSymbol.AddMethod;
var remover = BodyDeclaringSymbol.RemoveMethod;
if (!(adder is null))
if (adder is not null)
Method.Create(Context, adder);
if (!(remover is null))
if (remover is not null)
Method.Create(Context, remover);
PopulateModifiers(trapFile);

4
csharp/extractor/Semmle.Extraction.CSharp/Entities/EventAccessor.cs
View File

@@ -13,6 +13,10 @@ namespace Semmle.Extraction.CSharp.Entities
this.@event = @event;
}
public override bool NeedsPopulation =>
base.NeedsPopulation &&
!Symbol.IsPartialDefinition; // Accessors always have an implementing declaration as well.
/// <summary>
/// Gets the event symbol associated with accessor `symbol`, or `null`
/// if there is no associated symbol.

3
csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Factory.cs
View File

@@ -160,6 +160,9 @@ namespace Semmle.Extraction.CSharp.Entities.Expressions
case SyntaxKind.ThisExpression:
return This.CreateExplicit(info);
case SyntaxKind.FieldExpression:
return PropertyFieldAccess.Create(info);
case SyntaxKind.AddressOfExpression:
return Unary.Create(info.SetKind(ExprKind.ADDRESS_OF));

28
csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/PropertyFieldAccess.cs Normal file
View File

@@ -0,0 +1,28 @@
using System.IO;
using Microsoft.CodeAnalysis;
using Microsoft.CodeAnalysis.CSharp.Syntax;
using Semmle.Extraction.Kinds;
namespace Semmle.Extraction.CSharp.Entities.Expressions
{
internal class PropertyFieldAccess : Expression<FieldExpressionSyntax>
{
private PropertyFieldAccess(ExpressionNodeInfo info) : base(info.SetKind(ExprKind.FIELD_ACCESS)) { }
public static Expression Create(ExpressionNodeInfo info) => new PropertyFieldAccess(info).TryPopulate();
protected override void PopulateExpression(TextWriter trapFile)
{
var symbolInfo = Context.GetSymbolInfo(Syntax);
if (symbolInfo.Symbol is IFieldSymbol field)
{
var target = PropertyField.Create(Context, field);
trapFile.expr_access(this, target);
if (!field.IsStatic)
{
This.CreateImplicit(Context, field.ContainingType, Location, this, -1);
}
}
}
}
}

2
csharp/extractor/Semmle.Extraction.CSharp/Entities/Field.cs
View File

@@ -10,7 +10,7 @@ namespace Semmle.Extraction.CSharp.Entities
{
internal class Field : CachedSymbol<IFieldSymbol>, IExpressionParentEntity
{
private Field(Context cx, IFieldSymbol init)
protected Field(Context cx, IFieldSymbol init)
: base(cx, init)
{
type = new Lazy<Type>(() => Entities.Type.Create(cx, Symbol.Type));

53
csharp/extractor/Semmle.Extraction.CSharp/Entities/PropertyField.cs Normal file
View File

@@ -0,0 +1,53 @@
using System.IO;
using Microsoft.CodeAnalysis;
using Semmle.Extraction.CSharp.Util;
using Semmle.Extraction.Kinds;
namespace Semmle.Extraction.CSharp.Entities
{
/// <summary>
/// Represents the autogenerated backing field `field` for a property.
/// It is only created for properties that use the `field` keyword in their getter or setter, and
/// is not created for auto-properties.
/// </summary>
internal class PropertyField : Field
{
protected PropertyField(Context cx, IFieldSymbol init)
: base(cx, init)
{
}
public static new PropertyField Create(Context cx, IFieldSymbol field) => PropertyFieldFactory.Instance.CreateEntity(cx, (field, field.AssociatedSymbol), field);
public override bool NeedsPopulation => true;
public override void Populate(TextWriter trapFile)
{
PopulateNullability(trapFile, Symbol.GetAnnotatedType());
var unboundFieldKey = PropertyField.Create(Context, Symbol.OriginalDefinition);
var name = Symbol.AssociatedSymbol is not null ? $"{Symbol.AssociatedSymbol.GetName()}.field" : Symbol.Name;
trapFile.fields(this, VariableKind.None, name, ContainingType!, Type.TypeRef, unboundFieldKey);
trapFile.compiler_generated(this);
PopulateModifiers(trapFile);
if (Context.OnlyScaffold)
{
return;
}
if (Context.ExtractLocation(Symbol))
{
WriteLocationsToTrap(trapFile.field_location, this, Locations);
}
}
private class PropertyFieldFactory : CachedEntityFactory<IFieldSymbol, PropertyField>
{
public static PropertyFieldFactory Instance { get; } = new PropertyFieldFactory();
public override PropertyField Create(Context cx, IFieldSymbol init) => new PropertyField(cx, init);
}
}
}

2
csharp/ql/campaigns/Solorigate/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-solorigate-all
version: 1.7.59
version: 1.7.60-dev
groups:
- csharp
- solorigate

2
csharp/ql/campaigns/Solorigate/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-solorigate-queries
version: 1.7.59
version: 1.7.60-dev
groups:
- csharp
- solorigate

19
csharp/ql/integration-tests/posix/conftest.py Normal file
View File

@@ -0,0 +1,19 @@
import runs_on
def _supports_mono_nuget():
"""
Helper function to determine if the current platform supports Mono and nuget.
Returns True if running on Linux or on macOS x86_64 (excluding macos-15 and macos-26).
macOS ARM runners (macos-15 and macos-26) are excluded due to issues with Mono and nuget.
"""
return (
runs_on.linux
or (
runs_on.macos
and runs_on.x86_64
and not runs_on.macos_15
and not runs_on.macos_26
)
)

8
csharp/ql/integration-tests/posix/standalone_dependencies_no_framework/test.py
View File

@@ -1,13 +1,9 @@
import runs_on
import pytest
import os
from ..conftest import _supports_mono_nuget
# Skipping the test on the ARM runners and macos-15, as we're running into trouble with Mono and nuget.
@pytest.mark.only_if(
runs_on.linux
or (runs_on.macos and runs_on.x86_64 and not runs_on.macos_15)
)
@pytest.mark.only_if(_supports_mono_nuget())
def test(codeql, csharp):
os.environ["CODEQL_EXTRACTOR_CSHARP_BUILDLESS_DOTNET_FRAMEWORK_REFERENCES"] = (
"/non-existent-path"

8
csharp/ql/integration-tests/posix/standalone_dependencies_nuget with_space/test.py
View File

@@ -1,13 +1,9 @@
import os
import runs_on
import pytest
from ..conftest import _supports_mono_nuget
# Skipping the test on the ARM runners and macos-15, as we're running into trouble with Mono and nuget.
@pytest.mark.only_if(
runs_on.linux
or (runs_on.macos and runs_on.x86_64 and not runs_on.macos_15)
)
@pytest.mark.only_if(_supports_mono_nuget())
def test(codeql, csharp):
# making sure we're not doing any fallback restore:
os.environ["CODEQL_EXTRACTOR_CSHARP_BUILDLESS_NUGET_FEEDS_CHECK_FALLBACK_TIMEOUT"] = "1"

8
csharp/ql/integration-tests/posix/standalone_dependencies_nuget/test.py
View File

@@ -1,11 +1,7 @@
import runs_on
import pytest
from ..conftest import _supports_mono_nuget
# Skipping the test on the ARM runners and macos-15, as we're running into trouble with Mono and nuget.
@pytest.mark.only_if(
runs_on.linux
or (runs_on.macos and runs_on.x86_64 and not runs_on.macos_15)
)
@pytest.mark.only_if(_supports_mono_nuget())
def test(codeql, csharp):
codeql.database.create(build_mode="none")

8
csharp/ql/integration-tests/posix/standalone_dependencies_nuget_no_sources/test.py
View File

@@ -1,11 +1,7 @@
import runs_on
import pytest
from ..conftest import _supports_mono_nuget
# Skipping the test on the ARM runners, as we're running into trouble with Mono and nuget.
@pytest.mark.only_if(
runs_on.linux
or (runs_on.macos and runs_on.x86_64 and not runs_on.macos_15)
)
@pytest.mark.only_if(_supports_mono_nuget())
def test(codeql, csharp):
codeql.database.create(source_root="proj", build_mode="none")

4
csharp/ql/lib/change-notes/2026-02-12-field-keyword.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* C# 14: Added support for the `field` keyword in properties.

4
csharp/ql/lib/change-notes/2026-02-16-partial-events.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* C# 14: Added support for partial events.

2
csharp/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-all
version: 5.4.7
version: 5.4.8-dev
groups: csharp
dbscheme: semmlecode.csharp.dbscheme
extractor: csharp

2
csharp/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-queries
version: 1.6.2
version: 1.6.3-dev
groups:
- csharp
- queries

62
csharp/ql/test/library-tests/dataflow/fields/D.cs
View File

@@ -89,3 +89,65 @@ public partial class DPartial
static T Source<T>(object source) => throw null;
}
public class DFieldProps
{
object FieldProp0
{
get { return field; }
set { field = value; }
} = Source<object>(0);
object FieldProp1
{
get { return field; }
set { field = value; }
}
object FieldProp2
{
get { return field; }
set
{
var x = value;
field = x;
}
}
static object StaticFieldProp
{
get { return field; }
set { field = value; }
}
private void M()
{
var d0 = new DFieldProps();
Sink(d0.FieldProp0); // $ hasValueFlow=0
Sink(d0.FieldProp1); // no flow
Sink(d0.FieldProp2); // no flow
var d1 = new DFieldProps();
var o1 = Source<object>(1);
d1.FieldProp1 = o1;
Sink(d1.FieldProp0); // $ hasValueFlow=0
Sink(d1.FieldProp1); // $ hasValueFlow=1
Sink(d1.FieldProp2); // no flow
var d2 = new DFieldProps();
var o2 = Source<object>(2);
d2.FieldProp2 = o2;
Sink(d2.FieldProp0); // $ hasValueFlow=0
Sink(d2.FieldProp1); // no flow
Sink(d2.FieldProp2); // $ hasValueFlow=2
var o3 = Source<object>(3);
DFieldProps.StaticFieldProp = o3;
Sink(DFieldProps.StaticFieldProp); // $ hasValueFlow=3
}
public static void Sink(object o) { }
static T Source<T>(object source) => throw null;
}

