hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-28 14:46:33 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' of https://github.com/github/codeql

Browse Source
This commit is contained in:
Sam Browning
2023-11-13 08:40:42 -05:00
parent 225c96ec9f dc4dda1dbc
commit ed9a0ea155
1664 changed files with 71523 additions and 28211 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cpp/ql/lib/change-notes/2023-11-08-strsafe-models.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Added models for the `sprintf` variants from the `StrSafe.h` header.

4
cpp/ql/lib/change-notes/2023-11-10-strlcpy-strlcat-models.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Added models for `strlcpy` and `strlcat`.

20
cpp/ql/lib/semmle/code/cpp/ir/dataflow/MustFlow.qll
View File

@@ -31,6 +31,11 @@ abstract class MustFlowConfiguration extends string {
*/
abstract predicate isSink(Operand sink);
/**
* Holds if data flow through `instr` is prohibited.
*/
predicate isBarrier(Instruction instr) { none() }
/**
* Holds if the additional flow step from `node1` to `node2` must be taken
* into account in the analysis.
@@ -48,18 +53,21 @@ abstract class MustFlowConfiguration extends string {
*/
final predicate hasFlowPath(MustFlowPathNode source, MustFlowPathSink sink) {
this.isSource(source.getInstruction()) and
source.getASuccessor+() = sink
source.getASuccessor*() = sink
}
}
/** Holds if `node` flows from a source. */
pragma[nomagic]
private predicate flowsFromSource(Instruction node, MustFlowConfiguration config) {
config.isSource(node)
or
exists(Instruction mid |
step(mid, node, config) and
flowsFromSource(mid, pragma[only_bind_into](config))
not config.isBarrier(node) and
(
config.isSource(node)
or
exists(Instruction mid |
step(mid, node, config) and
flowsFromSource(mid, pragma[only_bind_into](config))
)
)
}

40
cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll
View File

@@ -81,6 +81,14 @@ class Node0Impl extends TIRDataFlowNode0 {
/** Gets the operands corresponding to this node, if any. */
Operand asOperand() { result = this.(OperandNode0).getOperand() }
/** Gets the location of this node. */
final Location getLocation() { result = this.getLocationImpl() }
/** INTERNAL: Do not use. */
Location getLocationImpl() {
none() // overridden by subclasses
}
/** INTERNAL: Do not use. */
string toStringImpl() {
none() // overridden by subclasses
@@ -131,9 +139,15 @@ abstract class InstructionNode0 extends Node0Impl {
override DataFlowType getType() { result = getInstructionType(instr, _) }
override string toStringImpl() {
// This predicate is overridden in subclasses. This default implementation
// does not use `Instruction.toString` because that's expensive to compute.
result = instr.getOpcode().toString()
if instr.(InitializeParameterInstruction).getIRVariable() instanceof IRThisVariable
then result = "this"
else result = instr.getAst().toString()
}
override Location getLocationImpl() {
if exists(instr.getAst().getLocation())
then result = instr.getAst().getLocation()
else result instanceof UnknownDefaultLocation
}
final override predicate isGLValue() { exists(getInstructionType(instr, true)) }
@@ -173,7 +187,17 @@ abstract class OperandNode0 extends Node0Impl {
override DataFlowType getType() { result = getOperandType(op, _) }
override string toStringImpl() { result = op.toString() }
override string toStringImpl() {
if op.getDef().(InitializeParameterInstruction).getIRVariable() instanceof IRThisVariable
then result = "this"
else result = op.getDef().getAst().toString()
}
override Location getLocationImpl() {
if exists(op.getDef().getAst().getLocation())
then result = op.getDef().getAst().getLocation()
else result instanceof UnknownDefaultLocation
}
final override predicate isGLValue() { exists(getOperandType(op, true)) }
}
@@ -632,20 +656,20 @@ predicate jumpStep(Node n1, Node n2) {
v = globalUse.getVariable() and
n1.(FinalGlobalValue).getGlobalUse() = globalUse
|
globalUse.getIndirectionIndex() = 1 and
globalUse.getIndirection() = 1 and
v = n2.asVariable()
or
v = n2.asIndirectVariable(globalUse.getIndirectionIndex())
v = n2.asIndirectVariable(globalUse.getIndirection())
)
or
exists(Ssa::GlobalDef globalDef |
v = globalDef.getVariable() and
n2.(InitialGlobalValue).getGlobalDef() = globalDef
|
globalDef.getIndirectionIndex() = 1 and
globalDef.getIndirection() = 1 and
v = n1.asVariable()
or
v = n1.asIndirectVariable(globalDef.getIndirectionIndex())
v = n1.asIndirectVariable(globalDef.getIndirection())
)
)
}

28
cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll
View File

@@ -432,6 +432,10 @@ private class Node0 extends Node, TNode0 {
override Declaration getFunction() { result = node.getFunction() }
override Location getLocationImpl() { result = node.getLocation() }
override string toStringImpl() { result = node.toString() }
override DataFlowType getType() { result = node.getType() }
override predicate isGLValue() { node.isGLValue() }
@@ -448,18 +452,6 @@ class InstructionNode extends Node0 {
/** Gets the instruction corresponding to this node. */
Instruction getInstruction() { result = instr }
override Location getLocationImpl() {
if exists(instr.getAst().getLocation())
then result = instr.getAst().getLocation()
else result instanceof UnknownDefaultLocation
}
override string toStringImpl() {
if instr.(InitializeParameterInstruction).getIRVariable() instanceof IRThisVariable
then result = "this"
else result = instr.getAst().toString()
}
}
/**
@@ -473,18 +465,6 @@ class OperandNode extends Node, Node0 {
/** Gets the operand corresponding to this node. */
Operand getOperand() { result = op }
override Location getLocationImpl() {
if exists(op.getDef().getAst().getLocation())
then result = op.getDef().getAst().getLocation()
else result instanceof UnknownDefaultLocation
}
override string toStringImpl() {
if op.getDef().(InitializeParameterInstruction).getIRVariable() instanceof IRThisVariable
then result = "this"
else result = op.getDef().getAst().toString()
}
}
/**

52
cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll
View File

@@ -113,22 +113,12 @@ private newtype TDefOrUseImpl =
TGlobalUse(GlobalLikeVariable v, IRFunction f, int indirectionIndex) {
// Represents a final "use" of a global variable to ensure that
// the assignment to a global variable isn't ruled out as dead.
exists(VariableAddressInstruction vai, int defIndex |
vai.getEnclosingIRFunction() = f and
vai.getAstVariable() = v and
isDef(_, _, _, vai, _, defIndex) and
indirectionIndex = [0 .. defIndex] + 1
)
isGlobalUse(v, f, _, indirectionIndex)
} or
TGlobalDefImpl(GlobalLikeVariable v, IRFunction f, int indirectionIndex) {
// Represents the initial "definition" of a global variable when entering
// a function body.
exists(VariableAddressInstruction vai |
vai.getEnclosingIRFunction() = f and
vai.getAstVariable() = v and
isUse(_, _, vai, _, indirectionIndex) and
not isDef(_, _, vai.getAUse(), _, _, _)
)
isGlobalDefImpl(v, f, _, indirectionIndex)
} or
TIteratorDef(
Operand iteratorDerefAddress, BaseSourceVariableInstruction container, int indirectionIndex
@@ -150,6 +140,27 @@ private newtype TDefOrUseImpl =
)
}
private predicate isGlobalUse(
GlobalLikeVariable v, IRFunction f, int indirection, int indirectionIndex
) {
exists(VariableAddressInstruction vai |
vai.getEnclosingIRFunction() = f and
vai.getAstVariable() = v and
isDef(_, _, _, vai, indirection, indirectionIndex)
)
}
private predicate isGlobalDefImpl(
GlobalLikeVariable v, IRFunction f, int indirection, int indirectionIndex
) {
exists(VariableAddressInstruction vai |
vai.getEnclosingIRFunction() = f and
vai.getAstVariable() = v and
isUse(_, _, vai, indirection, indirectionIndex) and
not isDef(_, _, _, vai, _, indirectionIndex)
)
}
private predicate unspecifiedTypeIsModifiableAt(Type unspecified, int indirectionIndex) {
indirectionIndex = [1 .. getIndirectionForUnspecifiedType(unspecified).getNumberOfIndirections()] and
exists(CppType cppType |
@@ -438,7 +449,7 @@ class GlobalUse extends UseImpl, TGlobalUse {
override FinalGlobalValue getNode() { result.getGlobalUse() = this }
override int getIndirection() { result = ind + 1 }
override int getIndirection() { isGlobalUse(global, f, result, ind) }
/** Gets the global variable associated with this use. */
GlobalLikeVariable getVariable() { result = global }
@@ -460,7 +471,9 @@ class GlobalUse extends UseImpl, TGlobalUse {
)
}
override SourceVariable getSourceVariable() { sourceVariableIsGlobal(result, global, f, ind) }
override SourceVariable getSourceVariable() {
sourceVariableIsGlobal(result, global, f, this.getIndirection())
}
final override Cpp::Location getLocation() { result = f.getLocation() }
@@ -501,16 +514,18 @@ class GlobalDefImpl extends DefOrUseImpl, TGlobalDefImpl {
/** Gets the global variable associated with this definition. */
override SourceVariable getSourceVariable() {
sourceVariableIsGlobal(result, global, f, indirectionIndex)
sourceVariableIsGlobal(result, global, f, this.getIndirection())
}
int getIndirection() { result = indirectionIndex }
/**
* Gets the type of this use after specifiers have been deeply stripped
* and typedefs have been resolved.
*/
Type getUnspecifiedType() { result = global.getUnspecifiedType() }
override string toString() { result = "GlobalDef" }
override string toString() { result = "Def of " + this.getSourceVariable() }
override Location getLocation() { result = f.getLocation() }
@@ -980,7 +995,7 @@ class GlobalDef extends TGlobalDef, SsaDefOrUse {
final override Location getLocation() { result = global.getLocation() }
/** Gets a textual representation of this definition. */
override string toString() { result = "GlobalDef" }
override string toString() { result = global.toString() }
/**
* Holds if this definition has index `index` in block `block`, and
@@ -990,6 +1005,9 @@ class GlobalDef extends TGlobalDef, SsaDefOrUse {
global.hasIndexInBlock(block, index, sv)
}
/** Gets the indirection index of this definition. */
int getIndirection() { result = global.getIndirection() }
/** Gets the indirection index of this definition. */
int getIndirectionIndex() { result = global.getIndirectionIndex() }

9
cpp/ql/lib/semmle/code/cpp/models/implementations/Gets.qll
View File

@@ -49,10 +49,11 @@ private class FgetsFunction extends DataFlowFunction, TaintFunction, ArrayFuncti
}
override predicate hasRemoteFlowSource(FunctionOutput output, string description) {
output.isParameterDeref(0) and
description = "string read by " + this.getName()
or
output.isReturnValue() and
(
output.isParameterDeref(0) or
output.isReturnValue() or
output.isReturnValueDeref()
) and
description = "string read by " + this.getName()
}

2
cpp/ql/lib/semmle/code/cpp/models/implementations/Inet.qll
View File

@@ -157,7 +157,7 @@ private class Getaddrinfo extends TaintFunction, ArrayFunction, RemoteFlowSource
override predicate hasArrayWithNullTerminator(int bufParam) { bufParam in [0, 1] }
override predicate hasRemoteFlowSource(FunctionOutput output, string description) {
output.isParameterDeref(3) and
output.isParameterDeref(3, 2) and
description = "address returned by " + this.getName()
}
}

23
cpp/ql/lib/semmle/code/cpp/models/implementations/Printf.qll
View File

@@ -147,19 +147,32 @@ private class SnprintfImpl extends Snprintf {
/**
* The Microsoft `StringCchPrintf` function and variants.
* See: https://learn.microsoft.com/en-us/windows/win32/api/strsafe/
* and
* https://learn.microsoft.com/en-us/previous-versions/windows/embedded/ms860435(v=msdn.10)
*/
private class StringCchPrintf extends FormattingFunction {
StringCchPrintf() {
this instanceof TopLevelFunction and
this.hasGlobalName([
"StringCchPrintf", "StringCchPrintfEx", "StringCchPrintf_l", "StringCchPrintf_lEx",
"StringCbPrintf", "StringCbPrintfEx", "StringCbPrintf_l", "StringCbPrintf_lEx"
]) and
exists(string baseName |
baseName in [
"StringCchPrintf", //StringCchPrintf(pszDest, cchDest, pszFormat, ...)
"StringCchPrintfEx", //StringCchPrintfEx(pszDest,cchDest, ppszDestEnd, pcchRemaining, dwFlags, pszFormat, ...)
"StringCchPrintf_l", //StringCchPrintf_l(pszDest, cbDest, pszFormat, locale, ...)
"StringCchPrintf_lEx", //StringCchPrintf_lEx(pszDest, cchDest, ppszDestEnd, pcchRemaining, dwFlags, pszFormat, locale, ...)
"StringCbPrintf", //StringCbPrintf(pszDest, cbDest, pszFormat, ...)
"StringCbPrintfEx", //StringCbPrintfEx(pszDest, cbDest, ppszDestEnd, pcbRemaining, dwFlags, pszFormat, ...)
"StringCbPrintf_l", //StringCbPrintf_l(pszDest, cbDest, pszFormat, locale, ...)
"StringCbPrintf_lEx" //StringCbPrintf_lEx(pszDest, cbDest, ppszDestEnd, pcbRemaining, dwFlags, pszFormat, locale, ...)
]
|
this.hasGlobalName(baseName + ["", "A", "W"])
) and
not exists(this.getDefinition().getFile().getRelativePath())
}
override int getFormatParameterIndex() {
if this.getName().matches("%Ex") then result = 5 else result = 2
if this.getName().matches("%Ex" + ["", "A", "W"]) then result = 5 else result = 2
}
override int getOutputParameterIndex(boolean isStream) { result = 0 and isStream = false }

2
cpp/ql/lib/semmle/code/cpp/models/implementations/Send.qll
View File

@@ -58,7 +58,7 @@ private class Send extends AliasFunction, ArrayFunction, SideEffectFunction, Rem
override ParameterIndex getParameterSizeIndex(ParameterIndex i) { i = 1 and result = 2 }
override predicate hasRemoteFlowSink(FunctionInput input, string description) {
input.isParameterDeref(1) and description = "buffer sent by " + this.getName()
input.isParameterDeref(1, 1) and description = "buffer sent by " + this.getName()
}
override predicate hasSocketInput(FunctionInput input) { input.isParameter(0) }

63
cpp/ql/lib/semmle/code/cpp/models/implementations/Strcat.qll
View File

@@ -10,6 +10,8 @@ import semmle.code.cpp.models.interfaces.SideEffect
/**
* The standard function `strcat` and its wide, sized, and Microsoft variants.
*
* Does not include `strlcat`, which is covered by `StrlcatFunction`
*/
class StrcatFunction extends TaintFunction, DataFlowFunction, ArrayFunction, SideEffectFunction {
StrcatFunction() {
@@ -90,3 +92,64 @@ class StrcatFunction extends TaintFunction, DataFlowFunction, ArrayFunction, Sid
buffer = true
}
}
/**
* The `strlcat` function.
*/
class StrlcatFunction extends TaintFunction, ArrayFunction, SideEffectFunction {
StrlcatFunction() {
this.hasGlobalName("strlcat") // strlcat(dst, src, dst_size)
}
/**
* Gets the index of the parameter that is the size of the copy (in characters).
*/
int getParamSize() { result = 2 }
/**
* Gets the index of the parameter that is the source of the copy.
*/
int getParamSrc() { result = 1 }
/**
* Gets the index of the parameter that is the destination to be appended to.
*/
int getParamDest() { result = 0 }
override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) {
(
input.isParameter(2)
or
input.isParameterDeref(0)
or
input.isParameterDeref(1)
) and
output.isParameterDeref(0)
}
override predicate hasArrayInput(int param) {
param = 0 or
param = 1
}
override predicate hasArrayOutput(int param) { param = 0 }
override predicate hasArrayWithNullTerminator(int param) { param = 1 }
override predicate hasArrayWithUnknownSize(int param) { param = 0 }
override predicate hasOnlySpecificReadSideEffects() { any() }
override predicate hasOnlySpecificWriteSideEffects() { any() }
override predicate hasSpecificWriteSideEffect(ParameterIndex i, boolean buffer, boolean mustWrite) {
i = 0 and
buffer = true and
mustWrite = false
}
override predicate hasSpecificReadSideEffect(ParameterIndex i, boolean buffer) {
(i = 0 or i = 1) and
buffer = true
}
}

16
cpp/ql/lib/semmle/code/cpp/models/implementations/Strcpy.qll
View File

@@ -32,7 +32,8 @@ class StrcpyFunction extends ArrayFunction, DataFlowFunction, TaintFunction, Sid
"wcsxfrm_l", // _strxfrm_l(dest, src, max_amount, locale)
"_mbsnbcpy", // _mbsnbcpy(dest, src, max_amount)
"stpcpy", // stpcpy(dest, src)
"stpncpy" // stpcpy(dest, src, max_amount)
"stpncpy", // stpncpy(dest, src, max_amount)
"strlcpy" // strlcpy(dst, src, dst_size)
])
or
(
@@ -53,6 +54,11 @@ class StrcpyFunction extends ArrayFunction, DataFlowFunction, TaintFunction, Sid
*/
private predicate isSVariant() { this.getName().matches("%\\_s") }
/**
* Holds if the function returns the total length the string would have had if the size was unlimited.
*/
private predicate returnsTotalLength() { this.getName() = "strlcpy" }
/**
* Gets the index of the parameter that is the maximum size of the copy (in characters).
*/
@@ -60,7 +66,7 @@ class StrcpyFunction extends ArrayFunction, DataFlowFunction, TaintFunction, Sid
if this.isSVariant()
then result = 1
else (
this.getName().matches(["%ncpy%", "%nbcpy%", "%xfrm%"]) and
this.getName().matches(["%ncpy%", "%nbcpy%", "%xfrm%", "strlcpy"]) and
result = 2
)
}
@@ -100,6 +106,7 @@ class StrcpyFunction extends ArrayFunction, DataFlowFunction, TaintFunction, Sid
input.isParameterDeref(this.getParamSrc()) and
output.isReturnValueDeref()
or
not this.returnsTotalLength() and
input.isParameter(this.getParamDest()) and
output.isReturnValue()
}
@@ -110,8 +117,9 @@ class StrcpyFunction extends ArrayFunction, DataFlowFunction, TaintFunction, Sid
exists(this.getParamSize()) and
input.isParameterDeref(this.getParamSrc()) and
(
output.isParameterDeref(this.getParamDest()) or
output.isReturnValueDeref()
output.isParameterDeref(this.getParamDest())
or
not this.returnsTotalLength() and output.isReturnValueDeref()
)
}

24
cpp/ql/lib/semmle/code/cpp/models/interfaces/FunctionInputsAndOutputs.qll
View File

@@ -8,7 +8,7 @@ import semmle.code.cpp.Parameter
private newtype TFunctionInput =
TInParameter(ParameterIndex i) or
TInParameterDeref(ParameterIndex i) or
TInParameterDeref(ParameterIndex i, int indirectionIndex) { indirectionIndex = [1, 2] } or
TInQualifierObject() or
TInQualifierAddress() or
TInReturnValueDeref()
@@ -245,15 +245,18 @@ class InParameter extends FunctionInput, TInParameter {
*/
class InParameterDeref extends FunctionInput, TInParameterDeref {
ParameterIndex index;
int indirectionIndex;
InParameterDeref() { this = TInParameterDeref(index) }
InParameterDeref() { this = TInParameterDeref(index, indirectionIndex) }
override string toString() { result = "InParameterDeref " + index.toString() }
/** Gets the zero-based index of the parameter. */
ParameterIndex getIndex() { result = index }
override predicate isParameterDeref(ParameterIndex i) { i = index }
override predicate isParameterDeref(ParameterIndex i, int indirection) {
i = index and indirectionIndex = indirection
}
}
/**
@@ -321,10 +324,10 @@ class InReturnValueDeref extends FunctionInput, TInReturnValueDeref {
}
private newtype TFunctionOutput =
TOutParameterDeref(ParameterIndex i) or
TOutParameterDeref(ParameterIndex i, int indirectionIndex) { indirectionIndex = [1, 2] } or
TOutQualifierObject() or
TOutReturnValue() or
TOutReturnValueDeref()
TOutReturnValueDeref(int indirections) { indirections = [1, 2] }
/**
* An output from a function. This can be:
@@ -498,17 +501,16 @@ class FunctionOutput extends TFunctionOutput {
*/
class OutParameterDeref extends FunctionOutput, TOutParameterDeref {
ParameterIndex index;
int indirectionIndex;
OutParameterDeref() { this = TOutParameterDeref(index) }
OutParameterDeref() { this = TOutParameterDeref(index, indirectionIndex) }
override string toString() { result = "OutParameterDeref " + index.toString() }
ParameterIndex getIndex() { result = index }
override predicate isParameterDeref(ParameterIndex i) { i = index }
override predicate isParameterDeref(ParameterIndex i, int ind) {
this.isParameterDeref(i) and ind = 1
i = index and ind = indirectionIndex
}
}
@@ -572,4 +574,8 @@ class OutReturnValueDeref extends FunctionOutput, TOutReturnValueDeref {
override string toString() { result = "OutReturnValueDeref" }
override predicate isReturnValueDeref() { any() }
override predicate isReturnValueDeref(int indirectionIndex) {
this = TOutReturnValueDeref(indirectionIndex)
}
}

8
cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/RangeAnalysis.qll
View File

@@ -17,9 +17,7 @@ private import semmle.code.cpp.valuenumbering.GlobalValueNumbering
* `upper` is true, and can be traced back to a guard represented by `reason`.
*/
predicate bounded(Expr e, Bound b, float delta, boolean upper, Reason reason) {
exists(SemanticExprConfig::Expr semExpr |
semExpr.getUnconverted().getUnconvertedResultExpression() = e
|
exists(SemanticExprConfig::Expr semExpr | semExpr.getUnconvertedResultExpression() = e |
semBounded(semExpr, b, delta, upper, reason)
)
}
@@ -30,9 +28,7 @@ predicate bounded(Expr e, Bound b, float delta, boolean upper, Reason reason) {
* The `Expr` may be a conversion.
*/
predicate convertedBounded(Expr e, Bound b, float delta, boolean upper, Reason reason) {
exists(SemanticExprConfig::Expr semExpr |
semExpr.getConverted().getConvertedResultExpression() = e
|
exists(SemanticExprConfig::Expr semExpr | semExpr.getConvertedResultExpression() = e |
semBounded(semExpr, b, delta, upper, reason)
)
}

4
cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/SimpleRangeAnalysis.qll
View File

@@ -100,7 +100,7 @@ predicate exprMightOverflowNegatively(Expr expr) {
lowerBound(expr) < exprMinVal(expr)
or
exists(SemanticExprConfig::Expr semExpr |
semExpr.getUnconverted().getAst() = expr and
semExpr.getAst() = expr and
ConstantStage::potentiallyOverflowingExpr(false, semExpr) and
not ConstantStage::initialBounded(semExpr, _, _, false, _, _, _)
)
@@ -126,7 +126,7 @@ predicate exprMightOverflowPositively(Expr expr) {
upperBound(expr) > exprMaxVal(expr)
or
exists(SemanticExprConfig::Expr semExpr |
semExpr.getUnconverted().getAst() = expr and
semExpr.getAst() = expr and
ConstantStage::potentiallyOverflowingExpr(true, semExpr) and
not ConstantStage::initialBounded(semExpr, _, _, true, _, _, _)
)

3
cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/SemanticCFG.qll
View File

@@ -12,9 +12,6 @@ class SemBasicBlock extends Specific::BasicBlock {
/** Holds if this block (transitively) dominates `otherblock`. */
final predicate bbDominates(SemBasicBlock otherBlock) { Specific::bbDominates(this, otherBlock) }
/** Holds if this block has dominance information. */
final predicate hasDominanceInformation() { Specific::hasDominanceInformation(this) }
/** Gets an expression that is evaluated in this basic block. */
final SemExpr getAnExpr() { result.getBasicBlock() = this }

16
cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/SemanticExpr.qll
View File

@@ -4,6 +4,7 @@
private import Semantic
private import SemanticExprSpecific::SemanticExprConfig as Specific
private import SemanticType
/**
* An language-neutral expression.
@@ -241,8 +242,21 @@ class SemConvertExpr extends SemUnaryExpr {
SemConvertExpr() { opcode instanceof Opcode::Convert }
}
private import semmle.code.cpp.ir.IR as IR
/** A conversion instruction which is guaranteed to not overflow. */
private class SafeConversion extends IR::ConvertInstruction {
SafeConversion() {
exists(SemType tFrom, SemType tTo |
tFrom = getSemanticType(super.getUnary().getResultIRType()) and
tTo = getSemanticType(super.getResultIRType()) and
conversionCannotOverflow(tFrom, tTo)
)
}
}
class SemCopyValueExpr extends SemUnaryExpr {
SemCopyValueExpr() { opcode instanceof Opcode::CopyValue }
SemCopyValueExpr() { opcode instanceof Opcode::CopyValue or this instanceof SafeConversion }
}
class SemNegateExpr extends SemUnaryExpr {

213
cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/SemanticExprSpecific.qll
View File

