From 6c28be98274e081a1bfa524bc1380420d0193fda Mon Sep 17 00:00:00 2001 From: Jon Janego Date: Thu, 13 Mar 2025 11:49:48 -0500 Subject: [PATCH 001/409] Update query-metadata-style-guide.md initial commit of changes starting to add quality tagging standards --- docs/query-metadata-style-guide.md | 56 +++++++++++++++++++++--------- 1 file changed, 39 insertions(+), 17 deletions(-) diff --git a/docs/query-metadata-style-guide.md b/docs/query-metadata-style-guide.md index 3350111db22..d4704c6c11e 100644 --- a/docs/query-metadata-style-guide.md +++ b/docs/query-metadata-style-guide.md @@ -121,12 +121,47 @@ Alert queries (`@kind problem` or `path-problem`) support two further properties ## Query tags `@tags` -The `@tags` property is used to define categories that the query relates to. Each alert query should belong to one (or more, if necessary) of the following four top-level categories: +The `@tags` property is used to define categories that the query relates to. As we prepare for the release of a dedicated code quality product, we will use tagging to prepare a stronger delineation between queries that are part of our existing "code security" product offering and those that are better suited as part of a "quality" product offering. Each alert query should belong to one of the following two top-level categories, with additional sub-categories: -* `@tags correctness`–for queries that detect incorrect program behavior. -* `@tags maintainability`–for queries that detect patterns that make it harder for developers to make changes to the code. -* `@tags readability`–for queries that detect confusing patterns that make it harder for developers to read the code. +#### High level category `@tags` * `@tags security`–for queries that detect security weaknesses. See below for further information. +* `@tags quality`–for queries that detect code quality issues. See below for further information. + +#### Security query `@tags` + +If your query is a security query, use one or more `@tags` to associate it with the relevant CWEs. Add `@tags` for the most specific Base Weakness or Class Weakness in [View 1000](https://cwe.mitre.org/data/definitions/1000.html), using the parent/child relationship. For example: + +| `@tags security` | `external/cwe/cwe-022`| +|-|-| +||`external/cwe/cwe-023` | +||`external/cwe/cwe-036` | +||`external/cwe/cwe-073` | + +When you tag a query like this, the associated CWE pages from [MITRE.org](https://cwe.mitre.org/index.html) will automatically appear in the references section of its associated qhelp file. + +> [!NOTE] +> The automatic addition of CWE reference links works only if the qhelp file already contains a `` section. + +#### Quality query sub-category `@tags` + +* `@tags maintainability`–for queries that detect patterns that make it harder for developers to make changes to the code. +* `@tags reliability`–for queries that detect issues that affect whether the code will perform as expected during execution. + +Software quality doesn't have as universally-agreed categorization method as security issues like CWE, so we will do our own categorization instead of using tags like CWE. + +We'll have two "top-level" categories of quality queries, with sub-categories beneath: + +* `@tags maintainability`–for queries that detect patterns that make it harder for developers to make changes to the code. + * `@tags readability`–for queries that detect confusing patterns that make it harder for developers to read the code. + * + + +* `@tags reliability`–for queries that detect issues that affect whether the code will perform as expected during execution. + * `@tags correctness`–for queries that detect incorrect program behavior. + + + + There are also more specific `@tags` that can be added. See, the following pages for examples of the low-level tags: @@ -145,20 +180,7 @@ If necessary, you can also define your own low-level tags to categorize the quer * Use a forward slash / to indicate a hierarchical relationship between tags if necessary. For example, a query with tag `foo/bar` is also interpreted as also having tag `foo`, but not `bar`. * Use a single-word `@tags` name. Multiple words, separated with hyphens, can be used for clarity if necessary. -#### Security query `@tags` -If your query is a security query, use one or more `@tags` to associate it with the relevant CWEs. Add `@tags` for the most specific Base Weakness or Class Weakness in [View 1000](https://cwe.mitre.org/data/definitions/1000.html), using the parent/child relationship. For example: - -| `@tags security` | `external/cwe/cwe-022`| -|-|-| -||`external/cwe/cwe-023` | -||`external/cwe/cwe-036` | -||`external/cwe/cwe-073` | - -When you tag a query like this, the associated CWE pages from [MITRE.org](https://cwe.mitre.org/index.html) will automatically appear in the references section of its associated qhelp file. - -> [!NOTE] -> The automatic addition of CWE reference links works only if the qhelp file already contains a `` section. #### Metric/summary `@tags` From de5d3b6263b25657f6524306ce66b20beaa9a963 Mon Sep 17 00:00:00 2001 From: Jon Janego Date: Thu, 13 Mar 2025 12:42:51 -0500 Subject: [PATCH 002/409] Update query-metadata-style-guide.md --- docs/query-metadata-style-guide.md | 44 +++++++++++++++++------------- 1 file changed, 25 insertions(+), 19 deletions(-) diff --git a/docs/query-metadata-style-guide.md b/docs/query-metadata-style-guide.md index d4704c6c11e..a13ad200a9a 100644 --- a/docs/query-metadata-style-guide.md +++ b/docs/query-metadata-style-guide.md @@ -121,9 +121,9 @@ Alert queries (`@kind problem` or `path-problem`) support two further properties ## Query tags `@tags` -The `@tags` property is used to define categories that the query relates to. As we prepare for the release of a dedicated code quality product, we will use tagging to prepare a stronger delineation between queries that are part of our existing "code security" product offering and those that are better suited as part of a "quality" product offering. Each alert query should belong to one of the following two top-level categories, with additional sub-categories: +The `@tags` property is used to define the high level category of problem that the query relates to. Each alert query should belong to one of the following two top-level categories, with additional sub-categories: -#### High level category `@tags` +### High level category `@tags` * `@tags security`–for queries that detect security weaknesses. See below for further information. * `@tags quality`–for queries that detect code quality issues. See below for further information. @@ -149,18 +149,19 @@ When you tag a query like this, the associated CWE pages from [MITRE.org](https: Software quality doesn't have as universally-agreed categorization method as security issues like CWE, so we will do our own categorization instead of using tags like CWE. -We'll have two "top-level" categories of quality queries, with sub-categories beneath: +We'll use two "top-level" categories of quality queries, with sub-categories beneath: * `@tags maintainability`–for queries that detect patterns that make it harder for developers to make changes to the code. * `@tags readability`–for queries that detect confusing patterns that make it harder for developers to read the code. - * - + * `@tags unused-code`-for queries that detect functions that are never used and other instances of unused code + * `@tags complexity`-for queries that detect patterns in the code that lead to unnecesary complexity such as unclear control flow, or high cyclomatic complexity + * `@tags reliability`–for queries that detect issues that affect whether the code will perform as expected during execution. - * `@tags correctness`–for queries that detect incorrect program behavior. - - - + * `@tags correctness`–for queries that detect incorrect program behavior or couse result in unintended outcomes. + * `@tags performance`-for queries that detect code that could impact performance through inefficient algorithms, unnecessary computation, etc + * `@tags concurrency`-for queries that detect concurrency related issues such as race conditions, deadlocks, thread safety, etc + * `@tags error-handling`-for queries that detect issues related to unsafe error handling such as uncaught exceptions, etc There are also more specific `@tags` that can be added. See, the following pages for examples of the low-level tags: @@ -172,23 +173,28 @@ There are also more specific `@tags` that can be added. See, the following pages * [JavaScript queries](https://codeql.github.com/codeql-query-help/javascript/) * [Python queries](https://codeql.github.com/codeql-query-help/python/) + +### Severities + +Maintainers are expected to add a `@security-severity` tag to security relevant queries that will be run on Code Scanning. There is a documented internal process for generating these `@security-severity` values. + +TODO: should we have a severity value for quality queries? + +### Metric/summary `@tags` + +Code Scanning may use tags to identify queries with specific meanings across languages. Currently, there is only one such tag: `lines-of-code`. The sum of the results for queries with this tag that return a single number column ([example for JavaScript](https://github.com/github/codeql/blob/c47d680d65f09a851e41d4edad58ffa7486b5431/java/ql/src/Metrics/Summaries/LinesOfCode.ql)) is interpreted by Code Scanning as the lines of code under the source root present in the database. Each language should have exactly one query of this form. + Metric queries (`@kind metric`) may have the `summary` tag. If SARIF output is used, the results of these queries can be found at `run[].properties.metricResults`. -If necessary, you can also define your own low-level tags to categorize the queries specific to your project or organization. When creating your own tags, you should: + +### Customizing tags + +If necessary, you can also define your own low-level tags to categorize the queries specific to your project or organization, but if possible, please try to follow the above standards (or propose changes to this style guide). When creating your own tags, you should: * Use all lower-case letters, including for acronyms and proper nouns, with no spaces. All characters apart from * and @ are accepted. * Use a forward slash / to indicate a hierarchical relationship between tags if necessary. For example, a query with tag `foo/bar` is also interpreted as also having tag `foo`, but not `bar`. * Use a single-word `@tags` name. Multiple words, separated with hyphens, can be used for clarity if necessary. - - -#### Metric/summary `@tags` - -Code Scanning may use tags to identify queries with specific meanings across languages. Currently, there is only one such tag: `lines-of-code`. The sum of the results for queries with this tag that return a single number column ([example for JavaScript](https://github.com/github/codeql/blob/c47d680d65f09a851e41d4edad58ffa7486b5431/java/ql/src/Metrics/Summaries/LinesOfCode.ql)) is interpreted by Code Scanning as the lines of code under the source root present in the database. Each language should have exactly one query of this form. - - -Maintainers are expected to add a `@security-severity` tag to security relevant queries that will be run on Code Scanning. There is a documented internal process for generating these `@security-severity` values. - ## QL area ### Alert messages From 14d178f81773c21c62d428af41607f45b5dd5882 Mon Sep 17 00:00:00 2001 From: Jon Janego Date: Wed, 19 Mar 2025 16:56:37 -0500 Subject: [PATCH 003/409] Update query-metadata-style-guide.md minor tag changes to align with existing tags --- docs/query-metadata-style-guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/query-metadata-style-guide.md b/docs/query-metadata-style-guide.md index a13ad200a9a..b51f6fea5a0 100644 --- a/docs/query-metadata-style-guide.md +++ b/docs/query-metadata-style-guide.md @@ -153,7 +153,7 @@ We'll use two "top-level" categories of quality queries, with sub-categories ben * `@tags maintainability`–for queries that detect patterns that make it harder for developers to make changes to the code. * `@tags readability`–for queries that detect confusing patterns that make it harder for developers to read the code. - * `@tags unused-code`-for queries that detect functions that are never used and other instances of unused code + * `@tags useless-code`-for queries that detect functions that are never used and other instances of unused code * `@tags complexity`-for queries that detect patterns in the code that lead to unnecesary complexity such as unclear control flow, or high cyclomatic complexity From f698d0a060b01adec18a57c2e9bfe1d952bf76e0 Mon Sep 17 00:00:00 2001 From: Jon Janego Date: Wed, 19 Mar 2025 16:58:30 -0500 Subject: [PATCH 004/409] Update query-metadata-style-guide.md --- docs/query-metadata-style-guide.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/query-metadata-style-guide.md b/docs/query-metadata-style-guide.md index b51f6fea5a0..4c3f5b8814f 100644 --- a/docs/query-metadata-style-guide.md +++ b/docs/query-metadata-style-guide.md @@ -121,7 +121,7 @@ Alert queries (`@kind problem` or `path-problem`) support two further properties ## Query tags `@tags` -The `@tags` property is used to define the high level category of problem that the query relates to. Each alert query should belong to one of the following two top-level categories, with additional sub-categories: +The `@tags` property is used to define the high level category of problem that the query relates to. Each alert query should belong to one of the following two top-level categories, with additional sub-categories: ### High level category `@tags` * `@tags security`–for queries that detect security weaknesses. See below for further information. @@ -173,6 +173,8 @@ There are also more specific `@tags` that can be added. See, the following pages * [JavaScript queries](https://codeql.github.com/codeql-query-help/javascript/) * [Python queries](https://codeql.github.com/codeql-query-help/python/) +> [!NOTE] +> There is a limit of 10 tags per query! ### Severities From 81e85010f900a49f7fced559196166a2f982c335 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 20 Mar 2025 12:30:57 +0000 Subject: [PATCH 005/409] List subpackages in vendor/modules.txt These were all generated by running depstubber. --- go/ql/test/experimental/CWE-285/vendor/modules.txt | 2 +- go/ql/test/experimental/CWE-321-V2/vendor/modules.txt | 2 +- .../CWE-522-DecompressionBombs/vendor/modules.txt | 11 +++++++++-- .../semmle/go/concepts/LoggerCall/vendor/modules.txt | 5 ----- .../semmle/go/frameworks/Beego/vendor/modules.txt | 6 +++++- .../go/frameworks/ElazarlGoproxy/vendor/modules.txt | 1 + .../semmle/go/frameworks/Email/vendor/modules.txt | 2 +- .../semmle/go/frameworks/Gin/vendor/modules.txt | 1 + .../semmle/go/frameworks/GoMicro/vendor/modules.txt | 7 ++++++- .../semmle/go/frameworks/Iris/vendor/modules.txt | 2 +- .../go/frameworks/K8sIoApiCoreV1/vendor/modules.txt | 5 +++-- .../K8sIoApimachineryPkgRuntime/vendor/modules.txt | 4 +++- .../go/frameworks/K8sIoClientGo/vendor/modules.txt | 2 +- .../semmle/go/frameworks/NoSQL/vendor/modules.txt | 7 ++++--- .../semmle/go/frameworks/Revel/vendor/modules.txt | 4 +++- .../semmle/go/frameworks/SQL/gogf/vendor/modules.txt | 3 ++- .../semmle/go/frameworks/Spew/vendor/modules.txt | 2 +- .../SystemCommandExecutors/vendor/modules.txt | 2 +- .../semmle/go/frameworks/WebSocket/vendor/modules.txt | 2 +- .../semmle/go/frameworks/Zap/vendor/modules.txt | 1 + .../IncompleteHostnameRegexp/vendor/modules.txt | 2 -- .../query-tests/Security/CWE-079/vendor/modules.txt | 2 +- .../query-tests/Security/CWE-089/vendor/modules.txt | 4 +++- .../query-tests/Security/CWE-312/vendor/modules.txt | 5 +++-- .../query-tests/Security/CWE-347/vendor/modules.txt | 2 +- .../query-tests/Security/CWE-640/vendor/modules.txt | 2 +- .../query-tests/Security/CWE-643/vendor/modules.txt | 6 ++++-- .../query-tests/Security/CWE-798/vendor/modules.txt | 6 +++--- .../query-tests/Security/CWE-918/vendor/modules.txt | 2 +- 29 files changed, 63 insertions(+), 39 deletions(-) diff --git a/go/ql/test/experimental/CWE-285/vendor/modules.txt b/go/ql/test/experimental/CWE-285/vendor/modules.txt index 5ad327e8bb5..8de84fbd85d 100644 --- a/go/ql/test/experimental/CWE-285/vendor/modules.txt +++ b/go/ql/test/experimental/CWE-285/vendor/modules.txt @@ -1,3 +1,3 @@ # github.com/msteinert/pam v1.0.0 ## explicit -github.com/msteinert/pam \ No newline at end of file +github.com/msteinert/pam diff --git a/go/ql/test/experimental/CWE-321-V2/vendor/modules.txt b/go/ql/test/experimental/CWE-321-V2/vendor/modules.txt index eedc2bbfc92..015b30ce9a2 100644 --- a/go/ql/test/experimental/CWE-321-V2/vendor/modules.txt +++ b/go/ql/test/experimental/CWE-321-V2/vendor/modules.txt @@ -1,6 +1,6 @@ # github.com/go-jose/go-jose/v3 v3.0.0 ## explicit -github.com/go-jose/go-jose/v3 +github.com/go-jose/go-jose/v3/jwt # github.com/golang-jwt/jwt/v5 v5.0.0 ## explicit github.com/golang-jwt/jwt/v5 diff --git a/go/ql/test/experimental/CWE-522-DecompressionBombs/vendor/modules.txt b/go/ql/test/experimental/CWE-522-DecompressionBombs/vendor/modules.txt index 92976a6e7e9..228cc0e318d 100644 --- a/go/ql/test/experimental/CWE-522-DecompressionBombs/vendor/modules.txt +++ b/go/ql/test/experimental/CWE-522-DecompressionBombs/vendor/modules.txt @@ -3,13 +3,20 @@ github.com/DataDog/zstd # github.com/dsnet/compress v0.0.1 ## explicit -github.com/dsnet/compress +github.com/dsnet/compress/bzip2 +github.com/dsnet/compress/flate # github.com/golang/snappy v0.0.4 ## explicit github.com/golang/snappy # github.com/klauspost/compress v1.16.6 ## explicit -github.com/klauspost/compress +github.com/klauspost/compress/zstd +github.com/klauspost/compress/snappy +github.com/klauspost/compress/s2 +github.com/klauspost/compress/zlib +github.com/klauspost/compress/zip +github.com/klauspost/compress/flate +github.com/klauspost/compress/gzip # github.com/klauspost/pgzip v1.2.6 ## explicit github.com/klauspost/pgzip diff --git a/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/modules.txt index c20671b4194..da35ae80c08 100644 --- a/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/modules.txt +++ b/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/modules.txt @@ -1,14 +1,9 @@ -# github.com/github/depstubber v0.0.0-20200916130315-f3217697abd4 -## explicit # github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b ## explicit github.com/golang/glog # github.com/sirupsen/logrus v1.7.0 ## explicit github.com/sirupsen/logrus -# golang.org/x/sys v0.0.0-20191026070338-33540a1f6037 -golang.org/x/sys/unix -golang.org/x/sys/windows # k8s.io/klog v1.0.0 ## explicit k8s.io/klog diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Beego/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/frameworks/Beego/vendor/modules.txt index bb2db0e47da..2ec05197130 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Beego/vendor/modules.txt +++ b/go/ql/test/library-tests/semmle/go/frameworks/Beego/vendor/modules.txt @@ -1,6 +1,10 @@ # github.com/astaxie/beego v1.12.3 ## explicit +github.com/astaxie/beego/utils github.com/astaxie/beego +github.com/astaxie/beego/context +github.com/astaxie/beego/logs # github.com/beego/beego/v2 v2.1.2 ## explicit -github.com/beego/beego/v2 +github.com/beego/beego/v2/server/web +github.com/beego/beego/v2/server/web/context diff --git a/go/ql/test/library-tests/semmle/go/frameworks/ElazarlGoproxy/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/frameworks/ElazarlGoproxy/vendor/modules.txt index bf027718a74..d560618b74d 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/ElazarlGoproxy/vendor/modules.txt +++ b/go/ql/test/library-tests/semmle/go/frameworks/ElazarlGoproxy/vendor/modules.txt @@ -3,3 +3,4 @@ github.com/elazarl/goproxy # github.com/github/depstubber v0.0.0-20201214172518-12c3da4b7c9d ## explicit +github.com/github/depstubber diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Email/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/frameworks/Email/vendor/modules.txt index 4b7525957df..c964e33b1f6 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Email/vendor/modules.txt +++ b/go/ql/test/library-tests/semmle/go/frameworks/Email/vendor/modules.txt @@ -1,3 +1,3 @@ # github.com/sendgrid/sendgrid-go v3.5.0+incompatible ## explicit -github.com/sendgrid/sendgrid-go +github.com/sendgrid/sendgrid-go/helpers/mail diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Gin/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/frameworks/Gin/vendor/modules.txt index 5f2816316f4..4d249b53d1a 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Gin/vendor/modules.txt +++ b/go/ql/test/library-tests/semmle/go/frameworks/Gin/vendor/modules.txt @@ -1,3 +1,4 @@ # github.com/gin-gonic/gin v1.6.2 ## explicit github.com/gin-gonic/gin +github.com/gin-gonic/gin/binding diff --git a/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/vendor/modules.txt index 1884e9622af..4235d352598 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/vendor/modules.txt +++ b/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/vendor/modules.txt @@ -1,6 +1,11 @@ # go-micro.dev/v4 v4.10.2 ## explicit +go-micro.dev/v4/api +go-micro.dev/v4/client +go-micro.dev/v4/server go-micro.dev/v4 # google.golang.org/protobuf v1.28.1 ## explicit -google.golang.org/protobuf +google.golang.org/protobuf/proto +google.golang.org/protobuf/reflect/protoreflect +google.golang.org/protobuf/runtime/protoimpl diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Iris/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/frameworks/Iris/vendor/modules.txt index e3c62be74a7..8fdf3c4082d 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Iris/vendor/modules.txt +++ b/go/ql/test/library-tests/semmle/go/frameworks/Iris/vendor/modules.txt @@ -1,6 +1,6 @@ # github.com/kataras/iris/v12 v12.2.5 ## explicit -github.com/kataras/iris/v12 +github.com/kataras/iris/v12/context # github.com/Shopify/goreferrer v0.0.0-20220729165902-8cddb4f5de06 ## explicit github.com/Shopify/goreferrer diff --git a/go/ql/test/library-tests/semmle/go/frameworks/K8sIoApiCoreV1/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/frameworks/K8sIoApiCoreV1/vendor/modules.txt index bd3ad03a88b..859956613d5 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/K8sIoApiCoreV1/vendor/modules.txt +++ b/go/ql/test/library-tests/semmle/go/frameworks/K8sIoApiCoreV1/vendor/modules.txt @@ -1,6 +1,7 @@ # k8s.io/api v0.20.0 ## explicit -k8s.io/api +k8s.io/api/core/v1 +k8s.io/apimachinery/pkg/runtime # k8s.io/apimachinery v0.20.0 ## explicit -k8s.io/apimachinery +k8s.io/apimachinery/pkg/runtime diff --git a/go/ql/test/library-tests/semmle/go/frameworks/K8sIoApimachineryPkgRuntime/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/frameworks/K8sIoApimachineryPkgRuntime/vendor/modules.txt index 007fe13b0de..59d5b5f7464 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/K8sIoApimachineryPkgRuntime/vendor/modules.txt +++ b/go/ql/test/library-tests/semmle/go/frameworks/K8sIoApimachineryPkgRuntime/vendor/modules.txt @@ -1,3 +1,5 @@ # k8s.io/apimachinery v0.19.4 ## explicit -k8s.io/apimachinery +k8s.io/apimachinery/pkg/conversion +k8s.io/apimachinery/pkg/runtime +k8s.io/apimachinery/pkg/runtime/schema diff --git a/go/ql/test/library-tests/semmle/go/frameworks/K8sIoClientGo/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/frameworks/K8sIoClientGo/vendor/modules.txt index 7c2af624559..3b8636e54ea 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/K8sIoClientGo/vendor/modules.txt +++ b/go/ql/test/library-tests/semmle/go/frameworks/K8sIoClientGo/vendor/modules.txt @@ -18,7 +18,7 @@ golang.org/x/oauth2 golang.org/x/time # k8s.io/client-go v0.19.0 ## explicit -k8s.io/client-go +k8s.io/client-go/kubernetes/typed/core/v1 # k8s.io/utils v0.0.0-20201110183641-67b214c5f920 ## explicit k8s.io/utils diff --git a/go/ql/test/library-tests/semmle/go/frameworks/NoSQL/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/frameworks/NoSQL/vendor/modules.txt index efe6455326a..94d59ce4d62 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/NoSQL/vendor/modules.txt +++ b/go/ql/test/library-tests/semmle/go/frameworks/NoSQL/vendor/modules.txt @@ -1,6 +1,3 @@ -# go.mongodb.org/mongo-driver v1.3.2 -## explicit -go.mongodb.org/mongo-driver # github.com/couchbase/gocb/v2 v2.2.0 ## explicit github.com/couchbase/gocb/v2 @@ -10,6 +7,10 @@ github.com/google/uuid # github.com/opentracing/opentracing-go v1.2.0 ## explicit github.com/opentracing/opentracing-go +# go.mongodb.org/mongo-driver v1.3.2 +## explicit +go.mongodb.org/mongo-driver/bson +go.mongodb.org/mongo-driver/mongo # gopkg.in/couchbase/gocb.v1 v1.6.7 ## explicit gopkg.in/couchbase/gocb.v1 diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Revel/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/frameworks/Revel/vendor/modules.txt index fe1af187494..b674df40109 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Revel/vendor/modules.txt +++ b/go/ql/test/library-tests/semmle/go/frameworks/Revel/vendor/modules.txt @@ -3,7 +3,9 @@ github.com/go-stack/stack # github.com/revel/modules v1.0.0 ## explicit -github.com/revel/modules +github.com/revel/modules/orm/gorp/app/controllers +github.com/revel/modules/static/app/controllers # github.com/revel/revel v1.0.0 ## explicit github.com/revel/revel +github.com/revel/revel/logger diff --git a/go/ql/test/library-tests/semmle/go/frameworks/SQL/gogf/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/frameworks/SQL/gogf/vendor/modules.txt index 72560d0da5e..d3645e863f4 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/SQL/gogf/vendor/modules.txt +++ b/go/ql/test/library-tests/semmle/go/frameworks/SQL/gogf/vendor/modules.txt @@ -1,6 +1,7 @@ # github.com/gogf/gf v1.16.9 ## explicit -github.com/gogf/gf +github.com/gogf/gf/database/gdb +github.com/gogf/gf/frame/g # github.com/BurntSushi/toml v0.3.1 ## explicit github.com/BurntSushi/toml diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Spew/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/frameworks/Spew/vendor/modules.txt index 9e9ed5edf64..5d0fa4c56ac 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Spew/vendor/modules.txt +++ b/go/ql/test/library-tests/semmle/go/frameworks/Spew/vendor/modules.txt @@ -1,6 +1,6 @@ # github.com/davecgh/go-spew v1.1.1 ## explicit -github.com/davecgh/go-spew +github.com/davecgh/go-spew/spew # github.com/github/depstubber v0.0.0-20200916130315-f3217697abd4 ## explicit github.com/github/depstubber diff --git a/go/ql/test/library-tests/semmle/go/frameworks/SystemCommandExecutors/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/frameworks/SystemCommandExecutors/vendor/modules.txt index 2fdb2ae4eae..d6e69c7b298 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/SystemCommandExecutors/vendor/modules.txt +++ b/go/ql/test/library-tests/semmle/go/frameworks/SystemCommandExecutors/vendor/modules.txt @@ -3,4 +3,4 @@ github.com/codeskyblue/go-sh # golang.org/x/crypto v0.0.0-20200323165209-0ec3e9974c59 ## explicit -golang.org/x/crypto +golang.org/x/crypto/ssh diff --git a/go/ql/test/library-tests/semmle/go/frameworks/WebSocket/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/frameworks/WebSocket/vendor/modules.txt index 43950046ca3..ea1d1721a31 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/WebSocket/vendor/modules.txt +++ b/go/ql/test/library-tests/semmle/go/frameworks/WebSocket/vendor/modules.txt @@ -9,7 +9,7 @@ github.com/gorilla/websocket github.com/sacOO7/gowebsocket # golang.org/x/net v0.0.0-20200505041828-1ed23360d12c ## explicit -golang.org/x/net +golang.org/x/net/websocket # nhooyr.io/websocket v1.8.5 ## explicit nhooyr.io/websocket diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Zap/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/frameworks/Zap/vendor/modules.txt index 81aa5380f12..d6c25845fd4 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Zap/vendor/modules.txt +++ b/go/ql/test/library-tests/semmle/go/frameworks/Zap/vendor/modules.txt @@ -1,3 +1,4 @@ # go.uber.org/zap v1.16.0 ## explicit go.uber.org/zap +go.uber.org/zap/zapcore diff --git a/go/ql/test/query-tests/Security/CWE-020/IncompleteHostnameRegexp/vendor/modules.txt b/go/ql/test/query-tests/Security/CWE-020/IncompleteHostnameRegexp/vendor/modules.txt index bf027718a74..a81e0c273fa 100644 --- a/go/ql/test/query-tests/Security/CWE-020/IncompleteHostnameRegexp/vendor/modules.txt +++ b/go/ql/test/query-tests/Security/CWE-020/IncompleteHostnameRegexp/vendor/modules.txt @@ -1,5 +1,3 @@ # github.com/elazarl/goproxy v0.0.0-20201021153353-00ad82a08272 ## explicit github.com/elazarl/goproxy -# github.com/github/depstubber v0.0.0-20201214172518-12c3da4b7c9d -## explicit diff --git a/go/ql/test/query-tests/Security/CWE-079/vendor/modules.txt b/go/ql/test/query-tests/Security/CWE-079/vendor/modules.txt index 5e59711dd7b..f61f191db59 100644 --- a/go/ql/test/query-tests/Security/CWE-079/vendor/modules.txt +++ b/go/ql/test/query-tests/Security/CWE-079/vendor/modules.txt @@ -6,7 +6,7 @@ github.com/gobwas/ws github.com/gorilla/websocket # golang.org/x/net v0.0.0-20200505041828-1ed23360d12c ## explicit -golang.org/x/net +golang.org/x/net/websocket # nhooyr.io/websocket v1.8.5 ## explicit nhooyr.io/websocket diff --git a/go/ql/test/query-tests/Security/CWE-089/vendor/modules.txt b/go/ql/test/query-tests/Security/CWE-089/vendor/modules.txt index ddbc30953a2..b0de76d4f88 100644 --- a/go/ql/test/query-tests/Security/CWE-089/vendor/modules.txt +++ b/go/ql/test/query-tests/Security/CWE-089/vendor/modules.txt @@ -3,4 +3,6 @@ github.com/Masterminds/squirrel # go.mongodb.org/mongo-driver v1.3.3 ## explicit -go.mongodb.org/mongo-driver +go.mongodb.org/mongo-driver/mongo +go.mongodb.org/mongo-driver/mongo/options +go.mongodb.org/mongo-driver/bson diff --git a/go/ql/test/query-tests/Security/CWE-312/vendor/modules.txt b/go/ql/test/query-tests/Security/CWE-312/vendor/modules.txt index 23942432702..aa0c56a1a6f 100644 --- a/go/ql/test/query-tests/Security/CWE-312/vendor/modules.txt +++ b/go/ql/test/query-tests/Security/CWE-312/vendor/modules.txt @@ -9,7 +9,8 @@ github.com/sirupsen/logrus k8s.io/klog # github.com/golang/protobuf v1.4.2 ## explicit -github.com/golang/protobuf +github.com/golang/protobuf/proto # google.golang.org/protobuf v1.23.0 ## explicit -google.golang.org/protobuf +google.golang.org/protobuf/reflect/protoreflect +google.golang.org/protobuf/runtime/protoimpl diff --git a/go/ql/test/query-tests/Security/CWE-347/vendor/modules.txt b/go/ql/test/query-tests/Security/CWE-347/vendor/modules.txt index 01144bc9249..811980fafee 100644 --- a/go/ql/test/query-tests/Security/CWE-347/vendor/modules.txt +++ b/go/ql/test/query-tests/Security/CWE-347/vendor/modules.txt @@ -3,7 +3,7 @@ github.com/gin-gonic/gin # github.com/go-jose/go-jose/v3 v3.0.0 ## explicit -github.com/go-jose/go-jose/v3 +github.com/go-jose/go-jose/v3/jwt # github.com/golang-jwt/jwt/v5 v5.0.0 ## explicit github.com/golang-jwt/jwt/v5 diff --git a/go/ql/test/query-tests/Security/CWE-640/vendor/modules.txt b/go/ql/test/query-tests/Security/CWE-640/vendor/modules.txt index 4b7525957df..c964e33b1f6 100644 --- a/go/ql/test/query-tests/Security/CWE-640/vendor/modules.txt +++ b/go/ql/test/query-tests/Security/CWE-640/vendor/modules.txt @@ -1,3 +1,3 @@ # github.com/sendgrid/sendgrid-go v3.5.0+incompatible ## explicit -github.com/sendgrid/sendgrid-go +github.com/sendgrid/sendgrid-go/helpers/mail diff --git a/go/ql/test/query-tests/Security/CWE-643/vendor/modules.txt b/go/ql/test/query-tests/Security/CWE-643/vendor/modules.txt index 3f70fcb344d..a852f50be92 100644 --- a/go/ql/test/query-tests/Security/CWE-643/vendor/modules.txt +++ b/go/ql/test/query-tests/Security/CWE-643/vendor/modules.txt @@ -1,5 +1,6 @@ # github.com/ChrisTrenkamp/goxpath v0.0.0-20190607011252-c5096ec8773d ## explicit +github.com/ChrisTrenkamp/goxpath/tree github.com/ChrisTrenkamp/goxpath # github.com/antchfx/htmlquery v1.2.2 ## explicit @@ -18,10 +19,11 @@ github.com/antchfx/xpath github.com/go-xmlpath/xmlpath # github.com/jbowtie/gokogiri v0.0.0-20190301021639-37f655d3078f ## explicit -github.com/jbowtie/gokogiri +github.com/jbowtie/gokogiri/xpath +github.com/jbowtie/gokogiri/xml # github.com/lestrrat-go/libxml2 v0.0.0-20231124114421-99c71026c2f5 ## explicit -github.com/lestrrat-go/libxml2 +github.com/lestrrat-go/libxml2/parser # github.com/santhosh-tekuri/xpathparser v1.0.0 ## explicit github.com/santhosh-tekuri/xpathparser diff --git a/go/ql/test/query-tests/Security/CWE-798/vendor/modules.txt b/go/ql/test/query-tests/Security/CWE-798/vendor/modules.txt index 61fe07b4540..caa73317d56 100644 --- a/go/ql/test/query-tests/Security/CWE-798/vendor/modules.txt +++ b/go/ql/test/query-tests/Security/CWE-798/vendor/modules.txt @@ -6,7 +6,7 @@ github.com/appleboy/gin-jwt/v2 github.com/cristalhq/jwt/v3 # github.com/go-kit/kit v0.12.0 ## explicit -github.com/go-kit/kit +github.com/go-kit/kit/auth/jwt # github.com/gogf/gf-jwt/v2 v2.0.1 ## explicit github.com/gogf/gf-jwt/v2 @@ -18,13 +18,13 @@ github.com/golang-jwt/jwt/v4 github.com/iris-contrib/middleware/jwt # github.com/kataras/iris/v12 v12.2.0 ## explicit -github.com/kataras/iris/v12 +github.com/kataras/iris/v12/middleware/jwt # github.com/kataras/jwt v0.1.8 ## explicit github.com/kataras/jwt # github.com/lestrrat/go-jwx v0.9.1 ## explicit -github.com/lestrrat/go-jwx +github.com/lestrrat/go-jwx/jwk # github.com/square/go-jose/v3 v3.0.0-20200630053402-0a67ce9b0693 ## explicit github.com/square/go-jose/v3 diff --git a/go/ql/test/query-tests/Security/CWE-918/vendor/modules.txt b/go/ql/test/query-tests/Security/CWE-918/vendor/modules.txt index 319b30b771b..a440f984681 100644 --- a/go/ql/test/query-tests/Security/CWE-918/vendor/modules.txt +++ b/go/ql/test/query-tests/Security/CWE-918/vendor/modules.txt @@ -9,7 +9,7 @@ github.com/gorilla/websocket github.com/sacOO7/gowebsocket # golang.org/x/net v0.0.0-20200421231249-e086a090c8fd ## explicit -golang.org/x/net +golang.org/x/net/websocket # nhooyr.io/websocket v1.8.5 ## explicit nhooyr.io/websocket From 40768332d897d31ca57fddc4ffd53cb63350c7ec Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 20 Mar 2025 12:32:12 +0000 Subject: [PATCH 006/409] Remove empty imports from stubs --- .../concepts/LoggerCall/vendor/github.com/golang/glog/stub.go | 2 -- .../semmle/go/concepts/LoggerCall/vendor/k8s.io/klog/stub.go | 2 -- .../vendor/github.com/sendgrid/sendgrid-go/helpers/mail/stub.go | 2 -- .../frameworks/K8sIoApiCoreV1/vendor/k8s.io/api/core/v1/stub.go | 2 -- .../vendor/k8s.io/apimachinery/pkg/runtime/stub.go | 2 -- .../vendor/k8s.io/apimachinery/pkg/runtime/schema/stub.go | 2 -- .../vendor/go.mongodb.org/mongo-driver/bson/primitive/stub.go | 2 -- .../Security/CWE-312/vendor/github.com/golang/glog/stub.go | 2 -- .../query-tests/Security/CWE-312/vendor/k8s.io/klog/stub.go | 2 -- .../vendor/github.com/sendgrid/sendgrid-go/helpers/mail/stub.go | 2 -- .../CWE-643/vendor/github.com/antchfx/htmlquery/stub.go | 2 -- .../CWE-643/vendor/github.com/antchfx/jsonquery/stub.go | 2 -- .../filters/ClassifyFiles/vendor/github.com/onsi/ginkgo/stub.go | 2 -- .../filters/ClassifyFiles/vendor/github.com/onsi/gomega/stub.go | 2 -- 14 files changed, 28 deletions(-) diff --git a/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/github.com/golang/glog/stub.go b/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/github.com/golang/glog/stub.go index 7c4ffefc1e8..49f90bc21af 100644 --- a/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/github.com/golang/glog/stub.go +++ b/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/github.com/golang/glog/stub.go @@ -7,8 +7,6 @@ // Package glog is a stub of github.com/golang/glog, generated by depstubber. package glog -import () - func Error(_ ...interface{}) {} func ErrorDepth(_ int, _ ...interface{}) {} diff --git a/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/k8s.io/klog/stub.go b/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/k8s.io/klog/stub.go index d0357248812..0c29992abcf 100644 --- a/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/k8s.io/klog/stub.go +++ b/go/ql/test/library-tests/semmle/go/concepts/LoggerCall/vendor/k8s.io/klog/stub.go @@ -7,8 +7,6 @@ // Package klog is a stub of k8s.io/klog, generated by depstubber. package klog -import () - func Error(_ ...interface{}) {} func ErrorDepth(_ int, _ ...interface{}) {} diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Email/vendor/github.com/sendgrid/sendgrid-go/helpers/mail/stub.go b/go/ql/test/library-tests/semmle/go/frameworks/Email/vendor/github.com/sendgrid/sendgrid-go/helpers/mail/stub.go index cd1956cecc0..f5d9d9bbbef 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Email/vendor/github.com/sendgrid/sendgrid-go/helpers/mail/stub.go +++ b/go/ql/test/library-tests/semmle/go/frameworks/Email/vendor/github.com/sendgrid/sendgrid-go/helpers/mail/stub.go @@ -7,8 +7,6 @@ // Package mail is a stub of github.com/sendgrid/sendgrid-go/helpers/mail, generated by depstubber. package mail -import () - type Asm struct { GroupID int GroupsToDisplay []int diff --git a/go/ql/test/library-tests/semmle/go/frameworks/K8sIoApiCoreV1/vendor/k8s.io/api/core/v1/stub.go b/go/ql/test/library-tests/semmle/go/frameworks/K8sIoApiCoreV1/vendor/k8s.io/api/core/v1/stub.go index 1c9a8e0dfdd..e5f5c4ffa01 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/K8sIoApiCoreV1/vendor/k8s.io/api/core/v1/stub.go +++ b/go/ql/test/library-tests/semmle/go/frameworks/K8sIoApiCoreV1/vendor/k8s.io/api/core/v1/stub.go @@ -7,8 +7,6 @@ // Package core is a stub of k8s.io/api/core/v1, generated by depstubber. package core -import () - type Secret struct { TypeMeta interface{} ObjectMeta interface{} diff --git a/go/ql/test/library-tests/semmle/go/frameworks/K8sIoApiCoreV1/vendor/k8s.io/apimachinery/pkg/runtime/stub.go b/go/ql/test/library-tests/semmle/go/frameworks/K8sIoApiCoreV1/vendor/k8s.io/apimachinery/pkg/runtime/stub.go index bb7bf043197..2655b31d450 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/K8sIoApiCoreV1/vendor/k8s.io/apimachinery/pkg/runtime/stub.go +++ b/go/ql/test/library-tests/semmle/go/frameworks/K8sIoApiCoreV1/vendor/k8s.io/apimachinery/pkg/runtime/stub.go @@ -7,8 +7,6 @@ // Package runtime is a stub of k8s.io/apimachinery/pkg/runtime, generated by depstubber. package runtime -import () - type ProtobufMarshaller interface { MarshalTo(_ []byte) (int, error) } diff --git a/go/ql/test/library-tests/semmle/go/frameworks/K8sIoApimachineryPkgRuntime/vendor/k8s.io/apimachinery/pkg/runtime/schema/stub.go b/go/ql/test/library-tests/semmle/go/frameworks/K8sIoApimachineryPkgRuntime/vendor/k8s.io/apimachinery/pkg/runtime/schema/stub.go index 58c86777a1c..2d58b01f8ea 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/K8sIoApimachineryPkgRuntime/vendor/k8s.io/apimachinery/pkg/runtime/schema/stub.go +++ b/go/ql/test/library-tests/semmle/go/frameworks/K8sIoApimachineryPkgRuntime/vendor/k8s.io/apimachinery/pkg/runtime/schema/stub.go @@ -7,8 +7,6 @@ // Package schema is a stub of k8s.io/apimachinery/pkg/runtime/schema, generated by depstubber. package schema -import () - type GroupKind struct { Group string Kind string diff --git a/go/ql/test/query-tests/Security/CWE-089/vendor/go.mongodb.org/mongo-driver/bson/primitive/stub.go b/go/ql/test/query-tests/Security/CWE-089/vendor/go.mongodb.org/mongo-driver/bson/primitive/stub.go index 6f07aaff4ee..3349209245a 100644 --- a/go/ql/test/query-tests/Security/CWE-089/vendor/go.mongodb.org/mongo-driver/bson/primitive/stub.go +++ b/go/ql/test/query-tests/Security/CWE-089/vendor/go.mongodb.org/mongo-driver/bson/primitive/stub.go @@ -7,8 +7,6 @@ // Package primitive is a stub of go.mongodb.org/mongo-driver/bson/primitive, generated by depstubber. package primitive -import () - type D []E func (_ D) Map() M { diff --git a/go/ql/test/query-tests/Security/CWE-312/vendor/github.com/golang/glog/stub.go b/go/ql/test/query-tests/Security/CWE-312/vendor/github.com/golang/glog/stub.go index cdd12b34901..932a5e6fc25 100644 --- a/go/ql/test/query-tests/Security/CWE-312/vendor/github.com/golang/glog/stub.go +++ b/go/ql/test/query-tests/Security/CWE-312/vendor/github.com/golang/glog/stub.go @@ -7,6 +7,4 @@ // Package glog is a stub of github.com/golang/glog, generated by depstubber. package glog -import () - func Info(_ ...interface{}) {} diff --git a/go/ql/test/query-tests/Security/CWE-312/vendor/k8s.io/klog/stub.go b/go/ql/test/query-tests/Security/CWE-312/vendor/k8s.io/klog/stub.go index 7dbaa5001fc..db9ede2303e 100644 --- a/go/ql/test/query-tests/Security/CWE-312/vendor/k8s.io/klog/stub.go +++ b/go/ql/test/query-tests/Security/CWE-312/vendor/k8s.io/klog/stub.go @@ -7,6 +7,4 @@ // Package klog is a stub of k8s.io/klog, generated by depstubber. package klog -import () - func Info(_ ...interface{}) {} diff --git a/go/ql/test/query-tests/Security/CWE-640/vendor/github.com/sendgrid/sendgrid-go/helpers/mail/stub.go b/go/ql/test/query-tests/Security/CWE-640/vendor/github.com/sendgrid/sendgrid-go/helpers/mail/stub.go index cd1956cecc0..f5d9d9bbbef 100644 --- a/go/ql/test/query-tests/Security/CWE-640/vendor/github.com/sendgrid/sendgrid-go/helpers/mail/stub.go +++ b/go/ql/test/query-tests/Security/CWE-640/vendor/github.com/sendgrid/sendgrid-go/helpers/mail/stub.go @@ -7,8 +7,6 @@ // Package mail is a stub of github.com/sendgrid/sendgrid-go/helpers/mail, generated by depstubber. package mail -import () - type Asm struct { GroupID int GroupsToDisplay []int diff --git a/go/ql/test/query-tests/Security/CWE-643/vendor/github.com/antchfx/htmlquery/stub.go b/go/ql/test/query-tests/Security/CWE-643/vendor/github.com/antchfx/htmlquery/stub.go index 0bac0acfe55..7a41d8f9883 100644 --- a/go/ql/test/query-tests/Security/CWE-643/vendor/github.com/antchfx/htmlquery/stub.go +++ b/go/ql/test/query-tests/Security/CWE-643/vendor/github.com/antchfx/htmlquery/stub.go @@ -7,8 +7,6 @@ // Package htmlquery is a stub of github.com/antchfx/htmlquery, generated by depstubber. package htmlquery -import () - func Find(_ interface{}, _ string) []interface{} { return nil } diff --git a/go/ql/test/query-tests/Security/CWE-643/vendor/github.com/antchfx/jsonquery/stub.go b/go/ql/test/query-tests/Security/CWE-643/vendor/github.com/antchfx/jsonquery/stub.go index 2948daae031..4abcf002faa 100644 --- a/go/ql/test/query-tests/Security/CWE-643/vendor/github.com/antchfx/jsonquery/stub.go +++ b/go/ql/test/query-tests/Security/CWE-643/vendor/github.com/antchfx/jsonquery/stub.go @@ -7,8 +7,6 @@ // Package jsonquery is a stub of github.com/antchfx/jsonquery, generated by depstubber. package jsonquery -import () - func Find(_ *Node, _ string) []*Node { return nil } diff --git a/go/ql/test/query-tests/filters/ClassifyFiles/vendor/github.com/onsi/ginkgo/stub.go b/go/ql/test/query-tests/filters/ClassifyFiles/vendor/github.com/onsi/ginkgo/stub.go index fcf8b8b5683..20f179c9002 100644 --- a/go/ql/test/query-tests/filters/ClassifyFiles/vendor/github.com/onsi/ginkgo/stub.go +++ b/go/ql/test/query-tests/filters/ClassifyFiles/vendor/github.com/onsi/ginkgo/stub.go @@ -7,8 +7,6 @@ // Package ginkgo is a stub of github.com/onsi/ginkgo, generated by depstubber. package ginkgo -import () - func Fail(_ string, _ ...int) {} type GinkgoTestingT interface { diff --git a/go/ql/test/query-tests/filters/ClassifyFiles/vendor/github.com/onsi/gomega/stub.go b/go/ql/test/query-tests/filters/ClassifyFiles/vendor/github.com/onsi/gomega/stub.go index 27fa1387b46..61c9db70ad6 100644 --- a/go/ql/test/query-tests/filters/ClassifyFiles/vendor/github.com/onsi/gomega/stub.go +++ b/go/ql/test/query-tests/filters/ClassifyFiles/vendor/github.com/onsi/gomega/stub.go @@ -7,6 +7,4 @@ // Package gomega is a stub of github.com/onsi/gomega, generated by depstubber. package gomega -import () - func RegisterFailHandler(_ interface{}) {} From 6147f0a8734c26ac0912f3404301e0da0c730564 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 20 Mar 2025 12:32:56 +0000 Subject: [PATCH 007/409] Fix outdated depstubber command --- .../semmle/go/frameworks/SQL/pg.go | 2 +- .../vendor/github.com/go-pg/pg/orm/stub.go | 45 ++++++++++++------- 2 files changed, 30 insertions(+), 17 deletions(-) diff --git a/go/ql/test/library-tests/semmle/go/frameworks/SQL/pg.go b/go/ql/test/library-tests/semmle/go/frameworks/SQL/pg.go index 09ffa084fe0..7cd76f715c9 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/SQL/pg.go +++ b/go/ql/test/library-tests/semmle/go/frameworks/SQL/pg.go @@ -1,7 +1,7 @@ package main //go:generate depstubber -vendor github.com/go-pg/pg Conn,DB,Tx Q -//go:generate depstubber -vendor github.com/go-pg/pg/orm Query Q +//go:generate depstubber -vendor github.com/go-pg/pg/orm Query,Formatter Q //go:generate depstubber -vendor github.com/go-pg/pg/v9 Conn,DB,Tx Q import ( diff --git a/go/ql/test/library-tests/semmle/go/frameworks/SQL/vendor/github.com/go-pg/pg/orm/stub.go b/go/ql/test/library-tests/semmle/go/frameworks/SQL/vendor/github.com/go-pg/pg/orm/stub.go index 1d049c8a9a3..1214ad0492d 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/SQL/vendor/github.com/go-pg/pg/orm/stub.go +++ b/go/ql/test/library-tests/semmle/go/frameworks/SQL/vendor/github.com/go-pg/pg/orm/stub.go @@ -2,7 +2,7 @@ // This is a simple stub for github.com/go-pg/pg/orm, strictly for use in testing. // See the LICENSE file for information about the licensing of the original library. -// Source: github.com/go-pg/pg/orm (exports: Query, Formatter; functions: Q) +// Source: github.com/go-pg/pg/orm (exports: Query,Formatter; functions: Q) // Package orm is a stub of github.com/go-pg/pg/orm, generated by depstubber. package orm @@ -94,6 +94,34 @@ func (_ *Field) Value(_ reflect.Value) reflect.Value { return reflect.Value{} } +type Formatter struct{} + +func (_ Formatter) Append(_ []byte, _ string, _ ...interface{}) []byte { + return nil +} + +func (_ Formatter) AppendBytes(_ []byte, _ []byte, _ ...interface{}) []byte { + return nil +} + +func (_ Formatter) FormatQuery(_ []byte, _ string, _ ...interface{}) []byte { + return nil +} + +func (_ Formatter) Param(_ string) interface{} { + return nil +} + +func (_ Formatter) String() string { + return "" +} + +func (_ Formatter) WithParam(_ string, _ interface{}) Formatter { + return Formatter{} +} + +func (_ *Formatter) SetParam(_ string, _ interface{}) {} + type Method struct { Index int } @@ -491,18 +519,3 @@ type TableModel interface { Table() *Table Value() reflect.Value } - -type Formatter struct { -} - -func (f Formatter) Append(dst []byte, src string, params ...interface{}) []byte { - return nil -} - -func (f Formatter) AppendBytes(dst, src []byte, params ...interface{}) []byte { - return nil -} - -func (f Formatter) FormatQuery(dst []byte, query string, params ...interface{}) []byte { - return nil -} From 7e04a9f6c0e33e06e21d178a224201dd5b3085b8 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 20 Mar 2025 12:33:39 +0000 Subject: [PATCH 008/409] Improve stubs (made by old version of depstubber?) --- .../github.com/codeskyblue/go-sh/stub.go | 45 ++++--------- .../vendor/golang.org/x/crypto/ssh/stub.go | 67 +++++-------------- 2 files changed, 31 insertions(+), 81 deletions(-) diff --git a/go/ql/test/library-tests/semmle/go/frameworks/SystemCommandExecutors/vendor/github.com/codeskyblue/go-sh/stub.go b/go/ql/test/library-tests/semmle/go/frameworks/SystemCommandExecutors/vendor/github.com/codeskyblue/go-sh/stub.go index 229a2114569..ae0660e5633 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/SystemCommandExecutors/vendor/github.com/codeskyblue/go-sh/stub.go +++ b/go/ql/test/library-tests/semmle/go/frameworks/SystemCommandExecutors/vendor/github.com/codeskyblue/go-sh/stub.go @@ -1,10 +1,11 @@ // Code generated by depstubber. DO NOT EDIT. // This is a simple stub for github.com/codeskyblue/go-sh, strictly for use in testing. +// See the LICENSE file for information about the licensing of the original library. // Source: github.com/codeskyblue/go-sh (exports: ; functions: Command,InteractiveSession) -// Package go_sh is a stub of github.com/codeskyblue/go-sh, generated by depstubber. -package go_sh +// Package go_pkg is a stub of github.com/codeskyblue/go-sh, generated by depstubber. +package go_pkg import ( io "io" @@ -32,15 +33,11 @@ type Session struct { func (_ *Session) Alias(_ string, _ string, _ ...string) {} -func (_ *Session) Call(_ string, _ ...interface{}) interface { - Error() string -} { +func (_ *Session) Call(_ string, _ ...interface{}) error { return nil } -func (_ *Session) CombinedOutput() ([]uint8, interface { - Error() string -}) { +func (_ *Session) CombinedOutput() ([]byte, error) { return nil, nil } @@ -50,15 +47,11 @@ func (_ *Session) Command(_ string, _ ...interface{}) *Session { func (_ *Session) Kill(_ os.Signal) {} -func (_ *Session) Output() ([]uint8, interface { - Error() string -}) { +func (_ *Session) Output() ([]byte, error) { return nil, nil } -func (_ *Session) Run() interface { - Error() string -} { +func (_ *Session) Run() error { return nil } @@ -82,9 +75,7 @@ func (_ *Session) SetTimeout(_ time.Duration) *Session { return nil } -func (_ *Session) Start() interface { - Error() string -} { +func (_ *Session) Start() error { return nil } @@ -92,32 +83,22 @@ func (_ *Session) Test(_ string, _ string) bool { return false } -func (_ *Session) UnmarshalJSON(_ interface{}) interface { - Error() string -} { +func (_ *Session) UnmarshalJSON(_ interface{}) error { return nil } -func (_ *Session) UnmarshalXML(_ interface{}) interface { - Error() string -} { +func (_ *Session) UnmarshalXML(_ interface{}) error { return nil } -func (_ *Session) Wait() interface { - Error() string -} { +func (_ *Session) Wait() error { return nil } -func (_ *Session) WaitTimeout(_ time.Duration) interface { - Error() string -} { +func (_ *Session) WaitTimeout(_ time.Duration) error { return nil } -func (_ *Session) WriteStdout(_ string) interface { - Error() string -} { +func (_ *Session) WriteStdout(_ string) error { return nil } diff --git a/go/ql/test/library-tests/semmle/go/frameworks/SystemCommandExecutors/vendor/golang.org/x/crypto/ssh/stub.go b/go/ql/test/library-tests/semmle/go/frameworks/SystemCommandExecutors/vendor/golang.org/x/crypto/ssh/stub.go index 9d1aab65e3c..0c0c3d879bb 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/SystemCommandExecutors/vendor/golang.org/x/crypto/ssh/stub.go +++ b/go/ql/test/library-tests/semmle/go/frameworks/SystemCommandExecutors/vendor/golang.org/x/crypto/ssh/stub.go @@ -1,6 +1,7 @@ // Code generated by depstubber. DO NOT EDIT. // This is a simple stub for golang.org/x/crypto/ssh, strictly for use in testing. +// See the LICENSE file for information about the licensing of the original library. // Source: golang.org/x/crypto/ssh (exports: Session; functions: ) // Package ssh is a stub of golang.org/x/crypto/ssh, generated by depstubber. @@ -16,102 +17,70 @@ type Session struct { Stderr io.Writer } -func (_ *Session) Close() interface { - Error() string -} { +func (_ *Session) Close() error { return nil } -func (_ *Session) CombinedOutput(_ string) ([]uint8, interface { - Error() string -}) { +func (_ *Session) CombinedOutput(_ string) ([]byte, error) { return nil, nil } -func (_ *Session) Output(_ string) ([]uint8, interface { - Error() string -}) { +func (_ *Session) Output(_ string) ([]byte, error) { return nil, nil } -func (_ *Session) RequestPty(_ string, _ int, _ int, _ TerminalModes) interface { - Error() string -} { +func (_ *Session) RequestPty(_ string, _ int, _ int, _ TerminalModes) error { return nil } -func (_ *Session) RequestSubsystem(_ string) interface { - Error() string -} { +func (_ *Session) RequestSubsystem(_ string) error { return nil } -func (_ *Session) Run(_ string) interface { - Error() string -} { +func (_ *Session) Run(_ string) error { return nil } -func (_ *Session) SendRequest(_ string, _ bool, _ []uint8) (bool, interface { - Error() string -}) { +func (_ *Session) SendRequest(_ string, _ bool, _ []byte) (bool, error) { return false, nil } -func (_ *Session) Setenv(_ string, _ string) interface { - Error() string -} { +func (_ *Session) Setenv(_ string, _ string) error { return nil } -func (_ *Session) Shell() interface { - Error() string -} { +func (_ *Session) Shell() error { return nil } -func (_ *Session) Signal(_ Signal) interface { - Error() string -} { +func (_ *Session) Signal(_ Signal) error { return nil } -func (_ *Session) Start(_ string) interface { - Error() string -} { +func (_ *Session) Start(_ string) error { return nil } -func (_ *Session) StderrPipe() (io.Reader, interface { - Error() string -}) { +func (_ *Session) StderrPipe() (io.Reader, error) { return nil, nil } -func (_ *Session) StdinPipe() (io.WriteCloser, interface { - Error() string -}) { +func (_ *Session) StdinPipe() (io.WriteCloser, error) { return nil, nil } -func (_ *Session) StdoutPipe() (io.Reader, interface { - Error() string -}) { +func (_ *Session) StdoutPipe() (io.Reader, error) { return nil, nil } -func (_ *Session) Wait() interface { - Error() string -} { +func (_ *Session) Wait() error { return nil } -func (_ *Session) WindowChange(_ int, _ int) interface { - Error() string -} { +func (_ *Session) WindowChange(_ int, _ int) error { return nil } type Signal string -type TerminalModes map[uint8]uint32 +type TerminalModes map[byte]uint32 From 19f009ae0807d1d143d1ac648b65121cc971f1d1 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 10 Dec 2024 16:48:13 +0000 Subject: [PATCH 009/409] Rust: Add tests for various kinds of dangling pointers. --- .../security/CWE-825/deallocation.rs | 149 +++++++ .../query-tests/security/CWE-825/lifetime.rs | 410 ++++++++++++++++++ .../test/query-tests/security/CWE-825/main.rs | 157 +++++++ .../query-tests/security/CWE-825/options.yml | 3 + .../security/CWE-825/rust-toolchain.toml | 2 + 5 files changed, 721 insertions(+) create mode 100644 rust/ql/test/query-tests/security/CWE-825/deallocation.rs create mode 100644 rust/ql/test/query-tests/security/CWE-825/lifetime.rs create mode 100644 rust/ql/test/query-tests/security/CWE-825/main.rs create mode 100644 rust/ql/test/query-tests/security/CWE-825/options.yml create mode 100644 rust/ql/test/query-tests/security/CWE-825/rust-toolchain.toml diff --git a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs new file mode 100644 index 00000000000..1ad8d72c008 --- /dev/null +++ b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs @@ -0,0 +1,149 @@ + +// --- std::alloc --- + +pub fn test_alloc(do_dangerous_writes: bool) { + let layout = std::alloc::Layout::new::(); + unsafe { + let m1 = std::alloc::alloc(layout); // *mut u8 + let m2 = m1 as *mut i64; // *mut i64 + *m2 = 1; // GOOD + + let v1 = *m1; // GOOD + let v2 = *m2; // GOOD + let v3 = std::ptr::read::(m1); // GOOD + let v4 = std::ptr::read::(m2); // GOOD + println!