254
csharp/ql/test/library-tests/dataflow/fields/FieldFlow.expected
View File

@@ -532,6 +532,118 @@ edges
| D.cs:84:14:84:14 | access to local variable d : DPartial [field _backingField] : Object | D.cs:60:9:60:11 | this : DPartial [field _backingField] : Object | provenance | |
| D.cs:84:14:84:14 | access to local variable d : DPartial [field _backingField] : Object | D.cs:84:14:84:27 | access to property PartialProp1 | provenance | |
| D.cs:84:14:84:14 | access to local variable d : DPartial [field _backingField] : Object | D.cs:84:14:84:27 | access to property PartialProp1 | provenance | |
| D.cs:93:14:93:24 | [post] this access : DFieldProps [field FieldProp0.field] : Object | D.cs:125:18:125:34 | object creation of type DFieldProps : DFieldProps [field FieldProp0.field] : Object | provenance | |
| D.cs:93:14:93:24 | [post] this access : DFieldProps [field FieldProp0.field] : Object | D.cs:125:18:125:34 | object creation of type DFieldProps : DFieldProps [field FieldProp0.field] : Object | provenance | |
| D.cs:93:14:93:24 | [post] this access : DFieldProps [field FieldProp0.field] : Object | D.cs:130:18:130:34 | object creation of type DFieldProps : DFieldProps [field FieldProp0.field] : Object | provenance | |
| D.cs:93:14:93:24 | [post] this access : DFieldProps [field FieldProp0.field] : Object | D.cs:130:18:130:34 | object creation of type DFieldProps : DFieldProps [field FieldProp0.field] : Object | provenance | |
| D.cs:93:14:93:24 | [post] this access : DFieldProps [field FieldProp0.field] : Object | D.cs:137:18:137:34 | object creation of type DFieldProps : DFieldProps [field FieldProp0.field] : Object | provenance | |
| D.cs:93:14:93:24 | [post] this access : DFieldProps [field FieldProp0.field] : Object | D.cs:137:18:137:34 | object creation of type DFieldProps : DFieldProps [field FieldProp0.field] : Object | provenance | |
| D.cs:95:12:95:21 | [post] this access : DFieldProps [field FieldProp0.field] : Object | D.cs:93:14:93:24 | [post] this access : DFieldProps [field FieldProp0.field] : Object | provenance | |
| D.cs:95:12:95:21 | [post] this access : DFieldProps [field FieldProp0.field] : Object | D.cs:93:14:93:24 | [post] this access : DFieldProps [field FieldProp0.field] : Object | provenance | |
| D.cs:97:9:97:11 | this : DFieldProps [field FieldProp0.field] : Object | D.cs:97:22:97:26 | this access : DFieldProps [field FieldProp0.field] : Object | provenance | |
| D.cs:97:9:97:11 | this : DFieldProps [field FieldProp0.field] : Object | D.cs:97:22:97:26 | this access : DFieldProps [field FieldProp0.field] : Object | provenance | |
| D.cs:97:22:97:26 | this access : DFieldProps [field FieldProp0.field] : Object | D.cs:97:22:97:26 | access to field FieldProp0.field : Object | provenance | |
| D.cs:97:22:97:26 | this access : DFieldProps [field FieldProp0.field] : Object | D.cs:97:22:97:26 | access to field FieldProp0.field : Object | provenance | |
| D.cs:98:9:98:11 | value : Object | D.cs:98:23:98:27 | access to parameter value : Object | provenance | |
| D.cs:98:9:98:11 | value : Object | D.cs:98:23:98:27 | access to parameter value : Object | provenance | |
| D.cs:98:15:98:19 | [post] this access : DFieldProps [field FieldProp0.field] : Object | D.cs:98:9:98:11 | this [Return] : DFieldProps [field FieldProp0.field] : Object | provenance | |
| D.cs:98:15:98:19 | [post] this access : DFieldProps [field FieldProp0.field] : Object | D.cs:98:9:98:11 | this [Return] : DFieldProps [field FieldProp0.field] : Object | provenance | |
| D.cs:98:23:98:27 | access to parameter value : Object | D.cs:98:15:98:19 | [post] this access : DFieldProps [field FieldProp0.field] : Object | provenance | |
| D.cs:98:23:98:27 | access to parameter value : Object | D.cs:98:15:98:19 | [post] this access : DFieldProps [field FieldProp0.field] : Object | provenance | |
| D.cs:99:9:99:25 | call to method Source<Object> : Object | D.cs:95:12:95:21 | [post] this access : DFieldProps [field FieldProp0.field] : Object | provenance | |
| D.cs:99:9:99:25 | call to method Source<Object> : Object | D.cs:95:12:95:21 | [post] this access : DFieldProps [field FieldProp0.field] : Object | provenance | |
| D.cs:99:9:99:25 | call to method Source<Object> : Object | D.cs:98:9:98:11 | value : Object | provenance | |
| D.cs:99:9:99:25 | call to method Source<Object> : Object | D.cs:98:9:98:11 | value : Object | provenance | |
| D.cs:103:9:103:11 | this : DFieldProps [field FieldProp1.field] : Object | D.cs:103:22:103:26 | this access : DFieldProps [field FieldProp1.field] : Object | provenance | |
| D.cs:103:9:103:11 | this : DFieldProps [field FieldProp1.field] : Object | D.cs:103:22:103:26 | this access : DFieldProps [field FieldProp1.field] : Object | provenance | |
| D.cs:103:22:103:26 | this access : DFieldProps [field FieldProp1.field] : Object | D.cs:103:22:103:26 | access to field FieldProp1.field : Object | provenance | |
| D.cs:103:22:103:26 | this access : DFieldProps [field FieldProp1.field] : Object | D.cs:103:22:103:26 | access to field FieldProp1.field : Object | provenance | |
| D.cs:104:9:104:11 | value : Object | D.cs:104:23:104:27 | access to parameter value : Object | provenance | |
| D.cs:104:9:104:11 | value : Object | D.cs:104:23:104:27 | access to parameter value : Object | provenance | |
| D.cs:104:15:104:19 | [post] this access : DFieldProps [field FieldProp1.field] : Object | D.cs:104:9:104:11 | this [Return] : DFieldProps [field FieldProp1.field] : Object | provenance | |
| D.cs:104:15:104:19 | [post] this access : DFieldProps [field FieldProp1.field] : Object | D.cs:104:9:104:11 | this [Return] : DFieldProps [field FieldProp1.field] : Object | provenance | |
| D.cs:104:23:104:27 | access to parameter value : Object | D.cs:104:15:104:19 | [post] this access : DFieldProps [field FieldProp1.field] : Object | provenance | |
| D.cs:104:23:104:27 | access to parameter value : Object | D.cs:104:15:104:19 | [post] this access : DFieldProps [field FieldProp1.field] : Object | provenance | |
| D.cs:109:9:109:11 | this : DFieldProps [field FieldProp2.field] : Object | D.cs:109:22:109:26 | this access : DFieldProps [field FieldProp2.field] : Object | provenance | |
| D.cs:109:9:109:11 | this : DFieldProps [field FieldProp2.field] : Object | D.cs:109:22:109:26 | this access : DFieldProps [field FieldProp2.field] : Object | provenance | |
| D.cs:109:22:109:26 | this access : DFieldProps [field FieldProp2.field] : Object | D.cs:109:22:109:26 | access to field FieldProp2.field : Object | provenance | |
| D.cs:109:22:109:26 | this access : DFieldProps [field FieldProp2.field] : Object | D.cs:109:22:109:26 | access to field FieldProp2.field : Object | provenance | |
| D.cs:110:9:110:11 | value : Object | D.cs:112:17:112:17 | access to local variable x : Object | provenance | |
| D.cs:110:9:110:11 | value : Object | D.cs:112:17:112:17 | access to local variable x : Object | provenance | |
| D.cs:112:17:112:17 | access to local variable x : Object | D.cs:113:21:113:21 | access to local variable x : Object | provenance | |
| D.cs:112:17:112:17 | access to local variable x : Object | D.cs:113:21:113:21 | access to local variable x : Object | provenance | |
| D.cs:113:13:113:17 | [post] this access : DFieldProps [field FieldProp2.field] : Object | D.cs:110:9:110:11 | this [Return] : DFieldProps [field FieldProp2.field] : Object | provenance | |
| D.cs:113:13:113:17 | [post] this access : DFieldProps [field FieldProp2.field] : Object | D.cs:110:9:110:11 | this [Return] : DFieldProps [field FieldProp2.field] : Object | provenance | |
| D.cs:113:21:113:21 | access to local variable x : Object | D.cs:113:13:113:17 | [post] this access : DFieldProps [field FieldProp2.field] : Object | provenance | |
| D.cs:113:21:113:21 | access to local variable x : Object | D.cs:113:13:113:17 | [post] this access : DFieldProps [field FieldProp2.field] : Object | provenance | |
| D.cs:119:22:119:26 | access to field StaticFieldProp.field : Object | D.cs:146:14:146:40 | access to property StaticFieldProp | provenance | |
| D.cs:119:22:119:26 | access to field StaticFieldProp.field : Object | D.cs:146:14:146:40 | access to property StaticFieldProp | provenance | |
| D.cs:120:9:120:11 | value : Object | D.cs:120:23:120:27 | access to parameter value : Object | provenance | |
| D.cs:120:9:120:11 | value : Object | D.cs:120:23:120:27 | access to parameter value : Object | provenance | |
| D.cs:120:23:120:27 | access to parameter value : Object | D.cs:119:22:119:26 | access to field StaticFieldProp.field : Object | provenance | |
| D.cs:120:23:120:27 | access to parameter value : Object | D.cs:119:22:119:26 | access to field StaticFieldProp.field : Object | provenance | |
| D.cs:125:13:125:14 | access to local variable d0 : DFieldProps [field FieldProp0.field] : Object | D.cs:126:14:126:15 | access to local variable d0 : DFieldProps [field FieldProp0.field] : Object | provenance | |
| D.cs:125:13:125:14 | access to local variable d0 : DFieldProps [field FieldProp0.field] : Object | D.cs:126:14:126:15 | access to local variable d0 : DFieldProps [field FieldProp0.field] : Object | provenance | |
| D.cs:125:18:125:34 | object creation of type DFieldProps : DFieldProps [field FieldProp0.field] : Object | D.cs:125:13:125:14 | access to local variable d0 : DFieldProps [field FieldProp0.field] : Object | provenance | |
| D.cs:125:18:125:34 | object creation of type DFieldProps : DFieldProps [field FieldProp0.field] : Object | D.cs:125:13:125:14 | access to local variable d0 : DFieldProps [field FieldProp0.field] : Object | provenance | |
| D.cs:126:14:126:15 | access to local variable d0 : DFieldProps [field FieldProp0.field] : Object | D.cs:97:9:97:11 | this : DFieldProps [field FieldProp0.field] : Object | provenance | |
| D.cs:126:14:126:15 | access to local variable d0 : DFieldProps [field FieldProp0.field] : Object | D.cs:97:9:97:11 | this : DFieldProps [field FieldProp0.field] : Object | provenance | |
| D.cs:126:14:126:15 | access to local variable d0 : DFieldProps [field FieldProp0.field] : Object | D.cs:126:14:126:26 | access to property FieldProp0 | provenance | |
| D.cs:126:14:126:15 | access to local variable d0 : DFieldProps [field FieldProp0.field] : Object | D.cs:126:14:126:26 | access to property FieldProp0 | provenance | |
| D.cs:130:13:130:14 | access to local variable d1 : DFieldProps [field FieldProp0.field] : Object | D.cs:133:14:133:15 | access to local variable d1 : DFieldProps [field FieldProp0.field] : Object | provenance | |
| D.cs:130:13:130:14 | access to local variable d1 : DFieldProps [field FieldProp0.field] : Object | D.cs:133:14:133:15 | access to local variable d1 : DFieldProps [field FieldProp0.field] : Object | provenance | |
| D.cs:130:18:130:34 | object creation of type DFieldProps : DFieldProps [field FieldProp0.field] : Object | D.cs:130:13:130:14 | access to local variable d1 : DFieldProps [field FieldProp0.field] : Object | provenance | |
| D.cs:130:18:130:34 | object creation of type DFieldProps : DFieldProps [field FieldProp0.field] : Object | D.cs:130:13:130:14 | access to local variable d1 : DFieldProps [field FieldProp0.field] : Object | provenance | |
| D.cs:131:13:131:14 | access to local variable o1 : Object | D.cs:132:25:132:26 | access to local variable o1 : Object | provenance | |
| D.cs:131:13:131:14 | access to local variable o1 : Object | D.cs:132:25:132:26 | access to local variable o1 : Object | provenance | |
| D.cs:131:18:131:34 | call to method Source<Object> : Object | D.cs:131:13:131:14 | access to local variable o1 : Object | provenance | |
| D.cs:131:18:131:34 | call to method Source<Object> : Object | D.cs:131:13:131:14 | access to local variable o1 : Object | provenance | |
| D.cs:132:9:132:10 | [post] access to local variable d1 : DFieldProps [field FieldProp1.field] : Object | D.cs:134:14:134:15 | access to local variable d1 : DFieldProps [field FieldProp1.field] : Object | provenance | |
| D.cs:132:9:132:10 | [post] access to local variable d1 : DFieldProps [field FieldProp1.field] : Object | D.cs:134:14:134:15 | access to local variable d1 : DFieldProps [field FieldProp1.field] : Object | provenance | |
| D.cs:132:25:132:26 | access to local variable o1 : Object | D.cs:104:9:104:11 | value : Object | provenance | |
| D.cs:132:25:132:26 | access to local variable o1 : Object | D.cs:104:9:104:11 | value : Object | provenance | |
| D.cs:132:25:132:26 | access to local variable o1 : Object | D.cs:132:9:132:10 | [post] access to local variable d1 : DFieldProps [field FieldProp1.field] : Object | provenance | |
| D.cs:132:25:132:26 | access to local variable o1 : Object | D.cs:132:9:132:10 | [post] access to local variable d1 : DFieldProps [field FieldProp1.field] : Object | provenance | |
| D.cs:133:14:133:15 | access to local variable d1 : DFieldProps [field FieldProp0.field] : Object | D.cs:97:9:97:11 | this : DFieldProps [field FieldProp0.field] : Object | provenance | |
| D.cs:133:14:133:15 | access to local variable d1 : DFieldProps [field FieldProp0.field] : Object | D.cs:97:9:97:11 | this : DFieldProps [field FieldProp0.field] : Object | provenance | |
| D.cs:133:14:133:15 | access to local variable d1 : DFieldProps [field FieldProp0.field] : Object | D.cs:133:14:133:26 | access to property FieldProp0 | provenance | |
| D.cs:133:14:133:15 | access to local variable d1 : DFieldProps [field FieldProp0.field] : Object | D.cs:133:14:133:26 | access to property FieldProp0 | provenance | |
| D.cs:134:14:134:15 | access to local variable d1 : DFieldProps [field FieldProp1.field] : Object | D.cs:103:9:103:11 | this : DFieldProps [field FieldProp1.field] : Object | provenance | |
| D.cs:134:14:134:15 | access to local variable d1 : DFieldProps [field FieldProp1.field] : Object | D.cs:103:9:103:11 | this : DFieldProps [field FieldProp1.field] : Object | provenance | |
| D.cs:134:14:134:15 | access to local variable d1 : DFieldProps [field FieldProp1.field] : Object | D.cs:134:14:134:26 | access to property FieldProp1 | provenance | |
| D.cs:134:14:134:15 | access to local variable d1 : DFieldProps [field FieldProp1.field] : Object | D.cs:134:14:134:26 | access to property FieldProp1 | provenance | |
| D.cs:137:13:137:14 | access to local variable d2 : DFieldProps [field FieldProp0.field] : Object | D.cs:140:14:140:15 | access to local variable d2 : DFieldProps [field FieldProp0.field] : Object | provenance | |
| D.cs:137:13:137:14 | access to local variable d2 : DFieldProps [field FieldProp0.field] : Object | D.cs:140:14:140:15 | access to local variable d2 : DFieldProps [field FieldProp0.field] : Object | provenance | |
| D.cs:137:18:137:34 | object creation of type DFieldProps : DFieldProps [field FieldProp0.field] : Object | D.cs:137:13:137:14 | access to local variable d2 : DFieldProps [field FieldProp0.field] : Object | provenance | |
| D.cs:137:18:137:34 | object creation of type DFieldProps : DFieldProps [field FieldProp0.field] : Object | D.cs:137:13:137:14 | access to local variable d2 : DFieldProps [field FieldProp0.field] : Object | provenance | |
| D.cs:138:13:138:14 | access to local variable o2 : Object | D.cs:139:25:139:26 | access to local variable o2 : Object | provenance | |
| D.cs:138:13:138:14 | access to local variable o2 : Object | D.cs:139:25:139:26 | access to local variable o2 : Object | provenance | |
| D.cs:138:18:138:34 | call to method Source<Object> : Object | D.cs:138:13:138:14 | access to local variable o2 : Object | provenance | |
| D.cs:138:18:138:34 | call to method Source<Object> : Object | D.cs:138:13:138:14 | access to local variable o2 : Object | provenance | |
| D.cs:139:9:139:10 | [post] access to local variable d2 : DFieldProps [field FieldProp2.field] : Object | D.cs:142:14:142:15 | access to local variable d2 : DFieldProps [field FieldProp2.field] : Object | provenance | |
| D.cs:139:9:139:10 | [post] access to local variable d2 : DFieldProps [field FieldProp2.field] : Object | D.cs:142:14:142:15 | access to local variable d2 : DFieldProps [field FieldProp2.field] : Object | provenance | |
| D.cs:139:25:139:26 | access to local variable o2 : Object | D.cs:110:9:110:11 | value : Object | provenance | |
| D.cs:139:25:139:26 | access to local variable o2 : Object | D.cs:110:9:110:11 | value : Object | provenance | |
| D.cs:139:25:139:26 | access to local variable o2 : Object | D.cs:139:9:139:10 | [post] access to local variable d2 : DFieldProps [field FieldProp2.field] : Object | provenance | |
| D.cs:139:25:139:26 | access to local variable o2 : Object | D.cs:139:9:139:10 | [post] access to local variable d2 : DFieldProps [field FieldProp2.field] : Object | provenance | |
| D.cs:140:14:140:15 | access to local variable d2 : DFieldProps [field FieldProp0.field] : Object | D.cs:97:9:97:11 | this : DFieldProps [field FieldProp0.field] : Object | provenance | |
| D.cs:140:14:140:15 | access to local variable d2 : DFieldProps [field FieldProp0.field] : Object | D.cs:97:9:97:11 | this : DFieldProps [field FieldProp0.field] : Object | provenance | |
| D.cs:140:14:140:15 | access to local variable d2 : DFieldProps [field FieldProp0.field] : Object | D.cs:140:14:140:26 | access to property FieldProp0 | provenance | |
| D.cs:140:14:140:15 | access to local variable d2 : DFieldProps [field FieldProp0.field] : Object | D.cs:140:14:140:26 | access to property FieldProp0 | provenance | |
| D.cs:142:14:142:15 | access to local variable d2 : DFieldProps [field FieldProp2.field] : Object | D.cs:109:9:109:11 | this : DFieldProps [field FieldProp2.field] : Object | provenance | |
| D.cs:142:14:142:15 | access to local variable d2 : DFieldProps [field FieldProp2.field] : Object | D.cs:109:9:109:11 | this : DFieldProps [field FieldProp2.field] : Object | provenance | |
| D.cs:142:14:142:15 | access to local variable d2 : DFieldProps [field FieldProp2.field] : Object | D.cs:142:14:142:26 | access to property FieldProp2 | provenance | |
| D.cs:142:14:142:15 | access to local variable d2 : DFieldProps [field FieldProp2.field] : Object | D.cs:142:14:142:26 | access to property FieldProp2 | provenance | |
| D.cs:144:13:144:14 | access to local variable o3 : Object | D.cs:145:9:145:35 | access to property StaticFieldProp : Object | provenance | |
| D.cs:144:13:144:14 | access to local variable o3 : Object | D.cs:145:9:145:35 | access to property StaticFieldProp : Object | provenance | |
| D.cs:144:13:144:14 | access to local variable o3 : Object | D.cs:145:39:145:40 | access to local variable o3 : Object | provenance | |
| D.cs:144:13:144:14 | access to local variable o3 : Object | D.cs:145:39:145:40 | access to local variable o3 : Object | provenance | |
| D.cs:144:18:144:34 | call to method Source<Object> : Object | D.cs:144:13:144:14 | access to local variable o3 : Object | provenance | |
| D.cs:144:18:144:34 | call to method Source<Object> : Object | D.cs:144:13:144:14 | access to local variable o3 : Object | provenance | |
| D.cs:145:9:145:35 | access to property StaticFieldProp : Object | D.cs:146:14:146:40 | access to property StaticFieldProp | provenance | |
| D.cs:145:9:145:35 | access to property StaticFieldProp : Object | D.cs:146:14:146:40 | access to property StaticFieldProp | provenance | |
| D.cs:145:39:145:40 | access to local variable o3 : Object | D.cs:120:9:120:11 | value : Object | provenance | |
| D.cs:145:39:145:40 | access to local variable o3 : Object | D.cs:120:9:120:11 | value : Object | provenance | |
| E.cs:8:29:8:29 | o : Object | E.cs:11:21:11:21 | access to parameter o : Object | provenance | |
| E.cs:8:29:8:29 | o : Object | E.cs:11:21:11:21 | access to parameter o : Object | provenance | |
| E.cs:11:9:11:11 | [post] access to local variable ret : S [field Field] : Object | E.cs:12:16:12:18 | access to local variable ret : S [field Field] : Object | provenance | |
@@ -1807,6 +1919,120 @@ nodes
| D.cs:84:14:84:14 | access to local variable d : DPartial [field _backingField] : Object | semmle.label | access to local variable d : DPartial [field _backingField] : Object |
| D.cs:84:14:84:27 | access to property PartialProp1 | semmle.label | access to property PartialProp1 |
| D.cs:84:14:84:27 | access to property PartialProp1 | semmle.label | access to property PartialProp1 |
| D.cs:93:14:93:24 | [post] this access : DFieldProps [field FieldProp0.field] : Object | semmle.label | [post] this access : DFieldProps [field FieldProp0.field] : Object |
| D.cs:93:14:93:24 | [post] this access : DFieldProps [field FieldProp0.field] : Object | semmle.label | [post] this access : DFieldProps [field FieldProp0.field] : Object |
| D.cs:95:12:95:21 | [post] this access : DFieldProps [field FieldProp0.field] : Object | semmle.label | [post] this access : DFieldProps [field FieldProp0.field] : Object |
| D.cs:95:12:95:21 | [post] this access : DFieldProps [field FieldProp0.field] : Object | semmle.label | [post] this access : DFieldProps [field FieldProp0.field] : Object |
| D.cs:97:9:97:11 | this : DFieldProps [field FieldProp0.field] : Object | semmle.label | this : DFieldProps [field FieldProp0.field] : Object |
| D.cs:97:9:97:11 | this : DFieldProps [field FieldProp0.field] : Object | semmle.label | this : DFieldProps [field FieldProp0.field] : Object |
| D.cs:97:22:97:26 | access to field FieldProp0.field : Object | semmle.label | access to field FieldProp0.field : Object |
| D.cs:97:22:97:26 | access to field FieldProp0.field : Object | semmle.label | access to field FieldProp0.field : Object |
| D.cs:97:22:97:26 | this access : DFieldProps [field FieldProp0.field] : Object | semmle.label | this access : DFieldProps [field FieldProp0.field] : Object |
| D.cs:97:22:97:26 | this access : DFieldProps [field FieldProp0.field] : Object | semmle.label | this access : DFieldProps [field FieldProp0.field] : Object |
| D.cs:98:9:98:11 | this [Return] : DFieldProps [field FieldProp0.field] : Object | semmle.label | this [Return] : DFieldProps [field FieldProp0.field] : Object |
| D.cs:98:9:98:11 | this [Return] : DFieldProps [field FieldProp0.field] : Object | semmle.label | this [Return] : DFieldProps [field FieldProp0.field] : Object |
| D.cs:98:9:98:11 | value : Object | semmle.label | value : Object |
| D.cs:98:9:98:11 | value : Object | semmle.label | value : Object |
| D.cs:98:15:98:19 | [post] this access : DFieldProps [field FieldProp0.field] : Object | semmle.label | [post] this access : DFieldProps [field FieldProp0.field] : Object |
| D.cs:98:15:98:19 | [post] this access : DFieldProps [field FieldProp0.field] : Object | semmle.label | [post] this access : DFieldProps [field FieldProp0.field] : Object |
| D.cs:98:23:98:27 | access to parameter value : Object | semmle.label | access to parameter value : Object |
| D.cs:98:23:98:27 | access to parameter value : Object | semmle.label | access to parameter value : Object |
| D.cs:99:9:99:25 | call to method Source<Object> : Object | semmle.label | call to method Source<Object> : Object |
| D.cs:99:9:99:25 | call to method Source<Object> : Object | semmle.label | call to method Source<Object> : Object |
| D.cs:103:9:103:11 | this : DFieldProps [field FieldProp1.field] : Object | semmle.label | this : DFieldProps [field FieldProp1.field] : Object |
| D.cs:103:9:103:11 | this : DFieldProps [field FieldProp1.field] : Object | semmle.label | this : DFieldProps [field FieldProp1.field] : Object |
| D.cs:103:22:103:26 | access to field FieldProp1.field : Object | semmle.label | access to field FieldProp1.field : Object |
| D.cs:103:22:103:26 | access to field FieldProp1.field : Object | semmle.label | access to field FieldProp1.field : Object |
| D.cs:103:22:103:26 | this access : DFieldProps [field FieldProp1.field] : Object | semmle.label | this access : DFieldProps [field FieldProp1.field] : Object |
| D.cs:103:22:103:26 | this access : DFieldProps [field FieldProp1.field] : Object | semmle.label | this access : DFieldProps [field FieldProp1.field] : Object |