@@ -12,87 +12,10 @@ private import semmle.code.cpp.ir.ValueNumbering
module SemanticExprConfig {
class Location = Cpp::Location;
/** A `ConvertInstruction` or a `CopyValueInstruction`. */
private class Conversion extends IR::UnaryInstruction {
Conversion() {
this instanceof IR::CopyValueInstruction
or
this instanceof IR::ConvertInstruction
}
/** Holds if this instruction converts a value of type `tFrom` to a value of type `tTo`. */
predicate converts(SemType tFrom, SemType tTo) {
tFrom = getSemanticType(this.getUnary().getResultIRType()) and
tTo = getSemanticType(this.getResultIRType())
}
}
/**
* Gets a conversion-like instruction that consumes `op`, and
* which is guaranteed to not overflow.
*/
private IR::Instruction safeConversion(IR::Operand op) {
exists(Conversion conv, SemType tFrom, SemType tTo |
conv.converts(tFrom, tTo) and
conversionCannotOverflow(tFrom, tTo) and
conv.getUnaryOperand() = op and
result = conv
)
}
/** Holds if `i1 = i2` or if `i2` is a safe conversion that consumes `i1`. */
private predicate idOrSafeConversion(IR::Instruction i1, IR::Instruction i2) {
not i1.getResultIRType() instanceof IR::IRVoidType and
(
i1 = i2
or
i2 = safeConversion(i1.getAUse()) and
i1.getBlock() = i2.getBlock()
)
}
module Equiv = QlBuiltins::EquivalenceRelation<IR::Instruction, idOrSafeConversion/2>;
/**
* The expressions on which we perform range analysis.
*/
class Expr extends Equiv::EquivalenceClass {
/** Gets the n'th instruction in this equivalence class. */
private IR::Instruction getInstruction(int n) {
result =
rank[n + 1](IR::Instruction instr, int i, IR::IRBlock block |
this = Equiv::getEquivalenceClass(instr) and block.getInstruction(i) = instr
|
instr order by i
)
}
/** Gets a textual representation of this element. */
string toString() { result = this.getUnconverted().toString() }
/** Gets the basic block of this expression. */
IR::IRBlock getBlock() { result = this.getUnconverted().getBlock() }
/** Gets the unconverted instruction associated with this expression. */
IR::Instruction getUnconverted() { result = this.getInstruction(0) }
/**
* Gets the final instruction associated with this expression. This
* represents the result after applying all the safe conversions.
*/
IR::Instruction getConverted() {
exists(int n |
result = this.getInstruction(n) and
not exists(this.getInstruction(n + 1))
)
}
/** Gets the type of the result produced by this instruction. */
IR::IRType getResultIRType() { result = this.getConverted().getResultIRType() }
/** Gets the location of the source code for this expression. */
Location getLocation() { result = this.getUnconverted().getLocation() }
}
class Expr = IR::Instruction;
SemBasicBlock getExprBasicBlock(Expr e) { result = getSemanticBasicBlock(e.getBlock()) }
@@ -139,12 +62,12 @@ module SemanticExprConfig {
predicate stringLiteral(Expr expr, SemType type, string value) {
anyConstantExpr(expr, type, value) and
expr.getUnconverted() instanceof IR::StringConstantInstruction
expr instanceof IR::StringConstantInstruction
}
predicate binaryExpr(Expr expr, Opcode opcode, SemType type, Expr leftOperand, Expr rightOperand) {
exists(IR::BinaryInstruction instr |
instr = expr.getUnconverted() and
instr = expr and
type = getSemanticType(instr.getResultIRType()) and
leftOperand = getSemanticExpr(instr.getLeft()) and
rightOperand = getSemanticExpr(instr.getRight()) and
@@ -154,14 +77,14 @@ module SemanticExprConfig {
}
predicate unaryExpr(Expr expr, Opcode opcode, SemType type, Expr operand) {
exists(IR::UnaryInstruction instr | instr = expr.getUnconverted() |
exists(IR::UnaryInstruction instr | instr = expr |
type = getSemanticType(instr.getResultIRType()) and
operand = getSemanticExpr(instr.getUnary()) and
// REVIEW: Merge the two operand types.
opcode.toString() = instr.getOpcode().toString()
)
or
exists(IR::StoreInstruction instr | instr = expr.getUnconverted() |
exists(IR::StoreInstruction instr | instr = expr |
type = getSemanticType(instr.getResultIRType()) and
operand = getSemanticExpr(instr.getSourceValue()) and
opcode instanceof Opcode::Store
@@ -170,13 +93,13 @@ module SemanticExprConfig {
predicate nullaryExpr(Expr expr, Opcode opcode, SemType type) {
exists(IR::LoadInstruction load |
load = expr.getUnconverted() and
load = expr and
type = getSemanticType(load.getResultIRType()) and
opcode instanceof Opcode::Load
)
or
exists(IR::InitializeParameterInstruction init |
init = expr.getUnconverted() and
init = expr and
type = getSemanticType(init.getResultIRType()) and
opcode instanceof Opcode::InitializeParameter
)
@@ -199,8 +122,6 @@ module SemanticExprConfig {
dominator.dominates(dominated)
}
predicate hasDominanceInformation(BasicBlock block) { any() }
private predicate id(Cpp::Locatable x, Cpp::Locatable y) { x = y }
private predicate idOf(Cpp::Locatable x, int y) = equivalenceRelation(id/2)(x, y)
@@ -209,17 +130,7 @@ module SemanticExprConfig {
newtype TSsaVariable =
TSsaInstruction(IR::Instruction instr) { instr.hasMemoryResult() } or
TSsaOperand(IR::Operand op) { op.isDefinitionInexact() } or
TSsaPointerArithmeticGuard(ValueNumber instr) {
exists(Guard g, IR::Operand use |
use = instr.getAUse() and use.getIRType() instanceof IR::IRAddressType
|
g.comparesLt(use, _, _, _, _) or
g.comparesLt(_, use, _, _, _) or
g.comparesEq(use, _, _, _, _) or
g.comparesEq(_, use, _, _, _)
)
}
TSsaOperand(IR::PhiInputOperand op) { op.isDefinitionInexact() }
class SsaVariable extends TSsaVariable {
string toString() { none() }
@@ -228,9 +139,7 @@ module SemanticExprConfig {
IR::Instruction asInstruction() { none() }
ValueNumber asPointerArithGuard() { none() }
IR::Operand asOperand() { none() }
IR::PhiInputOperand asOperand() { none() }
}
class SsaInstructionVariable extends SsaVariable, TSsaInstruction {
@@ -245,20 +154,8 @@ module SemanticExprConfig {
final override IR::Instruction asInstruction() { result = instr }
}
class SsaPointerArithmeticGuard extends SsaVariable, TSsaPointerArithmeticGuard {
ValueNumber vn;
SsaPointerArithmeticGuard() { this = TSsaPointerArithmeticGuard(vn) }
final override string toString() { result = vn.toString() }
final override Location getLocation() { result = vn.getLocation() }
final override ValueNumber asPointerArithGuard() { result = vn }
}
class SsaOperand extends SsaVariable, TSsaOperand {
IR::Operand op;
IR::PhiInputOperand op;
SsaOperand() { this = TSsaOperand(op) }
@@ -266,7 +163,7 @@ module SemanticExprConfig {
final override Location getLocation() { result = op.getLocation() }
final override IR::Operand asOperand() { result = op }
final override IR::PhiInputOperand asOperand() { result = op }
}
predicate explicitUpdate(SsaVariable v, Expr sourceExpr) {
@@ -289,97 +186,29 @@ module SemanticExprConfig {
)
}
Expr getAUse(SsaVariable v) {
result.getUnconverted().(IR::LoadInstruction).getSourceValue() = v.asInstruction()
or
result.getUnconverted() = v.asPointerArithGuard().getAnInstruction()
}
Expr getAUse(SsaVariable v) { result.(IR::LoadInstruction).getSourceValue() = v.asInstruction() }
SemType getSsaVariableType(SsaVariable v) {
result = getSemanticType(v.asInstruction().getResultIRType())
or
result = getSemanticType(v.asOperand().getUse().getResultIRType())
}
BasicBlock getSsaVariableBasicBlock(SsaVariable v) {
result = v.asInstruction().getBlock()
or
result = v.asOperand().getUse().getBlock()
result = v.asOperand().getAnyDef().getBlock()
}
private newtype TReadPosition =
TReadPositionBlock(IR::IRBlock block) or
TReadPositionPhiInputEdge(IR::IRBlock pred, IR::IRBlock succ) {
exists(IR::PhiInputOperand input |
pred = input.getPredecessorBlock() and
succ = input.getUse().getBlock()
)
}
class SsaReadPosition extends TReadPosition {
string toString() { none() }
Location getLocation() { none() }
predicate hasRead(SsaVariable v) { none() }
}
private class SsaReadPositionBlock extends SsaReadPosition, TReadPositionBlock {
IR::IRBlock block;
SsaReadPositionBlock() { this = TReadPositionBlock(block) }
final override string toString() { result = block.toString() }
final override Location getLocation() { result = block.getLocation() }
final override predicate hasRead(SsaVariable v) {
exists(IR::Operand operand |
operand.getDef() = v.asInstruction() or
operand.getDef() = v.asPointerArithGuard().getAnInstruction()
|
not operand instanceof IR::PhiInputOperand and
operand.getUse().getBlock() = block
)
}
}
private class SsaReadPositionPhiInputEdge extends SsaReadPosition, TReadPositionPhiInputEdge {
IR::IRBlock pred;
IR::IRBlock succ;
SsaReadPositionPhiInputEdge() { this = TReadPositionPhiInputEdge(pred, succ) }
final override string toString() { result = pred.toString() + "->" + succ.toString() }
final override Location getLocation() { result = succ.getLocation() }
final override predicate hasRead(SsaVariable v) {
exists(IR::PhiInputOperand operand |
operand.getDef() = v.asInstruction() or
operand.getDef() = v.asPointerArithGuard().getAnInstruction()
|
operand.getPredecessorBlock() = pred and
operand.getUse().getBlock() = succ
)
}
}
predicate hasReadOfSsaVariable(SsaReadPosition pos, SsaVariable v) { pos.hasRead(v) }
predicate readBlock(SsaReadPosition pos, BasicBlock block) { pos = TReadPositionBlock(block) }
predicate phiInputEdge(SsaReadPosition pos, BasicBlock origBlock, BasicBlock phiBlock) {
pos = TReadPositionPhiInputEdge(origBlock, phiBlock)
}
predicate phiInput(SsaReadPosition pos, SsaVariable phi, SsaVariable input) {
/** Holds if `inp` is an input to the phi node along the edge originating in `bb`. */
predicate phiInputFromBlock(SsaVariable phi, SsaVariable inp, BasicBlock bb) {
exists(IR::PhiInputOperand operand |
pos = TReadPositionPhiInputEdge(operand.getPredecessorBlock(), operand.getUse().getBlock())
|
bb = operand.getPredecessorBlock() and
phi.asInstruction() = operand.getUse() and
(
input.asInstruction() = operand.getDef()
inp.asInstruction() = operand.getDef()
or
input.asOperand() = operand
inp.asOperand() = operand
)
)
}
@@ -433,7 +262,7 @@ module SemanticExprConfig {
}
/** Gets the expression associated with `instr`. */
SemExpr getSemanticExpr(IR::Instruction instr) { result = Equiv::getEquivalenceClass(instr) }
SemExpr getSemanticExpr(IR::Instruction instr) { result = instr }
}
predicate getSemanticExpr = SemanticExprConfig::getSemanticExpr/1;

28
cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/SemanticGuard.qll
View File

@@ -35,32 +35,4 @@ predicate semImplies_v2(SemGuard g1, boolean b1, SemGuard g2, boolean b2) {
Specific::implies_v2(g1, b1, g2, b2)
}
/**
* Holds if `guard` directly controls the position `controlled` with the
* value `testIsTrue`.
*/
pragma[nomagic]
predicate semGuardDirectlyControlsSsaRead(
SemGuard guard, SemSsaReadPosition controlled, boolean testIsTrue
) {
guard.directlyControls(controlled.(SemSsaReadPositionBlock).getBlock(), testIsTrue)
or
exists(SemSsaReadPositionPhiInputEdge controlledEdge | controlledEdge = controlled |
guard.directlyControls(controlledEdge.getOrigBlock(), testIsTrue) or
guard.hasBranchEdge(controlledEdge.getOrigBlock(), controlledEdge.getPhiBlock(), testIsTrue)
)
}
/**
* Holds if `guard` controls the position `controlled` with the value `testIsTrue`.
*/
predicate semGuardControlsSsaRead(SemGuard guard, SemSsaReadPosition controlled, boolean testIsTrue) {
semGuardDirectlyControlsSsaRead(guard, controlled, testIsTrue)
or
exists(SemGuard guard0, boolean testIsTrue0 |
semImplies_v2(guard0, testIsTrue0, guard, testIsTrue) and
semGuardControlsSsaRead(guard0, controlled, testIsTrue0)
)
}
SemGuard semGetComparisonGuard(SemRelationalExpr e) { result = Specific::comparisonGuard(e) }

70
cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/SemanticSSA.qll
View File

@@ -22,8 +22,6 @@ class SemSsaExplicitUpdate extends SemSsaVariable {
SemSsaExplicitUpdate() { Specific::explicitUpdate(this, sourceExpr) }
final SemExpr getSourceExpr() { result = sourceExpr }
final SemExpr getDefiningExpr() { result = sourceExpr }
}
@@ -31,68 +29,8 @@ class SemSsaPhiNode extends SemSsaVariable {
SemSsaPhiNode() { Specific::phi(this) }
final SemSsaVariable getAPhiInput() { result = Specific::getAPhiInput(this) }
}
class SemSsaReadPosition instanceof Specific::SsaReadPosition {
final string toString() { result = super.toString() }
final Specific::Location getLocation() { result = super.getLocation() }
final predicate hasReadOfVar(SemSsaVariable var) { Specific::hasReadOfSsaVariable(this, var) }
}
class SemSsaReadPositionPhiInputEdge extends SemSsaReadPosition {
SemBasicBlock origBlock;
SemBasicBlock phiBlock;
SemSsaReadPositionPhiInputEdge() { Specific::phiInputEdge(this, origBlock, phiBlock) }
predicate phiInput(SemSsaPhiNode phi, SemSsaVariable inp) { Specific::phiInput(this, phi, inp) }
SemBasicBlock getOrigBlock() { result = origBlock }
SemBasicBlock getPhiBlock() { result = phiBlock }
}
class SemSsaReadPositionBlock extends SemSsaReadPosition {
SemBasicBlock block;
SemSsaReadPositionBlock() { Specific::readBlock(this, block) }
SemBasicBlock getBlock() { result = block }
SemExpr getAnExpr() { result = this.getBlock().getAnExpr() }
}
/**
* Holds if `inp` is an input to `phi` along a back edge.
*/
predicate semBackEdge(SemSsaPhiNode phi, SemSsaVariable inp, SemSsaReadPositionPhiInputEdge edge) {
edge.phiInput(phi, inp) and
// Conservatively assume that every edge is a back edge if we don't have dominance information.
(
phi.getBasicBlock().bbDominates(edge.getOrigBlock()) or
irreducibleSccEdge(edge.getOrigBlock(), phi.getBasicBlock()) or
not edge.getOrigBlock().hasDominanceInformation()
)
}
/**
* Holds if the edge from b1 to b2 is part of a multiple-entry cycle in an irreducible control flow
* graph.
*
* An ireducible control flow graph is one where the usual dominance-based back edge detection does
* not work, because there is a cycle with multiple entry points, meaning there are
* mutually-reachable basic blocks where neither dominates the other. For such a graph, we first
* remove all detectable back-edges using the normal condition that the predecessor block is
* dominated by the successor block, then mark all edges in a cycle in the resulting graph as back
* edges.
*/
private predicate irreducibleSccEdge(SemBasicBlock b1, SemBasicBlock b2) {
trimmedEdge(b1, b2) and trimmedEdge+(b2, b1)
}
private predicate trimmedEdge(SemBasicBlock pred, SemBasicBlock succ) {
pred.getASuccessor() = succ and
not succ.bbDominates(pred)
final predicate hasInputFromBlock(SemSsaVariable inp, SemBasicBlock bb) {
Specific::phiInputFromBlock(this, inp, bb)
}
}

2
cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/analysis/ConstantAnalysis.qll
View File

@@ -14,7 +14,7 @@ private predicate constantIntegerExpr(SemExpr e, int val) {
// Copy of another constant
exists(SemSsaExplicitUpdate v, SemExpr src |
e = v.getAUse() and
src = v.getSourceExpr() and
src = v.getDefiningExpr() and
constantIntegerExpr(src, val)
)
or

27
cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/analysis/RangeAnalysisConstantSpecific.qll
View File

@@ -22,30 +22,7 @@ module CppLangImplConstant implements LangSig<Sem, FloatDelta> {
predicate hasConstantBound(SemExpr e, float bound, boolean upper) { none() }
/**
* Holds if `e >= bound + delta` (if `upper = false`) or `e <= bound + delta` (if `upper = true`).
* Holds if `e2 >= e1 + delta` (if `upper = false`) or `e2 <= e1 + delta` (if `upper = true`).
*/
predicate hasBound(SemExpr e, SemExpr bound, float delta, boolean upper) { none() }
/**
* Holds if the value of `dest` is known to be `src + delta`.
*/
predicate additionalValueFlowStep(SemExpr dest, SemExpr src, float delta) { none() }
/**
* Gets the type that range analysis should use to track the result of the specified expression,
* if a type other than the original type of the expression is to be used.
*
* This predicate is commonly used in languages that support immutable "boxed" types that are
* actually references but whose values can be tracked as the type contained in the box.
*/
SemType getAlternateType(SemExpr e) { none() }
/**
* Gets the type that range analysis should use to track the result of the specified source
* variable, if a type other than the original type of the expression is to be used.
*
* This predicate is commonly used in languages that support immutable "boxed" types that are
* actually references but whose values can be tracked as the type contained in the box.
*/
SemType getAlternateTypeForSsaVariable(SemSsaVariable var) { none() }
predicate additionalBoundFlowStep(SemExpr e2, SemExpr e1, float delta, boolean upper) { none() }
}

31
cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/analysis/RangeAnalysisImpl.qll
View File

@@ -1,7 +1,6 @@
private import RangeAnalysisConstantSpecific
private import RangeAnalysisRelativeSpecific
private import semmle.code.cpp.rangeanalysis.new.internal.semantic.analysis.FloatDelta
private import RangeUtils
private import semmle.code.cpp.rangeanalysis.new.internal.semantic.SemanticExpr
private import semmle.code.cpp.rangeanalysis.new.internal.semantic.SemanticCFG
private import semmle.code.cpp.rangeanalysis.new.internal.semantic.SemanticGuard
@@ -72,14 +71,14 @@ module Sem implements Semantic {
class BasicBlock = SemBasicBlock;
BasicBlock getABasicBlockSuccessor(BasicBlock bb) { result = bb.getASuccessor() }
int getBlockId1(BasicBlock bb) { result = bb.getUniqueId() }
class Guard = SemGuard;
predicate implies_v2 = semImplies_v2/4;
predicate guardDirectlyControlsSsaRead = semGuardDirectlyControlsSsaRead/3;
predicate guardControlsSsaRead = semGuardControlsSsaRead/3;
class Type = SemType;
class IntegerType = SemIntegerType;
@@ -88,19 +87,17 @@ module Sem implements Semantic {
class AddressType = SemAddressType;
SemType getExprType(SemExpr e) { result = e.getSemType() }
SemType getSsaType(SemSsaVariable var) { result = var.getType() }
class SsaVariable = SemSsaVariable;
class SsaPhiNode = SemSsaPhiNode;
class SsaExplicitUpdate = SemSsaExplicitUpdate;
class SsaReadPosition = SemSsaReadPosition;
class SsaReadPositionPhiInputEdge = SemSsaReadPositionPhiInputEdge;
class SsaReadPositionBlock = SemSsaReadPositionBlock;
predicate backEdge = semBackEdge/3;
predicate additionalValueFlowStep(SemExpr dest, SemExpr src, int delta) { none() }
predicate conversionCannotOverflow(Type fromType, Type toType) {
SemanticType::conversionCannotOverflow(fromType, toType)
@@ -109,7 +106,7 @@ module Sem implements Semantic {
module SignAnalysis implements SignAnalysisSig<Sem> {
private import SignAnalysisCommon as SA
import SA::SignAnalysis<FloatDelta, Util>
import SA::SignAnalysis<FloatDelta>
}
module ConstantBounds implements BoundSig<SemLocation, Sem, FloatDelta> {
@@ -172,18 +169,16 @@ private module ModulusAnalysisInstantiated implements ModulusAnalysisSig<Sem> {
class ModBound = AllBounds::SemBound;
private import codeql.rangeanalysis.ModulusAnalysis as MA
import MA::ModulusAnalysis<SemLocation, Sem, FloatDelta, AllBounds, Util>
import MA::ModulusAnalysis<SemLocation, Sem, FloatDelta, AllBounds>
}
module Util = RangeUtil<FloatDelta, CppLangImplConstant>;
module ConstantStage =
RangeStage<SemLocation, Sem, FloatDelta, ConstantBounds, FloatOverflow, CppLangImplConstant,
SignAnalysis, ModulusAnalysisInstantiated, Util>;
SignAnalysis, ModulusAnalysisInstantiated>;
module RelativeStage =
RangeStage<SemLocation, Sem, FloatDelta, RelativeBounds, FloatOverflow, CppLangImplRelative,
SignAnalysis, ModulusAnalysisInstantiated, Util>;
SignAnalysis, ModulusAnalysisInstantiated>;
private newtype TSemReason =
TSemNoReason() or

27
cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/analysis/RangeAnalysisRelativeSpecific.qll
View File

@@ -54,30 +54,7 @@ module CppLangImplRelative implements LangSig<Sem, FloatDelta> {
predicate hasConstantBound(SemExpr e, float bound, boolean upper) { none() }
/**
* Holds if `e >= bound + delta` (if `upper = false`) or `e <= bound + delta` (if `upper = true`).
* Holds if `e2 >= e1 + delta` (if `upper = false`) or `e2 <= e1 + delta` (if `upper = true`).
*/
predicate hasBound(SemExpr e, SemExpr bound, float delta, boolean upper) { none() }
/**
* Holds if the value of `dest` is known to be `src + delta`.
*/
predicate additionalValueFlowStep(SemExpr dest, SemExpr src, float delta) { none() }
/**
* Gets the type that range analysis should use to track the result of the specified expression,
* if a type other than the original type of the expression is to be used.
*
* This predicate is commonly used in languages that support immutable "boxed" types that are
* actually references but whose values can be tracked as the type contained in the box.
*/
SemType getAlternateType(SemExpr e) { none() }
/**
* Gets the type that range analysis should use to track the result of the specified source
* variable, if a type other than the original type of the expression is to be used.
*
* This predicate is commonly used in languages that support immutable "boxed" types that are
* actually references but whose values can be tracked as the type contained in the box.
*/
SemType getAlternateTypeForSsaVariable(SemSsaVariable var) { none() }
predicate additionalBoundFlowStep(SemExpr e2, SemExpr e1, float delta, boolean upper) { none() }
}

165
cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/analysis/RangeUtils.qll
View File

@@ -1,165 +0,0 @@
/**
* Provides utility predicates for range analysis.
*/
private import semmle.code.cpp.rangeanalysis.new.internal.semantic.Semantic
private import RangeAnalysisRelativeSpecific
private import codeql.rangeanalysis.RangeAnalysis
private import RangeAnalysisImpl
private import ConstantAnalysis
module RangeUtil<DeltaSig D, LangSig<Sem, D> Lang> implements UtilSig<Sem, D> {
/**
* Gets an expression that equals `v - d`.
*/
private SemExpr semSsaRead(SemSsaVariable v, D::Delta delta) {
// There are various language-specific extension points that can be removed once we no longer
// expect to match the original Java implementation's results exactly.
result = v.getAUse() and delta = D::fromInt(0)
or
exists(D::Delta d1, SemConstantIntegerExpr c |
result.(SemAddExpr).hasOperands(semSsaRead(v, d1), c) and
delta = D::fromFloat(D::toFloat(d1) - c.getIntValue())
)
or
exists(SemSubExpr sub, D::Delta d1, SemConstantIntegerExpr c |
result = sub and
sub.getLeftOperand() = semSsaRead(v, d1) and
sub.getRightOperand() = c and
delta = D::fromFloat(D::toFloat(d1) + c.getIntValue())
)
or
result = v.(SemSsaExplicitUpdate).getSourceExpr() and
delta = D::fromFloat(0)
or
result.(SemCopyValueExpr).getOperand() = semSsaRead(v, delta)
or
result.(SemStoreExpr).getOperand() = semSsaRead(v, delta)
}
/**
* Gets a condition that tests whether `v` equals `e + delta`.
*
* If the condition evaluates to `testIsTrue`:
* - `isEq = true` : `v == e + delta`
* - `isEq = false` : `v != e + delta`
*/
pragma[nomagic]
SemGuard semEqFlowCond(
SemSsaVariable v, SemExpr e, D::Delta delta, boolean isEq, boolean testIsTrue
) {
exists(boolean eqpolarity |
result.isEquality(semSsaRead(v, delta), e, eqpolarity) and
(testIsTrue = true or testIsTrue = false) and
eqpolarity.booleanXor(testIsTrue).booleanNot() = isEq
)
or
exists(boolean testIsTrue0 |
semImplies_v2(result, testIsTrue, semEqFlowCond(v, e, delta, isEq, testIsTrue0), testIsTrue0)
)
}
/**
* Holds if `v` is an `SsaExplicitUpdate` that equals `e + delta`.
*/
predicate semSsaUpdateStep(SemSsaExplicitUpdate v, SemExpr e, D::Delta delta) {
exists(SemExpr defExpr | defExpr = v.getSourceExpr() |
defExpr.(SemCopyValueExpr).getOperand() = e and delta = D::fromFloat(0)
or
defExpr.(SemStoreExpr).getOperand() = e and delta = D::fromFloat(0)
or
defExpr.(SemAddOneExpr).getOperand() = e and delta = D::fromFloat(1)
or
defExpr.(SemSubOneExpr).getOperand() = e and delta = D::fromFloat(-1)
or
e = defExpr and
not (
defExpr instanceof SemCopyValueExpr or
defExpr instanceof SemStoreExpr or
defExpr instanceof SemAddOneExpr or
defExpr instanceof SemSubOneExpr
) and
delta = D::fromFloat(0)
)
}
/**
* Holds if `e1 + delta` equals `e2`.
*/
predicate semValueFlowStep(SemExpr e2, SemExpr e1, D::Delta delta) {
e2.(SemCopyValueExpr).getOperand() = e1 and delta = D::fromFloat(0)
or
e2.(SemStoreExpr).getOperand() = e1 and delta = D::fromFloat(0)
or
e2.(SemAddOneExpr).getOperand() = e1 and delta = D::fromFloat(1)
or
e2.(SemSubOneExpr).getOperand() = e1 and delta = D::fromFloat(-1)
or
Lang::additionalValueFlowStep(e2, e1, delta)
or
exists(SemExpr x | e2.(SemAddExpr).hasOperands(e1, x) |
D::fromInt(x.(SemConstantIntegerExpr).getIntValue()) = delta
)
or
exists(SemExpr x, SemSubExpr sub |
e2 = sub and
sub.getLeftOperand() = e1 and
sub.getRightOperand() = x
|
D::fromInt(-x.(SemConstantIntegerExpr).getIntValue()) = delta
)
}
/**
* Gets the type used to track the specified expression's range information.
*
* Usually, this just `e.getSemType()`, but the language can override this to track immutable boxed
* primitive types as the underlying primitive type.
*/
SemType getTrackedType(SemExpr e) {
result = Lang::getAlternateType(e)
or
not exists(Lang::getAlternateType(e)) and result = e.getSemType()
}
/**
* Gets the type used to track the specified source variable's range information.
*
* Usually, this just `e.getType()`, but the language can override this to track immutable boxed
* primitive types as the underlying primitive type.
*/
SemType getTrackedTypeForSsaVariable(SemSsaVariable var) {
result = Lang::getAlternateTypeForSsaVariable(var)
or
not exists(Lang::getAlternateTypeForSsaVariable(var)) and result = var.getType()
}
import Ranking
}
import Ranking
module Ranking {
/**
* Holds if `rix` is the number of input edges to `phi`.
*/
predicate maxPhiInputRank(SemSsaPhiNode phi, int rix) {
rix = max(int r | rankedPhiInput(phi, _, _, r))
}
/**
* Holds if `inp` is an input to `phi` along `edge` and this input has index `r`
* in an arbitrary 1-based numbering of the input edges to `phi`.
*/
predicate rankedPhiInput(
SemSsaPhiNode phi, SemSsaVariable inp, SemSsaReadPositionPhiInputEdge edge, int r
) {
edge.phiInput(phi, inp) and
edge =
rank[r](SemSsaReadPositionPhiInputEdge e |
e.phiInput(phi, _)
|
e order by e.getOrigBlock().getUniqueId()
)
}
}

53
cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/analysis/SignAnalysisCommon.qll
View File