(" v1 = {v1}"); + println!(" v2 = {v2}"); + println!(" v3 = {v3}"); + println!(" v4 = {v4}"); + + std::alloc::dealloc(m1, layout); // m1, m2 are now dangling + + let v5 = *m1; // $ MISSING: Alert + let v6 = *m2; // $ MISSING: Alert + let v7 = std::ptr::read::(m1); // $ MISSING: Alert + let v8 = std::ptr::read::(m2); // $ MISSING: Alert + println!(" v5 = {v5} (!)"); // corrupt in practice + println!(" v6 = {v6} (!)"); // corrupt in practice + println!(" v7 = {v7} (!)"); // corrupt in practice + println!(" v8 = {v8} (!)"); // corrupt in practice + + if do_dangerous_writes { + *m1 = 2; // $ MISSING: Alert + *m2 = 3; // $ MISSING: Alert + std::ptr::write::(m1, 4); // $ MISSING: Alert + std::ptr::write::(m2, 5); // $ MISSING: Alert + } + } +} + +pub fn test_alloc_array(do_dangerous_writes: bool) { + let layout = std::alloc::Layout::new::<[u8; 10]>(); + unsafe { + let m1 = std::alloc::alloc(layout); + let m2 = m1 as *mut [u8; 10]; + (*m2)[0] = 4; // GOOD + (*m2)[1] = 5; // GOOD + + let v1 = (*m2)[0]; // GOOD + let v2 = (*m2)[1]; // GOOD + println!(" v1 = {v1}"); + println!(" v2 = {v2}"); + + std::alloc::dealloc(m2 as *mut u8, layout); // m1, m2 are now dangling + + let v3 = (*m2)[0]; // $ MISSING: Alert + let v4 = (*m2)[1]; // $ MISSING: Alert + println!(" v3 = {v3} (!)"); // corrupt in practice + println!(" v4 = {v4} (!)"); // corrupt in practice + + if do_dangerous_writes { + (*m2)[0] = 3; // $ MISSING: Alert + (*m2)[1] = 4; // $ MISSING: Alert + std::ptr::write::(m1, 5); // $ MISSING: Alert + std::ptr::write::<[u8; 10]>(m2, [6; 10]); // $ MISSING: Alert + } + } +} + +// --- libc::malloc --- + +pub fn test_libc() { + unsafe { + let my_ptr = libc::malloc(256) as *mut i64; + *my_ptr = 10; + + let v1 = *my_ptr; // GOOD + println!(" v1 = {v1}"); + + libc::free(my_ptr as *mut libc::c_void); // my_ptr is now dangling + + let v2 = *my_ptr; // $ MISSING: Alert + println!(" v2 = {v2} (!)"); // corrupt in practice + } +} + +// --- std::ptr --- + +pub fn test_ptr_invalid(do_dangerous_accesses: bool) { + let p1: *const i64 = std::ptr::dangling(); + let p2: *mut i64 = std::ptr::dangling_mut(); + let p3: *const i64 = std::ptr::null(); + + if do_dangerous_accesses { + unsafe { + // (a segmentation fault occurs in the code below) + let v1 = *p1; // $ MISSING: Alert + let v2 = *p2; // $ MISSING: Alert + let v3 = *p3; // $ MISSING: Alert + println!(" v1 = {v1} (!)"); + println!(" v2 = {v2} (!)"); + println!(" v3 = {v3} (!)"); + } + } +} + +// --- drop --- + +struct MyBuffer { + data: Vec +} + +pub fn test_drop() { + let my_buffer = MyBuffer { data: vec!(1, 2, 3) }; + let p1 = std::ptr::addr_of!(my_buffer); + + unsafe { + let v1 = (*p1).data[0]; // GOOD + println!(" v1 = {v1}"); + } + + drop(my_buffer); // explicitly destructs the `my_buffer` variable + + unsafe { + let v2 = (*p1).data[0]; // $ MISSING: Alert + println!(" v2 = {v2} (!)"); // corrupt in practice + } +} + +pub fn test_ptr_drop() { + let layout = std::alloc::Layout::new::>(); + unsafe { + let p1 = std::alloc::alloc(layout) as *mut Vec; // *mut i64 + let p2 = p1; + + *p1 = vec!(1, 2, 3); + + let v1 = (*p1)[0]; // GOOD + let v2 = (*p2)[0]; // GOOD + println!(" v1 = {v1}"); + println!(" v2 = {v2}"); + + std::ptr::drop_in_place(p1); // explicitly destructs the pointed-to `m2` + + let v3 = (*p1)[0]; // $ MISSING: Alert + let v4 = (*p2)[0]; // $ MISSING: Alert + println!(" v3 = {v3} (!)"); // corrupt in practice + println!(" v4 = {v4} (!)"); // corrupt in practice + } +} diff --git a/rust/ql/test/query-tests/security/CWE-825/lifetime.rs b/rust/ql/test/query-tests/security/CWE-825/lifetime.rs new file mode 100644 index 00000000000..49b0678b035 --- /dev/null +++ b/rust/ql/test/query-tests/security/CWE-825/lifetime.rs @@ -0,0 +1,410 @@ + +fn use_the_stack() { + let _buffer: [u8; 256] = [0xFF; 256]; +} + +struct MyValue { + value: i64 +} + +impl Drop for MyValue { + fn drop(&mut self) { + println!(" drop MyValue '{}'", self.value) + } +} + +// --- local dangling --- + +fn get_local_dangling() -> *const i64 { + let my_local1: i64 = 1; + + return &my_local1; +} // (return value immediately becomes dangling) + +fn get_local_dangling_mut() -> *mut i64 { + let mut my_local2: i64 = 2; + + return &mut my_local2; +} // (return value immediately becomes dangling) + +fn get_local_dangling_raw_const() -> *const i64 { + let my_local3: i64 = 3; + + return &raw const my_local3; +} // (return value immediately becomes dangling) + +fn get_local_dangling_raw_mut() -> *mut i64 { + let mut my_local4: i64 = 4; + + return &raw mut my_local4; +} // (return value immediately becomes dangling) + +fn get_param_dangling(param5: i64) -> *const i64 { + return ¶m5; +} // (return value immediately becomes dangling) + +fn get_local_field_dangling() -> *const i64 { + let val: MyValue; + + val = MyValue { value: 6 }; + return &val.value; +} + +pub fn test_local_dangling() { + let p1 = get_local_dangling(); + let p2 = get_local_dangling_mut(); + let p3 = get_local_dangling_raw_const(); + let p4 = get_local_dangling_raw_mut(); + let p5 = get_param_dangling(5); + let p6 = get_local_field_dangling(); + let p7: *const i64; + { + let my_local7 = 7; + p7 = &raw const my_local7; + } // (my_local goes out of scope, thus p7 is dangling) + + use_the_stack(); + + unsafe { + let v1 = *p1; // $ MISSING: Alert + let v2 = *p2; // $ MISSING: Alert + let v3 = *p3; // $ MISSING: Alert + let v4 = *p4; // $ MISSING: Alert + let v5 = *p5; // $ MISSING: Alert + let v6 = *p6; // $ MISSING: Alert + let v7 = *p7; // $ MISSING: Alert + *p2 = 8; // $ MISSING: Alert + *p4 = 9; // $ MISSING: Alert + + println!(" v1 = {v1} (!)"); // corrupt in practice + println!(" v2 = {v2} (!)"); // corrupt in practice + println!(" v3 = {v3} (!)"); // corrupt in practice + println!(" v4 = {v4} (!)"); // corrupt in practice + println!(" v5 = {v5} (!)"); // corrupt in practice + println!(" v6 = {v6} (!)"); // corrupt in practice + println!(" v7 = {v7} (!)"); + } +} + +// --- local in scope --- + +fn use_pointers(p1: *const i64, p2: *mut i64) { + let p3: *const i64; + let my_local1 = 1; + p3 = &my_local1; + + use_the_stack(); + + unsafe { + let v1 = *p1; // GOOD + let v2 = *p2; // GOOD + let v3 = *p3; // GOOD + *p2 = 2; // GOOD + println!(" v1 = {v1}"); + println!(" v2 = {v2}"); + println!(" v3 = {v3}"); + } +} + +pub fn test_local_in_scope() { + let my_local3: i64 = 3; + let mut my_local_mut4: i64 = 4; + + use_pointers(&my_local3, &mut my_local_mut4); +} + +// --- static lifetime --- + +const MY_GLOBAL_CONST: i64 = 1; + +fn get_const() -> *const i64 { + return &MY_GLOBAL_CONST; +} + +static mut MY_GLOBAL_STATIC: i64 = 2; + +fn get_static_mut() -> *mut i64 { + unsafe { + return &mut MY_GLOBAL_STATIC; + } +} + +pub fn test_static() { + let p1 = get_const(); + let p2 = get_static_mut(); + + use_the_stack(); + + unsafe { + let v1 = *p1; // GOOD + let v2 = *p2; // GOOD + *p2 = 3; // GOOD + println!(" v1 = {v1}"); + println!(" v2 = {v2}"); + } +} + +// --- call contexts --- + +fn access_ptr_1(ptr: *const i64) { + // only called with `ptr` safe + unsafe { + let v1 = *ptr; // GOOD + println!(" v1 = {v1}"); + } +} + +fn access_ptr_2(ptr: *const i64) { + // only called with `ptr` dangling + unsafe { + let v2 = *ptr; // $ MISSING: Alert + println!(" v2 = {v2} (!)"); // corrupt in practice + } +} + +fn access_ptr_3(ptr: *const i64) { + // called from contexts with `ptr` safe and dangling + unsafe { + let v3 = *ptr; // $ MISSING: Alert + println!(" v3 = {v3} (!)"); // corrupt in practice (in one context) + } +} + +fn access_and_get_dangling() -> *const i64 { + let my_local1 = 1; + let ptr = &my_local1; + + access_ptr_1(ptr); + access_ptr_3(ptr); + + return ptr; +} // (returned pointer becomes dangling) + +pub fn test_call_contexts() { + let ptr = access_and_get_dangling(); + + use_the_stack(); + + access_ptr_2(ptr); + access_ptr_3(ptr); +} + +// --- call contexts (recursive) --- + +fn access_ptr_rec(ptr_up: *const i64, count: i64) -> *const i64 { + let my_local_rec = count; + let ptr_ours = &my_local_rec; + + if count < 5 { + let ptr_down = access_ptr_rec(ptr_ours, count + 1); + + use_the_stack(); + + unsafe { + let v_up = *ptr_up; // GOOD + let v_ours = *ptr_ours; // GOOD + let v_down = *ptr_down; // $ MISSING: Alert + println!(" v_up = {v_up}"); + println!(" v_ours = {v_ours}"); + println!(" v_down = {v_down} (!)"); + } + } + + return ptr_ours; +} // (returned pointer becomes dangling) + +pub fn test_call_contexts_rec() { + let my_local_rec2 = 1; + let ptr_start = &my_local_rec2; + + _ = access_ptr_rec(ptr_start, 2); +} + +// --- loops --- + +pub fn test_loop() { + let my_local1 = vec!(0); + let mut prev: *const Vec = &my_local1; + + for i in 1..5 { + let my_local2 = vec!(i); + + use_the_stack(); + + unsafe { + let v1 = (*prev)[0]; // $ MISSING: Alert + println!(" v1 = {v1} (!)"); // incorrect values in practice (except first iteration) + } + + prev = &my_local2; + } // (my_local2 goes out of scope, thus prev is dangling) + + unsafe { + let v2 = (*prev)[0]; // $ MISSING: Alert + println!(" v2 = {v2} (!)"); // corrupt in practice + } +} + +// --- enum --- + +enum MyEnum { + Value(i64), +} + +impl Drop for MyEnum { + fn drop(&mut self) { + println!(" drop MyEnum"); + } +} + +pub fn test_enum() { + let result: *const i64; + + { + let e1 = MyEnum::Value(1); + + result = match e1 { + MyEnum::Value(x) => { &x } + }; // (x goes out of scope, so result is dangling, I think; seen in real world code) + + use_the_stack(); + + unsafe { + let v1 = *result; // $ MISSING: Alert + println!(" v1 = {v1}"); + } + } // (e1 goes out of scope, so result is definitely dangling now) + + use_the_stack(); + + unsafe { + let v2 = *result; // $ MISSING: Alert + println!(" v2 = {v2}"); // dropped in practice + } +} + +// --- std::ptr --- + +#[derive(Debug)] +struct MyPair { + a: i64, + b: i64 +} + +impl Drop for MyPair { + fn drop(&mut self) { + println!(" drop MyPair '{} {}'", self.a, self.b); + self.a = -1; + self.b = -1; + } +} + +pub fn test_ptr_to_struct() { + let p1: *mut MyPair; + let p2: *const i64; + let p3: *mut i64; + + { + let mut my_pair = MyPair { a: 1, b: 2}; + p1 = std::ptr::addr_of_mut!(my_pair); + p2 = std::ptr::addr_of!(my_pair.a); + p3 = std::ptr::addr_of_mut!(my_pair.b); + + unsafe { + let v1 = (*p1).a; // GOOD + let v2 = (*p1).b; // GOOD + let v3 = *p2; // GOOD + let v4 = *p3; // GOOD + (*p1).a = 3; // GOOD + (*p1).b = 4; // GOOD + *p3 = 5; // GOOD + println!(" v1 = {v1}"); + println!(" v2 = {v2}"); + println!(" v3 = {v3}"); + println!(" v4 = {v4}"); + } + }; // my_pair goes out of scope, thus p1, p2, p3 are dangling + + use_the_stack(); + + unsafe { + let v5 = (*p1).a; // $ MISSING: Alert + let v6 = (*p1).b; // $ MISSING: Alert + let v7 = *p2; // $ MISSING: Alert + let v8 = *p3; // $ MISSING: Alert + (*p1).a = 6; // $ MISSING: Alert + (*p1).b = 7; // $ MISSING: Alert + *p3 = 8; // $ MISSING: Alert + println!(" v5 = {v5} (!)"); // dropped in practice + println!(" v6 = {v6} (!)"); // dropped in practice + println!(" v7 = {v7} (!)"); // dropped in practice + println!(" v8 = {v8} (!)"); // dropped in practice + } +} + +fn get_ptr_from_ref(val: i32) -> *const i32 { + let my_val = val; + let r1: &i32 = &my_val; + let p1: *const i32 = std::ptr::from_ref(r1); + + unsafe { + let v1 = *p1; // GOOD + println!(" v1 = {v1}"); + } + + return p1; +} // (returned pointer becomes dangling) + +pub fn test_ptr_from_ref() { + let p1 = get_ptr_from_ref(1); + + use_the_stack(); + + unsafe { + let v2 = *p1; // $ MISSING: Alert + let v3 = *get_ptr_from_ref(2); // $ MISSING: Alert + println!(" v2 = {v2} (!)"); // corrupt in practice + println!(" v3 = {v3} (!)"); + } +} + +// --- std::rc (reference counting pointer) --- + +pub fn test_rc() { + let p1: *const i64; + let p2: *const i64; + + { + let rc1: std::rc::Rc = std::rc::Rc::new(1); + p1 = std::rc::Rc::::as_ptr(&rc1); + + { + let rc2: std::rc::Rc = std::rc::Rc::clone(&rc1); + p2 = std::rc::Rc::::as_ptr(&rc2); + + unsafe { + let v1 = *p1; // GOOD + let v2 = *p2; // GOOD + println!(" v1 = {v1}"); + println!(" v2 = {v2}"); + } + } // rc2 goes out of scope, but the reference count is still 1 so the pointer remains valid + + unsafe { + let v3 = *p1; // GOOD + let v4 = *p2; // GOOD + println!(" v3 = {v3}"); + println!(" v4 = {v4}"); + } + } // rc1 go out of scope, the reference count is 0, so p1, p2 are dangling + + unsafe { + let v5 = *p1; // $ MISSING: Alert + let v6 = *p2; // $ MISSING: Alert + println!(" v5 = {v5} (!)"); // corrupt in practice + println!(" v6 = {v6} (!)"); // corrupt in practice + } + + // note: simialar things are likely possible with Ref, RefMut, RefCell, + // Vec and others. +} diff --git a/rust/ql/test/query-tests/security/CWE-825/main.rs b/rust/ql/test/query-tests/security/CWE-825/main.rs new file mode 100644 index 00000000000..e7a2154c326 --- /dev/null +++ b/rust/ql/test/query-tests/security/CWE-825/main.rs @@ -0,0 +1,157 @@ +#![feature(box_as_ptr)] +#![feature(box_into_inner)] + +mod deallocation; +use deallocation::*; +mod lifetime; +use lifetime::*; + +fn use_the_heap() { + let _a = Box::new(0x7FFFFFFF); + let _b = Box::new(0x7FFFFFFF); +} + +// --- boxes --- + +pub fn test_boxes_into() { + let b1: Box = Box::new(7); // b1 owns the memory for '50' + let p1 = Box::as_ptr(&b1); // b1 still owns the memory + + unsafe { + let v1 = *p1; // GOOD + println!(" v1 = {v1}"); + } + + let v2 = Box::into_inner(b1); // b1 is explicitly freed here, thus p1 is dangling + println!(" v2 = {v2}"); + + unsafe { + let v3 = *p1; // $ MISSING: Alert + println!(" v3 = {v3} (!)"); // corrupt in practice + } +} + +pub fn test_boxes_1(do_dangerous_writes: bool) { + let p1: *const i64; + let p2: *const i64; + let p3: *mut i64; + + { + let b1: Box = Box::new(1); + p1 = Box::into_raw(b1); // now owned by p1 + + let b2: Box = Box::new(2); + p2 = Box::as_ptr(&b2); // still owned by b2 + + let mut b3: Box = Box::new(3); + p3 = Box::as_mut_ptr(&mut b3); // still owned by b3 + + unsafe { + let v1 = *p1; // GOOD + let v2 = *p2; // GOOD + let v3 = *p3; // GOOD + *p3 = 4; + + println!(" v1 = {v1}"); + println!(" v2 = {v2}"); + println!(" v3 = {v3}"); + } + } // (b2, b3 go out of scope, thus p2, p3 are dangling) + + unsafe { + let v4 = *p1; // GOOD + let v5 = *p2; // $ MISSING: Alert + let v6 = *p3; // $ MISSING: Alert + + if do_dangerous_writes { + *p3 = 5; // $ MISSING: Alert + use_the_heap(); // "malloc: Heap corruption detected" + } + + println!(" v4 = {v4}"); + println!(" v5 = {v5} (!)"); // corrupt in practice + println!(" v6 = {v6} (!)"); // corrupt in practice + } +} + +pub fn test_boxes_2() { + let b1: Box = Box::new(6); // b1 owns the memory + let p1 = Box::into_raw(b1); // now p1 owns the memory + + unsafe { + let _b2 = Box::from_raw(p1); // now _b2 owns the memory + + let v1 = *p1; // GOOD + println!(" v1 = {v1}"); + } // (_b2 goes out of scope, thus the memory is freed and p1 is dangling) + + unsafe { + let v2 = *p1; // $ MISSING: Alert + println!(" v2 = {v2} (!)"); // corrupt in practice + } +} + +// --- main --- + +fn main() { + println!("test_boxes_into:"); + test_boxes_into(); + + println!("test_boxes_1:"); + test_boxes_1(false); + + println!("test_boxes_2:"); + test_boxes_2(); + + // --- + + println!("test_alloc:"); + test_alloc(false); + + println!("test_alloc_array:"); + test_alloc_array(false); + + println!("test_libc:"); + test_libc(); + + println!("test_ptr_invalid:"); + test_ptr_invalid(false); + + println!("test_drop:"); + test_drop(); + + println!("test_ptr_drop:"); + test_ptr_drop(); + + // --- + + println!("test_local_dangling:"); + test_local_dangling(); + + println!("test_local_in_scope:"); + test_local_in_scope(); + + println!("test_static:"); + test_static(); + + println!("test_call_contexts:"); + test_call_contexts(); + + println!("test_call_contexts_rec:"); + test_call_contexts_rec(); + + println!("test_loop:"); + test_loop(); + + println!("test_enum:"); + test_enum(); + + println!("test_ptr_to_struct:"); + test_ptr_to_struct(); + + println!("test_ptr_from_ref:"); + test_ptr_from_ref(); + + println!("test_rc:"); + test_rc(); +} diff --git a/rust/ql/test/query-tests/security/CWE-825/options.yml b/rust/ql/test/query-tests/security/CWE-825/options.yml new file mode 100644 index 00000000000..95a17a53b43 --- /dev/null +++ b/rust/ql/test/query-tests/security/CWE-825/options.yml @@ -0,0 +1,3 @@ +qltest_cargo_check: true +qltest_dependencies: + - libc = { version = "0.2.11" } diff --git a/rust/ql/test/query-tests/security/CWE-825/rust-toolchain.toml b/rust/ql/test/query-tests/security/CWE-825/rust-toolchain.toml new file mode 100644 index 00000000000..afeb5929325 --- /dev/null +++ b/rust/ql/test/query-tests/security/CWE-825/rust-toolchain.toml @@ -0,0 +1,2 @@ +[toolchain] +channel = "nightly-2025-03-17" From a139b3734cdb644e836f82e3258c467dd863fb37 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 13 Mar 2025 17:40:54 +0000 Subject: [PATCH 010/409] Rust: Split lang-core.model.yml into lang-core and lang-alloc. --- .../rust/frameworks/stdlib/lang-alloc.model.yml | 11 +++++++++++ .../codeql/rust/frameworks/stdlib/lang-core.model.yml | 6 ------ 2 files changed, 11 insertions(+), 6 deletions(-) create mode 100644 rust/ql/lib/codeql/rust/frameworks/stdlib/lang-alloc.model.yml diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-alloc.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-alloc.model.yml new file mode 100644 index 00000000000..4e8f86dae34 --- /dev/null +++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-alloc.model.yml @@ -0,0 +1,11 @@ +extensions: + - addsTo: + pack: codeql/rust-all + extensible: summaryModel + data: + # Fmt + - ["lang:alloc", "crate::fmt::format", "Argument[0]", "ReturnValue", "taint", "manual"] + # String + - ["lang:alloc", "::as_str", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["lang:alloc", "::as_bytes", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["lang:alloc", "<_ as crate::string::ToString>::to_string", "Argument[self]", "ReturnValue", "taint", "manual"] diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml index a2f6b15ab2c..fb11ff1e122 100644 --- a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml @@ -3,8 +3,6 @@ extensions: pack: codeql/rust-all extensible: summaryModel data: - # Fmt - - ["lang:alloc", "crate::fmt::format", "Argument[0]", "ReturnValue", "taint", "manual"] # Iterator - ["lang:core", "<[_]>::iter", "Argument[Self].Element", "ReturnValue.Element", "value", "manual"] - ["lang:core", "<[_]>::iter_mut", "Argument[Self].Element", "ReturnValue.Element", "value", "manual"] @@ -28,7 +26,3 @@ extensions: - ["lang:core", "crate::ptr::write_volatile", "Argument[1]", "Argument[0].Reference", "value", "manual"] # Str - ["lang:core", "::parse", "Argument[self]", "ReturnValue.Field[crate::result::Result::Ok(0)]", "taint", "manual"] - # String - - ["lang:alloc", "::as_str", "Argument[self]", "ReturnValue", "taint", "manual"] - - ["lang:alloc", "::as_bytes", "Argument[self]", "ReturnValue", "taint", "manual"] - - ["lang:alloc", "<_ as crate::string::ToString>::to_string", "Argument[self]", "ReturnValue", "taint", "manual"] From dcd016f5be41301d9e55bdc8409ba57a9412cbff Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 13 Mar 2025 17:04:48 +0000 Subject: [PATCH 011/409] Rust: Initial version of the query. --- .../frameworks/stdlib/lang-core.model.yml | 8 +++ .../AccessInvalidPointerExtensions.qll | 58 +++++++++++++++++++ .../security/CWE-825/AccessInvalidPointer.ql | 35 +++++++++++ rust/ql/src/queries/summary/Stats.qll | 1 + .../CWE-825/AccessInvalidPointer.expected | 32 ++++++++++ .../CWE-825/AccessInvalidPointer.qlref | 4 ++ .../security/CWE-825/deallocation.rs | 12 ++-- 7 files changed, 144 insertions(+), 6 deletions(-) create mode 100644 rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll create mode 100644 rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql create mode 100644 rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected create mode 100644 rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.qlref diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml index fb11ff1e122..db1901bf852 100644 --- a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml @@ -26,3 +26,11 @@ extensions: - ["lang:core", "crate::ptr::write_volatile", "Argument[1]", "Argument[0].Reference", "value", "manual"] # Str - ["lang:core", "::parse", "Argument[self]", "ReturnValue.Field[crate::result::Result::Ok(0)]", "taint", "manual"] + - addsTo: + pack: codeql/rust-all + extensible: sourceModel + data: + # Alloc + - ["lang:core", "crate::ptr::dangling", "ReturnValue", "pointer-invalidate", "manual"] + - ["lang:core", "crate::ptr::dangling_mut", "ReturnValue", "pointer-invalidate", "manual"] + - ["lang:core", "crate::ptr::null", "ReturnValue", "pointer-invalidate", "manual"] diff --git a/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll b/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll new file mode 100644 index 00000000000..faf9de48def --- /dev/null +++ b/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll @@ -0,0 +1,58 @@ +/** + * Provides classes and predicates for reasoning about accesses to invalid + * pointers. + */ + +import rust +private import codeql.rust.dataflow.DataFlow +private import codeql.rust.dataflow.FlowSource +private import codeql.rust.dataflow.FlowSink +private import codeql.rust.Concepts + +/** + * Provides default sources, sinks and barriers for detecting accesses to + * invalid pointers, as well as extension points for adding your own. + */ +module AccessInvalidPointer { + /** + * A data flow source for invalid pointer accesses, that is, an operation + * where a pointer becomes invalid. + */ + abstract class Source extends DataFlow::Node { } + + /** + * A data flow sink for invalid pointer accesses, that is, a pointer + * dereference. + */ + abstract class Sink extends QuerySink::Range { + override string getSinkType() { result = "AccessInvalidPointer" } + } + + /** + * A barrier for invalid pointer accesses. + */ + abstract class Barrier extends DataFlow::Node { } + + /** + * A pointer invalidation from model data. + */ + private class ModelsAsDataSource extends Source { + ModelsAsDataSource() { sourceNode(this, "pointer-invalidate") } + } + + /** + * A pointer access using the unary `*` operator. + */ + private class DereferenceSink extends Sink { + DereferenceSink() { + exists(PrefixExpr p | p.getOperatorName() = "*" and p.getExpr() = this.asExpr().getExpr()) + } + } + + /** + * A pointer access from model data. + */ + private class ModelsAsDataSink extends Sink { + ModelsAsDataSink() { sinkNode(this, "pointer-access") } + } +} diff --git a/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql b/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql new file mode 100644 index 00000000000..ba124c99d40 --- /dev/null +++ b/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql @@ -0,0 +1,35 @@ +/** + * @name Access of invalid pointer + * @description Dereferencing an invalid or dangling pointer is undefined behavior and may cause memory corruption. + * @kind path-problem + * @problem.severity error + * @security-severity TODO + * @precision TODO + * @id rust/access-invalid-pointer + * @tags reliability + * security + * external/cwe/cwe-476 + * external/cwe/cwe-825 + */ + +import rust +import codeql.rust.dataflow.DataFlow +import codeql.rust.security.AccessInvalidPointerExtensions +import AccessInvalidPointerFlow::PathGraph + +/** + * A data flow configuration for accesses to invalid pointers. + */ +module AccessInvalidPointerConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { node instanceof AccessInvalidPointer::Source } + + predicate isSink(DataFlow::Node node) { node instanceof AccessInvalidPointer::Sink } + + predicate isBarrier(DataFlow::Node barrier) { barrier instanceof AccessInvalidPointer::Barrier } +} + +module AccessInvalidPointerFlow = DataFlow::Global; + +from AccessInvalidPointerFlow::PathNode sourceNode, AccessInvalidPointerFlow::PathNode sinkNode +where AccessInvalidPointerFlow::flowPath(sourceNode, sinkNode) +select sinkNode.getNode(), sourceNode, sinkNode, "This operation dereferences a pointer that may be $@.", sourceNode.getNode(), "invalid" diff --git a/rust/ql/src/queries/summary/Stats.qll b/rust/ql/src/queries/summary/Stats.qll index a2220398b41..f011dda2852 100644 --- a/rust/ql/src/queries/summary/Stats.qll +++ b/rust/ql/src/queries/summary/Stats.qll @@ -12,6 +12,7 @@ private import codeql.rust.controlflow.internal.CfgConsistency as CfgConsistency private import codeql.rust.dataflow.internal.DataFlowConsistency as DataFlowConsistency private import codeql.rust.Concepts // import all query extensions files, so that all extensions of `QuerySink` are found +private import codeql.rust.security.AccessInvalidPointerExtensions private import codeql.rust.security.CleartextLoggingExtensions private import codeql.rust.security.SqlInjectionExtensions private import codeql.rust.security.WeakSensitiveDataHashingExtensions diff --git a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected new file mode 100644 index 00000000000..88c1e0d685c --- /dev/null +++ b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected @@ -0,0 +1,32 @@ +#select +| deallocation.rs:96:14:96:15 | p1 | deallocation.rs:89:23:89:40 | ...::dangling | deallocation.rs:96:14:96:15 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:89:23:89:40 | ...::dangling | invalid | +| deallocation.rs:97:14:97:15 | p2 | deallocation.rs:90:21:90:42 | ...::dangling_mut | deallocation.rs:97:14:97:15 | p2 | This operation dereferences a pointer that may be $@. | deallocation.rs:90:21:90:42 | ...::dangling_mut | invalid | +| deallocation.rs:98:14:98:15 | p3 | deallocation.rs:91:23:91:36 | ...::null | deallocation.rs:98:14:98:15 | p3 | This operation dereferences a pointer that may be $@. | deallocation.rs:91:23:91:36 | ...::null | invalid | +edges +| deallocation.rs:89:6:89:7 | p1 | deallocation.rs:96:14:96:15 | p1 | provenance | | +| deallocation.rs:89:23:89:40 | ...::dangling | deallocation.rs:89:23:89:42 | ...::dangling(...) | provenance | Src:MaD:1 MaD:1 | +| deallocation.rs:89:23:89:42 | ...::dangling(...) | deallocation.rs:89:6:89:7 | p1 | provenance | | +| deallocation.rs:90:6:90:7 | p2 | deallocation.rs:97:14:97:15 | p2 | provenance | | +| deallocation.rs:90:21:90:42 | ...::dangling_mut | deallocation.rs:90:21:90:44 | ...::dangling_mut(...) | provenance | Src:MaD:2 MaD:2 | +| deallocation.rs:90:21:90:44 | ...::dangling_mut(...) | deallocation.rs:90:6:90:7 | p2 | provenance | | +| deallocation.rs:91:6:91:7 | p3 | deallocation.rs:98:14:98:15 | p3 | provenance | | +| deallocation.rs:91:23:91:36 | ...::null | deallocation.rs:91:23:91:38 | ...::null(...) | provenance | Src:MaD:3 MaD:3 | +| deallocation.rs:91:23:91:38 | ...::null(...) | deallocation.rs:91:6:91:7 | p3 | provenance | | +models +| 1 | Source: lang:core; crate::ptr::dangling; pointer-invalidate; ReturnValue | +| 2 | Source: lang:core; crate::ptr::dangling_mut; pointer-invalidate; ReturnValue | +| 3 | Source: lang:core; crate::ptr::null; pointer-invalidate; ReturnValue | +nodes +| deallocation.rs:89:6:89:7 | p1 | semmle.label | p1 | +| deallocation.rs:89:23:89:40 | ...::dangling | semmle.label | ...::dangling | +| deallocation.rs:89:23:89:42 | ...::dangling(...) | semmle.label | ...::dangling(...) | +| deallocation.rs:90:6:90:7 | p2 | semmle.label | p2 | +| deallocation.rs:90:21:90:42 | ...::dangling_mut | semmle.label | ...::dangling_mut | +| deallocation.rs:90:21:90:44 | ...::dangling_mut(...) | semmle.label | ...::dangling_mut(...) | +| deallocation.rs:91:6:91:7 | p3 | semmle.label | p3 | +| deallocation.rs:91:23:91:36 | ...::null | semmle.label | ...::null | +| deallocation.rs:91:23:91:38 | ...::null(...) | semmle.label | ...::null(...) | +| deallocation.rs:96:14:96:15 | p1 | semmle.label | p1 | +| deallocation.rs:97:14:97:15 | p2 | semmle.label | p2 | +| deallocation.rs:98:14:98:15 | p3 | semmle.label | p3 | +subpaths diff --git a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.qlref b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.qlref new file mode 100644 index 00000000000..c8e593a6a31 --- /dev/null +++ b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.qlref @@ -0,0 +1,4 @@ +query: queries/security/CWE-825/AccessInvalidPointer.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs index 1ad8d72c008..c880ed9fd08 100644 --- a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs +++ b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs @@ -86,16 +86,16 @@ pub fn test_libc() { // --- std::ptr --- pub fn test_ptr_invalid(do_dangerous_accesses: bool) { - let p1: *const i64 = std::ptr::dangling(); - let p2: *mut i64 = std::ptr::dangling_mut(); - let p3: *const i64 = std::ptr::null(); + let p1: *const i64 = std::ptr::dangling(); // $ Source=dangling + let p2: *mut i64 = std::ptr::dangling_mut(); // $ Source=dangling_mut + let p3: *const i64 = std::ptr::null(); // $ Source=null if do_dangerous_accesses { unsafe { // (a segmentation fault occurs in the code below) - let v1 = *p1; // $ MISSING: Alert - let v2 = *p2; // $ MISSING: Alert - let v3 = *p3; // $ MISSING: Alert + let v1 = *p1; // $ Alert[rust/access-invalid-pointer]=dangling + let v2 = *p2; // $ Alert[rust/access-invalid-pointer]=dangling_mut + let v3 = *p3; // $ Alert[rust/access-invalid-pointer]=null println!(" v1 = {v1} (!)"); println!(" v2 = {v2} (!)"); println!(" v3 = {v3} (!)"); From c2ee4211e5622f119361970475090d27bc64bb71 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 18 Mar 2025 17:53:58 +0000 Subject: [PATCH 012/409] Rust: Add more models. --- .../lib/codeql/rust/frameworks/libc.model.yml | 7 +++++++ .../frameworks/stdlib/lang-alloc.model.yml | 6 ++++++ .../frameworks/stdlib/lang-core.model.yml | 19 +++++++++++++++++-- 3 files changed, 30 insertions(+), 2 deletions(-) create mode 100644 rust/ql/lib/codeql/rust/frameworks/libc.model.yml diff --git a/rust/ql/lib/codeql/rust/frameworks/libc.model.yml b/rust/ql/lib/codeql/rust/frameworks/libc.model.yml new file mode 100644 index 00000000000..77f0212b6c1 --- /dev/null +++ b/rust/ql/lib/codeql/rust/frameworks/libc.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: codeql/rust-all + extensible: sourceModel + data: + # Alloc + - ["repo:https://github.com/rust-lang/libc:libc", "::free", "Argument[0]", "pointer-invalidate", "manual"] diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-alloc.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-alloc.model.yml index 4e8f86dae34..fba9ae5fea3 100644 --- a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-alloc.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-alloc.model.yml @@ -9,3 +9,9 @@ extensions: - ["lang:alloc", "::as_str", "Argument[self]", "ReturnValue", "taint", "manual"] - ["lang:alloc", "::as_bytes", "Argument[self]", "ReturnValue", "taint", "manual"] - ["lang:alloc", "<_ as crate::string::ToString>::to_string", "Argument[self]", "ReturnValue", "taint", "manual"] + - addsTo: + pack: codeql/rust-all + extensible: sourceModel + data: + # Alloc + - ["lang:alloc", "crate::alloc::dealloc", "Argument[0]", "pointer-invalidate", "manual"] diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml index db1901bf852..0960dd9c541 100644 --- a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml @@ -17,7 +17,7 @@ extensions: - ["lang:core", "::collect", "Argument[self].Element", "ReturnValue.Element", "value", "manual"] - ["lang:core", "::map", "Argument[self].Element", "Argument[0].Parameter[0]", "value", "manual"] - ["lang:core", "::for_each", "Argument[self].Element", "Argument[0].Parameter[0]", "value", "manual"] - # ptr + # Ptr - ["lang:core", "crate::ptr::read", "Argument[0].Reference", "ReturnValue", "value", "manual"] - ["lang:core", "crate::ptr::read_unaligned", "Argument[0].Reference", "ReturnValue", "value", "manual"] - ["lang:core", "crate::ptr::read_volatile", "Argument[0].Reference", "ReturnValue", "value", "manual"] @@ -30,7 +30,22 @@ extensions: pack: codeql/rust-all extensible: sourceModel data: - # Alloc + # Mem + - ["lang:core", "crate::mem::drop", "Argument[0]", "pointer-invalidate", "manual"] + # Ptr + - ["lang:core", "crate::ptr::drop_in_place", "Argument[0]", "pointer-invalidate", "manual"] - ["lang:core", "crate::ptr::dangling", "ReturnValue", "pointer-invalidate", "manual"] - ["lang:core", "crate::ptr::dangling_mut", "ReturnValue", "pointer-invalidate", "manual"] - ["lang:core", "crate::ptr::null", "ReturnValue", "pointer-invalidate", "manual"] + - addsTo: + pack: codeql/rust-all + extensible: sinkModel + data: + # Ptr + - ["lang:core", "crate::ptr::read", "Argument[0]", "pointer-access", "manual"] + - ["lang:core", "crate::ptr::read_unaligned", "Argument[0]", "pointer-access", "manual"] + - ["lang:core", "crate::ptr::read_volatile", "Argument[0]", "pointer-access", "manual"] + - ["lang:core", "crate::ptr::write", "Argument[0]", "pointer-access", "manual"] + - ["lang:core", "crate::ptr::write_bytes", "Argument[0]", "pointer-access", "manual"] + - ["lang:core", "crate::ptr::write_unaligned", "Argument[0]", "pointer-access", "manual"] + - ["lang:core", "crate::ptr::write_volatile", "Argument[0]", "pointer-access", "manual"] From be6d0d1f863067901792b1a1d818590a483c6d83 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 19 Mar 2025 16:50:48 +0000 Subject: [PATCH 013/409] Rust: Work around data flow source issue. --- .../AccessInvalidPointerExtensions.qll | 15 ++++ .../CWE-825/AccessInvalidPointer.expected | 79 ++++++++++++------- .../security/CWE-825/deallocation.rs | 16 ++-- 3 files changed, 76 insertions(+), 34 deletions(-) diff --git a/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll b/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll index faf9de48def..64b97a62de6 100644 --- a/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll @@ -8,6 +8,7 @@ private import codeql.rust.dataflow.DataFlow private import codeql.rust.dataflow.FlowSource private import codeql.rust.dataflow.FlowSink private import codeql.rust.Concepts +private import codeql.rust.dataflow.internal.Node /** * Provides default sources, sinks and barriers for detecting accesses to @@ -40,6 +41,20 @@ module AccessInvalidPointer { ModelsAsDataSource() { sourceNode(this, "pointer-invalidate") } } + /** + * A pointer invalidation from an argument of a modelled call (this is a workaround). + */ + private class ModelsAsDataArgumentSource extends Source { + ModelsAsDataArgumentSource() { + exists(DataFlow::Node n, CallExpr ce, Expr arg | + sourceNode(n, "pointer-invalidate") and + n.(FlowSummaryNode).getSourceElement() = ce.getFunction() and + arg = ce.getArgList().getAnArg() and + this.asExpr().getExpr() = arg + ) + } + } + /** * A pointer access using the unary `*` operator. */ diff --git a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected index 88c1e0d685c..ee35913d651 100644 --- a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected +++ b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected @@ -1,32 +1,57 @@ #select -| deallocation.rs:96:14:96:15 | p1 | deallocation.rs:89:23:89:40 | ...::dangling | deallocation.rs:96:14:96:15 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:89:23:89:40 | ...::dangling | invalid | -| deallocation.rs:97:14:97:15 | p2 | deallocation.rs:90:21:90:42 | ...::dangling_mut | deallocation.rs:97:14:97:15 | p2 | This operation dereferences a pointer that may be $@. | deallocation.rs:90:21:90:42 | ...::dangling_mut | invalid | -| deallocation.rs:98:14:98:15 | p3 | deallocation.rs:91:23:91:36 | ...::null | deallocation.rs:98:14:98:15 | p3 | This operation dereferences a pointer that may be $@. | deallocation.rs:91:23:91:36 | ...::null | invalid | +| deallocation.rs:23:13:23:14 | m1 | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:23:13:23:14 | m1 | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | +| deallocation.rs:25:12:25:31 | ...::read::<...> | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:25:12:25:31 | ...::read::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | +| deallocation.rs:33:5:33:6 | m1 | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:33:5:33:6 | m1 | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | +| deallocation.rs:35:4:35:24 | ...::write::<...> | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:35:4:35:24 | ...::write::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | +| deallocation.rs:97:14:97:15 | p1 | deallocation.rs:90:23:90:40 | ...::dangling | deallocation.rs:97:14:97:15 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:90:23:90:40 | ...::dangling | invalid | +| deallocation.rs:98:14:98:15 | p2 | deallocation.rs:91:21:91:42 | ...::dangling_mut | deallocation.rs:98:14:98:15 | p2 | This operation dereferences a pointer that may be $@. | deallocation.rs:91:21:91:42 | ...::dangling_mut | invalid | +| deallocation.rs:99:14:99:15 | p3 | deallocation.rs:92:23:92:36 | ...::null | deallocation.rs:99:14:99:15 | p3 | This operation dereferences a pointer that may be $@. | deallocation.rs:92:23:92:36 | ...::null | invalid | +| deallocation.rs:146:14:146:15 | p1 | deallocation.rs:143:27:143:28 | p1 | deallocation.rs:146:14:146:15 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:143:27:143:28 | p1 | invalid | edges -| deallocation.rs:89:6:89:7 | p1 | deallocation.rs:96:14:96:15 | p1 | provenance | | -| deallocation.rs:89:23:89:40 | ...::dangling | deallocation.rs:89:23:89:42 | ...::dangling(...) | provenance | Src:MaD:1 MaD:1 | -| deallocation.rs:89:23:89:42 | ...::dangling(...) | deallocation.rs:89:6:89:7 | p1 | provenance | | -| deallocation.rs:90:6:90:7 | p2 | deallocation.rs:97:14:97:15 | p2 | provenance | | -| deallocation.rs:90:21:90:42 | ...::dangling_mut | deallocation.rs:90:21:90:44 | ...::dangling_mut(...) | provenance | Src:MaD:2 MaD:2 | -| deallocation.rs:90:21:90:44 | ...::dangling_mut(...) | deallocation.rs:90:6:90:7 | p2 | provenance | | -| deallocation.rs:91:6:91:7 | p3 | deallocation.rs:98:14:98:15 | p3 | provenance | | -| deallocation.rs:91:23:91:36 | ...::null | deallocation.rs:91:23:91:38 | ...::null(...) | provenance | Src:MaD:3 MaD:3 | -| deallocation.rs:91:23:91:38 | ...::null(...) | deallocation.rs:91:6:91:7 | p3 | provenance | | +| deallocation.rs:20:23:20:24 | m1 | deallocation.rs:23:13:23:14 | m1 | provenance | | +| deallocation.rs:20:23:20:24 | m1 | deallocation.rs:25:33:25:34 | m1 | provenance | | +| deallocation.rs:25:33:25:34 | m1 | deallocation.rs:25:12:25:31 | ...::read::<...> | provenance | MaD:1 Sink:MaD:1 | +| deallocation.rs:25:33:25:34 | m1 | deallocation.rs:33:5:33:6 | m1 | provenance | | +| deallocation.rs:25:33:25:34 | m1 | deallocation.rs:33:5:33:6 | m1 | provenance | | +| deallocation.rs:33:5:33:6 | m1 | deallocation.rs:35:26:35:27 | m1 | provenance | | +| deallocation.rs:35:26:35:27 | m1 | deallocation.rs:35:4:35:24 | ...::write::<...> | provenance | MaD:2 Sink:MaD:2 | +| deallocation.rs:90:6:90:7 | p1 | deallocation.rs:97:14:97:15 | p1 | provenance | | +| deallocation.rs:90:23:90:40 | ...::dangling | deallocation.rs:90:23:90:42 | ...::dangling(...) | provenance | Src:MaD:3 MaD:3 | +| deallocation.rs:90:23:90:42 | ...::dangling(...) | deallocation.rs:90:6:90:7 | p1 | provenance | | +| deallocation.rs:91:6:91:7 | p2 | deallocation.rs:98:14:98:15 | p2 | provenance | | +| deallocation.rs:91:21:91:42 | ...::dangling_mut | deallocation.rs:91:21:91:44 | ...::dangling_mut(...) | provenance | Src:MaD:4 MaD:4 | +| deallocation.rs:91:21:91:44 | ...::dangling_mut(...) | deallocation.rs:91:6:91:7 | p2 | provenance | | +| deallocation.rs:92:6:92:7 | p3 | deallocation.rs:99:14:99:15 | p3 | provenance | | +| deallocation.rs:92:23:92:36 | ...::null | deallocation.rs:92:23:92:38 | ...::null(...) | provenance | Src:MaD:5 MaD:5 | +| deallocation.rs:92:23:92:38 | ...::null(...) | deallocation.rs:92:6:92:7 | p3 | provenance | | +| deallocation.rs:143:27:143:28 | p1 | deallocation.rs:146:14:146:15 | p1 | provenance | | models -| 1 | Source: lang:core; crate::ptr::dangling; pointer-invalidate; ReturnValue | -| 2 | Source: lang:core; crate::ptr::dangling_mut; pointer-invalidate; ReturnValue | -| 3 | Source: lang:core; crate::ptr::null; pointer-invalidate; ReturnValue | +| 1 | Sink: lang:core; crate::ptr::read; pointer-access; Argument[0] | +| 2 | Sink: lang:core; crate::ptr::write; pointer-access; Argument[0] | +| 3 | Source: lang:core; crate::ptr::dangling; pointer-invalidate; ReturnValue | +| 4 | Source: lang:core; crate::ptr::dangling_mut; pointer-invalidate; ReturnValue | +| 5 | Source: lang:core; crate::ptr::null; pointer-invalidate; ReturnValue | nodes -| deallocation.rs:89:6:89:7 | p1 | semmle.label | p1 | -| deallocation.rs:89:23:89:40 | ...::dangling | semmle.label | ...::dangling | -| deallocation.rs:89:23:89:42 | ...::dangling(...) | semmle.label | ...::dangling(...) | -| deallocation.rs:90:6:90:7 | p2 | semmle.label | p2 | -| deallocation.rs:90:21:90:42 | ...::dangling_mut | semmle.label | ...::dangling_mut | -| deallocation.rs:90:21:90:44 | ...::dangling_mut(...) | semmle.label | ...::dangling_mut(...) | -| deallocation.rs:91:6:91:7 | p3 | semmle.label | p3 | -| deallocation.rs:91:23:91:36 | ...::null | semmle.label | ...::null | -| deallocation.rs:91:23:91:38 | ...::null(...) | semmle.label | ...::null(...) | -| deallocation.rs:96:14:96:15 | p1 | semmle.label | p1 | -| deallocation.rs:97:14:97:15 | p2 | semmle.label | p2 | -| deallocation.rs:98:14:98:15 | p3 | semmle.label | p3 | +| deallocation.rs:20:23:20:24 | m1 | semmle.label | m1 | +| deallocation.rs:23:13:23:14 | m1 | semmle.label | m1 | +| deallocation.rs:25:12:25:31 | ...::read::<...> | semmle.label | ...::read::<...