| D.cs:104:9:104:11 | this [Return] : DFieldProps [field FieldProp1.field] : Object | semmle.label | this [Return] : DFieldProps [field FieldProp1.field] : Object |
| D.cs:104:9:104:11 | this [Return] : DFieldProps [field FieldProp1.field] : Object | semmle.label | this [Return] : DFieldProps [field FieldProp1.field] : Object |
| D.cs:104:9:104:11 | value : Object | semmle.label | value : Object |
| D.cs:104:9:104:11 | value : Object | semmle.label | value : Object |
| D.cs:104:15:104:19 | [post] this access : DFieldProps [field FieldProp1.field] : Object | semmle.label | [post] this access : DFieldProps [field FieldProp1.field] : Object |
| D.cs:104:15:104:19 | [post] this access : DFieldProps [field FieldProp1.field] : Object | semmle.label | [post] this access : DFieldProps [field FieldProp1.field] : Object |
| D.cs:104:23:104:27 | access to parameter value : Object | semmle.label | access to parameter value : Object |
| D.cs:104:23:104:27 | access to parameter value : Object | semmle.label | access to parameter value : Object |
| D.cs:109:9:109:11 | this : DFieldProps [field FieldProp2.field] : Object | semmle.label | this : DFieldProps [field FieldProp2.field] : Object |
| D.cs:109:9:109:11 | this : DFieldProps [field FieldProp2.field] : Object | semmle.label | this : DFieldProps [field FieldProp2.field] : Object |
| D.cs:109:22:109:26 | access to field FieldProp2.field : Object | semmle.label | access to field FieldProp2.field : Object |
| D.cs:109:22:109:26 | access to field FieldProp2.field : Object | semmle.label | access to field FieldProp2.field : Object |
| D.cs:109:22:109:26 | this access : DFieldProps [field FieldProp2.field] : Object | semmle.label | this access : DFieldProps [field FieldProp2.field] : Object |
| D.cs:109:22:109:26 | this access : DFieldProps [field FieldProp2.field] : Object | semmle.label | this access : DFieldProps [field FieldProp2.field] : Object |
| D.cs:110:9:110:11 | this [Return] : DFieldProps [field FieldProp2.field] : Object | semmle.label | this [Return] : DFieldProps [field FieldProp2.field] : Object |
| D.cs:110:9:110:11 | this [Return] : DFieldProps [field FieldProp2.field] : Object | semmle.label | this [Return] : DFieldProps [field FieldProp2.field] : Object |
| D.cs:110:9:110:11 | value : Object | semmle.label | value : Object |
| D.cs:110:9:110:11 | value : Object | semmle.label | value : Object |
| D.cs:112:17:112:17 | access to local variable x : Object | semmle.label | access to local variable x : Object |
| D.cs:112:17:112:17 | access to local variable x : Object | semmle.label | access to local variable x : Object |
| D.cs:113:13:113:17 | [post] this access : DFieldProps [field FieldProp2.field] : Object | semmle.label | [post] this access : DFieldProps [field FieldProp2.field] : Object |
| D.cs:113:13:113:17 | [post] this access : DFieldProps [field FieldProp2.field] : Object | semmle.label | [post] this access : DFieldProps [field FieldProp2.field] : Object |
| D.cs:113:21:113:21 | access to local variable x : Object | semmle.label | access to local variable x : Object |
| D.cs:113:21:113:21 | access to local variable x : Object | semmle.label | access to local variable x : Object |
| D.cs:119:22:119:26 | access to field StaticFieldProp.field : Object | semmle.label | access to field StaticFieldProp.field : Object |
| D.cs:119:22:119:26 | access to field StaticFieldProp.field : Object | semmle.label | access to field StaticFieldProp.field : Object |
| D.cs:120:9:120:11 | value : Object | semmle.label | value : Object |
| D.cs:120:9:120:11 | value : Object | semmle.label | value : Object |
| D.cs:120:23:120:27 | access to parameter value : Object | semmle.label | access to parameter value : Object |
| D.cs:120:23:120:27 | access to parameter value : Object | semmle.label | access to parameter value : Object |
| D.cs:125:13:125:14 | access to local variable d0 : DFieldProps [field FieldProp0.field] : Object | semmle.label | access to local variable d0 : DFieldProps [field FieldProp0.field] : Object |
| D.cs:125:13:125:14 | access to local variable d0 : DFieldProps [field FieldProp0.field] : Object | semmle.label | access to local variable d0 : DFieldProps [field FieldProp0.field] : Object |
| D.cs:125:18:125:34 | object creation of type DFieldProps : DFieldProps [field FieldProp0.field] : Object | semmle.label | object creation of type DFieldProps : DFieldProps [field FieldProp0.field] : Object |
| D.cs:125:18:125:34 | object creation of type DFieldProps : DFieldProps [field FieldProp0.field] : Object | semmle.label | object creation of type DFieldProps : DFieldProps [field FieldProp0.field] : Object |
| D.cs:126:14:126:15 | access to local variable d0 : DFieldProps [field FieldProp0.field] : Object | semmle.label | access to local variable d0 : DFieldProps [field FieldProp0.field] : Object |
| D.cs:126:14:126:15 | access to local variable d0 : DFieldProps [field FieldProp0.field] : Object | semmle.label | access to local variable d0 : DFieldProps [field FieldProp0.field] : Object |
| D.cs:126:14:126:26 | access to property FieldProp0 | semmle.label | access to property FieldProp0 |
| D.cs:126:14:126:26 | access to property FieldProp0 | semmle.label | access to property FieldProp0 |
| D.cs:130:13:130:14 | access to local variable d1 : DFieldProps [field FieldProp0.field] : Object | semmle.label | access to local variable d1 : DFieldProps [field FieldProp0.field] : Object |
| D.cs:130:13:130:14 | access to local variable d1 : DFieldProps [field FieldProp0.field] : Object | semmle.label | access to local variable d1 : DFieldProps [field FieldProp0.field] : Object |
| D.cs:130:18:130:34 | object creation of type DFieldProps : DFieldProps [field FieldProp0.field] : Object | semmle.label | object creation of type DFieldProps : DFieldProps [field FieldProp0.field] : Object |
| D.cs:130:18:130:34 | object creation of type DFieldProps : DFieldProps [field FieldProp0.field] : Object | semmle.label | object creation of type DFieldProps : DFieldProps [field FieldProp0.field] : Object |
| D.cs:131:13:131:14 | access to local variable o1 : Object | semmle.label | access to local variable o1 : Object |
| D.cs:131:13:131:14 | access to local variable o1 : Object | semmle.label | access to local variable o1 : Object |
| D.cs:131:18:131:34 | call to method Source<Object> : Object | semmle.label | call to method Source<Object> : Object |
| D.cs:131:18:131:34 | call to method Source<Object> : Object | semmle.label | call to method Source<Object> : Object |
| D.cs:132:9:132:10 | [post] access to local variable d1 : DFieldProps [field FieldProp1.field] : Object | semmle.label | [post] access to local variable d1 : DFieldProps [field FieldProp1.field] : Object |
| D.cs:132:9:132:10 | [post] access to local variable d1 : DFieldProps [field FieldProp1.field] : Object | semmle.label | [post] access to local variable d1 : DFieldProps [field FieldProp1.field] : Object |
| D.cs:132:25:132:26 | access to local variable o1 : Object | semmle.label | access to local variable o1 : Object |
| D.cs:132:25:132:26 | access to local variable o1 : Object | semmle.label | access to local variable o1 : Object |
| D.cs:133:14:133:15 | access to local variable d1 : DFieldProps [field FieldProp0.field] : Object | semmle.label | access to local variable d1 : DFieldProps [field FieldProp0.field] : Object |
| D.cs:133:14:133:15 | access to local variable d1 : DFieldProps [field FieldProp0.field] : Object | semmle.label | access to local variable d1 : DFieldProps [field FieldProp0.field] : Object |
| D.cs:133:14:133:26 | access to property FieldProp0 | semmle.label | access to property FieldProp0 |
| D.cs:133:14:133:26 | access to property FieldProp0 | semmle.label | access to property FieldProp0 |
| D.cs:134:14:134:15 | access to local variable d1 : DFieldProps [field FieldProp1.field] : Object | semmle.label | access to local variable d1 : DFieldProps [field FieldProp1.field] : Object |
| D.cs:134:14:134:15 | access to local variable d1 : DFieldProps [field FieldProp1.field] : Object | semmle.label | access to local variable d1 : DFieldProps [field FieldProp1.field] : Object |
| D.cs:134:14:134:26 | access to property FieldProp1 | semmle.label | access to property FieldProp1 |
| D.cs:134:14:134:26 | access to property FieldProp1 | semmle.label | access to property FieldProp1 |
| D.cs:137:13:137:14 | access to local variable d2 : DFieldProps [field FieldProp0.field] : Object | semmle.label | access to local variable d2 : DFieldProps [field FieldProp0.field] : Object |
| D.cs:137:13:137:14 | access to local variable d2 : DFieldProps [field FieldProp0.field] : Object | semmle.label | access to local variable d2 : DFieldProps [field FieldProp0.field] : Object |
| D.cs:137:18:137:34 | object creation of type DFieldProps : DFieldProps [field FieldProp0.field] : Object | semmle.label | object creation of type DFieldProps : DFieldProps [field FieldProp0.field] : Object |
| D.cs:137:18:137:34 | object creation of type DFieldProps : DFieldProps [field FieldProp0.field] : Object | semmle.label | object creation of type DFieldProps : DFieldProps [field FieldProp0.field] : Object |
| D.cs:138:13:138:14 | access to local variable o2 : Object | semmle.label | access to local variable o2 : Object |
| D.cs:138:13:138:14 | access to local variable o2 : Object | semmle.label | access to local variable o2 : Object |
| D.cs:138:18:138:34 | call to method Source<Object> : Object | semmle.label | call to method Source<Object> : Object |
| D.cs:138:18:138:34 | call to method Source<Object> : Object | semmle.label | call to method Source<Object> : Object |
| D.cs:139:9:139:10 | [post] access to local variable d2 : DFieldProps [field FieldProp2.field] : Object | semmle.label | [post] access to local variable d2 : DFieldProps [field FieldProp2.field] : Object |
| D.cs:139:9:139:10 | [post] access to local variable d2 : DFieldProps [field FieldProp2.field] : Object | semmle.label | [post] access to local variable d2 : DFieldProps [field FieldProp2.field] : Object |
| D.cs:139:25:139:26 | access to local variable o2 : Object | semmle.label | access to local variable o2 : Object |
| D.cs:139:25:139:26 | access to local variable o2 : Object | semmle.label | access to local variable o2 : Object |
| D.cs:140:14:140:15 | access to local variable d2 : DFieldProps [field FieldProp0.field] : Object | semmle.label | access to local variable d2 : DFieldProps [field FieldProp0.field] : Object |
| D.cs:140:14:140:15 | access to local variable d2 : DFieldProps [field FieldProp0.field] : Object | semmle.label | access to local variable d2 : DFieldProps [field FieldProp0.field] : Object |
| D.cs:140:14:140:26 | access to property FieldProp0 | semmle.label | access to property FieldProp0 |
| D.cs:140:14:140:26 | access to property FieldProp0 | semmle.label | access to property FieldProp0 |
| D.cs:142:14:142:15 | access to local variable d2 : DFieldProps [field FieldProp2.field] : Object | semmle.label | access to local variable d2 : DFieldProps [field FieldProp2.field] : Object |
| D.cs:142:14:142:15 | access to local variable d2 : DFieldProps [field FieldProp2.field] : Object | semmle.label | access to local variable d2 : DFieldProps [field FieldProp2.field] : Object |
| D.cs:142:14:142:26 | access to property FieldProp2 | semmle.label | access to property FieldProp2 |
| D.cs:142:14:142:26 | access to property FieldProp2 | semmle.label | access to property FieldProp2 |
| D.cs:144:13:144:14 | access to local variable o3 : Object | semmle.label | access to local variable o3 : Object |
| D.cs:144:13:144:14 | access to local variable o3 : Object | semmle.label | access to local variable o3 : Object |
| D.cs:144:18:144:34 | call to method Source<Object> : Object | semmle.label | call to method Source<Object> : Object |
| D.cs:144:18:144:34 | call to method Source<Object> : Object | semmle.label | call to method Source<Object> : Object |
| D.cs:145:9:145:35 | access to property StaticFieldProp : Object | semmle.label | access to property StaticFieldProp : Object |
| D.cs:145:9:145:35 | access to property StaticFieldProp : Object | semmle.label | access to property StaticFieldProp : Object |
| D.cs:145:39:145:40 | access to local variable o3 : Object | semmle.label | access to local variable o3 : Object |
| D.cs:145:39:145:40 | access to local variable o3 : Object | semmle.label | access to local variable o3 : Object |
| D.cs:146:14:146:40 | access to property StaticFieldProp | semmle.label | access to property StaticFieldProp |
| D.cs:146:14:146:40 | access to property StaticFieldProp | semmle.label | access to property StaticFieldProp |
| E.cs:8:29:8:29 | o : Object | semmle.label | o : Object |
| E.cs:8:29:8:29 | o : Object | semmle.label | o : Object |
| E.cs:11:9:11:11 | [post] access to local variable ret : S [field Field] : Object | semmle.label | [post] access to local variable ret : S [field Field] : Object |
@@ -2648,6 +2874,22 @@ subpaths
| D.cs:81:26:81:26 | access to local variable o : Object | D.cs:61:9:61:11 | value : Object | D.cs:61:9:61:11 | this [Return] : DPartial [field _backingField] : Object | D.cs:81:9:81:9 | [post] access to local variable d : DPartial [field _backingField] : Object |
| D.cs:84:14:84:14 | access to local variable d : DPartial [field _backingField] : Object | D.cs:60:9:60:11 | this : DPartial [field _backingField] : Object | D.cs:60:22:60:34 | access to field _backingField : Object | D.cs:84:14:84:27 | access to property PartialProp1 |
| D.cs:84:14:84:14 | access to local variable d : DPartial [field _backingField] : Object | D.cs:60:9:60:11 | this : DPartial [field _backingField] : Object | D.cs:60:22:60:34 | access to field _backingField : Object | D.cs:84:14:84:27 | access to property PartialProp1 |
| D.cs:99:9:99:25 | call to method Source<Object> : Object | D.cs:98:9:98:11 | value : Object | D.cs:98:9:98:11 | this [Return] : DFieldProps [field FieldProp0.field] : Object | D.cs:95:12:95:21 | [post] this access : DFieldProps [field FieldProp0.field] : Object |
| D.cs:99:9:99:25 | call to method Source<Object> : Object | D.cs:98:9:98:11 | value : Object | D.cs:98:9:98:11 | this [Return] : DFieldProps [field FieldProp0.field] : Object | D.cs:95:12:95:21 | [post] this access : DFieldProps [field FieldProp0.field] : Object |
| D.cs:126:14:126:15 | access to local variable d0 : DFieldProps [field FieldProp0.field] : Object | D.cs:97:9:97:11 | this : DFieldProps [field FieldProp0.field] : Object | D.cs:97:22:97:26 | access to field FieldProp0.field : Object | D.cs:126:14:126:26 | access to property FieldProp0 |
| D.cs:126:14:126:15 | access to local variable d0 : DFieldProps [field FieldProp0.field] : Object | D.cs:97:9:97:11 | this : DFieldProps [field FieldProp0.field] : Object | D.cs:97:22:97:26 | access to field FieldProp0.field : Object | D.cs:126:14:126:26 | access to property FieldProp0 |
| D.cs:132:25:132:26 | access to local variable o1 : Object | D.cs:104:9:104:11 | value : Object | D.cs:104:9:104:11 | this [Return] : DFieldProps [field FieldProp1.field] : Object | D.cs:132:9:132:10 | [post] access to local variable d1 : DFieldProps [field FieldProp1.field] : Object |
| D.cs:132:25:132:26 | access to local variable o1 : Object | D.cs:104:9:104:11 | value : Object | D.cs:104:9:104:11 | this [Return] : DFieldProps [field FieldProp1.field] : Object | D.cs:132:9:132:10 | [post] access to local variable d1 : DFieldProps [field FieldProp1.field] : Object |
| D.cs:133:14:133:15 | access to local variable d1 : DFieldProps [field FieldProp0.field] : Object | D.cs:97:9:97:11 | this : DFieldProps [field FieldProp0.field] : Object | D.cs:97:22:97:26 | access to field FieldProp0.field : Object | D.cs:133:14:133:26 | access to property FieldProp0 |
| D.cs:133:14:133:15 | access to local variable d1 : DFieldProps [field FieldProp0.field] : Object | D.cs:97:9:97:11 | this : DFieldProps [field FieldProp0.field] : Object | D.cs:97:22:97:26 | access to field FieldProp0.field : Object | D.cs:133:14:133:26 | access to property FieldProp0 |
| D.cs:134:14:134:15 | access to local variable d1 : DFieldProps [field FieldProp1.field] : Object | D.cs:103:9:103:11 | this : DFieldProps [field FieldProp1.field] : Object | D.cs:103:22:103:26 | access to field FieldProp1.field : Object | D.cs:134:14:134:26 | access to property FieldProp1 |
| D.cs:134:14:134:15 | access to local variable d1 : DFieldProps [field FieldProp1.field] : Object | D.cs:103:9:103:11 | this : DFieldProps [field FieldProp1.field] : Object | D.cs:103:22:103:26 | access to field FieldProp1.field : Object | D.cs:134:14:134:26 | access to property FieldProp1 |
| D.cs:139:25:139:26 | access to local variable o2 : Object | D.cs:110:9:110:11 | value : Object | D.cs:110:9:110:11 | this [Return] : DFieldProps [field FieldProp2.field] : Object | D.cs:139:9:139:10 | [post] access to local variable d2 : DFieldProps [field FieldProp2.field] : Object |
| D.cs:139:25:139:26 | access to local variable o2 : Object | D.cs:110:9:110:11 | value : Object | D.cs:110:9:110:11 | this [Return] : DFieldProps [field FieldProp2.field] : Object | D.cs:139:9:139:10 | [post] access to local variable d2 : DFieldProps [field FieldProp2.field] : Object |
| D.cs:140:14:140:15 | access to local variable d2 : DFieldProps [field FieldProp0.field] : Object | D.cs:97:9:97:11 | this : DFieldProps [field FieldProp0.field] : Object | D.cs:97:22:97:26 | access to field FieldProp0.field : Object | D.cs:140:14:140:26 | access to property FieldProp0 |
| D.cs:140:14:140:15 | access to local variable d2 : DFieldProps [field FieldProp0.field] : Object | D.cs:97:9:97:11 | this : DFieldProps [field FieldProp0.field] : Object | D.cs:97:22:97:26 | access to field FieldProp0.field : Object | D.cs:140:14:140:26 | access to property FieldProp0 |
| D.cs:142:14:142:15 | access to local variable d2 : DFieldProps [field FieldProp2.field] : Object | D.cs:109:9:109:11 | this : DFieldProps [field FieldProp2.field] : Object | D.cs:109:22:109:26 | access to field FieldProp2.field : Object | D.cs:142:14:142:26 | access to property FieldProp2 |
| D.cs:142:14:142:15 | access to local variable d2 : DFieldProps [field FieldProp2.field] : Object | D.cs:109:9:109:11 | this : DFieldProps [field FieldProp2.field] : Object | D.cs:109:22:109:26 | access to field FieldProp2.field : Object | D.cs:142:14:142:26 | access to property FieldProp2 |
| E.cs:23:25:23:25 | access to local variable o : Object | E.cs:8:29:8:29 | o : Object | E.cs:12:16:12:18 | access to local variable ret : S [field Field] : Object | E.cs:23:17:23:26 | call to method CreateS : S [field Field] : Object |
| E.cs:23:25:23:25 | access to local variable o : Object | E.cs:8:29:8:29 | o : Object | E.cs:12:16:12:18 | access to local variable ret : S [field Field] : Object | E.cs:23:17:23:26 | call to method CreateS : S [field Field] : Object |
| E.cs:55:29:55:33 | access to local variable taint : Object | E.cs:43:46:43:46 | o : Object | E.cs:43:36:43:36 | s [Return] : RefS [field RefField] : Object | E.cs:55:23:55:26 | [post] access to local variable refs : RefS [field RefField] : Object |
@@ -2758,6 +3000,18 @@ testFailures
| D.cs:47:14:47:26 | access to property ComplexProp | D.cs:43:32:43:48 | call to method Source<Object> : Object | D.cs:47:14:47:26 | access to property ComplexProp | $@ | D.cs:43:32:43:48 | call to method Source<Object> : Object | call to method Source<Object> : Object |
| D.cs:84:14:84:27 | access to property PartialProp1 | D.cs:78:17:78:33 | call to method Source<Object> : Object | D.cs:84:14:84:27 | access to property PartialProp1 | $@ | D.cs:78:17:78:33 | call to method Source<Object> : Object | call to method Source<Object> : Object |
| D.cs:84:14:84:27 | access to property PartialProp1 | D.cs:78:17:78:33 | call to method Source<Object> : Object | D.cs:84:14:84:27 | access to property PartialProp1 | $@ | D.cs:78:17:78:33 | call to method Source<Object> : Object | call to method Source<Object> : Object |
| D.cs:126:14:126:26 | access to property FieldProp0 | D.cs:99:9:99:25 | call to method Source<Object> : Object | D.cs:126:14:126:26 | access to property FieldProp0 | $@ | D.cs:99:9:99:25 | call to method Source<Object> : Object | call to method Source<Object> : Object |
| D.cs:126:14:126:26 | access to property FieldProp0 | D.cs:99:9:99:25 | call to method Source<Object> : Object | D.cs:126:14:126:26 | access to property FieldProp0 | $@ | D.cs:99:9:99:25 | call to method Source<Object> : Object | call to method Source<Object> : Object |
| D.cs:133:14:133:26 | access to property FieldProp0 | D.cs:99:9:99:25 | call to method Source<Object> : Object | D.cs:133:14:133:26 | access to property FieldProp0 | $@ | D.cs:99:9:99:25 | call to method Source<Object> : Object | call to method Source<Object> : Object |
| D.cs:133:14:133:26 | access to property FieldProp0 | D.cs:99:9:99:25 | call to method Source<Object> : Object | D.cs:133:14:133:26 | access to property FieldProp0 | $@ | D.cs:99:9:99:25 | call to method Source<Object> : Object | call to method Source<Object> : Object |
| D.cs:134:14:134:26 | access to property FieldProp1 | D.cs:131:18:131:34 | call to method Source<Object> : Object | D.cs:134:14:134:26 | access to property FieldProp1 | $@ | D.cs:131:18:131:34 | call to method Source<Object> : Object | call to method Source<Object> : Object |
| D.cs:134:14:134:26 | access to property FieldProp1 | D.cs:131:18:131:34 | call to method Source<Object> : Object | D.cs:134:14:134:26 | access to property FieldProp1 | $@ | D.cs:131:18:131:34 | call to method Source<Object> : Object | call to method Source<Object> : Object |
| D.cs:140:14:140:26 | access to property FieldProp0 | D.cs:99:9:99:25 | call to method Source<Object> : Object | D.cs:140:14:140:26 | access to property FieldProp0 | $@ | D.cs:99:9:99:25 | call to method Source<Object> : Object | call to method Source<Object> : Object |
| D.cs:140:14:140:26 | access to property FieldProp0 | D.cs:99:9:99:25 | call to method Source<Object> : Object | D.cs:140:14:140:26 | access to property FieldProp0 | $@ | D.cs:99:9:99:25 | call to method Source<Object> : Object | call to method Source<Object> : Object |
| D.cs:142:14:142:26 | access to property FieldProp2 | D.cs:138:18:138:34 | call to method Source<Object> : Object | D.cs:142:14:142:26 | access to property FieldProp2 | $@ | D.cs:138:18:138:34 | call to method Source<Object> : Object | call to method Source<Object> : Object |
| D.cs:142:14:142:26 | access to property FieldProp2 | D.cs:138:18:138:34 | call to method Source<Object> : Object | D.cs:142:14:142:26 | access to property FieldProp2 | $@ | D.cs:138:18:138:34 | call to method Source<Object> : Object | call to method Source<Object> : Object |
| D.cs:146:14:146:40 | access to property StaticFieldProp | D.cs:144:18:144:34 | call to method Source<Object> : Object | D.cs:146:14:146:40 | access to property StaticFieldProp | $@ | D.cs:144:18:144:34 | call to method Source<Object> : Object | call to method Source<Object> : Object |
| D.cs:146:14:146:40 | access to property StaticFieldProp | D.cs:144:18:144:34 | call to method Source<Object> : Object | D.cs:146:14:146:40 | access to property StaticFieldProp | $@ | D.cs:144:18:144:34 | call to method Source<Object> : Object | call to method Source<Object> : Object |
| E.cs:24:14:24:20 | access to field Field | E.cs:22:17:22:33 | call to method Source<Object> : Object | E.cs:24:14:24:20 | access to field Field | $@ | E.cs:22:17:22:33 | call to method Source<Object> : Object | call to method Source<Object> : Object |
| E.cs:24:14:24:20 | access to field Field | E.cs:22:17:22:33 | call to method Source<Object> : Object | E.cs:24:14:24:20 | access to field Field | $@ | E.cs:22:17:22:33 | call to method Source<Object> : Object | call to method Source<Object> : Object |
| E.cs:57:14:57:26 | access to field RefField | E.cs:54:21:54:37 | call to method Source<Object> : Object | E.cs:57:14:57:26 | access to field RefField | $@ | E.cs:54:21:54:37 | call to method Source<Object> : Object | call to method Source<Object> : Object |