@@ -11,10 +11,9 @@ private import RangeAnalysisImpl
private import SignAnalysisSpecific as Specific
private import semmle.code.cpp.rangeanalysis.new.internal.semantic.Semantic
private import ConstantAnalysis
private import RangeUtils
private import Sign
module SignAnalysis<DeltaSig D, UtilSig<Sem, D> Utils> {
module SignAnalysis<DeltaSig D> {
private import codeql.rangeanalysis.internal.RangeUtils::MakeUtils<Sem, D>
/**
@@ -39,13 +38,13 @@ module SignAnalysis<DeltaSig D, UtilSig<Sem, D> Utils> {
/** An SSA definition whose sign is determined by the sign of that definitions source expression. */
private class ExplicitSignDef extends FlowSignDef instanceof SemSsaExplicitUpdate {
final override Sign getSign() { result = semExprSign(super.getSourceExpr()) }
final override Sign getSign() { result = semExprSign(super.getDefiningExpr()) }
}
/** An SSA Phi definition, whose sign is the union of the signs of its inputs. */
private class PhiSignDef extends FlowSignDef instanceof SemSsaPhiNode {
final override Sign getSign() {
exists(SemSsaVariable inp, SemSsaReadPositionPhiInputEdge edge |
exists(SemSsaVariable inp, SsaReadPositionPhiInputEdge edge |
edge.phiInput(this, inp) and
result = semSsaSign(inp, edge)
)
@@ -148,7 +147,7 @@ module SignAnalysis<DeltaSig D, UtilSig<Sem, D> Utils> {
not this instanceof ConstantSignExpr and
(
// Only track numeric types.
Utils::getTrackedType(this) instanceof SemNumericType
Sem::getExprType(this) instanceof SemNumericType
or
// Unless the language says to track this expression anyway.
Specific::trackUnknownNonNumericExpr(this)
@@ -170,11 +169,11 @@ module SignAnalysis<DeltaSig D, UtilSig<Sem, D> Utils> {
override Sign getSignRestriction() {
// Propagate via SSA
// Propagate the sign from the def of `v`, incorporating any inference from guards.
result = semSsaSign(v, any(SemSsaReadPositionBlock bb | bb.getAnExpr() = this))
result = semSsaSign(v, any(SsaReadPositionBlock bb | bb.getBlock().getAnExpr() = this))
or
// No block for this read. Just use the sign of the def.
// REVIEW: How can this happen?
not exists(SemSsaReadPositionBlock bb | bb.getAnExpr() = this) and
not exists(SsaReadPositionBlock bb | bb.getBlock().getAnExpr() = this) and
result = semSsaDefSign(v)
}
}
@@ -203,7 +202,7 @@ module SignAnalysis<DeltaSig D, UtilSig<Sem, D> Utils> {
/** An expression of an unsigned type. */
private class UnsignedExpr extends FlowSignExpr {
UnsignedExpr() { Utils::getTrackedType(this) instanceof SemUnsignedIntegerType }
UnsignedExpr() { Sem::getExprType(this) instanceof SemUnsignedIntegerType }
override Sign getSignRestriction() {
result = TPos() or
@@ -276,7 +275,7 @@ module SignAnalysis<DeltaSig D, UtilSig<Sem, D> Utils> {
override SemUnboxExpr cast;
UnboxSignExpr() {
exists(SemType fromType | fromType = Utils::getTrackedType(cast.getOperand()) |
exists(SemType fromType | fromType = Sem::getExprType(cast.getOperand()) |
// Only numeric source types are handled here.
fromType instanceof SemNumericType
)
@@ -290,11 +289,11 @@ module SignAnalysis<DeltaSig D, UtilSig<Sem, D> Utils> {
* to only include bounds for which we might determine a sign.
*/
private predicate lowerBound(
SemExpr lowerbound, SemSsaVariable v, SemSsaReadPosition pos, boolean isStrict
SemExpr lowerbound, SemSsaVariable v, SsaReadPosition pos, boolean isStrict
) {
exists(boolean testIsTrue, SemRelationalExpr comp |
pos.hasReadOfVar(v) and
semGuardControlsSsaRead(semGetComparisonGuard(comp), pos, testIsTrue) and
guardControlsSsaRead(semGetComparisonGuard(comp), pos, testIsTrue) and
not unknownSign(lowerbound)
|
testIsTrue = true and
@@ -314,11 +313,11 @@ module SignAnalysis<DeltaSig D, UtilSig<Sem, D> Utils> {
* to only include bounds for which we might determine a sign.
*/
private predicate upperBound(
SemExpr upperbound, SemSsaVariable v, SemSsaReadPosition pos, boolean isStrict
SemExpr upperbound, SemSsaVariable v, SsaReadPosition pos, boolean isStrict
) {
exists(boolean testIsTrue, SemRelationalExpr comp |
pos.hasReadOfVar(v) and
semGuardControlsSsaRead(semGetComparisonGuard(comp), pos, testIsTrue) and
guardControlsSsaRead(semGetComparisonGuard(comp), pos, testIsTrue) and
not unknownSign(upperbound)
|
testIsTrue = true and
@@ -340,10 +339,10 @@ module SignAnalysis<DeltaSig D, UtilSig<Sem, D> Utils> {
* - `isEq = true` : `v = eqbound`
* - `isEq = false` : `v != eqbound`
*/
private predicate eqBound(SemExpr eqbound, SemSsaVariable v, SemSsaReadPosition pos, boolean isEq) {
private predicate eqBound(SemExpr eqbound, SemSsaVariable v, SsaReadPosition pos, boolean isEq) {
exists(SemGuard guard, boolean testIsTrue, boolean polarity, SemExpr e |
pos.hasReadOfVar(pragma[only_bind_into](v)) and
semGuardControlsSsaRead(guard, pragma[only_bind_into](pos), testIsTrue) and
guardControlsSsaRead(guard, pragma[only_bind_into](pos), testIsTrue) and
e = ssaRead(pragma[only_bind_into](v), D::fromInt(0)) and
guard.isEquality(eqbound, e, polarity) and
isEq = polarity.booleanXor(testIsTrue).booleanNot() and
@@ -355,7 +354,7 @@ module SignAnalysis<DeltaSig D, UtilSig<Sem, D> Utils> {
* Holds if `bound` is a bound for `v` at `pos` that needs to be positive in
* order for `v` to be positive.
*/
private predicate posBound(SemExpr bound, SemSsaVariable v, SemSsaReadPosition pos) {
private predicate posBound(SemExpr bound, SemSsaVariable v, SsaReadPosition pos) {
upperBound(bound, v, pos, _) or
eqBound(bound, v, pos, true)
}
@@ -364,7 +363,7 @@ module SignAnalysis<DeltaSig D, UtilSig<Sem, D> Utils> {
* Holds if `bound` is a bound for `v` at `pos` that needs to be negative in
* order for `v` to be negative.
*/
private predicate negBound(SemExpr bound, SemSsaVariable v, SemSsaReadPosition pos) {
private predicate negBound(SemExpr bound, SemSsaVariable v, SsaReadPosition pos) {
lowerBound(bound, v, pos, _) or
eqBound(bound, v, pos, true)
}
@@ -373,24 +372,24 @@ module SignAnalysis<DeltaSig D, UtilSig<Sem, D> Utils> {
* Holds if `bound` is a bound for `v` at `pos` that can restrict whether `v`
* can be zero.
*/
private predicate zeroBound(SemExpr bound, SemSsaVariable v, SemSsaReadPosition pos) {
private predicate zeroBound(SemExpr bound, SemSsaVariable v, SsaReadPosition pos) {
lowerBound(bound, v, pos, _) or
upperBound(bound, v, pos, _) or
eqBound(bound, v, pos, _)
}
/** Holds if `bound` allows `v` to be positive at `pos`. */
private predicate posBoundOk(SemExpr bound, SemSsaVariable v, SemSsaReadPosition pos) {
private predicate posBoundOk(SemExpr bound, SemSsaVariable v, SsaReadPosition pos) {
posBound(bound, v, pos) and TPos() = semExprSign(bound)
}
/** Holds if `bound` allows `v` to be negative at `pos`. */
private predicate negBoundOk(SemExpr bound, SemSsaVariable v, SemSsaReadPosition pos) {
private predicate negBoundOk(SemExpr bound, SemSsaVariable v, SsaReadPosition pos) {
negBound(bound, v, pos) and TNeg() = semExprSign(bound)
}
/** Holds if `bound` allows `v` to be zero at `pos`. */
private predicate zeroBoundOk(SemExpr bound, SemSsaVariable v, SemSsaReadPosition pos) {
private predicate zeroBoundOk(SemExpr bound, SemSsaVariable v, SsaReadPosition pos) {
lowerBound(bound, v, pos, _) and TNeg() = semExprSign(bound)
or
lowerBound(bound, v, pos, false) and TZero() = semExprSign(bound)
@@ -408,7 +407,7 @@ module SignAnalysis<DeltaSig D, UtilSig<Sem, D> Utils> {
* Holds if there is a bound that might restrict whether `v` has the sign `s`
* at `pos`.
*/
private predicate hasGuard(SemSsaVariable v, SemSsaReadPosition pos, Sign s) {
private predicate hasGuard(SemSsaVariable v, SsaReadPosition pos, Sign s) {
s = TPos() and posBound(_, v, pos)
or
s = TNeg() and negBound(_, v, pos)
@@ -421,7 +420,7 @@ module SignAnalysis<DeltaSig D, UtilSig<Sem, D> Utils> {
* might be ruled out by a guard.
*/
pragma[noinline]
private Sign guardedSsaSign(SemSsaVariable v, SemSsaReadPosition pos) {
private Sign guardedSsaSign(SemSsaVariable v, SsaReadPosition pos) {
result = semSsaDefSign(v) and
pos.hasReadOfVar(v) and
hasGuard(v, pos, result)
@@ -432,7 +431,7 @@ module SignAnalysis<DeltaSig D, UtilSig<Sem, D> Utils> {
* can rule it out.
*/
pragma[noinline]
private Sign unguardedSsaSign(SemSsaVariable v, SemSsaReadPosition pos) {
private Sign unguardedSsaSign(SemSsaVariable v, SsaReadPosition pos) {
result = semSsaDefSign(v) and
pos.hasReadOfVar(v) and
not hasGuard(v, pos, result)
@@ -443,7 +442,7 @@ module SignAnalysis<DeltaSig D, UtilSig<Sem, D> Utils> {
* ruled out the sign but does not.
* This does not check that the definition of `v` also allows the sign.
*/
private Sign guardedSsaSignOk(SemSsaVariable v, SemSsaReadPosition pos) {
private Sign guardedSsaSignOk(SemSsaVariable v, SsaReadPosition pos) {
result = TPos() and
forex(SemExpr bound | posBound(bound, v, pos) | posBoundOk(bound, v, pos))
or
@@ -455,7 +454,7 @@ module SignAnalysis<DeltaSig D, UtilSig<Sem, D> Utils> {
}
/** Gets a possible sign for `v` at `pos`. */
private Sign semSsaSign(SemSsaVariable v, SemSsaReadPosition pos) {
private Sign semSsaSign(SemSsaVariable v, SsaReadPosition pos) {
result = unguardedSsaSign(v, pos)
or
result = guardedSsaSign(v, pos) and
@@ -471,7 +470,7 @@ module SignAnalysis<DeltaSig D, UtilSig<Sem, D> Utils> {
Sign semExprSign(SemExpr e) {
exists(Sign s | s = e.(SignExpr).getSign() |
if
Utils::getTrackedType(e) instanceof SemUnsignedIntegerType and
Sem::getExprType(e) instanceof SemUnsignedIntegerType and
s = TNeg() and
not Specific::ignoreTypeRestrictions(e)
then result = TPos()

59
cpp/ql/src/Likely Bugs/Memory Management/UninitializedLocal.ql
View File

@@ -13,7 +13,8 @@
*/
import cpp
import semmle.code.cpp.controlflow.StackVariableReachability
import semmle.code.cpp.ir.IR
import semmle.code.cpp.ir.dataflow.MustFlow
/**
* Auxiliary predicate: Types that don't require initialization
@@ -33,31 +34,6 @@ predicate allocatedType(Type t) {
allocatedType(t.getUnspecifiedType())
}
/**
* A declaration of a local variable that leaves the
* variable uninitialized.
*/
DeclStmt declWithNoInit(LocalVariable v) {
result.getADeclaration() = v and
not exists(v.getInitializer()) and
/* The type of the variable is not stack-allocated. */
exists(Type t | t = v.getType() | not allocatedType(t))
}
class UninitialisedLocalReachability extends StackVariableReachability {
UninitialisedLocalReachability() { this = "UninitialisedLocal" }
override predicate isSource(ControlFlowNode node, StackVariable v) { node = declWithNoInit(v) }
override predicate isSink(ControlFlowNode node, StackVariable v) { useOfVarActual(v, node) }
override predicate isBarrier(ControlFlowNode node, StackVariable v) {
// only report the _first_ possibly uninitialized use
useOfVarActual(v, node) or
definitionBarrier(v, node)
}
}
pragma[noinline]
predicate containsInlineAssembly(Function f) { exists(AsmStmt s | s.getEnclosingFunction() = f) }
@@ -82,8 +58,33 @@ VariableAccess commonException() {
containsInlineAssembly(result.getEnclosingFunction())
}
from UninitialisedLocalReachability r, LocalVariable v, VariableAccess va
predicate isSinkImpl(Instruction sink, VariableAccess va) {
exists(LoadInstruction load |
va = load.getUnconvertedResultExpression() and
not va = commonException() and
sink = load.getSourceValue()
)
}
class MustFlow extends MustFlowConfiguration {
MustFlow() { this = "MustFlow" }
override predicate isSource(Instruction source) {
source instanceof UninitializedInstruction and
exists(Type t | t = source.getResultType() | not allocatedType(t))
}
override predicate isSink(Operand sink) { isSinkImpl(sink.getDef(), _) }
override predicate allowInterproceduralFlow() { none() }
override predicate isBarrier(Instruction instr) { instr instanceof ChiInstruction }
}
from
VariableAccess va, LocalVariable v, MustFlow conf, MustFlowPathNode source, MustFlowPathNode sink
where
r.reaches(_, v, va) and
not va = commonException()
conf.hasFlowPath(source, sink) and
isSinkImpl(sink.getInstruction(), va) and
v = va.getTarget()
select va, "The variable $@ may not be initialized at this access.", v, v.getName()

85
cpp/ql/src/Security/CWE/CWE-120/UnboundedWrite.ql
View File

@@ -15,9 +15,10 @@
*/
import semmle.code.cpp.security.BufferWrite
import semmle.code.cpp.security.Security
import semmle.code.cpp.ir.dataflow.internal.DefaultTaintTrackingImpl
import TaintedWithPath
import semmle.code.cpp.security.FlowSources as FS
import semmle.code.cpp.dataflow.new.TaintTracking
import semmle.code.cpp.controlflow.IRGuards
import Flow::PathGraph
/*
* --- Summary of CWE-120 alerts ---
@@ -47,15 +48,6 @@ predicate isUnboundedWrite(BufferWrite bw) {
not exists(bw.getMaxData(_)) // and we can't deduce an upper bound to the amount copied
}
/*
* predicate isMaybeUnboundedWrite(BufferWrite bw)
* {
* not bw.hasExplicitLimit() // has no explicit size limit
* and exists(bw.getMaxData()) // and we can deduce an upper bound to the amount copied
* and (not exists(getBufferSize(bw.getDest(), _))) // but we can't work out the size of the destination to be sure
* }
*/
/**
* Holds if `e` is a source buffer going into an unbounded write `bw` or a
* qualifier of (a qualifier of ...) such a source.
@@ -66,19 +58,43 @@ predicate unboundedWriteSource(Expr e, BufferWrite bw) {
exists(FieldAccess fa | unboundedWriteSource(fa, bw) and e = fa.getQualifier())
}
/*
* --- user input reach ---
*/
predicate isSource(FS::FlowSource source, string sourceType) { source.getSourceType() = sourceType }
class Configuration extends TaintTrackingConfiguration {
override predicate isSink(Element tainted) { unboundedWriteSource(tainted, _) }
override predicate taintThroughGlobals() { any() }
predicate isSink(DataFlow::Node sink, BufferWrite bw) {
unboundedWriteSource(sink.asIndirectExpr(), bw)
or
// `gets` and `scanf` reads from stdin so there's no real input.
// The `BufferWrite` library models this as the call itself being
// the source. In this case we mark the output argument as being
// the sink so that we report a path where source = sink (because
// the same output argument is also included in `isSource`).
bw.getASource() = bw and
unboundedWriteSource(sink.asDefiningArgument(), bw)
}
/*
* --- put it together ---
*/
predicate lessThanOrEqual(IRGuardCondition g, Expr e, boolean branch) {
exists(Operand left |
g.comparesLt(left, _, _, true, branch) or
g.comparesEq(left, _, _, true, branch)
|
left.getDef().getUnconvertedResultExpression() = e
)
}
module Config implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { isSource(source, _) }
predicate isSink(DataFlow::Node sink) { isSink(sink, _) }
predicate isBarrierOut(DataFlow::Node node) { isSink(node) }
predicate isBarrier(DataFlow::Node node) {
// Block flow if the node is guarded by any <, <= or = operations.
node = DataFlow::BarrierGuard<lessThanOrEqual/3>::getABarrierNode()
}
}
module Flow = TaintTracking::Global<Config>;
/*
* An unbounded write is, for example `strcpy(..., tainted)`. We're looking
@@ -87,17 +103,20 @@ class Configuration extends TaintTrackingConfiguration {
*
* In the case of `gets` and `scanf`, where the source buffer is implicit, the
* `BufferWrite` library reports the source buffer to be the same as the
* destination buffer. Since those destination-buffer arguments are also
* modeled in the taint-tracking library as being _sources_ of taint, they are
* in practice reported as being tainted because the `security.TaintTracking`
* library does not distinguish between taint going into an argument and out of
* an argument. Thus, we get the desired alerts.
* destination buffer. So to report an alert on a pattern like:
* ```
* char s[32];
* gets(s);
* ```
* we define the sink as the node corresponding to the output argument of `gets`.
* This gives us a path where the source is equal to the sink.
*/
from BufferWrite bw, Expr inputSource, Expr tainted, PathNode sourceNode, PathNode sinkNode
from BufferWrite bw, Flow::PathNode source, Flow::PathNode sink, string sourceType
where
taintedWithPath(inputSource, tainted, sourceNode, sinkNode) and
unboundedWriteSource(tainted, bw)
select bw, sourceNode, sinkNode,
"This '" + bw.getBWDesc() + "' with input from $@ may overflow the destination.", inputSource,
inputSource.toString()
Flow::flowPath(source, sink) and
isSource(source.getNode(), sourceType) and
isSink(sink.getNode(), bw)
select bw, source, sink,
"This '" + bw.getBWDesc() + "' with input from $@ may overflow the destination.",
source.getNode(), sourceType

4
cpp/ql/src/change-notes/2023-11-07-uninitialized-local.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* The `cpp/uninitialized-local` query has been improved to produce fewer false positives.

4
cpp/ql/test/library-tests/dataflow/dataflow-tests/dataflow-consistency.expected
View File

@@ -23,6 +23,7 @@ argHasPostUpdate
| lambdas.cpp:38:2:38:2 | d | ArgumentNode is missing PostUpdateNode. |
| lambdas.cpp:45:2:45:2 | e | ArgumentNode is missing PostUpdateNode. |
| test.cpp:67:29:67:35 | source1 | ArgumentNode is missing PostUpdateNode. |
| test.cpp:813:19:813:35 | * ... | ArgumentNode is missing PostUpdateNode. |
postWithInFlow
| BarrierGuard.cpp:49:6:49:6 | x [post update] | PostUpdateNode should not be the target of local flow. |
| BarrierGuard.cpp:60:7:60:7 | x [post update] | PostUpdateNode should not be the target of local flow. |
@@ -136,6 +137,9 @@ postWithInFlow
| test.cpp:728:3:728:4 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:728:4:728:4 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:734:41:734:41 | x [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:808:5:808:21 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:808:6:808:21 | global_indirect1 [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:832:5:832:17 | global_direct [post update] | PostUpdateNode should not be the target of local flow. |
viableImplInCallContextTooLarge
uniqueParameterNodeAtPosition
uniqueParameterNodePosition

40
cpp/ql/test/library-tests/dataflow/dataflow-tests/test.cpp
View File

@@ -796,4 +796,44 @@ void test() {
MyStruct a;
intPointerSource(a.content, a.content);
indirect_sink(a.content); // $ ast ir
}
namespace MoreGlobalTests {
int **global_indirect1;
int **global_indirect2;
int **global_direct;
void set_indirect1()
{
*global_indirect1 = indirect_source();
}
void read_indirect1() {
sink(global_indirect1); // clean
indirect_sink(*global_indirect1); // $ ir MISSING: ast
}
void set_indirect2()
{
**global_indirect2 = source();
}
void read_indirect2() {
sink(global_indirect2); // clean
sink(**global_indirect2); // $ ir MISSING: ast
}
// overload source with a boolean parameter so
// that we can define a variant that return an int**.
int** source(bool);
void set_direct()
{
global_direct = source(true);
}
void read_direct() {
sink(global_direct); // $ ir MISSING: ast
indirect_sink(global_direct); // clean
}
}

2
cpp/ql/test/library-tests/dataflow/source-sink-tests/remote-flow.expected
View File

@@ -1,2 +1,2 @@
failures
testFailures
failures

11
cpp/ql/test/library-tests/dataflow/taint-tests/localTaint.expected
View File

@@ -6646,6 +6646,17 @@ WARNING: Module TaintTracking has been deprecated and may be removed in future (
| taint.cpp:738:17:738:31 | call to indirect_source | taint.cpp:739:30:739:35 | source | |
| taint.cpp:739:22:739:28 | call to realloc | taint.cpp:740:7:740:10 | dest | |
| taint.cpp:739:30:739:35 | source | taint.cpp:739:22:739:28 | call to realloc | TAINT |
| taint.cpp:743:40:743:45 | buffer | taint.cpp:744:5:744:10 | buffer | |
| taint.cpp:743:40:743:45 | buffer | taint.cpp:745:27:745:32 | buffer | |
| taint.cpp:744:4:744:10 | * ... | taint.cpp:744:3:744:10 | * ... | TAINT |
| taint.cpp:744:5:744:10 | buffer | taint.cpp:744:4:744:10 | * ... | TAINT |
| taint.cpp:744:14:744:19 | call to source | taint.cpp:744:3:744:21 | ... = ... | |
| taint.cpp:745:19:745:25 | call to realloc | taint.cpp:743:40:743:45 | buffer | |
| taint.cpp:745:19:745:25 | call to realloc | taint.cpp:745:3:745:37 | ... = ... | |
| taint.cpp:745:19:745:25 | call to realloc | taint.cpp:746:10:746:15 | buffer | |
| taint.cpp:745:27:745:32 | buffer | taint.cpp:745:19:745:25 | call to realloc | TAINT |
| taint.cpp:746:9:746:15 | * ... | taint.cpp:746:8:746:15 | * ... | TAINT |
| taint.cpp:746:10:746:15 | buffer | taint.cpp:746:9:746:15 | * ... | TAINT |
| vector.cpp:16:43:16:49 | source1 | vector.cpp:17:26:17:32 | source1 | |
| vector.cpp:16:43:16:49 | source1 | vector.cpp:31:38:31:44 | source1 | |
| vector.cpp:17:21:17:33 | call to vector | vector.cpp:19:14:19:14 | v | |

6
cpp/ql/test/library-tests/dataflow/taint-tests/taint.cpp
View File

@@ -738,4 +738,10 @@ void test_realloc() {
char *source = indirect_source();
char *dest = (char*)realloc(source, 16);
sink(dest); // $ ir MISSING: ast
}
void test_realloc_2_indirections(int **buffer) {
**buffer = source();
buffer = (int**)realloc(buffer, 16);
sink(**buffer); // $ ir MISSING: ast
}

5
cpp/ql/test/library-tests/ir/modulus-analysis/ModulusAnalysis.ql
View File

@@ -2,7 +2,6 @@ import cpp
import codeql.rangeanalysis.ModulusAnalysis
import semmle.code.cpp.rangeanalysis.new.internal.semantic.Semantic
import semmle.code.cpp.rangeanalysis.new.internal.semantic.SemanticLocation
import semmle.code.cpp.rangeanalysis.new.internal.semantic.analysis.RangeUtils
import semmle.code.cpp.rangeanalysis.new.internal.semantic.analysis.FloatDelta
import semmle.code.cpp.rangeanalysis.new.internal.semantic.analysis.RangeAnalysisRelativeSpecific
import semmle.code.cpp.rangeanalysis.new.internal.semantic.analysis.RangeAnalysisImpl
@@ -10,9 +9,7 @@ import semmle.code.cpp.rangeanalysis.new.internal.semantic.SemanticExprSpecific
import semmle.code.cpp.ir.IR as IR
import TestUtilities.InlineExpectationsTest
module ModulusAnalysisInstantiated =
ModulusAnalysis<SemLocation, Sem, FloatDelta, ConstantBounds,
RangeUtil<FloatDelta, CppLangImplRelative>>;
module ModulusAnalysisInstantiated = ModulusAnalysis<SemLocation, Sem, FloatDelta, ConstantBounds>;
module ModulusAnalysisTest implements TestSig {
string getARelevantTag() { result = "mod" }

14
cpp/ql/test/library-tests/ir/range-analysis/SimpleRangeAnalysis_tests.cpp
View File

@@ -18,7 +18,7 @@ int test2(struct List* p) {
int count = 0;
for (; p; p = p->next) {
count = (count+1) % 10;
range(count); // $ range=<=9 range=>=-9 range="<=Phi: p | Store: count+1"
range(count); // $ range=<=9 range=>=-9
}
range(count); // $ range=>=-9 range=<=9
return count;
@@ -29,7 +29,7 @@ int test3(struct List* p) {
for (; p; p = p->next) {
range(count++); // $ range=>=-9 range=<=9
count = count % 10;
range(count); // $ range=<=9 range=>=-9 range="<=Store: ... +++0" range="<=Phi: p | Store: count+1"
range(count); // $ range=<=9 range=>=-9
}
range(count); // $ range=>=-9 range=<=9
return count;
@@ -317,7 +317,7 @@ int test_mult01(int a, int b) {
range(b); // $ range=<=23 range=>=-13
int r = a*b; // $ overflow=+- -143 .. 253
range(r);
total += r; // $ overflow=+
total += r; // $ overflow=+-
range(total); // $ MISSING: range=">=... * ...+0"
}
if (3 <= a && a <= 11 && -13 <= b && b <= 0) {
@@ -365,7 +365,7 @@ int test_mult02(int a, int b) {
range(b); // $ range=<=23 range=>=-13
int r = a*b; // $ overflow=+- -143 .. 253
range(r);
total += r; // $ overflow=+
total += r; // $ overflow=+-
range(total); // $ MISSING: range=">=... * ...+0"
}
if (0 <= a && a <= 11 && -13 <= b && b <= 0) {
@@ -460,7 +460,7 @@ int test_mult04(int a, int b) {
range(b); // $ range=<=23 range=>=-13
int r = a*b; // $ overflow=+- -391 .. 221
range(r);
total += r; // $ overflow=-
total += r; // $ overflow=+-
range(total); // $ MISSING: range="<=... * ...+0"
}
if (-17 <= a && a <= 0 && -13 <= b && b <= 0) {
@@ -508,7 +508,7 @@ int test_mult05(int a, int b) {
range(b); // $ range=<=23 range=>=-13
int r = a*b; // $ overflow=+- -391 .. 221
range(r);
total += r; // $ overflow=-
total += r; // $ overflow=+-
range(total); // $ MISSING: range="<=... * ...+0"
}
if (-17 <= a && a <= -2 && -13 <= b && b <= 0) {
@@ -974,7 +974,7 @@ void test_mod_neg(int s) {
void test_mod_ternary(int s, bool b) {
int s2 = s % (b ? 5 : 500);
range(s2); // $ range=>=-499 range=<=499 range="<=Phi: ... ? ... : ...-1"
range(s2); // $ range=>=-499 range=<=499
}
void test_mod_ternary2(int s, bool b1, bool b2) {

16
cpp/ql/test/library-tests/ir/range-analysis/test.cpp
View File

@@ -130,3 +130,19 @@ void test_div(int x) {
range(x >> 2); // $ range=>=0 range=<=2
}
}
struct X { int n; };
void read_argument(const X *);
// This test exists purely to ensure that modulus analysis terminates in the
// presence of inexact phi operands. The LoadInstruction on `while(x->n) { ... }`
// reads from a PhiInstruction with two input operands: an exact operand defined
// by the StoreInstruction generated by `x->n--` and an inexact operand coming
// from the WriteSideEffect generated by `read_argument(x)`. If we don't consider
// the inexact operand modulus analysis fails to terminate.
void nonterminating_without_operands_as_ssa(X *x) {
read_argument(x);
while (x->n) {
x->n--;
}
}

4
cpp/ql/test/library-tests/ir/sign-analysis/SignAnalysis.ql
View File

@@ -1,15 +1,13 @@
import cpp
import semmle.code.cpp.rangeanalysis.new.internal.semantic.analysis.SignAnalysisCommon
import semmle.code.cpp.rangeanalysis.new.internal.semantic.Semantic
import semmle.code.cpp.rangeanalysis.new.internal.semantic.analysis.RangeUtils
import semmle.code.cpp.rangeanalysis.new.internal.semantic.analysis.FloatDelta
import semmle.code.cpp.rangeanalysis.new.internal.semantic.analysis.RangeAnalysisRelativeSpecific
import semmle.code.cpp.rangeanalysis.new.internal.semantic.SemanticExprSpecific
import semmle.code.cpp.ir.IR as IR
import TestUtilities.InlineExpectationsTest
module SignAnalysisInstantiated =
SignAnalysis<FloatDelta, RangeUtil<FloatDelta, CppLangImplRelative>>;
module SignAnalysisInstantiated = SignAnalysis<FloatDelta>;
module SignAnalysisTest implements TestSig {
string getARelevantTag() { result = "sign" }

7
cpp/ql/test/library-tests/syntax-zoo/dataflow-ir-consistency.expected
View File

@@ -4,7 +4,12 @@ uniqueType
uniqueNodeLocation
missingLocation
uniqueNodeToString
| cpp11.cpp:50:15:50:16 | (no string representation) | Node should have one toString but has 0. |
| builtin.c:5:5:5:11 | (no string representation) | Node should have one toString but has 0. |
| misc.c:227:7:227:28 | (no string representation) | Node should have one toString but has 0. |
| static_init_templates.cpp:80:18:80:23 | (no string representation) | Node should have one toString but has 0. |
| static_init_templates.cpp:80:18:80:23 | (no string representation) | Node should have one toString but has 0. |
| static_init_templates.cpp:89:18:89:23 | (no string representation) | Node should have one toString but has 0. |
| static_init_templates.cpp:89:18:89:23 | (no string representation) | Node should have one toString but has 0. |
parameterCallable
localFlowIsLocal
readStepIsLocal

9
cpp/ql/test/query-tests/Security/CWE/CWE-114/semmle/UncontrolledProcessOperation/UncontrolledProcessOperation.expected
View File