> | +| deallocation.rs:25:33:25:34 | m1 | semmle.label | m1 | +| deallocation.rs:33:5:33:6 | m1 | semmle.label | m1 | +| deallocation.rs:33:5:33:6 | m1 | semmle.label | m1 | +| deallocation.rs:35:4:35:24 | ...::write::<...> | semmle.label | ...::write::<...> | +| deallocation.rs:35:26:35:27 | m1 | semmle.label | m1 | +| deallocation.rs:90:6:90:7 | p1 | semmle.label | p1 | +| deallocation.rs:90:23:90:40 | ...::dangling | semmle.label | ...::dangling | +| deallocation.rs:90:23:90:42 | ...::dangling(...) | semmle.label | ...::dangling(...) | +| deallocation.rs:91:6:91:7 | p2 | semmle.label | p2 | +| deallocation.rs:91:21:91:42 | ...::dangling_mut | semmle.label | ...::dangling_mut | +| deallocation.rs:91:21:91:44 | ...::dangling_mut(...) | semmle.label | ...::dangling_mut(...) | +| deallocation.rs:92:6:92:7 | p3 | semmle.label | p3 | +| deallocation.rs:92:23:92:36 | ...::null | semmle.label | ...::null | +| deallocation.rs:92:23:92:38 | ...::null(...) | semmle.label | ...::null(...) | +| deallocation.rs:97:14:97:15 | p1 | semmle.label | p1 | +| deallocation.rs:98:14:98:15 | p2 | semmle.label | p2 | +| deallocation.rs:99:14:99:15 | p3 | semmle.label | p3 | +| deallocation.rs:143:27:143:28 | p1 | semmle.label | p1 | +| deallocation.rs:146:14:146:15 | p1 | semmle.label | p1 | subpaths diff --git a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs index c880ed9fd08..e8acb404253 100644 --- a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs +++ b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs @@ -17,11 +17,12 @@ pub fn test_alloc(do_dangerous_writes: bool) { println!(" v3 = {v3}"); println!(" v4 = {v4}"); - std::alloc::dealloc(m1, layout); // m1, m2 are now dangling + std::alloc::dealloc(m1, layout); // $ Source=dealloc + // (m1, m2 are now dangling) - let v5 = *m1; // $ MISSING: Alert + let v5 = *m1; // $ Alert[rust/access-invalid-pointer]=dealloc let v6 = *m2; // $ MISSING: Alert - let v7 = std::ptr::read::(m1); // $ MISSING: Alert + let v7 = std::ptr::read::(m1); // $ Alert[rust/access-invalid-pointer]=dealloc let v8 = std::ptr::read::(m2); // $ MISSING: Alert println!(" v5 = {v5} (!)"); // corrupt in practice println!(" v6 = {v6} (!)"); // corrupt in practice @@ -29,9 +30,9 @@ pub fn test_alloc(do_dangerous_writes: bool) { println!(" v8 = {v8} (!)"); // corrupt in practice if do_dangerous_writes { - *m1 = 2; // $ MISSING: Alert + *m1 = 2; // $ Alert[rust/access-invalid-pointer]=dealloc *m2 = 3; // $ MISSING: Alert - std::ptr::write::(m1, 4); // $ MISSING: Alert + std::ptr::write::(m1, 4); // $ Alert[rust/access-invalid-pointer]=dealloc std::ptr::write::(m2, 5); // $ MISSING: Alert } } @@ -139,9 +140,10 @@ pub fn test_ptr_drop() { println!(" v1 = {v1}"); println!(" v2 = {v2}"); - std::ptr::drop_in_place(p1); // explicitly destructs the pointed-to `m2` + std::ptr::drop_in_place(p1); // $ Source=drop_in_place + // explicitly destructs the pointed-to `m2` - let v3 = (*p1)[0]; // $ MISSING: Alert + let v3 = (*p1)[0]; // $ Alert[rust/access-invalid-pointer]=drop_in_place let v4 = (*p2)[0]; // $ MISSING: Alert println!(" v3 = {v3} (!)"); // corrupt in practice println!(" v4 = {v4} (!)"); // corrupt in practice From 7ceb76441a4e7256684fd1b5b3cfebeee8a66852 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 19 Mar 2025 18:01:45 +0000 Subject: [PATCH 014/409] Rust: Improve the source to account for conversions. --- .../AccessInvalidPointerExtensions.qll | 2 +- .../CWE-825/AccessInvalidPointer.expected | 78 ++++++++++++------- .../security/CWE-825/deallocation.rs | 18 +++-- 3 files changed, 61 insertions(+), 37 deletions(-) diff --git a/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll b/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll index 64b97a62de6..ca485273c06 100644 --- a/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll @@ -50,7 +50,7 @@ module AccessInvalidPointer { sourceNode(n, "pointer-invalidate") and n.(FlowSummaryNode).getSourceElement() = ce.getFunction() and arg = ce.getArgList().getAnArg() and - this.asExpr().getExpr() = arg + this.asExpr().getExpr().getParentNode*() = arg ) } } diff --git a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected index ee35913d651..ae7fb1dfb50 100644 --- a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected +++ b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected @@ -3,10 +3,16 @@ | deallocation.rs:25:12:25:31 | ...::read::<...> | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:25:12:25:31 | ...::read::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | | deallocation.rs:33:5:33:6 | m1 | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:33:5:33:6 | m1 | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | | deallocation.rs:35:4:35:24 | ...::write::<...> | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:35:4:35:24 | ...::write::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | -| deallocation.rs:97:14:97:15 | p1 | deallocation.rs:90:23:90:40 | ...::dangling | deallocation.rs:97:14:97:15 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:90:23:90:40 | ...::dangling | invalid | -| deallocation.rs:98:14:98:15 | p2 | deallocation.rs:91:21:91:42 | ...::dangling_mut | deallocation.rs:98:14:98:15 | p2 | This operation dereferences a pointer that may be $@. | deallocation.rs:91:21:91:42 | ...::dangling_mut | invalid | -| deallocation.rs:99:14:99:15 | p3 | deallocation.rs:92:23:92:36 | ...::null | deallocation.rs:99:14:99:15 | p3 | This operation dereferences a pointer that may be $@. | deallocation.rs:92:23:92:36 | ...::null | invalid | -| deallocation.rs:146:14:146:15 | p1 | deallocation.rs:143:27:143:28 | p1 | deallocation.rs:146:14:146:15 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:143:27:143:28 | p1 | invalid | +| deallocation.rs:57:14:57:15 | m2 | deallocation.rs:54:23:54:24 | m2 | deallocation.rs:57:14:57:15 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:54:23:54:24 | m2 | invalid | +| deallocation.rs:58:14:58:15 | m2 | deallocation.rs:54:23:54:24 | m2 | deallocation.rs:58:14:58:15 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:54:23:54:24 | m2 | invalid | +| deallocation.rs:63:6:63:7 | m2 | deallocation.rs:54:23:54:24 | m2 | deallocation.rs:63:6:63:7 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:54:23:54:24 | m2 | invalid | +| deallocation.rs:64:6:64:7 | m2 | deallocation.rs:54:23:54:24 | m2 | deallocation.rs:64:6:64:7 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:54:23:54:24 | m2 | invalid | +| deallocation.rs:66:4:66:30 | ...::write::<...> | deallocation.rs:54:23:54:24 | m2 | deallocation.rs:66:4:66:30 | ...::write::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:54:23:54:24 | m2 | invalid | +| deallocation.rs:84:13:84:18 | my_ptr | deallocation.rs:81:14:81:19 | my_ptr | deallocation.rs:84:13:84:18 | my_ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:81:14:81:19 | my_ptr | invalid | +| deallocation.rs:99:14:99:15 | p1 | deallocation.rs:92:23:92:40 | ...::dangling | deallocation.rs:99:14:99:15 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:92:23:92:40 | ...::dangling | invalid | +| deallocation.rs:100:14:100:15 | p2 | deallocation.rs:93:21:93:42 | ...::dangling_mut | deallocation.rs:100:14:100:15 | p2 | This operation dereferences a pointer that may be $@. | deallocation.rs:93:21:93:42 | ...::dangling_mut | invalid | +| deallocation.rs:101:14:101:15 | p3 | deallocation.rs:94:23:94:36 | ...::null | deallocation.rs:101:14:101:15 | p3 | This operation dereferences a pointer that may be $@. | deallocation.rs:94:23:94:36 | ...::null | invalid | +| deallocation.rs:148:14:148:15 | p1 | deallocation.rs:145:27:145:28 | p1 | deallocation.rs:148:14:148:15 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:145:27:145:28 | p1 | invalid | edges | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:23:13:23:14 | m1 | provenance | | | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:25:33:25:34 | m1 | provenance | | @@ -15,16 +21,23 @@ edges | deallocation.rs:25:33:25:34 | m1 | deallocation.rs:33:5:33:6 | m1 | provenance | | | deallocation.rs:33:5:33:6 | m1 | deallocation.rs:35:26:35:27 | m1 | provenance | | | deallocation.rs:35:26:35:27 | m1 | deallocation.rs:35:4:35:24 | ...::write::<...> | provenance | MaD:2 Sink:MaD:2 | -| deallocation.rs:90:6:90:7 | p1 | deallocation.rs:97:14:97:15 | p1 | provenance | | -| deallocation.rs:90:23:90:40 | ...::dangling | deallocation.rs:90:23:90:42 | ...::dangling(...) | provenance | Src:MaD:3 MaD:3 | -| deallocation.rs:90:23:90:42 | ...::dangling(...) | deallocation.rs:90:6:90:7 | p1 | provenance | | -| deallocation.rs:91:6:91:7 | p2 | deallocation.rs:98:14:98:15 | p2 | provenance | | -| deallocation.rs:91:21:91:42 | ...::dangling_mut | deallocation.rs:91:21:91:44 | ...::dangling_mut(...) | provenance | Src:MaD:4 MaD:4 | -| deallocation.rs:91:21:91:44 | ...::dangling_mut(...) | deallocation.rs:91:6:91:7 | p2 | provenance | | -| deallocation.rs:92:6:92:7 | p3 | deallocation.rs:99:14:99:15 | p3 | provenance | | -| deallocation.rs:92:23:92:36 | ...::null | deallocation.rs:92:23:92:38 | ...::null(...) | provenance | Src:MaD:5 MaD:5 | -| deallocation.rs:92:23:92:38 | ...::null(...) | deallocation.rs:92:6:92:7 | p3 | provenance | | -| deallocation.rs:143:27:143:28 | p1 | deallocation.rs:146:14:146:15 | p1 | provenance | | +| deallocation.rs:54:23:54:24 | m2 | deallocation.rs:57:14:57:15 | m2 | provenance | | +| deallocation.rs:54:23:54:24 | m2 | deallocation.rs:58:14:58:15 | m2 | provenance | | +| deallocation.rs:54:23:54:24 | m2 | deallocation.rs:63:6:63:7 | m2 | provenance | | +| deallocation.rs:54:23:54:24 | m2 | deallocation.rs:64:6:64:7 | m2 | provenance | | +| deallocation.rs:54:23:54:24 | m2 | deallocation.rs:66:32:66:33 | m2 | provenance | | +| deallocation.rs:66:32:66:33 | m2 | deallocation.rs:66:4:66:30 | ...::write::<...> | provenance | MaD:2 Sink:MaD:2 | +| deallocation.rs:81:14:81:19 | my_ptr | deallocation.rs:84:13:84:18 | my_ptr | provenance | | +| deallocation.rs:92:6:92:7 | p1 | deallocation.rs:99:14:99:15 | p1 | provenance | | +| deallocation.rs:92:23:92:40 | ...::dangling | deallocation.rs:92:23:92:42 | ...::dangling(...) | provenance | Src:MaD:3 MaD:3 | +| deallocation.rs:92:23:92:42 | ...::dangling(...) | deallocation.rs:92:6:92:7 | p1 | provenance | | +| deallocation.rs:93:6:93:7 | p2 | deallocation.rs:100:14:100:15 | p2 | provenance | | +| deallocation.rs:93:21:93:42 | ...::dangling_mut | deallocation.rs:93:21:93:44 | ...::dangling_mut(...) | provenance | Src:MaD:4 MaD:4 | +| deallocation.rs:93:21:93:44 | ...::dangling_mut(...) | deallocation.rs:93:6:93:7 | p2 | provenance | | +| deallocation.rs:94:6:94:7 | p3 | deallocation.rs:101:14:101:15 | p3 | provenance | | +| deallocation.rs:94:23:94:36 | ...::null | deallocation.rs:94:23:94:38 | ...::null(...) | provenance | Src:MaD:5 MaD:5 | +| deallocation.rs:94:23:94:38 | ...::null(...) | deallocation.rs:94:6:94:7 | p3 | provenance | | +| deallocation.rs:145:27:145:28 | p1 | deallocation.rs:148:14:148:15 | p1 | provenance | | models | 1 | Sink: lang:core; crate::ptr::read; pointer-access; Argument[0] | | 2 | Sink: lang:core; crate::ptr::write; pointer-access; Argument[0] | @@ -40,18 +53,27 @@ nodes | deallocation.rs:33:5:33:6 | m1 | semmle.label | m1 | | deallocation.rs:35:4:35:24 | ...::write::<...> | semmle.label | ...::write::<...> | | deallocation.rs:35:26:35:27 | m1 | semmle.label | m1 | -| deallocation.rs:90:6:90:7 | p1 | semmle.label | p1 | -| deallocation.rs:90:23:90:40 | ...::dangling | semmle.label | ...::dangling | -| deallocation.rs:90:23:90:42 | ...::dangling(...) | semmle.label | ...::dangling(...) | -| deallocation.rs:91:6:91:7 | p2 | semmle.label | p2 | -| deallocation.rs:91:21:91:42 | ...::dangling_mut | semmle.label | ...::dangling_mut | -| deallocation.rs:91:21:91:44 | ...::dangling_mut(...) | semmle.label | ...::dangling_mut(...) | -| deallocation.rs:92:6:92:7 | p3 | semmle.label | p3 | -| deallocation.rs:92:23:92:36 | ...::null | semmle.label | ...::null | -| deallocation.rs:92:23:92:38 | ...::null(...) | semmle.label | ...::null(...) | -| deallocation.rs:97:14:97:15 | p1 | semmle.label | p1 | -| deallocation.rs:98:14:98:15 | p2 | semmle.label | p2 | -| deallocation.rs:99:14:99:15 | p3 | semmle.label | p3 | -| deallocation.rs:143:27:143:28 | p1 | semmle.label | p1 | -| deallocation.rs:146:14:146:15 | p1 | semmle.label | p1 | +| deallocation.rs:54:23:54:24 | m2 | semmle.label | m2 | +| deallocation.rs:57:14:57:15 | m2 | semmle.label | m2 | +| deallocation.rs:58:14:58:15 | m2 | semmle.label | m2 | +| deallocation.rs:63:6:63:7 | m2 | semmle.label | m2 | +| deallocation.rs:64:6:64:7 | m2 | semmle.label | m2 | +| deallocation.rs:66:4:66:30 | ...::write::<...> | semmle.label | ...::write::<...> | +| deallocation.rs:66:32:66:33 | m2 | semmle.label | m2 | +| deallocation.rs:81:14:81:19 | my_ptr | semmle.label | my_ptr | +| deallocation.rs:84:13:84:18 | my_ptr | semmle.label | my_ptr | +| deallocation.rs:92:6:92:7 | p1 | semmle.label | p1 | +| deallocation.rs:92:23:92:40 | ...::dangling | semmle.label | ...::dangling | +| deallocation.rs:92:23:92:42 | ...::dangling(...) | semmle.label | ...::dangling(...) | +| deallocation.rs:93:6:93:7 | p2 | semmle.label | p2 | +| deallocation.rs:93:21:93:42 | ...::dangling_mut | semmle.label | ...::dangling_mut | +| deallocation.rs:93:21:93:44 | ...::dangling_mut(...) | semmle.label | ...::dangling_mut(...) | +| deallocation.rs:94:6:94:7 | p3 | semmle.label | p3 | +| deallocation.rs:94:23:94:36 | ...::null | semmle.label | ...::null | +| deallocation.rs:94:23:94:38 | ...::null(...) | semmle.label | ...::null(...) | +| deallocation.rs:99:14:99:15 | p1 | semmle.label | p1 | +| deallocation.rs:100:14:100:15 | p2 | semmle.label | p2 | +| deallocation.rs:101:14:101:15 | p3 | semmle.label | p3 | +| deallocation.rs:145:27:145:28 | p1 | semmle.label | p1 | +| deallocation.rs:148:14:148:15 | p1 | semmle.label | p1 | subpaths diff --git a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs index e8acb404253..cd3ac57c487 100644 --- a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs +++ b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs @@ -51,18 +51,19 @@ pub fn test_alloc_array(do_dangerous_writes: bool) { println!(" v1 = {v1}"); println!(" v2 = {v2}"); - std::alloc::dealloc(m2 as *mut u8, layout); // m1, m2 are now dangling + std::alloc::dealloc(m2 as *mut u8, layout); // $ Source=dealloc_array + // m1, m2 are now dangling - let v3 = (*m2)[0]; // $ MISSING: Alert - let v4 = (*m2)[1]; // $ MISSING: Alert + let v3 = (*m2)[0]; // $ Alert[rust/access-invalid-pointer]=dealloc_array + let v4 = (*m2)[1]; // $ Alert[rust/access-invalid-pointer]=dealloc_array println!(" v3 = {v3} (!)"); // corrupt in practice println!(" v4 = {v4} (!)"); // corrupt in practice if do_dangerous_writes { - (*m2)[0] = 3; // $ MISSING: Alert - (*m2)[1] = 4; // $ MISSING: Alert + (*m2)[0] = 3; // $ Alert[rust/access-invalid-pointer]=dealloc_array + (*m2)[1] = 4; // $ Alert[rust/access-invalid-pointer]=dealloc_array std::ptr::write::(m1, 5); // $ MISSING: Alert - std::ptr::write::<[u8; 10]>(m2, [6; 10]); // $ MISSING: Alert + std::ptr::write::<[u8; 10]>(m2, [6; 10]); // $ Alert[rust/access-invalid-pointer]=dealloc_array } } } @@ -77,9 +78,10 @@ pub fn test_libc() { let v1 = *my_ptr; // GOOD println!(" v1 = {v1}"); - libc::free(my_ptr as *mut libc::c_void); // my_ptr is now dangling + libc::free(my_ptr as *mut libc::c_void); // $ Source=free + // (my_ptr is now dangling) - let v2 = *my_ptr; // $ MISSING: Alert + let v2 = *my_ptr; // $ Alert[rust/access-invalid-pointer]=free println!(" v2 = {v2} (!)"); // corrupt in practice } } From 671f7dff943094abcc9e9301f206ad5ad8e521ce Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 19 Mar 2025 18:59:48 +0000 Subject: [PATCH 015/409] Rust: Query metadata. --- rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql b/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql index ba124c99d40..a1ff02bb429 100644 --- a/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql +++ b/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql @@ -3,8 +3,8 @@ * @description Dereferencing an invalid or dangling pointer is undefined behavior and may cause memory corruption. * @kind path-problem * @problem.severity error - * @security-severity TODO - * @precision TODO + * @security-severity 7.5 + * @precision high * @id rust/access-invalid-pointer * @tags reliability * security From 019fcbfbf9b0867ffd464772c93affa732e7b0be Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 20 Mar 2025 10:04:34 +0000 Subject: [PATCH 016/409] Rust: Add qhelp examples, and add them as tests. --- .../CWE-825/AccessInvalidPointerBad.rs | 10 ++++ .../CWE-825/AccessInvalidPointerGood.rs | 10 ++++ .../CWE-825/AccessInvalidPointer.expected | 4 ++ .../security/CWE-825/deallocation.rs | 47 +++++++++++++++++++ .../test/query-tests/security/CWE-825/main.rs | 3 ++ 5 files changed, 74 insertions(+) create mode 100644 rust/ql/src/queries/security/CWE-825/AccessInvalidPointerBad.rs create mode 100644 rust/ql/src/queries/security/CWE-825/AccessInvalidPointerGood.rs diff --git a/rust/ql/src/queries/security/CWE-825/AccessInvalidPointerBad.rs b/rust/ql/src/queries/security/CWE-825/AccessInvalidPointerBad.rs new file mode 100644 index 00000000000..ef635450bdd --- /dev/null +++ b/rust/ql/src/queries/security/CWE-825/AccessInvalidPointerBad.rs @@ -0,0 +1,10 @@ + +unsafe { + std::ptr::drop_in_place(ptr); // executes the destructor of `*ptr` +} + +// ... + +unsafe { + do_something(&*ptr); // BAD: dereferences `ptr` +} diff --git a/rust/ql/src/queries/security/CWE-825/AccessInvalidPointerGood.rs b/rust/ql/src/queries/security/CWE-825/AccessInvalidPointerGood.rs new file mode 100644 index 00000000000..77dbdfb9d39 --- /dev/null +++ b/rust/ql/src/queries/security/CWE-825/AccessInvalidPointerGood.rs @@ -0,0 +1,10 @@ + +unsafe { + do_something(&*ptr); // GOOD: dereferences `ptr` while it is still valid +} + +// ... + +{ + std::ptr::drop_in_place(ptr); // executes the destructor of `*ptr` +} diff --git a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected index ae7fb1dfb50..0067fcc17da 100644 --- a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected +++ b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected @@ -13,6 +13,7 @@ | deallocation.rs:100:14:100:15 | p2 | deallocation.rs:93:21:93:42 | ...::dangling_mut | deallocation.rs:100:14:100:15 | p2 | This operation dereferences a pointer that may be $@. | deallocation.rs:93:21:93:42 | ...::dangling_mut | invalid | | deallocation.rs:101:14:101:15 | p3 | deallocation.rs:94:23:94:36 | ...::null | deallocation.rs:101:14:101:15 | p3 | This operation dereferences a pointer that may be $@. | deallocation.rs:94:23:94:36 | ...::null | invalid | | deallocation.rs:148:14:148:15 | p1 | deallocation.rs:145:27:145:28 | p1 | deallocation.rs:148:14:148:15 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:145:27:145:28 | p1 | invalid | +| deallocation.rs:179:18:179:20 | ptr | deallocation.rs:173:27:173:29 | ptr | deallocation.rs:179:18:179:20 | ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:173:27:173:29 | ptr | invalid | edges | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:23:13:23:14 | m1 | provenance | | | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:25:33:25:34 | m1 | provenance | | @@ -38,6 +39,7 @@ edges | deallocation.rs:94:23:94:36 | ...::null | deallocation.rs:94:23:94:38 | ...::null(...) | provenance | Src:MaD:5 MaD:5 | | deallocation.rs:94:23:94:38 | ...::null(...) | deallocation.rs:94:6:94:7 | p3 | provenance | | | deallocation.rs:145:27:145:28 | p1 | deallocation.rs:148:14:148:15 | p1 | provenance | | +| deallocation.rs:173:27:173:29 | ptr | deallocation.rs:179:18:179:20 | ptr | provenance | | models | 1 | Sink: lang:core; crate::ptr::read; pointer-access; Argument[0] | | 2 | Sink: lang:core; crate::ptr::write; pointer-access; Argument[0] | @@ -76,4 +78,6 @@ nodes | deallocation.rs:101:14:101:15 | p3 | semmle.label | p3 | | deallocation.rs:145:27:145:28 | p1 | semmle.label | p1 | | deallocation.rs:148:14:148:15 | p1 | semmle.label | p1 | +| deallocation.rs:173:27:173:29 | ptr | semmle.label | ptr | +| deallocation.rs:179:18:179:20 | ptr | semmle.label | ptr | subpaths diff --git a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs index cd3ac57c487..69e4919b480 100644 --- a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs +++ b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs @@ -151,3 +151,50 @@ pub fn test_ptr_drop() { println!(" v4 = {v4} (!)"); // corrupt in practice } } + +fn do_something(s: &String) { + println!(" s = {}", s); +} + +fn test_qhelp_test_good(ptr: *mut String) { + unsafe { + do_something(&*ptr); + } + + // ... + + unsafe { + std::ptr::drop_in_place(ptr); + } +} + +fn test_qhelp_test_bad(ptr: *mut String) { + unsafe { + std::ptr::drop_in_place(ptr); // $ Source=drop_in_place + } + + // ... + + unsafe { + do_something(&*ptr); // $ Alert[rust/access-invalid-pointer]=drop_in_place + } +} + +pub fn test_qhelp_tests() { + let layout = std::alloc::Layout::new::<[String; 2]>(); + unsafe { + let ptr = std::alloc::alloc(layout); + let ptr_s = ptr as *mut [String; 2]; + let ptr1 = &raw mut (*ptr_s)[0]; + let ptr2 = &raw mut (*ptr_s)[1]; + + *ptr1 = String::from("123"); + *ptr2 = String::from("456"); + + test_qhelp_test_good(ptr1); + + test_qhelp_test_bad(ptr2); + + std::alloc::dealloc(ptr, layout); + } +} diff --git a/rust/ql/test/query-tests/security/CWE-825/main.rs b/rust/ql/test/query-tests/security/CWE-825/main.rs index e7a2154c326..1859ac8c721 100644 --- a/rust/ql/test/query-tests/security/CWE-825/main.rs +++ b/rust/ql/test/query-tests/security/CWE-825/main.rs @@ -123,6 +123,9 @@ fn main() { println!("test_ptr_drop:"); test_ptr_drop(); + println!("test_qhelp_tests:"); + test_qhelp_tests(); + // --- println!("test_local_dangling:"); From 7ecba71166dab89a9aad23bf3b6eee2537dfaad3 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 20 Mar 2025 11:13:28 +0000 Subject: [PATCH 017/409] Rust: Add .qhelp. --- .../CWE-825/AccessInvalidPointer.qhelp | 48 +++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.qhelp diff --git a/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.qhelp b/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.qhelp new file mode 100644 index 00000000000..78c7267a0e6 --- /dev/null +++ b/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.qhelp @@ -0,0 +1,48 @@ + + + + +

+Dereferencing an invalid or dangling pointer is undefined behavior. Memory may be corrupted +causing the program to crash or behave incorrectly, in some cases exposing the program to +potential attacks. +

+ + + + +

+When dereferencing a pointer in unsafe code, take care that the pointer is valid and +points to the intended data. Code may need to be rearranged or additional checks added to ensure +safety in all circumstances. If possible, rewrite the code using safe Rust types to avoid this +class of problems altogether. +

+ + + + +

+In the following example, std::ptr::drop_in_place is used to execute the destructor +of an object. However, a pointer to that object is dereferenced later in the program, causing +undefined behavior: +

+ + + +

+In this case undefined behavior can be avoided by rearranging the code so that the dereference +comes before the call to std::ptr::drop_in_place: +

+ + + + + + +
  • Rust Documentation: Behavior considered undefined >> Dangling pointers.
    • +
  • Rust Documentation: Module ptr - Safety.
    • + +     +     From 5831c446d331273e5da839c863bd79711c9e990c Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 20 Mar 2025 13:46:20 +0000 Subject: [PATCH 018/409] Rust: Add test cases for another situation I came across. --- .../security/CWE-825/deallocation.rs | 40 +++++++++++++++++++ .../test/query-tests/security/CWE-825/main.rs | 3 ++ 2 files changed, 43 insertions(+) diff --git a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs index 69e4919b480..30677ddc07c 100644 --- a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs +++ b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs @@ -198,3 +198,43 @@ pub fn test_qhelp_tests() { std::alloc::dealloc(ptr, layout); } } + +pub fn test_vec_reserve() { + let mut vec1 = Vec::::new(); + vec1.push(100); + let ptr1 = &raw mut vec1[0]; + + unsafe { + let v1 = *ptr1; + println!(" v1 = {}", v1); + } + + vec1.reserve(1000); // $ MISSING: Source=reserve + // (may invalidate the pointer) + + unsafe { + let v2 = *ptr1; // $ MISSING: Alert[rust/access-invalid-pointer]=reserve + println!(" v2 = {}", v2); // corrupt in practice + } + + // - + + let mut vec2 = Vec::::new(); + vec2.push(200); + let ptr2 = &raw mut vec2[0]; + + unsafe { + let v3 = *ptr2; + println!(" v3 = {}", v3); + } + + for _i in 0..1000 { + vec2.push(0); // $ MISSING: Source=push + // (may invalidate the pointer) + } + + unsafe { + let v4 = *ptr2; // $ MISSING: Alert[rust/access-invalid-pointer]=push + println!(" v4 = {}", v4); // corrupt in practice + } +} diff --git a/rust/ql/test/query-tests/security/CWE-825/main.rs b/rust/ql/test/query-tests/security/CWE-825/main.rs index 1859ac8c721..9a3dfcd2889 100644 --- a/rust/ql/test/query-tests/security/CWE-825/main.rs +++ b/rust/ql/test/query-tests/security/CWE-825/main.rs @@ -126,6 +126,9 @@ fn main() { println!("test_qhelp_tests:"); test_qhelp_tests(); + println!("test_vec_reserve:"); + test_vec_reserve(); + // --- println!("test_local_dangling:"); From 5e18e1be11f7dde5a7faef6852ca58e32373cded Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 20 Mar 2025 15:03:55 +0000 Subject: [PATCH 019/409] Rust: Autofix and US spelling. --- .../codeql/rust/security/AccessInvalidPointerExtensions.qll | 2 +- rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll b/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll index ca485273c06..9f895ef6f87 100644 --- a/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll @@ -42,7 +42,7 @@ module AccessInvalidPointer { } /** - * A pointer invalidation from an argument of a modelled call (this is a workaround). + * A pointer invalidation from an argument of a modeled call (this is a workaround). */ private class ModelsAsDataArgumentSource extends Source { ModelsAsDataArgumentSource() { diff --git a/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql b/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql index a1ff02bb429..cb474d0bb0f 100644 --- a/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql +++ b/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql @@ -32,4 +32,5 @@ module AccessInvalidPointerFlow = DataFlow::Global; from AccessInvalidPointerFlow::PathNode sourceNode, AccessInvalidPointerFlow::PathNode sinkNode where AccessInvalidPointerFlow::flowPath(sourceNode, sinkNode) -select sinkNode.getNode(), sourceNode, sinkNode, "This operation dereferences a pointer that may be $@.", sourceNode.getNode(), "invalid" +select sinkNode.getNode(), sourceNode, sinkNode, + "This operation dereferences a pointer that may be $@.", sourceNode.getNode(), "invalid" From c6c4e3cf16f71793db8661f281fbd5aad436b824 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 20 Mar 2025 15:16:17 +0000 Subject: [PATCH 020/409] Rust: Add another reference. --- rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.qhelp | 1 + 1 file changed, 1 insertion(+) diff --git a/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.qhelp b/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.qhelp index 78c7267a0e6..2981564b9ee 100644 --- a/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.qhelp +++ b/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.qhelp @@ -43,6 +43,7 @@ comes before the call to std::ptr::drop_in_place:
  • Rust Documentation: Behavior considered undefined >> Dangling pointers.
  • Rust Documentation: Module ptr - Safety.
    • +
  • Massachusetts Institute of Technology: Unsafe Rust - Dereferencing a Raw Pointer.
    •  From 98690f924a1dd829c42fbc70578c9dfb7bda473f Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 20 Mar 2025 15:38:54 +0000 Subject: [PATCH 021/409] Rust: Incidental changes to other .expected files. --- .../query-tests/security/CWE-020/RegexInjection.expected | 8 ++++---- .../utils-tests/modelgenerator/CaptureSinkModels.expected | 4 ++++ 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected b/rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected index e204b5a3926..0e1ea0fb063 100644 --- a/rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected +++ b/rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected @@ -2,15 +2,15 @@ | main.rs:6:25:6:30 | ®ex | main.rs:4:20:4:32 | ...::var | main.rs:6:25:6:30 | ®ex | This regular expression is constructed from a $@. | main.rs:4:20:4:32 | ...::var | user-provided value | edges | main.rs:4:9:4:16 | username | main.rs:5:25:5:44 | MacroExpr | provenance | | -| main.rs:4:20:4:32 | ...::var | main.rs:4:20:4:40 | ...::var(...) [Ok] | provenance | Src:MaD:62 | -| main.rs:4:20:4:40 | ...::var(...) [Ok] | main.rs:4:20:4:66 | ... .unwrap_or(...) | provenance | MaD:1593 | +| main.rs:4:20:4:32 | ...::var | main.rs:4:20:4:40 | ...::var(...) [Ok] | provenance | Src:MaD:63 | +| main.rs:4:20:4:40 | ...::var(...) [Ok] | main.rs:4:20:4:66 | ... .unwrap_or(...) | provenance | MaD:1607 | | main.rs:4:20:4:66 | ... .unwrap_or(...) | main.rs:4:9:4:16 | username | provenance | | | main.rs:5:9:5:13 | regex | main.rs:6:26:6:30 | regex | provenance | | | main.rs:5:17:5:45 | res | main.rs:5:25:5:44 | { ... } | provenance | | | main.rs:5:25:5:44 | ...::format(...) | main.rs:5:17:5:45 | res | provenance | | | main.rs:5:25:5:44 | ...::must_use(...) | main.rs:5:9:5:13 | regex | provenance | | -| main.rs:5:25:5:44 | MacroExpr | main.rs:5:25:5:44 | ...::format(...) | provenance | MaD:66 | -| main.rs:5:25:5:44 | { ... } | main.rs:5:25:5:44 | ...::must_use(...) | provenance | MaD:3016 | +| main.rs:5:25:5:44 | MacroExpr | main.rs:5:25:5:44 | ...::format(...) | provenance | MaD:67 | +| main.rs:5:25:5:44 | { ... } | main.rs:5:25:5:44 | ...::must_use(...) | provenance | MaD:3030 | | main.rs:6:26:6:30 | regex | main.rs:6:25:6:30 | ®ex | provenance | | nodes | main.rs:4:9:4:16 | username | semmle.label | username | diff --git a/rust/ql/test/utils-tests/modelgenerator/CaptureSinkModels.expected b/rust/ql/test/utils-tests/modelgenerator/CaptureSinkModels.expected index cb6fc390349..12afcda158b 100644 --- a/rust/ql/test/utils-tests/modelgenerator/CaptureSinkModels.expected +++ b/rust/ql/test/utils-tests/modelgenerator/CaptureSinkModels.expected @@ -1,2 +1,6 @@ unexpectedModel +| Unexpected sink found: repo::test;::replace;Argument[self];pointer-access;df-generated | +| Unexpected sink found: repo::test;::take;Argument[self];pointer-access;df-generated | +| Unexpected sink found: repo::test;::take_if;Argument[self];pointer-access;df-generated | +| Unexpected sink found: repo::test;crate::option::replace;Argument[0];pointer-access;df-generated | expectedModel From 91d273ad761f3ec64808b9727af847d5b901aca8 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 20 Mar 2025 15:49:55 +0000 Subject: [PATCH 022/409] Rust: I think these generated models are correct. Accept them. --- .../utils-tests/modelgenerator/CaptureSinkModels.expected | 4 ---- rust/ql/test/utils-tests/modelgenerator/option.rs | 4 ++++ 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/rust/ql/test/utils-tests/modelgenerator/CaptureSinkModels.expected b/rust/ql/test/utils-tests/modelgenerator/CaptureSinkModels.expected index 12afcda158b..cb6fc390349 100644 --- a/rust/ql/test/utils-tests/modelgenerator/CaptureSinkModels.expected +++ b/rust/ql/test/utils-tests/modelgenerator/CaptureSinkModels.expected @@ -1,6 +1,2 @@ unexpectedModel -| Unexpected sink found: repo::test;::replace;Argument[self];pointer-access;df-generated | -| Unexpected sink found: repo::test;::take;Argument[self];pointer-access;df-generated | -| Unexpected sink found: repo::test;::take_if;Argument[self];pointer-access;df-generated | -| Unexpected sink found: repo::test;crate::option::replace;Argument[0];pointer-access;df-generated | expectedModel diff --git a/rust/ql/test/utils-tests/modelgenerator/option.rs b/rust/ql/test/utils-tests/modelgenerator/option.rs index 774cce8c38f..5e2e2391ba7 100644 --- a/rust/ql/test/utils-tests/modelgenerator/option.rs +++ b/rust/ql/test/utils-tests/modelgenerator/option.rs @@ -10,6 +10,7 @@ use core::{hint, mem}; // summary=repo::test;crate::option::replace;Argument[0].Reference;ReturnValue;value;dfc-generated // summary=repo::test;crate::option::replace;Argument[1];Argument[0].Reference;value;dfc-generated +// sink=repo::test;crate::option::replace;Argument[0];pointer-access;df-generated pub fn replace(dest: &mut T, src: T) -> T { unsafe { let result = ptr::read(dest); @@ -338,6 +339,7 @@ impl MyOption { } // summary=repo::test;::take;Argument[self].Reference;ReturnValue;value;dfc-generated + // sink=repo::test;::take;Argument[self];pointer-access;df-generated pub fn take(&mut self) -> MyOption { // FIXME(const-hack) replace `mem::replace` by `mem::take` when the latter is const ready replace(self, MyNone) @@ -345,6 +347,7 @@ impl MyOption { // summary=repo::test;::take_if;Argument[self].Reference.Field[crate::option::MyOption::MySome(0)];Argument[0].Parameter[0].Reference;value;dfc-generated // summary=repo::test;::take_if;Argument[self].Reference;ReturnValue;value;dfc-generated + // sink=repo::test;::take_if;Argument[self];pointer-access;df-generated pub fn take_if

    (&mut self, predicate: P) -> MyOption where P: FnOnce(&mut T) -> bool, @@ -358,6 +361,7 @@ impl MyOption { // summary=repo::test;::replace;Argument[0];Argument[self].Reference.Field[crate::option::MyOption::MySome(0)];value;dfc-generated // summary=repo::test;::replace;Argument[self].Reference;ReturnValue;value;dfc-generated + // sink=repo::test;::replace;Argument[self];pointer-access;df-generated pub fn replace(&mut self, value: T) -> MyOption { replace(self, MySome(value)) } From e44f7f946fa1f4514074de01a5023f3852e0191b Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Fri, 21 Mar 2025 09:45:50 +0000 Subject: [PATCH 023/409] Sort package paths in vendor/modules.txt --- .../semmle/go/frameworks/Beego/vendor/modules.txt | 2 +- .../semmle/go/frameworks/GoMicro/vendor/modules.txt | 2 +- go/ql/test/query-tests/Security/CWE-089/vendor/modules.txt | 2 +- go/ql/test/query-tests/Security/CWE-643/vendor/modules.txt | 4 ++-- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/go/ql/test/library-tests/semmle/go/frameworks/Beego/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/frameworks/Beego/vendor/modules.txt index 2ec05197130..d1bcf3037c5 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/Beego/vendor/modules.txt +++ b/go/ql/test/library-tests/semmle/go/frameworks/Beego/vendor/modules.txt @@ -1,9 +1,9 @@ # github.com/astaxie/beego v1.12.3 ## explicit -github.com/astaxie/beego/utils github.com/astaxie/beego github.com/astaxie/beego/context github.com/astaxie/beego/logs +github.com/astaxie/beego/utils # github.com/beego/beego/v2 v2.1.2 ## explicit github.com/beego/beego/v2/server/web diff --git a/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/vendor/modules.txt index 4235d352598..a0326204190 100644 --- a/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/vendor/modules.txt +++ b/go/ql/test/library-tests/semmle/go/frameworks/GoMicro/vendor/modules.txt @@ -1,9 +1,9 @@ # go-micro.dev/v4 v4.10.2 ## explicit +go-micro.dev/v4 go-micro.dev/v4/api go-micro.dev/v4/client go-micro.dev/v4/server -go-micro.dev/v4 # google.golang.org/protobuf v1.28.1 ## explicit google.golang.org/protobuf/proto diff --git a/go/ql/test/query-tests/Security/CWE-089/vendor/modules.txt b/go/ql/test/query-tests/Security/CWE-089/vendor/modules.txt index b0de76d4f88..020db5bbe9c 100644 --- a/go/ql/test/query-tests/Security/CWE-089/vendor/modules.txt +++ b/go/ql/test/query-tests/Security/CWE-089/vendor/modules.txt @@ -3,6 +3,6 @@ github.com/Masterminds/squirrel # go.mongodb.org/mongo-driver v1.3.3 ## explicit +go.mongodb.org/mongo-driver/bson go.mongodb.org/mongo-driver/mongo go.mongodb.org/mongo-driver/mongo/options -go.mongodb.org/mongo-driver/bson diff --git a/go/ql/test/query-tests/Security/CWE-643/vendor/modules.txt b/go/ql/test/query-tests/Security/CWE-643/vendor/modules.txt index a852f50be92..36b5fdf2ae0 100644 --- a/go/ql/test/query-tests/Security/CWE-643/vendor/modules.txt +++ b/go/ql/test/query-tests/Security/CWE-643/vendor/modules.txt @@ -1,7 +1,7 @@ # github.com/ChrisTrenkamp/goxpath v0.0.0-20190607011252-c5096ec8773d ## explicit -github.com/ChrisTrenkamp/goxpath/tree github.com/ChrisTrenkamp/goxpath +github.com/ChrisTrenkamp/goxpath/tree # github.com/antchfx/htmlquery v1.2.2 ## explicit github.com/antchfx/htmlquery @@ -19,8 +19,8 @@ github.com/antchfx/xpath github.com/go-xmlpath/xmlpath # github.com/jbowtie/gokogiri v0.0.0-20190301021639-37f655d3078f ## explicit -github.com/jbowtie/gokogiri/xpath github.com/jbowtie/gokogiri/xml +github.com/jbowtie/gokogiri/xpath # github.com/lestrrat-go/libxml2 v0.0.0-20231124114421-99c71026c2f5 ## explicit github.com/lestrrat-go/libxml2/parser From af6e1bda4c5bc02e1833289d69e219f8c26349a3 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Thu, 20 Mar 2025 15:18:19 +0100 Subject: [PATCH 024/409] C#: Extract alignment and format clauses of string interpolation expressions. --- .../SymbolExtensions.cs | 9 ++++ .../Entities/Expressions/Binary.cs | 2 +- .../Entities/Expressions/ImplicitToString.cs | 7 +-- .../Expressions/InterpolatedString.cs | 11 +--- .../Expressions/InterpolatedStringInsert.cs | 41 +++++++++++++++ .../Kinds/ExprKind.cs | 1 + .../internal/TaintTrackingPrivate.qll | 3 ++ .../ql/lib/semmle/code/csharp/exprs/Expr.qll | 51 ++++++++++++++++--- csharp/ql/lib/semmlecode.csharp.dbscheme | 1 + 9 files changed, 104 insertions(+), 22 deletions(-) create mode 100644 csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/InterpolatedStringInsert.cs diff --git a/csharp/extractor/Semmle.Extraction.CSharp/CodeAnalysisExtensions/SymbolExtensions.cs b/csharp/extractor/Semmle.Extraction.CSharp/CodeAnalysisExtensions/SymbolExtensions.cs index cb1f36f8a2d..72f78f16059 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/CodeAnalysisExtensions/SymbolExtensions.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/CodeAnalysisExtensions/SymbolExtensions.cs @@ -29,6 +29,15 @@ namespace Semmle.Extraction.CSharp symbol is null ? (AnnotatedTypeSymbol?)null : new AnnotatedTypeSymbol(symbol, NullableAnnotation.None); } + internal static class AnnotatedTypeSymbolExtensions + { + ///

    + /// Returns true if the type is a string type. + /// + public static bool IsStringType(this AnnotatedTypeSymbol? type) => + type.HasValue && type.Value.Symbol?.SpecialType == SpecialType.System_String; + } + internal static class SymbolExtensions { /// diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Binary.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Binary.cs index eeb1b9ba63b..d4cc5cc81d5 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Binary.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/Binary.cs @@ -18,7 +18,7 @@ namespace Semmle.Extraction.CSharp.Entities.Expressions { // If this is a "+" expression we might need to wrap the child expressions // in ToString calls - return Kind == ExprKind.ADD + return Kind == ExprKind.ADD && Type.IsStringType() ? ImplicitToString.Create(cx, node, this, child) : Create(cx, node, this, child); } diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/ImplicitToString.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/ImplicitToString.cs index 32c00f8a729..bebc0c2c5d8 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/ImplicitToString.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/ImplicitToString.cs @@ -39,16 +39,13 @@ namespace Semmle.Extraction.CSharp.Entities.Expressions Context.TrapWriter.Writer.expr_call(this, target); } - private static bool IsStringType(AnnotatedTypeSymbol? type) => - type.HasValue && type.Value.Symbol?.SpecialType == SpecialType.System_String; - /// /// Creates a new expression, adding a compiler generated `ToString` call if required. /// - public static Expression Create(Context cx, ExpressionSyntax node, Expression parent, int child) + public static Expression Create(Context cx, ExpressionSyntax node, IExpressionParentEntity parent, int child) { var info = new ExpressionNodeInfo(cx, node, parent, child); - return CreateFromNode(info.SetImplicitToString(IsStringType(parent.Type) && !IsStringType(info.Type))); + return CreateFromNode(info.SetImplicitToString(!info.Type.IsStringType())); } /// diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/InterpolatedString.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/InterpolatedString.cs index 6d17d1e7f17..5cd13dffe20 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/InterpolatedString.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/InterpolatedString.cs @@ -1,5 +1,4 @@ using System.IO; -using Microsoft.CodeAnalysis; using Microsoft.CodeAnalysis.CSharp; using Microsoft.CodeAnalysis.CSharp.Syntax; using Semmle.Extraction.Kinds; @@ -21,15 +20,7 @@ namespace Semmle.Extraction.CSharp.Entities.Expressions { case SyntaxKind.Interpolation: var interpolation = (InterpolationSyntax)c; - var exp = interpolation.Expression; - if (Context.GetTypeInfo(exp).Type is ITypeSymbol type && !type.ImplementsIFormattable()) - { - ImplicitToString.Create(Context, exp, this, child++); - } - else - { - Create(Context, exp, this, child++); - } + new InterpolatedStringInsert(Context, interpolation, this, child++); break; case SyntaxKind.InterpolatedStringText: // Create a string literal diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/InterpolatedStringInsert.cs b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/InterpolatedStringInsert.cs new file mode 100644 index 00000000000..beac4bc64a6 --- /dev/null +++ b/csharp/extractor/Semmle.Extraction.CSharp/Entities/Expressions/InterpolatedStringInsert.cs @@ -0,0 +1,41 @@ +using Microsoft.CodeAnalysis; +using Microsoft.CodeAnalysis.CSharp.Syntax; +using Semmle.Extraction.Kinds; + +namespace Semmle.Extraction.CSharp.Entities.Expressions +{ + internal class InterpolatedStringInsert : Expression + { + public InterpolatedStringInsert(Context cx, InterpolationSyntax syntax, Expression parent, int child) : + base(new ExpressionInfo(cx, null, cx.CreateLocation(syntax.GetLocation()), ExprKind.INTERPOLATED_STRING_INSERT, parent, child, isCompilerGenerated: false, null)) + { + var exp = syntax.Expression; + if (parent.Type.IsStringType() && + cx.GetTypeInfo(exp).Type is ITypeSymbol type && + !type.ImplementsIFormattable()) + { + ImplicitToString.Create(cx, exp, this, 0); + } + else + { + Create(cx, exp, this, 0); + } + + // Hardcode the child number of the optional alignment clause to 1 and format clause to 2. + // This simplifies the logic in QL. + if (syntax.AlignmentClause?.Value is ExpressionSyntax alignment) + { + Create(cx, alignment, this, 1); + } + + if (syntax.FormatClause is InterpolationFormatClauseSyntax format) + { + var f = format.FormatStringToken.ValueText; + var t = AnnotatedTypeSymbol.CreateNotAnnotated(cx.Compilation.GetSpecialType(SpecialType.System_String)); + new Expression(new ExpressionInfo(cx, t, cx.CreateLocation(format.GetLocation()), ExprKind.UTF16_STRING_LITERAL, this, 2, isCompilerGenerated: false, f)); + } + + } + } + +} diff --git a/csharp/extractor/Semmle.Extraction.CSharp/Kinds/ExprKind.cs b/csharp/extractor/Semmle.Extraction.CSharp/Kinds/ExprKind.cs index 297acda9524..46a69419284 100644 --- a/csharp/extractor/Semmle.Extraction.CSharp/Kinds/ExprKind.cs +++ b/csharp/extractor/Semmle.Extraction.CSharp/Kinds/ExprKind.cs @@ -132,6 +132,7 @@ namespace Semmle.Extraction.Kinds UTF8_STRING_LITERAL = 135, COLLECTION = 136, SPREAD_ELEMENT = 137, + INTERPOLATED_STRING_INSERT = 138, DEFINE_SYMBOL = 999, } } diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll index 1a044a77777..b7681994e2c 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/TaintTrackingPrivate.qll @@ -66,6 +66,9 @@ private class LocalTaintExprStepConfiguration extends ControlFlowReachabilityCon e1 = e2.(InterpolatedStringExpr).getAChild() and scope = e2 or + e1 = e2.(InterpolatedStringInsertExpr).getInsert() and + scope = e2 + or e2 = any(OperatorCall oc | oc.getTarget().(ConversionOperator).fromLibrary() and diff --git a/csharp/ql/lib/semmle/code/csharp/exprs/Expr.qll b/csharp/ql/lib/semmle/code/csharp/exprs/Expr.qll index 85676bbd270..ada01065258 100644 --- a/csharp/ql/lib/semmle/code/csharp/exprs/Expr.qll +++ b/csharp/ql/lib/semmle/code/csharp/exprs/Expr.qll @@ -34,8 +34,9 @@ private import semmle.code.csharp.TypeRef * `as` expression (`AsExpr`), a cast (`CastExpr`), a `typeof` expression * (`TypeofExpr`), a `default` expression (`DefaultValueExpr`), an `await` * expression (`AwaitExpr`), a `nameof` expression (`NameOfExpr`), an - * interpolated string (`InterpolatedStringExpr`), a qualifiable expression - * (`QualifiableExpr`), or a literal (`Literal`). + * interpolated string (`InterpolatedStringExpr`), an interpolated string + * insert (`InterpolatedStringInsertExpr`), a qualifiable expression (`QualifiableExpr`), + * or a literal (`Literal`). */ class Expr extends ControlFlowElement, @expr { override Location getALocation() { expr_location(this, result) } @@ -917,6 +918,40 @@ class NameOfExpr extends Expr, @nameof_expr { override string getAPrimaryQlClass() { result = "NameOfExpr" } } +/** + * An interpolated string insert, for example `{pi, align:F3}` on line 3 in + * + * ```csharp + * void Pi() { + * float pi = 3.14159f; + * Console.WriteLine($"Hello Pi, {pi,6:F3}"); + * } + * ``` + */ +class InterpolatedStringInsertExpr extends Expr, @interpolated_string_insert_expr { + override string toString() { result = "{...}" } + + override string getAPrimaryQlClass() { result = "InterpolatedStringInsertExpr" } + + /** + * Gets the insert expression in this interpolated string insert. For + * example, the insert expression in `{pi, align:F3}` is `pi`. + */ + Expr getInsert() { result = this.getChild(0) } + + /** + * Gets the alignment expression in this interpolated string insert, if any. + * For example, the alignment expression in `{pi, align:F3}` is `align`. + */ + Expr getAlignment() { result = this.getChild(1) } + + /** + * Gets the format expression in this interpolated string insert, if any. + * For example, the format expression in `{pi, align:F3}` is `F3`. + */ + StringLiteral getFormat() { result = this.getChild(2) } +} + /** * An interpolated string, for example `$"Hello, {name}!"` on line 2 in * @@ -931,16 +966,20 @@ class InterpolatedStringExpr extends Expr, @interpolated_string_expr { override string getAPrimaryQlClass() { result = "InterpolatedStringExpr" } + /** + * Gets the interpolated string insert at index `i` in this interpolated string, if any. + * For example, the interpolated string insert at index `i = 1` is `{pi, align:F3}` + * in `$"Hello, {pi, align:F3}!"`. + */ + InterpolatedStringInsertExpr getInterpolatedInsert(int i) { result = this.getChild(i) } + /** * Gets the insert at index `i` in this interpolated string, if any. For * example, the insert at index `i = 1` is `name` in `$"Hello, {name}!"