10
csharp/ql/test/library-tests/dispatch/CallGraph.expected
View File

@@ -270,7 +270,9 @@
| ViableCallable.cs:679:17:679:20 | Run3 | ViableCallable.cs:637:21:637:21 | M |
| ViableCallable.cs:679:17:679:20 | Run3 | ViableCallable.cs:646:21:646:21 | M |
| ViableCallable.cs:679:17:679:20 | Run3 | ViableCallable.cs:648:21:648:21 | M |
| ViableCallable.cs:707:17:707:20 | Run1 | ViableCallable.cs:702:42:702:44 | get_Property |
| ViableCallable.cs:707:17:707:20 | Run1 | ViableCallable.cs:702:63:702:65 | set_Property |
| ViableCallable.cs:707:17:707:20 | Run1 | ViableCallable.cs:704:49:704:51 | get_Item |
| ViableCallable.cs:707:17:707:20 | Run1 | ViableCallable.cs:704:70:704:72 | set_Item |
| ViableCallable.cs:709:17:709:20 | Run1 | ViableCallable.cs:703:42:703:44 | get_Property |
| ViableCallable.cs:709:17:709:20 | Run1 | ViableCallable.cs:703:63:703:65 | set_Property |
| ViableCallable.cs:709:17:709:20 | Run1 | ViableCallable.cs:705:49:705:51 | get_Item |
| ViableCallable.cs:709:17:709:20 | Run1 | ViableCallable.cs:705:70:705:72 | set_Item |
| ViableCallable.cs:709:17:709:20 | Run1 | ViableCallable.cs:706:51:706:53 | add_Event |
| ViableCallable.cs:709:17:709:20 | Run1 | ViableCallable.cs:706:59:706:64 | remove_Event |

10
csharp/ql/test/library-tests/dispatch/GetADynamicTarget.expected
View File

@@ -518,7 +518,9 @@
| ViableCallable.cs:683:9:683:16 | call to method M | C22+TestOverloadResolution2<System.Int32>.M(Int32[]) |
| ViableCallable.cs:687:9:687:16 | call to method M | C22+TestOverloadResolution1<System.Int32>.M(List<int>) |
| ViableCallable.cs:687:9:687:16 | call to method M | C22+TestOverloadResolution2<System.Int32>.M(List<int>) |
| ViableCallable.cs:712:9:712:18 | access to property Property | C23+Partial1.set_Property(object) |
| ViableCallable.cs:715:13:715:22 | access to property Property | C23+Partial1.get_Property() |
| ViableCallable.cs:718:9:718:12 | access to indexer | C23+Partial1.set_Item(int, object) |
| ViableCallable.cs:721:13:721:16 | access to indexer | C23+Partial1.get_Item(int) |
| ViableCallable.cs:714:9:714:18 | access to property Property | C23+Partial1.set_Property(object) |
| ViableCallable.cs:717:13:717:22 | access to property Property | C23+Partial1.get_Property() |
| ViableCallable.cs:720:9:720:12 | access to indexer | C23+Partial1.set_Item(int, object) |
| ViableCallable.cs:723:13:723:16 | access to indexer | C23+Partial1.get_Item(int) |
| ViableCallable.cs:726:9:726:15 | access to event Event | C23+Partial1.add_Event(EventHandler) |
| ViableCallable.cs:729:9:729:15 | access to event Event | C23+Partial1.remove_Event(EventHandler) |

8
csharp/ql/test/library-tests/dispatch/ViableCallable.cs
View File

@@ -695,6 +695,7 @@ public class C23
public partial object Property { get; set; }
public partial object this[int index] { get; set; }
public partial event EventHandler Event;
}
public partial class Partial1
@@ -702,6 +703,7 @@ public class C23
public partial object Property { get { return null; } set { } }
public partial object this[int index] { get { return null; } set { } }
public partial event EventHandler Event { add { } remove { } }
}
public void Run1(Partial1 p)
@@ -719,5 +721,11 @@ public class C23
// Viable callable: Partial1.get_Item(int)
o = p[0];
// Viable callable: Partial1.add_Event
p.Event += (sender, e) => { };
// Viable callable: Partial1.remove_Event
p.Event -= (sender, e) => { };
}
}

14
csharp/ql/test/library-tests/partial/MethodIsPartial.expected
View File

@@ -1,7 +1,7 @@
| Partial.cs:4:18:4:42 | PartialMethodWithoutBody1 | true |
| Partial.cs:5:17:5:23 | Method2 | false |
| Partial.cs:14:18:14:39 | PartialMethodWithBody1 | true |
| Partial.cs:15:17:15:23 | Method3 | false |
| Partial.cs:34:18:34:42 | PartialMethodWithoutBody2 | true |
| Partial.cs:35:17:35:23 | Method4 | false |
| Partial.cs:40:17:40:23 | Method5 | false |
| Partial.cs:6:18:6:42 | PartialMethodWithoutBody1 | true |
| Partial.cs:7:17:7:23 | Method2 | false |
| Partial.cs:18:18:18:39 | PartialMethodWithBody1 | true |
| Partial.cs:19:17:19:23 | Method3 | false |
| Partial.cs:41:18:41:42 | PartialMethodWithoutBody2 | true |
| Partial.cs:42:17:42:23 | Method4 | false |
| Partial.cs:47:17:47:23 | Method5 | false |

8
csharp/ql/test/library-tests/partial/Partial.cs
View File

@@ -1,3 +1,5 @@
using System;
partial class TwoPartClass
{
partial void PartialMethodWithBody1();
@@ -7,6 +9,8 @@ partial class TwoPartClass
public partial object PartialProperty1 { get; set; }
// Declaring declaration.
public partial object this[int index] { get; set; }
// Declaring declaration.
public partial event EventHandler PartialEvent1;
}
partial class TwoPartClass
@@ -27,6 +31,9 @@ partial class TwoPartClass
get { return _backingArray[index]; }
set { _backingArray[index] = value; }
}
// Implementation declaration.
public partial event EventHandler PartialEvent1 { add { } remove { } }
}
partial class OnePartPartialClass
@@ -44,4 +51,5 @@ class NonPartialClass
get { return null; }
set { }
}
public event EventHandler Event;
}

27
csharp/ql/test/library-tests/partial/Partial1.expected
View File

@@ -1,14 +1,17 @@
| Partial.cs:1:15:1:26 | TwoPartClass |
| Partial.cs:4:18:4:42 | PartialMethodWithoutBody1 |
| Partial.cs:12:15:12:26 | TwoPartClass |
| Partial.cs:14:18:14:39 | PartialMethodWithBody1 |
| Partial.cs:18:27:18:42 | PartialProperty1 |
| Partial.cs:20:9:20:11 | get_PartialProperty1 |
| Partial.cs:21:9:21:11 | set_PartialProperty1 |
| Partial.cs:25:27:25:30 | Item |
| Partial.cs:27:9:27:11 | get_Item |
| Partial.cs:28:9:28:11 | set_Item |
| Partial.cs:32:15:32:33 | OnePartPartialClass |
| Partial.cs:34:18:34:42 | PartialMethodWithoutBody2 |
| Partial.cs:3:15:3:26 | TwoPartClass |
| Partial.cs:6:18:6:42 | PartialMethodWithoutBody1 |
| Partial.cs:16:15:16:26 | TwoPartClass |
| Partial.cs:18:18:18:39 | PartialMethodWithBody1 |
| Partial.cs:22:27:22:42 | PartialProperty1 |
| Partial.cs:24:9:24:11 | get_PartialProperty1 |
| Partial.cs:25:9:25:11 | set_PartialProperty1 |
| Partial.cs:29:27:29:30 | Item |
| Partial.cs:31:9:31:11 | get_Item |
| Partial.cs:32:9:32:11 | set_Item |
| Partial.cs:36:39:36:51 | PartialEvent1 |
| Partial.cs:36:55:36:57 | add_PartialEvent1 |
| Partial.cs:36:63:36:68 | remove_PartialEvent1 |
| Partial.cs:39:15:39:33 | OnePartPartialClass |
| Partial.cs:41:18:41:42 | PartialMethodWithoutBody2 |
| PartialMultipleFiles1.cs:1:22:1:41 | PartialMultipleFiles |
| PartialMultipleFiles2.cs:1:22:1:41 | PartialMultipleFiles |