@@ -52,6 +52,10 @@ edges
| test.cpp:106:17:106:22 | buffer | test.cpp:107:15:107:20 | buffer |
| test.cpp:106:17:106:22 | recv output argument | test.cpp:107:15:107:20 | buffer |
| test.cpp:106:17:106:22 | recv output argument | test.cpp:107:15:107:20 | buffer |
| test.cpp:113:8:113:12 | call to fgets | test.cpp:114:9:114:11 | ptr |
| test.cpp:113:8:113:12 | call to fgets | test.cpp:114:9:114:11 | ptr |
| test.cpp:113:8:113:12 | call to fgets | test.cpp:114:9:114:11 | ptr |
| test.cpp:113:8:113:12 | call to fgets | test.cpp:114:9:114:11 | ptr |
subpaths
nodes
| test.cpp:24:30:24:36 | command | semmle.label | command |
@@ -91,6 +95,10 @@ nodes
| test.cpp:106:17:106:22 | recv output argument | semmle.label | recv output argument |
| test.cpp:107:15:107:20 | buffer | semmle.label | buffer |
| test.cpp:107:15:107:20 | buffer | semmle.label | buffer |
| test.cpp:113:8:113:12 | call to fgets | semmle.label | call to fgets |
| test.cpp:113:8:113:12 | call to fgets | semmle.label | call to fgets |
| test.cpp:114:9:114:11 | ptr | semmle.label | ptr |
| test.cpp:114:9:114:11 | ptr | semmle.label | ptr |
#select
| test.cpp:26:10:26:16 | command | test.cpp:42:18:42:23 | call to getenv | test.cpp:26:10:26:16 | command | The value of this argument may come from $@ and is being passed to system. | test.cpp:42:18:42:23 | call to getenv | call to getenv |
| test.cpp:31:10:31:16 | command | test.cpp:43:18:43:23 | call to getenv | test.cpp:31:10:31:16 | command | The value of this argument may come from $@ and is being passed to system. | test.cpp:43:18:43:23 | call to getenv | call to getenv |
@@ -101,3 +109,4 @@ nodes
| test.cpp:78:10:78:15 | buffer | test.cpp:76:12:76:17 | buffer | test.cpp:78:10:78:15 | buffer | The value of this argument may come from $@ and is being passed to system. | test.cpp:76:12:76:17 | buffer | buffer |
| test.cpp:99:15:99:20 | buffer | test.cpp:98:17:98:22 | buffer | test.cpp:99:15:99:20 | buffer | The value of this argument may come from $@ and is being passed to LoadLibrary. | test.cpp:98:17:98:22 | buffer | buffer |
| test.cpp:107:15:107:20 | buffer | test.cpp:106:17:106:22 | buffer | test.cpp:107:15:107:20 | buffer | The value of this argument may come from $@ and is being passed to LoadLibrary. | test.cpp:106:17:106:22 | buffer | buffer |
| test.cpp:114:9:114:11 | ptr | test.cpp:113:8:113:12 | call to fgets | test.cpp:114:9:114:11 | ptr | The value of this argument may come from $@ and is being passed to system. | test.cpp:113:8:113:12 | call to fgets | call to fgets |

6
cpp/ql/test/query-tests/Security/CWE/CWE-114/semmle/UncontrolledProcessOperation/test.cpp
View File

@@ -107,3 +107,9 @@ void testAcceptRecv(int socket1, int socket2)
LoadLibrary(buffer); // BAD: using data from recv
}
}
void argumentUse(char *ptr, FILE *stream) {
char buffer[80];
ptr = fgets(buffer, sizeof(buffer), stream);
system(ptr); // BAD
}

49
cpp/ql/test/query-tests/Security/CWE/CWE-120/semmle/tests/UnboundedWrite.expected
View File

@@ -1,37 +1,18 @@
edges
| tests.c:28:22:28:25 | argv | tests.c:28:22:28:28 | access to array |
| tests.c:28:22:28:25 | argv | tests.c:28:22:28:28 | access to array |
| tests.c:28:22:28:25 | argv | tests.c:28:22:28:28 | access to array |
| tests.c:28:22:28:25 | argv | tests.c:28:22:28:28 | access to array |
| tests.c:29:28:29:31 | argv | tests.c:29:28:29:34 | access to array |
| tests.c:29:28:29:31 | argv | tests.c:29:28:29:34 | access to array |
| tests.c:29:28:29:31 | argv | tests.c:29:28:29:34 | access to array |
| tests.c:29:28:29:31 | argv | tests.c:29:28:29:34 | access to array |
| tests.c:34:10:34:13 | argv | tests.c:34:10:34:16 | access to array |
| tests.c:34:10:34:13 | argv | tests.c:34:10:34:16 | access to array |
| tests.c:34:10:34:13 | argv | tests.c:34:10:34:16 | access to array |
| tests.c:34:10:34:13 | argv | tests.c:34:10:34:16 | access to array |
subpaths
| tests.c:16:26:16:29 | argv indirection | tests.c:28:22:28:28 | access to array indirection |
| tests.c:16:26:16:29 | argv indirection | tests.c:29:28:29:34 | access to array indirection |
| tests.c:16:26:16:29 | argv indirection | tests.c:34:10:34:16 | access to array indirection |
nodes
| tests.c:28:22:28:25 | argv | semmle.label | argv |
| tests.c:28:22:28:25 | argv | semmle.label | argv |
| tests.c:28:22:28:28 | access to array | semmle.label | access to array |
| tests.c:28:22:28:28 | access to array | semmle.label | access to array |
| tests.c:29:28:29:31 | argv | semmle.label | argv |
| tests.c:29:28:29:31 | argv | semmle.label | argv |
| tests.c:29:28:29:34 | access to array | semmle.label | access to array |
| tests.c:29:28:29:34 | access to array | semmle.label | access to array |
| tests.c:31:15:31:23 | buffer100 | semmle.label | buffer100 |
| tests.c:31:15:31:23 | buffer100 | semmle.label | buffer100 |
| tests.c:33:21:33:29 | buffer100 | semmle.label | buffer100 |
| tests.c:33:21:33:29 | buffer100 | semmle.label | buffer100 |
| tests.c:34:10:34:13 | argv | semmle.label | argv |
| tests.c:34:10:34:13 | argv | semmle.label | argv |
| tests.c:34:10:34:16 | access to array | semmle.label | access to array |
| tests.c:34:10:34:16 | access to array | semmle.label | access to array |
| tests.c:16:26:16:29 | argv indirection | semmle.label | argv indirection |
| tests.c:28:22:28:28 | access to array indirection | semmle.label | access to array indirection |
| tests.c:29:28:29:34 | access to array indirection | semmle.label | access to array indirection |
| tests.c:31:15:31:23 | scanf output argument | semmle.label | scanf output argument |
| tests.c:33:21:33:29 | scanf output argument | semmle.label | scanf output argument |
| tests.c:34:10:34:16 | access to array indirection | semmle.label | access to array indirection |
subpaths
#select
| tests.c:28:3:28:9 | call to sprintf | tests.c:28:22:28:25 | argv | tests.c:28:22:28:28 | access to array | This 'call to sprintf' with input from $@ may overflow the destination. | tests.c:28:22:28:25 | argv | argv |
| tests.c:29:3:29:9 | call to sprintf | tests.c:29:28:29:31 | argv | tests.c:29:28:29:34 | access to array | This 'call to sprintf' with input from $@ may overflow the destination. | tests.c:29:28:29:31 | argv | argv |
| tests.c:31:15:31:23 | buffer100 | tests.c:31:15:31:23 | buffer100 | tests.c:31:15:31:23 | buffer100 | This 'scanf string argument' with input from $@ may overflow the destination. | tests.c:31:15:31:23 | buffer100 | buffer100 |
| tests.c:33:21:33:29 | buffer100 | tests.c:33:21:33:29 | buffer100 | tests.c:33:21:33:29 | buffer100 | This 'scanf string argument' with input from $@ may overflow the destination. | tests.c:33:21:33:29 | buffer100 | buffer100 |
| tests.c:34:25:34:33 | buffer100 | tests.c:34:10:34:13 | argv | tests.c:34:10:34:16 | access to array | This 'sscanf string argument' with input from $@ may overflow the destination. | tests.c:34:10:34:13 | argv | argv |
| tests.c:28:3:28:9 | call to sprintf | tests.c:16:26:16:29 | argv indirection | tests.c:28:22:28:28 | access to array indirection | This 'call to sprintf' with input from $@ may overflow the destination. | tests.c:16:26:16:29 | argv indirection | a command-line argument |
| tests.c:29:3:29:9 | call to sprintf | tests.c:16:26:16:29 | argv indirection | tests.c:29:28:29:34 | access to array indirection | This 'call to sprintf' with input from $@ may overflow the destination. | tests.c:16:26:16:29 | argv indirection | a command-line argument |
| tests.c:31:15:31:23 | buffer100 | tests.c:31:15:31:23 | scanf output argument | tests.c:31:15:31:23 | scanf output argument | This 'scanf string argument' with input from $@ may overflow the destination. | tests.c:31:15:31:23 | scanf output argument | value read by scanf |
| tests.c:33:21:33:29 | buffer100 | tests.c:33:21:33:29 | scanf output argument | tests.c:33:21:33:29 | scanf output argument | This 'scanf string argument' with input from $@ may overflow the destination. | tests.c:33:21:33:29 | scanf output argument | value read by scanf |
| tests.c:34:25:34:33 | buffer100 | tests.c:16:26:16:29 | argv indirection | tests.c:34:10:34:16 | access to array indirection | This 'sscanf string argument' with input from $@ may overflow the destination. | tests.c:16:26:16:29 | argv indirection | a command-line argument |

17
cpp/ql/test/query-tests/Security/CWE/CWE-193/InvalidPointerDeref.expected
View File

@@ -22,16 +22,10 @@ edges
| test.cpp:52:19:52:37 | call to malloc | test.cpp:53:12:53:23 | ... + ... |
| test.cpp:53:12:53:23 | ... + ... | test.cpp:51:33:51:35 | end |
| test.cpp:60:34:60:37 | mk_array output argument | test.cpp:67:9:67:14 | ... = ... |
| test.cpp:194:15:194:33 | call to malloc | test.cpp:195:17:195:23 | ... + ... |
| test.cpp:195:17:195:23 | ... + ... | test.cpp:195:17:195:23 | ... + ... |
| test.cpp:195:17:195:23 | ... + ... | test.cpp:201:5:201:19 | ... = ... |
| test.cpp:195:17:195:23 | ... + ... | test.cpp:201:5:201:19 | ... = ... |
| test.cpp:205:15:205:33 | call to malloc | test.cpp:206:17:206:23 | ... + ... |
| test.cpp:206:17:206:23 | ... + ... | test.cpp:206:17:206:23 | ... + ... |
| test.cpp:206:17:206:23 | ... + ... | test.cpp:213:5:213:13 | ... = ... |
| test.cpp:206:17:206:23 | ... + ... | test.cpp:213:5:213:13 | ... = ... |
| test.cpp:231:18:231:30 | new[] | test.cpp:232:3:232:20 | ... = ... |
| test.cpp:238:20:238:32 | new[] | test.cpp:239:5:239:22 | ... = ... |
| test.cpp:260:13:260:24 | new[] | test.cpp:261:14:261:21 | ... + ... |
| test.cpp:261:14:261:21 | ... + ... | test.cpp:261:14:261:21 | ... + ... |
| test.cpp:261:14:261:21 | ... + ... | test.cpp:264:13:264:14 | * ... |
@@ -127,18 +121,10 @@ nodes
| test.cpp:53:12:53:23 | ... + ... | semmle.label | ... + ... |
| test.cpp:60:34:60:37 | mk_array output argument | semmle.label | mk_array output argument |
| test.cpp:67:9:67:14 | ... = ... | semmle.label | ... = ... |
| test.cpp:194:15:194:33 | call to malloc | semmle.label | call to malloc |
| test.cpp:195:17:195:23 | ... + ... | semmle.label | ... + ... |
| test.cpp:195:17:195:23 | ... + ... | semmle.label | ... + ... |
| test.cpp:201:5:201:19 | ... = ... | semmle.label | ... = ... |
| test.cpp:205:15:205:33 | call to malloc | semmle.label | call to malloc |
| test.cpp:206:17:206:23 | ... + ... | semmle.label | ... + ... |
| test.cpp:206:17:206:23 | ... + ... | semmle.label | ... + ... |
| test.cpp:213:5:213:13 | ... = ... | semmle.label | ... = ... |
| test.cpp:231:18:231:30 | new[] | semmle.label | new[] |
| test.cpp:232:3:232:20 | ... = ... | semmle.label | ... = ... |
| test.cpp:238:20:238:32 | new[] | semmle.label | new[] |
| test.cpp:239:5:239:22 | ... = ... | semmle.label | ... = ... |
| test.cpp:260:13:260:24 | new[] | semmle.label | new[] |
| test.cpp:261:14:261:21 | ... + ... | semmle.label | ... + ... |
| test.cpp:261:14:261:21 | ... + ... | semmle.label | ... + ... |
@@ -220,10 +206,7 @@ subpaths
| test.cpp:30:14:30:15 | * ... | test.cpp:28:15:28:37 | call to malloc | test.cpp:30:14:30:15 | * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:28:15:28:37 | call to malloc | call to malloc | test.cpp:29:20:29:27 | ... + ... | ... + ... |
| test.cpp:32:14:32:21 | * ... | test.cpp:28:15:28:37 | call to malloc | test.cpp:32:14:32:21 | * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@ + 1. | test.cpp:28:15:28:37 | call to malloc | call to malloc | test.cpp:29:20:29:27 | ... + ... | ... + ... |
| test.cpp:67:9:67:14 | ... = ... | test.cpp:52:19:52:37 | call to malloc | test.cpp:67:9:67:14 | ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:52:19:52:37 | call to malloc | call to malloc | test.cpp:53:20:53:23 | size | size |
| test.cpp:201:5:201:19 | ... = ... | test.cpp:194:15:194:33 | call to malloc | test.cpp:201:5:201:19 | ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:194:15:194:33 | call to malloc | call to malloc | test.cpp:195:21:195:23 | len | len |
| test.cpp:213:5:213:13 | ... = ... | test.cpp:205:15:205:33 | call to malloc | test.cpp:213:5:213:13 | ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:205:15:205:33 | call to malloc | call to malloc | test.cpp:206:21:206:23 | len | len |
| test.cpp:232:3:232:20 | ... = ... | test.cpp:231:18:231:30 | new[] | test.cpp:232:3:232:20 | ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:231:18:231:30 | new[] | new[] | test.cpp:232:11:232:15 | index | index |
| test.cpp:239:5:239:22 | ... = ... | test.cpp:238:20:238:32 | new[] | test.cpp:239:5:239:22 | ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:238:20:238:32 | new[] | new[] | test.cpp:239:13:239:17 | index | index |
| test.cpp:264:13:264:14 | * ... | test.cpp:260:13:260:24 | new[] | test.cpp:264:13:264:14 | * ... | This read might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:260:13:260:24 | new[] | new[] | test.cpp:261:19:261:21 | len | len |
| test.cpp:274:5:274:10 | ... = ... | test.cpp:270:13:270:24 | new[] | test.cpp:274:5:274:10 | ... = ... | This write might be out of bounds, as the pointer might be equal to $@ + $@. | test.cpp:270:13:270:24 | new[] | new[] | test.cpp:271:19:271:21 | len | len |
| test.cpp:358:14:358:26 | end_plus_one indirection | test.cpp:355:14:355:27 | new[] | test.cpp:358:14:358:26 | end_plus_one indirection | This read might be out of bounds, as the pointer might be equal to $@ + $@ + 1. | test.cpp:355:14:355:27 | new[] | new[] | test.cpp:356:20:356:23 | size | size |

6
cpp/ql/test/query-tests/Security/CWE/CWE-193/test.cpp
View File

@@ -198,7 +198,7 @@ void test12(unsigned len, unsigned index) {
return;
}
p[index] = '\0'; // $ deref=L195->L201 // BAD
p[index] = '\0'; // $ MISSING: deref=L195->L201 // BAD [NOT DETECTED]
}
void test13(unsigned len, unsigned index) {
@@ -229,14 +229,14 @@ void test15(unsigned index) {
return;
}
int* newname = new int[size];
newname[index] = 0; // $ alloc=L231 deref=L232 // GOOD [FALSE POSITIVE]
newname[index] = 0; // GOOD
}
void test16(unsigned index) {
unsigned size = index + 13;
if(size >= index) {
int* newname = new int[size];
newname[index] = 0; // $ alloc=L238 deref=L239 // GOOD [FALSE POSITIVE]
newname[index] = 0; // GOOD
}
}

7
cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/UninitializedLocal.expected
View File

@@ -1,14 +1,7 @@
| test.cpp:12:6:12:8 | foo | The variable $@ may not be initialized at this access. | test.cpp:11:6:11:8 | foo | foo |
| test.cpp:30:6:30:8 | foo | The variable $@ may not be initialized at this access. | test.cpp:26:6:26:8 | foo | foo |
| test.cpp:46:6:46:8 | foo | The variable $@ may not be initialized at this access. | test.cpp:42:6:42:8 | foo | foo |
| test.cpp:55:7:55:9 | foo | The variable $@ may not be initialized at this access. | test.cpp:50:6:50:8 | foo | foo |
| test.cpp:67:7:67:9 | foo | The variable $@ may not be initialized at this access. | test.cpp:61:6:61:8 | foo | foo |
| test.cpp:92:6:92:8 | foo | The variable $@ may not be initialized at this access. | test.cpp:82:6:82:8 | foo | foo |
| test.cpp:113:6:113:8 | foo | The variable $@ may not be initialized at this access. | test.cpp:111:6:111:8 | foo | foo |
| test.cpp:132:9:132:9 | j | The variable $@ may not be initialized at this access. | test.cpp:126:6:126:6 | j | j |
| test.cpp:219:3:219:3 | x | The variable $@ may not be initialized at this access. | test.cpp:218:7:218:7 | x | x |
| test.cpp:243:13:243:13 | i | The variable $@ may not be initialized at this access. | test.cpp:241:6:241:6 | i | i |
| test.cpp:329:9:329:11 | val | The variable $@ may not be initialized at this access. | test.cpp:321:6:321:8 | val | val |
| test.cpp:336:10:336:10 | a | The variable $@ may not be initialized at this access. | test.cpp:333:7:333:7 | a | a |
| test.cpp:369:10:369:10 | a | The variable $@ may not be initialized at this access. | test.cpp:358:7:358:7 | a | a |
| test.cpp:378:9:378:11 | val | The variable $@ may not be initialized at this access. | test.cpp:359:6:359:8 | val | val |

74
cpp/ql/test/query-tests/Security/CWE/CWE-457/semmle/tests/test.cpp
View File

@@ -27,7 +27,7 @@ void test4(bool b) {
if (b) {
foo = 1;
}
use(foo); // BAD
use(foo); // BAD [NOT DETECTED]
}
void test5() {
@@ -43,7 +43,7 @@ void test5(int count) {
for (int i = 0; i < count; i++) {
foo = i;
}
use(foo); // BAD
use(foo); // BAD [NOT DETECTED]
}
void test6(bool b) {
@@ -52,7 +52,7 @@ void test6(bool b) {
foo = 42;
}
if (b) {
use(foo); // GOOD (REPORTED, FP)
use(foo); // GOOD
}
}
@@ -64,7 +64,7 @@ void test7(bool b) {
set = true;
}
if (set) {
use(foo); // GOOD (REPORTED, FP)
use(foo); // GOOD
}
}
@@ -89,7 +89,7 @@ void test9(int count) {
if (!set) {
foo = 42;
}
use(foo); // GOOD (REPORTED, FP)
use(foo); // GOOD
}
void test10() {
@@ -129,7 +129,7 @@ int absWrong(int i) {
} else if (i < 0) {
j = -i;
}
return j; // wrong: j may not be initialized before use
return j; // wrong: j may not be initialized before use [NOT DETECTED]
}
// Example from qhelp
@@ -326,7 +326,7 @@ int test28() {
a = false;
c = false;
}
return val; // GOOD [FALSE POSITIVE]
return val; // GOOD
}
int test29() {
@@ -472,4 +472,64 @@ void test44() {
int y = 1;
void(x + y); // BAD
}
enum class State { StateA, StateB, StateC };
int exhaustive_switch(State s) {
int y;
switch(s) {
case State::StateA:
y = 1;
break;
case State::StateB:
y = 2;
break;
case State::StateC:
y = 3;
break;
}
return y; // GOOD (y is always initialized)
}
int exhaustive_switch_2(State s) {
int y;
switch(s) {
case State::StateA:
y = 1;
break;
default:
y = 2;
break;
}
return y; // GOOD (y is always initialized)
}
int non_exhaustive_switch(State s) {
int y;
switch(s) {
case State::StateA:
y = 1;
break;
case State::StateB:
y = 2;
break;
}
return y; // BAD [NOT DETECTED] (y is not initialized when s = StateC)
}
int non_exhaustive_switch_2(State s) {
int y;
switch(s) {
case State::StateA:
y = 1;
break;
case State::StateB:
y = 2;
break;
}
if(s != State::StateC) {
return y; // GOOD (y is not initialized when s = StateC, but if s = StateC we won't reach this point)
}
return 0;
}

25
csharp/documentation/library-coverage/coverage.csv
View File

@@ -1,28 +1,33 @@
package,sink,source,summary,sink:code-injection,sink:encryption-decryptor,sink:encryption-encryptor,sink:encryption-keyprop,sink:encryption-symmetrickey,sink:file-content-store,sink:html-injection,sink:js-injection,sink:sql-injection,source:file,source:file-write,source:local,source:remote,summary:taint,summary:value
Dapper,55,,,,,,,,,,,55,,,,,,
ILCompiler,,,80,,,,,,,,,,,,,,80,
Internal.IL,,,68,,,,,,,,,,,,,,66,2
Internal.Pgo,,,9,,,,,,,,,,,,,,8,1
Internal.TypeSystem,,,352,,,,,,,,,,,,,,316,36
JsonToItemsTaskFactory,,,7,,,,,,,,,,,,,,7,
Microsoft.ApplicationBlocks.Data,28,,,,,,,,,,,28,,,,,,
Microsoft.CSharp,,,24,,,,,,,,,,,,,,24,
Microsoft.Diagnostics.Tools.Pgo,,,12,,,,,,,,,,,,,,12,
Microsoft.EntityFrameworkCore,6,,12,,,,,,,,,6,,,,,,12
Microsoft.Extensions.Caching.Distributed,,,15,,,,,,,,,,,,,,15,
Microsoft.Extensions.Caching.Memory,,,46,,,,,,,,,,,,,,45,1
Microsoft.Extensions.Configuration,,,83,,,,,,,,,,,,,,80,3
Microsoft.Extensions.DependencyInjection,,,62,,,,,,,,,,,,,,62,
Microsoft.Extensions.Caching.Memory,,,38,,,,,,,,,,,,,,37,1
Microsoft.Extensions.Configuration,,,79,,,,,,,,,,,,,,76,3
Microsoft.Extensions.DependencyInjection,,,60,,,,,,,,,,,,,,60,
Microsoft.Extensions.DependencyModel,,,12,,,,,,,,,,,,,,12,
Microsoft.Extensions.FileProviders,,,16,,,,,,,,,,,,,,16,
Microsoft.Extensions.FileSystemGlobbing,,,15,,,,,,,,,,,,,,13,2
Microsoft.Extensions.Hosting,,,17,,,,,,,,,,,,,,16,1
Microsoft.Extensions.FileProviders,,,17,,,,,,,,,,,,,,17,
Microsoft.Extensions.FileSystemGlobbing,,,16,,,,,,,,,,,,,,14,2
Microsoft.Extensions.Hosting,,,20,,,,,,,,,,,,,,19,1
Microsoft.Extensions.Http,,,10,,,,,,,,,,,,,,10,
Microsoft.Extensions.Logging,,,37,,,,,,,,,,,,,,37,
Microsoft.Extensions.Logging,,,39,,,,,,,,,,,,,,39,
Microsoft.Extensions.Options,,,8,,,,,,,,,,,,,,8,
Microsoft.Extensions.Primitives,,,63,,,,,,,,,,,,,,63,
Microsoft.Interop,,,27,,,,,,,,,,,,,,27,
Microsoft.Interop,,,60,,,,,,,,,,,,,,60,
Microsoft.NET.Build.Tasks,,,1,,,,,,,,,,,,,,1,
Microsoft.NETCore.Platforms.BuildTasks,,,4,,,,,,,,,,,,,,4,
Microsoft.VisualBasic,,,10,,,,,,,,,,,,,,5,5
Microsoft.Win32,,,8,,,,,,,,,,,,,,8,
Microsoft.Win32.SafeHandles,,,4,,,,,,,,,,,,,,4,
MySql.Data.MySqlClient,48,,,,,,,,,,,48,,,,,,
Newtonsoft.Json,,,91,,,,,,,,,,,,,,73,18
ServiceStack,194,,7,27,,,,,75,,,92,,,,,7,
System,65,25,12149,,8,8,9,,,4,3,33,1,17,3,4,10163,1986
System,67,25,11891,,8,8,9,,,4,5,33,1,17,3,4,9906,1985
Windows.Security.Cryptography.Core,1,,,,,,,1,,,,,,,,,,
1 package sink source summary sink:code-injection sink:encryption-decryptor sink:encryption-encryptor sink:encryption-keyprop sink:encryption-symmetrickey sink:file-content-store sink:html-injection sink:js-injection sink:sql-injection source:file source:file-write source:local source:remote summary:taint summary:value
2 Dapper 55 55
3 ILCompiler 80 80
4 Internal.IL 68 66 2
5 Internal.Pgo 9 8 1
6 Internal.TypeSystem 352 316 36
7 JsonToItemsTaskFactory 7 7
8 Microsoft.ApplicationBlocks.Data 28 28
9 Microsoft.CSharp 24 24
10 Microsoft.Diagnostics.Tools.Pgo 12 12
11 Microsoft.EntityFrameworkCore 6 12 6 12
12 Microsoft.Extensions.Caching.Distributed 15 15
13 Microsoft.Extensions.Caching.Memory 46 38 45 37 1
14 Microsoft.Extensions.Configuration 83 79 80 76 3
15 Microsoft.Extensions.DependencyInjection 62 60 62 60
16 Microsoft.Extensions.DependencyModel 12 12
17 Microsoft.Extensions.FileProviders 16 17 16 17
18 Microsoft.Extensions.FileSystemGlobbing 15 16 13 14 2
19 Microsoft.Extensions.Hosting 17 20 16 19 1
20 Microsoft.Extensions.Http 10 10
21 Microsoft.Extensions.Logging 37 39 37 39
22 Microsoft.Extensions.Options 8 8
23 Microsoft.Extensions.Primitives 63 63
24 Microsoft.Interop 27 60 27 60
25 Microsoft.NET.Build.Tasks 1 1
26 Microsoft.NETCore.Platforms.BuildTasks 4 4
27 Microsoft.VisualBasic 10 5 5
28 Microsoft.Win32 Microsoft.Win32.SafeHandles 8 4 8 4
29 MySql.Data.MySqlClient 48 48
30 Newtonsoft.Json 91 73 18
31 ServiceStack 194 7 27 75 92 7
32 System 65 67 25 12149 11891 8 8 9 4 3 5 33 1 17 3 4 10163 9906 1986 1985
33 Windows.Security.Cryptography.Core 1 1

6
csharp/documentation/library-coverage/coverage.rst
View File

@@ -8,7 +8,7 @@ C# framework & library support
Framework / library,Package,Flow sources,Taint & value steps,Sinks (total),`CWE-079` :sub:`Cross-site scripting`
`ServiceStack <https://servicestack.net/>`_,"``ServiceStack.*``, ``ServiceStack``",,7,194,
System,"``System.*``, ``System``",25,12149,65,7
Others,"``Dapper``, ``JsonToItemsTaskFactory``, ``Microsoft.ApplicationBlocks.Data``, ``Microsoft.CSharp``, ``Microsoft.EntityFrameworkCore``, ``Microsoft.Extensions.Caching.Distributed``, ``Microsoft.Extensions.Caching.Memory``, ``Microsoft.Extensions.Configuration``, ``Microsoft.Extensions.DependencyInjection``, ``Microsoft.Extensions.DependencyModel``, ``Microsoft.Extensions.FileProviders``, ``Microsoft.Extensions.FileSystemGlobbing``, ``Microsoft.Extensions.Hosting``, ``Microsoft.Extensions.Http``, ``Microsoft.Extensions.Logging``, ``Microsoft.Extensions.Options``, ``Microsoft.Extensions.Primitives``, ``Microsoft.Interop``, ``Microsoft.NET.Build.Tasks``, ``Microsoft.NETCore.Platforms.BuildTasks``, ``Microsoft.VisualBasic``, ``Microsoft.Win32``, ``MySql.Data.MySqlClient``, ``Newtonsoft.Json``, ``Windows.Security.Cryptography.Core``",,568,138,
Totals,,25,12724,397,7
System,"``System.*``, ``System``",25,11891,67,9
Others,"``Dapper``, ``ILCompiler``, ``Internal.IL``, ``Internal.Pgo``, ``Internal.TypeSystem``, ``JsonToItemsTaskFactory``, ``Microsoft.ApplicationBlocks.Data``, ``Microsoft.CSharp``, ``Microsoft.Diagnostics.Tools.Pgo``, ``Microsoft.EntityFrameworkCore``, ``Microsoft.Extensions.Caching.Distributed``, ``Microsoft.Extensions.Caching.Memory``, ``Microsoft.Extensions.Configuration``, ``Microsoft.Extensions.DependencyInjection``, ``Microsoft.Extensions.DependencyModel``, ``Microsoft.Extensions.FileProviders``, ``Microsoft.Extensions.FileSystemGlobbing``, ``Microsoft.Extensions.Hosting``, ``Microsoft.Extensions.Http``, ``Microsoft.Extensions.Logging``, ``Microsoft.Extensions.Options``, ``Microsoft.Extensions.Primitives``, ``Microsoft.Interop``, ``Microsoft.NET.Build.Tasks``, ``Microsoft.NETCore.Platforms.BuildTasks``, ``Microsoft.VisualBasic``, ``Microsoft.Win32.SafeHandles``, ``MySql.Data.MySqlClient``, ``Newtonsoft.Json``, ``Windows.Security.Cryptography.Core``",,1111,138,
Totals,,25,13009,399,9