`. * Note that there is no insert at index `i = 0`, but instead a text * element (`getText(0)` gets the text). */ - Expr getInsert(int i) { - result = this.getChild(i) and - not result instanceof StringLiteral - } + Expr getInsert(int i) { result = this.getInterpolatedInsert(i).getInsert() } /** * Gets the text element at index `i` in this interpolated string, if any. diff --git a/csharp/ql/lib/semmlecode.csharp.dbscheme b/csharp/ql/lib/semmlecode.csharp.dbscheme index a2bda57dbc6..66044cfa5bb 100644 --- a/csharp/ql/lib/semmlecode.csharp.dbscheme +++ b/csharp/ql/lib/semmlecode.csharp.dbscheme @@ -1168,6 +1168,7 @@ case @expr.kind of /* C# 12.0 */ | 136 = @collection_expr | 137 = @spread_element_expr +| 138 = @interpolated_string_insert_expr /* Preprocessor */ | 999 = @define_symbol_expr ; From 2ca5ec00321f5cb2a17b1ffa1514c26dc917e65d Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Thu, 20 Mar 2025 15:43:03 +0100 Subject: [PATCH 025/409] C#: Add some string interpolation tests with alignment and formatting. --- .../StringInterpolation.cs | 17 +++++++++++++ .../library-tests/stringinterpolation/options | 2 ++ .../stringInterpolation.expected | 23 +++++++++++++++++ .../stringInterpolation.ql | 25 +++++++++++++++++++ 4 files changed, 67 insertions(+) create mode 100644 csharp/ql/test/library-tests/stringinterpolation/StringInterpolation.cs create mode 100644 csharp/ql/test/library-tests/stringinterpolation/options create mode 100644 csharp/ql/test/library-tests/stringinterpolation/stringInterpolation.expected create mode 100644 csharp/ql/test/library-tests/stringinterpolation/stringInterpolation.ql diff --git a/csharp/ql/test/library-tests/stringinterpolation/StringInterpolation.cs b/csharp/ql/test/library-tests/stringinterpolation/StringInterpolation.cs new file mode 100644 index 00000000000..d14c3d75e46 --- /dev/null +++ b/csharp/ql/test/library-tests/stringinterpolation/StringInterpolation.cs @@ -0,0 +1,17 @@ +using System; + +public class MyStringInterpolationClass +{ + + public void M() + { + float i = 3.14159f; + const int align = 5; + var x1 = $"Hello, Pi {i}"; + var x2 = $"Hello, Pi {i:F1}"; + var x3 = $"Hello, Pi {i,6}"; + var x4 = $"Hello, Pi {i,6:F3}"; + var x5 = $"Hello, Pi {i,align}"; + var x6 = $"Hello, Pi {i,align:F2}"; + } +} diff --git a/csharp/ql/test/library-tests/stringinterpolation/options b/csharp/ql/test/library-tests/stringinterpolation/options new file mode 100644 index 00000000000..77b22963f5c --- /dev/null +++ b/csharp/ql/test/library-tests/stringinterpolation/options @@ -0,0 +1,2 @@ +semmle-extractor-options: /nostdlib /noconfig +semmle-extractor-options: --load-sources-from-project:${testdir}/../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj diff --git a/csharp/ql/test/library-tests/stringinterpolation/stringInterpolation.expected b/csharp/ql/test/library-tests/stringinterpolation/stringInterpolation.expected new file mode 100644 index 00000000000..9ce88ad83c3 --- /dev/null +++ b/csharp/ql/test/library-tests/stringinterpolation/stringInterpolation.expected @@ -0,0 +1,23 @@ +inserts +| StringInterpolation.cs:10:18:10:33 | $"..." | StringInterpolation.cs:10:31:10:31 | access to local variable i | +| StringInterpolation.cs:11:18:11:36 | $"..." | StringInterpolation.cs:11:31:11:31 | access to local variable i | +| StringInterpolation.cs:12:18:12:35 | $"..." | StringInterpolation.cs:12:31:12:31 | access to local variable i | +| StringInterpolation.cs:13:18:13:38 | $"..." | StringInterpolation.cs:13:31:13:31 | access to local variable i | +| StringInterpolation.cs:14:18:14:39 | $"..." | StringInterpolation.cs:14:31:14:31 | access to local variable i | +| StringInterpolation.cs:15:18:15:42 | $"..." | StringInterpolation.cs:15:31:15:31 | access to local variable i | +texts +| StringInterpolation.cs:10:18:10:33 | $"..." | StringInterpolation.cs:10:20:10:29 | "Hello, Pi " | +| StringInterpolation.cs:11:18:11:36 | $"..." | StringInterpolation.cs:11:20:11:29 | "Hello, Pi " | +| StringInterpolation.cs:12:18:12:35 | $"..." | StringInterpolation.cs:12:20:12:29 | "Hello, Pi " | +| StringInterpolation.cs:13:18:13:38 | $"..." | StringInterpolation.cs:13:20:13:29 | "Hello, Pi " | +| StringInterpolation.cs:14:18:14:39 | $"..." | StringInterpolation.cs:14:20:14:29 | "Hello, Pi " | +| StringInterpolation.cs:15:18:15:42 | $"..." | StringInterpolation.cs:15:20:15:29 | "Hello, Pi " | +interpolationInsertsWithAlign +| StringInterpolation.cs:12:18:12:35 | $"..." | StringInterpolation.cs:12:31:12:31 | access to local variable i | StringInterpolation.cs:12:33:12:33 | 6 | +| StringInterpolation.cs:13:18:13:38 | $"..." | StringInterpolation.cs:13:31:13:31 | access to local variable i | StringInterpolation.cs:13:33:13:33 | 6 | +| StringInterpolation.cs:14:18:14:39 | $"..." | StringInterpolation.cs:14:31:14:31 | access to local variable i | StringInterpolation.cs:14:33:14:37 | access to local variable align | +| StringInterpolation.cs:15:18:15:42 | $"..." | StringInterpolation.cs:15:31:15:31 | access to local variable i | StringInterpolation.cs:15:33:15:37 | access to local variable align | +interpolationInsertsWithFormat +| StringInterpolation.cs:11:18:11:36 | $"..." | StringInterpolation.cs:11:31:11:31 | access to local variable i | StringInterpolation.cs:11:32:11:34 | "F1" | +| StringInterpolation.cs:13:18:13:38 | $"..." | StringInterpolation.cs:13:31:13:31 | access to local variable i | StringInterpolation.cs:13:34:13:36 | "F3" | +| StringInterpolation.cs:15:18:15:42 | $"..." | StringInterpolation.cs:15:31:15:31 | access to local variable i | StringInterpolation.cs:15:38:15:40 | "F2" | diff --git a/csharp/ql/test/library-tests/stringinterpolation/stringInterpolation.ql b/csharp/ql/test/library-tests/stringinterpolation/stringInterpolation.ql new file mode 100644 index 00000000000..21b33b12b56 --- /dev/null +++ b/csharp/ql/test/library-tests/stringinterpolation/stringInterpolation.ql @@ -0,0 +1,25 @@ +import csharp + +query predicate inserts(InterpolatedStringExpr expr, Expr e) { + expr.getAnInsert() = e // and inSpecificSource(expr) +} + +query predicate texts(InterpolatedStringExpr expr, StringLiteral literal) { + expr.getAText() = literal // and inSpecificSource(expr) +} + +query predicate interpolationInsertsWithAlign(InterpolatedStringExpr expr, Expr insert, Expr align) { + exists(InterpolatedStringInsertExpr e | expr.getInterpolatedInsert(_) = e | + insert = e.getInsert() and + align = e.getAlignment() + ) +} + +query predicate interpolationInsertsWithFormat( + InterpolatedStringExpr expr, Expr insert, StringLiteral format +) { + exists(InterpolatedStringInsertExpr e | expr.getInterpolatedInsert(_) = e | + insert = e.getInsert() and + format = e.getFormat() + ) +} From a73a61b8fa3916211950688690003867ba85f5c4 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Fri, 21 Mar 2025 12:35:49 +0100 Subject: [PATCH 026/409] C#: Add PrintAst test for string interpolation expressions. --- .../stringinterpolation/PrintAst.expected | 70 +++++++++++++++++++ .../stringinterpolation/PrintAst.qlref | 1 + 2 files changed, 71 insertions(+) create mode 100644 csharp/ql/test/library-tests/stringinterpolation/PrintAst.expected create mode 100644 csharp/ql/test/library-tests/stringinterpolation/PrintAst.qlref diff --git a/csharp/ql/test/library-tests/stringinterpolation/PrintAst.expected b/csharp/ql/test/library-tests/stringinterpolation/PrintAst.expected new file mode 100644 index 00000000000..6529f9feed5 --- /dev/null +++ b/csharp/ql/test/library-tests/stringinterpolation/PrintAst.expected @@ -0,0 +1,70 @@ +StringInterpolation.cs: +# 3| [Class] MyStringInterpolationClass +# 6| 5: [Method] M +# 6| -1: [TypeMention] Void +# 7| 4: [BlockStmt] {...} +# 8| 0: [LocalVariableDeclStmt] ... ...; +# 8| 0: [LocalVariableDeclAndInitExpr] Single i = ... +# 8| -1: [TypeMention] float +# 8| 0: [LocalVariableAccess] access to local variable i +# 8| 1: [FloatLiteral] 3.14159 +# 9| 1: [LocalConstantDeclStmt] const ... ...; +# 9| 0: [LocalVariableDeclAndInitExpr] Int32 align = ... +# 9| -1: [TypeMention] int +# 9| 0: [LocalVariableAccess] access to local variable align +# 9| 1: [IntLiteral] 5 +# 10| 2: [LocalVariableDeclStmt] ... ...; +# 10| 0: [LocalVariableDeclAndInitExpr] String x1 = ... +# 10| -1: [TypeMention] string +# 10| 0: [LocalVariableAccess] access to local variable x1 +# 10| 1: [InterpolatedStringExpr] $"..." +# 10| 0: [StringLiteralUtf16] "Hello, Pi " +# 10| 1: [InterpolatedStringInsertExpr] {...} +# 10| 0: [LocalVariableAccess] access to local variable i +# 11| 3: [LocalVariableDeclStmt] ... ...; +# 11| 0: [LocalVariableDeclAndInitExpr] String x2 = ... +# 11| -1: [TypeMention] string +# 11| 0: [LocalVariableAccess] access to local variable x2 +# 11| 1: [InterpolatedStringExpr] $"..." +# 11| 0: [StringLiteralUtf16] "Hello, Pi " +# 11| 1: [InterpolatedStringInsertExpr] {...} +# 11| 0: [LocalVariableAccess] access to local variable i +# 11| 2: [StringLiteralUtf16] "F1" +# 12| 4: [LocalVariableDeclStmt] ... ...; +# 12| 0: [LocalVariableDeclAndInitExpr] String x3 = ... +# 12| -1: [TypeMention] string +# 12| 0: [LocalVariableAccess] access to local variable x3 +# 12| 1: [InterpolatedStringExpr] $"..." +# 12| 0: [StringLiteralUtf16] "Hello, Pi " +# 12| 1: [InterpolatedStringInsertExpr] {...} +# 12| 0: [LocalVariableAccess] access to local variable i +# 12| 1: [IntLiteral] 6 +# 13| 5: [LocalVariableDeclStmt] ... ...; +# 13| 0: [LocalVariableDeclAndInitExpr] String x4 = ... +# 13| -1: [TypeMention] string +# 13| 0: [LocalVariableAccess] access to local variable x4 +# 13| 1: [InterpolatedStringExpr] $"..." +# 13| 0: [StringLiteralUtf16] "Hello, Pi " +# 13| 1: [InterpolatedStringInsertExpr] {...} +# 13| 0: [LocalVariableAccess] access to local variable i +# 13| 1: [IntLiteral] 6 +# 13| 2: [StringLiteralUtf16] "F3" +# 14| 6: [LocalVariableDeclStmt] ... ...; +# 14| 0: [LocalVariableDeclAndInitExpr] String x5 = ... +# 14| -1: [TypeMention] string +# 14| 0: [LocalVariableAccess] access to local variable x5 +# 14| 1: [InterpolatedStringExpr] $"..." +# 14| 0: [StringLiteralUtf16] "Hello, Pi " +# 14| 1: [InterpolatedStringInsertExpr] {...} +# 14| 0: [LocalVariableAccess] access to local variable i +# 14| 1: [LocalVariableAccess] access to local variable align +# 15| 7: [LocalVariableDeclStmt] ... ...; +# 15| 0: [LocalVariableDeclAndInitExpr] String x6 = ... +# 15| -1: [TypeMention] string +# 15| 0: [LocalVariableAccess] access to local variable x6 +# 15| 1: [InterpolatedStringExpr] $"..." +# 15| 0: [StringLiteralUtf16] "Hello, Pi " +# 15| 1: [InterpolatedStringInsertExpr] {...} +# 15| 0: [LocalVariableAccess] access to local variable i +# 15| 1: [LocalVariableAccess] access to local variable align +# 15| 2: [StringLiteralUtf16] "F2" diff --git a/csharp/ql/test/library-tests/stringinterpolation/PrintAst.qlref b/csharp/ql/test/library-tests/stringinterpolation/PrintAst.qlref new file mode 100644 index 00000000000..f867dd01f9f --- /dev/null +++ b/csharp/ql/test/library-tests/stringinterpolation/PrintAst.qlref @@ -0,0 +1 @@ +shared/PrintAst.ql \ No newline at end of file From 5ae7e5ddb3890de6369a6be488d45fcee416d819 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Fri, 21 Mar 2025 12:44:46 +0100 Subject: [PATCH 027/409] C#: Update other test expected output files. --- .../controlflow/graph/BasicBlock.expected | 18 +++---- .../controlflow/graph/Dominance.expected | 54 ++++++++++++------- .../graph/EnclosingCallable.expected | 9 ++++ .../controlflow/graph/EntryElement.expected | 9 ++++ .../controlflow/graph/ExitElement.expected | 9 ++++ .../controlflow/graph/NodeGraph.expected | 27 ++++++---- .../library-tests/csharp11/PrintAst.expected | 26 +++++---- .../csharp6/InterpolatedStringExpr.expected | 16 +++--- .../library-tests/csharp6/PrintAst.expected | 44 ++++++++------- .../library-tests/csharp7.3/PrintAst.expected | 3 +- .../library-tests/csharp7/IsFlow.expected | 12 +++-- .../csharp7/LocalTaintFlow.expected | 18 ++++--- .../library-tests/csharp7/PrintAst.expected | 18 ++++--- .../library-tests/csharp8/PrintAst.expected | 6 ++- .../library-tests/csharp9/PrintAst.expected | 5 +- .../implicittostring/PrintAst.expected | 10 ++-- .../dataflow/local/TaintTrackingStep.expected | 12 +++-- 17 files changed, 194 insertions(+), 102 deletions(-) diff --git a/csharp/ql/test/library-tests/controlflow/graph/BasicBlock.expected b/csharp/ql/test/library-tests/controlflow/graph/BasicBlock.expected index b3ea35fe7e4..623b5404f78 100644 --- a/csharp/ql/test/library-tests/controlflow/graph/BasicBlock.expected +++ b/csharp/ql/test/library-tests/controlflow/graph/BasicBlock.expected @@ -377,8 +377,8 @@ | Conditions.cs:143:10:143:12 | exit M11 (normal) | Conditions.cs:143:10:143:12 | exit M11 | 2 | | Conditions.cs:145:21:145:23 | [b (line 143): true] "a" | Conditions.cs:146:13:146:13 | [b (line 143): true] access to parameter b | 5 | | Conditions.cs:145:27:145:29 | [b (line 143): false] "b" | Conditions.cs:146:13:146:13 | [b (line 143): false] access to parameter b | 5 | -| Conditions.cs:147:13:147:49 | ...; | Conditions.cs:147:13:147:48 | call to method WriteLine | 5 | -| Conditions.cs:149:13:149:49 | ...; | Conditions.cs:149:13:149:48 | call to method WriteLine | 5 | +| Conditions.cs:147:13:147:49 | ...; | Conditions.cs:147:13:147:48 | call to method WriteLine | 6 | +| Conditions.cs:149:13:149:49 | ...; | Conditions.cs:149:13:149:48 | call to method WriteLine | 6 | | ExitMethods.cs:6:7:6:17 | enter ExitMethods | ExitMethods.cs:6:7:6:17 | exit ExitMethods | 5 | | ExitMethods.cs:8:10:8:11 | enter M1 | ExitMethods.cs:8:10:8:11 | exit M1 | 8 | | ExitMethods.cs:14:10:14:11 | enter M2 | ExitMethods.cs:14:10:14:11 | exit M2 | 8 | @@ -859,11 +859,11 @@ | Patterns.cs:5:10:5:11 | enter M1 | Patterns.cs:8:18:8:23 | Int32 i1 | 8 | | Patterns.cs:8:13:8:23 | [false] ... is ... | Patterns.cs:8:13:8:23 | [false] ... is ... | 1 | | Patterns.cs:8:13:8:23 | [true] ... is ... | Patterns.cs:8:13:8:23 | [true] ... is ... | 1 | -| Patterns.cs:9:9:11:9 | {...} | Patterns.cs:10:13:10:42 | call to method WriteLine | 6 | +| Patterns.cs:9:9:11:9 | {...} | Patterns.cs:10:13:10:42 | call to method WriteLine | 7 | | Patterns.cs:12:14:18:9 | if (...) ... | Patterns.cs:12:23:12:31 | String s1 | 3 | | Patterns.cs:12:18:12:31 | [false] ... is ... | Patterns.cs:12:18:12:31 | [false] ... is ... | 1 | | Patterns.cs:12:18:12:31 | [true] ... is ... | Patterns.cs:12:18:12:31 | [true] ... is ... | 1 | -| Patterns.cs:13:9:15:9 | {...} | Patterns.cs:14:13:14:45 | call to method WriteLine | 6 | +| Patterns.cs:13:9:15:9 | {...} | Patterns.cs:14:13:14:45 | call to method WriteLine | 7 | | Patterns.cs:16:14:18:9 | if (...) ... | Patterns.cs:16:23:16:28 | Object v1 | 3 | | Patterns.cs:16:18:16:28 | [false] ... is ... | Patterns.cs:16:18:16:28 | [false] ... is ... | 1 | | Patterns.cs:16:18:16:28 | [true] ... is ... | Patterns.cs:16:18:16:28 | [true] ... is ... | 1 | @@ -872,11 +872,11 @@ | Patterns.cs:23:17:23:22 | break; | Patterns.cs:23:17:23:22 | break; | 1 | | Patterns.cs:24:13:24:36 | case ...: | Patterns.cs:24:18:24:23 | Int32 i2 | 2 | | Patterns.cs:24:30:24:31 | access to local variable i2 | Patterns.cs:24:30:24:35 | ... > ... | 3 | -| Patterns.cs:25:17:25:52 | ...; | Patterns.cs:26:17:26:22 | break; | 6 | +| Patterns.cs:25:17:25:52 | ...; | Patterns.cs:26:17:26:22 | break; | 7 | | Patterns.cs:27:13:27:24 | case ...: | Patterns.cs:27:18:27:23 | Int32 i3 | 2 | -| Patterns.cs:28:17:28:47 | ...; | Patterns.cs:29:17:29:22 | break; | 6 | +| Patterns.cs:28:17:28:47 | ...; | Patterns.cs:29:17:29:22 | break; | 7 | | Patterns.cs:30:13:30:27 | case ...: | Patterns.cs:30:18:30:26 | String s2 | 2 | -| Patterns.cs:31:17:31:50 | ...; | Patterns.cs:32:17:32:22 | break; | 6 | +| Patterns.cs:31:17:31:50 | ...; | Patterns.cs:32:17:32:22 | break; | 7 | | Patterns.cs:33:13:33:24 | case ...: | Patterns.cs:33:18:33:23 | Object v2 | 2 | | Patterns.cs:34:17:34:22 | break; | Patterns.cs:34:17:34:22 | break; | 1 | | Patterns.cs:35:13:35:20 | default: | Patterns.cs:37:17:37:22 | break; | 5 | @@ -1076,8 +1076,8 @@ | Switch.cs:156:36:156:38 | "a" | Switch.cs:156:28:156:38 | ... => ... | 2 | | Switch.cs:156:41:156:45 | false | Switch.cs:156:41:156:45 | false | 1 | | Switch.cs:156:50:156:52 | "b" | Switch.cs:156:41:156:52 | ... => ... | 2 | -| Switch.cs:158:13:158:49 | ...; | Switch.cs:158:13:158:48 | call to method WriteLine | 5 | -| Switch.cs:160:13:160:49 | ...; | Switch.cs:160:13:160:48 | call to method WriteLine | 5 | +| Switch.cs:158:13:158:49 | ...; | Switch.cs:158:13:158:48 | call to method WriteLine | 6 | +| Switch.cs:160:13:160:49 | ...; | Switch.cs:160:13:160:48 | call to method WriteLine | 6 | | TypeAccesses.cs:1:7:1:18 | enter TypeAccesses | TypeAccesses.cs:1:7:1:18 | exit TypeAccesses | 5 | | TypeAccesses.cs:3:10:3:10 | enter M | TypeAccesses.cs:7:18:7:22 | Int32 j | 13 | | TypeAccesses.cs:7:13:7:22 | [false] ... is ... | TypeAccesses.cs:7:13:7:22 | [false] ... is ... | 1 | diff --git a/csharp/ql/test/library-tests/controlflow/graph/Dominance.expected b/csharp/ql/test/library-tests/controlflow/graph/Dominance.expected index 7706539ad30..b2d70066068 100644 --- a/csharp/ql/test/library-tests/controlflow/graph/Dominance.expected +++ b/csharp/ql/test/library-tests/controlflow/graph/Dominance.expected @@ -1527,11 +1527,13 @@ dominance | Conditions.cs:147:13:147:49 | ...; | Conditions.cs:147:40:147:43 | "a = " | | Conditions.cs:147:38:147:47 | $"..." | Conditions.cs:147:13:147:48 | call to method WriteLine | | Conditions.cs:147:40:147:43 | "a = " | Conditions.cs:147:45:147:45 | access to local variable s | -| Conditions.cs:147:45:147:45 | access to local variable s | Conditions.cs:147:38:147:47 | $"..." | +| Conditions.cs:147:44:147:46 | {...} | Conditions.cs:147:38:147:47 | $"..." | +| Conditions.cs:147:45:147:45 | access to local variable s | Conditions.cs:147:44:147:46 | {...} | | Conditions.cs:149:13:149:49 | ...; | Conditions.cs:149:40:149:43 | "b = " | | Conditions.cs:149:38:149:47 | $"..." | Conditions.cs:149:13:149:48 | call to method WriteLine | | Conditions.cs:149:40:149:43 | "b = " | Conditions.cs:149:45:149:45 | access to local variable s | -| Conditions.cs:149:45:149:45 | access to local variable s | Conditions.cs:149:38:149:47 | $"..." | +| Conditions.cs:149:44:149:46 | {...} | Conditions.cs:149:38:149:47 | $"..." | +| Conditions.cs:149:45:149:45 | access to local variable s | Conditions.cs:149:44:149:46 | {...} | | ExitMethods.cs:6:7:6:17 | call to constructor Object | ExitMethods.cs:6:7:6:17 | {...} | | ExitMethods.cs:6:7:6:17 | enter ExitMethods | ExitMethods.cs:6:7:6:17 | call to constructor Object | | ExitMethods.cs:6:7:6:17 | exit ExitMethods (normal) | ExitMethods.cs:6:7:6:17 | exit ExitMethods | @@ -3147,7 +3149,8 @@ dominance | Patterns.cs:10:13:10:43 | ...; | Patterns.cs:10:33:10:36 | "int " | | Patterns.cs:10:31:10:41 | $"..." | Patterns.cs:10:13:10:42 | call to method WriteLine | | Patterns.cs:10:33:10:36 | "int " | Patterns.cs:10:38:10:39 | access to local variable i1 | -| Patterns.cs:10:38:10:39 | access to local variable i1 | Patterns.cs:10:31:10:41 | $"..." | +| Patterns.cs:10:37:10:40 | {...} | Patterns.cs:10:31:10:41 | $"..." | +| Patterns.cs:10:38:10:39 | access to local variable i1 | Patterns.cs:10:37:10:40 | {...} | | Patterns.cs:12:14:18:9 | if (...) ... | Patterns.cs:12:18:12:18 | access to local variable o | | Patterns.cs:12:18:12:18 | access to local variable o | Patterns.cs:12:23:12:31 | String s1 | | Patterns.cs:12:18:12:31 | [false] ... is ... | Patterns.cs:16:14:18:9 | if (...) ... | @@ -3158,7 +3161,8 @@ dominance | Patterns.cs:14:13:14:46 | ...; | Patterns.cs:14:33:14:39 | "string " | | Patterns.cs:14:31:14:44 | $"..." | Patterns.cs:14:13:14:45 | call to method WriteLine | | Patterns.cs:14:33:14:39 | "string " | Patterns.cs:14:41:14:42 | access to local variable s1 | -| Patterns.cs:14:41:14:42 | access to local variable s1 | Patterns.cs:14:31:14:44 | $"..." | +| Patterns.cs:14:40:14:43 | {...} | Patterns.cs:14:31:14:44 | $"..." | +| Patterns.cs:14:41:14:42 | access to local variable s1 | Patterns.cs:14:40:14:43 | {...} | | Patterns.cs:16:14:18:9 | if (...) ... | Patterns.cs:16:18:16:18 | access to local variable o | | Patterns.cs:16:18:16:18 | access to local variable o | Patterns.cs:16:23:16:28 | Object v1 | | Patterns.cs:16:18:16:28 | [true] ... is ... | Patterns.cs:17:9:18:9 | {...} | @@ -3179,7 +3183,8 @@ dominance | Patterns.cs:25:17:25:52 | ...; | Patterns.cs:25:37:25:45 | "positive " | | Patterns.cs:25:35:25:50 | $"..." | Patterns.cs:25:17:25:51 | call to method WriteLine | | Patterns.cs:25:37:25:45 | "positive " | Patterns.cs:25:47:25:48 | access to local variable i2 | -| Patterns.cs:25:47:25:48 | access to local variable i2 | Patterns.cs:25:35:25:50 | $"..." | +| Patterns.cs:25:46:25:49 | {...} | Patterns.cs:25:35:25:50 | $"..." | +| Patterns.cs:25:47:25:48 | access to local variable i2 | Patterns.cs:25:46:25:49 | {...} | | Patterns.cs:27:13:27:24 | case ...: | Patterns.cs:27:18:27:23 | Int32 i3 | | Patterns.cs:27:18:27:23 | Int32 i3 | Patterns.cs:28:17:28:47 | ...; | | Patterns.cs:27:18:27:23 | Int32 i3 | Patterns.cs:30:13:30:27 | case ...: | @@ -3187,7 +3192,8 @@ dominance | Patterns.cs:28:17:28:47 | ...; | Patterns.cs:28:37:28:40 | "int " | | Patterns.cs:28:35:28:45 | $"..." | Patterns.cs:28:17:28:46 | call to method WriteLine | | Patterns.cs:28:37:28:40 | "int " | Patterns.cs:28:42:28:43 | access to local variable i3 | -| Patterns.cs:28:42:28:43 | access to local variable i3 | Patterns.cs:28:35:28:45 | $"..." | +| Patterns.cs:28:41:28:44 | {...} | Patterns.cs:28:35:28:45 | $"..." | +| Patterns.cs:28:42:28:43 | access to local variable i3 | Patterns.cs:28:41:28:44 | {...} | | Patterns.cs:30:13:30:27 | case ...: | Patterns.cs:30:18:30:26 | String s2 | | Patterns.cs:30:18:30:26 | String s2 | Patterns.cs:31:17:31:50 | ...; | | Patterns.cs:30:18:30:26 | String s2 | Patterns.cs:33:13:33:24 | case ...: | @@ -3195,7 +3201,8 @@ dominance | Patterns.cs:31:17:31:50 | ...; | Patterns.cs:31:37:31:43 | "string " | | Patterns.cs:31:35:31:48 | $"..." | Patterns.cs:31:17:31:49 | call to method WriteLine | | Patterns.cs:31:37:31:43 | "string " | Patterns.cs:31:45:31:46 | access to local variable s2 | -| Patterns.cs:31:45:31:46 | access to local variable s2 | Patterns.cs:31:35:31:48 | $"..." | +| Patterns.cs:31:44:31:47 | {...} | Patterns.cs:31:35:31:48 | $"..." | +| Patterns.cs:31:45:31:46 | access to local variable s2 | Patterns.cs:31:44:31:47 | {...} | | Patterns.cs:33:13:33:24 | case ...: | Patterns.cs:33:18:33:23 | Object v2 | | Patterns.cs:33:18:33:23 | Object v2 | Patterns.cs:34:17:34:22 | break; | | Patterns.cs:33:18:33:23 | Object v2 | Patterns.cs:35:13:35:20 | default: | @@ -3664,11 +3671,13 @@ dominance | Switch.cs:158:13:158:49 | ...; | Switch.cs:158:40:158:43 | "a = " | | Switch.cs:158:38:158:47 | $"..." | Switch.cs:158:13:158:48 | call to method WriteLine | | Switch.cs:158:40:158:43 | "a = " | Switch.cs:158:45:158:45 | access to local variable s | -| Switch.cs:158:45:158:45 | access to local variable s | Switch.cs:158:38:158:47 | $"..." | +| Switch.cs:158:44:158:46 | {...} | Switch.cs:158:38:158:47 | $"..." | +| Switch.cs:158:45:158:45 | access to local variable s | Switch.cs:158:44:158:46 | {...} | | Switch.cs:160:13:160:49 | ...; | Switch.cs:160:40:160:43 | "b = " | | Switch.cs:160:38:160:47 | $"..." | Switch.cs:160:13:160:48 | call to method WriteLine | | Switch.cs:160:40:160:43 | "b = " | Switch.cs:160:45:160:45 | access to local variable s | -| Switch.cs:160:45:160:45 | access to local variable s | Switch.cs:160:38:160:47 | $"..." | +| Switch.cs:160:44:160:46 | {...} | Switch.cs:160:38:160:47 | $"..." | +| Switch.cs:160:45:160:45 | access to local variable s | Switch.cs:160:44:160:46 | {...} | | TypeAccesses.cs:1:7:1:18 | call to constructor Object | TypeAccesses.cs:1:7:1:18 | {...} | | TypeAccesses.cs:1:7:1:18 | enter TypeAccesses | TypeAccesses.cs:1:7:1:18 | call to constructor Object | | TypeAccesses.cs:1:7:1:18 | exit TypeAccesses (normal) | TypeAccesses.cs:1:7:1:18 | exit TypeAccesses | @@ -5858,13 +5867,15 @@ postDominance | Conditions.cs:146:13:146:13 | [b (line 143): true] access to parameter b | Conditions.cs:146:9:149:49 | [b (line 143): true] if (...) ... | | Conditions.cs:147:13:147:48 | call to method WriteLine | Conditions.cs:147:38:147:47 | $"..." | | Conditions.cs:147:13:147:49 | ...; | Conditions.cs:146:13:146:13 | [b (line 143): true] access to parameter b | -| Conditions.cs:147:38:147:47 | $"..." | Conditions.cs:147:45:147:45 | access to local variable s | +| Conditions.cs:147:38:147:47 | $"..." | Conditions.cs:147:44:147:46 | {...} | | Conditions.cs:147:40:147:43 | "a = " | Conditions.cs:147:13:147:49 | ...; | +| Conditions.cs:147:44:147:46 | {...} | Conditions.cs:147:45:147:45 | access to local variable s | | Conditions.cs:147:45:147:45 | access to local variable s | Conditions.cs:147:40:147:43 | "a = " | | Conditions.cs:149:13:149:48 | call to method WriteLine | Conditions.cs:149:38:149:47 | $"..." | | Conditions.cs:149:13:149:49 | ...; | Conditions.cs:146:13:146:13 | [b (line 143): false] access to parameter b | -| Conditions.cs:149:38:149:47 | $"..." | Conditions.cs:149:45:149:45 | access to local variable s | +| Conditions.cs:149:38:149:47 | $"..." | Conditions.cs:149:44:149:46 | {...} | | Conditions.cs:149:40:149:43 | "b = " | Conditions.cs:149:13:149:49 | ...; | +| Conditions.cs:149:44:149:46 | {...} | Conditions.cs:149:45:149:45 | access to local variable s | | Conditions.cs:149:45:149:45 | access to local variable s | Conditions.cs:149:40:149:43 | "b = " | | ExitMethods.cs:6:7:6:17 | call to constructor Object | ExitMethods.cs:6:7:6:17 | enter ExitMethods | | ExitMethods.cs:6:7:6:17 | exit ExitMethods | ExitMethods.cs:6:7:6:17 | exit ExitMethods (normal) | @@ -7341,8 +7352,9 @@ postDominance | Patterns.cs:9:9:11:9 | {...} | Patterns.cs:8:13:8:23 | [true] ... is ... | | Patterns.cs:10:13:10:42 | call to method WriteLine | Patterns.cs:10:31:10:41 | $"..." | | Patterns.cs:10:13:10:43 | ...; | Patterns.cs:9:9:11:9 | {...} | -| Patterns.cs:10:31:10:41 | $"..." | Patterns.cs:10:38:10:39 | access to local variable i1 | +| Patterns.cs:10:31:10:41 | $"..." | Patterns.cs:10:37:10:40 | {...} | | Patterns.cs:10:33:10:36 | "int " | Patterns.cs:10:13:10:43 | ...; | +| Patterns.cs:10:37:10:40 | {...} | Patterns.cs:10:38:10:39 | access to local variable i1 | | Patterns.cs:10:38:10:39 | access to local variable i1 | Patterns.cs:10:33:10:36 | "int " | | Patterns.cs:12:14:18:9 | if (...) ... | Patterns.cs:8:13:8:23 | [false] ... is ... | | Patterns.cs:12:18:12:18 | access to local variable o | Patterns.cs:12:14:18:9 | if (...) ... | @@ -7350,8 +7362,9 @@ postDominance | Patterns.cs:13:9:15:9 | {...} | Patterns.cs:12:18:12:31 | [true] ... is ... | | Patterns.cs:14:13:14:45 | call to method WriteLine | Patterns.cs:14:31:14:44 | $"..." | | Patterns.cs:14:13:14:46 | ...; | Patterns.cs:13:9:15:9 | {...} | -| Patterns.cs:14:31:14:44 | $"..." | Patterns.cs:14:41:14:42 | access to local variable s1 | +| Patterns.cs:14:31:14:44 | $"..." | Patterns.cs:14:40:14:43 | {...} | | Patterns.cs:14:33:14:39 | "string " | Patterns.cs:14:13:14:46 | ...; | +| Patterns.cs:14:40:14:43 | {...} | Patterns.cs:14:41:14:42 | access to local variable s1 | | Patterns.cs:14:41:14:42 | access to local variable s1 | Patterns.cs:14:33:14:39 | "string " | | Patterns.cs:16:14:18:9 | if (...) ... | Patterns.cs:12:18:12:31 | [false] ... is ... | | Patterns.cs:16:18:16:18 | access to local variable o | Patterns.cs:16:14:18:9 | if (...) ... | @@ -7368,20 +7381,23 @@ postDominance | Patterns.cs:24:30:24:35 | ... > ... | Patterns.cs:24:35:24:35 | 0 | | Patterns.cs:24:35:24:35 | 0 | Patterns.cs:24:30:24:31 | access to local variable i2 | | Patterns.cs:25:17:25:51 | call to method WriteLine | Patterns.cs:25:35:25:50 | $"..." | -| Patterns.cs:25:35:25:50 | $"..." | Patterns.cs:25:47:25:48 | access to local variable i2 | +| Patterns.cs:25:35:25:50 | $"..." | Patterns.cs:25:46:25:49 | {...} | | Patterns.cs:25:37:25:45 | "positive " | Patterns.cs:25:17:25:52 | ...; | +| Patterns.cs:25:46:25:49 | {...} | Patterns.cs:25:47:25:48 | access to local variable i2 | | Patterns.cs:25:47:25:48 | access to local variable i2 | Patterns.cs:25:37:25:45 | "positive " | | Patterns.cs:26:17:26:22 | break; | Patterns.cs:25:17:25:51 | call to method WriteLine | | Patterns.cs:27:18:27:23 | Int32 i3 | Patterns.cs:27:13:27:24 | case ...: | | Patterns.cs:28:17:28:46 | call to method WriteLine | Patterns.cs:28:35:28:45 | $"..." | -| Patterns.cs:28:35:28:45 | $"..." | Patterns.cs:28:42:28:43 | access to local variable i3 | +| Patterns.cs:28:35:28:45 | $"..." | Patterns.cs:28:41:28:44 | {...} | | Patterns.cs:28:37:28:40 | "int " | Patterns.cs:28:17:28:47 | ...; | +| Patterns.cs:28:41:28:44 | {...} | Patterns.cs:28:42:28:43 | access to local variable i3 | | Patterns.cs:28:42:28:43 | access to local variable i3 | Patterns.cs:28:37:28:40 | "int " | | Patterns.cs:29:17:29:22 | break; | Patterns.cs:28:17:28:46 | call to method WriteLine | | Patterns.cs:30:18:30:26 | String s2 | Patterns.cs:30:13:30:27 | case ...: | | Patterns.cs:31:17:31:49 | call to method WriteLine | Patterns.cs:31:35:31:48 | $"..." | -| Patterns.cs:31:35:31:48 | $"..." | Patterns.cs:31:45:31:46 | access to local variable s2 | +| Patterns.cs:31:35:31:48 | $"..." | Patterns.cs:31:44:31:47 | {...} | | Patterns.cs:31:37:31:43 | "string " | Patterns.cs:31:17:31:50 | ...; | +| Patterns.cs:31:44:31:47 | {...} | Patterns.cs:31:45:31:46 | access to local variable s2 | | Patterns.cs:31:45:31:46 | access to local variable s2 | Patterns.cs:31:37:31:43 | "string " | | Patterns.cs:32:17:32:22 | break; | Patterns.cs:31:17:31:49 | call to method WriteLine | | Patterns.cs:33:18:33:23 | Object v2 | Patterns.cs:33:13:33:24 | case ...: | @@ -7829,12 +7845,14 @@ postDominance | Switch.cs:157:9:160:49 | if (...) ... | Switch.cs:156:13:156:54 | String s = ... | | Switch.cs:157:13:157:13 | access to parameter b | Switch.cs:157:9:160:49 | if (...) ... | | Switch.cs:158:13:158:48 | call to method WriteLine | Switch.cs:158:38:158:47 | $"..." | -| Switch.cs:158:38:158:47 | $"..." | Switch.cs:158:45:158:45 | access to local variable s | +| Switch.cs:158:38:158:47 | $"..." | Switch.cs:158:44:158:46 | {...} | | Switch.cs:158:40:158:43 | "a = " | Switch.cs:158:13:158:49 | ...; | +| Switch.cs:158:44:158:46 | {...} | Switch.cs:158:45:158:45 | access to local variable s | | Switch.cs:158:45:158:45 | access to local variable s | Switch.cs:158:40:158:43 | "a = " | | Switch.cs:160:13:160:48 | call to method WriteLine | Switch.cs:160:38:160:47 | $"..." | -| Switch.cs:160:38:160:47 | $"..." | Switch.cs:160:45:160:45 | access to local variable s | +| Switch.cs:160:38:160:47 | $"..." | Switch.cs:160:44:160:46 | {...} | | Switch.cs:160:40:160:43 | "b = " | Switch.cs:160:13:160:49 | ...; | +| Switch.cs:160:44:160:46 | {...} | Switch.cs:160:45:160:45 | access to local variable s | | Switch.cs:160:45:160:45 | access to local variable s | Switch.cs:160:40:160:43 | "b = " | | TypeAccesses.cs:1:7:1:18 | call to constructor Object | TypeAccesses.cs:1:7:1:18 | enter TypeAccesses | | TypeAccesses.cs:1:7:1:18 | exit TypeAccesses | TypeAccesses.cs:1:7:1:18 | exit TypeAccesses (normal) | diff --git a/csharp/ql/test/library-tests/controlflow/graph/EnclosingCallable.expected b/csharp/ql/test/library-tests/controlflow/graph/EnclosingCallable.expected index 4f208361ea1..57e393adc39 100644 --- a/csharp/ql/test/library-tests/controlflow/graph/EnclosingCallable.expected +++ b/csharp/ql/test/library-tests/controlflow/graph/EnclosingCallable.expected @@ -1642,11 +1642,13 @@ nodeEnclosing | Conditions.cs:147:13:147:49 | ...; | Conditions.cs:143:10:143:12 | M11 | | Conditions.cs:147:38:147:47 | $"..." | Conditions.cs:143:10:143:12 | M11 | | Conditions.cs:147:40:147:43 | "a = " | Conditions.cs:143:10:143:12 | M11 | +| Conditions.cs:147:44:147:46 | {...} | Conditions.cs:143:10:143:12 | M11 | | Conditions.cs:147:45:147:45 | access to local variable s | Conditions.cs:143:10:143:12 | M11 | | Conditions.cs:149:13:149:48 | call to method WriteLine | Conditions.cs:143:10:143:12 | M11 | | Conditions.cs:149:13:149:49 | ...; | Conditions.cs:143:10:143:12 | M11 | | Conditions.cs:149:38:149:47 | $"..." | Conditions.cs:143:10:143:12 | M11 | | Conditions.cs:149:40:149:43 | "b = " | Conditions.cs:143:10:143:12 | M11 | +| Conditions.cs:149:44:149:46 | {...} | Conditions.cs:143:10:143:12 | M11 | | Conditions.cs:149:45:149:45 | access to local variable s | Conditions.cs:143:10:143:12 | M11 | | ExitMethods.cs:6:7:6:17 | call to constructor Object | ExitMethods.cs:6:7:6:17 | ExitMethods | | ExitMethods.cs:6:7:6:17 | enter ExitMethods | ExitMethods.cs:6:7:6:17 | ExitMethods | @@ -3436,6 +3438,7 @@ nodeEnclosing | Patterns.cs:10:13:10:43 | ...; | Patterns.cs:5:10:5:11 | M1 | | Patterns.cs:10:31:10:41 | $"..." | Patterns.cs:5:10:5:11 | M1 | | Patterns.cs:10:33:10:36 | "int " | Patterns.cs:5:10:5:11 | M1 | +| Patterns.cs:10:37:10:40 | {...} | Patterns.cs:5:10:5:11 | M1 | | Patterns.cs:10:38:10:39 | access to local variable i1 | Patterns.cs:5:10:5:11 | M1 | | Patterns.cs:12:14:18:9 | if (...) ... | Patterns.cs:5:10:5:11 | M1 | | Patterns.cs:12:18:12:18 | access to local variable o | Patterns.cs:5:10:5:11 | M1 | @@ -3447,6 +3450,7 @@ nodeEnclosing | Patterns.cs:14:13:14:46 | ...; | Patterns.cs:5:10:5:11 | M1 | | Patterns.cs:14:31:14:44 | $"..." | Patterns.cs:5:10:5:11 | M1 | | Patterns.cs:14:33:14:39 | "string " | Patterns.cs:5:10:5:11 | M1 | +| Patterns.cs:14:40:14:43 | {...} | Patterns.cs:5:10:5:11 | M1 | | Patterns.cs:14:41:14:42 | access to local variable s1 | Patterns.cs:5:10:5:11 | M1 | | Patterns.cs:16:14:18:9 | if (...) ... | Patterns.cs:5:10:5:11 | M1 | | Patterns.cs:16:18:16:18 | access to local variable o | Patterns.cs:5:10:5:11 | M1 | @@ -3468,6 +3472,7 @@ nodeEnclosing | Patterns.cs:25:17:25:52 | ...; | Patterns.cs:5:10:5:11 | M1 | | Patterns.cs:25:35:25:50 | $"..." | Patterns.cs:5:10:5:11 | M1 | | Patterns.cs:25:37:25:45 | "positive " | Patterns.cs:5:10:5:11 | M1 | +| Patterns.cs:25:46:25:49 | {...} | Patterns.cs:5:10:5:11 | M1 | | Patterns.cs:25:47:25:48 | access to local variable i2 | Patterns.cs:5:10:5:11 | M1 | | Patterns.cs:26:17:26:22 | break; | Patterns.cs:5:10:5:11 | M1 | | Patterns.cs:27:13:27:24 | case ...: | Patterns.cs:5:10:5:11 | M1 | @@ -3476,6 +3481,7 @@ nodeEnclosing | Patterns.cs:28:17:28:47 | ...; | Patterns.cs:5:10:5:11 | M1 | | Patterns.cs:28:35:28:45 | $"..." | Patterns.cs:5:10:5:11 | M1 | | Patterns.cs:28:37:28:40 | "int " | Patterns.cs:5:10:5:11 | M1 | +| Patterns.cs:28:41:28:44 | {...} | Patterns.cs:5:10:5:11 | M1 | | Patterns.cs:28:42:28:43 | access to local variable i3 | Patterns.cs:5:10:5:11 | M1 | | Patterns.cs:29:17:29:22 | break; | Patterns.cs:5:10:5:11 | M1 | | Patterns.cs:30:13:30:27 | case ...: | Patterns.cs:5:10:5:11 | M1 | @@ -3484,6 +3490,7 @@ nodeEnclosing | Patterns.cs:31:17:31:50 | ...; | Patterns.cs:5:10:5:11 | M1 | | Patterns.cs:31:35:31:48 | $"..." | Patterns.cs:5:10:5:11 | M1 | | Patterns.cs:31:37:31:43 | "string " | Patterns.cs:5:10:5:11 | M1 | +| Patterns.cs:31:44:31:47 | {...} | Patterns.cs:5:10:5:11 | M1 | | Patterns.cs:31:45:31:46 | access to local variable s2 | Patterns.cs:5:10:5:11 | M1 | | Patterns.cs:32:17:32:22 | break; | Patterns.cs:5:10:5:11 | M1 | | Patterns.cs:33:13:33:24 | case ...: | Patterns.cs:5:10:5:11 | M1 | @@ -4014,11 +4021,13 @@ nodeEnclosing | Switch.cs:158:13:158:49 | ...; | Switch.cs:154:10:154:12 | M15 | | Switch.cs:158:38:158:47 | $"..." | Switch.cs:154:10:154:12 | M15 | | Switch.cs:158:40:158:43 | "a = " | Switch.cs:154:10:154:12 | M15 | +| Switch.cs:158:44:158:46 | {...} | Switch.cs:154:10:154:12 | M15 | | Switch.cs:158:45:158:45 | access to local variable s | Switch.cs:154:10:154:12 | M15 | | Switch.cs:160:13:160:48 | call to method WriteLine | Switch.cs:154:10:154:12 | M15 | | Switch.cs:160:13:160:49 | ...; | Switch.cs:154:10:154:12 | M15 | | Switch.cs:160:38:160:47 | $"..." | Switch.cs:154:10:154:12 | M15 | | Switch.cs:160:40:160:43 | "b = " | Switch.cs:154:10:154:12 | M15 | +| Switch.cs:160:44:160:46 | {...} | Switch.cs:154:10:154:12 | M15 | | Switch.cs:160:45:160:45 | access to local variable s | Switch.cs:154:10:154:12 | M15 | | TypeAccesses.cs:1:7:1:18 | call to constructor Object | TypeAccesses.cs:1:7:1:18 | TypeAccesses | | TypeAccesses.cs:1:7:1:18 | enter TypeAccesses | TypeAccesses.cs:1:7:1:18 | TypeAccesses | diff --git a/csharp/ql/test/library-tests/controlflow/graph/EntryElement.expected b/csharp/ql/test/library-tests/controlflow/graph/EntryElement.expected index fddab21f2b6..cc26ecf7c8e 100644 --- a/csharp/ql/test/library-tests/controlflow/graph/EntryElement.expected +++ b/csharp/ql/test/library-tests/controlflow/graph/EntryElement.expected @@ -1158,11 +1158,13 @@ | Conditions.cs:147:13:147:49 | ...; | Conditions.cs:147:13:147:49 | ...; | | Conditions.cs:147:38:147:47 | $"..." | Conditions.cs:147:40:147:43 | "a = " | | Conditions.cs:147:40:147:43 | "a = " | Conditions.cs:147:40:147:43 | "a = " | +| Conditions.cs:147:44:147:46 | {...} | Conditions.cs:147:45:147:45 | access to local variable s | | Conditions.cs:147:45:147:45 | access to local variable s | Conditions.cs:147:45:147:45 | access to local variable s | | Conditions.cs:149:13:149:48 | call to method WriteLine | Conditions.cs:149:40:149:43 | "b = " | | Conditions.cs:149:13:149:49 | ...; | Conditions.cs:149:13:149:49 | ...; | | Conditions.cs:149:38:149:47 | $"..." | Conditions.cs:149:40:149:43 | "b = " | | Conditions.cs:149:40:149:43 | "b = " | Conditions.cs:149:40:149:43 | "b = " | +| Conditions.cs:149:44:149:46 | {...} | Conditions.cs:149:45:149:45 | access to local variable s | | Conditions.cs:149:45:149:45 | access to local variable s | Conditions.cs:149:45:149:45 | access to local variable s | | ExitMethods.cs:6:7:6:17 | call to constructor Object | ExitMethods.cs:6:7:6:17 | call to constructor Object | | ExitMethods.cs:6:7:6:17 | {...} | ExitMethods.cs:6:7:6:17 | {...} | @@ -2238,6 +2240,7 @@ | Patterns.cs:10:13:10:43 | ...; | Patterns.cs:10:13:10:43 | ...; | | Patterns.cs:10:31:10:41 | $"..." | Patterns.cs:10:33:10:36 | "int " | | Patterns.cs:10:33:10:36 | "int " | Patterns.cs:10:33:10:36 | "int " | +| Patterns.cs:10:37:10:40 | {...} | Patterns.cs:10:38:10:39 | access to local variable i1 | | Patterns.cs:10:38:10:39 | access to local variable i1 | Patterns.cs:10:38:10:39 | access to local variable i1 | | Patterns.cs:12:14:18:9 | if (...) ... | Patterns.cs:12:14:18:9 | if (...) ... | | Patterns.cs:12:18:12:18 | access to local variable o | Patterns.cs:12:18:12:18 | access to local variable o | @@ -2248,6 +2251,7 @@ | Patterns.cs:14:13:14:46 | ...; | Patterns.cs:14:13:14:46 | ...; | | Patterns.cs:14:31:14:44 | $"..." | Patterns.cs:14:33:14:39 | "string " | | Patterns.cs:14:33:14:39 | "string " | Patterns.cs:14:33:14:39 | "string " | +| Patterns.cs:14:40:14:43 | {...} | Patterns.cs:14:41:14:42 | access to local variable s1 | | Patterns.cs:14:41:14:42 | access to local variable s1 | Patterns.cs:14:41:14:42 | access to local variable s1 | | Patterns.cs:16:14:18:9 | if (...) ... | Patterns.cs:16:14:18:9 | if (...) ... | | Patterns.cs:16:18:16:18 | access to local variable o | Patterns.cs:16:18:16:18 | access to local variable o | @@ -2268,6 +2272,7 @@ | Patterns.cs:25:17:25:52 | ...; | Patterns.cs:25:17:25:52 | ...; | | Patterns.cs:25:35:25:50 | $"..." | Patterns.cs:25:37:25:45 | "positive " | | Patterns.cs:25:37:25:45 | "positive " | Patterns.cs:25:37:25:45 | "positive " | +| Patterns.cs:25:46:25:49 | {...} | Patterns.cs:25:47:25:48 | access to local variable i2 | | Patterns.cs:25:47:25:48 | access to local variable i2 | Patterns.cs:25:47:25:48 | access to local variable i2 | | Patterns.cs:26:17:26:22 | break; | Patterns.cs:26:17:26:22 | break; | | Patterns.cs:27:13:27:24 | case ...: | Patterns.cs:27:13:27:24 | case ...: | @@ -2276,6 +2281,7 @@ | Patterns.cs:28:17:28:47 | ...; | Patterns.cs:28:17:28:47 | ...; | | Patterns.cs:28:35:28:45 | $"..." | Patterns.cs:28:37:28:40 | "int " | | Patterns.cs:28:37:28:40 | "int " | Patterns.cs:28:37:28:40 | "int " | +| Patterns.cs:28:41:28:44 | {...} | Patterns.cs:28:42:28:43 | access to local variable i3 | | Patterns.cs:28:42:28:43 | access to local variable i3 | Patterns.cs:28:42:28:43 | access to local variable i3 | | Patterns.cs:29:17:29:22 | break; | Patterns.cs:29:17:29:22 | break; | | Patterns.cs:30:13:30:27 | case ...: | Patterns.cs:30:13:30:27 | case ...: | @@ -2284,6 +2290,7 @@ | Patterns.cs:31:17:31:50 | ...; | Patterns.cs:31:17:31:50 | ...; | | Patterns.cs:31:35:31:48 | $"..." | Patterns.cs:31:37:31:43 | "string " | | Patterns.cs:31:37:31:43 | "string " | Patterns.cs:31:37:31:43 | "string " | +| Patterns.cs:31:44:31:47 | {...} | Patterns.cs:31:45:31:46 | access to local variable s2 | | Patterns.cs:31:45:31:46 | access to local variable s2 | Patterns.cs:31:45:31:46 | access to local variable s2 | | Patterns.cs:32:17:32:22 | break; | Patterns.cs:32:17:32:22 | break; | | Patterns.cs:33:13:33:24 | case ...: | Patterns.cs:33:13:33:24 | case ...: | @@ -2696,11 +2703,13 @@ | Switch.cs:158:13:158:49 | ...; | Switch.cs:158:13:158:49 | ...; | | Switch.cs:158:38:158:47 | $"..." | Switch.cs:158:40:158:43 | "a = " | | Switch.cs:158:40:158:43 | "a = " | Switch.cs:158:40:158:43 | "a = " | +| Switch.cs:158:44:158:46 | {...} | Switch.cs:158:45:158:45 | access to local variable s | | Switch.cs:158:45:158:45 | access to local variable s | Switch.cs:158:45:158:45 | access to local variable s | | Switch.cs:160:13:160:48 | call to method WriteLine | Switch.cs:160:40:160:43 | "b = " | | Switch.cs:160:13:160:49 | ...; | Switch.cs:160:13:160:49 | ...; | | Switch.cs:160:38:160:47 | $"..." | Switch.cs:160:40:160:43 | "b = " | | Switch.cs:160:40:160:43 | "b = " | Switch.cs:160:40:160:43 | "b = " | +| Switch.cs:160:44:160:46 | {...} | Switch.cs:160:45:160:45 | access to local variable s | | Switch.cs:160:45:160:45 | access to local variable s | Switch.cs:160:45:160:45 | access to local variable s | | TypeAccesses.cs:1:7:1:18 | call to constructor Object | TypeAccesses.cs:1:7:1:18 | call to constructor Object | | TypeAccesses.cs:1:7:1:18 | {...} | TypeAccesses.cs:1:7:1:18 | {...} | diff --git a/csharp/ql/test/library-tests/controlflow/graph/ExitElement.expected b/csharp/ql/test/library-tests/controlflow/graph/ExitElement.expected index 81ee139f6a6..bc47b5b3fa2 100644 --- a/csharp/ql/test/library-tests/controlflow/graph/ExitElement.expected +++ b/csharp/ql/test/library-tests/controlflow/graph/ExitElement.expected @@ -1452,11 +1452,13 @@ | Conditions.cs:147:13:147:49 | ...; | Conditions.cs:147:13:147:48 | call to method WriteLine | normal | | Conditions.cs:147:38:147:47 | $"..." | Conditions.cs:147:38:147:47 | $"..." | normal | | Conditions.cs:147:40:147:43 | "a = " | Conditions.cs:147:40:147:43 | "a = " | normal | +| Conditions.cs:147:44:147:46 | {...} | Conditions.cs:147:44:147:46 | {...} | normal | | Conditions.cs:147:45:147:45 | access to local variable s | Conditions.cs:147:45:147:45 | access to local variable s | normal | | Conditions.cs:149:13:149:48 | call to method WriteLine | Conditions.cs:149:13:149:48 | call to method WriteLine | normal | | Conditions.cs:149:13:149:49 | ...; | Conditions.cs:149:13:149:48 | call to method WriteLine | normal | | Conditions.cs:149:38:149:47 | $"..." | Conditions.cs:149:38:149:47 | $"..." | normal | | Conditions.cs:149:40:149:43 | "b = " | Conditions.cs:149:40:149:43 | "b = " | normal | +| Conditions.cs:149:44:149:46 | {...} | Conditions.cs:149:44:149:46 | {...} | normal | | Conditions.cs:149:45:149:45 | access to local variable s | Conditions.cs:149:45:149:45 | access to local variable s | normal | | ExitMethods.cs:6:7:6:17 | call to constructor Object | ExitMethods.cs:6:7:6:17 | call to constructor Object | normal | | ExitMethods.cs:6:7:6:17 | {...} | ExitMethods.cs:6:7:6:17 | {...} | normal | @@ -2911,6 +2913,7 @@ | Patterns.cs:10:13:10:43 | ...; | Patterns.cs:10:13:10:42 | call to method WriteLine | normal | | Patterns.cs:10:31:10:41 | $"..." | Patterns.cs:10:31:10:41 | $"..." | normal | | Patterns.cs:10:33:10:36 | "int " | Patterns.cs:10:33:10:36 | "int " | normal | +| Patterns.cs:10:37:10:40 | {...} | Patterns.cs:10:37:10:40 | {...} | normal | | Patterns.cs:10:38:10:39 | access to local variable i1 | Patterns.cs:10:38:10:39 | access to local variable i1 | normal | | Patterns.cs:12:14:18:9 | if (...) ... | Patterns.cs:14:13:14:45 | call to method WriteLine | normal | | Patterns.cs:12:14:18:9 | if (...) ... | Patterns.cs:16:18:16:28 | ... is ... | false | @@ -2925,6 +2928,7 @@ | Patterns.cs:14:13:14:46 | ...; | Patterns.cs:14:13:14:45 | call to method WriteLine | normal | | Patterns.cs:14:31:14:44 | $"..." | Patterns.cs:14:31:14:44 | $"..." | normal | | Patterns.cs:14:33:14:39 | "string " | Patterns.cs:14:33:14:39 | "string " | normal | +| Patterns.cs:14:40:14:43 | {...} | Patterns.cs:14:40:14:43 | {...} | normal | | Patterns.cs:14:41:14:42 | access to local variable s1 | Patterns.cs:14:41:14:42 | access to local variable s1 | normal | | Patterns.cs:16:14:18:9 | if (...) ... | Patterns.cs:16:18:16:28 | ... is ... | false | | Patterns.cs:16:14:18:9 | if (...) ... | Patterns.cs:17:9:18:9 | {...} | normal | @@ -2959,6 +2963,7 @@ | Patterns.cs:25:17:25:52 | ...; | Patterns.cs:25:17:25:51 | call to method WriteLine | normal | | Patterns.cs:25:35:25:50 | $"..." | Patterns.cs:25:35:25:50 | $"..." | normal | | Patterns.cs:25:37:25:45 | "positive " | Patterns.cs:25:37:25:45 | "positive " | normal | +| Patterns.cs:25:46:25:49 | {...} | Patterns.cs:25:46:25:49 | {...} | normal | | Patterns.cs:25:47:25:48 | access to local variable i2 | Patterns.cs:25:47:25:48 | access to local variable i2 | normal | | Patterns.cs:26:17:26:22 | break; | Patterns.cs:26:17:26:22 | break; | break | | Patterns.cs:27:13:27:24 | case ...: | Patterns.cs:27:18:27:23 | Int32 i3 | no-match | @@ -2969,6 +2974,7 @@ | Patterns.cs:28:17:28:47 | ...; | Patterns.cs:28:17:28:46 | call to method WriteLine | normal | | Patterns.cs:28:35:28:45 | $"..." | Patterns.cs:28:35:28:45 | $"..." | normal | | Patterns.cs:28:37:28:40 | "int " | Patterns.cs:28:37:28:40 | "int " | normal | +| Patterns.cs:28:41:28:44 | {...} | Patterns.cs:28:41:28:44 | {...} | normal | | Patterns.cs:28:42:28:43 | access to local variable i3 | Patterns.cs:28:42:28:43 | access to local variable i3 | normal | | Patterns.cs:29:17:29:22 | break; | Patterns.cs:29:17:29:22 | break; | break | | Patterns.cs:30:13:30:27 | case ...: | Patterns.cs:30:18:30:26 | String s2 | no-match | @@ -2979,6 +2985,7 @@ | Patterns.cs:31:17:31:50 | ...; | Patterns.cs:31:17:31:49 | call to method WriteLine | normal | | Patterns.cs:31:35:31:48 | $"..." | Patterns.cs:31:35:31:48 | $"..." | normal | | Patterns.cs:31:37:31:43 | "string " | Patterns.cs:31:37:31:43 | "string " | normal | +| Patterns.cs:31:44:31:47 | {...} | Patterns.cs:31:44:31:47 | {...} | normal | | Patterns.cs:31:45:31:46 | access to local variable s2 | Patterns.cs:31:45:31:46 | access to local variable s2 | normal | | Patterns.cs:32:17:32:22 | break; | Patterns.cs:32:17:32:22 | break; | break | | Patterns.cs:33:13:33:24 | case ...: | Patterns.cs:33:18:33:23 | Object v2 | no-match | @@ -3566,11 +3573,13 @@ | Switch.cs:158:13:158:49 | ...; | Switch.cs:158:13:158:48 | call to method WriteLine | normal | | Switch.cs:158:38:158:47 | $"..." | Switch.cs:158:38:158:47 | $"..." | normal | | Switch.cs:158:40:158:43 | "a = " | Switch.cs:158:40:158:43 | "a = " | normal | +| Switch.cs:158:44:158:46 | {...} | Switch.cs:158:44:158:46 | {...} | normal | | Switch.cs:158:45:158:45 | access to local variable s | Switch.cs:158:45:158:45 | access to local variable s | normal | | Switch.cs:160:13:160:48 | call to method WriteLine | Switch.cs:160:13:160:48 | call to method WriteLine | normal | | Switch.cs:160:13:160:49 | ...; | Switch.cs:160:13:160:48 | call to method WriteLine | normal | | Switch.cs:160:38:160:47 | $"..." | Switch.cs:160:38:160:47 | $"..." | normal | | Switch.cs:160:40:160:43 | "b = " | Switch.cs:160:40:160:43 | "b = " | normal | +| Switch.cs:160:44:160:46 | {...} | Switch.cs:160:44:160:46 | {...} | normal | | Switch.cs:160:45:160:45 | access to local variable s | Switch.cs:160:45:160:45 | access to local variable s | normal | | TypeAccesses.cs:1:7:1:18 | call to constructor Object | TypeAccesses.cs:1:7:1:18 | call to constructor Object | normal | | TypeAccesses.cs:1:7:1:18 | {...} | TypeAccesses.cs:1:7:1:18 | {...} | normal | diff --git a/csharp/ql/test/library-tests/controlflow/graph/NodeGraph.expected b/csharp/ql/test/library-tests/controlflow/graph/NodeGraph.expected index 0ae9a8a1e35..5b3860e04ed 100644 --- a/csharp/ql/test/library-tests/controlflow/graph/NodeGraph.expected +++ b/csharp/ql/test/library-tests/controlflow/graph/NodeGraph.expected @@ -1679,12 +1679,14 @@ | Conditions.cs:147:13:147:49 | ...; | Conditions.cs:147:40:147:43 | "a = " | | | Conditions.cs:147:38:147:47 | $"..." | Conditions.cs:147:13:147:48 | call to method WriteLine | | | Conditions.cs:147:40:147:43 | "a = " | Conditions.cs:147:45:147:45 | access to local variable s | | -| Conditions.cs:147:45:147:45 | access to local variable s | Conditions.cs:147:38:147:47 | $"..." | | +| Conditions.cs:147:44:147:46 | {...} | Conditions.cs:147:38:147:47 | $"..." | | +| Conditions.cs:147:45:147:45 | access to local variable s | Conditions.cs:147:44:147:46 | {...