26
csharp/ql/test/library-tests/partial/Partial2.expected
View File

@@ -1,15 +1,15 @@
| Partial.cs:1:15:1:26 | TwoPartClass | Partial.cs:1:15:1:26 | <object initializer> |
| Partial.cs:1:15:1:26 | TwoPartClass | Partial.cs:4:18:4:42 | PartialMethodWithoutBody1 |
| Partial.cs:1:15:1:26 | TwoPartClass | Partial.cs:5:17:5:23 | Method2 |
| Partial.cs:1:15:1:26 | TwoPartClass | Partial.cs:14:18:14:39 | PartialMethodWithBody1 |
| Partial.cs:1:15:1:26 | TwoPartClass | Partial.cs:15:17:15:23 | Method3 |
| Partial.cs:12:15:12:26 | TwoPartClass | Partial.cs:1:15:1:26 | <object initializer> |
| Partial.cs:12:15:12:26 | TwoPartClass | Partial.cs:4:18:4:42 | PartialMethodWithoutBody1 |
| Partial.cs:12:15:12:26 | TwoPartClass | Partial.cs:5:17:5:23 | Method2 |
| Partial.cs:12:15:12:26 | TwoPartClass | Partial.cs:14:18:14:39 | PartialMethodWithBody1 |
| Partial.cs:12:15:12:26 | TwoPartClass | Partial.cs:15:17:15:23 | Method3 |
| Partial.cs:32:15:32:33 | OnePartPartialClass | Partial.cs:32:15:32:33 | <object initializer> |
| Partial.cs:32:15:32:33 | OnePartPartialClass | Partial.cs:34:18:34:42 | PartialMethodWithoutBody2 |
| Partial.cs:32:15:32:33 | OnePartPartialClass | Partial.cs:35:17:35:23 | Method4 |
| Partial.cs:3:15:3:26 | TwoPartClass | Partial.cs:3:15:3:26 | <object initializer> |
| Partial.cs:3:15:3:26 | TwoPartClass | Partial.cs:6:18:6:42 | PartialMethodWithoutBody1 |
| Partial.cs:3:15:3:26 | TwoPartClass | Partial.cs:7:17:7:23 | Method2 |
| Partial.cs:3:15:3:26 | TwoPartClass | Partial.cs:18:18:18:39 | PartialMethodWithBody1 |
| Partial.cs:3:15:3:26 | TwoPartClass | Partial.cs:19:17:19:23 | Method3 |
| Partial.cs:16:15:16:26 | TwoPartClass | Partial.cs:3:15:3:26 | <object initializer> |
| Partial.cs:16:15:16:26 | TwoPartClass | Partial.cs:6:18:6:42 | PartialMethodWithoutBody1 |
| Partial.cs:16:15:16:26 | TwoPartClass | Partial.cs:7:17:7:23 | Method2 |
| Partial.cs:16:15:16:26 | TwoPartClass | Partial.cs:18:18:18:39 | PartialMethodWithBody1 |
| Partial.cs:16:15:16:26 | TwoPartClass | Partial.cs:19:17:19:23 | Method3 |
| Partial.cs:39:15:39:33 | OnePartPartialClass | Partial.cs:39:15:39:33 | <object initializer> |
| Partial.cs:39:15:39:33 | OnePartPartialClass | Partial.cs:41:18:41:42 | PartialMethodWithoutBody2 |
| Partial.cs:39:15:39:33 | OnePartPartialClass | Partial.cs:42:17:42:23 | Method4 |
| PartialMultipleFiles1.cs:1:22:1:41 | PartialMultipleFiles | PartialMultipleFiles1.cs:1:22:1:41 | <object initializer> |
| PartialMultipleFiles2.cs:1:22:1:41 | PartialMultipleFiles | PartialMultipleFiles1.cs:1:22:1:41 | <object initializer> |

20
csharp/ql/test/library-tests/partial/PartialAccessors.expected
View File

@@ -1,8 +1,12 @@
| Partial.cs:20:9:20:11 | get_PartialProperty1 | true |
| Partial.cs:21:9:21:11 | set_PartialProperty1 | true |
| Partial.cs:27:9:27:11 | get_Item | true |
| Partial.cs:28:9:28:11 | set_Item | true |
| Partial.cs:41:30:41:32 | get_Property | false |
| Partial.cs:41:35:41:37 | set_Property | false |
| Partial.cs:44:9:44:11 | get_Item | false |
| Partial.cs:45:9:45:11 | set_Item | false |
| Partial.cs:24:9:24:11 | get_PartialProperty1 | true |
| Partial.cs:25:9:25:11 | set_PartialProperty1 | true |
| Partial.cs:31:9:31:11 | get_Item | true |
| Partial.cs:32:9:32:11 | set_Item | true |
| Partial.cs:36:55:36:57 | add_PartialEvent1 | true |
| Partial.cs:36:63:36:68 | remove_PartialEvent1 | true |
| Partial.cs:48:30:48:32 | get_Property | false |
| Partial.cs:48:35:48:37 | set_Property | false |
| Partial.cs:51:9:51:11 | get_Item | false |
| Partial.cs:52:9:52:11 | set_Item | false |
| Partial.cs:54:31:54:35 | add_Event | false |
| Partial.cs:54:31:54:35 | remove_Event | false |

6
csharp/ql/test/library-tests/partial/PartialConstructors.expected
View File

@@ -1,4 +1,4 @@
| Partial.cs:1:15:1:26 | TwoPartClass | Partial.cs:1:15:1:26 | {...} |
| Partial.cs:32:15:32:33 | OnePartPartialClass | Partial.cs:32:15:32:33 | {...} |
| Partial.cs:38:7:38:21 | NonPartialClass | Partial.cs:38:7:38:21 | {...} |
| Partial.cs:3:15:3:26 | TwoPartClass | Partial.cs:3:15:3:26 | {...} |
| Partial.cs:39:15:39:33 | OnePartPartialClass | Partial.cs:39:15:39:33 | {...} |
| Partial.cs:45:7:45:21 | NonPartialClass | Partial.cs:45:7:45:21 | {...} |
| PartialMultipleFiles1.cs:1:22:1:41 | PartialMultipleFiles | PartialMultipleFiles1.cs:1:22:1:41 | {...} |

2
csharp/ql/test/library-tests/partial/PartialEvents.expected Normal file
View File

@@ -0,0 +1,2 @@
| Partial.cs:36:39:36:51 | PartialEvent1 | true |
| Partial.cs:54:31:54:35 | Event | false |

7
csharp/ql/test/library-tests/partial/PartialEvents.ql Normal file
View File

@@ -0,0 +1,7 @@
import csharp
private boolean isPartial(Event e) { if e.isPartial() then result = true else result = false }
from Event e
where e.fromSource()
select e, isPartial(e)

4
csharp/ql/test/library-tests/partial/PartialIndexers.expected
View File

@@ -1,2 +1,2 @@
| Partial.cs:25:27:25:30 | Item | true |
| Partial.cs:42:19:42:22 | Item | false |
| Partial.cs:29:27:29:30 | Item | true |
| Partial.cs:49:19:49:22 | Item | false |

6
csharp/ql/test/library-tests/partial/PartialMethodBody.expected
View File

@@ -1,3 +1,3 @@
| Partial.cs:4:18:4:42 | PartialMethodWithoutBody1 | false |
| Partial.cs:14:18:14:39 | PartialMethodWithBody1 | true |
| Partial.cs:34:18:34:42 | PartialMethodWithoutBody2 | false |
| Partial.cs:6:18:6:42 | PartialMethodWithoutBody1 | false |
| Partial.cs:18:18:18:39 | PartialMethodWithBody1 | true |
| Partial.cs:41:18:41:42 | PartialMethodWithoutBody2 | false |

4
csharp/ql/test/library-tests/partial/PartialProperties.expected
View File

@@ -1,2 +1,2 @@
| Partial.cs:18:27:18:42 | PartialProperty1 | true |
| Partial.cs:41:19:41:26 | Property | false |
| Partial.cs:22:27:22:42 | PartialProperty1 | true |
| Partial.cs:48:19:48:26 | Property | false |

180
csharp/ql/test/library-tests/partial/PrintAst.expected
View File

@@ -1,94 +1,112 @@
Partial.cs:
# 1| [Class] TwoPartClass
# 4| 6: [Method] PartialMethodWithoutBody1
# 4| -1: [TypeMention] Void
# 5| 7: [Method] Method2
# 3| [Class] TwoPartClass
# 6| 6: [Method] PartialMethodWithoutBody1
# 6| -1: [TypeMention] Void
# 7| 7: [Method] Method2
# 7| -1: [TypeMention] Void
# 7| 4: [BlockStmt] {...}
# 18| 8: [Method] PartialMethodWithBody1
# 5| -1: [TypeMention] Void
# 5| 4: [BlockStmt] {...}
# 14| 8: [Method] PartialMethodWithBody1
# 3| -1: [TypeMention] Void
# 14| 4: [BlockStmt] {...}
# 15| 9: [Method] Method3
# 15| -1: [TypeMention] Void
# 15| 4: [BlockStmt] {...}
# 16| 10: [Field] _backingField
# 16| -1: [TypeMention] object
# 18| 11: [Property] PartialProperty1
# 7| -1: [TypeMention] object
# 18| -1: [TypeMention] object
# 20| 3: [Getter] get_PartialProperty1
# 20| 4: [BlockStmt] {...}
# 20| 0: [ReturnStmt] return ...;
# 20| 0: [FieldAccess] access to field _backingField
# 21| 4: [Setter] set_PartialProperty1
#-----| 2: (Parameters)
# 21| 0: [Parameter] value
# 21| 4: [BlockStmt] {...}
# 21| 0: [ExprStmt] ...;
# 21| 0: [AssignExpr] ... = ...
# 21| 0: [FieldAccess] access to field _backingField
# 21| 1: [ParameterAccess] access to parameter value
# 23| 12: [Field] _backingArray
# 23| -1: [TypeMention] Object[]
# 23| 1: [TypeMention] object
# 25| 13: [Indexer] Item
# 18| 4: [BlockStmt] {...}
# 19| 9: [Method] Method3
# 19| -1: [TypeMention] Void
# 19| 4: [BlockStmt] {...}
# 20| 10: [Field] _backingField
# 20| -1: [TypeMention] object
# 22| 11: [Property] PartialProperty1
# 9| -1: [TypeMention] object
# 25| -1: [TypeMention] object
# 22| -1: [TypeMention] object
# 24| 3: [Getter] get_PartialProperty1
# 24| 4: [BlockStmt] {...}
# 24| 0: [ReturnStmt] return ...;
# 24| 0: [FieldAccess] access to field _backingField
# 25| 4: [Setter] set_PartialProperty1
#-----| 2: (Parameters)
# 25| 0: [Parameter] value
# 25| 4: [BlockStmt] {...}
# 25| 0: [ExprStmt] ...;
# 25| 0: [AssignExpr] ... = ...
# 25| 0: [FieldAccess] access to field _backingField
# 25| 1: [ParameterAccess] access to parameter value
# 27| 12: [Field] _backingArray
# 27| -1: [TypeMention] Object[]
# 27| 1: [TypeMention] object
# 29| 13: [Indexer] Item
# 11| -1: [TypeMention] object
# 29| -1: [TypeMention] object
#-----| 1: (Parameters)
# 9| 0: [Parameter] index
# 9| -1: [TypeMention] int
# 25| -1: [TypeMention] int
# 27| 3: [Getter] get_Item
# 11| 0: [Parameter] index
# 11| -1: [TypeMention] int
# 29| -1: [TypeMention] int
# 31| 3: [Getter] get_Item
#-----| 2: (Parameters)
# 25| 0: [Parameter] index
# 27| 4: [BlockStmt] {...}
# 27| 0: [ReturnStmt] return ...;
# 27| 0: [ArrayAccess] access to array element
# 27| -1: [FieldAccess] access to field _backingArray
# 27| 0: [ParameterAccess] access to parameter index
# 28| 4: [Setter] set_Item
# 29| 0: [Parameter] index
# 31| 4: [BlockStmt] {...}
# 31| 0: [ReturnStmt] return ...;
# 31| 0: [ArrayAccess] access to array element
# 31| -1: [FieldAccess] access to field _backingArray
# 31| 0: [ParameterAccess] access to parameter index
# 32| 4: [Setter] set_Item
#-----| 2: (Parameters)
# 25| 0: [Parameter] index
# 28| 1: [Parameter] value
# 28| 4: [BlockStmt] {...}
# 28| 0: [ExprStmt] ...;
# 28| 0: [AssignExpr] ... = ...
# 28| 0: [ArrayAccess] access to array element
# 28| -1: [FieldAccess] access to field _backingArray
# 28| 0: [ParameterAccess] access to parameter index
# 28| 1: [ParameterAccess] access to parameter value
# 32| [Class] OnePartPartialClass
# 34| 6: [Method] PartialMethodWithoutBody2
# 34| -1: [TypeMention] Void
# 35| 7: [Method] Method4
# 35| -1: [TypeMention] Void
# 35| 4: [BlockStmt] {...}
# 38| [Class] NonPartialClass
# 40| 6: [Method] Method5
# 40| -1: [TypeMention] Void
# 40| 4: [BlockStmt] {...}
# 41| 7: [Property] Property
# 41| -1: [TypeMention] object
# 41| 3: [Getter] get_Property
# 41| 4: [Setter] set_Property
# 29| 0: [Parameter] index
# 32| 1: [Parameter] value
# 32| 4: [BlockStmt] {...}
# 32| 0: [ExprStmt] ...;
# 32| 0: [AssignExpr] ... = ...
# 32| 0: [ArrayAccess] access to array element
# 32| -1: [FieldAccess] access to field _backingArray
# 32| 0: [ParameterAccess] access to parameter index
# 32| 1: [ParameterAccess] access to parameter value
# 36| 14: [Event] PartialEvent1
# 13| -1: [TypeMention] EventHandler
# 36| 3: [AddEventAccessor] add_PartialEvent1
#-----| 2: (Parameters)
# 41| 0: [Parameter] value
# 42| 8: [Indexer] Item
# 42| -1: [TypeMention] object
# 36| 0: [Parameter] value
# 36| 4: [BlockStmt] {...}
# 36| 4: [RemoveEventAccessor] remove_PartialEvent1
#-----| 2: (Parameters)
# 36| 0: [Parameter] value
# 36| 4: [BlockStmt] {...}
# 39| [Class] OnePartPartialClass
# 41| 6: [Method] PartialMethodWithoutBody2
# 41| -1: [TypeMention] Void
# 42| 7: [Method] Method4
# 42| -1: [TypeMention] Void
# 42| 4: [BlockStmt] {...}
# 45| [Class] NonPartialClass
# 47| 6: [Method] Method5
# 47| -1: [TypeMention] Void
# 47| 4: [BlockStmt] {...}
# 48| 7: [Property] Property
# 48| -1: [TypeMention] object
# 48| 3: [Getter] get_Property
# 48| 4: [Setter] set_Property
#-----| 2: (Parameters)
# 48| 0: [Parameter] value
# 49| 8: [Indexer] Item
# 49| -1: [TypeMention] object
#-----| 1: (Parameters)
# 42| 0: [Parameter] index
# 42| -1: [TypeMention] int
# 44| 3: [Getter] get_Item
# 49| 0: [Parameter] index
# 49| -1: [TypeMention] int
# 51| 3: [Getter] get_Item
#-----| 2: (Parameters)
# 42| 0: [Parameter] index
# 44| 4: [BlockStmt] {...}
# 44| 0: [ReturnStmt] return ...;
# 44| 0: [NullLiteral] null
# 45| 4: [Setter] set_Item
# 49| 0: [Parameter] index
# 51| 4: [BlockStmt] {...}
# 51| 0: [ReturnStmt] return ...;
# 51| 0: [NullLiteral] null
# 52| 4: [Setter] set_Item
#-----| 2: (Parameters)
# 42| 0: [Parameter] index
# 45| 1: [Parameter] value
# 45| 4: [BlockStmt] {...}
# 49| 0: [Parameter] index
# 52| 1: [Parameter] value
# 52| 4: [BlockStmt] {...}
# 54| 9: [Event] Event
# 54| -1: [TypeMention] EventHandler
# 54| 3: [AddEventAccessor] add_Event
#-----| 2: (Parameters)
# 54| 0: [Parameter] value
# 54| 4: [RemoveEventAccessor] remove_Event
#-----| 2: (Parameters)
# 54| 0: [Parameter] value
PartialMultipleFiles1.cs:
# 1| [Class] PartialMultipleFiles
PartialMultipleFiles2.cs:

16
csharp/ql/test/library-tests/properties/PrintAst.expected
View File

@@ -230,3 +230,19 @@ properties.cs:
#-----| 2: (Parameters)
# 124| 0: [Parameter] value
# 124| 4: [BlockStmt] {...}
# 128| 10: [Class] UseFieldKeyword
# 130| 6: [Property] Prop
# 130| -1: [TypeMention] object
# 132| 3: [Getter] get_Prop
# 132| 4: [BlockStmt] {...}
# 132| 0: [ReturnStmt] return ...;
# 132| 0: [FieldAccess] access to field Prop.field
# 133| 4: [Setter] set_Prop
#-----| 2: (Parameters)
# 133| 0: [Parameter] value
# 133| 4: [BlockStmt] {...}
# 133| 0: [ExprStmt] ...;
# 133| 0: [AssignExpr] ... = ...
# 133| 0: [FieldAccess] access to field Prop.field
# 133| 1: [ParameterAccess] access to parameter value
# 130| 7: [Field] Prop.field

1
csharp/ql/test/library-tests/properties/Properties17.expected
View File

@@ -1,3 +1,4 @@
| Prop.field |
| caption |
| next |
| y |

2
csharp/ql/test/library-tests/properties/Properties17.ql
View File

@@ -1,5 +1,5 @@
/**
* @name Test that there are no backing fields
* @name Test that there are no backing fields except for properties that use the `field` keyword in their getter or setter.
*/
import csharp

9
csharp/ql/test/library-tests/properties/properties.cs
View File

@@ -124,4 +124,13 @@ namespace Properties
set { }
}
}
class UseFieldKeyword
{
public object Prop
{
get { return field; }
set { field = value; }
}
}
}

86
csharp/ql/test/query-tests/API Abuse/ClassDoesNotImplementEquals/NullableTest.cs Normal file
View File

@@ -0,0 +1,86 @@
using System;
#nullable enable
namespace Test
{
class TestClass1 : IEquatable<TestClass1>
{
private int field1;
public bool Equals(TestClass1? param1)
{
return param1 != null && field1 == param1.field1;
}
public override bool Equals(object? param2)
{
return param2 is TestClass1 tc && Equals(tc);
}
public override int GetHashCode()
{
return field1;
}
}
class TestClass2 : IEquatable<TestClass2>
{
private int field1;
public bool Equals(TestClass2 param1)
{
return param1 != null && field1 == param1.field1;
}
public override bool Equals(object? param2)
{
return param2 is TestClass2 tc && Equals(tc);
}
public override int GetHashCode()
{
return field1;
}
}
class TestClass3 : IEquatable<TestClass3>
{
private int field1;
public bool Equals(TestClass3? param1)
{
return param1 != null && field1 == param1.field1;
}
public override bool Equals(object param2)
{
return param2 is TestClass3 tc && Equals(tc);
}
public override int GetHashCode()
{
return field1;
}
}
class TestClass4 : IEquatable<TestClass4>
{
private int field1;
public bool Equals(TestClass4 param1)
{
return param1 != null && field1 == param1.field1;
}
public override bool Equals(object param2)
{
return param2 is TestClass4 tc && Equals(tc);
}
public override int GetHashCode()
{
return field1;
}
}
}

86
csharp/ql/test/query-tests/API Abuse/IncorrectEqualsSignature/NullableTest.cs Normal file
View File