8
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/AssemblyCache.cs
View File

@@ -27,12 +27,18 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
if (File.Exists(path))
{
pendingDllsToIndex.Enqueue(path);
continue;
}
else
if (Directory.Exists(path))
{
progressMonitor.FindingFiles(path);
AddReferenceDirectory(path);
}
else
{
progressMonitor.LogInfo("AssemblyCache: Path not found: " + path);
}
}
IndexReferences();
}

164
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/Assets.cs Normal file
View File

@@ -0,0 +1,164 @@
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using Newtonsoft.Json.Linq;
using Semmle.Util;
namespace Semmle.Extraction.CSharp.DependencyFetching
{
/// <summary>
/// Class for parsing project.assets.json files.
/// </summary>
internal class Assets
{
private readonly ProgressMonitor progressMonitor;
private static readonly string[] netFrameworks = new[] {
"microsoft.aspnetcore.app.ref",
"microsoft.netcore.app.ref",
"microsoft.netframework.referenceassemblies",
"microsoft.windowsdesktop.app.ref",
"netstandard.library.ref"
};
internal Assets(ProgressMonitor progressMonitor)
{
this.progressMonitor = progressMonitor;
}
/// <summary>
/// Class needed for deserializing parts of an assets file.
/// It holds information about a reference.
///
/// Type carries the type of the reference.
/// We are only interested in package references.
///
/// Compile holds information about the files needed for compilation.
/// However, if it is a .NET framework reference we assume that all files in the
/// package are needed for compilation.
/// </summary>
private record class ReferenceInfo(string? Type, Dictionary<string, object>? Compile);
/// <summary>
/// Add the package dependencies from the assets file to dependencies.
///
/// Parse a part of the JSon assets file and add the paths
/// to the dependencies required for compilation (and collect
/// information about used packages).
///
/// Example:
/// {
/// "Castle.Core/4.4.1": {
/// "type": "package",
/// "compile": {
/// "lib/netstandard1.5/Castle.Core.dll": {
/// "related": ".xml"
/// }
/// }
/// },
/// "Json.Net/1.0.33": {
/// "type": "package",
/// "compile": {
/// "lib/netstandard2.0/Json.Net.dll": {}
/// },
/// "runtime": {
/// "lib/netstandard2.0/Json.Net.dll": {}
/// }
/// }
/// }
///
/// Returns dependencies
/// RequiredPaths = {
/// "castle.core/4.4.1/lib/netstandard1.5/Castle.Core.dll",
/// "json.net/1.0.33/lib/netstandard2.0/Json.Net.dll"
/// }
/// UsedPackages = {
/// "castle.core",
/// "json.net"
/// }
/// </summary>
private DependencyContainer AddPackageDependencies(JObject json, DependencyContainer dependencies)
{
// If there are more than one framework we need to pick just one.
// To ensure stability we pick one based on the lexicographic order of
// the framework names.
var references = json
.GetProperty("targets")?
.Properties()?
.MaxBy(p => p.Name)?
.Value
.ToObject<Dictionary<string, ReferenceInfo>>();
if (references is null)
{
progressMonitor.LogDebug("No references found in the targets section in the assets file.");
return dependencies;
}
// Find all the compile dependencies for each reference and
// create the relative path to the dependency.
references
.ForEach(r =>
{
var info = r.Value;
var name = r.Key.ToLowerInvariant();
if (info.Type != "package")
{
return;
}
// If this is a .NET framework reference then include everything.
if (netFrameworks.Any(framework => name.StartsWith(framework)))
{
dependencies.Add(name);
}
else
{
info.Compile?
.ForEach(r => dependencies.Add(name, r.Key));
}
});
return dependencies;
}
/// <summary>
/// Parse `json` as project.assets.json content and add relative paths to the dependencies
/// (together with used package information) required for compilation.
/// </summary>
/// <returns>True if parsing succeeds, otherwise false.</returns>
public bool TryParse(string json, DependencyContainer dependencies)
{
try
{
var obj = JObject.Parse(json);
AddPackageDependencies(obj, dependencies);
return true;
}
catch (Exception e)
{
progressMonitor.LogDebug($"Failed to parse assets file (unexpected error): {e.Message}");
return false;
}
}
public static DependencyContainer GetCompilationDependencies(ProgressMonitor progressMonitor, IEnumerable<string> assets)
{
var parser = new Assets(progressMonitor);
var dependencies = new DependencyContainer();
assets.ForEach(asset =>
{
var json = File.ReadAllText(asset);
parser.TryParse(json, dependencies);
});
return dependencies;
}
}
internal static class JsonExtensions
{
internal static JObject? GetProperty(this JObject json, string property) =>
json[property] as JObject;
}
}

69
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyContainer.cs Normal file
View File

@@ -0,0 +1,69 @@
using System.Collections.Generic;
using System.IO;
using System.Linq;
namespace Semmle.Extraction.CSharp.DependencyFetching
{
/// <summary>
/// Container class for dependencies found in the assets file.
/// </summary>
internal class DependencyContainer
{
private readonly List<string> requiredPaths = new();
private readonly HashSet<string> usedPackages = new();
/// <summary>
/// In most cases paths in asset files point to dll's or the empty _._ file, which
/// is sometimes there to avoid the directory being empty.
/// That is, if the path specifically adds a .dll we use that, otherwise we as a fallback
/// add the entire directory (which should be fine in case of _._ as well).
/// </summary>
private static string ParseFilePath(string path)
{
if (path.EndsWith(".dll"))
{
return path;
}
return Path.GetDirectoryName(path) ?? path;
}
private static string GetPackageName(string package) =>
package
.Split(Path.DirectorySeparatorChar)
.First();
/// <summary>
/// Paths to dependencies required for compilation.
/// </summary>
public IEnumerable<string> RequiredPaths => requiredPaths;
/// <summary>
/// Packages that are used as a part of the required dependencies.
/// </summary>
public HashSet<string> UsedPackages => usedPackages;
/// <summary>
/// Add a dependency inside a package.
/// </summary>
public void Add(string package, string dependency)
{
var p = package.Replace('/', Path.DirectorySeparatorChar);
var d = dependency.Replace('/', Path.DirectorySeparatorChar);
var path = Path.Combine(p, ParseFilePath(d));
requiredPaths.Add(path);
usedPackages.Add(GetPackageName(p));
}
/// <summary>
/// Add a dependency to an entire package
/// </summary>
public void Add(string package)
{
var p = package.Replace('/', Path.DirectorySeparatorChar);
requiredPaths.Add(p);
usedPackages.Add(GetPackageName(p));
}
}
}

328
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs
View File

@@ -31,9 +31,14 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
private readonly IDotNet dotnet;
private readonly FileContent fileContent;
private readonly TemporaryDirectory packageDirectory;
private readonly TemporaryDirectory legacyPackageDirectory;
private readonly TemporaryDirectory missingPackageDirectory;
private readonly TemporaryDirectory tempWorkingDirectory;
private readonly bool cleanupTempWorkingDirectory;
private readonly Lazy<Runtime> runtimeLazy;
private Runtime Runtime => runtimeLazy.Value;
/// <summary>
/// Performs C# dependency fetching.
/// </summary>
@@ -48,11 +53,15 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
this.sourceDir = new DirectoryInfo(srcDir);
packageDirectory = new TemporaryDirectory(ComputeTempDirectory(sourceDir.FullName));
legacyPackageDirectory = new TemporaryDirectory(ComputeTempDirectory(sourceDir.FullName, "legacypackages"));
missingPackageDirectory = new TemporaryDirectory(ComputeTempDirectory(sourceDir.FullName, "missingpackages"));
tempWorkingDirectory = new TemporaryDirectory(FileUtils.GetTemporaryWorkingDirectory(out cleanupTempWorkingDirectory));
try
{
this.dotnet = DotNet.Make(options, progressMonitor, tempWorkingDirectory);
runtimeLazy = new Lazy<Runtime>(() => new Runtime(dotnet));
}
catch
{
@@ -74,57 +83,61 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
var solutions = options.SolutionFile is not null
? new[] { options.SolutionFile }
: allNonBinaryFiles.SelectFileNamesByExtension(".sln");
var dllDirNames = options.DllDirs.Count == 0
? allFiles.SelectFileNamesByExtension(".dll").ToList()
: options.DllDirs.Select(Path.GetFullPath).ToList();
var dllPaths = options.DllDirs.Count == 0
? allFiles.SelectFileNamesByExtension(".dll").ToHashSet()
: options.DllDirs.Select(Path.GetFullPath).ToHashSet();
if (options.UseNuGet)
{
dllDirNames.Add(packageDirectory.DirInfo.FullName);
try
{
var nuget = new NugetPackages(sourceDir.FullName, packageDirectory, progressMonitor);
var nuget = new NugetPackages(sourceDir.FullName, legacyPackageDirectory, progressMonitor);
nuget.InstallPackages();
var nugetPackageDlls = legacyPackageDirectory.DirInfo.GetFiles("*.dll", new EnumerationOptions { RecurseSubdirectories = true });
var nugetPackageDllPaths = nugetPackageDlls.Select(f => f.FullName).ToHashSet();
var excludedPaths = nugetPackageDllPaths
.Where(path => IsPathInSubfolder(path, legacyPackageDirectory.DirInfo.FullName, "tools"));
foreach (var excludedPath in excludedPaths)
{
progressMonitor.LogInfo($"Excluded Nuget DLL: {excludedPath}");
}
nugetPackageDllPaths.ExceptWith(excludedPaths);
dllPaths.UnionWith(nugetPackageDllPaths);
}
catch (FileNotFoundException)
{
progressMonitor.MissingNuGet();
}
var restoredProjects = RestoreSolutions(solutions);
var restoredProjects = RestoreSolutions(solutions, out var assets1);
var projects = allProjects.Except(restoredProjects);
RestoreProjects(projects);
DownloadMissingPackages(allNonBinaryFiles);
}
RestoreProjects(projects, out var assets2);
var existsNetCoreRefNugetPackage = false;
var existsNetFrameworkRefNugetPackage = false;
var existsNetstandardLibRefNugetPackage = false;
var existsNetstandardLibNugetPackage = false;
var dependencies = Assets.GetCompilationDependencies(progressMonitor, assets1.Union(assets2));
var paths = dependencies
.RequiredPaths
.Select(d => Path.Combine(packageDirectory.DirInfo.FullName, d))
.ToList();
dllPaths.UnionWith(paths);
LogAllUnusedPackages(dependencies);
DownloadMissingPackages(allNonBinaryFiles, dllPaths);
}
// Find DLLs in the .Net / Asp.Net Framework
// This block needs to come after the nuget restore, because the nuget restore might fetch the .NET Core/Framework reference assemblies.
if (options.ScanNetFrameworkDlls)
{
existsNetCoreRefNugetPackage = IsNugetPackageAvailable("microsoft.netcore.app.ref");
existsNetFrameworkRefNugetPackage = IsNugetPackageAvailable("microsoft.netframework.referenceassemblies");
existsNetstandardLibRefNugetPackage = IsNugetPackageAvailable("netstandard.library.ref");
existsNetstandardLibNugetPackage = IsNugetPackageAvailable("netstandard.library");
if (existsNetCoreRefNugetPackage
|| existsNetFrameworkRefNugetPackage
|| existsNetstandardLibRefNugetPackage
|| existsNetstandardLibNugetPackage)
{
progressMonitor.LogInfo("Found .NET Core/Framework DLLs in NuGet packages. Not adding installation directory.");
}
else
{
AddNetFrameworkDlls(dllDirNames);
}
AddNetFrameworkDlls(dllPaths);
AddAspNetCoreFrameworkDlls(dllPaths);
AddMicrosoftWindowsDesktopDlls(dllPaths);
}
assemblyCache = new AssemblyCache(dllDirNames, progressMonitor);
assemblyCache = new AssemblyCache(dllPaths, progressMonitor);
AnalyseSolutions(solutions);
foreach (var filename in assemblyCache.AllAssemblies.Select(a => a.Filename))
@@ -132,7 +145,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
UseReference(filename);
}
RemoveUnnecessaryNugetPackages(existsNetCoreRefNugetPackage, existsNetFrameworkRefNugetPackage, existsNetstandardLibRefNugetPackage, existsNetstandardLibNugetPackage);
RemoveNugetAnalyzerReferences();
ResolveConflicts();
// Output the findings
@@ -167,56 +180,12 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
DateTime.Now - startTime);
}
private void RemoveUnnecessaryNugetPackages(bool existsNetCoreRefNugetPackage, bool existsNetFrameworkRefNugetPackage,
bool existsNetstandardLibRefNugetPackage, bool existsNetstandardLibNugetPackage)
private static bool IsPathInSubfolder(string path, string rootFolder, string subFolder)
{
RemoveNugetAnalyzerReferences();
RemoveRuntimeNugetPackageReferences();
if (fileContent.IsNewProjectStructureUsed
&& !fileContent.UseAspNetCoreDlls)
{
// This might have been restored by the CLI even though the project isn't an asp.net core one.
RemoveNugetPackageReference("microsoft.aspnetcore.app.ref");
}
// Multiple dotnet framework packages could be present. We keep only one.
// The order of the packages is important, we're keeping the first one that is present in the nuget cache.
var packagesInPrioOrder = new (bool isPresent, string prefix)[]
{
// net7.0, ... net5.0, netcoreapp3.1, netcoreapp3.0
(existsNetCoreRefNugetPackage, "microsoft.netcore.app.ref"),
// net48, ..., net20
(existsNetFrameworkRefNugetPackage, "microsoft.netframework.referenceassemblies."),
// netstandard2.1
(existsNetstandardLibRefNugetPackage, "netstandard.library.ref"),
// netstandard2.0
(existsNetstandardLibNugetPackage, "netstandard.library")
};
for (var i = 0; i < packagesInPrioOrder.Length; i++)
{
var (isPresent, _) = packagesInPrioOrder[i];
if (!isPresent)
{
continue;
}
// Package is present, remove all the lower priority packages:
for (var j = i + 1; j < packagesInPrioOrder.Length; j++)
{
var (otherIsPresent, otherPrefix) = packagesInPrioOrder[j];
if (otherIsPresent)
{
RemoveNugetPackageReference(otherPrefix);
}
}
break;
}
// TODO: There could be multiple `microsoft.netframework.referenceassemblies` packages,
// we could keep the newest one, but this is covered by the conflict resolution logic
// (if the file names match)
return path.IndexOf(
$"{Path.DirectorySeparatorChar}{subFolder}{Path.DirectorySeparatorChar}",
rootFolder.Length,
StringComparison.InvariantCultureIgnoreCase) >= 0;
}
private void RemoveNugetAnalyzerReferences()
@@ -258,58 +227,58 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
}
}
}
private void AddNetFrameworkDlls(List<string> dllDirNames)
private void AddNetFrameworkDlls(ISet<string> dllPaths)
{
var runtime = new Runtime(dotnet);
// Multiple dotnet framework packages could be present.
// The order of the packages is important, we're adding the first one that is present in the nuget cache.
var packagesInPrioOrder = new string[]
{
"microsoft.netcore.app.ref", // net7.0, ... net5.0, netcoreapp3.1, netcoreapp3.0
"microsoft.netframework.referenceassemblies.", // net48, ..., net20
"netstandard.library.ref", // netstandard2.1
"netstandard.library" // netstandard2.0
};
var frameworkPath = packagesInPrioOrder
.Select((s, index) => (Index: index, Path: GetPackageDirectory(s)))
.FirstOrDefault(pair => pair.Path is not null);
if (frameworkPath.Path is not null)
{
dllPaths.Add(frameworkPath.Path);
progressMonitor.LogInfo($"Found .NET Core/Framework DLLs in NuGet packages at {frameworkPath.Path}. Not adding installation directory.");
for (var i = frameworkPath.Index + 1; i < packagesInPrioOrder.Length; i++)
{
RemoveNugetPackageReference(packagesInPrioOrder[i], dllPaths);
}
return;
}
string? runtimeLocation = null;
if (options.UseSelfContainedDotnet)
{
runtimeLocation = runtime.ExecutingRuntime;
runtimeLocation = Runtime.ExecutingRuntime;
}
else if (fileContent.IsNewProjectStructureUsed)
{
runtimeLocation = runtime.NetCoreRuntime;
runtimeLocation = Runtime.NetCoreRuntime;
}
else if (fileContent.IsLegacyProjectStructureUsed)
{
runtimeLocation = runtime.DesktopRuntime;
runtimeLocation = Runtime.DesktopRuntime;
}
runtimeLocation ??= runtime.ExecutingRuntime;
runtimeLocation ??= Runtime.ExecutingRuntime;
progressMonitor.LogInfo($".NET runtime location selected: {runtimeLocation}");
dllDirNames.Add(runtimeLocation);
if (fileContent.IsNewProjectStructureUsed
&& fileContent.UseAspNetCoreDlls
&& runtime.AspNetCoreRuntime is string aspRuntime)
{
progressMonitor.LogInfo($"ASP.NET runtime location selected: {aspRuntime}");
dllDirNames.Add(aspRuntime);
}
dllPaths.Add(runtimeLocation);
}
private void RemoveRuntimeNugetPackageReferences()
{
var runtimePackagePrefixes = new[]
{
"microsoft.netcore.app.runtime",
"microsoft.aspnetcore.app.runtime",
"microsoft.windowsdesktop.app.runtime",
// legacy runtime packages:
"runtime.linux-x64.microsoft.netcore.app",
"runtime.osx-x64.microsoft.netcore.app",
"runtime.win-x64.microsoft.netcore.app",
// Internal implementation packages not meant for direct consumption:
"runtime."
};
RemoveNugetPackageReference(runtimePackagePrefixes);
}
private void RemoveNugetPackageReference(params string[] packagePrefixes)
private void RemoveNugetPackageReference(string packagePrefix, ISet<string> dllPaths)
{
if (!options.UseNuGet)
{
@@ -322,32 +291,74 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
return;
}
var packagePathPrefixes = packagePrefixes.Select(p => Path.Combine(packageFolder, p.ToLowerInvariant()));
foreach (var filename in usedReferences.Keys)
var packagePathPrefix = Path.Combine(packageFolder, packagePrefix.ToLowerInvariant());
var toRemove = dllPaths.Where(s => s.ToLowerInvariant().StartsWith(packagePathPrefix));
foreach (var path in toRemove)
{
var lowerFilename = filename.ToLowerInvariant();
if (packagePathPrefixes.Any(prefix => lowerFilename.StartsWith(prefix)))
{
usedReferences.Remove(filename);
progressMonitor.RemovedReference(filename);
}
dllPaths.Remove(path);
progressMonitor.RemovedReference(path);
}
}
private bool IsNugetPackageAvailable(string packagePrefix)
private void AddAspNetCoreFrameworkDlls(ISet<string> dllPaths)
{
if (!fileContent.IsNewProjectStructureUsed || !fileContent.UseAspNetCoreDlls)
{
return;
}
// First try to find ASP.NET Core assemblies in the NuGet packages
if (GetPackageDirectory("microsoft.aspnetcore.app.ref") is string aspNetCorePackage)
{
progressMonitor.LogInfo($"Found ASP.NET Core in NuGet packages. Not adding installation directory.");
dllPaths.Add(aspNetCorePackage);
}
else if (Runtime.AspNetCoreRuntime is string aspNetCoreRuntime)
{
progressMonitor.LogInfo($"ASP.NET runtime location selected: {aspNetCoreRuntime}");
dllPaths.Add(aspNetCoreRuntime);
}
}
private void AddMicrosoftWindowsDesktopDlls(ISet<string> dllPaths)
{
if (GetPackageDirectory("microsoft.windowsdesktop.app.ref") is string windowsDesktopApp)
{
progressMonitor.LogInfo($"Found Windows Desktop App in NuGet packages.");
dllPaths.Add(windowsDesktopApp);
}
}
private string? GetPackageDirectory(string packagePrefix)
{
if (!options.UseNuGet)
{
return false;
return null;
}
return new DirectoryInfo(packageDirectory.DirInfo.FullName)
.EnumerateDirectories(packagePrefix + "*", new EnumerationOptions { MatchCasing = MatchCasing.CaseInsensitive, RecurseSubdirectories = false })
.Any();
.FirstOrDefault()?
.FullName;
}
private IEnumerable<string> GetAllPackageDirectories()
{
if (!options.UseNuGet)
{
return Enumerable.Empty<string>();
}
return new DirectoryInfo(packageDirectory.DirInfo.FullName)
.EnumerateDirectories("*", new EnumerationOptions { MatchCasing = MatchCasing.CaseInsensitive, RecurseSubdirectories = false })
.Select(d => d.FullName);
}
private void LogAllUnusedPackages(DependencyContainer dependencies) =>
GetAllPackageDirectories()
.Where(package => !dependencies.UsedPackages.Contains(package))
.ForEach(package => progressMonitor.LogInfo($"Unused package: {package}"));
private void GenerateSourceFileFromImplicitUsings()
{
var usings = new HashSet<string>();
@@ -437,7 +448,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
/// with this source tree. Use a SHA1 of the directory name.
/// </summary>
/// <returns>The full path of the temp directory.</returns>
private static string ComputeTempDirectory(string srcDir)
private static string ComputeTempDirectory(string srcDir, string packages = "packages")
{
var bytes = Encoding.Unicode.GetBytes(srcDir);
var sha = SHA1.HashData(bytes);
@@ -445,7 +456,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
foreach (var b in sha.Take(8))
sb.AppendFormat("{0:x2}", b);
return Path.Combine(Path.GetTempPath(), "GitHub", "packages", sb.ToString());
return Path.Combine(Path.GetTempPath(), "GitHub", packages, sb.ToString());
}
/// <summary>
@@ -623,41 +634,52 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
}
private bool RestoreProject(string project, bool forceDotnetRefAssemblyFetching, string? pathToNugetConfig = null) =>
dotnet.RestoreProjectToDirectory(project, packageDirectory.DirInfo.FullName, forceDotnetRefAssemblyFetching, pathToNugetConfig);
private bool RestoreProject(string project, bool forceDotnetRefAssemblyFetching, out IEnumerable<string> assets, string? pathToNugetConfig = null) =>
dotnet.RestoreProjectToDirectory(project, packageDirectory.DirInfo.FullName, forceDotnetRefAssemblyFetching, out assets, pathToNugetConfig);
private bool RestoreSolution(string solution, out IEnumerable<string> projects) =>
dotnet.RestoreSolutionToDirectory(solution, packageDirectory.DirInfo.FullName, forceDotnetRefAssemblyFetching: true, out projects);
private bool RestoreSolution(string solution, out IEnumerable<string> projects, out IEnumerable<string> assets) =>
dotnet.RestoreSolutionToDirectory(solution, packageDirectory.DirInfo.FullName, forceDotnetRefAssemblyFetching: true, out projects, out assets);
/// <summary>
/// Executes `dotnet restore` on all solution files in solutions.
/// As opposed to RestoreProjects this is not run in parallel using PLINQ
/// as `dotnet restore` on a solution already uses multiple threads for restoring
/// the projects (this can be disabled with the `--disable-parallel` flag).
/// Populates assets with the relative paths to the assets files generated by the restore.
/// Returns a list of projects that are up to date with respect to restore.
/// </summary>
/// <param name="solutions">A list of paths to solution files.</param>
private IEnumerable<string> RestoreSolutions(IEnumerable<string> solutions) =>
solutions.SelectMany(solution =>
private IEnumerable<string> RestoreSolutions(IEnumerable<string> solutions, out IEnumerable<string> assets)
{
var assetFiles = new List<string>();
var projects = solutions.SelectMany(solution =>
{
RestoreSolution(solution, out var restoredProjects);
RestoreSolution(solution, out var restoredProjects, out var a);
assetFiles.AddRange(a);
return restoredProjects;
});
assets = assetFiles;
return projects;
}
/// <summary>
/// Executes `dotnet restore` on all projects in projects.
/// This is done in parallel for performance reasons.
/// Populates assets with the relative paths to the assets files generated by the restore.
/// </summary>
/// <param name="projects">A list of paths to project files.</param>
private void RestoreProjects(IEnumerable<string> projects)
private void RestoreProjects(IEnumerable<string> projects, out IEnumerable<string> assets)
{
var assetFiles = new List<string>();
Parallel.ForEach(projects, new ParallelOptions { MaxDegreeOfParallelism = options.Threads }, project =>
{
RestoreProject(project, forceDotnetRefAssemblyFetching: true);
RestoreProject(project, forceDotnetRefAssemblyFetching: true, out var a);
assetFiles.AddRange(a);
});
assets = assetFiles;
}
private void DownloadMissingPackages(List<FileInfo> allFiles)
private void DownloadMissingPackages(List<FileInfo> allFiles, ISet<string> dllPaths)
{
var nugetConfigs = allFiles.SelectFileNamesByName("nuget.config").ToArray();
string? nugetConfig = null;
@@ -698,13 +720,15 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
return;
}
success = RestoreProject(tempDir.DirInfo.FullName, forceDotnetRefAssemblyFetching: false, pathToNugetConfig: nugetConfig);
dotnet.RestoreProjectToDirectory(tempDir.DirInfo.FullName, missingPackageDirectory.DirInfo.FullName, forceDotnetRefAssemblyFetching: false, out var _, pathToNugetConfig: nugetConfig);
// TODO: the restore might fail, we could retry with a prerelease (*-* instead of *) version of the package.
if (!success)
{
progressMonitor.FailedToRestoreNugetPackage(package);
}
});
dllPaths.Add(missingPackageDirectory.DirInfo.FullName);
}
private void AnalyseSolutions(IEnumerable<string> solutions)
@@ -724,26 +748,26 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
});
}
public void Dispose()
public void Dispose(TemporaryDirectory? dir, string name)
{
try
{
packageDirectory?.Dispose();
dir?.Dispose();
}
catch (Exception exc)
{
progressMonitor.LogInfo("Couldn't delete package directory: " + exc.Message);
progressMonitor.LogInfo($"Couldn't delete {name} directory {exc.Message}");
}
}
public void Dispose()
{
Dispose(packageDirectory, "package");
Dispose(legacyPackageDirectory, "legacy package");
Dispose(missingPackageDirectory, "missing package");
if (cleanupTempWorkingDirectory)
{
try
{
tempWorkingDirectory?.Dispose();
}
catch (Exception exc)
{
progressMonitor.LogInfo("Couldn't delete temporary working directory: " + exc.Message);
}
Dispose(tempWorkingDirectory, "temporary working");
}
}
}

44
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs
View File

@@ -42,7 +42,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
private string GetRestoreArgs(string projectOrSolutionFile, string packageDirectory, bool forceDotnetRefAssemblyFetching)
{
var args = $"restore --no-dependencies \"{projectOrSolutionFile}\" --packages \"{packageDirectory}\" /p:DisableImplicitNuGetFallbackFolder=true";
var args = $"restore --no-dependencies \"{projectOrSolutionFile}\" --packages \"{packageDirectory}\" /p:DisableImplicitNuGetFallbackFolder=true --verbosity normal";
if (forceDotnetRefAssemblyFetching)
{
@@ -60,7 +60,19 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
return args;
}
public bool RestoreProjectToDirectory(string projectFile, string packageDirectory, bool forceDotnetRefAssemblyFetching, string? pathToNugetConfig = null)
private static IEnumerable<string> GetFirstGroupOnMatch(Regex regex, IEnumerable<string> lines) =>
lines
.Select(line => regex.Match(line))
.Where(match => match.Success)
.Select(match => match.Groups[1].Value);
private static IEnumerable<string> GetAssetsFilePaths(IEnumerable<string> lines) =>
GetFirstGroupOnMatch(AssetsFileRegex(), lines);
private static IEnumerable<string> GetRestoredProjects(IEnumerable<string> lines) =>
GetFirstGroupOnMatch(RestoredProjectRegex(), lines);
public bool RestoreProjectToDirectory(string projectFile, string packageDirectory, bool forceDotnetRefAssemblyFetching, out IEnumerable<string> assets, string? pathToNugetConfig = null)
{
var args = GetRestoreArgs(projectFile, packageDirectory, forceDotnetRefAssemblyFetching);
if (pathToNugetConfig != null)
@@ -68,25 +80,18 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
args += $" --configfile \"{pathToNugetConfig}\"";
}
return dotnetCliInvoker.RunCommand(args);
var success = dotnetCliInvoker.RunCommand(args, out var output);
assets = success ? GetAssetsFilePaths(output) : Array.Empty<string>();
return success;
}
public bool RestoreSolutionToDirectory(string solutionFile, string packageDirectory, bool forceDotnetRefAssemblyFetching, out IEnumerable<string> projects)
public bool RestoreSolutionToDirectory(string solutionFile, string packageDirectory, bool forceDotnetRefAssemblyFetching, out IEnumerable<string> projects, out IEnumerable<string> assets)
{
var args = GetRestoreArgs(solutionFile, packageDirectory, forceDotnetRefAssemblyFetching);
args += " --verbosity normal";
if (dotnetCliInvoker.RunCommand(args, out var output))
{
var regex = RestoreProjectRegex();
projects = output
.Select(line => regex.Match(line))
.Where(match => match.Success)
.Select(match => match.Groups[1].Value);
return true;
}
projects = Array.Empty<string>();
return false;
var success = dotnetCliInvoker.RunCommand(args, out var output);
projects = success ? GetRestoredProjects(output) : Array.Empty<string>();
assets = success ? GetAssetsFilePaths(output) : Array.Empty<string>();
return success;
}
public bool New(string folder)
@@ -121,6 +126,9 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
}
[GeneratedRegex("Restored\\s+(.+\\.csproj)", RegexOptions.Compiled)]
private static partial Regex RestoreProjectRegex();
private static partial Regex RestoredProjectRegex();
[GeneratedRegex("[Assets\\sfile\\shas\\snot\\schanged.\\sSkipping\\sassets\\sfile\\swriting.|Writing\\sassets\\sfile\\sto\\sdisk.]\\sPath:\\s(.*)", RegexOptions.Compiled)]
private static partial Regex AssetsFileRegex();
}
}