} | | | Conditions.cs:149:13:149:48 | call to method WriteLine | Conditions.cs:143:10:143:12 | exit M11 (normal) | | | Conditions.cs:149:13:149:49 | ...; | Conditions.cs:149:40:149:43 | "b = " | | | Conditions.cs:149:38:149:47 | $"..." | Conditions.cs:149:13:149:48 | call to method WriteLine | | | Conditions.cs:149:40:149:43 | "b = " | Conditions.cs:149:45:149:45 | access to local variable s | | -| Conditions.cs:149:45:149:45 | access to local variable s | Conditions.cs:149:38:149:47 | $"..." | | +| Conditions.cs:149:44:149:46 | {...} | Conditions.cs:149:38:149:47 | $"..." | | +| Conditions.cs:149:45:149:45 | access to local variable s | Conditions.cs:149:44:149:46 | {...} | | | ExitMethods.cs:6:7:6:17 | call to constructor Object | ExitMethods.cs:6:7:6:17 | {...} | | | ExitMethods.cs:6:7:6:17 | enter ExitMethods | ExitMethods.cs:6:7:6:17 | call to constructor Object | | | ExitMethods.cs:6:7:6:17 | exit ExitMethods (normal) | ExitMethods.cs:6:7:6:17 | exit ExitMethods | | @@ -3528,7 +3530,8 @@ | Patterns.cs:10:13:10:43 | ...; | Patterns.cs:10:33:10:36 | "int " | | | Patterns.cs:10:31:10:41 | $"..." | Patterns.cs:10:13:10:42 | call to method WriteLine | | | Patterns.cs:10:33:10:36 | "int " | Patterns.cs:10:38:10:39 | access to local variable i1 | | -| Patterns.cs:10:38:10:39 | access to local variable i1 | Patterns.cs:10:31:10:41 | $"..." | | +| Patterns.cs:10:37:10:40 | {...} | Patterns.cs:10:31:10:41 | $"..." | | +| Patterns.cs:10:38:10:39 | access to local variable i1 | Patterns.cs:10:37:10:40 | {...} | | | Patterns.cs:12:14:18:9 | if (...) ... | Patterns.cs:12:18:12:18 | access to local variable o | | | Patterns.cs:12:18:12:18 | access to local variable o | Patterns.cs:12:23:12:31 | String s1 | | | Patterns.cs:12:18:12:31 | [false] ... is ... | Patterns.cs:16:14:18:9 | if (...) ... | false | @@ -3540,7 +3543,8 @@ | Patterns.cs:14:13:14:46 | ...; | Patterns.cs:14:33:14:39 | "string " | | | Patterns.cs:14:31:14:44 | $"..." | Patterns.cs:14:13:14:45 | call to method WriteLine | | | Patterns.cs:14:33:14:39 | "string " | Patterns.cs:14:41:14:42 | access to local variable s1 | | -| Patterns.cs:14:41:14:42 | access to local variable s1 | Patterns.cs:14:31:14:44 | $"..." | | +| Patterns.cs:14:40:14:43 | {...} | Patterns.cs:14:31:14:44 | $"..." | | +| Patterns.cs:14:41:14:42 | access to local variable s1 | Patterns.cs:14:40:14:43 | {...} | | | Patterns.cs:16:14:18:9 | if (...) ... | Patterns.cs:16:18:16:18 | access to local variable o | | | Patterns.cs:16:18:16:18 | access to local variable o | Patterns.cs:16:23:16:28 | Object v1 | | | Patterns.cs:16:18:16:28 | [false] ... is ... | Patterns.cs:20:9:38:9 | switch (...) {...} | false | @@ -3565,7 +3569,8 @@ | Patterns.cs:25:17:25:52 | ...; | Patterns.cs:25:37:25:45 | "positive " | | | Patterns.cs:25:35:25:50 | $"..." | Patterns.cs:25:17:25:51 | call to method WriteLine | | | Patterns.cs:25:37:25:45 | "positive " | Patterns.cs:25:47:25:48 | access to local variable i2 | | -| Patterns.cs:25:47:25:48 | access to local variable i2 | Patterns.cs:25:35:25:50 | $"..." | | +| Patterns.cs:25:46:25:49 | {...} | Patterns.cs:25:35:25:50 | $"..." | | +| Patterns.cs:25:47:25:48 | access to local variable i2 | Patterns.cs:25:46:25:49 | {...} | | | Patterns.cs:26:17:26:22 | break; | Patterns.cs:40:9:42:9 | switch (...) {...} | break | | Patterns.cs:27:13:27:24 | case ...: | Patterns.cs:27:18:27:23 | Int32 i3 | | | Patterns.cs:27:18:27:23 | Int32 i3 | Patterns.cs:28:17:28:47 | ...; | match | @@ -3574,7 +3579,8 @@ | Patterns.cs:28:17:28:47 | ...; | Patterns.cs:28:37:28:40 | "int " | | | Patterns.cs:28:35:28:45 | $"..." | Patterns.cs:28:17:28:46 | call to method WriteLine | | | Patterns.cs:28:37:28:40 | "int " | Patterns.cs:28:42:28:43 | access to local variable i3 | | -| Patterns.cs:28:42:28:43 | access to local variable i3 | Patterns.cs:28:35:28:45 | $"..." | | +| Patterns.cs:28:41:28:44 | {...} | Patterns.cs:28:35:28:45 | $"..." | | +| Patterns.cs:28:42:28:43 | access to local variable i3 | Patterns.cs:28:41:28:44 | {...} | | | Patterns.cs:29:17:29:22 | break; | Patterns.cs:40:9:42:9 | switch (...) {...} | break | | Patterns.cs:30:13:30:27 | case ...: | Patterns.cs:30:18:30:26 | String s2 | | | Patterns.cs:30:18:30:26 | String s2 | Patterns.cs:31:17:31:50 | ...; | match | @@ -3583,7 +3589,8 @@ | Patterns.cs:31:17:31:50 | ...; | Patterns.cs:31:37:31:43 | "string " | | | Patterns.cs:31:35:31:48 | $"..." | Patterns.cs:31:17:31:49 | call to method WriteLine | | | Patterns.cs:31:37:31:43 | "string " | Patterns.cs:31:45:31:46 | access to local variable s2 | | -| Patterns.cs:31:45:31:46 | access to local variable s2 | Patterns.cs:31:35:31:48 | $"..." | | +| Patterns.cs:31:44:31:47 | {...} | Patterns.cs:31:35:31:48 | $"..." | | +| Patterns.cs:31:45:31:46 | access to local variable s2 | Patterns.cs:31:44:31:47 | {...} | | | Patterns.cs:32:17:32:22 | break; | Patterns.cs:40:9:42:9 | switch (...) {...} | break | | Patterns.cs:33:13:33:24 | case ...: | Patterns.cs:33:18:33:23 | Object v2 | | | Patterns.cs:33:18:33:23 | Object v2 | Patterns.cs:34:17:34:22 | break; | match | @@ -4130,12 +4137,14 @@ | Switch.cs:158:13:158:49 | ...; | Switch.cs:158:40:158:43 | "a = " | | | Switch.cs:158:38:158:47 | $"..." | Switch.cs:158:13:158:48 | call to method WriteLine | | | Switch.cs:158:40:158:43 | "a = " | Switch.cs:158:45:158:45 | access to local variable s | | -| Switch.cs:158:45:158:45 | access to local variable s | Switch.cs:158:38:158:47 | $"..." | | +| Switch.cs:158:44:158:46 | {...} | Switch.cs:158:38:158:47 | $"..." | | +| Switch.cs:158:45:158:45 | access to local variable s | Switch.cs:158:44:158:46 | {...} | | | Switch.cs:160:13:160:48 | call to method WriteLine | Switch.cs:154:10:154:12 | exit M15 (normal) | | | Switch.cs:160:13:160:49 | ...; | Switch.cs:160:40:160:43 | "b = " | | | Switch.cs:160:38:160:47 | $"..." | Switch.cs:160:13:160:48 | call to method WriteLine | | | Switch.cs:160:40:160:43 | "b = " | Switch.cs:160:45:160:45 | access to local variable s | | -| Switch.cs:160:45:160:45 | access to local variable s | Switch.cs:160:38:160:47 | $"..." | | +| Switch.cs:160:44:160:46 | {...} | Switch.cs:160:38:160:47 | $"..." | | +| Switch.cs:160:45:160:45 | access to local variable s | Switch.cs:160:44:160:46 | {...} | | | TypeAccesses.cs:1:7:1:18 | call to constructor Object | TypeAccesses.cs:1:7:1:18 | {...} | | | TypeAccesses.cs:1:7:1:18 | enter TypeAccesses | TypeAccesses.cs:1:7:1:18 | call to constructor Object | | | TypeAccesses.cs:1:7:1:18 | exit TypeAccesses (normal) | TypeAccesses.cs:1:7:1:18 | exit TypeAccesses | | diff --git a/csharp/ql/test/library-tests/csharp11/PrintAst.expected b/csharp/ql/test/library-tests/csharp11/PrintAst.expected index b10e2096489..3a3f4497423 100644 --- a/csharp/ql/test/library-tests/csharp11/PrintAst.expected +++ b/csharp/ql/test/library-tests/csharp11/PrintAst.expected @@ -1332,14 +1332,15 @@ Strings.cs: # 8| 0: [ReturnStmt] return ...; # 8| 0: [InterpolatedStringExpr] $"..." # 8| 0: [StringLiteralUtf16] "This is my int " -# 8| 1: [SwitchExpr] ... switch { ... } -# 8| -1: [ParameterAccess] access to parameter x -# 10| 0: [SwitchCaseExpr] ... => ... -# 10| 0: [ConstantPatternExpr,IntLiteral] 42 -# 10| 2: [StringLiteralUtf16] "forty two" -# 11| 1: [SwitchCaseExpr] ... => ... -# 11| 0: [DiscardPatternExpr] _ -# 11| 2: [StringLiteralUtf16] "something else" +# 8| 1: [InterpolatedStringInsertExpr] {...} +# 8| 0: [SwitchExpr] ... switch { ... } +# 8| -1: [ParameterAccess] access to parameter x +# 10| 0: [SwitchCaseExpr] ... => ... +# 10| 0: [ConstantPatternExpr,IntLiteral] 42 +# 10| 2: [StringLiteralUtf16] "forty two" +# 11| 1: [SwitchCaseExpr] ... => ... +# 11| 0: [DiscardPatternExpr] _ +# 11| 2: [StringLiteralUtf16] "something else" # 12| 2: [StringLiteralUtf16] "." # 15| 6: [Method] M2 # 15| -1: [TypeMention] Void @@ -1359,7 +1360,8 @@ Strings.cs: # 26| 1: [InterpolatedStringExpr] $"..." # 27| 0: [StringLiteralUtf16] "The nested message # 27| is \"" -# 28| 1: [LocalVariableAccess] access to local variable message1 +# 28| 1: [InterpolatedStringInsertExpr] {...} +# 28| 0: [LocalVariableAccess] access to local variable message1 # 28| 2: [StringLiteralUtf16] "\" and everything # 28| spans multiple lines." # 33| 2: [LocalVariableDeclStmt] ... ...; @@ -1368,10 +1370,12 @@ Strings.cs: # 33| 0: [LocalVariableAccess] access to local variable message3 # 33| 1: [InterpolatedStringExpr] $"..." # 34| 0: [StringLiteralUtf16] "Show no curly braces: " -# 34| 1: [LocalVariableAccess] access to local variable message1 +# 34| 1: [InterpolatedStringInsertExpr] {...} +# 34| 0: [LocalVariableAccess] access to local variable message1 # 34| 2: [StringLiteralUtf16] " # 34| Show matching set of curly braces: {" -# 35| 3: [LocalVariableAccess] access to local variable message2 +# 35| 3: [InterpolatedStringInsertExpr] {...} +# 35| 0: [LocalVariableAccess] access to local variable message2 # 35| 4: [StringLiteralUtf16] "}" # 40| 7: [Method] M3 # 40| -1: [TypeMention] Void diff --git a/csharp/ql/test/library-tests/csharp6/InterpolatedStringExpr.expected b/csharp/ql/test/library-tests/csharp6/InterpolatedStringExpr.expected index d10365546bd..a7c904f5686 100644 --- a/csharp/ql/test/library-tests/csharp6/InterpolatedStringExpr.expected +++ b/csharp/ql/test/library-tests/csharp6/InterpolatedStringExpr.expected @@ -1,14 +1,14 @@ -| csharp6.cs:25:23:25:96 | $"..." | csharp6.cs:25:26:25:36 | nameof(...) | +| csharp6.cs:25:23:25:96 | $"..." | csharp6.cs:25:25:25:37 | {...} | | csharp6.cs:25:23:25:96 | $"..." | csharp6.cs:25:38:25:41 | " is " | -| csharp6.cs:25:23:25:96 | $"..." | csharp6.cs:25:43:25:45 | access to local variable foo | +| csharp6.cs:25:23:25:96 | $"..." | csharp6.cs:25:42:25:46 | {...} | | csharp6.cs:25:23:25:96 | $"..." | csharp6.cs:25:47:25:52 | ", and " | -| csharp6.cs:25:23:25:96 | $"..." | csharp6.cs:25:54:25:64 | nameof(...) | +| csharp6.cs:25:23:25:96 | $"..." | csharp6.cs:25:53:25:65 | {...} | | csharp6.cs:25:23:25:96 | $"..." | csharp6.cs:25:66:25:77 | " has length " | -| csharp6.cs:25:23:25:96 | $"..." | csharp6.cs:25:79:25:94 | ... ?? ... | -| csharp6.cs:27:16:27:90 | $"..." | csharp6.cs:27:20:27:30 | nameof(...) | +| csharp6.cs:25:23:25:96 | $"..." | csharp6.cs:25:78:25:95 | {...} | +| csharp6.cs:27:16:27:90 | $"..." | csharp6.cs:27:19:27:31 | {...} | | csharp6.cs:27:16:27:90 | $"..." | csharp6.cs:27:32:27:35 | " is " | -| csharp6.cs:27:16:27:90 | $"..." | csharp6.cs:27:37:27:39 | access to local variable foo | +| csharp6.cs:27:16:27:90 | $"..." | csharp6.cs:27:36:27:40 | {...} | | csharp6.cs:27:16:27:90 | $"..." | csharp6.cs:27:41:27:46 | ", and " | -| csharp6.cs:27:16:27:90 | $"..." | csharp6.cs:27:48:27:58 | nameof(...) | +| csharp6.cs:27:16:27:90 | $"..." | csharp6.cs:27:47:27:59 | {...} | | csharp6.cs:27:16:27:90 | $"..." | csharp6.cs:27:60:27:71 | " has length " | -| csharp6.cs:27:16:27:90 | $"..." | csharp6.cs:27:73:27:88 | ... ?? ... | +| csharp6.cs:27:16:27:90 | $"..." | csharp6.cs:27:72:27:89 | {...} | diff --git a/csharp/ql/test/library-tests/csharp6/PrintAst.expected b/csharp/ql/test/library-tests/csharp6/PrintAst.expected index 892ad6dd4b1..424a18bcb02 100644 --- a/csharp/ql/test/library-tests/csharp6/PrintAst.expected +++ b/csharp/ql/test/library-tests/csharp6/PrintAst.expected @@ -30,33 +30,41 @@ csharp6.cs: # 25| 1: [ExprStmt] ...; # 25| 0: [MethodCall] call to method WriteLine # 25| 0: [InterpolatedStringExpr] $"..." -# 25| 0: [NameOfExpr] nameof(...) -# 25| 0: [LocalVariableAccess] access to local variable foo +# 25| 0: [InterpolatedStringInsertExpr] {...} +# 25| 0: [NameOfExpr] nameof(...) +# 25| 0: [LocalVariableAccess] access to local variable foo # 25| 1: [StringLiteralUtf16] " is " -# 25| 2: [LocalVariableAccess] access to local variable foo +# 25| 2: [InterpolatedStringInsertExpr] {...} +# 25| 0: [LocalVariableAccess] access to local variable foo # 25| 3: [StringLiteralUtf16] ", and " -# 25| 4: [NameOfExpr] nameof(...) -# 25| 0: [LocalVariableAccess] access to local variable bar +# 25| 4: [InterpolatedStringInsertExpr] {...} +# 25| 0: [NameOfExpr] nameof(...) +# 25| 0: [LocalVariableAccess] access to local variable bar # 25| 5: [StringLiteralUtf16] " has length " -# 25| 6: [NullCoalescingExpr] ... ?? ... -# 25| 0: [PropertyCall] access to property Length -# 25| -1: [LocalVariableAccess] access to local variable bar -# 25| 1: [IntLiteral] 0 +# 25| 6: [InterpolatedStringInsertExpr] {...} +# 25| 0: [NullCoalescingExpr] ... ?? ... +# 25| 0: [PropertyCall] access to property Length +# 25| -1: [LocalVariableAccess] access to local variable bar +# 25| 1: [IntLiteral] 0 # 27| 2: [ExprStmt] ...; # 27| 0: [MethodCall] call to method Fn # 27| 0: [InterpolatedStringExpr] $"..." -# 27| 0: [NameOfExpr] nameof(...) -# 27| 0: [LocalVariableAccess] access to local variable foo +# 27| 0: [InterpolatedStringInsertExpr] {...} +# 27| 0: [NameOfExpr] nameof(...) +# 27| 0: [LocalVariableAccess] access to local variable foo # 27| 1: [StringLiteralUtf16] " is " -# 27| 2: [LocalVariableAccess] access to local variable foo +# 27| 2: [InterpolatedStringInsertExpr] {...} +# 27| 0: [LocalVariableAccess] access to local variable foo # 27| 3: [StringLiteralUtf16] ", and " -# 27| 4: [NameOfExpr] nameof(...) -# 27| 0: [LocalVariableAccess] access to local variable bar +# 27| 4: [InterpolatedStringInsertExpr] {...} +# 27| 0: [NameOfExpr] nameof(...) +# 27| 0: [LocalVariableAccess] access to local variable bar # 27| 5: [StringLiteralUtf16] " has length " -# 27| 6: [NullCoalescingExpr] ... ?? ... -# 27| 0: [PropertyCall] access to property Length -# 27| -1: [LocalVariableAccess] access to local variable bar -# 27| 1: [IntLiteral] 0 +# 27| 6: [InterpolatedStringInsertExpr] {...} +# 27| 0: [NullCoalescingExpr] ... ?? ... +# 27| 0: [PropertyCall] access to property Length +# 27| -1: [LocalVariableAccess] access to local variable bar +# 27| 1: [IntLiteral] 0 # 29| 3: [LocalVariableDeclStmt] ... ...; # 29| 0: [LocalVariableDeclAndInitExpr] Nullable anythingInBar = ... # 29| -1: [TypeMention] bool? diff --git a/csharp/ql/test/library-tests/csharp7.3/PrintAst.expected b/csharp/ql/test/library-tests/csharp7.3/PrintAst.expected index d55d5d279ad..70bfee85c04 100644 --- a/csharp/ql/test/library-tests/csharp7.3/PrintAst.expected +++ b/csharp/ql/test/library-tests/csharp7.3/PrintAst.expected @@ -110,4 +110,5 @@ csharp73.cs: # 51| 0: [TypeMention] Console # 51| 0: [InterpolatedStringExpr] $"..." # 51| 0: [StringLiteralUtf16] "x is " -# 51| 1: [LocalVariableAccess] access to local variable x +# 51| 1: [InterpolatedStringInsertExpr] {...} +# 51| 0: [LocalVariableAccess] access to local variable x diff --git a/csharp/ql/test/library-tests/csharp7/IsFlow.expected b/csharp/ql/test/library-tests/csharp7/IsFlow.expected index b3e28352845..ce37b655bb8 100644 --- a/csharp/ql/test/library-tests/csharp7/IsFlow.expected +++ b/csharp/ql/test/library-tests/csharp7/IsFlow.expected @@ -24,7 +24,8 @@ | CSharp7.cs:255:17:255:45 | ...; | CSharp7.cs:255:37:255:38 | "x " | semmle.label | successor | | CSharp7.cs:255:35:255:43 | $"..." | CSharp7.cs:255:17:255:44 | call to method WriteLine | semmle.label | successor | | CSharp7.cs:255:37:255:38 | "x " | CSharp7.cs:255:40:255:41 | access to local variable s4 | semmle.label | successor | -| CSharp7.cs:255:40:255:41 | access to local variable s4 | CSharp7.cs:255:35:255:43 | $"..." | semmle.label | successor | +| CSharp7.cs:255:39:255:42 | {...} | CSharp7.cs:255:35:255:43 | $"..." | semmle.label | successor | +| CSharp7.cs:255:40:255:41 | access to local variable s4 | CSharp7.cs:255:39:255:42 | {...} | semmle.label | successor | | CSharp7.cs:256:17:256:22 | break; | CSharp7.cs:230:10:230:13 | exit Test (normal) | semmle.label | break | | CSharp7.cs:257:13:257:36 | case ...: | CSharp7.cs:257:18:257:23 | Int32 i2 | semmle.label | successor | | CSharp7.cs:257:18:257:23 | Int32 i2 | CSharp7.cs:257:30:257:31 | access to local variable i2 | semmle.label | match | @@ -37,7 +38,8 @@ | CSharp7.cs:258:17:258:52 | ...; | CSharp7.cs:258:37:258:45 | "positive " | semmle.label | successor | | CSharp7.cs:258:35:258:50 | $"..." | CSharp7.cs:258:17:258:51 | call to method WriteLine | semmle.label | successor | | CSharp7.cs:258:37:258:45 | "positive " | CSharp7.cs:258:47:258:48 | access to local variable i2 | semmle.label | successor | -| CSharp7.cs:258:47:258:48 | access to local variable i2 | CSharp7.cs:258:35:258:50 | $"..." | semmle.label | successor | +| CSharp7.cs:258:46:258:49 | {...} | CSharp7.cs:258:35:258:50 | $"..." | semmle.label | successor | +| CSharp7.cs:258:47:258:48 | access to local variable i2 | CSharp7.cs:258:46:258:49 | {...} | semmle.label | successor | | CSharp7.cs:259:17:259:22 | break; | CSharp7.cs:230:10:230:13 | exit Test (normal) | semmle.label | break | | CSharp7.cs:260:13:260:24 | case ...: | CSharp7.cs:260:18:260:23 | Int32 i3 | semmle.label | successor | | CSharp7.cs:260:18:260:23 | Int32 i3 | CSharp7.cs:261:17:261:47 | ...; | semmle.label | match | @@ -46,7 +48,8 @@ | CSharp7.cs:261:17:261:47 | ...; | CSharp7.cs:261:37:261:40 | "int " | semmle.label | successor | | CSharp7.cs:261:35:261:45 | $"..." | CSharp7.cs:261:17:261:46 | call to method WriteLine | semmle.label | successor | | CSharp7.cs:261:37:261:40 | "int " | CSharp7.cs:261:42:261:43 | access to local variable i3 | semmle.label | successor | -| CSharp7.cs:261:42:261:43 | access to local variable i3 | CSharp7.cs:261:35:261:45 | $"..." | semmle.label | successor | +| CSharp7.cs:261:41:261:44 | {...} | CSharp7.cs:261:35:261:45 | $"..." | semmle.label | successor | +| CSharp7.cs:261:42:261:43 | access to local variable i3 | CSharp7.cs:261:41:261:44 | {...} | semmle.label | successor | | CSharp7.cs:262:17:262:22 | break; | CSharp7.cs:230:10:230:13 | exit Test (normal) | semmle.label | break | | CSharp7.cs:263:13:263:27 | case ...: | CSharp7.cs:263:18:263:26 | String s2 | semmle.label | successor | | CSharp7.cs:263:18:263:26 | String s2 | CSharp7.cs:264:17:264:50 | ...; | semmle.label | match | @@ -55,7 +58,8 @@ | CSharp7.cs:264:17:264:50 | ...; | CSharp7.cs:264:37:264:43 | "string " | semmle.label | successor | | CSharp7.cs:264:35:264:48 | $"..." | CSharp7.cs:264:17:264:49 | call to method WriteLine | semmle.label | successor | | CSharp7.cs:264:37:264:43 | "string " | CSharp7.cs:264:45:264:46 | access to local variable s2 | semmle.label | successor | -| CSharp7.cs:264:45:264:46 | access to local variable s2 | CSharp7.cs:264:35:264:48 | $"..." | semmle.label | successor | +| CSharp7.cs:264:44:264:47 | {...} | CSharp7.cs:264:35:264:48 | $"..." | semmle.label | successor | +| CSharp7.cs:264:45:264:46 | access to local variable s2 | CSharp7.cs:264:44:264:47 | {...} | semmle.label | successor | | CSharp7.cs:265:17:265:22 | break; | CSharp7.cs:230:10:230:13 | exit Test (normal) | semmle.label | break | | CSharp7.cs:266:13:266:26 | case ...: | CSharp7.cs:266:18:266:23 | access to type Double | semmle.label | successor | | CSharp7.cs:266:18:266:23 | access to type Double | CSharp7.cs:267:17:267:44 | ...; | semmle.label | match | diff --git a/csharp/ql/test/library-tests/csharp7/LocalTaintFlow.expected b/csharp/ql/test/library-tests/csharp7/LocalTaintFlow.expected index 4a16e2491df..1bba9f6dd8b 100644 --- a/csharp/ql/test/library-tests/csharp7/LocalTaintFlow.expected +++ b/csharp/ql/test/library-tests/csharp7/LocalTaintFlow.expected @@ -254,7 +254,8 @@ | CSharp7.cs:233:28:233:33 | ... > ... | CSharp7.cs:233:13:233:33 | [true] ... && ... | | CSharp7.cs:235:13:235:42 | [input] SSA phi read(o) | CSharp7.cs:248:9:274:9 | SSA phi read(o) | | CSharp7.cs:235:33:235:36 | "int " | CSharp7.cs:235:31:235:41 | $"..." | -| CSharp7.cs:235:38:235:39 | access to local variable i1 | CSharp7.cs:235:31:235:41 | $"..." | +| CSharp7.cs:235:37:235:40 | {...} | CSharp7.cs:235:31:235:41 | $"..." | +| CSharp7.cs:235:38:235:39 | access to local variable i1 | CSharp7.cs:235:37:235:40 | {...} | | CSharp7.cs:237:18:237:18 | access to local variable o | CSharp7.cs:237:23:237:31 | String s1 | | CSharp7.cs:237:18:237:18 | access to local variable o | CSharp7.cs:239:13:239:45 | [input] SSA phi read(o) | | CSharp7.cs:237:18:237:18 | access to local variable o | CSharp7.cs:241:18:241:18 | access to local variable o | @@ -262,7 +263,8 @@ | CSharp7.cs:237:23:237:31 | String s1 | CSharp7.cs:237:23:237:31 | SSA def(s1) | | CSharp7.cs:239:13:239:45 | [input] SSA phi read(o) | CSharp7.cs:248:9:274:9 | SSA phi read(o) | | CSharp7.cs:239:33:239:39 | "string " | CSharp7.cs:239:31:239:44 | $"..." | -| CSharp7.cs:239:41:239:42 | access to local variable s1 | CSharp7.cs:239:31:239:44 | $"..." | +| CSharp7.cs:239:40:239:43 | {...} | CSharp7.cs:239:31:239:44 | $"..." | +| CSharp7.cs:239:41:239:42 | access to local variable s1 | CSharp7.cs:239:40:239:43 | {...} | | CSharp7.cs:241:18:241:18 | access to local variable o | CSharp7.cs:242:9:243:9 | [input] SSA phi read(o) | | CSharp7.cs:241:18:241:18 | access to local variable o | CSharp7.cs:244:18:244:18 | access to local variable o | | CSharp7.cs:242:9:243:9 | [input] SSA phi read(o) | CSharp7.cs:248:9:274:9 | SSA phi read(o) | @@ -283,21 +285,25 @@ | CSharp7.cs:254:32:254:40 | SSA def(s4) | CSharp7.cs:255:40:255:41 | access to local variable s4 | | CSharp7.cs:254:32:254:40 | String s4 | CSharp7.cs:254:32:254:40 | SSA def(s4) | | CSharp7.cs:255:37:255:38 | "x " | CSharp7.cs:255:35:255:43 | $"..." | -| CSharp7.cs:255:40:255:41 | access to local variable s4 | CSharp7.cs:255:35:255:43 | $"..." | +| CSharp7.cs:255:39:255:42 | {...} | CSharp7.cs:255:35:255:43 | $"..." | +| CSharp7.cs:255:40:255:41 | access to local variable s4 | CSharp7.cs:255:39:255:42 | {...} | | CSharp7.cs:257:18:257:23 | Int32 i2 | CSharp7.cs:257:18:257:23 | SSA def(i2) | | CSharp7.cs:257:18:257:23 | SSA def(i2) | CSharp7.cs:257:30:257:31 | access to local variable i2 | | CSharp7.cs:257:30:257:31 | access to local variable i2 | CSharp7.cs:257:30:257:35 | ... > ... | | CSharp7.cs:257:30:257:31 | access to local variable i2 | CSharp7.cs:258:47:258:48 | access to local variable i2 | | CSharp7.cs:258:37:258:45 | "positive " | CSharp7.cs:258:35:258:50 | $"..." | -| CSharp7.cs:258:47:258:48 | access to local variable i2 | CSharp7.cs:258:35:258:50 | $"..." | +| CSharp7.cs:258:46:258:49 | {...} | CSharp7.cs:258:35:258:50 | $"..." | +| CSharp7.cs:258:47:258:48 | access to local variable i2 | CSharp7.cs:258:46:258:49 | {...} | | CSharp7.cs:260:18:260:23 | Int32 i3 | CSharp7.cs:260:18:260:23 | SSA def(i3) | | CSharp7.cs:260:18:260:23 | SSA def(i3) | CSharp7.cs:261:42:261:43 | access to local variable i3 | | CSharp7.cs:261:37:261:40 | "int " | CSharp7.cs:261:35:261:45 | $"..." | -| CSharp7.cs:261:42:261:43 | access to local variable i3 | CSharp7.cs:261:35:261:45 | $"..." | +| CSharp7.cs:261:41:261:44 | {...} | CSharp7.cs:261:35:261:45 | $"..." | +| CSharp7.cs:261:42:261:43 | access to local variable i3 | CSharp7.cs:261:41:261:44 | {...} | | CSharp7.cs:263:18:263:26 | SSA def(s2) | CSharp7.cs:264:45:264:46 | access to local variable s2 | | CSharp7.cs:263:18:263:26 | String s2 | CSharp7.cs:263:18:263:26 | SSA def(s2) | | CSharp7.cs:264:37:264:43 | "string " | CSharp7.cs:264:35:264:48 | $"..." | -| CSharp7.cs:264:45:264:46 | access to local variable s2 | CSharp7.cs:264:35:264:48 | $"..." | +| CSharp7.cs:264:44:264:47 | {...} | CSharp7.cs:264:35:264:48 | $"..." | +| CSharp7.cs:264:45:264:46 | access to local variable s2 | CSharp7.cs:264:44:264:47 | {...} | | CSharp7.cs:282:13:282:16 | access to local variable dict | CSharp7.cs:282:13:282:48 | SSA def(dict) | | CSharp7.cs:282:13:282:48 | SSA def(dict) | CSharp7.cs:283:20:283:23 | access to local variable dict | | CSharp7.cs:282:20:282:48 | object creation of type Dictionary | CSharp7.cs:282:13:282:16 | access to local variable dict | diff --git a/csharp/ql/test/library-tests/csharp7/PrintAst.expected b/csharp/ql/test/library-tests/csharp7/PrintAst.expected index e5d009e0df6..bf0b07abbeb 100644 --- a/csharp/ql/test/library-tests/csharp7/PrintAst.expected +++ b/csharp/ql/test/library-tests/csharp7/PrintAst.expected @@ -727,7 +727,8 @@ CSharp7.cs: # 235| 0: [TypeMention] Console # 235| 0: [InterpolatedStringExpr] $"..." # 235| 0: [StringLiteralUtf16] "int " -# 235| 1: [LocalVariableAccess] access to local variable i1 +# 235| 1: [InterpolatedStringInsertExpr] {...} +# 235| 0: [LocalVariableAccess] access to local variable i1 # 237| 2: [IfStmt] if (...) ... # 237| 0: [IsExpr] ... is ... # 237| 0: [LocalVariableAccess] access to local variable o @@ -740,7 +741,8 @@ CSharp7.cs: # 239| 0: [TypeMention] Console # 239| 0: [InterpolatedStringExpr] $"..." # 239| 0: [StringLiteralUtf16] "string " -# 239| 1: [LocalVariableAccess] access to local variable s1 +# 239| 1: [InterpolatedStringInsertExpr] {...} +# 239| 0: [LocalVariableAccess] access to local variable s1 # 241| 2: [IfStmt] if (...) ... # 241| 0: [IsExpr] ... is ... # 241| 0: [LocalVariableAccess] access to local variable o @@ -775,7 +777,8 @@ CSharp7.cs: # 255| 0: [TypeMention] Console # 255| 0: [InterpolatedStringExpr] $"..." # 255| 0: [StringLiteralUtf16] "x " -# 255| 1: [LocalVariableAccess] access to local variable s4 +# 255| 1: [InterpolatedStringInsertExpr] {...} +# 255| 0: [LocalVariableAccess] access to local variable s4 # 256| 6: [BreakStmt] break; # 257| 7: [CaseStmt] case ...: # 257| 0: [VariablePatternExpr] Int32 i2 @@ -789,7 +792,8 @@ CSharp7.cs: # 258| 0: [TypeMention] Console # 258| 0: [InterpolatedStringExpr] $"..." # 258| 0: [StringLiteralUtf16] "positive " -# 258| 1: [LocalVariableAccess] access to local variable i2 +# 258| 1: [InterpolatedStringInsertExpr] {...} +# 258| 0: [LocalVariableAccess] access to local variable i2 # 259| 9: [BreakStmt] break; # 260| 10: [CaseStmt] case ...: # 260| 0: [VariablePatternExpr] Int32 i3 @@ -800,7 +804,8 @@ CSharp7.cs: # 261| 0: [TypeMention] Console # 261| 0: [InterpolatedStringExpr] $"..." # 261| 0: [StringLiteralUtf16] "int " -# 261| 1: [LocalVariableAccess] access to local variable i3 +# 261| 1: [InterpolatedStringInsertExpr] {...} +# 261| 0: [LocalVariableAccess] access to local variable i3 # 262| 12: [BreakStmt] break; # 263| 13: [CaseStmt] case ...: # 263| 0: [VariablePatternExpr] String s2 @@ -811,7 +816,8 @@ CSharp7.cs: # 264| 0: [TypeMention] Console # 264| 0: [InterpolatedStringExpr] $"..." # 264| 0: [StringLiteralUtf16] "string " -# 264| 1: [LocalVariableAccess] access to local variable s2 +# 264| 1: [InterpolatedStringInsertExpr] {...} +# 264| 0: [LocalVariableAccess] access to local variable s2 # 265| 15: [BreakStmt] break; # 266| 16: [CaseStmt] case ...: # 266| 0: [TypeAccessPatternExpr] access to type Double diff --git a/csharp/ql/test/library-tests/csharp8/PrintAst.expected b/csharp/ql/test/library-tests/csharp8/PrintAst.expected index c33374e4761..4ec30c915b3 100644 --- a/csharp/ql/test/library-tests/csharp8/PrintAst.expected +++ b/csharp/ql/test/library-tests/csharp8/PrintAst.expected @@ -4,12 +4,14 @@ AlternateInterpolatedStrings.cs: # 5| -1: [TypeMention] string # 5| 1: [InterpolatedStringExpr] $"..." # 5| 0: [StringLiteralUtf16] "C:" -# 5| 1: [IntLiteral] 12 +# 5| 1: [InterpolatedStringInsertExpr] {...} +# 5| 0: [IntLiteral] 12 # 6| 6: [Field] s2 # 6| -1: [TypeMention] string # 6| 1: [InterpolatedStringExpr] $"..." # 6| 0: [StringLiteralUtf16] "C:" -# 6| 1: [IntLiteral] 12 +# 6| 1: [InterpolatedStringInsertExpr] {...} +# 6| 0: [IntLiteral] 12 AsyncStreams.cs: # 6| [Class] AsyncStreams # 8| 5: [Method] Items diff --git a/csharp/ql/test/library-tests/csharp9/PrintAst.expected b/csharp/ql/test/library-tests/csharp9/PrintAst.expected index a1ecbd0a212..e3b89de2009 100644 --- a/csharp/ql/test/library-tests/csharp9/PrintAst.expected +++ b/csharp/ql/test/library-tests/csharp9/PrintAst.expected @@ -1008,8 +1008,9 @@ Record.cs: # 49| 0: [LocalVariableAccess] access to local variable s # 50| 2: [ReturnStmt] return ...; # 50| 0: [InterpolatedStringExpr] $"..." -# 50| 0: [MethodCall] call to method ToString -# 50| -1: [LocalVariableAccess] access to local variable s +# 50| 0: [InterpolatedStringInsertExpr] {...} +# 50| 0: [MethodCall] call to method ToString +# 50| -1: [LocalVariableAccess] access to local variable s # 50| 1: [StringLiteralUtf16] " is a dog" # 54| [RecordClass] R1 # 54| 12: [NEOperator] != diff --git a/csharp/ql/test/library-tests/dataflow/implicittostring/PrintAst.expected b/csharp/ql/test/library-tests/dataflow/implicittostring/PrintAst.expected index bf2a515a889..cd7658f6f5e 100644 --- a/csharp/ql/test/library-tests/dataflow/implicittostring/PrintAst.expected +++ b/csharp/ql/test/library-tests/dataflow/implicittostring/PrintAst.expected @@ -68,8 +68,9 @@ implicitToString.cs: # 32| 0: [LocalVariableAccess] access to local variable x2 # 32| 1: [InterpolatedStringExpr] $"..." # 32| 0: [StringLiteralUtf16] "Hello " -# 32| 1: [MethodCall] call to method ToString -# 32| -1: [LocalVariableAccess] access to local variable x1 +# 32| 1: [InterpolatedStringInsertExpr] {...} +# 32| 0: [MethodCall] call to method ToString +# 32| -1: [LocalVariableAccess] access to local variable x1 # 33| 2: [ExprStmt] ...; # 33| 0: [MethodCall] call to method Sink # 33| 0: [LocalVariableAccess] access to local variable x2 @@ -88,8 +89,9 @@ implicitToString.cs: # 39| 0: [LocalVariableAccess] access to local variable x2 # 39| 1: [InterpolatedStringExpr] $"..." # 39| 0: [StringLiteralUtf16] "Hello " -# 39| 1: [MethodCall] call to method ToString -# 39| -1: [LocalVariableAccess] access to local variable x1 +# 39| 1: [InterpolatedStringInsertExpr] {...} +# 39| 0: [MethodCall] call to method ToString +# 39| -1: [LocalVariableAccess] access to local variable x1 # 40| 2: [ExprStmt] ...; # 40| 0: [MethodCall] call to method Sink # 40| 0: [LocalVariableAccess] access to local variable x2 diff --git a/csharp/ql/test/library-tests/dataflow/local/TaintTrackingStep.expected b/csharp/ql/test/library-tests/dataflow/local/TaintTrackingStep.expected index ea0ae7f9da7..7187280f755 100644 --- a/csharp/ql/test/library-tests/dataflow/local/TaintTrackingStep.expected +++ b/csharp/ql/test/library-tests/dataflow/local/TaintTrackingStep.expected @@ -547,12 +547,14 @@ | LocalDataFlow.cs:273:13:273:36 | SSA def(sink69) | LocalDataFlow.cs:274:15:274:20 | access to local variable sink69 | | LocalDataFlow.cs:273:22:273:36 | $"..." | LocalDataFlow.cs:273:13:273:18 | access to local variable sink69 | | LocalDataFlow.cs:273:24:273:28 | "test " | LocalDataFlow.cs:273:22:273:36 | $"..." | -| LocalDataFlow.cs:273:30:273:34 | access to local variable sink1 | LocalDataFlow.cs:273:22:273:36 | $"..." | +| LocalDataFlow.cs:273:29:273:35 | {...} | LocalDataFlow.cs:273:22:273:36 | $"..." | +| LocalDataFlow.cs:273:30:273:34 | access to local variable sink1 | LocalDataFlow.cs:273:29:273:35 | {...} | | LocalDataFlow.cs:277:9:277:16 | access to local variable nonSink0 | LocalDataFlow.cs:277:9:277:37 | SSA def(nonSink0) | | LocalDataFlow.cs:277:9:277:37 | SSA def(nonSink0) | LocalDataFlow.cs:278:15:278:22 | access to local variable nonSink0 | | LocalDataFlow.cs:277:20:277:37 | $"..." | LocalDataFlow.cs:277:9:277:16 | access to local variable nonSink0 | | LocalDataFlow.cs:277:22:277:26 | "test " | LocalDataFlow.cs:277:20:277:37 | $"..." | -| LocalDataFlow.cs:277:28:277:35 | access to local variable nonSink0 | LocalDataFlow.cs:277:20:277:37 | $"..." | +| LocalDataFlow.cs:277:27:277:36 | {...} | LocalDataFlow.cs:277:20:277:37 | $"..." | +| LocalDataFlow.cs:277:28:277:35 | access to local variable nonSink0 | LocalDataFlow.cs:277:27:277:36 | {...} | | LocalDataFlow.cs:278:15:278:22 | [post] access to local variable nonSink0 | LocalDataFlow.cs:285:31:285:38 | access to local variable nonSink0 | | LocalDataFlow.cs:278:15:278:22 | access to local variable nonSink0 | LocalDataFlow.cs:285:31:285:38 | access to local variable nonSink0 | | LocalDataFlow.cs:281:13:281:18 | access to local variable sink70 | LocalDataFlow.cs:281:13:281:34 | SSA def(sink70) | @@ -1237,8 +1239,10 @@ | Splitting.cs:56:13:56:19 | [b (line 46): true] $"..." | Splitting.cs:56:9:56:9 | access to local variable x | | Splitting.cs:56:15:56:15 | [b (line 46): false] "c" | Splitting.cs:56:13:56:19 | [b (line 46): false] $"..." | | Splitting.cs:56:15:56:15 | [b (line 46): true] "c" | Splitting.cs:56:13:56:19 | [b (line 46): true] $"..." | -| Splitting.cs:56:17:56:17 | [b (line 46): false] access to local variable x | Splitting.cs:56:13:56:19 | [b (line 46): false] $"..." | -| Splitting.cs:56:17:56:17 | [b (line 46): true] access to local variable x | Splitting.cs:56:13:56:19 | [b (line 46): true] $"..." | +| Splitting.cs:56:16:56:18 | [b (line 46): false] {...} | Splitting.cs:56:13:56:19 | [b (line 46): false] $"..." | +| Splitting.cs:56:16:56:18 | [b (line 46): true] {...} | Splitting.cs:56:13:56:19 | [b (line 46): true] $"..." | +| Splitting.cs:56:17:56:17 | [b (line 46): false] access to local variable x | Splitting.cs:56:16:56:18 | [b (line 46): false] {...} | +| Splitting.cs:56:17:56:17 | [b (line 46): true] access to local variable x | Splitting.cs:56:16:56:18 | [b (line 46): true] {...} | | Splitting.cs:57:13:57:24 | [b (line 46): false] access to field Item1 | Splitting.cs:57:9:57:9 | access to local variable x | | Splitting.cs:57:13:57:24 | [b (line 46): true] access to field Item1 | Splitting.cs:57:9:57:9 | access to local variable x | | Splitting.cs:57:17:57:17 | [b (line 46): false] access to local variable y | Splitting.cs:58:27:58:27 | [b (line 46): false] access to local variable y | From acec97db94fe79f3928f5d58b62045436be58f88 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Fri, 21 Mar 2025 13:32:44 +0100 Subject: [PATCH 028/409] C#: Add change-note. --- csharp/ql/lib/change-notes/2025-03-21-string-interpolation.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 csharp/ql/lib/change-notes/2025-03-21-string-interpolation.md diff --git a/csharp/ql/lib/change-notes/2025-03-21-string-interpolation.md b/csharp/ql/lib/change-notes/2025-03-21-string-interpolation.md new file mode 100644 index 00000000000..3507d35b513 --- /dev/null +++ b/csharp/ql/lib/change-notes/2025-03-21-string-interpolation.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* The *alignment* and *format* clauses in string interpolation expressions are now extracted. That is, in `$"Hello {name,align:format}"` *name*, *align* and *format* are extracted as children of the string interpolation *insert* `{name,align:format}`. From d1ef2b50fbedf90d1c3a1c8c0a157f0eb97fe002 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 12 Feb 2025 15:46:16 +0000 Subject: [PATCH 029/409] Rust: Model futures::executor::block_on. --- rust/ql/lib/codeql/rust/frameworks/futures.model.yml | 6 ++++++ .../dataflow/global/inline-flow.expected | 12 ++++++++++++ rust/ql/test/library-tests/dataflow/global/main.rs | 2 +- .../dataflow/global/viableCallable.expected | 2 ++ .../dataflow/local/DataFlowStep.expected | 1 + .../security/CWE-020/RegexInjection.expected | 8 ++++---- 6 files changed, 26 insertions(+), 5 deletions(-) create mode 100644 rust/ql/lib/codeql/rust/frameworks/futures.model.yml diff --git a/rust/ql/lib/codeql/rust/frameworks/futures.model.yml b/rust/ql/lib/codeql/rust/frameworks/futures.model.yml new file mode 100644 index 00000000000..1361ff9aeb2 --- /dev/null +++ b/rust/ql/lib/codeql/rust/frameworks/futures.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/rust-all + extensible: summaryModel + data: + - ["repo:https://github.com/rust-lang/futures-rs:futures-executor", "crate::local_pool::block_on", "Argument[0]", "ReturnValue", "value", "manual"] diff --git a/rust/ql/test/library-tests/dataflow/global/inline-flow.expected b/rust/ql/test/library-tests/dataflow/global/inline-flow.expected index 54b70e0ac12..4a095c7142f 100644 --- a/rust/ql/test/library-tests/dataflow/global/inline-flow.expected +++ b/rust/ql/test/library-tests/dataflow/global/inline-flow.expected @@ -1,4 +1,5 @@ models +| 1 | Summary: repo:https://github.com/rust-lang/futures-rs:futures-executor; crate::local_pool::block_on; Argument[0]; ReturnValue; value | edges | main.rs:12:28:14:1 | { ... } | main.rs:17:13:17:23 | get_data(...) | provenance | | | main.rs:13:5:13:13 | source(...) | main.rs:12:28:14:1 | { ... } | provenance | | @@ -71,10 +72,15 @@ edges | main.rs:161:9:161:9 | d [MyInt] | main.rs:162:10:162:10 | d [MyInt] | provenance | | | main.rs:161:13:161:20 | a.add(...) [MyInt] | main.rs:161:9:161:9 | d [MyInt] | provenance | | | main.rs:162:10:162:10 | d [MyInt] | main.rs:162:10:162:16 | d.value | provenance | | +| main.rs:200:32:204:1 | { ... } | main.rs:219:41:219:54 | async_source(...) | provenance | | +| main.rs:201:9:201:9 | a | main.rs:200:32:204:1 | { ... } | provenance | | | main.rs:201:9:201:9 | a | main.rs:202:10:202:10 | a | provenance | | | main.rs:201:13:201:21 | source(...) | main.rs:201:9:201:9 | a | provenance | | | main.rs:211:13:211:13 | c | main.rs:212:14:212:14 | c | provenance | | | main.rs:211:17:211:25 | source(...) | main.rs:211:13:211:13 | c | provenance | | +| main.rs:219:9:219:9 | a | main.rs:220:10:220:10 | a | provenance | | +| main.rs:219:13:219:55 | ...::block_on(...) | main.rs:219:9:219:9 | a | provenance | | +| main.rs:219:41:219:54 | async_source(...) | main.rs:219:13:219:55 | ...::block_on(...) | provenance | MaD:1 | nodes | main.rs:12:28:14:1 | { ... } | semmle.label | { ... } | | main.rs:13:5:13:13 | source(...) | semmle.label | source(...) | @@ -156,12 +162,17 @@ nodes | main.rs:161:13:161:20 | a.add(...) [MyInt] | semmle.label | a.add(...) [MyInt] | | main.rs:162:10:162:10 | d [MyInt] | semmle.label | d [MyInt] | | main.rs:162:10:162:16 | d.value | semmle.label | d.value | +| main.rs:200:32:204:1 | { ... } | semmle.label | { ... } | | main.rs:201:9:201:9 | a | semmle.label | a | | main.rs:201:13:201:21 | source(...) | semmle.label | source(...) | | main.rs:202:10:202:10 | a | semmle.label | a | | main.rs:211:13:211:13 | c | semmle.label | c | | main.rs:211:17:211:25 | source(...) | semmle.label | source(...) | | main.rs:212:14:212:14 | c | semmle.label | c | +| main.rs:219:9:219:9 | a | semmle.label | a | +| main.rs:219:13:219:55 | ...::block_on(...) | semmle.label | ...::block_on(...) | +| main.rs:219:41:219:54 | async_source(...) | semmle.label | async_source(...) | +| main.rs:220:10:220:10 | a | semmle.label | a | subpaths | main.rs:36:26:36:26 | a | main.rs:30:17:30:22 | ...: i64 | main.rs:30:32:32:1 | { ... } | main.rs:36:13:36:27 | pass_through(...) | | main.rs:41:26:44:5 | { ... } | main.rs:30:17:30:22 | ...: i64 | main.rs:30:32:32:1 | { ... } | main.rs:41:13:44:6 | pass_through(...) | @@ -186,3 +197,4 @@ testFailures | main.rs:162:10:162:16 | d.value | main.rs:159:28:159:36 | source(...) | main.rs:162:10:162:16 | d.value | $@ | main.rs:159:28:159:36 | source(...) | source(...) | | main.rs:202:10:202:10 | a | main.rs:201:13:201:21 | source(...) | main.rs:202:10:202:10 | a | $@ | main.rs:201:13:201:21 | source(...) | source(...) | | main.rs:212:14:212:14 | c | main.rs:211:17:211:25 | source(...) | main.rs:212:14:212:14 | c | $@ | main.rs:211:17:211:25 | source(...) | source(...) | +| main.rs:220:10:220:10 | a | main.rs:201:13:201:21 | source(...) | main.rs:220:10:220:10 | a | $@ | main.rs:201:13:201:21 | source(...) | source(...) | diff --git a/rust/ql/test/library-tests/dataflow/global/main.rs b/rust/ql/test/library-tests/dataflow/global/main.rs index c1e3ee4e838..15a48ba9b78 100644 --- a/rust/ql/test/library-tests/dataflow/global/main.rs +++ b/rust/ql/test/library-tests/dataflow/global/main.rs @@ -217,7 +217,7 @@ async fn test_async_await_async_part() { fn test_async_await() { let a = futures::executor::block_on(async_source()); - sink(a); // $ MISSING: hasValueFlow=1 + sink(a); // $ hasValueFlow=1 futures::executor::block_on(test_async_await_async_part()); } diff --git a/rust/ql/test/library-tests/dataflow/global/viableCallable.expected b/rust/ql/test/library-tests/dataflow/global/viableCallable.expected index 2bbff8e33c3..aa3ae0af021 100644 --- a/rust/ql/test/library-tests/dataflow/global/viableCallable.expected +++ b/rust/ql/test/library-tests/dataflow/global/viableCallable.expected @@ -50,8 +50,10 @@ | main.rs:211:17:211:25 | source(...) | main.rs:1:1:3:1 | fn source | | main.rs:212:9:212:15 | sink(...) | main.rs:5:1:7:1 | fn sink | | main.rs:215:5:215:17 | sink(...) | main.rs:5:1:7:1 | fn sink | +| main.rs:219:13:219:55 | ...::block_on(...) | file://:0:0:0:0 | repo:https://github.com/rust-lang/futures-rs:futures-executor::_::crate::local_pool::block_on | | main.rs:219:41:219:54 | async_source(...) | main.rs:200:1:204:1 | fn async_source | | main.rs:220:5:220:11 | sink(...) | main.rs:5:1:7:1 | fn sink | +| main.rs:222:5:222:62 | ...::block_on(...) | file://:0:0:0:0 | repo:https://github.com/rust-lang/futures-rs:futures-executor::_::crate::local_pool::block_on | | main.rs:222:33:222:61 | test_async_await_async_part(...) | main.rs:206:1:216:1 | fn test_async_await_async_part | | main.rs:226:5:226:22 | data_out_of_call(...) | main.rs:16:1:19:1 | fn data_out_of_call | | main.rs:227:5:227:21 | data_in_to_call(...) | main.rs:25:1:28:1 | fn data_in_to_call | diff --git a/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected b/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected index 23270af042a..9c7be966433 100644 --- a/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected +++ b/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected @@ -1909,6 +1909,7 @@ models | 1058 | Summary: lang:std; crate::thread::current::set_current; Argument[0]; ReturnValue.Field[crate::result::Result::Err(0)]; value | | 1059 | Summary: lang:std; crate::thread::current::try_with_current; Argument[0].ReturnValue; ReturnValue; value | | 1060 | Summary: lang:std; crate::thread::with_current_name; Argument[0].ReturnValue; ReturnValue; value | +| 1061 | Summary: repo:https://github.com/rust-lang/futures-rs:futures-executor; crate::local_pool::block_on; Argument[0]; ReturnValue; value | storeStep | file://:0:0:0:0 | [summary] to write: Argument[0].Field[crate::option::Option::Some(0)] in lang:core::_::::zip_with | Some | file://:0:0:0:0 | [post] [summary param] 0 in lang:core::_::::zip_with | | file://:0:0:0:0 | [summary] to write: Argument[0].Parameter[0].Reference in lang:alloc::_::::retain | &ref | file://:0:0:0:0 | [summary] to write: Argument[0].Parameter[0] in lang:alloc::_::::retain | diff --git a/rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected b/rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected index e204b5a3926..5fc4c55e003 100644 --- a/rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected +++ b/rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected @@ -2,15 +2,15 @@ | main.rs:6:25:6:30 | ®ex | main.rs:4:20:4:32 | ...::var | main.rs:6:25:6:30 | ®ex | This regular expression is constructed from a $@. | main.rs:4:20:4:32 | ...::var | user-provided value | edges | main.rs:4:9:4:16 | username | main.rs:5:25:5:44 | MacroExpr | provenance | | -| main.rs:4:20:4:32 | ...::var | main.rs:4:20:4:40 | ...::var(...) [Ok] | provenance | Src:MaD:62 | -| main.rs:4:20:4:40 | ...::var(...) [Ok] | main.rs:4:20:4:66 | ... .unwrap_or(...) | provenance | MaD:1593 | +| main.rs:4:20:4:32 | ...::var | main.rs:4:20:4:40 | ...::var(...) [Ok] | provenance | Src:MaD:63 | +| main.rs:4:20:4:40 | ...::var(...) [Ok] | main.rs:4:20:4:66 | ... .unwrap_or(...) | provenance | MaD:1594 | | main.rs:4:20:4:66 | ... .unwrap_or(...) | main.rs:4:9:4:16 | username | provenance | | | main.rs:5:9:5:13 | regex | main.rs:6:26:6:30 | regex | provenance | | | main.rs:5:17:5:45 | res | main.rs:5:25:5:44 | { ... } | provenance | | | main.rs:5:25:5:44 | ...::format(...) | main.rs:5:17:5:45 | res | provenance | | | main.rs:5:25:5:44 | ...::must_use(...) | main.rs:5:9:5:13 | regex | provenance | | -| main.rs:5:25:5:44 | MacroExpr | main.rs:5:25:5:44 | ...::format(...) | provenance | MaD:66 | -| main.rs:5:25:5:44 | { ... } | main.rs:5:25:5:44 | ...::must_use(...) | provenance | MaD:3016 | +| main.rs:5:25:5:44 | MacroExpr | main.rs:5:25:5:44 | ...::format(...) | provenance | MaD:67 | +| main.rs:5:25:5:44 | { ... } | main.rs:5:25:5:44 | ...::must_use(...) | provenance | MaD:3017 | | main.rs:6:26:6:30 | regex | main.rs:6:25:6:30 | ®ex | provenance | | nodes | main.rs:4:9:4:16 | username | semmle.label | username | From d9fb13790994686a480cdf824b53901bbdf4acd3 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Mon, 24 Mar 2025 11:56:00 +0100 Subject: [PATCH 030/409] C#: Add upgrade- and downgrade scripts. --- .../expressions.ql | 13 + .../old.dbscheme | 1460 +++++++++++++++++ .../semmlecode.csharp.dbscheme | 1459 ++++++++++++++++ .../upgrade.properties | 3 + .../old.dbscheme | 1459 ++++++++++++++++ .../semmlecode.csharp.dbscheme | 1460 +++++++++++++++++ .../upgrade.properties | 2 + 7 files changed, 5856 insertions(+) create mode 100644 csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/expressions.ql create mode 100644 csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/old.dbscheme create mode 100644 csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/semmlecode.csharp.dbscheme create mode 100644 csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/upgrade.properties create mode 100644 csharp/ql/lib/upgrades/a2bda57dbc6eea94c50128522aae536e8edd5a3c/old.dbscheme create mode 100644 csharp/ql/lib/upgrades/a2bda57dbc6eea94c50128522aae536e8edd5a3c/semmlecode.csharp.dbscheme create mode 100644 csharp/ql/lib/upgrades/a2bda57dbc6eea94c50128522aae536e8edd5a3c/upgrade.properties diff --git a/csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/expressions.ql b/csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/expressions.ql new file mode 100644 index 00000000000..4f516d1d5cb --- /dev/null +++ b/csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/expressions.ql @@ -0,0 +1,13 @@ +class Expression extends @expr { + string toString() { none() } +} + +class TypeOrRef extends @type_or_ref { + string toString() { none() } +} + +from Expression e, int k, int kind, TypeOrRef t +where + expressions(e, k, t) and + if k = 138 then kind = 106 else kind = k +select e, kind, t diff --git a/csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/old.dbscheme b/csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/old.dbscheme new file mode 100644 index 00000000000..66044cfa5bb --- /dev/null +++ b/csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/old.dbscheme @@ -0,0 +1,1460 @@ +/* This is a dummy line to alter the dbscheme, so we can make a database upgrade + * without actually changing any of the dbscheme predicates. It contains a date + * to allow for such updates in the future as well. + * + * 2021-07-14 + * + * DO NOT remove this comment carelessly, since it can revert the dbscheme back to a + * previously seen state (matching a previously seen SHA), which would make the upgrade + * mechanism not work properly. + */ + +/** + * An invocation of the compiler. Note that more than one file may be + * compiled per invocation. For example, this command compiles three + * source files: + * + * csc f1.cs f2.cs f3.cs + * + * The `id` simply identifies the invocation, while `cwd` is the working + * directory from which the compiler was invoked. + */ +compilations( + unique int id : @compilation, + string cwd : string ref +); + +compilation_info( + int id : @compilation ref, + string info_key: string ref, + string info_value: string ref +) + +/** + * The arguments that were passed to the extractor for a compiler + * invocation. If `id` is for the compiler invocation + * + * csc f1.cs f2.cs f3.cs + * + * then typically there will be rows for + * + * num | arg + * --- | --- + * 0 | --compiler + * 1 | *path to compiler* + * 2 | f1.cs + * 3 | f2.cs + * 4 | f3.cs + */ +#keyset[id, num] +compilation_args( + int id : @compilation ref, + int num : int ref, + string arg : string ref +); + +/** + * The expanded arguments that were passed to the extractor for a + * compiler invocation. This is similar to `compilation_args`, but + * for a `@someFile.rsp` argument, it includes the arguments from that + * file, rather than just taking the argument literally. + */ +#keyset[id, num] +compilation_expanded_args( + int id : @compilation ref, + int num : int ref, + string arg : string ref +); + +/** + * The source files that are compiled by a compiler