@@ -0,0 +1,86 @@
using System;
#nullable enable
namespace Test
{
class TestClass1 : IEquatable<TestClass1>
{
private int field1;
public bool Equals(TestClass1? param1)
{
return param1 != null && field1 == param1.field1;
}
public override bool Equals(object? param2)
{
return param2 is TestClass1 tc && Equals(tc);
}
public override int GetHashCode()
{
return field1;
}
}
class TestClass2 : IEquatable<TestClass2>
{
private int field1;
public bool Equals(TestClass2 param1)
{
return param1 != null && field1 == param1.field1;
}
public override bool Equals(object? param2)
{
return param2 is TestClass2 tc && Equals(tc);
}
public override int GetHashCode()
{
return field1;
}
}
class TestClass3 : IEquatable<TestClass3>
{
private int field1;
public bool Equals(TestClass3? param1)
{
return param1 != null && field1 == param1.field1;
}
public override bool Equals(object param2)
{
return param2 is TestClass3 tc && Equals(tc);
}
public override int GetHashCode()
{
return field1;
}
}
class TestClass4 : IEquatable<TestClass4>
{
private int field1;
public bool Equals(TestClass4 param1)
{
return param1 != null && field1 == param1.field1;
}
public override bool Equals(object param2)
{
return param2 is TestClass4 tc && Equals(tc);
}
public override int GetHashCode()
{
return field1;
}
}
}

4
docs/codeql/reusables/supported-versions-compilers.rst
View File

@@ -18,7 +18,7 @@
.NET 5, .NET 6, .NET 7, .NET 8, .NET 9","``.sln``, ``.slnx``, ``.csproj``, ``.cs``, ``.cshtml``, ``.xaml``"
GitHub Actions,"Not applicable",Not applicable,"``.github/workflows/*.yml``, ``.github/workflows/*.yaml``, ``**/action.yml``, ``**/action.yaml``"
Go (aka Golang), "Go up to 1.26", "Go 1.11 or more recent", ``.go``
Java,"Java 7 to 25 [6]_","javac (OpenJDK and Oracle JDK),
Java,"Java 7 to 26 [6]_","javac (OpenJDK and Oracle JDK),
Eclipse compiler for Java (ECJ) [7]_",``.java``
Kotlin,"Kotlin 1.8.0 to 2.3.0\ *x*","kotlinc",``.kt``
@@ -36,7 +36,7 @@
.. [3] Objective-C, Objective-C++, C++/CLI, and C++/CX are not supported.
.. [4] Support for the clang-cl compiler is preliminary.
.. [5] Support for the Arm Compiler (armcc) is preliminary.
.. [6] Builds that execute on Java 7 to 25 can be analyzed. The analysis understands standard language features in Java 8 to 25; "preview" and "incubator" features are not supported. Source code using Java language versions older than Java 8 are analyzed as Java 8 code.
.. [6] Builds that execute on Java 7 to 26 can be analyzed. The analysis understands standard language features in Java 8 to 26; "preview" and "incubator" features are not supported. Source code using Java language versions older than Java 8 are analyzed as Java 8 code.
.. [7] ECJ is supported when the build invokes it via the Maven Compiler plugin or the Takari Lifecycle plugin.
.. [8] JSX and Flow code, YAML, JSON, HTML, and XML files may also be analyzed with JavaScript files.
.. [9] The extractor requires Python 3 to run. To analyze Python 2.7 you should install both versions of Python.

2
go/ql/consistency-queries/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql-go-consistency-queries
version: 1.0.42
version: 1.0.43-dev
groups:
- go
- queries

2
go/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/go-all
version: 7.0.0
version: 7.0.1-dev
groups: go
dbscheme: go.dbscheme
extractor: go

2
go/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/go-queries
version: 1.5.6
version: 1.5.7-dev
groups:
- go
- queries

4
java/ql/lib/change-notes/2026-02-12-jakarta.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Some modelling which previously only worked for Java EE packages beginning with "javax" will now also work for Java EE packages beginning with "jakarta" as well. This may lead to some alert changes.

58
java/ql/lib/experimental/quantum/JCA.qll
View File

@@ -295,7 +295,7 @@ module JCAModel {
class CipherGetInstanceCall extends MethodCall {
CipherGetInstanceCall() {
this.getCallee().hasQualifiedName("javax.crypto", "Cipher", "getInstance")
this.getCallee().hasQualifiedName(javaxOrJakarta() + ".crypto", "Cipher", "getInstance")
}
Expr getAlgorithmArg() { result = this.getArgument(0) }
@@ -307,7 +307,8 @@ module JCAModel {
private class CipherOperationCall extends MethodCall {
CipherOperationCall() {
this.getMethod()
.hasQualifiedName("javax.crypto", "Cipher", ["update", "doFinal", "wrap", "unwrap"])
.hasQualifiedName(javaxOrJakarta() + ".crypto", "Cipher",
["update", "doFinal", "wrap", "unwrap"])
}
predicate isIntermediate() { this.getMethod().getName() = "update" }
@@ -474,7 +475,9 @@ module JCAModel {
* An access to the `javax.crypto.Cipher` class.
*/
private class CipherAccess extends TypeAccess {
CipherAccess() { this.getType().(Class).hasQualifiedName("javax.crypto", "Cipher") }
CipherAccess() {
this.getType().(Class).hasQualifiedName(javaxOrJakarta() + ".crypto", "Cipher")
}
}
/**
@@ -708,7 +711,9 @@ module JCAModel {
// and through setter methods
class IvParameterSpecInstance extends NonceParameterInstantiation {
IvParameterSpecInstance() {
super.getConstructedType().hasQualifiedName("javax.crypto.spec", "IvParameterSpec")
super
.getConstructedType()
.hasQualifiedName(javaxOrJakarta() + ".crypto.spec", "IvParameterSpec")
}
override DataFlow::Node getInputNode() { result.asExpr() = super.getArgument(0) }
@@ -717,7 +722,9 @@ module JCAModel {
// TODO: this also specifies the tag length for GCM
class GCMParameterSpecInstance extends NonceParameterInstantiation {
GCMParameterSpecInstance() {
super.getConstructedType().hasQualifiedName("javax.crypto.spec", "GCMParameterSpec")
super
.getConstructedType()
.hasQualifiedName(javaxOrJakarta() + ".crypto.spec", "GCMParameterSpec")
}
override DataFlow::Node getInputNode() { result.asExpr() = super.getArgument(1) }
@@ -725,7 +732,8 @@ module JCAModel {
class IvParameterSpecGetIvCall extends MethodCall {
IvParameterSpecGetIvCall() {
this.getMethod().hasQualifiedName("javax.crypto.spec", "IvParameterSpec", "getIV")
this.getMethod()
.hasQualifiedName(javaxOrJakarta() + ".crypto.spec", "IvParameterSpec", "getIV")
}
}
@@ -797,7 +805,9 @@ module JCAModel {
}
class CipherInitCall extends MethodCall {
CipherInitCall() { this.getCallee().hasQualifiedName("javax.crypto", "Cipher", "init") }
CipherInitCall() {
this.getCallee().hasQualifiedName(javaxOrJakarta() + ".crypto", "Cipher", "init")
}
/**
* Returns the mode argument to the `init` method
@@ -966,7 +976,9 @@ module JCAModel {
class DHGenParameterSpecInstance extends KeyGeneratorParameterSpecClassInstanceExpr {
DHGenParameterSpecInstance() {
super.getConstructedType().hasQualifiedName("javax.crypto.spec", "DHGenParameterSpec")
super
.getConstructedType()
.hasQualifiedName(javaxOrJakarta() + ".crypto.spec", "DHGenParameterSpec")
}
Expr getPrimeSizeArg() { result = this.getArgument(0) }
@@ -1067,7 +1079,7 @@ module JCAModel {
//TODO: Link getAlgorithm from KeyPairGenerator to algorithm instances or AVCs? High priority.
class KeyGeneratorGetInstanceCall extends MethodCall {
KeyGeneratorGetInstanceCall() {
this.getCallee().hasQualifiedName("javax.crypto", "KeyGenerator", "getInstance")
this.getCallee().hasQualifiedName(javaxOrJakarta() + ".crypto", "KeyGenerator", "getInstance")
or
this.getCallee().hasQualifiedName("java.security", "KeyPairGenerator", "getInstance")
}
@@ -1082,7 +1094,8 @@ module JCAModel {
this.getCallee().hasQualifiedName("java.security", "KeyPairGenerator", "initialize") and
keyType = Crypto::TAsymmetricKeyType()
or
this.getCallee().hasQualifiedName("javax.crypto", "KeyGenerator", ["init", "initialize"]) and
this.getCallee()
.hasQualifiedName(javaxOrJakarta() + ".crypto", "KeyGenerator", ["init", "initialize"]) and
keyType = Crypto::TSymmetricKeyType()
}
@@ -1111,7 +1124,7 @@ module JCAModel {
Crypto::KeyArtifactType type;
KeyGeneratorGenerateCall() {
this.getCallee().hasQualifiedName("javax.crypto", "KeyGenerator", "generateKey") and
this.getCallee().hasQualifiedName(javaxOrJakarta() + ".crypto", "KeyGenerator", "generateKey") and
type instanceof Crypto::TSymmetricKeyType
or
this.getCallee()
@@ -1176,7 +1189,7 @@ module JCAModel {
class KeySpecInstantiation extends ClassInstanceExpr {
KeySpecInstantiation() {
this.getConstructedType()
.hasQualifiedName("javax.crypto.spec",
.hasQualifiedName(javaxOrJakarta() + ".crypto.spec",
["PBEKeySpec", "SecretKeySpec", "PBEKeySpec", "DESedeKeySpec"])
}
@@ -1227,7 +1240,8 @@ module JCAModel {
class SecretKeyFactoryGetInstanceCall extends MethodCall {
SecretKeyFactoryGetInstanceCall() {
this.getCallee().hasQualifiedName("javax.crypto", "SecretKeyFactory", "getInstance")
this.getCallee()
.hasQualifiedName(javaxOrJakarta() + ".crypto", "SecretKeyFactory", "getInstance")
}
Expr getAlgorithmArg() { result = this.getArgument(0) }
@@ -1235,7 +1249,8 @@ module JCAModel {
class SecretKeyFactoryGenerateSecretCall extends MethodCall {
SecretKeyFactoryGenerateSecretCall() {
this.getCallee().hasQualifiedName("javax.crypto", "SecretKeyFactory", "generateSecret")
this.getCallee()
.hasQualifiedName(javaxOrJakarta() + ".crypto", "SecretKeyFactory", "generateSecret")
}
Expr getKeySpecArg() { result = this.getArgument(0) }
@@ -1430,7 +1445,7 @@ module JCAModel {
class KeyAgreementInitCall extends MethodCall {
KeyAgreementInitCall() {
this.getCallee().hasQualifiedName("javax.crypto", "KeyAgreement", "init")
this.getCallee().hasQualifiedName(javaxOrJakarta() + ".crypto", "KeyAgreement", "init")
}
Expr getServerKeyArg() { result = this.getArgument(0) }
@@ -1438,7 +1453,7 @@ module JCAModel {
class KeyAgreementGetInstanceCall extends MethodCall {
KeyAgreementGetInstanceCall() {
this.getCallee().hasQualifiedName("javax.crypto", "KeyAgreement", "getInstance")
this.getCallee().hasQualifiedName(javaxOrJakarta() + ".crypto", "KeyAgreement", "getInstance")
}
Expr getAlgorithmArg() { result = super.getArgument(0) }
@@ -1482,7 +1497,8 @@ module JCAModel {
class KeyAgreementCall extends MethodCall {
KeyAgreementCall() {
this.getCallee()
.hasQualifiedName("javax.crypto", "KeyAgreement", ["generateSecret", "doPhase"])
.hasQualifiedName(javaxOrJakarta() + ".crypto", "KeyAgreement",
["generateSecret", "doPhase"])
}
predicate isIntermediate() { this.getCallee().getName() = "doPhase" }
@@ -1647,7 +1663,9 @@ module JCAModel {
}
class MacGetInstanceCall extends MethodCall {
MacGetInstanceCall() { this.getCallee().hasQualifiedName("javax.crypto", "Mac", "getInstance") }
MacGetInstanceCall() {
this.getCallee().hasQualifiedName(javaxOrJakarta() + ".crypto", "Mac", "getInstance")
}
Expr getAlgorithmArg() { result = this.getArgument(0) }
@@ -1663,7 +1681,7 @@ module JCAModel {
}
class MacInitCall extends MethodCall {
MacInitCall() { this.getCallee().hasQualifiedName("javax.crypto", "Mac", "init") }
MacInitCall() { this.getCallee().hasQualifiedName(javaxOrJakarta() + ".crypto", "Mac", "init") }
Expr getKeyArg() {
result = this.getArgument(0) and this.getMethod().getParameterType(0).hasName("Key")
@@ -1691,7 +1709,7 @@ module JCAModel {
Expr output;
MacOperationCall() {
super.getMethod().getDeclaringType().hasQualifiedName("javax.crypto", "Mac") and
super.getMethod().getDeclaringType().hasQualifiedName(javaxOrJakarta() + ".crypto", "Mac") and
(
super.getMethod().hasStringSignature(["doFinal()", "doFinal(byte[])"]) and this = output
or

2
java/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/java-all
version: 8.1.0
version: 8.1.1-dev
groups: java
dbscheme: config/semmlecode.dbscheme
extractor: java

33
java/ql/lib/semmle/code/java/J2EE.qll
View File

@@ -6,52 +6,67 @@ module;
import Type
/** Gets "java" or "jakarta". */
string javaxOrJakarta() { result = ["javax", "jakarta"] }
/** An entity bean. */
class EntityBean extends Class {
EntityBean() {
exists(Interface i | i.hasQualifiedName("javax.ejb", "EntityBean") | this.hasSupertype+(i))
exists(Interface i | i.hasQualifiedName(javaxOrJakarta() + ".ejb", "EntityBean") |
this.hasSupertype+(i)
)
}
}
/** An enterprise bean. */
class EnterpriseBean extends RefType {
EnterpriseBean() {
exists(Interface i | i.hasQualifiedName("javax.ejb", "EnterpriseBean") | this.hasSupertype+(i))
exists(Interface i | i.hasQualifiedName(javaxOrJakarta() + ".ejb", "EnterpriseBean") |
this.hasSupertype+(i)
)
}
}
/** A local EJB home interface. */
class LocalEjbHomeInterface extends Interface {
LocalEjbHomeInterface() {
exists(Interface i | i.hasQualifiedName("javax.ejb", "EJBLocalHome") | this.hasSupertype+(i))
exists(Interface i | i.hasQualifiedName(javaxOrJakarta() + ".ejb", "EJBLocalHome") |
this.hasSupertype+(i)
)
}
}
/** A remote EJB home interface. */
class RemoteEjbHomeInterface extends Interface {
RemoteEjbHomeInterface() {
exists(Interface i | i.hasQualifiedName("javax.ejb", "EJBHome") | this.hasSupertype+(i))
exists(Interface i | i.hasQualifiedName(javaxOrJakarta() + ".ejb", "EJBHome") |
this.hasSupertype+(i)
)
}
}
/** A local EJB interface. */
class LocalEjbInterface extends Interface {
LocalEjbInterface() {
exists(Interface i | i.hasQualifiedName("javax.ejb", "EJBLocalObject") | this.hasSupertype+(i))
exists(Interface i | i.hasQualifiedName(javaxOrJakarta() + ".ejb", "EJBLocalObject") |
this.hasSupertype+(i)
)
}
}
/** A remote EJB interface. */
class RemoteEjbInterface extends Interface {
RemoteEjbInterface() {
exists(Interface i | i.hasQualifiedName("javax.ejb", "EJBObject") | this.hasSupertype+(i))
exists(Interface i | i.hasQualifiedName(javaxOrJakarta() + ".ejb", "EJBObject") |
this.hasSupertype+(i)
)
}
}
/** A message bean. */
class MessageBean extends Class {
MessageBean() {
exists(Interface i | i.hasQualifiedName("javax.ejb", "MessageDrivenBean") |
exists(Interface i | i.hasQualifiedName(javaxOrJakarta() + ".ejb", "MessageDrivenBean") |
this.hasSupertype+(i)
)
}
@@ -60,6 +75,8 @@ class MessageBean extends Class {
/** A session bean. */
class SessionBean extends Class {
SessionBean() {
exists(Interface i | i.hasQualifiedName("javax.ejb", "SessionBean") | this.hasSupertype+(i))
exists(Interface i | i.hasQualifiedName(javaxOrJakarta() + ".ejb", "SessionBean") |
this.hasSupertype+(i)
)
}
}

16
java/ql/lib/semmle/code/java/JMX.qll
View File

@@ -18,7 +18,7 @@ class MBean extends ManagedBean {
class MXBean extends ManagedBean {
MXBean() {
this.getQualifiedName().matches("%MXBean%") or
this.getAnAnnotation().getType().hasQualifiedName("javax.management", "MXBean")
this.getAnAnnotation().getType().hasQualifiedName(javaxOrJakarta() + ".management", "MXBean")
}
}
@@ -61,7 +61,7 @@ class JmxRegistrationCall extends MethodCall {
class JmxRegistrationMethod extends Method {
JmxRegistrationMethod() {
// A direct registration with the `MBeanServer`.
this.getDeclaringType().hasQualifiedName("javax.management", "MBeanServer") and
this.getDeclaringType().hasQualifiedName(javaxOrJakarta() + ".management", "MBeanServer") and
this.getName() = "registerMBean"
or
// The `MBeanServer` is often wrapped by an application specific management class, so identify
@@ -78,7 +78,7 @@ class JmxRegistrationMethod extends Method {
*/
int getObjectPosition() {
// Passed as the first argument to `registerMBean`.
this.getDeclaringType().hasQualifiedName("javax.management", "MBeanServer") and
this.getDeclaringType().hasQualifiedName(javaxOrJakarta() + ".management", "MBeanServer") and
this.getName() = "registerMBean" and
result = 0
or
@@ -92,16 +92,20 @@ class JmxRegistrationMethod extends Method {
/** The class `javax.management.remote.JMXConnectorFactory`. */
class TypeJmxConnectorFactory extends Class {
TypeJmxConnectorFactory() {
this.hasQualifiedName("javax.management.remote", "JMXConnectorFactory")
this.hasQualifiedName(javaxOrJakarta() + ".management.remote", "JMXConnectorFactory")
}
}
/** The class `javax.management.remote.JMXServiceURL`. */
class TypeJmxServiceUrl extends Class {
TypeJmxServiceUrl() { this.hasQualifiedName("javax.management.remote", "JMXServiceURL") }
TypeJmxServiceUrl() {
this.hasQualifiedName(javaxOrJakarta() + ".management.remote", "JMXServiceURL")
}
}
/** The class `javax.management.remote.rmi.RMIConnector`. */
class TypeRmiConnector extends Class {
TypeRmiConnector() { this.hasQualifiedName("javax.management.remote.rmi", "RMIConnector") }
TypeRmiConnector() {
this.hasQualifiedName(javaxOrJakarta() + ".management.remote.rmi", "RMIConnector")
}
}