4
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/IDotNet.cs
View File

@@ -4,8 +4,8 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
{
internal interface IDotNet
{
bool RestoreProjectToDirectory(string project, string directory, bool forceDotnetRefAssemblyFetching, string? pathToNugetConfig = null);
bool RestoreSolutionToDirectory(string solutionFile, string packageDirectory, bool forceDotnetRefAssemblyFetching, out IEnumerable<string> projects);
bool RestoreProjectToDirectory(string project, string directory, bool forceDotnetRefAssemblyFetching, out IEnumerable<string> assets, string? pathToNugetConfig = null);
bool RestoreSolutionToDirectory(string solutionFile, string packageDirectory, bool forceDotnetRefAssemblyFetching, out IEnumerable<string> projects, out IEnumerable<string> assets);
bool New(string folder);
bool AddPackage(string folder, string package);
IList<string> GetListedRuntimes();

2
csharp/extractor/Semmle.Extraction.CSharp/Entities/Attribute.cs
View File

@@ -91,7 +91,7 @@ namespace Semmle.Extraction.CSharp.Entities
// The current argument is not named
// so the previous ones were also not named
// so the child index matches the parameter index.
isParamsParameter = Symbol?.AttributeConstructor?.Parameters[childIndex].IsParams == true;
isParamsParameter = Symbol.AttributeConstructor?.Parameters[childIndex].IsParams == true;
argSyntax = ctorArguments[childIndex];
}

2
csharp/extractor/Semmle.Extraction.CSharp/Entities/NonGeneratedSourceLocation.cs
View File

@@ -22,7 +22,7 @@ namespace Semmle.Extraction.CSharp.Entities
Position.Span.Start.Line + 1, Position.Span.Start.Character + 1,
Position.Span.End.Line + 1, Position.Span.End.Character);
var mapped = Symbol!.GetMappedLineSpan();
var mapped = Symbol.GetMappedLineSpan();
if (mapped.HasMappedPath && mapped.IsValid)
{
var mappedLoc = Create(Context, Location.Create(mapped.Path, default, mapped.Span));

206
csharp/extractor/Semmle.Extraction.Tests/Assets.cs Normal file
View File

@@ -0,0 +1,206 @@
using Xunit;
using System.Linq;
using Semmle.Extraction.CSharp.DependencyFetching;
namespace Semmle.Extraction.Tests
{
public class AssetsTests
{
private static string FixExpectedPathOnWindows(string path) => path.Replace('\\', '/');
[Fact]
public void TestAssets1()
{
// Setup
var assets = new Assets(new ProgressMonitor(new LoggerStub()));
var json = assetsJson1;
var dependencies = new DependencyContainer();
// Execute
var success = assets.TryParse(json, dependencies);
// Verify
Assert.True(success);
Assert.Equal(5, dependencies.RequiredPaths.Count());
Assert.Equal(4, dependencies.UsedPackages.Count());
var normalizedPaths = dependencies.RequiredPaths.Select(FixExpectedPathOnWindows);
// Required references
Assert.Contains("castle.core/4.4.1/lib/netstandard1.5/Castle.Core.dll", normalizedPaths);
Assert.Contains("castle.core/4.4.1/lib/netstandard1.5/Castle.Core2.dll", normalizedPaths);
Assert.Contains("json.net/1.0.33/lib/netstandard2.0/Json.Net.dll", normalizedPaths);
Assert.Contains("microsoft.aspnetcore.cryptography.internal/6.0.8/lib/net6.0/Microsoft.AspNetCore.Cryptography.Internal.dll", normalizedPaths);
Assert.Contains("humanizer.core/2.8.26/lib/netstandard2.0", normalizedPaths);
// Used packages
Assert.Contains("castle.core", dependencies.UsedPackages);
Assert.Contains("json.net", dependencies.UsedPackages);
Assert.Contains("microsoft.aspnetcore.cryptography.internal", dependencies.UsedPackages);
Assert.Contains("humanizer.core", dependencies.UsedPackages);
}
[Fact]
public void TestAssets2()
{
// Setup
var assets = new Assets(new ProgressMonitor(new LoggerStub()));
var json = assetsJson2;
var dependencies = new DependencyContainer();
// Execute
var success = assets.TryParse(json, dependencies);
// Verify
Assert.True(success);
Assert.Equal(2, dependencies.RequiredPaths.Count());
var normalizedPaths = dependencies.RequiredPaths.Select(FixExpectedPathOnWindows);
// Required references
Assert.Contains("microsoft.netframework.referenceassemblies/1.0.3", normalizedPaths);
Assert.Contains("microsoft.netframework.referenceassemblies.net48/1.0.3", normalizedPaths);
// Used packages
Assert.Contains("microsoft.netframework.referenceassemblies", dependencies.UsedPackages);
Assert.Contains("microsoft.netframework.referenceassemblies.net48", dependencies.UsedPackages);
}
[Fact]
public void TestAssets3()
{
// Setup
var assets = new Assets(new ProgressMonitor(new LoggerStub()));
var json = "garbage data";
var dependencies = new DependencyContainer();
// Execute
var success = assets.TryParse(json, dependencies);
// Verify
Assert.False(success);
Assert.Empty(dependencies.RequiredPaths);
}
private readonly string assetsJson1 = """
{
"version": 3,
"targets": {
"net7.0": {
"Castle.Core/4.4.1": {
"type": "package",
"dependencies": {
"NETStandard.Library": "1.6.1",
"System.Collections.Specialized": "4.3.0",
},
"compile": {
"lib/netstandard1.5/Castle.Core.dll": {
"related": ".xml"
},
"lib/netstandard1.5/Castle.Core2.dll": {
"related": ".xml"
}
},
"runtime": {
"lib/netstandard1.5/Castle.Core.dll": {
"related": ".xml"
}
}
},
"Json.Net/1.0.33": {
"type": "package",
"compile": {
"lib/netstandard2.0/Json.Net.dll": {}
},
"runtime": {
"lib/netstandard2.0/Json.Net.dll": {}
}
},
"MessagePackAnalyzer/2.1.152": {
"type": "package"
},
"Microsoft.AspNetCore.Cryptography.Internal/6.0.8": {
"type": "package",
"compile": {
"lib/net6.0/Microsoft.AspNetCore.Cryptography.Internal.dll": {
"related": ".xml"
}
},
"runtime": {
"lib/net6.0/Microsoft.AspNetCore.Cryptography.Internal.dll": {
"related": ".xml"
}
}
},
"Humanizer.Core/2.8.26": {
"type": "package",
"compile": {
"lib/netstandard2.0/_._": {
"related": ".xml"
}
},
"runtime": {
"lib/netstandard2.0/Humanizer.dll": {
"related": ".xml"
}
}
},
"Nop.Core/4.5.0": {
"type": "project",
"compile": {
"bin/placeholder/Nop.Core.dll": {}
},
"runtime": {
"bin/placeholder/Nop.Core.dll": {}
}
},
}
},
"project": {
"version": "1.0.0",
"frameworks": {
"net7.0": {
"targetAlias": "net7.0",
"downloadDependencies": [
{
"name": "Microsoft.AspNetCore.App.Ref",
"version": "[7.0.2, 7.0.2]"
},
{
"name": "Microsoft.NETCore.App.Ref",
"version": "[7.0.2, 7.0.2]"
}
],
"frameworkReferences": {
"Microsoft.AspNetCore.App": {
"privateAssets": "none"
},
"Microsoft.NETCore.App": {
"privateAssets": "all"
}
}
}
}
}
}
""";
private readonly string assetsJson2 = """
{
"version": 3,
"targets": {
".NETFramework,Version=v4.8": {
"Microsoft.NETFramework.ReferenceAssemblies/1.0.3": {
"type": "package",
"dependencies": {
"Microsoft.NETFramework.ReferenceAssemblies.net48": "1.0.3"
}
},
"Microsoft.NETFramework.ReferenceAssemblies.net48/1.0.3": {
"type": "package",
"build": {
"build/Microsoft.NETFramework.ReferenceAssemblies.net48.targets": {}
}
}
}
}
}
""";
}
}

23
csharp/extractor/Semmle.Extraction.Tests/DotNet.cs
View File

@@ -43,9 +43,11 @@ namespace Semmle.Extraction.Tests
private static IList<string> MakeDotnetRestoreOutput() =>
new List<string> {
" Determining projects to restore...",
" Writing assets file to disk. Path: /path/to/project.assets.json",
" Restored /path/to/project.csproj (in 1.23 sec).",
" Other output...",
" More output...",
" Assets file has not changed. Skipping assets file writing. Path: /path/to/project2.assets.json",
" Restored /path/to/project2.csproj (in 4.56 sec).",
" Other output...",
};
@@ -99,26 +101,29 @@ namespace Semmle.Extraction.Tests
var dotnet = MakeDotnet(dotnetCliInvoker);
// Execute
dotnet.RestoreProjectToDirectory("myproject.csproj", "mypackages", false);
dotnet.RestoreProjectToDirectory("myproject.csproj", "mypackages", false, out var assets);
// Verify
var lastArgs = dotnetCliInvoker.GetLastArgs();
Assert.Equal("restore --no-dependencies \"myproject.csproj\" --packages \"mypackages\" /p:DisableImplicitNuGetFallbackFolder=true", lastArgs);
Assert.Equal("restore --no-dependencies \"myproject.csproj\" --packages \"mypackages\" /p:DisableImplicitNuGetFallbackFolder=true --verbosity normal", lastArgs);
}
[Fact]
public void TestDotnetRestoreProjectToDirectory2()
{
// Setup
var dotnetCliInvoker = new DotNetCliInvokerStub(new List<string>());
var dotnetCliInvoker = new DotNetCliInvokerStub(MakeDotnetRestoreOutput());
var dotnet = MakeDotnet(dotnetCliInvoker);
// Execute
dotnet.RestoreProjectToDirectory("myproject.csproj", "mypackages", false, "myconfig.config");
dotnet.RestoreProjectToDirectory("myproject.csproj", "mypackages", false, out var assets, "myconfig.config");
// Verify
var lastArgs = dotnetCliInvoker.GetLastArgs();
Assert.Equal("restore --no-dependencies \"myproject.csproj\" --packages \"mypackages\" /p:DisableImplicitNuGetFallbackFolder=true --configfile \"myconfig.config\"", lastArgs);
Assert.Equal("restore --no-dependencies \"myproject.csproj\" --packages \"mypackages\" /p:DisableImplicitNuGetFallbackFolder=true --verbosity normal --configfile \"myconfig.config\"", lastArgs);
Assert.Equal(2, assets.Count());
Assert.Contains("/path/to/project.assets.json", assets);
Assert.Contains("/path/to/project2.assets.json", assets);
}
[Fact]
@@ -129,7 +134,7 @@ namespace Semmle.Extraction.Tests
var dotnet = MakeDotnet(dotnetCliInvoker);
// Execute
dotnet.RestoreSolutionToDirectory("mysolution.sln", "mypackages", false, out var projects);
dotnet.RestoreSolutionToDirectory("mysolution.sln", "mypackages", false, out var projects, out var assets);
// Verify
var lastArgs = dotnetCliInvoker.GetLastArgs();
@@ -137,6 +142,9 @@ namespace Semmle.Extraction.Tests
Assert.Equal(2, projects.Count());
Assert.Contains("/path/to/project.csproj", projects);
Assert.Contains("/path/to/project2.csproj", projects);
Assert.Equal(2, assets.Count());
Assert.Contains("/path/to/project.assets.json", assets);
Assert.Contains("/path/to/project2.assets.json", assets);
}
[Fact]
@@ -148,12 +156,13 @@ namespace Semmle.Extraction.Tests
dotnetCliInvoker.Success = false;
// Execute
dotnet.RestoreSolutionToDirectory("mysolution.sln", "mypackages", false, out var projects);
dotnet.RestoreSolutionToDirectory("mysolution.sln", "mypackages", false, out var projects, out var assets);
// Verify
var lastArgs = dotnetCliInvoker.GetLastArgs();
Assert.Equal("restore --no-dependencies \"mysolution.sln\" --packages \"mypackages\" /p:DisableImplicitNuGetFallbackFolder=true --verbosity normal", lastArgs);
Assert.Empty(projects);
Assert.Empty(assets);
}
[Fact]

6
csharp/extractor/Semmle.Extraction.Tests/Options.cs
View File

@@ -22,7 +22,7 @@ namespace Semmle.Extraction.Tests
{
options = CSharp.Options.CreateWithEnvironment(Array.Empty<string>());
Assert.True(options.Cache);
Assert.True(options.CIL);
Assert.False(options.CIL);
Assert.Null(options.Framework);
Assert.Null(options.CompilerName);
Assert.Empty(options.CompilerArguments);
@@ -52,7 +52,7 @@ namespace Semmle.Extraction.Tests
public void CIL()
{
options = CSharp.Options.CreateWithEnvironment(Array.Empty<string>());
Assert.True(options.CIL);
Assert.False(options.CIL);
Environment.SetEnvironmentVariable("CODEQL_EXTRACTOR_CSHARP_OPTION_CIL", "false");
options = CSharp.Options.CreateWithEnvironment(Array.Empty<string>());
@@ -64,7 +64,7 @@ namespace Semmle.Extraction.Tests
Environment.SetEnvironmentVariable("CODEQL_EXTRACTOR_CSHARP_OPTION_CIL", null);
options = CSharp.Options.CreateWithEnvironment(Array.Empty<string>());
Assert.True(options.CIL);
Assert.False(options.CIL);
}
[Fact]

9
csharp/extractor/Semmle.Extraction.Tests/Runtime.cs
View File

@@ -19,11 +19,16 @@ namespace Semmle.Extraction.Tests
public bool New(string folder) => true;
public bool RestoreProjectToDirectory(string project, string directory, bool forceDotnetRefAssemblyFetching, string? pathToNugetConfig = null) => true;
public bool RestoreProjectToDirectory(string project, string directory, bool forceDotnetRefAssemblyFetching, out IEnumerable<string> assets, string? pathToNugetConfig = null)
{
assets = Array.Empty<string>();
return true;
}
public bool RestoreSolutionToDirectory(string solution, string directory, bool forceDotnetRefAssemblyFetching, out IEnumerable<string> projects)
public bool RestoreSolutionToDirectory(string solution, string directory, bool forceDotnetRefAssemblyFetching, out IEnumerable<string> projects, out IEnumerable<string> assets)
{
projects = Array.Empty<string>();
assets = Array.Empty<string>();
return true;
}

2
csharp/extractor/Semmle.Extraction/Entities/Base/CachedEntity`1.cs
View File

@@ -1,3 +1,4 @@
using System.Diagnostics.CodeAnalysis;
using System.IO;
using Microsoft.CodeAnalysis;
@@ -30,6 +31,7 @@ namespace Semmle.Extraction
/// <typeparam name="TSymbol">The type of the symbol.</typeparam>
public abstract class CachedEntity<TSymbol> : CachedEntity where TSymbol : notnull
{
[NotNull]
public TSymbol Symbol { get; }
protected CachedEntity(Context context, TSymbol symbol) : base(context)

2
csharp/extractor/Semmle.Extraction/Options.cs
View File

@@ -28,7 +28,7 @@ namespace Semmle.Extraction
/// <summary>
/// Holds if CIL should be extracted.
/// </summary>
public bool CIL { get; private set; } = true;
public bool CIL { get; private set; } = false;
/// <summary>
/// Holds if assemblies shouldn't be extracted twice.

6
csharp/extractor/Semmle.Util/IEnumerableExtensions.cs
View File

@@ -113,5 +113,11 @@ namespace Semmle.Util
h = h * 7 + i.GetHashCode();
return h;
}
/// <summary>
/// Returns the sequence with nulls removed.
/// </summary>
public static IEnumerable<T> WhereNotNull<T>(this IEnumerable<T?> items) where T : class =>
items.Where(i => i is not null)!;
}
}

2
csharp/ql/examples/snippets/catch_exception.ql
View File

@@ -10,5 +10,5 @@
import csharp
from CatchClause catch
where catch.getCaughtExceptionType().hasQualifiedName("System.IO", "IOException")
where catch.getCaughtExceptionType().hasFullyQualifiedName("System.IO", "IOException")
select catch

2
csharp/ql/examples/snippets/constructor_call.ql
View File

@@ -10,5 +10,5 @@
import csharp
from ObjectCreation new
where new.getObjectType().hasQualifiedName("System", "Exception")
where new.getObjectType().hasFullyQualifiedName("System", "Exception")
select new

2
csharp/ql/examples/snippets/extend_class.ql
View File

@@ -13,5 +13,5 @@
import csharp
from RefType type
where type.getABaseType+().hasQualifiedName("System.Collections", "IEnumerator")
where type.getABaseType+().hasFullyQualifiedName("System.Collections", "IEnumerator")
select type

2
csharp/ql/examples/snippets/field_read.ql
View File

@@ -11,6 +11,6 @@ import csharp
from Field f, FieldRead read
where
f.hasName("VirtualAddress") and
f.getDeclaringType().hasQualifiedName("Mono.Cecil.PE", "Section") and
f.getDeclaringType().hasFullyQualifiedName("Mono.Cecil.PE", "Section") and
f = read.getTarget()
select read

2
csharp/ql/examples/snippets/method_call.ql
View File

@@ -12,5 +12,5 @@ from MethodCall call, Method method
where
call.getTarget() = method and
method.hasName("MethodName") and
method.getDeclaringType().hasQualifiedName("Company", "Class")
method.getDeclaringType().hasFullyQualifiedName("Company", "Class")
select call

2
csharp/ql/examples/snippets/null_argument.ql
View File

@@ -17,6 +17,6 @@ where
add.hasName("Add") and
add.getDeclaringType()
.getUnboundDeclaration()
.hasQualifiedName("System.Collections.Generic", "ICollection<>") and
.hasFullyQualifiedName("System.Collections.Generic", "ICollection`1") and
call.getAnArgument() instanceof NullLiteral
select call

2
csharp/ql/examples/snippets/override_method.ql
View File

@@ -11,6 +11,6 @@ import csharp
from Method override, Method base
where
base.hasName("ToString") and
base.getDeclaringType().hasQualifiedName("System", "Object") and
base.getDeclaringType().hasFullyQualifiedName("System", "Object") and
base.getAnOverrider() = override
select override

3
csharp/ql/examples/snippets/throw_exception.ql
View File

@@ -9,5 +9,6 @@
import csharp
from ThrowStmt throw
where throw.getThrownExceptionType().getBaseClass*().hasQualifiedName("System.IO", "IOException")
where
throw.getThrownExceptionType().getBaseClass*().hasFullyQualifiedName("System.IO", "IOException")
select throw

24
csharp/ql/integration-tests/all-platforms/diag_recursive_generics/Types.expected
View File

@@ -1,35 +1,35 @@
| test.cs:1:14:1:20 | GenA<> | System.Object |
| test.cs:1:14:1:20 | GenA<GenB<GenB<>>> | System.Object |
| test.cs:1:14:1:20 | GenA<GenB<GenB<String>>> | System.Object |
| test.cs:2:14:2:20 | GenB<> | System.Object |
| test.cs:2:14:2:20 | GenB<GenB<>> | System.Object |
| test.cs:1:14:1:20 | GenA<GenB<GenB`1>> | System.Object |
| test.cs:1:14:1:20 | GenA`1 | System.Object |
| test.cs:2:14:2:20 | GenB<GenB<String>> | System.Object |
| test.cs:2:14:2:20 | GenB<GenB`1> | System.Object |
| test.cs:2:14:2:20 | GenB<String> | System.Object |
| test.cs:4:7:4:10 | P<> | System.Object |
| test.cs:4:7:4:10 | P<C<,>> | System.Object |
| test.cs:2:14:2:20 | GenB`1 | System.Object |
| test.cs:4:7:4:10 | P<C<Int32,String>> | System.Object |
| test.cs:4:7:4:10 | P<C<String,Int32>> | System.Object |
| test.cs:4:7:4:10 | P<C<V,U>> | System.Object |
| test.cs:4:7:4:10 | P<C<W,X>> | System.Object |
| test.cs:4:7:4:10 | P<C<X,W>> | System.Object |
| test.cs:4:7:4:10 | P<D<,>> | System.Object |
| test.cs:4:7:4:10 | P<C`2> | System.Object |
| test.cs:4:7:4:10 | P<D<Int32,String>> | System.Object |
| test.cs:4:7:4:10 | P<D<String,Int32>> | System.Object |
| test.cs:4:7:4:10 | P<D<U,V>> | System.Object |
| test.cs:4:7:4:10 | P<D<V,U>> | System.Object |
| test.cs:4:7:4:10 | P<D<X,W>> | System.Object |
| test.cs:5:7:5:13 | C<,> | P<D<V,U>> |
| test.cs:4:7:4:10 | P<D`2> | System.Object |
| test.cs:4:7:4:10 | P`1 | System.Object |
| test.cs:5:7:5:13 | C<Int32,String> | P<D<System.String,System.Int32>> |
| test.cs:5:7:5:13 | C<String,Int32> | P<D<System.Int32,System.String>> |
| test.cs:5:7:5:13 | C<V,U> | P<D<U,V>> |
| test.cs:5:7:5:13 | C<W,X> | P<D<X,W>> |
| test.cs:5:7:5:13 | C<X,W> | P<D<,>> |
| test.cs:6:7:6:13 | D<,> | P<C<W,X>> |
| test.cs:5:7:5:13 | C<X,W> | P<D`2> |
| test.cs:5:7:5:13 | C`2 | P<D<V,U>> |
| test.cs:6:7:6:13 | D<Int32,String> | P<C<System.Int32,System.String>> |
| test.cs:6:7:6:13 | D<String,Int32> | P<C<System.String,System.Int32>> |
| test.cs:6:7:6:13 | D<U,V> | P<C<,>> |
| test.cs:6:7:6:13 | D<U,V> | P<C`2> |
| test.cs:6:7:6:13 | D<V,U> | P<C<V,U>> |
| test.cs:6:7:6:13 | D<X,W> | P<C<X,W>> |
| test.cs:8:7:8:10 | A<> | System.Object |
| test.cs:6:7:6:13 | D`2 | P<C<W,X>> |
| test.cs:8:7:8:10 | A<String> | System.Object |
| test.cs:8:7:8:10 | A`1 | System.Object |
| test.cs:13:14:13:18 | Class | System.Object |

2
csharp/ql/integration-tests/all-platforms/diag_recursive_generics/Types.ql
View File

@@ -2,4 +2,4 @@ import csharp
from Class c
where c.fromSource()
select c, c.getBaseClass().getQualifiedName()
select c, c.getBaseClass().getFullyQualifiedName()

6
csharp/ql/integration-tests/posix-only/dotnet_test/dotnet_test.csproj
View File

@@ -3,7 +3,6 @@
<PropertyGroup>
<TargetFramework>net7.0</TargetFramework>
<Nullable>enable</Nullable>
<IsPackable>false</IsPackable>
</PropertyGroup>
@@ -14,4 +13,9 @@
<PackageReference Include="coverlet.collector" Version="3.2.0" />
</ItemGroup>
<Target Name="DeleteBinObjFolders" BeforeTargets="Clean">
<RemoveDir Directories=".\bin" />
<RemoveDir Directories=".\obj" />
<RemoveDir Directories=".\myout" />
</Target>
</Project>

5
csharp/ql/integration-tests/posix-only/dotnet_test/test.py
View File

@@ -8,3 +8,8 @@ check_diagnostics()
# Explicitly build and then run tests.
run_codeql_database_create(['dotnet clean', 'rm -rf test-db', 'dotnet build -o myout', 'dotnet test myout/dotnet_test.dll'], test_db="test2-db", lang="csharp")
check_diagnostics(test_db="test2-db")
thisDir = os.path.abspath(os.getcwd())
# Explicit build and then run tests using the absolute path.
run_codeql_database_create(['dotnet clean', 'rm -rf test2-db', 'dotnet build -o myout', f'dotnet test {thisDir}/myout/dotnet_test.dll'], test_db="test3-db", lang="csharp")
check_diagnostics(test_db="test3-db")

6
csharp/ql/integration-tests/posix-only/standalone_dependencies/Assemblies.expected
View File

@@ -1,7 +1,3 @@
| /avalara.avatax/21.10.0/lib/net20/Avalara.AvaTax.RestClient.net20.dll |
| /avalara.avatax/21.10.0/lib/net45/Avalara.AvaTax.RestClient.net45.dll |
| /avalara.avatax/21.10.0/lib/net461/Avalara.AvaTax.RestClient.net461.dll |
| /avalara.avatax/21.10.0/lib/netstandard16/Avalara.AvaTax.netstandard11.dll |
| /avalara.avatax/21.10.0/lib/netstandard20/Avalara.AvaTax.netstandard20.dll |
| /microsoft.bcl.asyncinterfaces/6.0.0/lib/netstandard2.1/Microsoft.Bcl.AsyncInterfaces.dll |
| /microsoft.netcore.app.ref/3.1.0/ref/netcoreapp3.1/System.Runtime.InteropServices.WindowsRuntime.dll |
@@ -168,4 +164,4 @@
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/WindowsBase.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/mscorlib.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/netstandard.dll |
| /newtonsoft.json/12.0.1/lib/portable-net45+win8+wp8+wpa81/Newtonsoft.Json.dll |
| /newtonsoft.json/12.0.1/lib/netstandard2.0/Newtonsoft.Json.dll |

163
csharp/ql/integration-tests/posix-only/standalone_dependencies_multi_target/Assemblies.expected Normal file
View File

@@ -0,0 +1,163 @@
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/Microsoft.CSharp.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/Microsoft.VisualBasic.Core.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/Microsoft.VisualBasic.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/Microsoft.Win32.Primitives.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/Microsoft.Win32.Registry.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.AppContext.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Buffers.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Collections.Concurrent.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Collections.Immutable.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Collections.NonGeneric.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Collections.Specialized.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Collections.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.ComponentModel.Annotations.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.ComponentModel.DataAnnotations.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.ComponentModel.EventBasedAsync.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.ComponentModel.Primitives.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.ComponentModel.TypeConverter.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.ComponentModel.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Configuration.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Console.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Core.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Data.Common.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Data.DataSetExtensions.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Data.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.Contracts.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.Debug.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.DiagnosticSource.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.FileVersionInfo.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.Process.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.StackTrace.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.TextWriterTraceListener.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.Tools.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.TraceSource.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.Tracing.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Drawing.Primitives.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Drawing.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Dynamic.Runtime.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Formats.Asn1.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Formats.Tar.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Globalization.Calendars.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Globalization.Extensions.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Globalization.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.Compression.Brotli.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.Compression.FileSystem.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.Compression.ZipFile.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.Compression.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.FileSystem.AccessControl.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.FileSystem.DriveInfo.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.FileSystem.Primitives.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.FileSystem.Watcher.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.FileSystem.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.IsolatedStorage.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.MemoryMappedFiles.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.Pipes.AccessControl.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.Pipes.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.UnmanagedMemoryStream.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Linq.Expressions.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Linq.Parallel.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Linq.Queryable.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Linq.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Memory.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.Http.Json.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.Http.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.HttpListener.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.Mail.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.NameResolution.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.NetworkInformation.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.Ping.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.Primitives.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.Quic.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.Requests.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.Security.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.ServicePoint.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.Sockets.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.WebClient.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.WebHeaderCollection.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.WebProxy.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.WebSockets.Client.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.WebSockets.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Numerics.Vectors.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Numerics.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.ObjectModel.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Reflection.DispatchProxy.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Reflection.Emit.ILGeneration.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Reflection.Emit.Lightweight.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Reflection.Emit.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Reflection.Extensions.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Reflection.Metadata.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Reflection.Primitives.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Reflection.TypeExtensions.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Reflection.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Resources.Reader.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Resources.ResourceManager.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Resources.Writer.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.CompilerServices.Unsafe.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.CompilerServices.VisualC.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.Extensions.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.Handles.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.InteropServices.JavaScript.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.InteropServices.RuntimeInformation.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.InteropServices.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.Intrinsics.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.Loader.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.Numerics.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.Serialization.Formatters.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.Serialization.Json.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.Serialization.Primitives.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.Serialization.Xml.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.Serialization.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.AccessControl.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Claims.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Cryptography.Algorithms.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Cryptography.Cng.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Cryptography.Csp.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Cryptography.Encoding.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Cryptography.OpenSsl.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Cryptography.Primitives.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Cryptography.X509Certificates.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Cryptography.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Principal.Windows.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Principal.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.SecureString.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.ServiceModel.Web.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.ServiceProcess.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Text.Encoding.CodePages.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Text.Encoding.Extensions.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Text.Encoding.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Text.Encodings.Web.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Text.Json.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Text.RegularExpressions.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Threading.Channels.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Threading.Overlapped.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Threading.Tasks.Dataflow.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Threading.Tasks.Extensions.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Threading.Tasks.Parallel.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Threading.Tasks.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Threading.Thread.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Threading.ThreadPool.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Threading.Timer.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Threading.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Transactions.Local.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Transactions.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.ValueTuple.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Web.HttpUtility.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Web.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Windows.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Xml.Linq.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Xml.ReaderWriter.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Xml.Serialization.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Xml.XDocument.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Xml.XPath.XDocument.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Xml.XPath.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Xml.XmlDocument.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Xml.XmlSerializer.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Xml.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/WindowsBase.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/mscorlib.dll |
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/netstandard.dll |

15
csharp/ql/integration-tests/posix-only/standalone_dependencies_multi_target/Assemblies.ql Normal file
View File

@@ -0,0 +1,15 @@
import csharp
private string getPath(Assembly a) {
not a.getCompilation().getOutputAssembly() = a and
exists(string s | s = a.getFile().getAbsolutePath() |
result =
s.substring(s.indexOf("GitHub/packages/") + "GitHub/packages/".length() + 16, s.length())
or
result = s and
not exists(s.indexOf("GitHub/packages/"))
)
}
from Assembly a
select getPath(a)

1
csharp/ql/integration-tests/posix-only/standalone_dependencies_multi_target/Program.cs Normal file
View File

@@ -0,0 +1 @@
var dummy = "dummy";

5
csharp/ql/integration-tests/posix-only/standalone_dependencies_multi_target/global.json Normal file
View File

@@ -0,0 +1,5 @@
{
"sdk": {
"version": "7.0.102"
}
}

10
csharp/ql/integration-tests/posix-only/standalone_dependencies_multi_target/net48.csproj Normal file
View File

@@ -0,0 +1,10 @@
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<OutputType>Exe</OutputType>
<TargetFramework>net48</TargetFramework>
<ImplicitUsings>enable</ImplicitUsings>
<Nullable>enable</Nullable>
</PropertyGroup>
</Project>

10
csharp/ql/integration-tests/posix-only/standalone_dependencies_multi_target/net70.csproj Normal file
View File

@@ -0,0 +1,10 @@
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<OutputType>Exe</OutputType>
<TargetFramework>net7.0</TargetFramework>
<ImplicitUsings>enable</ImplicitUsings>
<Nullable>enable</Nullable>
</PropertyGroup>
</Project>

3
csharp/ql/integration-tests/posix-only/standalone_dependencies_multi_target/test.py Normal file
View File

@@ -0,0 +1,3 @@
from create_database_utils import *
run_codeql_database_create([], lang="csharp", extra_args=["--extractor-option=buildless=true", "--extractor-option=cil=false"])

1
csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget/Assemblies.expected Normal file
View File

@@ -0,0 +1 @@
| /Newtonsoft.Json.6.0.4/lib/portable-net45+wp80+win8+wpa81/Newtonsoft.Json.dll |

24
csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget/Assemblies.ql Normal file
View File

@@ -0,0 +1,24 @@
import csharp
private string getPath(Assembly a) {
not a.getCompilation().getOutputAssembly() = a and
exists(string s | s = a.getFile().getAbsolutePath() |
result =
s.substring(s.indexOf("GitHub/packages/") + "GitHub/packages/".length() + 16, s.length())
or
result =
s.substring(s.indexOf("GitHub/legacypackages/") + "GitHub/legacypackages/".length() + 16,
s.length())
// TODO: excluding all other assemblies from the test result as mono installations seem problematic on ARM runners.
// or
// result = s.substring(s.indexOf("lib/mono/") + "lib/mono/".length(), s.length())
// or
// result = s and
// not exists(s.indexOf("GitHub/packages/")) and
// not exists(s.indexOf("GitHub/legacypackages/")) and
// not exists(s.indexOf("lib/mono/"))
)
}
from Assembly a
select getPath(a)

6
csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget/Program.cs Normal file
View File

@@ -0,0 +1,6 @@
class Program
{
static void Main(string[] args)
{
}
}

5
csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget/packages.config Normal file
View File

@@ -0,0 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<packages>
<package id="Newtonsoft.Json" version="6.0.4" targetFramework="net461" />
<package id="NUnit.ConsoleRunner" version="3.12.0" />
</packages>

4
csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget/test.csproj Normal file
View File

@@ -0,0 +1,4 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="12.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
</Project>

3
csharp/ql/integration-tests/posix-only/standalone_dependencies_nuget/test.py Normal file
View File

@@ -0,0 +1,3 @@
from create_database_utils import *
run_codeql_database_create([], lang="csharp", extra_args=["--extractor-option=buildless=true", "--extractor-option=cil=false"])

6
csharp/ql/integration-tests/windows-only/standalone_dependencies/Assemblies.expected
View File

@@ -1,7 +1,3 @@
| /avalara.avatax/21.10.0/lib/net20/Avalara.AvaTax.RestClient.net20.dll |
| /avalara.avatax/21.10.0/lib/net45/Avalara.AvaTax.RestClient.net45.dll |
| /avalara.avatax/21.10.0/lib/net461/Avalara.AvaTax.RestClient.net461.dll |
| /avalara.avatax/21.10.0/lib/netstandard16/Avalara.AvaTax.netstandard11.dll |
| /avalara.avatax/21.10.0/lib/netstandard20/Avalara.AvaTax.netstandard20.dll |
| /microsoft.bcl.asyncinterfaces/6.0.0/lib/netstandard2.1/Microsoft.Bcl.AsyncInterfaces.dll |
| /microsoft.netcore.app.ref/3.1.0/ref/netcoreapp3.1/System.Runtime.InteropServices.WindowsRuntime.dll |
@@ -212,4 +208,4 @@
| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/UIAutomationTypes.dll |
| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/WindowsBase.dll |
| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/WindowsFormsIntegration.dll |
| /newtonsoft.json/12.0.1/lib/portable-net45+win8+wp8+wpa81/Newtonsoft.Json.dll |
| /newtonsoft.json/12.0.1/lib/netstandard2.0/Newtonsoft.Json.dll |

12
csharp/ql/lib/Linq/Helpers.qll
View File

@@ -21,12 +21,14 @@ private int numStmts(ForeachStmt fes) {
}
/** Holds if the type's qualified name is "System.Linq.Enumerable" */
predicate isEnumerableType(ValueOrRefType t) { t.hasQualifiedName("System.Linq", "Enumerable") }
predicate isEnumerableType(ValueOrRefType t) {
t.hasFullyQualifiedName("System.Linq", "Enumerable")
}
/** Holds if the type's qualified name starts with "System.Collections.Generic.IEnumerable" */
predicate isIEnumerableType(ValueOrRefType t) {
exists(string type |
t.hasQualifiedName("System.Collections.Generic", type) and
t.hasFullyQualifiedName("System.Collections.Generic", type) and
type.matches("IEnumerable%")
)
}
@@ -159,7 +161,7 @@ class AnyCall extends MethodCall {
exists(Method m |
m = this.getTarget().getUnboundDeclaration() and
isEnumerableType(m.getDeclaringType()) and
m.hasName("Any<>")
m.hasName("Any`1")
)
}
}
@@ -170,7 +172,7 @@ class CountCall extends MethodCall {
exists(Method m |
m = this.getTarget().getUnboundDeclaration() and
isEnumerableType(m.getDeclaringType()) and
m.hasName("Count<>")
m.hasName("Count`1")
)
}
}
@@ -186,7 +188,7 @@ class SelectCall extends ExtensionMethodCall {
exists(Method m |
m = this.getTarget().getUnboundDeclaration() and
isEnumerableType(m.getDeclaringType()) and
m.hasName("Select<,>")
m.hasName("Select`2")
)
}

24
csharp/ql/lib/change-notes/2023-11-09-mad-generics.md Normal file
View File

@@ -0,0 +1,24 @@
---
category: minorAnalysis
---
* The models-as-data format for types and methods with type parameters has been changed to include the names of the type parameters. For example, instead of writing
```yml
extensions:
- addsTo:
pack: codeql/csharp-all
extensible: summaryModel
data:
- ["System.Collections.Generic", "IList<>", True, "Insert", "(System.Int32,T)", "", "Argument[1]", "Argument[this].Element", "value", "manual"]
- ["System.Linq", "Enumerable", False, "Select<,>", "(System.Collections.Generic.IEnumerable<TSource>,System.Func<TSource,System.Int32,TResult>)", "", "Argument[0].Element", "Argument[1].Parameter[0]", "value", "manual"]
```
one now writes
```yml
extensions:
- addsTo:
pack: codeql/csharp-all
extensible: summaryModel
data:
- ["System.Collections.Generic", "IList<T>", True, "Insert", "(System.Int32,T)", "", "Argument[1]", "Argument[this].Element", "value", "manual"]
- ["System.Linq", "Enumerable", False, "Select<TSource,TResult>", "(System.Collections.Generic.IEnumerable<TSource>,System.Func<TSource,System.Int32,TResult>)", "", "Argument[0].Element", "Argument[1].Parameter[0]", "value", "manual"]
```

25
csharp/ql/lib/change-notes/2023-11-10-unbound-generics-fqn.md Normal file
View File

@@ -0,0 +1,25 @@
---
category: minorAnalysis
---
* The predicate `UnboundGeneric::getName` now prints the number of type parameters as a `` `N`` suffix, instead of a `<,...,>` suffix. For example, the unbound generic type
`System.Collections.Generic.IList<T>` is printed as ``IList`1`` instead of `IList<>`.
* The predicates `hasQualifiedName`, `getQualifiedName`, and `getQualifiedNameWithTypes` have been deprecated, and are instead replaced by `hasFullyQualifiedName`, `getFullyQualifiedName`, and `getFullyQualifiedNameWithTypes`, respectively. The new predicates use the same format for unbound generic types as mentioned above.
* These changes also affect models-as-data rows that refer to a field or a property belonging to a generic type. For example, instead of writing
```yml
extensions:
- addsTo:
pack: codeql/csharp-all
extensible: summaryModel
data:
- ["System.Collections.Generic", "Dictionary<TKey,TValue>", False, "Add", "(System.Collections.Generic.KeyValuePair<TKey,TValue>)", "", "Argument[0].Property[System.Collections.Generic.KeyValuePair<,>.Key]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair<,>.Key]", "value", "manual"]
```
one now writes
```yml
extensions:
- addsTo:
pack: codeql/csharp-all
extensible: summaryModel
data:
- ["System.Collections.Generic", "Dictionary<TKey,TValue>", False, "Add", "(System.Collections.Generic.KeyValuePair<TKey,TValue>)", "", "Argument[0].Property[System.Collections.Generic.KeyValuePair`2.Key]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key]", "value", "manual"]
```

52
csharp/ql/lib/ext/Dapper.model.yml
View File

@@ -9,52 +9,52 @@ extensions:
- ["Dapper", "SqlMapper", False, "ExecuteReaderAsync", "(System.Data.DbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "ExecuteReaderAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "ExecuteScalar", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "ExecuteScalar<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "ExecuteScalar<T>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "ExecuteScalarAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "ExecuteScalarAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "ExecuteScalarAsync<T>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "Query", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Boolean,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "Query", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Boolean,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[2]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "Query<,,,,,,,>", "(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TFourth,TFifth,TSixth,TSeventh,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "Query<,,,,,,>", "(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TFourth,TFifth,TSixth,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "Query<,,,,,>", "(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TFourth,TFifth,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "Query<,,,,>", "(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TFourth,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "Query<,,,>", "(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "Query<,,>", "(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "Query<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Boolean,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "Query<>", "(System.Data.IDbConnection,System.String,System.Type[],System.Func<System.Object[],TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "Query<T>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Boolean,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "Query<TFirst,TSecond,TReturn>", "(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "Query<TFirst,TSecond,TThird,TFourth,TFifth,TReturn>", "(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TFourth,TFifth,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "Query<TFirst,TSecond,TThird,TFourth,TFifth,TSixth,TReturn>", "(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TFourth,TFifth,TSixth,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "Query<TFirst,TSecond,TThird,TFourth,TFifth,TSixth,TSeventh,TReturn>", "(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TFourth,TFifth,TSixth,TSeventh,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "Query<TFirst,TSecond,TThird,TFourth,TReturn>", "(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TFourth,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "Query<TFirst,TSecond,TThird,TReturn>", "(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "Query<TReturn>", "(System.Data.IDbConnection,System.String,System.Type[],System.Func<System.Object[],TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryAsync", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Boolean,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[2]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryAsync<,,,,,,,>", "(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TFourth,TFifth,TSixth,TSeventh,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryAsync<,,,,,,>", "(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TFourth,TFifth,TSixth,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryAsync<,,,,,>", "(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TFourth,TFifth,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryAsync<,,,,>", "(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TFourth,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryAsync<,,,>", "(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryAsync<,,>", "(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryAsync<>", "(System.Data.IDbConnection,System.String,System.Type[],System.Func<System.Object[],TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryAsync<T>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryAsync<TFirst,TSecond,TReturn>", "(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryAsync<TFirst,TSecond,TThird,TFourth,TFifth,TReturn>", "(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TFourth,TFifth,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryAsync<TFirst,TSecond,TThird,TFourth,TFifth,TSixth,TReturn>", "(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TFourth,TFifth,TSixth,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryAsync<TFirst,TSecond,TThird,TFourth,TFifth,TSixth,TSeventh,TReturn>", "(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TFourth,TFifth,TSixth,TSeventh,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryAsync<TFirst,TSecond,TThird,TFourth,TReturn>", "(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TFourth,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryAsync<TFirst,TSecond,TThird,TReturn>", "(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryAsync<TReturn>", "(System.Data.IDbConnection,System.String,System.Type[],System.Func<System.Object[],TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryFirst", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryFirst", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[2]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryFirst<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryFirst<T>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryFirstAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryFirstAsync", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[2]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryFirstAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryFirstAsync<T>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryFirstOrDefault", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryFirstOrDefault", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[2]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryFirstOrDefault<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryFirstOrDefault<T>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryFirstOrDefaultAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryFirstOrDefaultAsync", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[2]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryFirstOrDefaultAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryFirstOrDefaultAsync<T>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryMultiple", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryMultipleAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QuerySingle", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QuerySingle", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[2]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QuerySingle<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QuerySingle<T>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QuerySingleAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QuerySingleAsync", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[2]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QuerySingleAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QuerySingleAsync<T>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QuerySingleOrDefault", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QuerySingleOrDefault", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[2]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QuerySingleOrDefault<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QuerySingleOrDefault<T>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QuerySingleOrDefaultAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QuerySingleOrDefaultAsync", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[2]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QuerySingleOrDefaultAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QuerySingleOrDefaultAsync<T>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]

36
csharp/ql/lib/ext/Microsoft.EntityFrameworkCore.model.yml
View File

@@ -1,22 +1,4 @@
extensions:
- addsTo:
pack: codeql/csharp-all
extensible: summaryModel
data:
- ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "Add", "(TEntity)", "", "Argument[0]", "Argument[this].Element", "value", "manual"]
- ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "AddAsync", "(TEntity,System.Threading.CancellationToken)", "", "Argument[0]", "Argument[this].Element", "value", "manual"]
- ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "AddRange", "(System.Collections.Generic.IEnumerable<TEntity>)", "", "Argument[0].WithElement", "Argument[this]", "value", "manual"]
- ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "AddRange", "(TEntity[])", "", "Argument[0].WithElement", "Argument[this]", "value", "manual"]
- ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "AddRangeAsync", "(System.Collections.Generic.IEnumerable<TEntity>,System.Threading.CancellationToken)", "", "Argument[0].WithElement", "Argument[this]", "value", "manual"]
- ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "AddRangeAsync", "(TEntity[])", "", "Argument[0].WithElement", "Argument[this]", "value", "manual"]
- ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "Attach", "(TEntity)", "", "Argument[0]", "Argument[this].Element", "value", "manual"]
- ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "AttachRange", "(System.Collections.Generic.IEnumerable<TEntity>)", "", "Argument[0].WithElement", "Argument[this]", "value", "manual"]
- ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "AttachRange", "(TEntity[])", "", "Argument[0].WithElement", "Argument[this]", "value", "manual"]
- ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "Update", "(TEntity)", "", "Argument[0]", "Argument[this].Element", "value", "manual"]
- ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "UpdateRange", "(System.Collections.Generic.IEnumerable<TEntity>)", "", "Argument[0].WithElement", "Argument[this]", "value", "manual"]
- ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "UpdateRange", "(TEntity[])", "", "Argument[0].WithElement", "Argument[this]", "value", "manual"]
- addsTo:
pack: codeql/csharp-all
extensible: sinkModel
@@ -26,4 +8,20 @@ extensions:
- ["Microsoft.EntityFrameworkCore", "RelationalDatabaseFacadeExtensions", False, "ExecuteSqlRawAsync", "(Microsoft.EntityFrameworkCore.Infrastructure.DatabaseFacade,System.String,System.Collections.Generic.IEnumerable<System.Object>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["Microsoft.EntityFrameworkCore", "RelationalDatabaseFacadeExtensions", False, "ExecuteSqlRawAsync", "(Microsoft.EntityFrameworkCore.Infrastructure.DatabaseFacade,System.String,System.Object[])", "", "Argument[1]", "sql-injection", "manual"]
- ["Microsoft.EntityFrameworkCore", "RelationalDatabaseFacadeExtensions", False, "ExecuteSqlRawAsync", "(Microsoft.EntityFrameworkCore.Infrastructure.DatabaseFacade,System.String,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["Microsoft.EntityFrameworkCore", "RelationalQueryableExtensions", False, "FromSqlRaw<>", "(Microsoft.EntityFrameworkCore.DbSet<TEntity>,System.String,System.Object[])", "", "Argument[1]", "sql-injection", "manual"]
- ["Microsoft.EntityFrameworkCore", "RelationalQueryableExtensions", False, "FromSqlRaw<TEntity>", "(Microsoft.EntityFrameworkCore.DbSet<TEntity>,System.String,System.Object[])", "", "Argument[1]", "sql-injection", "manual"]
- addsTo:
pack: codeql/csharp-all
extensible: summaryModel
data:
- ["Microsoft.EntityFrameworkCore", "DbSet<TEntity>", False, "Add", "(TEntity)", "", "Argument[0]", "Argument[this].Element", "value", "manual"]
- ["Microsoft.EntityFrameworkCore", "DbSet<TEntity>", False, "AddAsync", "(TEntity,System.Threading.CancellationToken)", "", "Argument[0]", "Argument[this].Element", "value", "manual"]
- ["Microsoft.EntityFrameworkCore", "DbSet<TEntity>", False, "AddRange", "(System.Collections.Generic.IEnumerable<TEntity>)", "", "Argument[0].WithElement", "Argument[this]", "value", "manual"]
- ["Microsoft.EntityFrameworkCore", "DbSet<TEntity>", False, "AddRange", "(TEntity[])", "", "Argument[0].WithElement", "Argument[this]", "value", "manual"]
- ["Microsoft.EntityFrameworkCore", "DbSet<TEntity>", False, "AddRangeAsync", "(System.Collections.Generic.IEnumerable<TEntity>,System.Threading.CancellationToken)", "", "Argument[0].WithElement", "Argument[this]", "value", "manual"]
- ["Microsoft.EntityFrameworkCore", "DbSet<TEntity>", False, "AddRangeAsync", "(TEntity[])", "", "Argument[0].WithElement", "Argument[this]", "value", "manual"]
- ["Microsoft.EntityFrameworkCore", "DbSet<TEntity>", False, "Attach", "(TEntity)", "", "Argument[0]", "Argument[this].Element", "value", "manual"]
- ["Microsoft.EntityFrameworkCore", "DbSet<TEntity>", False, "AttachRange", "(System.Collections.Generic.IEnumerable<TEntity>)", "", "Argument[0].WithElement", "Argument[this]", "value", "manual"]
- ["Microsoft.EntityFrameworkCore", "DbSet<TEntity>", False, "AttachRange", "(TEntity[])", "", "Argument[0].WithElement", "Argument[this]", "value", "manual"]
- ["Microsoft.EntityFrameworkCore", "DbSet<TEntity>", False, "Update", "(TEntity)", "", "Argument[0]", "Argument[this].Element", "value", "manual"]
- ["Microsoft.EntityFrameworkCore", "DbSet<TEntity>", False, "UpdateRange", "(System.Collections.Generic.IEnumerable<TEntity>)", "", "Argument[0].WithElement", "Argument[this]", "value", "manual"]
- ["Microsoft.EntityFrameworkCore", "DbSet<TEntity>", False, "UpdateRange", "(TEntity[])", "", "Argument[0].WithElement", "Argument[this]", "value", "manual"]

18
csharp/ql/lib/ext/Newtonsoft.Json.Linq.model.yml
View File

@@ -8,20 +8,20 @@ extensions:
- ["Newtonsoft.Json.Linq", "JConstructor", False, "get_Item", "(System.Object)", "", "Argument[this].Element", "ReturnValue", "value", "manual"]
- ["Newtonsoft.Json.Linq", "JConstructor", False, "set_Item", "(System.Object,Newtonsoft.Json.Linq.JToken)", "", "Argument[1]", "Argument[this].Element", "value", "manual"]
- ["Newtonsoft.Json.Linq", "JContainer", True, "Add", "(System.Object)", "", "Argument[0]", "Argument[this].Element", "value", "manual"]
- ["Newtonsoft.Json.Linq", "JObject", False, "Add", "(System.Collections.Generic.KeyValuePair<System.String,Newtonsoft.Json.Linq.JToken>)", "", "Argument[0].Property[System.Collections.Generic.KeyValuePair<,>.Key]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair<,>.Key]", "value", "manual"]
- ["Newtonsoft.Json.Linq", "JObject", False, "Add", "(System.Collections.Generic.KeyValuePair<System.String,Newtonsoft.Json.Linq.JToken>)", "", "Argument[0].Property[System.Collections.Generic.KeyValuePair<,>.Value]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair<,>.Value]", "value", "manual"]
- ["Newtonsoft.Json.Linq", "JObject", False, "JObject", "(Newtonsoft.Json.Linq.JObject)", "", "Argument[0].Element.Property[System.Collections.Generic.KeyValuePair<,>.Key]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair<,>.Key]", "value", "manual"]
- ["Newtonsoft.Json.Linq", "JObject", False, "JObject", "(Newtonsoft.Json.Linq.JObject)", "", "Argument[0].Element.Property[System.Collections.Generic.KeyValuePair<,>.Value]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair<,>.Value]", "value", "manual"]
- ["Newtonsoft.Json.Linq", "JObject", False, "JObject", "(System.Object[])", "", "Argument[0].Element.Property[System.Collections.Generic.KeyValuePair<,>.Key]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair<,>.Key]", "value", "manual"]
- ["Newtonsoft.Json.Linq", "JObject", False, "JObject", "(System.Object[])", "", "Argument[0].Element.Property[System.Collections.Generic.KeyValuePair<,>.Value]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair<,>.Value]", "value", "manual"]
- ["Newtonsoft.Json.Linq", "JObject", False, "Add", "(System.Collections.Generic.KeyValuePair<System.String,Newtonsoft.Json.Linq.JToken>)", "", "Argument[0].Property[System.Collections.Generic.KeyValuePair`2.Key]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key]", "value", "manual"]
- ["Newtonsoft.Json.Linq", "JObject", False, "Add", "(System.Collections.Generic.KeyValuePair<System.String,Newtonsoft.Json.Linq.JToken>)", "", "Argument[0].Property[System.Collections.Generic.KeyValuePair`2.Value]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value]", "value", "manual"]
- ["Newtonsoft.Json.Linq", "JObject", False, "JObject", "(Newtonsoft.Json.Linq.JObject)", "", "Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Key]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key]", "value", "manual"]
- ["Newtonsoft.Json.Linq", "JObject", False, "JObject", "(Newtonsoft.Json.Linq.JObject)", "", "Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Value]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value]", "value", "manual"]
- ["Newtonsoft.Json.Linq", "JObject", False, "JObject", "(System.Object[])", "", "Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Key]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key]", "value", "manual"]
- ["Newtonsoft.Json.Linq", "JObject", False, "JObject", "(System.Object[])", "", "Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Value]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value]", "value", "manual"]
- ["Newtonsoft.Json.Linq", "JObject", False, "Parse", "(System.String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["Newtonsoft.Json.Linq", "JObject", False, "Parse", "(System.String,Newtonsoft.Json.Linq.JsonLoadSettings)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["Newtonsoft.Json.Linq", "JObject", False, "get_Item", "(System.Object)", "", "Argument[this].Element", "ReturnValue", "value", "manual"]
- ["Newtonsoft.Json.Linq", "JObject", False, "get_Item", "(System.Object)", "", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair<,>.Value]", "ReturnValue", "value", "manual"]
- ["Newtonsoft.Json.Linq", "JObject", False, "get_Item", "(System.Object)", "", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value]", "ReturnValue", "value", "manual"]
- ["Newtonsoft.Json.Linq", "JObject", False, "get_Item", "(System.String)", "", "Argument[this].Element", "ReturnValue", "value", "manual"]
- ["Newtonsoft.Json.Linq", "JObject", False, "set_Item", "(System.Object,Newtonsoft.Json.Linq.JToken)", "", "Argument[0]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair<,>.Key]", "value", "manual"]
- ["Newtonsoft.Json.Linq", "JObject", False, "set_Item", "(System.Object,Newtonsoft.Json.Linq.JToken)", "", "Argument[0]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key]", "value", "manual"]
- ["Newtonsoft.Json.Linq", "JObject", False, "set_Item", "(System.Object,Newtonsoft.Json.Linq.JToken)", "", "Argument[1]", "Argument[this].Element", "value", "manual"]
- ["Newtonsoft.Json.Linq", "JObject", False, "set_Item", "(System.Object,Newtonsoft.Json.Linq.JToken)", "", "Argument[1]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair<,>.Value]", "value", "manual"]
- ["Newtonsoft.Json.Linq", "JObject", False, "set_Item", "(System.Object,Newtonsoft.Json.Linq.JToken)", "", "Argument[1]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value]", "value", "manual"]
- ["Newtonsoft.Json.Linq", "JObject", False, "set_Item", "(System.String,Newtonsoft.Json.Linq.JToken)", "", "Argument[1]", "Argument[this].Element", "value", "manual"]
- ["Newtonsoft.Json.Linq", "JToken", False, "SelectToken", "(System.String)", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["Newtonsoft.Json.Linq", "JToken", False, "SelectToken", "(System.String,Newtonsoft.Json.Linq.JsonSelectSettings)", "", "Argument[this]", "ReturnValue", "taint", "manual"]