8
java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll
View File

@@ -316,7 +316,7 @@ class FacesComponentReflectivelyConstructedClass extends ReflectivelyConstructed
* Entry point for EJB home interfaces.
*/
class EjbHome extends Interface, EntryPoint {
EjbHome() { this.getAnAncestor().hasQualifiedName("javax.ejb", "EJBHome") }
EjbHome() { this.getAnAncestor().hasQualifiedName(javaxOrJakarta() + ".ejb", "EJBHome") }
override Callable getALiveCallable() { result = this.getACallable() }
}
@@ -325,7 +325,7 @@ class EjbHome extends Interface, EntryPoint {
* Entry point for EJB object interfaces.
*/
class EjbObject extends Interface, EntryPoint {
EjbObject() { this.getAnAncestor().hasQualifiedName("javax.ejb", "EJBObject") }
EjbObject() { this.getAnAncestor().hasQualifiedName(javaxOrJakarta() + ".ejb", "EJBObject") }
override Callable getALiveCallable() { result = this.getACallable() }
}
@@ -341,7 +341,9 @@ class GsonDeserializationEntryPoint extends ReflectivelyConstructedClass {
class JaxbDeserializationEntryPoint extends ReflectivelyConstructedClass {
JaxbDeserializationEntryPoint() {
// A class can be deserialized by JAXB if it's an `XmlRootElement`...
this.getAnAnnotation().getType().hasQualifiedName("javax.xml.bind.annotation", "XmlRootElement")
this.getAnAnnotation()
.getType()
.hasQualifiedName(javaxOrJakarta() + ".xml.bind.annotation", "XmlRootElement")
or
// ... or the type of an `XmlElement` field.
exists(Field elementField |

2
java/ql/lib/semmle/code/java/deadcode/WebEntryPoints.qll
View File

@@ -45,7 +45,7 @@ class ServletListenerClass extends ReflectivelyConstructedClass {
*/
class ServletFilterClass extends ReflectivelyConstructedClass {
ServletFilterClass() {
this.getAnAncestor().hasQualifiedName("javax.servlet", "Filter") and
this.getAnAncestor().hasQualifiedName(javaxOrJakarta() + ".servlet", "Filter") and
// If we have seen any `web.xml` files, this filter will be considered to be live only if it is
// referred to as a filter-class in at least one. If no `web.xml` files are found, we assume
// that XML extraction was not enabled, and therefore consider all filter classes as live.

6
java/ql/lib/semmle/code/java/frameworks/JAXB.qll
View File

@@ -6,20 +6,20 @@ import semmle.code.java.Type
class JaxbElement extends Class {
JaxbElement() {
this.getAnAncestor().hasQualifiedName("javax.xml.bind", "JAXBElement") or
this.getAnAncestor().hasQualifiedName(javaxOrJakarta() + ".xml.bind", "JAXBElement") or
this.getAnAnnotation().getType().getName() = "XmlRootElement"
}
}
class JaxbMarshalMethod extends Method {
JaxbMarshalMethod() {
this.getDeclaringType().hasQualifiedName("javax.xml.bind", "Marshaller") and
this.getDeclaringType().hasQualifiedName(javaxOrJakarta() + ".xml.bind", "Marshaller") and
this.getName() = "marshal"
}
}
class JaxbAnnotationType extends AnnotationType {
JaxbAnnotationType() { this.getPackage().getName() = "javax.xml.bind.annotation" }
JaxbAnnotationType() { this.getPackage().getName() = javaxOrJakarta() + ".xml.bind.annotation" }
}
class JaxbAnnotated extends Annotatable {

62
java/ql/lib/semmle/code/java/frameworks/JavaxAnnotations.qll
View File

@@ -14,35 +14,45 @@ import java
* A `@javax.annotation.Generated` annotation.
*/
class GeneratedAnnotation extends Annotation {
GeneratedAnnotation() { this.getType().hasQualifiedName("javax.annotation", "Generated") }
GeneratedAnnotation() {
this.getType().hasQualifiedName(javaxOrJakarta() + ".annotation", "Generated")
}
}
/**
* A `@javax.annotation.PostConstruct` annotation.
*/
class PostConstructAnnotation extends Annotation {
PostConstructAnnotation() { this.getType().hasQualifiedName("javax.annotation", "PostConstruct") }
PostConstructAnnotation() {
this.getType().hasQualifiedName(javaxOrJakarta() + ".annotation", "PostConstruct")
}
}
/**
* A `@javax.annotation.PreDestroy` annotation.
*/
class PreDestroyAnnotation extends Annotation {
PreDestroyAnnotation() { this.getType().hasQualifiedName("javax.annotation", "PreDestroy") }
PreDestroyAnnotation() {
this.getType().hasQualifiedName(javaxOrJakarta() + ".annotation", "PreDestroy")
}
}
/**
* A `@javax.annotation.Resource` annotation.
*/
class ResourceAnnotation extends Annotation {
ResourceAnnotation() { this.getType().hasQualifiedName("javax.annotation", "Resource") }
ResourceAnnotation() {
this.getType().hasQualifiedName(javaxOrJakarta() + ".annotation", "Resource")
}
}
/**
* A `@javax.annotation.Resources` annotation.
*/
class ResourcesAnnotation extends Annotation {
ResourcesAnnotation() { this.getType().hasQualifiedName("javax.annotation", "Resources") }
ResourcesAnnotation() {
this.getType().hasQualifiedName(javaxOrJakarta() + ".annotation", "Resources")
}
}
/**
@@ -50,7 +60,7 @@ class ResourcesAnnotation extends Annotation {
*/
class JavaxManagedBeanAnnotation extends Annotation {
JavaxManagedBeanAnnotation() {
this.getType().hasQualifiedName("javax.annotation", "ManagedBean")
this.getType().hasQualifiedName(javaxOrJakarta() + ".annotation", "ManagedBean")
}
}
@@ -63,7 +73,7 @@ class JavaxManagedBeanAnnotation extends Annotation {
*/
class DeclareRolesAnnotation extends Annotation {
DeclareRolesAnnotation() {
this.getType().hasQualifiedName("javax.annotation.security", "DeclareRoles")
this.getType().hasQualifiedName(javaxOrJakarta() + ".annotation.security", "DeclareRoles")
}
}
@@ -71,7 +81,9 @@ class DeclareRolesAnnotation extends Annotation {
* A `@javax.annotation.security.DenyAll` annotation.
*/
class DenyAllAnnotation extends Annotation {
DenyAllAnnotation() { this.getType().hasQualifiedName("javax.annotation.security", "DenyAll") }
DenyAllAnnotation() {
this.getType().hasQualifiedName(javaxOrJakarta() + ".annotation.security", "DenyAll")
}
}
/**
@@ -79,7 +91,7 @@ class DenyAllAnnotation extends Annotation {
*/
class PermitAllAnnotation extends Annotation {
PermitAllAnnotation() {
this.getType().hasQualifiedName("javax.annotation.security", "PermitAll")
this.getType().hasQualifiedName(javaxOrJakarta() + ".annotation.security", "PermitAll")
}
}
@@ -88,7 +100,7 @@ class PermitAllAnnotation extends Annotation {
*/
class RolesAllowedAnnotation extends Annotation {
RolesAllowedAnnotation() {
this.getType().hasQualifiedName("javax.annotation.security", "RolesAllowed")
this.getType().hasQualifiedName(javaxOrJakarta() + ".annotation.security", "RolesAllowed")
}
}
@@ -96,7 +108,9 @@ class RolesAllowedAnnotation extends Annotation {
* A `@javax.annotation.security.RunAs` annotation.
*/
class RunAsAnnotation extends Annotation {
RunAsAnnotation() { this.getType().hasQualifiedName("javax.annotation.security", "RunAs") }
RunAsAnnotation() {
this.getType().hasQualifiedName(javaxOrJakarta() + ".annotation.security", "RunAs")
}
}
/*
@@ -107,7 +121,9 @@ class RunAsAnnotation extends Annotation {
* A `@javax.interceptor.AroundInvoke` annotation.
*/
class AroundInvokeAnnotation extends Annotation {
AroundInvokeAnnotation() { this.getType().hasQualifiedName("javax.interceptor", "AroundInvoke") }
AroundInvokeAnnotation() {
this.getType().hasQualifiedName(javaxOrJakarta() + ".interceptor", "AroundInvoke")
}
}
/**
@@ -115,7 +131,7 @@ class AroundInvokeAnnotation extends Annotation {
*/
class ExcludeClassInterceptorsAnnotation extends Annotation {
ExcludeClassInterceptorsAnnotation() {
this.getType().hasQualifiedName("javax.interceptor", "ExcludeClassInterceptors")
this.getType().hasQualifiedName(javaxOrJakarta() + ".interceptor", "ExcludeClassInterceptors")
}
}
@@ -124,7 +140,7 @@ class ExcludeClassInterceptorsAnnotation extends Annotation {
*/
class ExcludeDefaultInterceptorsAnnotation extends Annotation {
ExcludeDefaultInterceptorsAnnotation() {
this.getType().hasQualifiedName("javax.interceptor", "ExcludeDefaultInterceptors")
this.getType().hasQualifiedName(javaxOrJakarta() + ".interceptor", "ExcludeDefaultInterceptors")
}
}
@@ -132,7 +148,9 @@ class ExcludeDefaultInterceptorsAnnotation extends Annotation {
* A `@javax.interceptor.Interceptors` annotation.
*/
class InterceptorsAnnotation extends Annotation {
InterceptorsAnnotation() { this.getType().hasQualifiedName("javax.interceptor", "Interceptors") }
InterceptorsAnnotation() {
this.getType().hasQualifiedName(javaxOrJakarta() + ".interceptor", "Interceptors")
}
}
/*
@@ -143,14 +161,16 @@ class InterceptorsAnnotation extends Annotation {
* A `@javax.jws.WebMethod` annotation.
*/
class WebMethodAnnotation extends Annotation {
WebMethodAnnotation() { this.getType().hasQualifiedName("javax.jws", "WebMethod") }
WebMethodAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".jws", "WebMethod") }
}
/**
* A `@javax.jws.WebService` annotation.
*/
class WebServiceAnnotation extends Annotation {
WebServiceAnnotation() { this.getType().hasQualifiedName("javax.jws", "WebService") }
WebServiceAnnotation() {
this.getType().hasQualifiedName(javaxOrJakarta() + ".jws", "WebService")
}
}
/*
@@ -161,7 +181,9 @@ class WebServiceAnnotation extends Annotation {
* A `@javax.xml.ws.WebServiceRef` annotation.
*/
class WebServiceRefAnnotation extends Annotation {
WebServiceRefAnnotation() { this.getType().hasQualifiedName("javax.xml.ws", "WebServiceRef") }
WebServiceRefAnnotation() {
this.getType().hasQualifiedName(javaxOrJakarta() + ".xml.ws", "WebServiceRef")
}
}
/*
@@ -173,9 +195,7 @@ class WebServiceRefAnnotation extends Annotation {
*/
class PatternAnnotation extends Annotation, RegexMatch::Range {
PatternAnnotation() {
this.getType()
.hasQualifiedName(["javax.validation.constraints", "jakarta.validation.constraints"],
"Pattern")
this.getType().hasQualifiedName(javaxOrJakarta() + ".validation.constraints", "Pattern")
}
override Expr getRegex() { result = this.getValue("regexp") }

9
java/ql/lib/semmle/code/java/frameworks/JaxWS.qll
View File

@@ -13,7 +13,7 @@ private import semmle.code.java.security.XSS
/**
* Gets a name for the root package of JAX-RS.
*/
string getAJaxRsPackage() { result in ["javax.ws.rs", "jakarta.ws.rs"] }
string getAJaxRsPackage() { result = javaxOrJakarta() + ".ws.rs" }
/**
* Gets a name for package `subpackage` within the JAX-RS hierarchy.
@@ -42,7 +42,7 @@ class JaxWsEndpoint extends Class {
result.isPublic() and
not result instanceof InitializerMethod and
not exists(Annotation a | a = result.getAnAnnotation() |
a.getType().hasQualifiedName(["javax", "jakarta"] + ".jws", "WebMethod") and
a.getType().hasQualifiedName(javaxOrJakarta() + ".jws", "WebMethod") and
a.getValue("exclude").(BooleanLiteral).getBooleanValue() = true
) and
forex(ParamOrReturn paramOrRet | paramOrRet = result.getAParameter() or paramOrRet = result |
@@ -62,8 +62,7 @@ class JaxWsEndpoint extends Class {
/** The annotation type `@XmlJavaTypeAdapter`. */
class XmlJavaTypeAdapter extends AnnotationType {
XmlJavaTypeAdapter() {
this.hasQualifiedName(["javax", "jakarta"] + ".xml.bind.annotation.adapters",
"XmlJavaTypeAdapter")
this.hasQualifiedName(javaxOrJakarta() + ".xml.bind.annotation.adapters", "XmlJavaTypeAdapter")
}
}
@@ -292,7 +291,7 @@ class JaxRSAnnotation extends Annotation {
JaxRSAnnotation() {
exists(AnnotationType a |
a = this.getType() and
a.getPackage().getName().regexpMatch(["javax\\.ws\\.rs(\\..*)?", "jakarta\\.ws\\.rs(\\..*)?"])
a.getPackage().getName().regexpMatch(javaxOrJakarta() + "\\.ws\\.rs(\\..*)?")
)
}
}

2
java/ql/lib/semmle/code/java/frameworks/Jms.qll
View File

@@ -7,6 +7,6 @@ import java
/** The method `ObjectMessage.getObject`. */
class ObjectMessageGetObjectMethod extends Method {
ObjectMessageGetObjectMethod() {
this.hasQualifiedName(["javax", "jakarta"] + ".jms", "ObjectMessage", "getObject")
this.hasQualifiedName(javaxOrJakarta() + ".jms", "ObjectMessage", "getObject")
}
}

14
java/ql/lib/semmle/code/java/frameworks/Jndi.qll
View File

@@ -9,32 +9,34 @@ import java
/*--- Types ---*/
/** The interface `javax.naming.Context`. */
class TypeNamingContext extends Interface {
TypeNamingContext() { this.hasQualifiedName("javax.naming", "Context") }
TypeNamingContext() { this.hasQualifiedName(javaxOrJakarta() + ".naming", "Context") }
}
/** The class `javax.naming.CompositeName`. */
class TypeCompositeName extends Class {
TypeCompositeName() { this.hasQualifiedName("javax.naming", "CompositeName") }
TypeCompositeName() { this.hasQualifiedName(javaxOrJakarta() + ".naming", "CompositeName") }
}
/** The class `javax.naming.CompoundName`. */
class TypeCompoundName extends Class {
TypeCompoundName() { this.hasQualifiedName("javax.naming", "CompoundName") }
TypeCompoundName() { this.hasQualifiedName(javaxOrJakarta() + ".naming", "CompoundName") }
}
/** The interface `javax.naming.directory.DirContext`. */
class TypeDirContext extends Interface {
TypeDirContext() { this.hasQualifiedName("javax.naming.directory", "DirContext") }
TypeDirContext() { this.hasQualifiedName(javaxOrJakarta() + ".naming.directory", "DirContext") }
}
/** The class `javax.naming.directory.SearchControls` */
class TypeSearchControls extends Class {
TypeSearchControls() { this.hasQualifiedName("javax.naming.directory", "SearchControls") }
TypeSearchControls() {
this.hasQualifiedName(javaxOrJakarta() + ".naming.directory", "SearchControls")
}
}
/** The class `javax.naming.ldap.LdapName`. */
class TypeLdapName extends Class {
TypeLdapName() { this.hasQualifiedName("javax.naming.ldap", "LdapName") }
TypeLdapName() { this.hasQualifiedName(javaxOrJakarta() + ".naming.ldap", "LdapName") }
}
/*--- Methods ---*/

2
java/ql/lib/semmle/code/java/frameworks/Mail.qll
View File

@@ -8,7 +8,7 @@ import java
* The class `javax.mail.Session` or `jakarta.mail.Session`.
*/
class MailSession extends Class {
MailSession() { this.hasQualifiedName(["javax.mail", "jakarta.mail"], "Session") }
MailSession() { this.hasQualifiedName(javaxOrJakarta() + ".mail", "Session") }
}
/**

2
java/ql/lib/semmle/code/java/frameworks/Networking.qll
View File

@@ -20,7 +20,7 @@ class TypeSocket extends RefType {
/** The type `javax.net.SocketFactory` */
class TypeSocketFactory extends RefType {
TypeSocketFactory() { this.hasQualifiedName("javax.net", "SocketFactory") }
TypeSocketFactory() { this.hasQualifiedName(javaxOrJakarta() + ".net", "SocketFactory") }
}
/** The type `java.net.URL`. */