10
csharp/ql/lib/ext/Newtonsoft.Json.model.yml
View File

@@ -3,16 +3,16 @@ extensions:
pack: codeql/csharp-all
extensible: summaryModel
data:
- ["Newtonsoft.Json", "JsonConvert", False, "DeserializeAnonymousType<>", "(System.String,T)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["Newtonsoft.Json", "JsonConvert", False, "DeserializeAnonymousType<>", "(System.String,T,Newtonsoft.Json.JsonSerializerSettings)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["Newtonsoft.Json", "JsonConvert", False, "DeserializeAnonymousType<T>", "(System.String,T)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["Newtonsoft.Json", "JsonConvert", False, "DeserializeAnonymousType<T>", "(System.String,T,Newtonsoft.Json.JsonSerializerSettings)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["Newtonsoft.Json", "JsonConvert", False, "DeserializeObject", "(System.String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["Newtonsoft.Json", "JsonConvert", False, "DeserializeObject", "(System.String,Newtonsoft.Json.JsonSerializerSettings)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["Newtonsoft.Json", "JsonConvert", False, "DeserializeObject", "(System.String,System.Type)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["Newtonsoft.Json", "JsonConvert", False, "DeserializeObject", "(System.String,System.Type,Newtonsoft.Json.JsonConverter[])", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["Newtonsoft.Json", "JsonConvert", False, "DeserializeObject", "(System.String,System.Type,Newtonsoft.Json.JsonSerializerSettings)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["Newtonsoft.Json", "JsonConvert", False, "DeserializeObject<>", "(System.String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["Newtonsoft.Json", "JsonConvert", False, "DeserializeObject<>", "(System.String,Newtonsoft.Json.JsonConverter[])", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["Newtonsoft.Json", "JsonConvert", False, "DeserializeObject<>", "(System.String,Newtonsoft.Json.JsonSerializerSettings)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["Newtonsoft.Json", "JsonConvert", False, "DeserializeObject<T>", "(System.String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["Newtonsoft.Json", "JsonConvert", False, "DeserializeObject<T>", "(System.String,Newtonsoft.Json.JsonConverter[])", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["Newtonsoft.Json", "JsonConvert", False, "DeserializeObject<T>", "(System.String,Newtonsoft.Json.JsonSerializerSettings)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["Newtonsoft.Json", "JsonConvert", False, "DeserializeXNode", "(System.String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["Newtonsoft.Json", "JsonConvert", False, "DeserializeXNode", "(System.String,System.String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["Newtonsoft.Json", "JsonConvert", False, "DeserializeXNode", "(System.String,System.String,System.Boolean)", "", "Argument[0]", "ReturnValue", "taint", "manual"]

142
csharp/ql/lib/ext/ServiceStack.OrmLite.model.yml
View File

@@ -8,76 +8,76 @@ extensions:
- ["ServiceStack.OrmLite", "IUntypedSqlExpression", True, "UnsafeOr", "(System.String,System.Object[])", "", "Argument[0]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "IUntypedSqlExpression", True, "UnsafeSelect", "(System.String)", "", "Argument[0]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "IUntypedSqlExpression", True, "UnsafeWhere", "(System.String,System.Object[])", "", "Argument[0]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Column<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Column<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "ColumnDistinct<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "ColumnDistinct<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "ColumnLazy<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "ColumnLazy<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Dictionary<,>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Column<T>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Column<T>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "ColumnDistinct<T>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "ColumnDistinct<T>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "ColumnLazy<T>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "ColumnLazy<T>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Dictionary<K,V>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "ExecuteNonQuery", "(System.Data.IDbConnection,System.String)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "ExecuteNonQuery", "(System.Data.IDbConnection,System.String,System.Action<System.Data.IDbCommand>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "ExecuteNonQuery", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary<System.String,System.Object>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "ExecuteNonQuery", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Exists<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Exists<T>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "KeyValuePairs", "(System.Data.IDbConnection,System.String,System.System.Object)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Lookup<,>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Lookup<,>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Scalar<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Scalar<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Select<>", "(System.Data.IDbConnection,System.String)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Select<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary<System.String,System.Object>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Select<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Select<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Select<>", "(System.Data.IDbConnection,System.Type,System.String,System.Object)", "", "Argument[2]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SelectLazy<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SelectNonDefaults<>", "(System.Data.IDbConnection,System.String,T)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Single<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Single<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlColumn<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary<System.String,System.Object>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlColumn<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlColumn<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlList<>", "(System.Data.IDbConnection,System.String,System.Action<System.Data.IDbCommand>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlList<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary<System.String,System.Object>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlList<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlList<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlScalar<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary<System.String,System.Object>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlScalar<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlScalar<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ColumnAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ColumnAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ColumnDistinctAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ColumnDistinctAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "DictionaryAsync<,>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Lookup<K,V>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Lookup<K,V>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Scalar<T>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Scalar<T>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Select<T>", "(System.Data.IDbConnection,System.String)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Select<T>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary<System.String,System.Object>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Select<T>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Select<T>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Select<TModel>", "(System.Data.IDbConnection,System.Type,System.String,System.Object)", "", "Argument[2]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SelectLazy<T>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SelectNonDefaults<T>", "(System.Data.IDbConnection,System.String,T)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Single<T>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Single<T>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlColumn<T>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary<System.String,System.Object>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlColumn<T>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlColumn<T>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlList<T>", "(System.Data.IDbConnection,System.String,System.Action<System.Data.IDbCommand>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlList<T>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary<System.String,System.Object>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlList<T>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlList<T>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlScalar<T>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary<System.String,System.Object>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlScalar<T>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlScalar<T>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ColumnAsync<T>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ColumnAsync<T>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ColumnDistinctAsync<T>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ColumnDistinctAsync<T>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "DictionaryAsync<K,V>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ExecuteNonQueryAsync", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary<System.String,System.Object>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ExecuteNonQueryAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ExecuteNonQueryAsync", "(System.Data.IDbConnection,System.String,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ExistsAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "KeyValuePairsAsync<,>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "KeyValuePairsAsync<,>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "LookupAsync<,>", "(System.Data.IDbCommand,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "LookupAsync<,>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "LookupAsync<,>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ScalarAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ScalarAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SelectAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary<System.String,System.Object>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SelectAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SelectAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SelectAsync<>", "(System.Data.IDbConnection,System.String,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SelectAsync<>", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[2]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SelectNonDefaultsAsync<>", "(System.Data.IDbConnection,System.String,T,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SingleAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SingleAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlColumnAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary<System.String,System.Object>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlColumnAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlColumnAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlListAsync<>", "(System.Data.IDbConnection,System.String,System.Action<System.Data.IDbCommand>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlListAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary<System.String,System.Object>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlListAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlListAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlScalarAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary<System.String,System.Object>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlScalarAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlScalarAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ExistsAsync<T>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "KeyValuePairsAsync<K,V>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "KeyValuePairsAsync<K,V>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "LookupAsync<K,V>", "(System.Data.IDbCommand,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "LookupAsync<K,V>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "LookupAsync<K,V>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ScalarAsync<T>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ScalarAsync<T>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SelectAsync<T>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary<System.String,System.Object>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SelectAsync<T>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SelectAsync<T>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SelectAsync<T>", "(System.Data.IDbConnection,System.String,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SelectAsync<TModel>", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[2]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SelectNonDefaultsAsync<T>", "(System.Data.IDbConnection,System.String,T,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SingleAsync<T>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SingleAsync<T>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlColumnAsync<T>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary<System.String,System.Object>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlColumnAsync<T>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlColumnAsync<T>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlListAsync<T>", "(System.Data.IDbConnection,System.String,System.Action<System.Data.IDbCommand>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlListAsync<T>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary<System.String,System.Object>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlListAsync<T>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlListAsync<T>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlScalarAsync<T>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary<System.String,System.Object>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlScalarAsync<T>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlScalarAsync<T>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadExpressionsApi", False, "RowCount", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadExpressionsApi", False, "RowCount", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadExpressionsApiAsync", False, "RowCountAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
@@ -86,12 +86,12 @@ extensions:
- ["ServiceStack.OrmLite", "OrmLiteWriteApi", False, "ExecuteSql", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteWriteApiAsync", False, "ExecuteSqlAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteWriteApiAsync", False, "ExecuteSqlAsync", "(System.Data.IDbConnection,System.String,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "SqlExpression<>", True, "UnsafeAnd", "(System.String,System.Object[])", "", "Argument[0]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "SqlExpression<>", True, "UnsafeFrom", "(System.String)", "", "Argument[0]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "SqlExpression<>", True, "UnsafeGroupBy", "(System.String)", "", "Argument[0]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "SqlExpression<>", True, "UnsafeHaving", "(System.String,System.Object[])", "", "Argument[0]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "SqlExpression<>", True, "UnsafeOr", "(System.String,System.Object[])", "", "Argument[0]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "SqlExpression<>", True, "UnsafeOrderBy", "(System.String)", "", "Argument[0]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "SqlExpression<>", True, "UnsafeSelect", "(System.String)", "", "Argument[0]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "SqlExpression<>", True, "UnsafeSelect", "(System.String,System.Boolean)", "", "Argument[0]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "SqlExpression<>", True, "UnsafeWhere", "(System.String,System.Object[])", "", "Argument[0]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "SqlExpression<T>", True, "UnsafeAnd", "(System.String,System.Object[])", "", "Argument[0]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "SqlExpression<T>", True, "UnsafeFrom", "(System.String)", "", "Argument[0]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "SqlExpression<T>", True, "UnsafeGroupBy", "(System.String)", "", "Argument[0]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "SqlExpression<T>", True, "UnsafeHaving", "(System.String,System.Object[])", "", "Argument[0]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "SqlExpression<T>", True, "UnsafeOr", "(System.String,System.Object[])", "", "Argument[0]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "SqlExpression<T>", True, "UnsafeOrderBy", "(System.String)", "", "Argument[0]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "SqlExpression<T>", True, "UnsafeSelect", "(System.String)", "", "Argument[0]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "SqlExpression<T>", True, "UnsafeSelect", "(System.String,System.Boolean)", "", "Argument[0]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "SqlExpression<T>", True, "UnsafeWhere", "(System.String,System.Object[])", "", "Argument[0]", "sql-injection", "manual"]

92
csharp/ql/lib/ext/ServiceStack.model.yml
View File

@@ -6,67 +6,67 @@ extensions:
- ["ServiceStack", "IOneWayClient", True, "SendAllOneWay", "(System.Collections.Generic.IEnumerable<System.Object>)", "", "Argument[1].Element", "file-content-store", "manual"]
- ["ServiceStack", "IOneWayClient", True, "SendOneWay", "(System.Object)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IOneWayClient", True, "SendOneWay", "(System.String,System.Object)", "", "Argument[1]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClient", True, "Patch<>", "(System.String,System.Object)", "", "Argument[1]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClient", True, "Post<>", "(System.String,System.Object)", "", "Argument[1]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClient", True, "Put<>", "(System.String,System.Object)", "", "Argument[1]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClient", True, "Send<>", "(System.String,System.String,System.Object)", "", "Argument[2]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClient", True, "Patch<TResponse>", "(System.String,System.Object)", "", "Argument[1]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClient", True, "Post<TResponse>", "(System.String,System.Object)", "", "Argument[1]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClient", True, "Put<TResponse>", "(System.String,System.Object)", "", "Argument[1]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClient", True, "Send<TResponse>", "(System.String,System.String,System.Object)", "", "Argument[2]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "CustomMethodAsync", "(System.String,ServiceStack.IReturnVoid,System.Threading.CancellationToken)", "", "Argument[1]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "CustomMethodAsync<>", "(System.String,ServiceStack.IReturn<TResponse>,System.Threading.CancellationToken)", "", "Argument[1]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "CustomMethodAsync<>", "(System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "CustomMethodAsync<TResponse>", "(System.String,ServiceStack.IReturn<TResponse>,System.Threading.CancellationToken)", "", "Argument[1]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "CustomMethodAsync<TResponse>", "(System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "DeleteAsync", "(ServiceStack.IReturnVoid,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "DeleteAsync<>", "(ServiceStack.IReturn<TResponse>,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "DeleteAsync<>", "(System.Object,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "DeleteAsync<TResponse>", "(ServiceStack.IReturn<TResponse>,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "DeleteAsync<TResponse>", "(System.Object,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "GetAsync", "(ServiceStack.IReturnVoid,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "GetAsync<>", "(ServiceStack.IReturn<TResponse>,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "GetAsync<>", "(System.Object,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "GetAsync<TResponse>", "(ServiceStack.IReturn<TResponse>,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "GetAsync<TResponse>", "(System.Object,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "PatchAsync", "(ServiceStack.IReturnVoid,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "PatchAsync<>", "(ServiceStack.IReturn<TResponse>,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "PatchAsync<>", "(System.Object,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "PatchAsync<TResponse>", "(ServiceStack.IReturn<TResponse>,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "PatchAsync<TResponse>", "(System.Object,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "PostAsync", "(ServiceStack.IReturnVoid,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "PostAsync<>", "(ServiceStack.IReturn<TResponse>,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "PostAsync<>", "(System.Object,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "PostAsync<TResponse>", "(ServiceStack.IReturn<TResponse>,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "PostAsync<TResponse>", "(System.Object,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "PutAsync", "(ServiceStack.IReturnVoid,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "PutAsync<>", "(ServiceStack.IReturn<TResponse>,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "PutAsync<>", "(System.Object,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "PutAsync<TResponse>", "(ServiceStack.IReturn<TResponse>,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "PutAsync<TResponse>", "(System.Object,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientSync", True, "CustomMethod", "(System.String,ServiceStack.IReturnVoid)", "", "Argument[1]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientSync", True, "CustomMethod<>", "(System.String,ServiceStack.IReturn<TResponse>)", "", "Argument[1]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientSync", True, "CustomMethod<>", "(System.String,System.Object)", "", "Argument[1]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientSync", True, "CustomMethod<TResponse>", "(System.String,ServiceStack.IReturn<TResponse>)", "", "Argument[1]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientSync", True, "CustomMethod<TResponse>", "(System.String,System.Object)", "", "Argument[1]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Delete", "(ServiceStack.IReturnVoid)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Delete<>", "(ServiceStack.IReturn<TResponse>)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Delete<>", "(System.Object)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Delete<TResponse>", "(ServiceStack.IReturn<TResponse>)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Delete<TResponse>", "(System.Object)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Get", "(ServiceStack.IReturnVoid)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Get<>", "(ServiceStack.IReturn<TResponse>)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Get<>", "(System.Object)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Get<TResponse>", "(ServiceStack.IReturn<TResponse>)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Get<TResponse>", "(System.Object)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Patch", "(ServiceStack.IReturnVoid)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Patch<>", "(ServiceStack.IReturn<TResponse>)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Patch<>", "(System.Object)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Patch<TResponse>", "(ServiceStack.IReturn<TResponse>)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Patch<TResponse>", "(System.Object)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Post", "(ServiceStack.IReturnVoid)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Post<>", "(ServiceStack.IReturn<TResponse>)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Post<>", "(System.Object)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Post<TResponse>", "(ServiceStack.IReturn<TResponse>)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Post<TResponse>", "(System.Object)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Put", "(ServiceStack.IReturnVoid)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Put<>", "(ServiceStack.IReturn<TResponse>)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Put<>", "(System.Object)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestGateway", True, "Delete<>", "(ServiceStack.IReturn<T>)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestGateway", True, "Get<>", "(ServiceStack.IReturn<T>)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestGateway", True, "Post<>", "(ServiceStack.IReturn<T>)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestGateway", True, "Put<>", "(ServiceStack.IReturn<T>)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestGateway", True, "Send<>", "(ServiceStack.IReturn<T>)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestGatewayAsync", True, "DeleteAsync<>", "(ServiceStack.IReturn<T>,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestGatewayAsync", True, "GetAsync<>", "(ServiceStack.IReturn<T>,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestGatewayAsync", True, "PostAsync<>", "(ServiceStack.IReturn<T>,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestGatewayAsync", True, "PutAsync<>", "(ServiceStack.IReturn<T>,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestGatewayAsync", True, "SendAsync<>", "(ServiceStack.IReturn<T>,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Put<TResponse>", "(ServiceStack.IReturn<TResponse>)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Put<TResponse>", "(System.Object)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestGateway", True, "Delete<T>", "(ServiceStack.IReturn<T>)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestGateway", True, "Get<T>", "(ServiceStack.IReturn<T>)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestGateway", True, "Post<T>", "(ServiceStack.IReturn<T>)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestGateway", True, "Put<T>", "(ServiceStack.IReturn<T>)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestGateway", True, "Send<T>", "(ServiceStack.IReturn<T>)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestGatewayAsync", True, "DeleteAsync<T>", "(ServiceStack.IReturn<T>,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestGatewayAsync", True, "GetAsync<T>", "(ServiceStack.IReturn<T>,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestGatewayAsync", True, "PostAsync<T>", "(ServiceStack.IReturn<T>,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestGatewayAsync", True, "PutAsync<T>", "(ServiceStack.IReturn<T>,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestGatewayAsync", True, "SendAsync<T>", "(ServiceStack.IReturn<T>,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IServiceGateway", True, "Publish", "(System.Object)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IServiceGateway", True, "PublishAll", "(System.Collections.Generic.IEnumerable<System.Object>)", "", "Argument[0].Element", "file-content-store", "manual"]
- ["ServiceStack", "IServiceGateway", True, "Send<>", "(System.Object)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IServiceGateway", True, "SendAll<>", "(System.Collections.Generic.IEnumerable<System.Object>)", "", "Argument[0].Element", "file-content-store", "manual"]
- ["ServiceStack", "IServiceGateway", True, "Send<TResponse>", "(System.Object)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IServiceGateway", True, "SendAll<TResponse>", "(System.Collections.Generic.IEnumerable<System.Object>)", "", "Argument[0].Element", "file-content-store", "manual"]
- ["ServiceStack", "IServiceGatewayAsync", True, "PublishAllAsync", "(System.Collections.Generic.IEnumerable<System.Object>,System.Threading.CancellationToken)", "", "Argument[0].Element", "file-content-store", "manual"]
- ["ServiceStack", "IServiceGatewayAsync", True, "PublishAsync", "(System.Object,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IServiceGatewayAsync", True, "SendAllAsync<>", "(System.Collections.Generic.IEnumerable<System.Object>,System.Threading.CancellationToken)", "", "Argument[0].Element", "file-content-store", "manual"]
- ["ServiceStack", "IServiceGatewayAsync", True, "SendAsync<>", "(System.Object,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IServiceGatewayAsync", True, "SendAllAsync<TResponse>", "(System.Collections.Generic.IEnumerable<System.Object>,System.Threading.CancellationToken)", "", "Argument[0].Element", "file-content-store", "manual"]
- ["ServiceStack", "IServiceGatewayAsync", True, "SendAsync<TResponse>", "(System.Object,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "ServiceClientBase", True, "CustomMethod", "(System.String,System.String,System.Object)", "", "Argument[2]", "file-content-store", "manual"]
- ["ServiceStack", "ServiceClientBase", True, "CustomMethod<>", "(System.String,System.String,System.Object)", "", "Argument[2]", "file-content-store", "manual"]
- ["ServiceStack", "ServiceClientBase", True, "CustomMethodAsync<>", "(System.String,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[2]", "file-content-store", "manual"]
- ["ServiceStack", "ServiceClientBase", True, "CustomMethod<TResponse>", "(System.String,System.String,System.Object)", "", "Argument[2]", "file-content-store", "manual"]
- ["ServiceStack", "ServiceClientBase", True, "CustomMethodAsync<TResponse>", "(System.String,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[2]", "file-content-store", "manual"]
- ["ServiceStack", "ServiceClientBase", True, "Delete", "(System.Object)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "ServiceClientBase", True, "DownloadBytes", "(System.String,System.String,System.Object)", "", "Argument[2]", "file-content-store", "manual"]
- ["ServiceStack", "ServiceClientBase", True, "DownloadBytesAsync", "(System.String,System.String,System.Object)", "", "Argument[2]", "file-content-store", "manual"]
@@ -75,8 +75,8 @@ extensions:
- ["ServiceStack", "ServiceClientBase", True, "Head", "(System.Object)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "ServiceClientBase", True, "Patch", "(System.Object)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "ServiceClientBase", True, "Post", "(System.Object)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "ServiceClientBase", True, "Publish<>", "(ServiceStack.Messaging.IMessage<T>)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "ServiceClientBase", True, "Publish<>", "(T)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "ServiceClientBase", True, "Publish<T>", "(ServiceStack.Messaging.IMessage<T>)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "ServiceClientBase", True, "Publish<T>", "(T)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "ServiceClientBase", True, "Put", "(System.Object)", "", "Argument[0]", "file-content-store", "manual"]
- addsTo:
pack: codeql/csharp-all

34
csharp/ql/lib/ext/System.Collections.Concurrent.model.yml
View File

@@ -3,20 +3,20 @@ extensions:
pack: codeql/csharp-all
extensible: summaryModel
data:
- ["System.Collections.Concurrent", "BlockingCollection<>", False, "Add", "(T)", "", "Argument[0]", "Argument[this].Element", "value", "manual"]
- ["System.Collections.Concurrent", "BlockingCollection<>", False, "CopyTo", "(T[],System.Int32)", "", "Argument[this].Element", "Argument[0].Element", "value", "manual"]
- ["System.Collections.Concurrent", "ConcurrentBag<>", False, "Add", "(T)", "", "Argument[0]", "Argument[this].Element", "value", "manual"]
- ["System.Collections.Concurrent", "ConcurrentBag<>", False, "Clear", "()", "", "Argument[this].WithoutElement", "Argument[this]", "value", "manual"]
- ["System.Collections.Concurrent", "ConcurrentDictionary<,>", False, "Add", "(System.Collections.Generic.KeyValuePair<TKey,TValue>)", "", "Argument[0].Property[System.Collections.Generic.KeyValuePair<,>.Key]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair<,>.Key]", "value", "manual"]
- ["System.Collections.Concurrent", "ConcurrentDictionary<,>", False, "Add", "(System.Collections.Generic.KeyValuePair<TKey,TValue>)", "", "Argument[0].Property[System.Collections.Generic.KeyValuePair<,>.Value]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair<,>.Value]", "value", "manual"]
- ["System.Collections.Concurrent", "ConcurrentDictionary<,>", False, "ConcurrentDictionary", "(System.Collections.Generic.IEnumerable<System.Collections.Generic.KeyValuePair<TKey,TValue>>)", "", "Argument[0].Element.Property[System.Collections.Generic.KeyValuePair<,>.Key]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair<,>.Key]", "value", "manual"]
- ["System.Collections.Concurrent", "ConcurrentDictionary<,>", False, "ConcurrentDictionary", "(System.Collections.Generic.IEnumerable<System.Collections.Generic.KeyValuePair<TKey,TValue>>)", "", "Argument[0].Element.Property[System.Collections.Generic.KeyValuePair<,>.Value]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair<,>.Value]", "value", "manual"]
- ["System.Collections.Concurrent", "ConcurrentDictionary<,>", False, "ConcurrentDictionary", "(System.Collections.Generic.IEnumerable<System.Collections.Generic.KeyValuePair<TKey,TValue>>,System.Collections.Generic.IEqualityComparer<TKey>)", "", "Argument[0].Element.Property[System.Collections.Generic.KeyValuePair<,>.Key]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair<,>.Key]", "value", "manual"]
- ["System.Collections.Concurrent", "ConcurrentDictionary<,>", False, "ConcurrentDictionary", "(System.Collections.Generic.IEnumerable<System.Collections.Generic.KeyValuePair<TKey,TValue>>,System.Collections.Generic.IEqualityComparer<TKey>)", "", "Argument[0].Element.Property[System.Collections.Generic.KeyValuePair<,>.Value]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair<,>.Value]", "value", "manual"]
- ["System.Collections.Concurrent", "ConcurrentDictionary<,>", False, "ConcurrentDictionary", "(System.Int32,System.Collections.Generic.IEnumerable<System.Collections.Generic.KeyValuePair<TKey,TValue>>,System.Collections.Generic.IEqualityComparer<TKey>)", "", "Argument[1].Element.Property[System.Collections.Generic.KeyValuePair<,>.Key]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair<,>.Key]", "value", "manual"]
- ["System.Collections.Concurrent", "ConcurrentDictionary<,>", False, "ConcurrentDictionary", "(System.Int32,System.Collections.Generic.IEnumerable<System.Collections.Generic.KeyValuePair<TKey,TValue>>,System.Collections.Generic.IEqualityComparer<TKey>)", "", "Argument[1].Element.Property[System.Collections.Generic.KeyValuePair<,>.Value]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair<,>.Value]", "value", "manual"]
- ["System.Collections.Concurrent", "ConcurrentDictionary<,>", False, "get_Keys", "()", "", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair<,>.Key]", "ReturnValue.Element", "value", "manual"]
- ["System.Collections.Concurrent", "ConcurrentDictionary<,>", False, "get_Values", "()", "", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair<,>.Value]", "ReturnValue.Element", "value", "manual"]
- ["System.Collections.Concurrent", "ConcurrentQueue<>", False, "Clear", "()", "", "Argument[this].WithoutElement", "Argument[this]", "value", "manual"]
- ["System.Collections.Concurrent", "ConcurrentStack<>", False, "Clear", "()", "", "Argument[this].WithoutElement", "Argument[this]", "value", "manual"]
- ["System.Collections.Concurrent", "IProducerConsumerCollection<>", True, "CopyTo", "(T[],System.Int32)", "", "Argument[this].Element", "Argument[0].Element", "value", "manual"]
- ["System.Collections.Concurrent", "BlockingCollection<T>", False, "Add", "(T)", "", "Argument[0]", "Argument[this].Element", "value", "manual"]
- ["System.Collections.Concurrent", "BlockingCollection<T>", False, "CopyTo", "(T[],System.Int32)", "", "Argument[this].Element", "Argument[0].Element", "value", "manual"]
- ["System.Collections.Concurrent", "ConcurrentBag<T>", False, "Add", "(T)", "", "Argument[0]", "Argument[this].Element", "value", "manual"]
- ["System.Collections.Concurrent", "ConcurrentBag<T>", False, "Clear", "()", "", "Argument[this].WithoutElement", "Argument[this]", "value", "manual"]
- ["System.Collections.Concurrent", "ConcurrentDictionary<TKey,TValue>", False, "Add", "(System.Collections.Generic.KeyValuePair<TKey,TValue>)", "", "Argument[0].Property[System.Collections.Generic.KeyValuePair`2.Key]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key]", "value", "manual"]
- ["System.Collections.Concurrent", "ConcurrentDictionary<TKey,TValue>", False, "Add", "(System.Collections.Generic.KeyValuePair<TKey,TValue>)", "", "Argument[0].Property[System.Collections.Generic.KeyValuePair`2.Value]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value]", "value", "manual"]
- ["System.Collections.Concurrent", "ConcurrentDictionary<TKey,TValue>", False, "ConcurrentDictionary", "(System.Collections.Generic.IEnumerable<System.Collections.Generic.KeyValuePair<TKey,TValue>>)", "", "Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Key]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key]", "value", "manual"]
- ["System.Collections.Concurrent", "ConcurrentDictionary<TKey,TValue>", False, "ConcurrentDictionary", "(System.Collections.Generic.IEnumerable<System.Collections.Generic.KeyValuePair<TKey,TValue>>)", "", "Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Value]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value]", "value", "manual"]
- ["System.Collections.Concurrent", "ConcurrentDictionary<TKey,TValue>", False, "ConcurrentDictionary", "(System.Collections.Generic.IEnumerable<System.Collections.Generic.KeyValuePair<TKey,TValue>>,System.Collections.Generic.IEqualityComparer<TKey>)", "", "Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Key]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key]", "value", "manual"]
- ["System.Collections.Concurrent", "ConcurrentDictionary<TKey,TValue>", False, "ConcurrentDictionary", "(System.Collections.Generic.IEnumerable<System.Collections.Generic.KeyValuePair<TKey,TValue>>,System.Collections.Generic.IEqualityComparer<TKey>)", "", "Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Value]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value]", "value", "manual"]
- ["System.Collections.Concurrent", "ConcurrentDictionary<TKey,TValue>", False, "ConcurrentDictionary", "(System.Int32,System.Collections.Generic.IEnumerable<System.Collections.Generic.KeyValuePair<TKey,TValue>>,System.Collections.Generic.IEqualityComparer<TKey>)", "", "Argument[1].Element.Property[System.Collections.Generic.KeyValuePair`2.Key]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key]", "value", "manual"]
- ["System.Collections.Concurrent", "ConcurrentDictionary<TKey,TValue>", False, "ConcurrentDictionary", "(System.Int32,System.Collections.Generic.IEnumerable<System.Collections.Generic.KeyValuePair<TKey,TValue>>,System.Collections.Generic.IEqualityComparer<TKey>)", "", "Argument[1].Element.Property[System.Collections.Generic.KeyValuePair`2.Value]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value]", "value", "manual"]
- ["System.Collections.Concurrent", "ConcurrentDictionary<TKey,TValue>", False, "get_Keys", "()", "", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key]", "ReturnValue.Element", "value", "manual"]
- ["System.Collections.Concurrent", "ConcurrentDictionary<TKey,TValue>", False, "get_Values", "()", "", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value]", "ReturnValue.Element", "value", "manual"]
- ["System.Collections.Concurrent", "ConcurrentQueue<T>", False, "Clear", "()", "", "Argument[this].WithoutElement", "Argument[this]", "value", "manual"]
- ["System.Collections.Concurrent", "ConcurrentStack<T>", False, "Clear", "()", "", "Argument[this].WithoutElement", "Argument[this]", "value", "manual"]
- ["System.Collections.Concurrent", "IProducerConsumerCollection<T>", True, "CopyTo", "(T[],System.Int32)", "", "Argument[this].Element", "Argument[0].Element", "value", "manual"]

Some files were not shown because too many files have changed in this diff Show More