38
java/ql/lib/semmle/code/java/frameworks/Servlets.qll
View File

@@ -12,7 +12,7 @@ import semmle.code.java.Type
*/
class ServletRequest extends RefType {
ServletRequest() {
this.hasQualifiedName("javax.servlet", "ServletRequest") or
this.hasQualifiedName(javaxOrJakarta() + ".servlet", "ServletRequest") or
this instanceof HttpServletRequest
}
}
@@ -21,7 +21,9 @@ class ServletRequest extends RefType {
* The interface `javax.servlet.http.HttpServletRequest`.
*/
class HttpServletRequest extends RefType {
HttpServletRequest() { this.hasQualifiedName("javax.servlet.http", "HttpServletRequest") }
HttpServletRequest() {
this.hasQualifiedName(javaxOrJakarta() + ".servlet.http", "HttpServletRequest")
}
}
/**
@@ -168,7 +170,7 @@ class ServletRequestGetBodyMethod extends Method {
*/
class ServletResponse extends RefType {
ServletResponse() {
this.hasQualifiedName("javax.servlet", "ServletResponse") or
this.hasQualifiedName(javaxOrJakarta() + ".servlet", "ServletResponse") or
this instanceof HttpServletResponse
}
}
@@ -177,7 +179,9 @@ class ServletResponse extends RefType {
* The interface `javax.servlet.http.HttpServletResponse`.
*/
class HttpServletResponse extends RefType {
HttpServletResponse() { this.hasQualifiedName("javax.servlet.http", "HttpServletResponse") }
HttpServletResponse() {
this.hasQualifiedName(javaxOrJakarta() + ".servlet.http", "HttpServletResponse")
}
}
/**
@@ -239,7 +243,7 @@ class ServletResponseGetOutputStreamMethod extends Method {
/** The class `javax.servlet.http.Cookie`. */
class TypeCookie extends Class {
TypeCookie() { this.hasQualifiedName("javax.servlet.http", "Cookie") }
TypeCookie() { this.hasQualifiedName(javaxOrJakarta() + ".servlet.http", "Cookie") }
}
/**
@@ -331,7 +335,7 @@ class ResponseSetContentTypeMethod extends Method {
* A class that has `javax.servlet.Servlet` as an ancestor.
*/
class ServletClass extends Class {
ServletClass() { this.getAnAncestor().hasQualifiedName("javax.servlet", "Servlet") }
ServletClass() { this.getAnAncestor().hasQualifiedName(javaxOrJakarta() + ".servlet", "Servlet") }
}
/**
@@ -342,13 +346,13 @@ class ServletClass extends Class {
*/
class ServletWebXmlListenerType extends RefType {
ServletWebXmlListenerType() {
this.hasQualifiedName("javax.servlet", "ServletContextAttributeListener") or
this.hasQualifiedName("javax.servlet", "ServletContextListener") or
this.hasQualifiedName("javax.servlet", "ServletRequestAttributeListener") or
this.hasQualifiedName("javax.servlet", "ServletRequestListener") or
this.hasQualifiedName("javax.servlet.http", "HttpSessionAttributeListener") or
this.hasQualifiedName("javax.servlet.http", "HttpSessionIdListener") or
this.hasQualifiedName("javax.servlet.http", "HttpSessionListener")
this.hasQualifiedName(javaxOrJakarta() + ".servlet", "ServletContextAttributeListener") or
this.hasQualifiedName(javaxOrJakarta() + ".servlet", "ServletContextListener") or
this.hasQualifiedName(javaxOrJakarta() + ".servlet", "ServletRequestAttributeListener") or
this.hasQualifiedName(javaxOrJakarta() + ".servlet", "ServletRequestListener") or
this.hasQualifiedName(javaxOrJakarta() + ".servlet.http", "HttpSessionAttributeListener") or
this.hasQualifiedName(javaxOrJakarta() + ".servlet.http", "HttpSessionIdListener") or
this.hasQualifiedName(javaxOrJakarta() + ".servlet.http", "HttpSessionListener")
// Listeners that are not configured in `web.xml`:
// - `HttpSessionActivationListener`
// - `HttpSessionBindingListener`
@@ -373,8 +377,8 @@ predicate isRequestGetParamMethod(MethodCall ma) {
/** The Java EE RequestDispatcher. */
class RequestDispatcher extends RefType {
RequestDispatcher() {
this.hasQualifiedName(["javax.servlet", "jakarta.servlet"], "RequestDispatcher") or
this.hasQualifiedName("javax.portlet", "PortletRequestDispatcher")
this.hasQualifiedName(javaxOrJakarta() + ".servlet", "RequestDispatcher") or
this.hasQualifiedName(javaxOrJakarta() + ".portlet", "PortletRequestDispatcher")
}
}
@@ -398,7 +402,7 @@ class RequestDispatchMethod extends Method {
* The interface `javax.servlet.ServletContext`.
*/
class ServletContext extends RefType {
ServletContext() { this.hasQualifiedName("javax.servlet", "ServletContext") }
ServletContext() { this.hasQualifiedName(javaxOrJakarta() + ".servlet", "ServletContext") }
}
/** The `getResource` method of `ServletContext`. */
@@ -419,5 +423,5 @@ class GetServletResourceAsStreamMethod extends Method {
/** The interface `javax.servlet.http.HttpSession` */
class HttpServletSession extends RefType {
HttpServletSession() { this.hasQualifiedName("javax.servlet.http", "HttpSession") }
HttpServletSession() { this.hasQualifiedName(javaxOrJakarta() + ".servlet.http", "HttpSession") }
}

2
java/ql/lib/semmle/code/java/frameworks/javaee/JavaServerFaces.qll
View File

@@ -61,7 +61,7 @@ class FacesAccessibleType extends RefType {
class FacesComponent extends Class {
FacesComponent() {
// Must extend UIComponent for it to be a valid component.
this.getAnAncestor().hasQualifiedName("javax.faces.component", "UIComponent") and
this.getAnAncestor().hasQualifiedName(javaxOrJakarta() + ".faces.component", "UIComponent") and
(
// Must be registered using either an annotation
exists(FacesComponentAnnotation componentAnnotation |

2
java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll
View File

@@ -9,7 +9,7 @@ import java
/**
* Gets a JavaEE Persistence API package name.
*/
string getAPersistencePackageName() { result = ["javax.persistence", "jakarta.persistence"] }
string getAPersistencePackageName() { result = javaxOrJakarta() + ".persistence" }
/**
* A `RefType` with the `@Entity` annotation that indicates that it can be persisted using a JPA

2
java/ql/lib/semmle/code/java/frameworks/javaee/Xml.qll
View File

@@ -33,7 +33,7 @@ private class ValidatorConfig extends TransformerConfig {
/** The class `javax.xml.validation.Validator`. */
private class Validator extends RefType {
Validator() { this.hasQualifiedName("javax.xml.validation", "Validator") }
Validator() { this.hasQualifiedName(javaxOrJakarta() + ".xml.validation", "Validator") }
}
/** A safely configured `Validator`. */

100
java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJB.qll
View File

@@ -64,7 +64,7 @@ class SessionEjb extends EJB {
result = this.getASupertype() and
not result.hasQualifiedName("java.io", "Serializable") and
not result.hasQualifiedName("java.io", "Externalizable") and
not result.getPackage().getName() = "javax.ejb"
not result.getPackage().getName() = javaxOrJakarta() + ".ejb"
}
/** Any remote interfaces of this EJB. */
@@ -216,14 +216,14 @@ abstract class BusinessInterfaceAnnotation extends EjbInterfaceAnnotation { }
* An instance of a `@Remote` annotation.
*/
class RemoteAnnotation extends BusinessInterfaceAnnotation {
RemoteAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Remote") }
RemoteAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Remote") }
}
/**
* An instance of a `@Local` annotation.
*/
class LocalAnnotation extends BusinessInterfaceAnnotation {
LocalAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Local") }
LocalAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Local") }
}
/**
@@ -330,7 +330,7 @@ class LocalAnnotatedBusinessInterface extends AnnotatedBusinessInterface {
* A `@javax.ejb.Init` annotation.
*/
class InitAnnotation extends Annotation {
InitAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Init") }
InitAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Init") }
}
/**
@@ -383,14 +383,16 @@ abstract class HomeAnnotation extends EjbInterfaceAnnotation { }
* An instance of a `@RemoteHome` annotation.
*/
class RemoteHomeAnnotation extends HomeAnnotation {
RemoteHomeAnnotation() { this.getType().hasQualifiedName("javax.ejb", "RemoteHome") }
RemoteHomeAnnotation() {
this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "RemoteHome")
}
}
/**
* An instance of a `@LocalHome` annotation.
*/
class LocalHomeAnnotation extends HomeAnnotation {
LocalHomeAnnotation() { this.getType().hasQualifiedName("javax.ejb", "LocalHome") }
LocalHomeAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "LocalHome") }
}
/**
@@ -748,7 +750,9 @@ Type inheritsMatchingCreateMethodExceptThrows(StatefulSessionEjb ejb, EjbInterfa
* A `@javax.ejb.AccessTimeout` annotation.
*/
class AccessTimeoutAnnotation extends Annotation {
AccessTimeoutAnnotation() { this.getType().hasQualifiedName("javax.ejb", "AccessTimeout") }
AccessTimeoutAnnotation() {
this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "AccessTimeout")
}
}
/**
@@ -756,7 +760,7 @@ class AccessTimeoutAnnotation extends Annotation {
*/
class ActivationConfigPropertyAnnotation extends Annotation {
ActivationConfigPropertyAnnotation() {
this.getType().hasQualifiedName("javax.ejb", "ActivationConfigProperty")
this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "ActivationConfigProperty")
}
}
@@ -764,14 +768,18 @@ class ActivationConfigPropertyAnnotation extends Annotation {
* A `@javax.ejb.AfterBegin` annotation.
*/
class AfterBeginAnnotation extends Annotation {
AfterBeginAnnotation() { this.getType().hasQualifiedName("javax.ejb", "AfterBegin") }
AfterBeginAnnotation() {
this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "AfterBegin")
}
}
/**
* A `@javax.ejb.AfterCompletion` annotation.
*/
class AfterCompletionAnnotation extends Annotation {
AfterCompletionAnnotation() { this.getType().hasQualifiedName("javax.ejb", "AfterCompletion") }
AfterCompletionAnnotation() {
this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "AfterCompletion")
}
}
/**
@@ -779,7 +787,7 @@ class AfterCompletionAnnotation extends Annotation {
*/
class ApplicationExceptionAnnotation extends Annotation {
ApplicationExceptionAnnotation() {
this.getType().hasQualifiedName("javax.ejb", "ApplicationException")
this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "ApplicationException")
}
}
@@ -787,14 +795,18 @@ class ApplicationExceptionAnnotation extends Annotation {
* A `@javax.ejb.Asynchronous` annotation.
*/
class AsynchronousAnnotation extends Annotation {
AsynchronousAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Asynchronous") }
AsynchronousAnnotation() {
this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Asynchronous")
}
}
/**
* A `@javax.ejb.BeforeCompletion` annotation.
*/
class BeforeCompletionAnnotation extends Annotation {
BeforeCompletionAnnotation() { this.getType().hasQualifiedName("javax.ejb", "BeforeCompletion") }
BeforeCompletionAnnotation() {
this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "BeforeCompletion")
}
}
/**
@@ -802,7 +814,7 @@ class BeforeCompletionAnnotation extends Annotation {
*/
class ConcurrencyManagementAnnotation extends Annotation {
ConcurrencyManagementAnnotation() {
this.getType().hasQualifiedName("javax.ejb", "ConcurrencyManagement")
this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "ConcurrencyManagement")
}
}
@@ -810,119 +822,127 @@ class ConcurrencyManagementAnnotation extends Annotation {
* A `@javax.ejb.DependsOn` annotation.
*/
class DependsOnAnnotation extends Annotation {
DependsOnAnnotation() { this.getType().hasQualifiedName("javax.ejb", "DependsOn") }
DependsOnAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "DependsOn") }
}
/**
* A `@javax.ejb.EJB` annotation.
*/
class EjbAnnotation extends Annotation {
EjbAnnotation() { this.getType().hasQualifiedName("javax.ejb", "EJB") }
EjbAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "EJB") }
}
/**
* A `@javax.ejb.EJBs` annotation.
*/
class EJBsAnnotation extends Annotation {
EJBsAnnotation() { this.getType().hasQualifiedName("javax.ejb", "EJBs") }
EJBsAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "EJBs") }
}
/**
* A `@javax.ejb.LocalBean` annotation.
*/
class LocalBeanAnnotation extends Annotation {
LocalBeanAnnotation() { this.getType().hasQualifiedName("javax.ejb", "LocalBean") }
LocalBeanAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "LocalBean") }
}
/**
* A `@javax.ejb.Lock` annotation.
*/
class LockAnnotation extends Annotation {
LockAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Lock") }
LockAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Lock") }
}
/**
* A `@javax.ejb.MessageDriven` annotation.
*/
class MessageDrivenAnnotation extends Annotation {
MessageDrivenAnnotation() { this.getType().hasQualifiedName("javax.ejb", "MessageDriven") }
MessageDrivenAnnotation() {
this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "MessageDriven")
}
}
/**
* A `@javax.ejb.PostActivate` annotation.
*/
class PostActivateAnnotation extends Annotation {
PostActivateAnnotation() { this.getType().hasQualifiedName("javax.ejb", "PostActivate") }
PostActivateAnnotation() {
this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "PostActivate")
}
}
/**
* A `@javax.ejb.PrePassivate` annotation.
*/
class PrePassivateAnnotation extends Annotation {
PrePassivateAnnotation() { this.getType().hasQualifiedName("javax.ejb", "PrePassivate") }
PrePassivateAnnotation() {
this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "PrePassivate")
}
}
/**
* A `@javax.ejb.Remove` annotation.
*/
class RemoveAnnotation extends Annotation {
RemoveAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Remove") }
RemoveAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Remove") }
}
/**
* A `@javax.ejb.Schedule` annotation.
*/
class ScheduleAnnotation extends Annotation {
ScheduleAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Schedule") }
ScheduleAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Schedule") }
}
/**
* A `@javax.ejb.Schedules` annotation.
*/
class SchedulesAnnotation extends Annotation {
SchedulesAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Schedules") }
SchedulesAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Schedules") }
}
/**
* A `@javax.ejb.Singleton` annotation.
*/
class SingletonAnnotation extends Annotation {
SingletonAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Singleton") }
SingletonAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Singleton") }
}
/**
* A `@javax.ejb.Startup` annotation.
*/
class StartupAnnotation extends Annotation {
StartupAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Startup") }
StartupAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Startup") }
}
/**
* A `@javax.ejb.Stateful` annotation.
*/
class StatefulAnnotation extends Annotation {
StatefulAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Stateful") }
StatefulAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Stateful") }
}
/**
* A `@javax.ejb.StatefulTimeout` annotation.
*/
class StatefulTimeoutAnnotation extends Annotation {
StatefulTimeoutAnnotation() { this.getType().hasQualifiedName("javax.ejb", "StatefulTimeout") }
StatefulTimeoutAnnotation() {
this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "StatefulTimeout")
}
}
/**
* A `@javax.ejb.Stateless` annotation.
*/
class StatelessAnnotation extends Annotation {
StatelessAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Stateless") }
StatelessAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Stateless") }
}
/**
* A `@javax.ejb.Timeout` annotation.
*/
class TimeoutAnnotation extends Annotation {
TimeoutAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Timeout") }
TimeoutAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Timeout") }
}
/**
@@ -930,7 +950,7 @@ class TimeoutAnnotation extends Annotation {
*/
class TransactionAttributeAnnotation extends Annotation {
TransactionAttributeAnnotation() {
this.getType().hasQualifiedName("javax.ejb", "TransactionAttribute")
this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "TransactionAttribute")
}
}
@@ -939,7 +959,7 @@ class TransactionAttributeAnnotation extends Annotation {
*/
class TransactionManagementAnnotation extends Annotation {
TransactionManagementAnnotation() {
this.getType().hasQualifiedName("javax.ejb", "TransactionManagement")
this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "TransactionManagement")
}
}
@@ -951,7 +971,10 @@ class RequiredTransactionAttributeAnnotation extends TransactionAttributeAnnotat
RequiredTransactionAttributeAnnotation() {
exists(FieldRead fr |
this.getValue("value") = fr and
fr.getField().getType().(RefType).hasQualifiedName("javax.ejb", "TransactionAttributeType") and
fr.getField()
.getType()
.(RefType)
.hasQualifiedName(javaxOrJakarta() + ".ejb", "TransactionAttributeType") and
fr.getField().getName() = "REQUIRED"
)
}
@@ -965,7 +988,10 @@ class RequiresNewTransactionAttributeAnnotation extends TransactionAttributeAnno
RequiresNewTransactionAttributeAnnotation() {
exists(FieldRead fr |
this.getValue("value") = fr and
fr.getField().getType().(RefType).hasQualifiedName("javax.ejb", "TransactionAttributeType") and
fr.getField()
.getType()
.(RefType)
.hasQualifiedName(javaxOrJakarta() + ".ejb", "TransactionAttributeType") and
fr.getField().getName() = "REQUIRES_NEW"
)
}
@@ -999,7 +1025,9 @@ TransactionAttributeAnnotation getInnermostTransactionAttributeAnnotation(Method
*/
class SetRollbackOnlyMethod extends Method {
SetRollbackOnlyMethod() {
this.getDeclaringType().getAnAncestor().hasQualifiedName("javax.ejb", "EJBContext") and
this.getDeclaringType()
.getAnAncestor()
.hasQualifiedName(javaxOrJakarta() + ".ejb", "EJBContext") and
this.getName() = "setRollbackOnly" and
this.hasNoParameters()
}

4
java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJBRestrictions.qll
View File

@@ -159,8 +159,8 @@ class GraphicsPackage extends Package {
GraphicsPackage() {
this.getName() = "java.awt" or
this.getName().matches("java.awt.%") or
this.getName() = "javax.swing" or
this.getName().matches("javax.swing.%")
this.getName() = javaxOrJakarta() + ".swing" or
this.getName().matches(javaxOrJakarta() + ".swing.%")
}
}

Some files were not shown because too many files have changed in this diff Show More