invocation. + * If `id` is for the compiler invocation + * + * csc f1.cs f2.cs f3.cs + * + * then there will be rows for + * + * num | arg + * --- | --- + * 0 | f1.cs + * 1 | f2.cs + * 2 | f3.cs + */ +#keyset[id, num] +compilation_compiling_files( + int id : @compilation ref, + int num : int ref, + int file : @file ref +); + +/** + * The references used by a compiler invocation. + * If `id` is for the compiler invocation + * + * csc f1.cs f2.cs f3.cs /r:ref1.dll /r:ref2.dll /r:ref3.dll + * + * then there will be rows for + * + * num | arg + * --- | --- + * 0 | ref1.dll + * 1 | ref2.dll + * 2 | ref3.dll + */ +#keyset[id, num] +compilation_referencing_files( + int id : @compilation ref, + int num : int ref, + int file : @file ref +); + +/** + * The time taken by the extractor for a compiler invocation. + * + * For each file `num`, there will be rows for + * + * kind | seconds + * ---- | --- + * 1 | CPU seconds used by the extractor frontend + * 2 | Elapsed seconds during the extractor frontend + * 3 | CPU seconds used by the extractor backend + * 4 | Elapsed seconds during the extractor backend + */ +#keyset[id, num, kind] +compilation_time( + int id : @compilation ref, + int num : int ref, + /* kind: + 1 = frontend_cpu_seconds + 2 = frontend_elapsed_seconds + 3 = extractor_cpu_seconds + 4 = extractor_elapsed_seconds + */ + int kind : int ref, + float seconds : float ref +); + +/** + * An error or warning generated by the extractor. + * The diagnostic message `diagnostic` was generated during compiler + * invocation `compilation`, and is the `file_number_diagnostic_number`th + * message generated while extracting the `file_number`th file of that + * invocation. + */ +#keyset[compilation, file_number, file_number_diagnostic_number] +diagnostic_for( + unique int diagnostic : @diagnostic ref, + int compilation : @compilation ref, + int file_number : int ref, + int file_number_diagnostic_number : int ref +); + +diagnostics( + unique int id: @diagnostic, + int severity: int ref, + string error_tag: string ref, + string error_message: string ref, + string full_error_message: string ref, + int location: @location ref +); + +extractor_messages( + unique int id: @extractor_message, + int severity: int ref, + string origin : string ref, + string text : string ref, + string entity : string ref, + int location: @location ref, + string stack_trace : string ref +); + +/** + * If extraction was successful, then `cpu_seconds` and + * `elapsed_seconds` are the CPU time and elapsed time (respectively) + * that extraction took for compiler invocation `id`. + */ +compilation_finished( + unique int id : @compilation ref, + float cpu_seconds : float ref, + float elapsed_seconds : float ref +); + +compilation_assembly( + unique int id : @compilation ref, + int assembly: @assembly ref +) + +// Populated by the CSV extractor +externalData( + int id: @externalDataElement, + string path: string ref, + int column: int ref, + string value: string ref); + +sourceLocationPrefix( + string prefix: string ref); + +/* + * C# dbscheme + */ + +/** ELEMENTS **/ + +@element = @declaration | @stmt | @expr | @modifier | @attribute | @namespace_declaration + | @using_directive | @type_parameter_constraints | @externalDataElement + | @xmllocatable | @asp_element | @namespace | @preprocessor_directive; + +@declaration = @callable | @generic | @assignable | @namespace; + +@named_element = @namespace | @declaration; + +@declaration_with_accessors = @property | @indexer | @event; + +@assignable = @variable | @assignable_with_accessors | @event; + +@assignable_with_accessors = @property | @indexer; + +@attributable = @assembly | @field | @parameter | @operator | @method | @constructor + | @destructor | @callable_accessor | @value_or_ref_type | @declaration_with_accessors + | @local_function | @lambda_expr; + +/** LOCATIONS, ASEMMBLIES, MODULES, FILES and FOLDERS **/ + +@location = @location_default | @assembly; + +locations_default( + unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref); + +locations_mapped( + unique int id: @location_default ref, + int mapped_to: @location_default ref); + +@sourceline = @file | @callable | @xmllocatable; + +numlines( + int element_id: @sourceline ref, + int num_lines: int ref, + int num_code: int ref, + int num_comment: int ref); + +assemblies( + unique int id: @assembly, + int file: @file ref, + string fullname: string ref, + string name: string ref, + string version: string ref); + +files( + unique int id: @file, + string name: string ref); + +folders( + unique int id: @folder, + string name: string ref); + +@container = @folder | @file ; + +containerparent( + int parent: @container ref, + unique int child: @container ref); + +file_extraction_mode( + unique int file: @file ref, + int mode: int ref + /* 0 = normal, 1 = standalone extractor */ + ); + +/** NAMESPACES **/ + +@type_container = @namespace | @type; + +namespaces( + unique int id: @namespace, + string name: string ref); + +namespace_declarations( + unique int id: @namespace_declaration, + int namespace_id: @namespace ref); + +namespace_declaration_location( + unique int id: @namespace_declaration ref, + int loc: @location ref); + +parent_namespace( + unique int child_id: @type_container ref, + int namespace_id: @namespace ref); + +@declaration_or_directive = @namespace_declaration | @type | @using_directive; + +parent_namespace_declaration( + int child_id: @declaration_or_directive ref, // cannot be unique because of partial classes + int namespace_id: @namespace_declaration ref); + +@using_directive = @using_namespace_directive | @using_static_directive; + +using_global( + unique int id: @using_directive ref +); + +using_namespace_directives( + unique int id: @using_namespace_directive, + int namespace_id: @namespace ref); + +using_static_directives( + unique int id: @using_static_directive, + int type_id: @type_or_ref ref); + +using_directive_location( + unique int id: @using_directive ref, + int loc: @location ref); + +@preprocessor_directive = @pragma_warning | @pragma_checksum | @directive_define | @directive_undefine | @directive_warning + | @directive_error | @directive_nullable | @directive_line | @directive_region | @directive_endregion | @directive_if + | @directive_elif | @directive_else | @directive_endif; + +@conditional_directive = @directive_if | @directive_elif; +@branch_directive = @directive_if | @directive_elif | @directive_else; + +directive_ifs( + unique int id: @directive_if, + int branchTaken: int ref, /* 0: false, 1: true */ + int conditionValue: int ref); /* 0: false, 1: true */ + +directive_elifs( + unique int id: @directive_elif, + int branchTaken: int ref, /* 0: false, 1: true */ + int conditionValue: int ref, /* 0: false, 1: true */ + int parent: @directive_if ref, + int index: int ref); + +directive_elses( + unique int id: @directive_else, + int branchTaken: int ref, /* 0: false, 1: true */ + int parent: @directive_if ref, + int index: int ref); + +#keyset[id, start] +directive_endifs( + unique int id: @directive_endif, + unique int start: @directive_if ref); + +directive_define_symbols( + unique int id: @define_symbol_expr ref, + string name: string ref); + +directive_regions( + unique int id: @directive_region, + string name: string ref); + +#keyset[id, start] +directive_endregions( + unique int id: @directive_endregion, + unique int start: @directive_region ref); + +directive_lines( + unique int id: @directive_line, + int kind: int ref); /* 0: default, 1: hidden, 2: numeric, 3: span */ + +directive_line_value( + unique int id: @directive_line ref, + int line: int ref); + +directive_line_file( + unique int id: @directive_line ref, + int file: @file ref); + +directive_line_offset( + unique int id: @directive_line ref, + int offset: int ref); + +directive_line_span( + unique int id: @directive_line ref, + int startLine: int ref, + int startColumn: int ref, + int endLine: int ref, + int endColumn: int ref); + +directive_nullables( + unique int id: @directive_nullable, + int setting: int ref, /* 0: disable, 1: enable, 2: restore */ + int target: int ref); /* 0: none, 1: annotations, 2: warnings */ + +directive_warnings( + unique int id: @directive_warning, + string message: string ref); + +directive_errors( + unique int id: @directive_error, + string message: string ref); + +directive_undefines( + unique int id: @directive_undefine, + string name: string ref); + +directive_defines( + unique int id: @directive_define, + string name: string ref); + +pragma_checksums( + unique int id: @pragma_checksum, + int file: @file ref, + string guid: string ref, + string bytes: string ref); + +pragma_warnings( + unique int id: @pragma_warning, + int kind: int ref /* 0 = disable, 1 = restore */); + +#keyset[id, index] +pragma_warning_error_codes( + int id: @pragma_warning ref, + string errorCode: string ref, + int index: int ref); + +preprocessor_directive_location( + unique int id: @preprocessor_directive ref, + int loc: @location ref); + +preprocessor_directive_compilation( + int id: @preprocessor_directive ref, + int compilation: @compilation ref); + +preprocessor_directive_active( + unique int id: @preprocessor_directive ref, + int active: int ref); /* 0: false, 1: true */ + +/** TYPES **/ + +types( + unique int id: @type, + int kind: int ref, + string name: string ref); + +case @type.kind of + 1 = @bool_type +| 2 = @char_type +| 3 = @decimal_type +| 4 = @sbyte_type +| 5 = @short_type +| 6 = @int_type +| 7 = @long_type +| 8 = @byte_type +| 9 = @ushort_type +| 10 = @uint_type +| 11 = @ulong_type +| 12 = @float_type +| 13 = @double_type +| 14 = @enum_type +| 15 = @struct_type +| 17 = @class_type +| 19 = @interface_type +| 20 = @delegate_type +| 21 = @null_type +| 22 = @type_parameter +| 23 = @pointer_type +| 24 = @nullable_type +| 25 = @array_type +| 26 = @void_type +| 27 = @int_ptr_type +| 28 = @uint_ptr_type +| 29 = @dynamic_type +| 30 = @arglist_type +| 31 = @unknown_type +| 32 = @tuple_type +| 33 = @function_pointer_type +| 34 = @inline_array_type + ; + +@simple_type = @bool_type | @char_type | @integral_type | @floating_point_type | @decimal_type; +@integral_type = @signed_integral_type | @unsigned_integral_type; +@signed_integral_type = @sbyte_type | @short_type | @int_type | @long_type; +@unsigned_integral_type = @byte_type | @ushort_type | @uint_type | @ulong_type; +@floating_point_type = @float_type | @double_type; +@value_type = @simple_type | @enum_type | @struct_type | @nullable_type | @int_ptr_type + | @uint_ptr_type | @tuple_type | @void_type | @inline_array_type; +@ref_type = @class_type | @interface_type | @array_type | @delegate_type | @null_type + | @dynamic_type; +@value_or_ref_type = @value_type | @ref_type; + +typerefs( + unique int id: @typeref, + string name: string ref); + +typeref_type( + int id: @typeref ref, + unique int typeId: @type ref); + +@type_or_ref = @type | @typeref; + +array_element_type( + unique int array: @array_type ref, + int dimension: int ref, + int rank: int ref, + int element: @type_or_ref ref); + +nullable_underlying_type( + unique int nullable: @nullable_type ref, + int underlying: @type_or_ref ref); + +pointer_referent_type( + unique int pointer: @pointer_type ref, + int referent: @type_or_ref ref); + +enum_underlying_type( + unique int enum_id: @enum_type ref, + int underlying_type_id: @type_or_ref ref); + +delegate_return_type( + unique int delegate_id: @delegate_type ref, + int return_type_id: @type_or_ref ref); + +function_pointer_return_type( + unique int function_pointer_id: @function_pointer_type ref, + int return_type_id: @type_or_ref ref); + +extend( + int sub: @type ref, + int super: @type_or_ref ref); + +anonymous_types( + unique int id: @type ref); + +@interface_or_ref = @interface_type | @typeref; + +implement( + int sub: @type ref, + int super: @type_or_ref ref); + +type_location( + int id: @type ref, + int loc: @location ref); + +tuple_underlying_type( + unique int tuple: @tuple_type ref, + int struct: @type_or_ref ref); + +#keyset[tuple, index] +tuple_element( + int tuple: @tuple_type ref, + int index: int ref, + unique int field: @field ref); + +attributes( + unique int id: @attribute, + int kind: int ref, + int type_id: @type_or_ref ref, + int target: @attributable ref); + +case @attribute.kind of + 0 = @attribute_default +| 1 = @attribute_return +| 2 = @attribute_assembly +| 3 = @attribute_module +; + +attribute_location( + int id: @attribute ref, + int loc: @location ref); + +@type_mention_parent = @element | @type_mention; + +type_mention( + unique int id: @type_mention, + int type_id: @type_or_ref ref, + int parent: @type_mention_parent ref); + +type_mention_location( + unique int id: @type_mention ref, + int loc: @location ref); + +@has_type_annotation = @assignable | @type_parameter | @callable | @expr | @delegate_type | @generic | @function_pointer_type; + +/** + * A direct annotation on an entity, for example `string? x;`. + * + * Annotations: + * 2 = reftype is not annotated "!" + * 3 = reftype is annotated "?" + * 4 = readonly ref type / in parameter + * 5 = ref type parameter, return or local variable + * 6 = out parameter + * + * Note that the annotation depends on the element it annotates. + * @assignable: The annotation is on the type of the assignable, for example the variable type. + * @type_parameter: The annotation is on the reftype constraint + * @callable: The annotation is on the return type + * @array_type: The annotation is on the element type + */ +type_annotation(int id: @has_type_annotation ref, int annotation: int ref); + +nullability(unique int nullability: @nullability, int kind: int ref); + +case @nullability.kind of + 0 = @oblivious +| 1 = @not_annotated +| 2 = @annotated +; + +#keyset[parent, index] +nullability_parent(int nullability: @nullability ref, int index: int ref, int parent: @nullability ref) + +type_nullability(int id: @has_type_annotation ref, int nullability: @nullability ref); + +/** + * The nullable flow state of an expression, as determined by Roslyn. + * 0 = none (default, not populated) + * 1 = not null + * 2 = maybe null + */ +expr_flowstate(unique int id: @expr ref, int state: int ref); + +/** GENERICS **/ + +@generic = @type | @method | @local_function; + +type_parameters( + unique int id: @type_parameter ref, + int index: int ref, + int generic_id: @generic ref, + int variance: int ref /* none = 0, out = 1, in = 2 */); + +#keyset[constructed_id, index] +type_arguments( + int id: @type_or_ref ref, + int index: int ref, + int constructed_id: @generic_or_ref ref); + +@generic_or_ref = @generic | @typeref; + +constructed_generic( + unique int constructed: @generic ref, + int generic: @generic_or_ref ref); + +type_parameter_constraints( + unique int id: @type_parameter_constraints, + int param_id: @type_parameter ref); + +type_parameter_constraints_location( + int id: @type_parameter_constraints ref, + int loc: @location ref); + +general_type_parameter_constraints( + int id: @type_parameter_constraints ref, + int kind: int ref /* class = 1, struct = 2, new = 3 */); + +specific_type_parameter_constraints( + int id: @type_parameter_constraints ref, + int base_id: @type_or_ref ref); + +specific_type_parameter_nullability( + int id: @type_parameter_constraints ref, + int base_id: @type_or_ref ref, + int nullability: @nullability ref); + +/** FUNCTION POINTERS */ + +function_pointer_calling_conventions( + int id: @function_pointer_type ref, + int kind: int ref); + +#keyset[id, index] +has_unmanaged_calling_conventions( + int id: @function_pointer_type ref, + int index: int ref, + int conv_id: @type_or_ref ref); + +/** MODIFIERS */ + +@modifiable = @modifiable_direct | @event_accessor; + +@modifiable_direct = @member | @accessor | @local_function | @anonymous_function_expr; + +modifiers( + unique int id: @modifier, + string name: string ref); + +has_modifiers( + int id: @modifiable_direct ref, + int mod_id: @modifier ref); + +/** MEMBERS **/ + +@member = @method | @constructor | @destructor | @field | @property | @event | @operator | @indexer | @type; + +@named_exprorstmt = @goto_stmt | @labeled_stmt | @expr; + +@virtualizable = @method | @property | @indexer | @event | @operator; + +exprorstmt_name( + unique int parent_id: @named_exprorstmt ref, + string name: string ref); + +nested_types( + unique int id: @type ref, + int declaring_type_id: @type ref, + int unbound_id: @type ref); + +properties( + unique int id: @property, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @property ref); + +property_location( + int id: @property ref, + int loc: @location ref); + +indexers( + unique int id: @indexer, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @indexer ref); + +indexer_location( + int id: @indexer ref, + int loc: @location ref); + +accessors( + unique int id: @accessor, + int kind: int ref, + string name: string ref, + int declaring_member_id: @member ref, + int unbound_id: @accessor ref); + +case @accessor.kind of + 1 = @getter +| 2 = @setter + ; + +init_only_accessors( + unique int id: @accessor ref); + +accessor_location( + int id: @accessor ref, + int loc: @location ref); + +events( + unique int id: @event, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @event ref); + +event_location( + int id: @event ref, + int loc: @location ref); + +event_accessors( + unique int id: @event_accessor, + int kind: int ref, + string name: string ref, + int declaring_event_id: @event ref, + int unbound_id: @event_accessor ref); + +case @event_accessor.kind of + 1 = @add_event_accessor +| 2 = @remove_event_accessor + ; + +event_accessor_location( + int id: @event_accessor ref, + int loc: @location ref); + +operators( + unique int id: @operator, + string name: string ref, + string symbol: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @operator ref); + +operator_location( + int id: @operator ref, + int loc: @location ref); + +constant_value( + int id: @variable ref, + string value: string ref); + +/** CALLABLES **/ + +@callable = @method | @constructor | @destructor | @operator | @callable_accessor | @anonymous_function_expr | @local_function; + +@callable_accessor = @accessor | @event_accessor; + +methods( + unique int id: @method, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @method ref); + +method_location( + int id: @method ref, + int loc: @location ref); + +constructors( + unique int id: @constructor, + string name: string ref, + int declaring_type_id: @type ref, + int unbound_id: @constructor ref); + +constructor_location( + int id: @constructor ref, + int loc: @location ref); + +destructors( + unique int id: @destructor, + string name: string ref, + int declaring_type_id: @type ref, + int unbound_id: @destructor ref); + +destructor_location( + int id: @destructor ref, + int loc: @location ref); + +overrides( + int id: @callable ref, + int base_id: @callable ref); + +explicitly_implements( + int id: @member ref, + int interface_id: @interface_or_ref ref); + +local_functions( + unique int id: @local_function, + string name: string ref, + int return_type: @type ref, + int unbound_id: @local_function ref); + +local_function_stmts( + unique int fn: @local_function_stmt ref, + int stmt: @local_function ref); + +/** VARIABLES **/ + +@variable = @local_scope_variable | @field; + +@local_scope_variable = @local_variable | @parameter; + +fields( + unique int id: @field, + int kind: int ref, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @field ref); + +case @field.kind of + 1 = @addressable_field +| 2 = @constant + ; + +field_location( + int id: @field ref, + int loc: @location ref); + +localvars( + unique int id: @local_variable, + int kind: int ref, + string name: string ref, + int implicitly_typed: int ref /* 0 = no, 1 = yes */, + int type_id: @type_or_ref ref, + int parent_id: @local_var_decl_expr ref); + +case @local_variable.kind of + 1 = @addressable_local_variable +| 2 = @local_constant +| 3 = @local_variable_ref + ; + +localvar_location( + unique int id: @local_variable ref, + int loc: @location ref); + +@parameterizable = @callable | @delegate_type | @indexer | @function_pointer_type; + +#keyset[name, parent_id] +#keyset[index, parent_id] +params( + unique int id: @parameter, + string name: string ref, + int type_id: @type_or_ref ref, + int index: int ref, + int mode: int ref, /* value = 0, ref = 1, out = 2, params/array = 3, this = 4, in = 5, ref readonly = 6 */ + int parent_id: @parameterizable ref, + int unbound_id: @parameter ref); + +param_location( + int id: @parameter ref, + int loc: @location ref); + +@has_scoped_annotation = @local_scope_variable + +scoped_annotation( + int id: @has_scoped_annotation ref, + int kind: int ref // scoped ref = 1, scoped value = 2 + ); + +/** STATEMENTS **/ + +@exprorstmt_parent = @control_flow_element | @top_level_exprorstmt_parent; + +statements( + unique int id: @stmt, + int kind: int ref); + +#keyset[index, parent] +stmt_parent( + unique int stmt: @stmt ref, + int index: int ref, + int parent: @control_flow_element ref); + +@top_level_stmt_parent = @callable; + +// [index, parent] is not a keyset because the same parent may be compiled multiple times +stmt_parent_top_level( + unique int stmt: @stmt ref, + int index: int ref, + int parent: @top_level_stmt_parent ref); + +case @stmt.kind of + 1 = @block_stmt +| 2 = @expr_stmt +| 3 = @if_stmt +| 4 = @switch_stmt +| 5 = @while_stmt +| 6 = @do_stmt +| 7 = @for_stmt +| 8 = @foreach_stmt +| 9 = @break_stmt +| 10 = @continue_stmt +| 11 = @goto_stmt +| 12 = @goto_case_stmt +| 13 = @goto_default_stmt +| 14 = @throw_stmt +| 15 = @return_stmt +| 16 = @yield_stmt +| 17 = @try_stmt +| 18 = @checked_stmt +| 19 = @unchecked_stmt +| 20 = @lock_stmt +| 21 = @using_block_stmt +| 22 = @var_decl_stmt +| 23 = @const_decl_stmt +| 24 = @empty_stmt +| 25 = @unsafe_stmt +| 26 = @fixed_stmt +| 27 = @label_stmt +| 28 = @catch +| 29 = @case_stmt +| 30 = @local_function_stmt +| 31 = @using_decl_stmt + ; + +@using_stmt = @using_block_stmt | @using_decl_stmt; + +@labeled_stmt = @label_stmt | @case; + +@decl_stmt = @var_decl_stmt | @const_decl_stmt | @using_decl_stmt; + +@cond_stmt = @if_stmt | @switch_stmt; + +@loop_stmt = @while_stmt | @do_stmt | @for_stmt | @foreach_stmt; + +@jump_stmt = @break_stmt | @goto_any_stmt | @continue_stmt | @throw_stmt | @return_stmt + | @yield_stmt; + +@goto_any_stmt = @goto_default_stmt | @goto_case_stmt | @goto_stmt; + + +stmt_location( + unique int id: @stmt ref, + int loc: @location ref); + +catch_type( + unique int catch_id: @catch ref, + int type_id: @type_or_ref ref, + int kind: int ref /* explicit = 1, implicit = 2 */); + +foreach_stmt_info( + unique int id: @foreach_stmt ref, + int kind: int ref /* non-async = 1, async = 2 */); + +@foreach_symbol = @method | @property | @type_or_ref; + +#keyset[id, kind] +foreach_stmt_desugar( + int id: @foreach_stmt ref, + int symbol: @foreach_symbol ref, + int kind: int ref /* GetEnumeratorMethod = 1, CurrentProperty = 2, MoveNextMethod = 3, DisposeMethod = 4, ElementType = 5 */); + +/** EXPRESSIONS **/ + +expressions( + unique int id: @expr, + int kind: int ref, + int type_id: @type_or_ref ref); + +#keyset[index, parent] +expr_parent( + unique int expr: @expr ref, + int index: int ref, + int parent: @control_flow_element ref); + +@top_level_expr_parent = @attribute | @field | @property | @indexer | @parameter | @directive_if | @directive_elif; + +@top_level_exprorstmt_parent = @top_level_expr_parent | @top_level_stmt_parent; + +// [index, parent] is not a keyset because the same parent may be compiled multiple times +expr_parent_top_level( + unique int expr: @expr ref, + int index: int ref, + int parent: @top_level_exprorstmt_parent ref); + +case @expr.kind of +/* literal */ + 1 = @bool_literal_expr +| 2 = @char_literal_expr +| 3 = @decimal_literal_expr +| 4 = @int_literal_expr +| 5 = @long_literal_expr +| 6 = @uint_literal_expr +| 7 = @ulong_literal_expr +| 8 = @float_literal_expr +| 9 = @double_literal_expr +| 10 = @utf16_string_literal_expr +| 11 = @null_literal_expr +/* primary & unary */ +| 12 = @this_access_expr +| 13 = @base_access_expr +| 14 = @local_variable_access_expr +| 15 = @parameter_access_expr +| 16 = @field_access_expr +| 17 = @property_access_expr +| 18 = @method_access_expr +| 19 = @event_access_expr +| 20 = @indexer_access_expr +| 21 = @array_access_expr +| 22 = @type_access_expr +| 23 = @typeof_expr +| 24 = @method_invocation_expr +| 25 = @delegate_invocation_expr +| 26 = @operator_invocation_expr +| 27 = @cast_expr +| 28 = @object_creation_expr +| 29 = @explicit_delegate_creation_expr +| 30 = @implicit_delegate_creation_expr +| 31 = @array_creation_expr +| 32 = @default_expr +| 33 = @plus_expr +| 34 = @minus_expr +| 35 = @bit_not_expr +| 36 = @log_not_expr +| 37 = @post_incr_expr +| 38 = @post_decr_expr +| 39 = @pre_incr_expr +| 40 = @pre_decr_expr +/* multiplicative */ +| 41 = @mul_expr +| 42 = @div_expr +| 43 = @rem_expr +/* additive */ +| 44 = @add_expr +| 45 = @sub_expr +/* shift */ +| 46 = @lshift_expr +| 47 = @rshift_expr +/* relational */ +| 48 = @lt_expr +| 49 = @gt_expr +| 50 = @le_expr +| 51 = @ge_expr +/* equality */ +| 52 = @eq_expr +| 53 = @ne_expr +/* logical */ +| 54 = @bit_and_expr +| 55 = @bit_xor_expr +| 56 = @bit_or_expr +| 57 = @log_and_expr +| 58 = @log_or_expr +/* type testing */ +| 59 = @is_expr +| 60 = @as_expr +/* null coalescing */ +| 61 = @null_coalescing_expr +/* conditional */ +| 62 = @conditional_expr +/* assignment */ +| 63 = @simple_assign_expr +| 64 = @assign_add_expr +| 65 = @assign_sub_expr +| 66 = @assign_mul_expr +| 67 = @assign_div_expr +| 68 = @assign_rem_expr +| 69 = @assign_and_expr +| 70 = @assign_xor_expr +| 71 = @assign_or_expr +| 72 = @assign_lshift_expr +| 73 = @assign_rshift_expr +/* more */ +| 74 = @object_init_expr +| 75 = @collection_init_expr +| 76 = @array_init_expr +| 77 = @checked_expr +| 78 = @unchecked_expr +| 79 = @constructor_init_expr +| 80 = @add_event_expr +| 81 = @remove_event_expr +| 82 = @par_expr +| 83 = @local_var_decl_expr +| 84 = @lambda_expr +| 85 = @anonymous_method_expr +| 86 = @namespace_expr +/* dynamic */ +| 92 = @dynamic_element_access_expr +| 93 = @dynamic_member_access_expr +/* unsafe */ +| 100 = @pointer_indirection_expr +| 101 = @address_of_expr +| 102 = @sizeof_expr +/* async */ +| 103 = @await_expr +/* C# 6.0 */ +| 104 = @nameof_expr +| 105 = @interpolated_string_expr +| 106 = @unknown_expr +/* C# 7.0 */ +| 107 = @throw_expr +| 108 = @tuple_expr +| 109 = @local_function_invocation_expr +| 110 = @ref_expr +| 111 = @discard_expr +/* C# 8.0 */ +| 112 = @range_expr +| 113 = @index_expr +| 114 = @switch_expr +| 115 = @recursive_pattern_expr +| 116 = @property_pattern_expr +| 117 = @positional_pattern_expr +| 118 = @switch_case_expr +| 119 = @assign_coalesce_expr +| 120 = @suppress_nullable_warning_expr +| 121 = @namespace_access_expr +/* C# 9.0 */ +| 122 = @lt_pattern_expr +| 123 = @gt_pattern_expr +| 124 = @le_pattern_expr +| 125 = @ge_pattern_expr +| 126 = @not_pattern_expr +| 127 = @and_pattern_expr +| 128 = @or_pattern_expr +| 129 = @function_pointer_invocation_expr +| 130 = @with_expr +/* C# 11.0 */ +| 131 = @list_pattern_expr +| 132 = @slice_pattern_expr +| 133 = @urshift_expr +| 134 = @assign_urshift_expr +| 135 = @utf8_string_literal_expr +/* C# 12.0 */ +| 136 = @collection_expr +| 137 = @spread_element_expr +| 138 = @interpolated_string_insert_expr +/* Preprocessor */ +| 999 = @define_symbol_expr +; + +@switch = @switch_stmt | @switch_expr; +@case = @case_stmt | @switch_case_expr; +@pattern_match = @case | @is_expr; +@unary_pattern_expr = @not_pattern_expr; +@relational_pattern_expr = @gt_pattern_expr | @lt_pattern_expr | @ge_pattern_expr | @le_pattern_expr; +@binary_pattern_expr = @and_pattern_expr | @or_pattern_expr; + +@integer_literal_expr = @int_literal_expr | @long_literal_expr | @uint_literal_expr | @ulong_literal_expr; +@real_literal_expr = @float_literal_expr | @double_literal_expr | @decimal_literal_expr; +@string_literal_expr = @utf16_string_literal_expr | @utf8_string_literal_expr; +@literal_expr = @bool_literal_expr | @char_literal_expr | @integer_literal_expr | @real_literal_expr + | @string_literal_expr | @null_literal_expr; + +@assign_expr = @simple_assign_expr | @assign_op_expr | @local_var_decl_expr; +@assign_op_expr = @assign_arith_expr | @assign_bitwise_expr | @assign_event_expr | @assign_coalesce_expr; +@assign_event_expr = @add_event_expr | @remove_event_expr; + +@assign_arith_expr = @assign_add_expr | @assign_sub_expr | @assign_mul_expr | @assign_div_expr + | @assign_rem_expr +@assign_bitwise_expr = @assign_and_expr | @assign_or_expr | @assign_xor_expr + | @assign_lshift_expr | @assign_rshift_expr | @assign_urshift_expr; + +@member_access_expr = @field_access_expr | @property_access_expr | @indexer_access_expr | @event_access_expr + | @method_access_expr | @type_access_expr | @dynamic_member_access_expr; +@access_expr = @member_access_expr | @this_access_expr | @base_access_expr | @assignable_access_expr | @namespace_access_expr; +@element_access_expr = @indexer_access_expr | @array_access_expr | @dynamic_element_access_expr; + +@local_variable_access = @local_variable_access_expr | @local_var_decl_expr; +@local_scope_variable_access_expr = @parameter_access_expr | @local_variable_access; +@variable_access_expr = @local_scope_variable_access_expr | @field_access_expr; + +@assignable_access_expr = @variable_access_expr | @property_access_expr | @element_access_expr + | @event_access_expr | @dynamic_member_access_expr; + +@objectorcollection_init_expr = @object_init_expr | @collection_init_expr; + +@delegate_creation_expr = @explicit_delegate_creation_expr | @implicit_delegate_creation_expr; + +@bin_arith_op_expr = @mul_expr | @div_expr | @rem_expr | @add_expr | @sub_expr; +@incr_op_expr = @pre_incr_expr | @post_incr_expr; +@decr_op_expr = @pre_decr_expr | @post_decr_expr; +@mut_op_expr = @incr_op_expr | @decr_op_expr; +@un_arith_op_expr = @plus_expr | @minus_expr | @mut_op_expr; +@arith_op_expr = @bin_arith_op_expr | @un_arith_op_expr; + +@ternary_log_op_expr = @conditional_expr; +@bin_log_op_expr = @log_and_expr | @log_or_expr | @null_coalescing_expr; +@un_log_op_expr = @log_not_expr; +@log_expr = @un_log_op_expr | @bin_log_op_expr | @ternary_log_op_expr; + +@bin_bit_op_expr = @bit_and_expr | @bit_or_expr | @bit_xor_expr | @lshift_expr + | @rshift_expr | @urshift_expr; +@un_bit_op_expr = @bit_not_expr; +@bit_expr = @un_bit_op_expr | @bin_bit_op_expr; + +@equality_op_expr = @eq_expr | @ne_expr; +@rel_op_expr = @gt_expr | @lt_expr| @ge_expr | @le_expr; +@comp_expr = @equality_op_expr | @rel_op_expr; + +@op_expr = @assign_expr | @un_op | @bin_op | @ternary_op; + +@ternary_op = @ternary_log_op_expr; +@bin_op = @bin_arith_op_expr | @bin_log_op_expr | @bin_bit_op_expr | @comp_expr; +@un_op = @un_arith_op_expr | @un_log_op_expr | @un_bit_op_expr | @sizeof_expr + | @pointer_indirection_expr | @address_of_expr; + +@anonymous_function_expr = @lambda_expr | @anonymous_method_expr; + +@call = @method_invocation_expr | @constructor_init_expr | @operator_invocation_expr + | @delegate_invocation_expr | @object_creation_expr | @call_access_expr + | @local_function_invocation_expr | @function_pointer_invocation_expr; + +@call_access_expr = @property_access_expr | @event_access_expr | @indexer_access_expr; + +@late_bindable_expr = @dynamic_element_access_expr | @dynamic_member_access_expr + | @object_creation_expr | @method_invocation_expr | @operator_invocation_expr; + +@throw_element = @throw_expr | @throw_stmt; + +@implicitly_typeable_object_creation_expr = @object_creation_expr | @explicit_delegate_creation_expr; + +implicitly_typed_array_creation( + unique int id: @array_creation_expr ref); + +explicitly_sized_array_creation( + unique int id: @array_creation_expr ref); + +stackalloc_array_creation( + unique int id: @array_creation_expr ref); + +implicitly_typed_object_creation( + unique int id: @implicitly_typeable_object_creation_expr ref); + +mutator_invocation_mode( + unique int id: @operator_invocation_expr ref, + int mode: int ref /* prefix = 1, postfix = 2*/); + +expr_value( + unique int id: @expr ref, + string value: string ref); + +expr_call( + unique int caller_id: @expr ref, + int target_id: @callable ref); + +expr_access( + unique int accesser_id: @access_expr ref, + int target_id: @accessible ref); + +@accessible = @method | @assignable | @local_function | @namespace; + +expr_location( + unique int id: @expr ref, + int loc: @location ref); + +dynamic_member_name( + unique int id: @late_bindable_expr ref, + string name: string ref); + +@qualifiable_expr = @member_access_expr + | @method_invocation_expr + | @element_access_expr; + +conditional_access( + unique int id: @qualifiable_expr ref); + +expr_argument( + unique int id: @expr ref, + int mode: int ref); + /* mode is the same as params: value = 0, ref = 1, out = 2 */ + +expr_argument_name( + unique int id: @expr ref, + string name: string ref); + +lambda_expr_return_type( + unique int id: @lambda_expr ref, + int type_id: @type_or_ref ref); + +/* Compiler generated */ + +compiler_generated(unique int id: @element ref); + +/** CONTROL/DATA FLOW **/ + +@control_flow_element = @stmt | @expr; + +/* XML Files */ + +xmlEncoding ( + unique int id: @file ref, + string encoding: string ref); + +xmlDTDs( + unique int id: @xmldtd, + string root: string ref, + string publicId: string ref, + string systemId: string ref, + int fileid: @file ref); + +xmlElements( + unique int id: @xmlelement, + string name: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int fileid: @file ref); + +xmlAttrs( + unique int id: @xmlattribute, + int elementid: @xmlelement ref, + string name: string ref, + string value: string ref, + int idx: int ref, + int fileid: @file ref); + +xmlNs( + int id: @xmlnamespace, + string prefixName: string ref, + string URI: string ref, + int fileid: @file ref); + +xmlHasNs( + int elementId: @xmlnamespaceable ref, + int nsId: @xmlnamespace ref, + int fileid: @file ref); + +xmlComments( + unique int id: @xmlcomment, + string text: string ref, + int parentid: @xmlparent ref, + int fileid: @file ref); + +xmlChars( + unique int id: @xmlcharacters, + string text: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int isCDATA: int ref, + int fileid: @file ref); + +@xmlparent = @file | @xmlelement; +@xmlnamespaceable = @xmlelement | @xmlattribute; + +xmllocations( + int xmlElement: @xmllocatable ref, + int location: @location_default ref); + +@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace; + +/* Comments */ + +commentline( + unique int id: @commentline, + int kind: int ref, + string text: string ref, + string rawtext: string ref); + +case @commentline.kind of + 0 = @singlelinecomment +| 1 = @xmldoccomment +| 2 = @multilinecomment; + +commentline_location( + unique int id: @commentline ref, + int loc: @location ref); + +commentblock( + unique int id : @commentblock); + +commentblock_location( + unique int id: @commentblock ref, + int loc: @location ref); + +commentblock_binding( + int id: @commentblock ref, + int entity: @element ref, + int bindtype: int ref); /* 0: Parent, 1: Best, 2: Before, 3: After */ + +commentblock_child( + int id: @commentblock ref, + int commentline: @commentline ref, + int index: int ref); + +/* ASP.NET */ + +case @asp_element.kind of + 0=@asp_close_tag +| 1=@asp_code +| 2=@asp_comment +| 3=@asp_data_binding +| 4=@asp_directive +| 5=@asp_open_tag +| 6=@asp_quoted_string +| 7=@asp_text +| 8=@asp_xml_directive; + +@asp_attribute = @asp_code | @asp_data_binding | @asp_quoted_string; + +asp_elements( + unique int id: @asp_element, + int kind: int ref, + int loc: @location ref); + +asp_comment_server(unique int comment: @asp_comment ref); +asp_code_inline(unique int code: @asp_code ref); +asp_directive_attribute( + int directive: @asp_directive ref, + int index: int ref, + string name: string ref, + int value: @asp_quoted_string ref); +asp_directive_name( + unique int directive: @asp_directive ref, + string name: string ref); +asp_element_body( + unique int element: @asp_element ref, + string body: string ref); +asp_tag_attribute( + int tag: @asp_open_tag ref, + int index: int ref, + string name: string ref, + int attribute: @asp_attribute ref); +asp_tag_name( + unique int tag: @asp_open_tag ref, + string name: string ref); +asp_tag_isempty(int tag: @asp_open_tag ref); diff --git a/csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/semmlecode.csharp.dbscheme b/csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/semmlecode.csharp.dbscheme new file mode 100644 index 00000000000..a2bda57dbc6 --- /dev/null +++ b/csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/semmlecode.csharp.dbscheme @@ -0,0 +1,1459 @@ +/* This is a dummy line to alter the dbscheme, so we can make a database upgrade + * without actually changing any of the dbscheme predicates. It contains a date + * to allow for such updates in the future as well. + * + * 2021-07-14 + * + * DO NOT remove this comment carelessly, since it can revert the dbscheme back to a + * previously seen state (matching a previously seen SHA), which would make the upgrade + * mechanism not work properly. + */ + +/** + * An invocation of the compiler. Note that more than one file may be + * compiled per invocation. For example, this command compiles three + * source files: + * + * csc f1.cs f2.cs f3.cs + * + * The `id` simply identifies the invocation, while `cwd` is the working + * directory from which the compiler was invoked. + */ +compilations( + unique int id : @compilation, + string cwd : string ref +); + +compilation_info( + int id : @compilation ref, + string info_key: string ref, + string info_value: string ref +) + +/** + * The arguments that were passed to the extractor for a compiler + * invocation. If `id` is for the compiler invocation + * + * csc f1.cs f2.cs f3.cs + * + * then typically there will be rows for + * + * num | arg + * --- | --- + * 0 | --compiler + * 1 | *path to compiler* + * 2 | f1.cs + * 3 | f2.cs + * 4 | f3.cs + */ +#keyset[id, num] +compilation_args( + int id : @compilation ref, + int num : int ref, + string arg : string ref +); + +/** + * The expanded arguments that were passed to the extractor for a + * compiler invocation. This is similar to `compilation_args`, but + * for a `@someFile.rsp` argument, it includes the arguments from that + * file, rather than just taking the argument literally. + */ +#keyset[id, num] +compilation_expanded_args( + int id : @compilation ref, + int num : int ref, + string arg : string ref +); + +/** + * The source files that are compiled by a compiler invocation. + * If `id` is for the compiler invocation + * + * csc f1.cs f2.cs f3.cs + * + * then there will be rows for + * + * num | arg + * --- | --- + * 0 | f1.cs + * 1 | f2.cs + * 2 | f3.cs + */ +#keyset[id, num] +compilation_compiling_files( + int id : @compilation ref, + int num : int ref, + int file : @file ref +); + +/** + * The references used by a compiler invocation. + * If `id` is for the compiler invocation + * + * csc f1.cs f2.cs f3.cs /r:ref1.dll /r:ref2.dll /r:ref3.dll + * + * then there will be rows for + * + * num | arg + * --- | --- + * 0 | ref1.dll + * 1 | ref2.dll + * 2 | ref3.dll + */ +#keyset[id, num] +compilation_referencing_files( + int id : @compilation ref, + int num : int ref, + int file : @file ref +); + +/** + * The time taken by the extractor for a compiler invocation. + * + * For each file `num`, there will be rows for + * + * kind | seconds + * ---- | --- + * 1 | CPU seconds used by the extractor frontend + * 2 | Elapsed seconds during the extractor frontend + * 3 | CPU seconds used by the extractor backend + * 4 | Elapsed seconds during the extractor backend + */ +#keyset[id, num, kind] +compilation_time( + int id : @compilation ref, + int num : int ref, + /* kind: + 1 = frontend_cpu_seconds + 2 = frontend_elapsed_seconds + 3 = extractor_cpu_seconds + 4 = extractor_elapsed_seconds + */ + int kind : int ref, + float seconds : float ref +); + +/** + * An error or warning generated by the extractor. + * The diagnostic message `diagnostic` was generated during compiler + * invocation `compilation`, and is the `file_number_diagnostic_number`th + * message generated while extracting the `file_number`th file of that + * invocation. + */ +#keyset[compilation, file_number, file_number_diagnostic_number] +diagnostic_for( + unique int diagnostic : @diagnostic ref, + int compilation : @compilation ref, + int file_number : int ref, + int file_number_diagnostic_number : int ref +); + +diagnostics( + unique int id: @diagnostic, + int severity: int ref, + string error_tag: string ref, + string error_message: string ref, + string full_error_message: string ref, + int location: @location ref +); + +extractor_messages( + unique int id: @extractor_message, + int severity: int ref, + string origin : string ref, + string text : string ref, + string entity : string ref, + int location: @location ref, + string stack_trace : string ref +); + +/** + * If extraction was successful, then `cpu_seconds` and + * `elapsed_seconds` are the CPU time and elapsed time (respectively) + * that extraction took for compiler invocation `id`. + */ +compilation_finished( + unique int id : @compilation ref, + float cpu_seconds : float ref, + float elapsed_seconds : float ref +); + +compilation_assembly( + unique int id : @compilation ref, + int assembly: @assembly ref +) + +// Populated by the CSV extractor +externalData( + int id: @externalDataElement, + string path: string ref, + int column: int ref, + string value: string ref); + +sourceLocationPrefix( + string prefix: string ref); + +/* + * C# dbscheme + */ + +/** ELEMENTS **/ + +@element = @declaration | @stmt | @expr | @modifier | @attribute | @namespace_declaration + | @using_directive | @type_parameter_constraints | @externalDataElement + | @xmllocatable | @asp_element | @namespace | @preprocessor_directive; + +@declaration = @callable | @generic | @assignable | @namespace; + +@named_element = @namespace | @declaration; + +@declaration_with_accessors = @property | @indexer | @event; + +@assignable = @variable | @assignable_with_accessors | @event; + +@assignable_with_accessors = @property | @indexer; + +@attributable = @assembly | @field | @parameter | @operator | @method | @constructor + | @destructor | @callable_accessor | @value_or_ref_type | @declaration_with_accessors + | @local_function | @lambda_expr; + +/** LOCATIONS, ASEMMBLIES, MODULES, FILES and FOLDERS **/ + +@location = @location_default | @assembly; + +locations_default( + unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref); + +locations_mapped( + unique int id: @location_default ref, + int mapped_to: @location_default ref); + +@sourceline = @file | @callable | @xmllocatable; + +numlines( + int element_id: @sourceline ref, + int num_lines: int ref, + int num_code: int ref, + int num_comment: int ref); + +assemblies( + unique int id: @assembly, + int file: @file ref, + string fullname: string ref, + string name: string ref, + string version: string ref); + +files( + unique int id: @file, + string name: string ref); + +folders( + unique int id: @folder, + string name: string ref); + +@container = @folder | @file ; + +containerparent( + int parent: @container ref, + unique int child: @container ref); + +file_extraction_mode( + unique int file: @file ref, + int mode: int ref + /* 0 = normal, 1 = standalone extractor */ + ); + +/** NAMESPACES **/ + +@type_container = @namespace | @type; + +namespaces( + unique int id: @namespace, + string name: string ref); + +namespace_declarations( + unique int id: @namespace_declaration, + int namespace_id: @namespace ref); + +namespace_declaration_location( + unique int id: @namespace_declaration ref, + int loc: @location ref); + +parent_namespace( + unique int child_id: @type_container ref, + int namespace_id: @namespace ref); + +@declaration_or_directive = @namespace_declaration | @type | @using_directive; + +parent_namespace_declaration( + int child_id: @declaration_or_directive ref, // cannot be unique because of partial classes + int namespace_id: @namespace_declaration ref); + +@using_directive = @using_namespace_directive | @using_static_directive; + +using_global( + unique int id: @using_directive ref +); + +using_namespace_directives( + unique int id: @using_namespace_directive, + int namespace_id: @namespace ref); + +using_static_directives( + unique int id: @using_static_directive, + int type_id: @type_or_ref ref); + +using_directive_location( + unique int id: @using_directive ref, + int loc: @location ref); + +@preprocessor_directive = @pragma_warning | @pragma_checksum | @directive_define | @directive_undefine | @directive_warning + | @directive_error | @directive_nullable | @directive_line | @directive_region | @directive_endregion | @directive_if + | @directive_elif | @directive_else | @directive_endif; + +@conditional_directive = @directive_if | @directive_elif; +@branch_directive = @directive_if | @directive_elif | @directive_else; + +directive_ifs( + unique int id: @directive_if, + int branchTaken: int ref, /* 0: false, 1: true */ + int conditionValue: int ref); /* 0: false, 1: true */ + +directive_elifs( + unique int id: @directive_elif, + int branchTaken: int ref, /* 0: false, 1: true */ + int conditionValue: int ref, /* 0: false, 1: true */ + int parent: @directive_if ref, + int index: int ref); + +directive_elses( + unique int id: @directive_else, + int branchTaken: int ref, /* 0: false, 1: true */ + int parent: @directive_if ref, + int index: int ref); + +#keyset[id, start] +directive_endifs( + unique int id: @directive_endif, + unique int start: @directive_if ref); + +directive_define_symbols( + unique int id: @define_symbol_expr ref, + string name: string ref); + +directive_regions( + unique int id: @directive_region, + string name: string ref); + +#keyset[id, start] +directive_endregions( + unique int id: @directive_endregion, + unique int start: @directive_region ref); + +directive_lines( + unique int id: @directive_line, + int kind: int ref); /* 0: default, 1: hidden, 2: numeric, 3: span */ + +directive_line_value( + unique int id: @directive_line ref, + int line: int ref); + +directive_line_file( + unique int id: @directive_line ref, + int file: @file ref); + +directive_line_offset( + unique int id: @directive_line ref, + int offset: int ref); + +directive_line_span( + unique int id: @directive_line ref, + int startLine: int ref, + int startColumn: int ref, + int endLine: int ref, + int endColumn: int ref); + +directive_nullables( + unique int id: @directive_nullable, + int setting: int ref, /* 0: disable, 1: enable, 2: restore */ + int target: int ref); /* 0: none, 1: annotations, 2: warnings */ + +directive_warnings( + unique int id: @directive_warning, + string message: string ref); + +directive_errors( + unique int id: @directive_error, + string message: string ref); + +directive_undefines( + unique int id: @directive_undefine, + string name: string ref); + +directive_defines( + unique int id: @directive_define, + string name: string ref); + +pragma_checksums( + unique int id: @pragma_checksum, + int file: @file ref, + string guid: string ref, + string bytes: string ref); + +pragma_warnings( + unique int id: @pragma_warning, + int kind: int ref /* 0 = disable, 1 = restore */); + +#keyset[id, index] +pragma_warning_error_codes( + int id: @pragma_warning ref, + string errorCode: string ref, + int index: int ref); + +preprocessor_directive_location( + unique int id: @preprocessor_directive ref, + int loc: @location ref); + +preprocessor_directive_compilation( + int id: @preprocessor_directive ref, + int compilation: @compilation ref); + +preprocessor_directive_active( + unique int id: @preprocessor_directive ref, + int active: int ref); /* 0: false, 1: true */ + +/** TYPES **/ + +types( + unique int id: @type, + int kind: int ref, + string name: string ref); + +case @type.kind of + 1 = @bool_type +| 2 = @char_type +| 3 = @decimal_type +| 4 = @sbyte_type +| 5 = @short_type +| 6 = @int_type +| 7 = @long_type +| 8 = @byte_type +| 9 = @ushort_type +| 10 = @uint_type +| 11 = @ulong_type +| 12 = @float_type +| 13 = @double_type +| 14 = @enum_type +| 15 = @struct_type +| 17 = @class_type +| 19 = @interface_type +| 20 = @delegate_type +| 21 = @null_type +| 22 = @type_parameter +| 23 = @pointer_type +| 24 = @nullable_type +| 25 = @array_type +| 26 = @void_type +| 27 = @int_ptr_type +| 28 = @uint_ptr_type +| 29 = @dynamic_type +| 30 = @arglist_type +| 31 = @unknown_type +| 32 = @tuple_type +| 33 = @function_pointer_type +| 34 = @inline_array_type + ; + +@simple_type = @bool_type | @char_type | @integral_type | @floating_point_type | @decimal_type; +@integral_type = @signed_integral_type | @unsigned_integral_type; +@signed_integral_type = @sbyte_type | @short_type | @int_type | @long_type; +@unsigned_integral_type = @byte_type | @ushort_type | @uint_type | @ulong_type; +@floating_point_type = @float_type | @double_type; +@value_type = @simple_type | @enum_type | @struct_type | @nullable_type | @int_ptr_type + | @uint_ptr_type | @tuple_type | @void_type | @inline_array_type; +@ref_type = @class_type | @interface_type | @array_type | @delegate_type | @null_type + | @dynamic_type; +@value_or_ref_type = @value_type | @ref_type; + +typerefs( + unique int id: @typeref, + string name: string ref); + +typeref_type( + int id: @typeref ref, + unique int typeId: @type ref); + +@type_or_ref = @type | @typeref; + +array_element_type( + unique int array: @array_type ref, + int dimension: int ref, + int rank: int ref, + int element: @type_or_ref ref); + +nullable_underlying_type( + unique int nullable: @nullable_type ref, + int underlying: @type_or_ref ref); + +pointer_referent_type( + unique int pointer: @pointer_type ref, + int referent: @type_or_ref ref); + +enum_underlying_type( + unique int enum_id: @enum_type ref, + int underlying_type_id: @type_or_ref ref); + +delegate_return_type( + unique int delegate_id: @delegate_type ref, + int return_type_id: @type_or_ref ref); + +function_pointer_return_type( + unique int function_pointer_id: @function_pointer_type ref, + int return_type_id: @type_or_ref ref); + +extend( + int sub: @type ref, + int super: @type_or_ref ref); + +anonymous_types( + unique int id: @type ref); + +@interface_or_ref = @interface_type | @typeref; + +implement( + int sub: @type ref, + int super: @type_or_ref ref); + +type_location( + int id: @type ref, + int loc: @location ref); + +tuple_underlying_type( + unique int tuple: @tuple_type ref, + int struct: @type_or_ref ref); + +#keyset[tuple, index] +tuple_element( + int tuple: @tuple_type ref, + int index: int ref, + unique int field: @field ref); + +attributes( + unique int id: @attribute, + int kind: int ref, + int type_id: @type_or_ref ref, + int target: @attributable ref); + +case @attribute.kind of + 0 = @attribute_default +| 1 = @attribute_return +| 2 = @attribute_assembly +| 3 = @attribute_module +; + +attribute_location( + int id: @attribute ref, + int loc: @location ref); + +@type_mention_parent = @element | @type_mention; + +type_mention( + unique int id: @type_mention, + int type_id: @type_or_ref ref, + int parent: @type_mention_parent ref); + +type_mention_location( + unique int id: @type_mention ref, + int loc: @location ref); + +@has_type_annotation = @assignable | @type_parameter | @callable | @expr | @delegate_type | @generic | @function_pointer_type; + +/** + * A direct annotation on an entity, for example `string? x;`. + * + * Annotations: + * 2 = reftype is not annotated "!" + * 3 = reftype is annotated "?" + * 4 = readonly ref type / in parameter + * 5 = ref type parameter, return or local variable + * 6 = out parameter + * + * Note that the annotation depends on the element it annotates. + * @assignable: The annotation is on the type of the assignable, for example the variable type. + * @type_parameter: The annotation is on the reftype constraint + * @callable: The annotation is on the return type + * @array_type: The annotation is on the element type + */ +type_annotation(int id: @has_type_annotation ref, int annotation: int ref); + +nullability(unique int nullability: @nullability, int kind: int ref); + +case @nullability.kind of + 0 = @oblivious +| 1 = @not_annotated +| 2 = @annotated +; + +#keyset[parent, index] +nullability_parent(int nullability: @nullability ref, int index: int ref, int parent: @nullability ref) + +type_nullability(int id: @has_type_annotation ref, int nullability: @nullability ref); + +/** + * The nullable flow state of an expression, as determined by Roslyn. + * 0 = none (default, not populated) + * 1 = not null + * 2 = maybe null + */ +expr_flowstate(unique int id: @expr ref, int state: int ref); + +/** GENERICS **/ + +@generic = @type | @method | @local_function; + +type_parameters( + unique int id: @type_parameter ref, + int index: int ref, + int generic_id: @generic ref, + int variance: int ref /* none = 0, out = 1, in = 2 */); + +#keyset[constructed_id, index] +type_arguments( + int id: @type_or_ref ref, + int index: int ref, + int constructed_id: @generic_or_ref ref); + +@generic_or_ref = @generic | @typeref; + +constructed_generic( + unique int constructed: @generic ref, + int generic: @generic_or_ref ref); + +type_parameter_constraints( + unique int id: @type_parameter_constraints, + int param_id: @type_parameter ref); + +type_parameter_constraints_location( + int id: @type_parameter_constraints ref, + int loc: @location ref); + +general_type_parameter_constraints( + int id: @type_parameter_constraints ref, + int kind: int ref /* class = 1, struct = 2, new = 3 */); + +specific_type_parameter_constraints( + int id: @type_parameter_constraints ref, + int base_id: @type_or_ref ref); + +specific_type_parameter_nullability( + int id: @type_parameter_constraints ref, + int base_id: @type_or_ref ref, + int nullability: @nullability ref); + +/** FUNCTION POINTERS */ + +function_pointer_calling_conventions( + int id: @function_pointer_type ref, + int kind: int ref); + +#keyset[id, index] +has_unmanaged_calling_conventions( + int id: @function_pointer_type ref, + int index: int ref, + int conv_id: @type_or_ref ref); + +/** MODIFIERS */ + +@modifiable = @modifiable_direct | @event_accessor; + +@modifiable_direct = @member | @accessor | @local_function | @anonymous_function_expr; + +modifiers( + unique int id: @modifier, + string name: string ref); + +has_modifiers( + int id: @modifiable_direct ref, + int mod_id: @modifier ref); + +/** MEMBERS **/ + +@member = @method | @constructor | @destructor | @field | @property | @event | @operator | @indexer | @type; + +@named_exprorstmt = @goto_stmt | @labeled_stmt | @expr; + +@virtualizable = @method | @property | @indexer | @event | @operator; + +exprorstmt_name( + unique int parent_id: @named_exprorstmt ref, + string name: string ref); + +nested_types( + unique int id: @type ref, + int declaring_type_id: @type ref, + int unbound_id: @type ref); + +properties( + unique int id: @property, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @property ref); + +property_location( + int id: @property ref, + int loc: @location ref); + +indexers( + unique int id: @indexer, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @indexer ref); + +indexer_location( + int id: @indexer ref, + int loc: @location ref); + +accessors( + unique int id: @accessor, + int kind: int ref, + string name: string ref, + int declaring_member_id: @member ref, + int unbound_id: @accessor ref); + +case @accessor.kind of + 1 = @getter +| 2 = @setter + ; + +init_only_accessors( + unique int id: @accessor ref); + +accessor_location( + int id: @accessor ref, + int loc: @location ref); + +events( + unique int id: @event, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @event ref); + +event_location( + int id: @event ref, + int loc: @location ref); + +event_accessors( + unique int id: @event_accessor, + int kind: int ref, + string name: string ref, + int declaring_event_id: @event ref, + int unbound_id: @event_accessor ref); + +case @event_accessor.kind of + 1 = @add_event_accessor +| 2 = @remove_event_accessor + ; + +event_accessor_location( + int id: @event_accessor ref, + int loc: @location ref); + +operators( + unique int id: @operator, + string name: string ref, + string symbol: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @operator ref); + +operator_location( + int id: @operator ref, + int loc: @location ref); + +constant_value( + int id: @variable ref, + string value: string ref); + +/** CALLABLES **/ + +@callable = @method | @constructor | @destructor | @operator | @callable_accessor | @anonymous_function_expr | @local_function; + +@callable_accessor = @accessor | @event_accessor; + +methods( + unique int id: @method, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @method ref); + +method_location( + int id: @method ref, + int loc: @location ref); + +constructors( + unique int id: @constructor, + string name: string ref, + int declaring_type_id: @type ref, + int unbound_id: @constructor ref); + +constructor_location( + int id: @constructor ref, + int loc: @location ref); + +destructors( + unique int id: @destructor, + string name: string ref, + int declaring_type_id: @type ref, + int unbound_id: @destructor ref); + +destructor_location( + int id: @destructor ref, + int loc: @location ref); + +overrides( + int id: @callable ref, + int base_id: @callable ref); + +explicitly_implements( + int id: @member ref, + int interface_id: @interface_or_ref ref); + +local_functions( + unique int id: @local_function, + string name: string ref, + int return_type: @type ref, + int unbound_id: @local_function ref); + +local_function_stmts( + unique int fn: @local_function_stmt ref, + int stmt: @local_function ref); + +/** VARIABLES **/ + +@variable = @local_scope_variable | @field; + +@local_scope_variable = @local_variable | @parameter; + +fields( + unique int id: @field, + int kind: int ref, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @field ref); + +case @field.kind of + 1 = @addressable_field +| 2 = @constant + ; + +field_location( + int id: @field ref, + int loc: @location ref); + +localvars( + unique int id: @local_variable, + int kind: int ref, + string name: string ref, + int implicitly_typed: int ref /* 0 = no, 1 = yes */, + int type_id: @type_or_ref ref, + int parent_id: @local_var_decl_expr ref); + +case @local_variable.kind of + 1 = @addressable_local_variable +| 2 = @local_constant +| 3 = @local_variable_ref + ; + +localvar_location( + unique int id: @local_variable ref, + int loc: @location ref); + +@parameterizable = @callable | @delegate_type | @indexer | @function_pointer_type; + +#keyset[name, parent_id] +#keyset[index, parent_id] +params( + unique int id: @parameter, + string name: string ref, + int type_id: @type_or_ref ref, + int index: int ref, + int mode: int ref, /* value = 0, ref = 1, out = 2, params/array = 3, this = 4, in = 5, ref readonly = 6 */ + int parent_id: @parameterizable ref, + int unbound_id: @parameter ref); + +param_location( + int id: @parameter ref, + int loc: @location ref); + +@has_scoped_annotation = @local_scope_variable + +scoped_annotation( + int id: @has_scoped_annotation ref, + int kind: int ref // scoped ref = 1, scoped value = 2 + ); + +/** STATEMENTS **/ + +@exprorstmt_parent = @control_flow_element | @top_level_exprorstmt_parent; + +statements( + unique int id: @stmt, + int kind: int ref); + +#keyset[index, parent] +stmt_parent( + unique int stmt: @stmt ref, + int index: int ref, + int parent: @control_flow_element ref); + +@top_level_stmt_parent = @callable; + +// [index, parent] is not a keyset because the same parent may be compiled multiple times +stmt_parent_top_level( + unique int stmt: @stmt ref, + int index: int ref, + int parent: @top_level_stmt_parent ref); + +case @stmt.kind of + 1 = @block_stmt +| 2 = @expr_stmt +| 3 = @if_stmt +| 4 = @switch_stmt +| 5 = @while_stmt +| 6 = @do_stmt +| 7 = @for_stmt +| 8 = @foreach_stmt +| 9 = @break_stmt +| 10 = @continue_stmt +| 11 = @goto_stmt +| 12 = @goto_case_stmt +| 13 = @goto_default_stmt +| 14 = @throw_stmt +| 15 = @return_stmt +| 16 = @yield_stmt +| 17 = @try_stmt +| 18 = @checked_stmt +| 19 = @unchecked_stmt +| 20 = @lock_stmt +| 21 = @using_block_stmt +| 22 = @var_decl_stmt +| 23 = @const_decl_stmt +| 24 = @empty_stmt +| 25 = @unsafe_stmt +| 26 = @fixed_stmt +| 27 = @label_stmt +| 28 = @catch +| 29 = @case_stmt +| 30 = @local_function_stmt +| 31 = @using_decl_stmt + ; + +@using_stmt = @using_block_stmt | @using_decl_stmt; + +@labeled_stmt = @label_stmt | @case; + +@decl_stmt = @var_decl_stmt | @const_decl_stmt | @using_decl_stmt; + +@cond_stmt = @if_stmt | @switch_stmt; + +@loop_stmt = @while_stmt | @do_stmt | @for_stmt | @foreach_stmt; + +@jump_stmt = @break_stmt | @goto_any_stmt | @continue_stmt | @throw_stmt | @return_stmt + | @yield_stmt; + +@goto_any_stmt = @goto_default_stmt | @goto_case_stmt | @goto_stmt; + + +stmt_location( + unique int id: @stmt ref, + int loc: @location ref); + +catch_type( + unique int catch_id: @catch ref, + int type_id: @type_or_ref ref, + int kind: int ref /* explicit = 1, implicit = 2 */); + +foreach_stmt_info( + unique int id: @foreach_stmt ref, + int kind: int ref /* non-async = 1, async = 2 */); + +@foreach_symbol = @method | @property | @type_or_ref; + +#keyset[id, kind] +foreach_stmt_desugar( + int id: @foreach_stmt ref, + int symbol: @foreach_symbol ref, + int kind: int ref /* GetEnumeratorMethod = 1, CurrentProperty = 2, MoveNextMethod = 3, DisposeMethod = 4, ElementType = 5 */); + +/** EXPRESSIONS **/ + +expressions( + unique int id: @expr, + int kind: int ref, + int type_id: @type_or_ref ref); + +#keyset[index, parent] +expr_parent( + unique int expr: @expr ref, + int index: int ref, + int parent: @control_flow_element ref); + +@top_level_expr_parent = @attribute | @field | @property | @indexer | @parameter | @directive_if | @directive_elif; + +@top_level_exprorstmt_parent = @top_level_expr_parent | @top_level_stmt_parent; + +// [index, parent] is not a keyset because the same parent may be compiled multiple times +expr_parent_top_level( + unique int expr: @expr ref, + int index: int ref, + int parent: @top_level_exprorstmt_parent ref); + +case @expr.kind of +/* literal */ + 1 = @bool_literal_expr +| 2 = @char_literal_expr +| 3 = @decimal_literal_expr +| 4 = @int_literal_expr +| 5 = @long_literal_expr +| 6 = @uint_literal_expr +| 7 = @ulong_literal_expr +| 8 = @float_literal_expr +| 9 = @double_literal_expr +| 10 = @utf16_string_literal_expr +| 11 = @null_literal_expr +/* primary & unary */ +| 12 = @this_access_expr +| 13 = @base_access_expr +| 14 = @local_variable_access_expr +| 15 = @parameter_access_expr +| 16 = @field_access_expr +| 17 = @property_access_expr +| 18 = @method_access_expr +| 19 = @event_access_expr +| 20 = @indexer_access_expr +| 21 = @array_access_expr +| 22 = @type_access_expr +| 23 = @typeof_expr +| 24 = @method_invocation_expr +| 25 = @delegate_invocation_expr +| 26 = @operator_invocation_expr +| 27 = @cast_expr +| 28 = @object_creation_expr +| 29 = @explicit_delegate_creation_expr +| 30 = @implicit_delegate_creation_expr +| 31 = @array_creation_expr +| 32 = @default_expr +| 33 = @plus_expr +| 34 = @minus_expr +| 35 = @bit_not_expr +| 36 = @log_not_expr +| 37 = @post_incr_expr +| 38 = @post_decr_expr +| 39 = @pre_incr_expr +| 40 = @pre_decr_expr +/* multiplicative */ +| 41 = @mul_expr +| 42 = @div_expr +| 43 = @rem_expr +/* additive */ +| 44 = @add_expr +| 45 = @sub_expr +/* shift */ +| 46 = @lshift_expr +| 47 = @rshift_expr +/* relational */ +| 48 = @lt_expr +| 49 = @gt_expr +| 50 = @le_expr +| 51 = @ge_expr +/* equality */ +| 52 = @eq_expr +| 53 = @ne_expr +/* logical */ +| 54 = @bit_and_expr +| 55 = @bit_xor_expr +| 56 = @bit_or_expr +| 57 = @log_and_expr +| 58 = @log_or_expr +/* type testing */ +| 59 = @is_expr +| 60 = @as_expr +/* null coalescing */ +| 61 = @null_coalescing_expr +/* conditional */ +| 62 = @conditional_expr +/* assignment */ +| 63 = @simple_assign_expr +| 64 = @assign_add_expr +| 65 = @assign_sub_expr +| 66 = @assign_mul_expr +| 67 = @assign_div_expr +| 68 = @assign_rem_expr +| 69 = @assign_and_expr +| 70 = @assign_xor_expr +| 71 = @assign_or_expr +| 72 = @assign_lshift_expr +| 73 = @assign_rshift_expr +/* more */ +| 74 = @object_init_expr +| 75 = @collection_init_expr +| 76 = @array_init_expr +| 77 = @checked_expr +| 78 = @unchecked_expr +| 79 = @constructor_init_expr +| 80 = @add_event_expr +| 81 = @remove_event_expr +| 82 = @par_expr +| 83 = @local_var_decl_expr +| 84 = @lambda_expr +| 85 = @anonymous_method_expr +| 86 = @namespace_expr +/* dynamic */ +| 92 = @dynamic_element_access_expr +| 93 = @dynamic_member_access_expr +/* unsafe */ +| 100 = @pointer_indirection_expr +| 101 = @address_of_expr +| 102 = @sizeof_expr +/* async */ +| 103 = @await_expr +/* C# 6.0 */ +| 104 = @nameof_expr +| 105 = @interpolated_string_expr +| 106 = @unknown_expr +/* C# 7.0 */ +| 107 = @throw_expr +| 108 = @tuple_expr +| 109 = @local_function_invocation_expr +| 110 = @ref_expr +| 111 = @discard_expr +/* C# 8.0 */ +| 112 = @range_expr +| 113 = @index_expr +| 114 = @switch_expr +| 115 = @recursive_pattern_expr +| 116 = @property_pattern_expr +| 117 = @positional_pattern_expr +| 118 = @switch_case_expr +| 119 = @assign_coalesce_expr +| 120 = @suppress_nullable_warning_expr +| 121 = @namespace_access_expr +/* C# 9.0 */ +| 122 = @lt_pattern_expr +| 123 = @gt_pattern_expr +| 124 = @le_pattern_expr +| 125 = @ge_pattern_expr +| 126 = @not_pattern_expr +| 127 = @and_pattern_expr +| 128 = @or_pattern_expr +| 129 = @function_pointer_invocation_expr +| 130 = @with_expr +/* C# 11.0 */ +| 131 = @list_pattern_expr +| 132 = @slice_pattern_expr +| 133 = @urshift_expr +| 134 = @assign_urshift_expr +| 135 = @utf8_string_literal_expr +/* C# 12.0 */ +| 136 = @collection_expr +| 137 = @spread_element_expr +/* Preprocessor */ +| 999 = @define_symbol_expr +; + +@switch = @switch_stmt | @switch_expr; +@case = @case_stmt | @switch_case_expr; +@pattern_match = @case | @is_expr; +@unary_pattern_expr = @not_pattern_expr; +@relational_pattern_expr = @gt_pattern_expr | @lt_pattern_expr | @ge_pattern_expr | @le_pattern_expr; +@binary_pattern_expr = @and_pattern_expr | @or_pattern_expr; + +@integer_literal_expr = @int_literal_expr | @long_literal_expr | @uint_literal_expr | @ulong_literal_expr; +@real_literal_expr = @float_literal_expr | @double_literal_expr | @decimal_literal_expr; +@string_literal_expr = @utf16_string_literal_expr | @utf8_string_literal_expr; +@literal_expr = @bool_literal_expr | @char_literal_expr | @integer_literal_expr | @real_literal_expr + | @string_literal_expr | @null_literal_expr; + +@assign_expr = @simple_assign_expr | @assign_op_expr | @local_var_decl_expr; +@assign_op_expr = @assign_arith_expr | @assign_bitwise_expr | @assign_event_expr | @assign_coalesce_expr; +@assign_event_expr = @add_event_expr | @remove_event_expr; + +@assign_arith_expr = @assign_add_expr | @assign_sub_expr | @assign_mul_expr | @assign_div_expr + | @assign_rem_expr +@assign_bitwise_expr = @assign_and_expr | @assign_or_expr | @assign_xor_expr + | @assign_lshift_expr | @assign_rshift_expr | @assign_urshift_expr; + +@member_access_expr = @field_access_expr | @property_access_expr | @indexer_access_expr | @event_access_expr + | @method_access_expr | @type_access_expr | @dynamic_member_access_expr; +@access_expr = @member_access_expr | @this_access_expr | @base_access_expr | @assignable_access_expr | @namespace_access_expr; +@element_access_expr = @indexer_access_expr | @array_access_expr | @dynamic_element_access_expr; + +@local_variable_access = @local_variable_access_expr | @local_var_decl_expr; +@local_scope_variable_access_expr = @parameter_access_expr | @local_variable_access; +@variable_access_expr = @local_scope_variable_access_expr | @field_access_expr; + +@assignable_access_expr = @variable_access_expr | @property_access_expr | @element_access_expr + | @event_access_expr | @dynamic_member_access_expr; + +@objectorcollection_init_expr = @object_init_expr | @collection_init_expr; + +@delegate_creation_expr = @explicit_delegate_creation_expr | @implicit_delegate_creation_expr; + +@bin_arith_op_expr = @mul_expr | @div_expr | @rem_expr | @add_expr | @sub_expr; +@incr_op_expr = @pre_incr_expr | @post_incr_expr; +@decr_op_expr = @pre_decr_expr | @post_decr_expr; +@mut_op_expr = @incr_op_expr | @decr_op_expr; +@un_arith_op_expr = @plus_expr | @minus_expr | @mut_op_expr; +@arith_op_expr = @bin_arith_op_expr | @un_arith_op_expr; + +@ternary_log_op_expr = @conditional_expr; +@bin_log_op_expr = @log_and_expr | @log_or_expr | @null_coalescing_expr; +@un_log_op_expr = @log_not_expr; +@log_expr = @un_log_op_expr | @bin_log_op_expr | @ternary_log_op_expr; + +@bin_bit_op_expr = @bit_and_expr | @bit_or_expr | @bit_xor_expr | @lshift_expr + | @rshift_expr | @urshift_expr; +@un_bit_op_expr = @bit_not_expr; +@bit_expr = @un_bit_op_expr | @bin_bit_op_expr; + +@equality_op_expr = @eq_expr | @ne_expr; +@rel_op_expr = @gt_expr | @lt_expr| @ge_expr | @le_expr; +@comp_expr = @equality_op_expr | @rel_op_expr; + +@op_expr = @assign_expr | @un_op | @bin_op | @ternary_op; + +@ternary_op = @ternary_log_op_expr; +@bin_op = @bin_arith_op_expr | @bin_log_op_expr | @bin_bit_op_expr | @comp_expr; +@un_op = @un_arith_op_expr | @un_log_op_expr | @un_bit_op_expr | @sizeof_expr + | @pointer_indirection_expr | @address_of_expr; + +@anonymous_function_expr = @lambda_expr | @anonymous_method_expr; + +@call = @method_invocation_expr | @constructor_init_expr | @operator_invocation_expr + | @delegate_invocation_expr | @object_creation_expr | @call_access_expr + | @local_function_invocation_expr | @function_pointer_invocation_expr; + +@call_access_expr = @property_access_expr | @event_access_expr | @indexer_access_expr; + +@late_bindable_expr = @dynamic_element_access_expr | @dynamic_member_access_expr + | @object_creation_expr | @method_invocation_expr | @operator_invocation_expr; + +@throw_element = @throw_expr | @throw_stmt; + +@implicitly_typeable_object_creation_expr = @object_creation_expr | @explicit_delegate_creation_expr; + +implicitly_typed_array_creation( + unique int id: @array_creation_expr ref); + +explicitly_sized_array_creation( + unique int id: @array_creation_expr ref); + +stackalloc_array_creation( + unique int id: @array_creation_expr ref); + +implicitly_typed_object_creation( + unique int id: @implicitly_typeable_object_creation_expr ref); + +mutator_invocation_mode( + unique int id: @operator_invocation_expr ref, + int mode: int ref /* prefix = 1, postfix = 2*/); + +expr_value( + unique int id: @expr ref, + string value: string ref); + +expr_call( + unique int caller_id: @expr ref, + int target_id: @callable ref); + +expr_access( + unique int accesser_id: @access_expr ref, + int target_id: @accessible ref); + +@accessible = @method | @assignable | @local_function | @namespace; + +expr_location( + unique int id: @expr ref, + int loc: @location ref); + +dynamic_member_name( + unique int id: @late_bindable_expr ref, + string name: string ref); + +@qualifiable_expr = @member_access_expr + | @method_invocation_expr + | @element_access_expr; + +conditional_access( + unique int id: @qualifiable_expr ref); + +expr_argument( + unique int id: @expr ref, + int mode: int ref); + /* mode is the same as params: value = 0, ref = 1, out = 2 */ + +expr_argument_name( + unique int id: @expr ref, + string name: string ref); + +lambda_expr_return_type( + unique int id: @lambda_expr ref, + int type_id: @type_or_ref ref); + +/* Compiler generated */ + +compiler_generated(unique int id: @element ref); + +/** CONTROL/DATA FLOW **/ + +@control_flow_element = @stmt | @expr; + +/* XML Files */ + +xmlEncoding ( + unique int id: @file ref, + string encoding: string ref); + +xmlDTDs( + unique int id: @xmldtd, + string root: string ref, + string publicId: string ref, + string systemId: string ref, + int fileid: @file ref); + +xmlElements( + unique int id: @xmlelement, + string name: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int fileid: @file ref); + +xmlAttrs( + unique int id: @xmlattribute, + int elementid: @xmlelement ref, + string name: string ref, + string value: string ref, + int idx: int ref, + int fileid: @file ref); + +xmlNs( + int id: @xmlnamespace, + string prefixName: string ref, + string URI: string ref, + int fileid: @file ref); + +xmlHasNs( + int elementId: @xmlnamespaceable ref, + int nsId: @xmlnamespace ref, + int fileid: @file ref); + +xmlComments( + unique int id: @xmlcomment, + string text: string ref, + int parentid: @xmlparent ref, + int fileid: @file ref); + +xmlChars( + unique int id: @xmlcharacters, + string text: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int isCDATA: int ref, + int fileid: @file ref); + +@xmlparent = @file | @xmlelement; +@xmlnamespaceable = @xmlelement | @xmlattribute; + +xmllocations( + int xmlElement: @xmllocatable ref, + int location: @location_default ref); + +@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace; + +/* Comments */ + +commentline( + unique int id: @commentline, + int kind: int ref, + string text: string ref, + string rawtext: string ref); + +case @commentline.kind of + 0 = @singlelinecomment +| 1 = @xmldoccomment +| 2 = @multilinecomment; + +commentline_location( + unique int id: @commentline ref, + int loc: @location ref); + +commentblock( + unique int id : @commentblock); + +commentblock_location( + unique int id: @commentblock ref, + int loc: @location ref); + +commentblock_binding( + int id: @commentblock ref, + int entity: @element ref, + int bindtype: int ref); /* 0: Parent, 1: Best, 2: Before, 3: After */ + +commentblock_child( + int id: @commentblock ref, + int commentline: @commentline ref, + int index: int ref); + +/* ASP.NET */ + +case @asp_element.kind of + 0=@asp_close_tag +| 1=@asp_code +| 2=@asp_comment +| 3=@asp_data_binding +| 4=@asp_directive +| 5=@asp_open_tag +| 6=@asp_quoted_string +| 7=@asp_text +| 8=@asp_xml_directive; + +@asp_attribute = @asp_code | @asp_data_binding | @asp_quoted_string; + +asp_elements( + unique int id: @asp_element, + int kind: int ref, + int loc: @location ref); + +asp_comment_server(unique int comment: @asp_comment ref); +asp_code_inline(unique int code: @asp_code ref); +asp_directive_attribute( + int directive: @asp_directive ref, + int index: int ref, + string name: string ref, + int value: @asp_quoted_string ref); +asp_directive_name( + unique int directive: @asp_directive ref, + string name: string ref); +asp_element_body( + unique int element: @asp_element ref, + string body: string ref); +asp_tag_attribute( + int tag: @asp_open_tag ref, + int index: int ref, + string name: string ref, + int attribute: @asp_attribute ref); +asp_tag_name( + unique int tag: @asp_open_tag ref, + string name: string ref); +asp_tag_isempty(int tag: @asp_open_tag ref); diff --git a/csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/upgrade.properties b/csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/upgrade.properties new file mode 100644 index 00000000000..9e9a659b10a --- /dev/null +++ b/csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/upgrade.properties @@ -0,0 +1,3 @@ +description: Remove `interpolated_string_insert_expr` kind. +compatibility: partial +expressions.rel: run expressions.qlo diff --git a/csharp/ql/lib/upgrades/a2bda57dbc6eea94c50128522aae536e8edd5a3c/old.dbscheme b/csharp/ql/lib/upgrades/a2bda57dbc6eea94c50128522aae536e8edd5a3c/old.dbscheme new file mode 100644 index 00000000000..a2bda57dbc6 --- /dev/null +++ b/csharp/ql/lib/upgrades/a2bda57dbc6eea94c50128522aae536e8edd5a3c/old.dbscheme @@ -0,0 +1,1459 @@ +/* This is a dummy line to alter the dbscheme, so we can make a database upgrade + * without actually changing any of the dbscheme predicates. It contains a date + * to allow for such updates in the future as well. + * + * 2021-07-14 + * + * DO NOT remove this comment carelessly, since it can revert the dbscheme back to a + * previously seen state (matching a previously seen SHA), which would make the upgrade + * mechanism not work properly. + */ + +/** + * An invocation of the compiler. Note that more than one file may be + * compiled per invocation. For example, this command compiles three + * source files: + * + * csc f1.cs f2.cs f3.cs + * + * The `id` simply identifies the invocation, while `cwd` is the working + * directory from which the compiler was invoked. + */ +compilations( + unique int id : @compilation, + string cwd : string ref +); + +compilation_info( + int id : @compilation ref, + string info_key: string ref, + string info_value: string ref +) + +/** + * The arguments that were passed to the extractor for a compiler + * invocation. If `id` is for the compiler invocation + * + * csc f1.cs f2.cs f3.cs + * + * then typically there will be rows for + * + * num | arg + * --- | --- + * 0 | --compiler + * 1 | *path to compiler* + * 2 | f1.cs + * 3 | f2.cs + * 4 | f3.cs + */ +#keyset[id, num] +compilation_args( + int id : @compilation ref, + int num : int ref, + string arg : string ref +); + +/** + * The expanded arguments that were passed to the extractor for a + * compiler invocation. This is similar to `compilation_args`, but + * for a `@someFile.rsp` argument, it includes the arguments from that + * file, rather than just taking the argument literally. + */ +#keyset[id, num] +compilation_expanded_args( + int id : @compilation ref, + int num : int ref, + string arg : string ref +); + +/** + * The source files that are compiled by a compiler invocation. + * If `id` is for the compiler invocation + * + * csc f1.cs f2.cs f3.cs + * + * then there will be rows for + * + * num | arg + * --- | --- + * 0 | f1.cs + * 1 | f2.cs + * 2 | f3.cs + */ +#keyset[id, num] +compilation_compiling_files( + int id : @compilation ref, + int num : int ref, + int file : @file ref +); + +/** + * The references used by a compiler invocation. + * If `id` is for the compiler invocation + * + * csc f1.cs f2.cs f3.cs /r:ref1.dll /r:ref2.dll /r:ref3.dll + * + * then there will be rows for + * + * num | arg + * --- | --- + * 0 | ref1.dll + * 1 | ref2.dll + * 2 | ref3.dll + */ +#keyset[id, num] +compilation_referencing_files( + int id : @compilation ref, + int num : int ref, + int file : @file ref +); + +/** + * The time taken by the extractor for a compiler invocation. + * + * For each file `num`, there will be rows for + * + * kind | seconds + * ---- | --- + * 1 | CPU seconds used by the extractor frontend + * 2 | Elapsed seconds during the extractor frontend + * 3 | CPU seconds used by the extractor backend + * 4 | Elapsed seconds during the extractor backend + */ +#keyset[id, num, kind] +compilation_time( + int id : @compilation ref, + int num : int ref, + /* kind: + 1 = frontend_cpu_seconds + 2 = frontend_elapsed_seconds + 3 = extractor_cpu_seconds + 4 = extractor_elapsed_seconds + */ + int kind : int ref, + float seconds : float ref +); + +/** + * An error or warning generated by the extractor. + * The diagnostic message `diagnostic` was generated during compiler + * invocation `compilation`, and is the `file_number_diagnostic_number`th + * message generated while extracting the `file_number`th file of that + * invocation. + */ +#keyset[compilation, file_number, file_number_diagnostic_number] +diagnostic_for( + unique int diagnostic : @diagnostic ref, + int compilation : @compilation ref, + int file_number : int ref, + int file_number_diagnostic_number : int ref +); + +diagnostics( + unique int id: @diagnostic, + int severity: int ref, + string error_tag: string ref, + string error_message: string ref, + string full_error_message: string ref, + int location: @location ref +); + +extractor_messages( + unique int id: @extractor_message, + int severity: int ref, + string origin : string ref, + string text : string ref, + string entity : string ref, + int location: @location ref, + string stack_trace : string ref +); + +/** + * If extraction was successful, then `cpu_seconds` and + * `elapsed_seconds` are the CPU time and elapsed time (respectively) + * that extraction took for compiler invocation `id`. + */ +compilation_finished( + unique int id : @compilation ref, + float cpu_seconds : float ref, + float elapsed_seconds : float ref +); + +compilation_assembly( + unique int id : @compilation ref, + int assembly: @assembly ref +) + +// Populated by the CSV extractor +externalData( + int id: @externalDataElement, + string path: string ref, + int column: int ref, + string value: string ref); + +sourceLocationPrefix( + string prefix: string ref); + +/* + * C# dbscheme + */ + +/** ELEMENTS **/ + +@element = @declaration | @stmt | @expr | @modifier | @attribute | @namespace_declaration + | @using_directive | @type_parameter_constraints | @externalDataElement + | @xmllocatable | @asp_element | @namespace | @preprocessor_directive; + +@declaration = @callable | @generic | @assignable | @namespace; + +@named_element = @namespace | @declaration; + +@declaration_with_accessors = @property | @indexer | @event; + +@assignable = @variable | @assignable_with_accessors | @event; + +@assignable_with_accessors = @property | @indexer; + +@attributable = @assembly | @field | @parameter | @operator | @method | @constructor + | @destructor | @callable_accessor | @value_or_ref_type | @declaration_with_accessors + | @local_function | @lambda_expr; + +/** LOCATIONS, ASEMMBLIES, MODULES, FILES and FOLDERS **/ + +@location = @location_default | @assembly; + +locations_default( + unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref); + +locations_mapped( + unique int id: @location_default ref, + int mapped_to: @location_default ref); + +@sourceline = @file | @callable | @xmllocatable; + +numlines( + int element_id: @sourceline ref, + int num_lines: int ref, + int num_code: int ref, + int num_comment: int ref); + +assemblies( + unique int id: @assembly, + int file: @file ref, + string fullname: string ref, + string name: string ref, + string version: string ref); + +files( + unique int id: @file, + string name: string ref); + +folders( + unique int id: @folder, + string name: string ref); + +@container = @folder | @file ; + +containerparent( + int parent: @container ref, + unique int child: @container ref); + +file_extraction_mode( + unique int file: @file ref, + int mode: int ref + /* 0 = normal, 1 = standalone extractor */ + ); + +/** NAMESPACES **/ + +@type_container = @namespace | @type; + +namespaces( + unique int id: @namespace, + string name: string ref); + +namespace_declarations( + unique int id: @namespace_declaration, + int namespace_id: @namespace ref); + +namespace_declaration_location( + unique int id: @namespace_declaration ref, + int loc: @location ref); + +parent_namespace( + unique int child_id: @type_container ref, + int namespace_id: @namespace ref); + +@declaration_or_directive = @namespace_declaration | @type | @using_directive; + +parent_namespace_declaration( + int child_id: @declaration_or_directive ref, // cannot be unique because of partial classes + int namespace_id: @namespace_declaration ref); + +@using_directive = @using_namespace_directive | @using_static_directive; + +using_global( + unique int id: @using_directive ref +); + +using_namespace_directives( + unique int id: @using_namespace_directive, + int namespace_id: @namespace ref); + +using_static_directives( + unique int id: @using_static_directive, + int type_id: @type_or_ref ref); + +using_directive_location( + unique int id: @using_directive ref, + int loc: @location ref); + +@preprocessor_directive = @pragma_warning | @pragma_checksum | @directive_define | @directive_undefine | @directive_warning + | @directive_error | @directive_nullable | @directive_line | @directive_region | @directive_endregion | @directive_if + | @directive_elif | @directive_else | @directive_endif; + +@conditional_directive = @directive_if | @directive_elif; +@branch_directive = @directive_if | @directive_elif | @directive_else; + +directive_ifs( + unique int id: @directive_if, + int branchTaken: int ref, /* 0: false, 1: true */ + int conditionValue: int ref); /* 0: false, 1: true */ + +directive_elifs( + unique int id: @directive_elif, + int branchTaken: int ref, /* 0: false, 1: true */ + int conditionValue: int ref, /* 0: false, 1: true */ + int parent: @directive_if ref, + int index: int ref); + +directive_elses( + unique int id: @directive_else, + int branchTaken: int ref, /* 0: false, 1: true */ + int parent: @directive_if ref, + int index: int ref); + +#keyset[id, start] +directive_endifs( + unique int id: @directive_endif, + unique int start: @directive_if ref); + +directive_define_symbols( + unique int id: @define_symbol_expr ref, + string name: string ref); + +directive_regions( + unique int id: @directive_region, + string name: string ref); + +#keyset[id, start] +directive_endregions( + unique int id: @directive_endregion, + unique int start: @directive_region ref); + +directive_lines( + unique int id: @directive_line, + int kind: int ref); /* 0: default, 1: hidden, 2: numeric, 3: span */ + +directive_line_value( + unique int id: @directive_line ref, + int line: int ref); + +directive_line_file( + unique int id: @directive_line ref, + int file: @file ref); + +directive_line_offset( + unique int id: @directive_line ref, + int offset: int ref); + +directive_line_span( + unique int id: @directive_line ref, + int startLine: int ref, + int startColumn: int ref, + int endLine: int ref, + int endColumn: int ref); + +directive_nullables( + unique int id: @directive_nullable, + int setting: int ref, /* 0: disable, 1: enable, 2: restore */ + int target: int ref); /* 0: none, 1: annotations, 2: warnings */ + +directive_warnings( + unique int id: @directive_warning, + string message: string ref); + +directive_errors( + unique int id: @directive_error, + string message: string ref); + +directive_undefines( + unique int id: @directive_undefine, + string name: string ref); + +directive_defines( + unique int id: @directive_define, + string name: string ref); + +pragma_checksums( + unique int id: @pragma_checksum, + int file: @file ref, + string guid: string ref, + string bytes: string ref); + +pragma_warnings( + unique int id: @pragma_warning, + int kind: int ref /* 0 = disable, 1 = restore */); + +#keyset[id, index] +pragma_warning_error_codes( + int id: @pragma_warning ref, + string errorCode: string ref, + int index: int ref); + +preprocessor_directive_location( + unique int id: @preprocessor_directive ref, + int loc: @location ref); + +preprocessor_directive_compilation( + int id: @preprocessor_directive ref, + int compilation: @compilation ref); + +preprocessor_directive_active( + unique int id: @preprocessor_directive ref, + int active: int ref); /* 0: false, 1: true */ + +/** TYPES **/ + +types( + unique int id: @type, + int kind: int ref, + string name: string ref); + +case @type.kind of + 1 = @bool_type +| 2 = @char_type +| 3 = @decimal_type +| 4 = @sbyte_type +| 5 = @short_type +| 6 = @int_type +| 7 = @long_type +| 8 = @byte_type +| 9 = @ushort_type +| 10 = @uint_type +| 11 = @ulong_type +| 12 = @float_type +| 13 = @double_type +| 14 = @enum_type +| 15 = @struct_type +| 17 = @class_type +| 19 = @interface_type +| 20 = @delegate_type +| 21 = @null_type +| 22 = @type_parameter +| 23 = @pointer_type +| 24 = @nullable_type +| 25 = @array_type +| 26 = @void_type +| 27 = @int_ptr_type +| 28 = @uint_ptr_type +| 29 = @dynamic_type +| 30 = @arglist_type +| 31 = @unknown_type +| 32 = @tuple_type +| 33 = @function_pointer_type +| 34 = @inline_array_type + ; + +@simple_type = @bool_type | @char_type | @integral_type | @floating_point_type | @decimal_type; +@integral_type = @signed_integral_type | @unsigned_integral_type; +@signed_integral_type = @sbyte_type | @short_type | @int_type | @long_type; +@unsigned_integral_type = @byte_type | @ushort_type | @uint_type | @ulong_type; +@floating_point_type = @float_type | @double_type; +@value_type = @simple_type | @enum_type | @struct_type | @nullable_type | @int_ptr_type + | @uint_ptr_type | @tuple_type | @void_type | @inline_array_type; +@ref_type = @class_type | @interface_type | @array_type | @delegate_type | @null_type + | @dynamic_type; +@value_or_ref_type = @value_type | @ref_type; + +typerefs( + unique int id: @typeref, + string name: string ref); + +typeref_type( + int id: @typeref ref, + unique int typeId: @type ref); + +@type_or_ref = @type | @typeref; + +array_element_type( + unique int array: @array_type ref, + int dimension: int ref, + int rank: int ref, + int element: @type_or_ref ref); + +nullable_underlying_type( + unique int nullable: @nullable_type ref, + int underlying: @type_or_ref ref); + +pointer_referent_type( + unique int pointer: @pointer_type ref, + int referent: @type_or_ref ref); + +enum_underlying_type( + unique int enum_id: @enum_type ref, + int underlying_type_id: @type_or_ref ref); + +delegate_return_type( + unique int delegate_id: @delegate_type ref, + int return_type_id: @type_or_ref ref); + +function_pointer_return_type( + unique int function_pointer_id: @function_pointer_type ref, + int return_type_id: @type_or_ref ref); + +extend( + int sub: @type ref, + int super: @type_or_ref ref); + +anonymous_types( + unique int id: @type ref); + +@interface_or_ref = @interface_type | @typeref; + +implement( + int sub: @type ref, + int super: @type_or_ref ref); + +type_location( + int id: @type ref, + int loc: @location ref); + +tuple_underlying_type( + unique int tuple: @tuple_type ref, + int struct: @type_or_ref ref); + +#keyset[tuple, index] +tuple_element( + int tuple: @tuple_type ref, + int index: int ref, + unique int field: @field ref); + +attributes( + unique int id: @attribute, + int kind: int ref, + int type_id: @type_or_ref ref, + int target: @attributable ref); + +case @attribute.kind of + 0 = @attribute_default +| 1 = @attribute_return +| 2 = @attribute_assembly +| 3 = @attribute_module +; + +attribute_location( + int id: @attribute ref, + int loc: @location ref); + +@type_mention_parent = @element | @type_mention; + +type_mention( + unique int id: @type_mention, + int type_id: @type_or_ref ref, + int parent: @type_mention_parent ref); + +type_mention_location( + unique int id: @type_mention ref, + int loc: @location ref); + +@has_type_annotation = @assignable | @type_parameter | @callable | @expr | @delegate_type | @generic | @function_pointer_type; + +/** + * A direct annotation on an entity, for example `string? x;`. + * + * Annotations: + * 2 = reftype is not annotated "!" + * 3 = reftype is annotated "?" + * 4 = readonly ref type / in parameter + * 5 = ref type parameter, return or local variable + * 6 = out parameter + * + * Note that the annotation depends on the element it annotates. + * @assignable: The annotation is on the type of the assignable, for example the variable type. + * @type_parameter: The annotation is on the reftype constraint + * @callable: The annotation is on the return type + * @array_type: The annotation is on the element type + */ +type_annotation(int id: @has_type_annotation ref, int annotation: int ref); + +nullability(unique int nullability: @nullability, int kind: int ref); + +case @nullability.kind of + 0 = @oblivious +| 1 = @not_annotated +| 2 = @annotated +; + +#keyset[parent, index] +nullability_parent(int nullability: @nullability ref, int index: int ref, int parent: @nullability ref) + +type_nullability(int id: @has_type_annotation ref, int nullability: @nullability ref); + +/** + * The nullable flow state of an expression, as determined by Roslyn. + * 0 = none (default, not populated) + * 1 = not null + * 2 = maybe null + */ +expr_flowstate(unique int id: @expr ref, int state: int ref); + +/** GENERICS **/ + +@generic = @type | @method | @local_function; + +type_parameters( + unique int id: @type_parameter ref, + int index: int ref, + int generic_id: @generic ref, + int variance: int ref /* none = 0, out = 1, in = 2 */); + +#keyset[constructed_id, index] +type_arguments( + int id: @type_or_ref ref, + int index: int ref, + int constructed_id: @generic_or_ref ref); + +@generic_or_ref = @generic | @typeref; + +constructed_generic( + unique int constructed: @generic ref, + int generic: @generic_or_ref ref); + +type_parameter_constraints( + unique int id: @type_parameter_constraints, + int param_id: @type_parameter ref); + +type_parameter_constraints_location( + int id: @type_parameter_constraints ref, + int loc: @location ref); + +general_type_parameter_constraints( + int id: @type_parameter_constraints ref, + int kind: int ref /* class = 1, struct = 2, new = 3 */); + +specific_type_parameter_constraints( + int id: @type_parameter_constraints ref, + int base_id: @type_or_ref ref); + +specific_type_parameter_nullability( + int id: @type_parameter_constraints ref, + int base_id: @type_or_ref ref, + int nullability: @nullability ref); + +/** FUNCTION POINTERS */ + +function_pointer_calling_conventions( + int id: @function_pointer_type ref, + int kind: int ref); + +#keyset[id, index] +has_unmanaged_calling_conventions( + int id: @function_pointer_type ref, + int index: int ref, + int conv_id: @type_or_ref ref); + +/** MODIFIERS */ + +@modifiable = @modifiable_direct | @event_accessor; + +@modifiable_direct = @member | @accessor | @local_function | @anonymous_function_expr; + +modifiers( + unique int id: @modifier, + string name: string ref); + +has_modifiers( + int id: @modifiable_direct ref, + int mod_id: @modifier ref); + +/** MEMBERS **/ + +@member = @method | @constructor | @destructor | @field | @property | @event | @operator | @indexer | @type; + +@named_exprorstmt = @goto_stmt | @labeled_stmt | @expr; + +@virtualizable = @method | @property | @indexer | @event | @operator; + +exprorstmt_name( + unique int parent_id: @named_exprorstmt ref, + string name: string ref); + +nested_types( + unique int id: @type ref, + int declaring_type_id: @type ref, + int unbound_id: @type ref); + +properties( + unique int id: @property, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @property ref); + +property_location( + int id: @property ref, + int loc: @location ref); + +indexers( + unique int id: @indexer, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @indexer ref); + +indexer_location( + int id: @indexer ref, + int loc: @location ref); + +accessors( + unique int id: @accessor, + int kind: int ref, + string name: string ref, + int declaring_member_id: @member ref, + int unbound_id: @accessor ref); + +case @accessor.kind of + 1 = @getter +| 2 = @setter + ; + +init_only_accessors( + unique int id: @accessor ref); + +accessor_location( + int id: @accessor ref, + int loc: @location ref); + +events( + unique int id: @event, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @event ref); + +event_location( + int id: @event ref, + int loc: @location ref); + +event_accessors( + unique int id: @event_accessor, + int kind: int ref, + string name: string ref, + int declaring_event_id: @event ref, + int unbound_id: @event_accessor ref); + +case @event_accessor.kind of + 1 = @add_event_accessor +| 2 = @remove_event_accessor + ; + +event_accessor_location( + int id: @event_accessor ref, + int loc: @location ref); + +operators( + unique int id: @operator, + string name: string ref, + string symbol: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @operator ref); + +operator_location( + int id: @operator ref, + int loc: @location ref); + +constant_value( + int id: @variable ref, + string value: string ref); + +/** CALLABLES **/ + +@callable = @method | @constructor | @destructor | @operator | @callable_accessor | @anonymous_function_expr | @local_function; + +@callable_accessor = @accessor | @event_accessor; + +methods( + unique int id: @method, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @method ref); + +method_location( + int id: @method ref, + int loc: @location ref); + +constructors( + unique int id: @constructor, + string name: string ref, + int declaring_type_id: @type ref, + int unbound_id: @constructor ref); + +constructor_location( + int id: @constructor ref, + int loc: @location ref); + +destructors( + unique int id: @destructor, + string name: string ref, + int declaring_type_id: @type ref, + int unbound_id: @destructor ref); + +destructor_location( + int id: @destructor ref, + int loc: @location ref); + +overrides( + int id: @callable ref, + int base_id: @callable ref); + +explicitly_implements( + int id: @member ref, + int interface_id: @interface_or_ref ref); + +local_functions( + unique int id: @local_function, + string name: string ref, + int return_type: @type ref, + int unbound_id: @local_function ref); + +local_function_stmts( + unique int fn: @local_function_stmt ref, + int stmt: @local_function ref); + +/** VARIABLES **/ + +@variable = @local_scope_variable | @field; + +@local_scope_variable = @local_variable | @parameter; + +fields( + unique int id: @field, + int kind: int ref, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @field ref); + +case @field.kind of + 1 = @addressable_field +| 2 = @constant + ; + +field_location( + int id: @field ref, + int loc: @location ref); + +localvars( + unique int id: @local_variable, + int kind: int ref, + string name: string ref, + int implicitly_typed: int ref /* 0 = no, 1 = yes */, + int type_id: @type_or_ref ref, + int parent_id: @local_var_decl_expr ref); + +case @local_variable.kind of + 1 = @addressable_local_variable +| 2 = @local_constant +| 3 = @local_variable_ref + ; + +localvar_location( + unique int id: @local_variable ref, + int loc: @location ref); + +@parameterizable = @callable | @delegate_type | @indexer | @function_pointer_type; + +#keyset[name, parent_id] +#keyset[index, parent_id] +params( + unique int id: @parameter, + string name: string ref, + int type_id: @type_or_ref ref, + int index: int ref, + int mode: int ref, /* value = 0, ref = 1, out = 2, params/array = 3, this = 4, in = 5, ref readonly = 6 */ + int parent_id: @parameterizable ref, + int unbound_id: @parameter ref); + +param_location( + int id: @parameter ref, + int loc: @location ref); + +@has_scoped_annotation = @local_scope_variable + +scoped_annotation( + int id: @has_scoped_annotation ref, + int kind: int ref // scoped ref = 1, scoped value = 2 + ); + +/** STATEMENTS **/ + +@exprorstmt_parent = @control_flow_element | @top_level_exprorstmt_parent; + +statements( + unique int id: @stmt, + int kind: int ref); + +#keyset[index, parent] +stmt_parent( + unique int stmt: @stmt ref, + int index: int ref, + int parent: @control_flow_element ref); + +@top_level_stmt_parent = @callable; + +// [index, parent] is not a keyset because the same parent may be compiled multiple times +stmt_parent_top_level( + unique int stmt: @stmt ref, + int index: int ref, + int parent: @top_level_stmt_parent ref); + +case @stmt.kind of + 1 = @block_stmt +| 2 = @expr_stmt +| 3 = @if_stmt +| 4 = @switch_stmt +| 5 = @while_stmt +| 6 = @do_stmt +| 7 = @for_stmt +| 8 = @foreach_stmt +| 9 = @break_stmt +| 10 = @continue_stmt +| 11 = @goto_stmt +| 12 = @goto_case_stmt +| 13 = @goto_default_stmt +| 14 = @throw_stmt +| 15 = @return_stmt +| 16 = @yield_stmt +| 17 = @try_stmt +| 18 = @checked_stmt +| 19 = @unchecked_stmt +| 20 = @lock_stmt +| 21 = @using_block_stmt +| 22 = @var_decl_stmt +| 23 = @const_decl_stmt +| 24 = @empty_stmt +| 25 = @unsafe_stmt +| 26 = @fixed_stmt +| 27 = @label_stmt +| 28 = @catch +| 29 = @case_stmt +| 30 = @local_function_stmt +| 31 = @using_decl_stmt + ; + +@using_stmt = @using_block_stmt | @using_decl_stmt; + +@labeled_stmt = @label_stmt | @case; + +@decl_stmt = @var_decl_stmt | @const_decl_stmt | @using_decl_stmt; + +@cond_stmt = @if_stmt | @switch_stmt; + +@loop_stmt = @while_stmt | @do_stmt | @for_stmt | @foreach_stmt; + +@jump_stmt = @break_stmt | @goto_any_stmt | @continue_stmt | @throw_stmt | @return_stmt + | @yield_stmt; + +@goto_any_stmt = @goto_default_stmt | @goto_case_stmt | @goto_stmt; + + +stmt_location( + unique int id: @stmt ref, + int loc: @location ref); + +catch_type( + unique int catch_id: @catch ref, + int type_id: @type_or_ref ref, + int kind: int ref /* explicit = 1, implicit = 2 */); + +foreach_stmt_info( + unique int id: @foreach_stmt ref, + int kind: int ref /* non-async = 1, async = 2 */); + +@foreach_symbol = @method | @property | @type_or_ref; + +#keyset[id, kind] +foreach_stmt_desugar( + int id: @foreach_stmt ref, + int symbol: @foreach_symbol ref, + int kind: int ref /* GetEnumeratorMethod = 1, CurrentProperty = 2, MoveNextMethod = 3, DisposeMethod = 4, ElementType = 5 */); + +/** EXPRESSIONS **/ + +expressions( + unique int id: @expr, + int kind: int ref, + int type_id: @type_or_ref ref); + +#keyset[index, parent] +expr_parent( + unique int expr: @expr ref, + int index: int ref, + int parent: @control_flow_element ref); + +@top_level_expr_parent = @attribute | @field | @property | @indexer | @parameter | @directive_if | @directive_elif; + +@top_level_exprorstmt_parent = @top_level_expr_parent | @top_level_stmt_parent; + +// [index, parent] is not a keyset because the same parent may be compiled multiple times +expr_parent_top_level( + unique int expr: @expr ref, + int index: int ref, + int parent: @top_level_exprorstmt_parent ref); + +case @expr.kind of +/* literal */ + 1 = @bool_literal_expr +| 2 = @char_literal_expr +| 3 = @decimal_literal_expr +| 4 = @int_literal_expr +| 5 = @long_literal_expr +| 6 = @uint_literal_expr +| 7 = @ulong_literal_expr +| 8 = @float_literal_expr +| 9 = @double_literal_expr +| 10 = @utf16_string_literal_expr +| 11 = @null_literal_expr +/* primary & unary */ +| 12 = @this_access_expr +| 13 = @base_access_expr +| 14 = @local_variable_access_expr +| 15 = @parameter_access_expr +| 16 = @field_access_expr +| 17 = @property_access_expr +| 18 = @method_access_expr +| 19 = @event_access_expr +| 20 = @indexer_access_expr +| 21 = @array_access_expr +| 22 = @type_access_expr +| 23 = @typeof_expr +| 24 = @method_invocation_expr +| 25 = @delegate_invocation_expr +| 26 = @operator_invocation_expr +| 27 = @cast_expr +| 28 = @object_creation_expr +| 29 = @explicit_delegate_creation_expr +| 30 = @implicit_delegate_creation_expr +| 31 = @array_creation_expr +| 32 = @default_expr +| 33 = @plus_expr +| 34 = @minus_expr +| 35 = @bit_not_expr +| 36 = @log_not_expr +| 37 = @post_incr_expr +| 38 = @post_decr_expr +| 39 = @pre_incr_expr +| 40 = @pre_decr_expr +/* multiplicative */ +| 41 = @mul_expr +| 42 = @div_expr +| 43 = @rem_expr +/* additive */ +| 44 = @add_expr +| 45 = @sub_expr +/* shift */ +| 46 = @lshift_expr +| 47 = @rshift_expr +/* relational */ +| 48 = @lt_expr +| 49 = @gt_expr +| 50 = @le_expr +| 51 = @ge_expr +/* equality */ +| 52 = @eq_expr +| 53 = @ne_expr +/* logical */ +| 54 = @bit_and_expr +| 55 = @bit_xor_expr +| 56 = @bit_or_expr +| 57 = @log_and_expr +| 58 = @log_or_expr +/* type testing */ +| 59 = @is_expr +| 60 = @as_expr +/* null coalescing */ +| 61 = @null_coalescing_expr +/* conditional */ +| 62 = @conditional_expr +/* assignment */ +| 63 = @simple_assign_expr +| 64 = @assign_add_expr +| 65 = @assign_sub_expr +| 66 = @assign_mul_expr +| 67 = @assign_div_expr +| 68 = @assign_rem_expr +| 69 = @assign_and_expr +| 70 = @assign_xor_expr +| 71 = @assign_or_expr +| 72 = @assign_lshift_expr +| 73 = @assign_rshift_expr +/* more */ +| 74 = @object_init_expr +| 75 = @collection_init_expr +| 76 = @array_init_expr +| 77 = @checked_expr +| 78 = @unchecked_expr +| 79 = @constructor_init_expr +| 80 = @add_event_expr +| 81 = @remove_event_expr +| 82 = @par_expr +| 83 = @local_var_decl_expr +| 84 = @lambda_expr +| 85 = @anonymous_method_expr +| 86 = @namespace_expr +/* dynamic */ +| 92 = @dynamic_element_access_expr +| 93 = @dynamic_member_access_expr +/* unsafe */ +| 100 = @pointer_indirection_expr +| 101 = @address_of_expr +| 102 = @sizeof_expr +/* async */ +| 103 = @await_expr +/* C# 6.0 */ +| 104 = @nameof_expr +| 105 = @interpolated_string_expr +| 106 = @unknown_expr +/* C# 7.0 */ +| 107 = @throw_expr +| 108 = @tuple_expr +| 109 = @local_function_invocation_expr +| 110 = @ref_expr +| 111 = @discard_expr +/* C# 8.0 */ +| 112 = @range_expr +| 113 = @index_expr +| 114 = @switch_expr +| 115 = @recursive_pattern_expr +| 116 = @property_pattern_expr +| 117 = @positional_pattern_expr +| 118 = @switch_case_expr +| 119 = @assign_coalesce_expr +| 120 = @suppress_nullable_warning_expr +| 121 = @namespace_access_expr +/* C# 9.0 */ +| 122 = @lt_pattern_expr +| 123 = @gt_pattern_expr +| 124 = @le_pattern_expr +| 125 = @ge_pattern_expr +| 126 = @not_pattern_expr +| 127 = @and_pattern_expr +| 128 = @or_pattern_expr +| 129 = @function_pointer_invocation_expr +| 130 = @with_expr +/* C# 11.0 */ +| 131 = @list_pattern_expr +| 132 = @slice_pattern_expr +| 133 = @urshift_expr +| 134 = @assign_urshift_expr +| 135 = @utf8_string_literal_expr +/* C# 12.0 */ +| 136 = @collection_expr +| 137 = @spread_element_expr +/* Preprocessor */ +| 999 = @define_symbol_expr +; + +@switch = @switch_stmt | @switch_expr; +@case = @case_stmt | @switch_case_expr; +@pattern_match = @case | @is_expr; +@unary_pattern_expr = @not_pattern_expr; +@relational_pattern_expr = @gt_pattern_expr | @lt_pattern_expr | @ge_pattern_expr | @le_pattern_expr; +@binary_pattern_expr = @and_pattern_expr | @or_pattern_expr; + +@integer_literal_expr = @int_literal_expr | @long_literal_expr | @uint_literal_expr | @ulong_literal_expr; +@real_literal_expr = @float_literal_expr | @double_literal_expr | @decimal_literal_expr; +@string_literal_expr = @utf16_string_literal_expr | @utf8_string_literal_expr; +@literal_expr = @bool_literal_expr | @char_literal_expr | @integer_literal_expr | @real_literal_expr + | @string_literal_expr | @null_literal_expr; + +@assign_expr = @simple_assign_expr | @assign_op_expr | @local_var_decl_expr; +@assign_op_expr = @assign_arith_expr | @assign_bitwise_expr | @assign_event_expr | @assign_coalesce_expr; +@assign_event_expr = @add_event_expr | @remove_event_expr; + +@assign_arith_expr = @assign_add_expr | @assign_sub_expr | @assign_mul_expr | @assign_div_expr + | @assign_rem_expr +@assign_bitwise_expr = @assign_and_expr | @assign_or_expr | @assign_xor_expr + | @assign_lshift_expr | @assign_rshift_expr | @assign_urshift_expr; + +@member_access_expr = @field_access_expr | @property_access_expr | @indexer_access_expr | @event_access_expr + | @method_access_expr | @type_access_expr | @dynamic_member_access_expr; +@access_expr = @member_access_expr | @this_access_expr | @base_access_expr | @assignable_access_expr | @namespace_access_expr; +@element_access_expr = @indexer_access_expr | @array_access_expr | @dynamic_element_access_expr; + +@local_variable_access = @local_variable_access_expr | @local_var_decl_expr; +@local_scope_variable_access_expr = @parameter_access_expr | @local_variable_access; +@variable_access_expr = @local_scope_variable_access_expr | @field_access_expr; + +@assignable_access_expr = @variable_access_expr | @property_access_expr | @element_access_expr + | @event_access_expr | @dynamic_member_access_expr; + +@objectorcollection_init_expr = @object_init_expr | @collection_init_expr; + +@delegate_creation_expr = @explicit_delegate_creation_expr | @implicit_delegate_creation_expr; + +@bin_arith_op_expr = @mul_expr | @div_expr | @rem_expr | @add_expr | @sub_expr; +@incr_op_expr = @pre_incr_expr | @post_incr_expr; +@decr_op_expr = @pre_decr_expr | @post_decr_expr; +@mut_op_expr = @incr_op_expr | @decr_op_expr; +@un_arith_op_expr = @plus_expr | @minus_expr | @mut_op_expr; +@arith_op_expr = @bin_arith_op_expr | @un_arith_op_expr; + +@ternary_log_op_expr = @conditional_expr; +@bin_log_op_expr = @log_and_expr | @log_or_expr | @null_coalescing_expr; +@un_log_op_expr = @log_not_expr; +@log_expr = @un_log_op_expr | @bin_log_op_expr | @ternary_log_op_expr; + +@bin_bit_op_expr = @bit_and_expr | @bit_or_expr | @bit_xor_expr | @lshift_expr + | @rshift_expr | @urshift_expr; +@un_bit_op_expr = @bit_not_expr; +@bit_expr = @un_bit_op_expr | @bin_bit_op_expr; + +@equality_op_expr = @eq_expr | @ne_expr; +@rel_op_expr = @gt_expr | @lt_expr| @ge_expr | @le_expr; +@comp_expr = @equality_op_expr | @rel_op_expr; + +@op_expr = @assign_expr | @un_op | @bin_op | @ternary_op; + +@ternary_op = @ternary_log_op_expr; +@bin_op = @bin_arith_op_expr | @bin_log_op_expr | @bin_bit_op_expr | @comp_expr; +@un_op = @un_arith_op_expr | @un_log_op_expr | @un_bit_op_expr | @sizeof_expr + | @pointer_indirection_expr | @address_of_expr; + +@anonymous_function_expr = @lambda_expr | @anonymous_method_expr; + +@call = @method_invocation_expr | @constructor_init_expr | @operator_invocation_expr + | @delegate_invocation_expr | @object_creation_expr | @call_access_expr + | @local_function_invocation_expr | @function_pointer_invocation_expr; + +@call_access_expr = @property_access_expr | @event_access_expr | @indexer_access_expr; + +@late_bindable_expr = @dynamic_element_access_expr | @dynamic_member_access_expr + | @object_creation_expr | @method_invocation_expr | @operator_invocation_expr; + +@throw_element = @throw_expr | @throw_stmt; + +@implicitly_typeable_object_creation_expr = @object_creation_expr | @explicit_delegate_creation_expr; + +implicitly_typed_array_creation( + unique int id: @array_creation_expr ref); + +explicitly_sized_array_creation( + unique int id: @array_creation_expr ref); + +stackalloc_array_creation( + unique int id: @array_creation_expr ref); + +implicitly_typed_object_creation( + unique int id: @implicitly_typeable_object_creation_expr ref); + +mutator_invocation_mode( + unique int id: @operator_invocation_expr ref, + int mode: int ref /* prefix = 1, postfix = 2*/); + +expr_value( + unique int id: @expr ref, + string value: string ref); + +expr_call( + unique int caller_id: @expr ref, + int target_id: @callable ref); + +expr_access( + unique int accesser_id: @access_expr ref, + int target_id: @accessible ref); + +@accessible = @method | @assignable | @local_function | @namespace; + +expr_location( + unique int id: @expr ref, + int loc: @location ref); + +dynamic_member_name( + unique int id: @late_bindable_expr ref, + string name: string ref); + +@qualifiable_expr = @member_access_expr + | @method_invocation_expr + | @element_access_expr; + +conditional_access( + unique int id: @qualifiable_expr ref); + +expr_argument( + unique int id: @expr ref, + int mode: int ref); + /* mode is the same as params: value = 0, ref = 1, out = 2 */ + +expr_argument_name( + unique int id: @expr ref, + string name: string ref); + +lambda_expr_return_type( + unique int id: @lambda_expr ref, + int type_id: @type_or_ref ref); + +/* Compiler generated */ + +compiler_generated(unique int id: @element ref); + +/** CONTROL/DATA FLOW **/ + +@control_flow_element = @stmt | @expr; + +/* XML Files */ + +xmlEncoding ( + unique int id: @file ref, + string encoding: string ref); + +xmlDTDs( + unique int id: @xmldtd, + string root: string ref, + string publicId: string ref, + string systemId: string ref, + int fileid: @file ref); + +xmlElements( + unique int id: @xmlelement, + string name: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int fileid: @file ref); + +xmlAttrs( + unique int id: @xmlattribute, + int elementid: @xmlelement ref, + string name: string ref, + string value: string ref, + int idx: int ref, + int fileid: @file ref); + +xmlNs( + int id: @xmlnamespace, + string prefixName: string ref, + string URI: string ref, + int fileid: @file ref); + +xmlHasNs( + int elementId: @xmlnamespaceable ref, + int nsId: @xmlnamespace ref, + int fileid: @file ref); + +xmlComments( + unique int id: @xmlcomment, + string text: string ref, + int parentid: @xmlparent ref, + int fileid: @file ref); + +xmlChars( + unique int id: @xmlcharacters, + string text: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int isCDATA: int ref, + int fileid: @file ref); + +@xmlparent = @file | @xmlelement; +@xmlnamespaceable = @xmlelement | @xmlattribute; + +xmllocations( + int xmlElement: @xmllocatable ref, + int location: @location_default ref); + +@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace; + +/* Comments */ + +commentline( + unique int id: @commentline, + int kind: int ref, + string text: string ref, + string rawtext: string ref); + +case @commentline.kind of + 0 = @singlelinecomment +| 1 = @xmldoccomment +| 2 = @multilinecomment; + +commentline_location( + unique int id: @commentline ref, + int loc: @location ref); + +commentblock( + unique int id : @commentblock); + +commentblock_location( + unique int id: @commentblock ref, + int loc: @location ref); + +commentblock_binding( + int id: @commentblock ref, + int entity: @element ref, + int bindtype: int ref); /* 0: Parent, 1: Best, 2: Before, 3: After */ + +commentblock_child( + int id: @commentblock ref, + int commentline: @commentline ref, + int index: int ref); + +/* ASP.NET */ + +case @asp_element.kind of + 0=@asp_close_tag +| 1=@asp_code +| 2=@asp_comment +| 3=@asp_data_binding +| 4=@asp_directive +| 5=@asp_open_tag +| 6=@asp_quoted_string +| 7=@asp_text +| 8=@asp_xml_directive; + +@asp_attribute = @asp_code | @asp_data_binding | @asp_quoted_string; + +asp_elements( + unique int id: @asp_element, + int kind: int ref, + int loc: @location ref); + +asp_comment_server(unique int comment: @asp_comment ref); +asp_code_inline(unique int code: @asp_code ref); +asp_directive_attribute( + int directive: @asp_directive ref, + int index: int ref, + string name: string ref, + int value: @asp_quoted_string ref); +asp_directive_name( + unique int directive: @asp_directive ref, + string name: string ref); +asp_element_body( + unique int element: @asp_element ref, + string body: string ref); +asp_tag_attribute( + int tag: @asp_open_tag ref, + int index: int ref, + string name: string ref, + int attribute: @asp_attribute ref); +asp_tag_name( + unique int tag: @asp_open_tag ref, + string name: string ref); +asp_tag_isempty(int tag: @asp_open_tag ref); diff --git a/csharp/ql/lib/upgrades/a2bda57dbc6eea94c50128522aae536e8edd5a3c/semmlecode.csharp.dbscheme b/csharp/ql/lib/upgrades/a2bda57dbc6eea94c50128522aae536e8edd5a3c/semmlecode.csharp.dbscheme new file mode 100644 index 00000000000..66044cfa5bb --- /dev/null +++ b/csharp/ql/lib/upgrades/a2bda57dbc6eea94c50128522aae536e8edd5a3c/semmlecode.csharp.dbscheme @@ -0,0 +1,1460 @@ +/* This is a dummy line to alter the dbscheme, so we can make a database upgrade + * without actually changing any of the dbscheme predicates. It contains a date + * to allow for such updates in the future as well. + * + * 2021-07-14 + * + * DO NOT remove this comment carelessly, since it can revert the dbscheme back to a + * previously seen state (matching a previously seen SHA), which would make the upgrade + * mechanism not work properly. + */ + +/** + * An invocation of the compiler. Note that more than one file may be + * compiled per invocation. For example, this command compiles three + * source files: + * + * csc f1.cs f2.cs f3.cs + * + * The `id` simply identifies the invocation, while `cwd` is the working + * directory from which the compiler was invoked. + */ +compilations( + unique int id : @compilation, + string cwd : string ref +); + +compilation_info( + int id : @compilation ref, + string info_key: string ref, + string info_value: string ref +) + +/** + * The arguments that were passed to the extractor for a compiler + * invocation. If `id` is for the compiler invocation + * + * csc f1.cs f2.cs f3.cs + * + * then typically there will be rows for + * + * num | arg + * --- | --- + * 0 | --compiler + * 1 | *path to compiler* + * 2 | f1.cs + * 3 | f2.cs + * 4 | f3.cs + */ +#keyset[id, num] +compilation_args( + int id : @compilation ref, + int num : int ref, + string arg : string ref +); + +/** + * The expanded arguments that were passed to the extractor for a + * compiler invocation. This is similar to `compilation_args`, but + * for a `@someFile.rsp` argument, it includes the arguments from that + * file, rather than just taking the argument literally. + */ +#keyset[id, num] +compilation_expanded_args( + int id : @compilation ref, + int num : int ref, + string arg : string ref +); + +/** + * The source files that are compiled by a compiler invocation. + * If `id` is for the compiler invocation + * + * csc f1.cs f2.cs f3.cs + * + * then there will be rows for + * + * num | arg + * --- | --- + * 0 | f1.cs + * 1 | f2.cs + * 2 | f3.cs + */ +#keyset[id, num] +compilation_compiling_files( + int id : @compilation ref, + int num : int ref, + int file : @file ref +); + +/** + * The references used by a compiler invocation. + * If `id` is for the compiler invocation + * + * csc f1.cs f2.cs f3.cs /r:ref1.dll /r:ref2.dll /r:ref3.dll + * + * then there will be rows for + * + * num | arg + * --- | --- + * 0 | ref1.dll + * 1 | ref2.dll + * 2 | ref3.dll + */ +#keyset[id, num] +compilation_referencing_files( + int id : @compilation ref, + int num : int ref, + int file : @file ref +); + +/** + * The time taken by the extractor for a compiler invocation. + * + * For each file `num`, there will be rows for + * + * kind | seconds + * ---- | --- + * 1 | CPU seconds used by the extractor frontend + * 2 | Elapsed seconds during the extractor frontend + * 3 | CPU seconds used by the extractor backend + * 4 | Elapsed seconds during the extractor backend + */ +#keyset[id, num, kind] +compilation_time( + int id : @compilation ref, + int num : int ref, + /* kind: + 1 = frontend_cpu_seconds + 2 = frontend_elapsed_seconds + 3 = extractor_cpu_seconds + 4 = extractor_elapsed_seconds + */ + int kind : int ref, + float seconds : float ref +); + +/** + * An error or warning generated by the extractor. + * The diagnostic message `diagnostic` was generated during compiler + * invocation `compilation`, and is the `file_number_diagnostic_number`th + * message generated while extracting the `file_number`th file of that + * invocation. + */ +#keyset[compilation, file_number, file_number_diagnostic_number] +diagnostic_for( + unique int diagnostic : @diagnostic ref, + int compilation : @compilation ref, + int file_number : int ref, + int file_number_diagnostic_number : int ref +); + +diagnostics( + unique int id: @diagnostic, + int severity: int ref, + string error_tag: string ref, + string error_message: string ref, + string full_error_message: string ref, + int location: @location ref +); + +extractor_messages( + unique int id: @extractor_message, + int severity: int ref, + string origin : string ref, + string text : string ref, + string entity : string ref, + int location: @location ref, + string stack_trace : string ref +); + +/** + * If extraction was successful, then `cpu_seconds` and + * `elapsed_seconds` are the CPU time and elapsed time (respectively) + * that extraction took for compiler invocation `id`. + */ +compilation_finished( + unique int id : @compilation ref, + float cpu_seconds : float ref, + float elapsed_seconds : float ref +); + +compilation_assembly( + unique int id : @compilation ref, + int assembly: @assembly ref +) + +// Populated by the CSV extractor +externalData( + int id: @externalDataElement, + string path: string ref, + int column: int ref, + string value: string ref); + +sourceLocationPrefix( + string prefix: string ref); + +/* + * C# dbscheme + */ + +/** ELEMENTS **/ + +@element = @declaration | @stmt | @expr | @modifier | @attribute | @namespace_declaration + | @using_directive | @type_parameter_constraints | @externalDataElement + | @xmllocatable | @asp_element | @namespace | @preprocessor_directive; + +@declaration = @callable | @generic | @assignable | @namespace; + +@named_element = @namespace | @declaration; + +@declaration_with_accessors = @property | @indexer | @event; + +@assignable = @variable | @assignable_with_accessors | @event; + +@assignable_with_accessors = @property | @indexer; + +@attributable = @assembly | @field | @parameter | @operator | @method | @constructor + | @destructor | @callable_accessor | @value_or_ref_type | @declaration_with_accessors + | @local_function | @lambda_expr; + +/** LOCATIONS, ASEMMBLIES, MODULES, FILES and FOLDERS **/ + +@location = @location_default | @assembly; + +locations_default( + unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref); + +locations_mapped( + unique int id: @location_default ref, + int mapped_to: @location_default ref); + +@sourceline = @file | @callable | @xmllocatable; + +numlines( + int element_id: @sourceline ref, + int num_lines: int ref, + int num_code: int ref, + int num_comment: int ref); + +assemblies( + unique int id: @assembly, + int file: @file ref, + string fullname: string ref, + string name: string ref, + string version: string ref); + +files( + unique int id: @file, + string name: string ref); + +folders( + unique int id: @folder, + string name: string ref); + +@container = @folder | @file ; + +containerparent( + int parent: @container ref, + unique int child: @container ref); + +file_extraction_mode( + unique int file: @file ref, + int mode: int ref + /* 0 = normal, 1 = standalone extractor */ + ); + +/** NAMESPACES **/ + +@type_container = @namespace | @type; + +namespaces( + unique int id: @namespace, + string name: string ref); + +namespace_declarations( + unique int id: @namespace_declaration, + int namespace_id: @namespace ref); + +namespace_declaration_location( + unique int id: @namespace_declaration ref, + int loc: @location ref); + +parent_namespace( + unique int child_id: @type_container ref, + int namespace_id: @namespace ref); + +@declaration_or_directive = @namespace_declaration | @type | @using_directive; + +parent_namespace_declaration( + int child_id: @declaration_or_directive ref, // cannot be unique because of partial classes + int namespace_id: @namespace_declaration ref); + +@using_directive = @using_namespace_directive | @using_static_directive; + +using_global( + unique int id: @using_directive ref +); + +using_namespace_directives( + unique int id: @using_namespace_directive, + int namespace_id: @namespace ref); + +using_static_directives( + unique int id: @using_static_directive, + int type_id: @type_or_ref ref); + +using_directive_location( + unique int id: @using_directive ref, + int loc: @location ref); + +@preprocessor_directive = @pragma_warning | @pragma_checksum | @directive_define | @directive_undefine | @directive_warning + | @directive_error | @directive_nullable | @directive_line | @directive_region | @directive_endregion | @directive_if + | @directive_elif | @directive_else | @directive_endif; + +@conditional_directive = @directive_if | @directive_elif; +@branch_directive = @directive_if | @directive_elif | @directive_else; + +directive_ifs( + unique int id: @directive_if, + int branchTaken: int ref, /* 0: false, 1: true */ + int conditionValue: int ref); /* 0: false, 1: true */ + +directive_elifs( + unique int id: @directive_elif, + int branchTaken: int ref, /* 0: false, 1: true */ + int conditionValue: int ref, /* 0: false, 1: true */ + int parent: @directive_if ref, + int index: int ref); + +directive_elses( + unique int id: @directive_else, + int branchTaken: int ref, /* 0: false, 1: true */ + int parent: @directive_if ref, + int index: int ref); + +#keyset[id, start] +directive_endifs( + unique int id: @directive_endif, + unique int start: @directive_if ref); + +directive_define_symbols( + unique int id: @define_symbol_expr ref, + string name: string ref); + +directive_regions( + unique int id: @directive_region, + string name: string ref); + +#keyset[id, start] +directive_endregions( + unique int id: @directive_endregion, + unique int start: @directive_region ref); + +directive_lines( + unique int id: @directive_line, + int kind: int ref); /* 0: default, 1: hidden, 2: numeric, 3: span */ + +directive_line_value( + unique int id: @directive_line ref, + int line: int ref); + +directive_line_file( + unique int id: @directive_line ref, + int file: @file ref); + +directive_line_offset( + unique int id: @directive_line ref, + int offset: int ref); + +directive_line_span( + unique int id: @directive_line ref, + int startLine: int ref, + int startColumn: int ref, + int endLine: int ref, + int endColumn: int ref); + +directive_nullables( + unique int id: @directive_nullable, + int setting: int ref, /* 0: disable, 1: enable, 2: restore */ + int target: int ref); /* 0: none, 1: annotations, 2: warnings */ + +directive_warnings( + unique int id: @directive_warning, + string message: string ref); + +directive_errors( + unique int id: @directive_error, + string message: string ref); + +directive_undefines( + unique int id: @directive_undefine, + string name: string ref); + +directive_defines( + unique int id: @directive_define, + string name: string ref); + +pragma_checksums( + unique int id: @pragma_checksum, + int file: @file ref, + string guid: string ref, + string bytes: string ref); + +pragma_warnings( + unique int id: @pragma_warning, + int kind: int ref /* 0 = disable, 1 = restore */); + +#keyset[id, index] +pragma_warning_error_codes( + int id: @pragma_warning ref, + string errorCode: string ref, + int index: int ref); + +preprocessor_directive_location( + unique int id: @preprocessor_directive ref, + int loc: @location ref); + +preprocessor_directive_compilation( + int id: @preprocessor_directive ref, + int compilation: @compilation ref); + +preprocessor_directive_active( + unique int id: @preprocessor_directive ref, + int active: int ref); /* 0: false, 1: true */ + +/** TYPES **/ + +types( + unique int id: @type, + int kind: int ref, + string name: string ref); + +case @type.kind of + 1 = @bool_type +| 2 = @char_type +| 3 = @decimal_type +| 4 = @sbyte_type +| 5 = @short_type +| 6 = @int_type +| 7 = @long_type +| 8 = @byte_type +| 9 = @ushort_type +| 10 = @uint_type +| 11 = @ulong_type +| 12 = @float_type +| 13 = @double_type +| 14 = @enum_type +| 15 = @struct_type +| 17 = @class_type +| 19 = @interface_type +| 20 = @delegate_type +| 21 = @null_type +| 22 = @type_parameter +| 23 = @pointer_type +| 24 = @nullable_type +| 25 = @array_type +| 26 = @void_type +| 27 = @int_ptr_type +| 28 = @uint_ptr_type +| 29 = @dynamic_type +| 30 = @arglist_type +| 31 = @unknown_type +| 32 = @tuple_type +| 33 = @function_pointer_type +| 34 = @inline_array_type + ; + +@simple_type = @bool_type | @char_type | @integral_type | @floating_point_type | @decimal_type; +@integral_type = @signed_integral_type | @unsigned_integral_type; +@signed_integral_type = @sbyte_type | @short_type | @int_type | @long_type; +@unsigned_integral_type = @byte_type | @ushort_type | @uint_type | @ulong_type; +@floating_point_type = @float_type | @double_type; +@value_type = @simple_type | @enum_type | @struct_type | @nullable_type | @int_ptr_type + | @uint_ptr_type | @tuple_type | @void_type | @inline_array_type; +@ref_type = @class_type | @interface_type | @array_type | @delegate_type | @null_type + | @dynamic_type; +@value_or_ref_type = @value_type | @ref_type; + +typerefs( + unique int id: @typeref, + string name: string ref); + +typeref_type( + int id: @typeref ref, + unique int typeId: @type ref); + +@type_or_ref = @type | @typeref; + +array_element_type( + unique int array: @array_type ref, + int dimension: int ref, + int rank: int ref, + int element: @type_or_ref ref); + +nullable_underlying_type( + unique int nullable: @nullable_type ref, + int underlying: @type_or_ref ref); + +pointer_referent_type( + unique int pointer: @pointer_type ref, + int referent: @type_or_ref ref); + +enum_underlying_type( + unique int enum_id: @enum_type ref, + int underlying_type_id: @type_or_ref ref); + +delegate_return_type( + unique int delegate_id: @delegate_type ref, + int return_type_id: @type_or_ref ref); + +function_pointer_return_type( + unique int function_pointer_id: @function_pointer_type ref, + int return_type_id: @type_or_ref ref); + +extend( + int sub: @type ref, + int super: @type_or_ref ref); + +anonymous_types( + unique int id: @type ref); + +@interface_or_ref = @interface_type | @typeref; + +implement( + int sub: @type ref, + int super: @type_or_ref ref); + +type_location( + int id: @type ref, + int loc: @location ref); + +tuple_underlying_type( + unique int tuple: @tuple_type ref, + int struct: @type_or_ref ref); + +#keyset[tuple, index] +tuple_element( + int tuple: @tuple_type ref, + int index: int ref, + unique int field: @field ref); + +attributes( + unique int id: @attribute, + int kind: int ref, + int type_id: @type_or_ref ref, + int target: @attributable ref); + +case @attribute.kind of + 0 = @attribute_default +| 1 = @attribute_return +| 2 = @attribute_assembly +| 3 = @attribute_module +; + +attribute_location( + int id: @attribute ref, + int loc: @location ref); + +@type_mention_parent = @element | @type_mention; + +type_mention( + unique int id: @type_mention, + int type_id: @type_or_ref ref, + int parent: @type_mention_parent ref); + +type_mention_location( + unique int id: @type_mention ref, + int loc: @location ref); + +@has_type_annotation = @assignable | @type_parameter | @callable | @expr | @delegate_type | @generic | @function_pointer_type; + +/** + * A direct annotation on an entity, for example `string? x;`. + * + * Annotations: + * 2 = reftype is not annotated "!" + * 3 = reftype is annotated "?" + * 4 = readonly ref type / in parameter + * 5 = ref type parameter, return or local variable + * 6 = out parameter + * + * Note that the annotation depends on the element it annotates. + * @assignable: The annotation is on the type of the assignable, for example the variable type. + * @type_parameter: The annotation is on the reftype constraint + * @callable: The annotation is on the return type + * @array_type: The annotation is on the element type + */ +type_annotation(int id: @has_type_annotation ref, int annotation: int ref); + +nullability(unique int nullability: @nullability, int kind: int ref); + +case @nullability.kind of + 0 = @oblivious +| 1 = @not_annotated +| 2 = @annotated +; + +#keyset[parent, index] +nullability_parent(int nullability: @nullability ref, int index: int ref, int parent: @nullability ref) + +type_nullability(int id: @has_type_annotation ref, int nullability: @nullability ref); + +/** + * The nullable flow state of an expression, as determined by Roslyn. + * 0 = none (default, not populated) + * 1 = not null + * 2 = maybe null + */ +expr_flowstate(unique int id: @expr ref, int state: int ref); + +/** GENERICS **/ + +@generic = @type | @method | @local_function; + +type_parameters( + unique int id: @type_parameter ref, + int index: int ref, + int generic_id: @generic ref, + int variance: int ref /* none = 0, out = 1, in = 2 */); + +#keyset[constructed_id, index] +type_arguments( + int id: @type_or_ref ref, + int index: int ref, + int constructed_id: @generic_or_ref ref); + +@generic_or_ref = @generic | @typeref; + +constructed_generic( + unique int constructed: @generic ref, + int generic: @generic_or_ref ref); + +type_parameter_constraints( + unique int id: @type_parameter_constraints, + int param_id: @type_parameter ref); + +type_parameter_constraints_location( + int id: @type_parameter_constraints ref, + int loc: @location ref); + +general_type_parameter_constraints( + int id: @type_parameter_constraints ref, + int kind: int ref /* class = 1, struct = 2, new = 3 */); + +specific_type_parameter_constraints( + int id: @type_parameter_constraints ref, + int base_id: @type_or_ref ref); + +specific_type_parameter_nullability( + int id: @type_parameter_constraints ref, + int base_id: @type_or_ref ref, + int nullability: @nullability ref); + +/** FUNCTION POINTERS */ + +function_pointer_calling_conventions( + int id: @function_pointer_type ref, + int kind: int ref); + +#keyset[id, index] +has_unmanaged_calling_conventions( + int id: @function_pointer_type ref, + int index: int ref, + int conv_id: @type_or_ref ref); + +/** MODIFIERS */ + +@modifiable = @modifiable_direct | @event_accessor; + +@modifiable_direct = @member | @accessor | @local_function | @anonymous_function_expr; + +modifiers( + unique int id: @modifier, + string name: string ref); + +has_modifiers( + int id: @modifiable_direct ref, + int mod_id: @modifier ref); + +/** MEMBERS **/ + +@member = @method | @constructor | @destructor | @field | @property | @event | @operator | @indexer | @type; + +@named_exprorstmt = @goto_stmt | @labeled_stmt | @expr; + +@virtualizable = @method | @property | @indexer | @event | @operator; + +exprorstmt_name( + unique int parent_id: @named_exprorstmt ref, + string name: string ref); + +nested_types( + unique int id: @type ref, + int declaring_type_id: @type ref, + int unbound_id: @type ref); + +properties( + unique int id: @property, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @property ref); + +property_location( + int id: @property ref, + int loc: @location ref); + +indexers( + unique int id: @indexer, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @indexer ref); + +indexer_location( + int id: @indexer ref, + int loc: @location ref); + +accessors( + unique int id: @accessor, + int kind: int ref, + string name: string ref, + int declaring_member_id: @member ref, + int unbound_id: @accessor ref); + +case @accessor.kind of + 1 = @getter +| 2 = @setter + ; + +init_only_accessors( + unique int id: @accessor ref); + +accessor_location( + int id: @accessor ref, + int loc: @location ref); + +events( + unique int id: @event, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @event ref); + +event_location( + int id: @event ref, + int loc: @location ref); + +event_accessors( + unique int id: @event_accessor, + int kind: int ref, + string name: string ref, + int declaring_event_id: @event ref, + int unbound_id: @event_accessor ref); + +case @event_accessor.kind of + 1 = @add_event_accessor +| 2 = @remove_event_accessor + ; + +event_accessor_location( + int id: @event_accessor ref, + int loc: @location ref); + +operators( + unique int id: @operator, + string name: string ref, + string symbol: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @operator ref); + +operator_location( + int id: @operator ref, + int loc: @location ref); + +constant_value( + int id: @variable ref, + string value: string ref); + +/** CALLABLES **/ + +@callable = @method | @constructor | @destructor | @operator | @callable_accessor | @anonymous_function_expr | @local_function; + +@callable_accessor = @accessor | @event_accessor; + +methods( + unique int id: @method, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @method ref); + +method_location( + int id: @method ref, + int loc: @location ref); + +constructors( + unique int id: @constructor, + string name: string ref, + int declaring_type_id: @type ref, + int unbound_id: @constructor ref); + +constructor_location( + int id: @constructor ref, + int loc: @location ref); + +destructors( + unique int id: @destructor, + string name: string ref, + int declaring_type_id: @type ref, + int unbound_id: @destructor ref); + +destructor_location( + int id: @destructor ref, + int loc: @location ref); + +overrides( + int id: @callable ref, + int base_id: @callable ref); + +explicitly_implements( + int id: @member ref, + int interface_id: @interface_or_ref ref); + +local_functions( + unique int id: @local_function, + string name: string ref, + int return_type: @type ref, + int unbound_id: @local_function ref); + +local_function_stmts( + unique int fn: @local_function_stmt ref, + int stmt: @local_function ref); + +/** VARIABLES **/ + +@variable = @local_scope_variable | @field; + +@local_scope_variable = @local_variable | @parameter; + +fields( + unique int id: @field, + int kind: int ref, + string name: string ref, + int declaring_type_id: @type ref, + int type_id: @type_or_ref ref, + int unbound_id: @field ref); + +case @field.kind of + 1 = @addressable_field +| 2 = @constant + ; + +field_location( + int id: @field ref, + int loc: @location ref); + +localvars( + unique int id: @local_variable, + int kind: int ref, + string name: string ref, + int implicitly_typed: int ref /* 0 = no, 1 = yes */, + int type_id: @type_or_ref ref, + int parent_id: @local_var_decl_expr ref); + +case @local_variable.kind of + 1 = @addressable_local_variable +| 2 = @local_constant +| 3 = @local_variable_ref + ; + +localvar_location( + unique int id: @local_variable ref, + int loc: @location ref); + +@parameterizable = @callable | @delegate_type | @indexer | @function_pointer_type; + +#keyset[name, parent_id] +#keyset[index, parent_id] +params( + unique int id: @parameter, + string name: string ref, + int type_id: @type_or_ref ref, + int index: int ref, + int mode: int ref, /* value = 0, ref = 1, out = 2, params/array = 3, this = 4, in = 5, ref readonly = 6 */ + int parent_id: @parameterizable ref, + int unbound_id: @parameter ref); + +param_location( + int id: @parameter ref, + int loc: @location ref); + +@has_scoped_annotation = @local_scope_variable + +scoped_annotation( + int id: @has_scoped_annotation ref, + int kind: int ref // scoped ref = 1, scoped value = 2 + ); + +/** STATEMENTS **/ + +@exprorstmt_parent = @control_flow_element | @top_level_exprorstmt_parent; + +statements( + unique int id: @stmt, + int kind: int ref); + +#keyset[index, parent] +stmt_parent( + unique int stmt: @stmt ref, + int index: int ref, + int parent: @control_flow_element ref); + +@top_level_stmt_parent = @callable; + +// [index, parent] is not a keyset because the same parent may be compiled multiple times +stmt_parent_top_level( + unique int stmt: @stmt ref, + int index: int ref, + int parent: @top_level_stmt_parent ref); + +case @stmt.kind of + 1 = @block_stmt +| 2 = @expr_stmt +| 3 = @if_stmt +| 4 = @switch_stmt +| 5 = @while_stmt +| 6 = @do_stmt +| 7 = @for_stmt +| 8 = @foreach_stmt +| 9 = @break_stmt +| 10 = @continue_stmt +| 11 = @goto_stmt +| 12 = @goto_case_stmt +| 13 = @goto_default_stmt +| 14 = @throw_stmt +| 15 = @return_stmt +| 16 = @yield_stmt +| 17 = @try_stmt +| 18 = @checked_stmt +| 19 = @unchecked_stmt +| 20 = @lock_stmt +| 21 = @using_block_stmt +| 22 = @var_decl_stmt +| 23 = @const_decl_stmt +| 24 = @empty_stmt +| 25 = @unsafe_stmt +| 26 = @fixed_stmt +| 27 = @label_stmt +| 28 = @catch +| 29 = @case_stmt +| 30 = @local_function_stmt +| 31 = @using_decl_stmt + ; + +@using_stmt = @using_block_stmt | @using_decl_stmt; + +@labeled_stmt = @label_stmt | @case; + +@decl_stmt = @var_decl_stmt | @const_decl_stmt | @using_decl_stmt; + +@cond_stmt = @if_stmt | @switch_stmt; + +@loop_stmt = @while_stmt | @do_stmt | @for_stmt | @foreach_stmt; + +@jump_stmt = @break_stmt | @goto_any_stmt | @continue_stmt | @throw_stmt | @return_stmt + | @yield_stmt; + +@goto_any_stmt = @goto_default_stmt | @goto_case_stmt | @goto_stmt; + + +stmt_location( + unique int id: @stmt ref, + int loc: @location ref); + +catch_type( + unique int catch_id: @catch ref, + int type_id: @type_or_ref ref, + int kind: int ref /* explicit = 1, implicit = 2 */); + +foreach_stmt_info( + unique int id: @foreach_stmt ref, + int kind: int ref /* non-async = 1, async = 2 */); + +@foreach_symbol = @method | @property | @type_or_ref; + +#keyset[id, kind] +foreach_stmt_desugar( + int id: @foreach_stmt ref, + int symbol: @foreach_symbol ref, + int kind: int ref /* GetEnumeratorMethod = 1, CurrentProperty = 2, MoveNextMethod = 3, DisposeMethod = 4, ElementType = 5 */); + +/** EXPRESSIONS **/ + +expressions( + unique int id: @expr, + int kind: int ref, + int type_id: @type_or_ref ref); + +#keyset[index, parent] +expr_parent( + unique int expr: @expr ref, + int index: int ref, + int parent: @control_flow_element ref); + +@top_level_expr_parent = @attribute | @field | @property | @indexer | @parameter | @directive_if | @directive_elif; + +@top_level_exprorstmt_parent = @top_level_expr_parent | @top_level_stmt_parent; + +// [index, parent] is not a keyset because the same parent may be compiled multiple times +expr_parent_top_level( + unique int expr: @expr ref, + int index: int ref, + int parent: @top_level_exprorstmt_parent ref); + +case @expr.kind of +/* literal */ + 1 = @bool_literal_expr +| 2 = @char_literal_expr +| 3 = @decimal_literal_expr +| 4 = @int_literal_expr +| 5 = @long_literal_expr +| 6 = @uint_literal_expr +| 7 = @ulong_literal_expr +| 8 = @float_literal_expr +| 9 = @double_literal_expr +| 10 = @utf16_string_literal_expr +| 11 = @null_literal_expr +/* primary & unary */ +| 12 = @this_access_expr +| 13 = @base_access_expr +| 14 = @local_variable_access_expr +| 15 = @parameter_access_expr +| 16 = @field_access_expr +| 17 = @property_access_expr +| 18 = @method_access_expr +| 19 = @event_access_expr +| 20 = @indexer_access_expr +| 21 = @array_access_expr +| 22 = @type_access_expr +| 23 = @typeof_expr +| 24 = @method_invocation_expr +| 25 = @delegate_invocation_expr +| 26 = @operator_invocation_expr +| 27 = @cast_expr +| 28 = @object_creation_expr +| 29 = @explicit_delegate_creation_expr +| 30 = @implicit_delegate_creation_expr +| 31 = @array_creation_expr +| 32 = @default_expr +| 33 = @plus_expr +| 34 = @minus_expr +| 35 = @bit_not_expr +| 36 = @log_not_expr +| 37 = @post_incr_expr +| 38 = @post_decr_expr +| 39 = @pre_incr_expr +| 40 = @pre_decr_expr +/* multiplicative */ +| 41 = @mul_expr +| 42 = @div_expr +| 43 = @rem_expr +/* additive */ +| 44 = @add_expr +| 45 = @sub_expr +/* shift */ +| 46 = @lshift_expr +| 47 = @rshift_expr +/* relational */ +| 48 = @lt_expr +| 49 = @gt_expr +| 50 = @le_expr +| 51 = @ge_expr +/* equality */ +| 52 = @eq_expr +| 53 = @ne_expr +/* logical */ +| 54 = @bit_and_expr +| 55 = @bit_xor_expr +| 56 = @bit_or_expr +| 57 = @log_and_expr +| 58 = @log_or_expr +/* type testing */ +| 59 = @is_expr +| 60 = @as_expr +/* null coalescing */ +| 61 = @null_coalescing_expr +/* conditional */ +| 62 = @conditional_expr +/* assignment */ +| 63 = @simple_assign_expr +| 64 = @assign_add_expr +| 65 = @assign_sub_expr +| 66 = @assign_mul_expr +| 67 = @assign_div_expr +| 68 = @assign_rem_expr +| 69 = @assign_and_expr +| 70 = @assign_xor_expr +| 71 = @assign_or_expr +| 72 = @assign_lshift_expr +| 73 = @assign_rshift_expr +/* more */ +| 74 = @object_init_expr +| 75 = @collection_init_expr +| 76 = @array_init_expr +| 77 = @checked_expr +| 78 = @unchecked_expr +| 79 = @constructor_init_expr +| 80 = @add_event_expr +| 81 = @remove_event_expr +| 82 = @par_expr +| 83 = @local_var_decl_expr +| 84 = @lambda_expr +| 85 = @anonymous_method_expr +| 86 = @namespace_expr +/* dynamic */ +| 92 = @dynamic_element_access_expr +| 93 = @dynamic_member_access_expr +/* unsafe */ +| 100 = @pointer_indirection_expr +| 101 = @address_of_expr +| 102 = @sizeof_expr +/* async */ +| 103 = @await_expr +/* C# 6.0 */ +| 104 = @nameof_expr +| 105 = @interpolated_string_expr +| 106 = @unknown_expr +/* C# 7.0 */ +| 107 = @throw_expr +| 108 = @tuple_expr +| 109 = @local_function_invocation_expr +| 110 = @ref_expr +| 111 = @discard_expr +/* C# 8.0 */ +| 112 = @range_expr +| 113 = @index_expr +| 114 = @switch_expr +| 115 = @recursive_pattern_expr +| 116 = @property_pattern_expr +| 117 = @positional_pattern_expr +| 118 = @switch_case_expr +| 119 = @assign_coalesce_expr +| 120 = @suppress_nullable_warning_expr +| 121 = @namespace_access_expr +/* C# 9.0 */ +| 122 = @lt_pattern_expr +| 123 = @gt_pattern_expr +| 124 = @le_pattern_expr +| 125 = @ge_pattern_expr +| 126 = @not_pattern_expr +| 127 = @and_pattern_expr +| 128 = @or_pattern_expr +| 129 = @function_pointer_invocation_expr +| 130 = @with_expr +/* C# 11.0 */ +| 131 = @list_pattern_expr +| 132 = @slice_pattern_expr +| 133 = @urshift_expr +| 134 = @assign_urshift_expr +| 135 = @utf8_string_literal_expr +/* C# 12.0 */ +| 136 = @collection_expr +| 137 = @spread_element_expr +| 138 = @interpolated_string_insert_expr +/* Preprocessor */ +| 999 = @define_symbol_expr +; + +@switch = @switch_stmt | @switch_expr; +@case = @case_stmt | @switch_case_expr; +@pattern_match = @case | @is_expr; +@unary_pattern_expr = @not_pattern_expr; +@relational_pattern_expr = @gt_pattern_expr | @lt_pattern_expr | @ge_pattern_expr | @le_pattern_expr; +@binary_pattern_expr = @and_pattern_expr | @or_pattern_expr; + +@integer_literal_expr = @int_literal_expr | @long_literal_expr | @uint_literal_expr | @ulong_literal_expr; +@real_literal_expr = @float_literal_expr | @double_literal_expr | @decimal_literal_expr; +@string_literal_expr = @utf16_string_literal_expr | @utf8_string_literal_expr; +@literal_expr = @bool_literal_expr | @char_literal_expr | @integer_literal_expr | @real_literal_expr + | @string_literal_expr | @null_literal_expr; + +@assign_expr = @simple_assign_expr | @assign_op_expr | @local_var_decl_expr; +@assign_op_expr = @assign_arith_expr | @assign_bitwise_expr | @assign_event_expr | @assign_coalesce_expr; +@assign_event_expr = @add_event_expr | @remove_event_expr; + +@assign_arith_expr = @assign_add_expr | @assign_sub_expr | @assign_mul_expr | @assign_div_expr + | @assign_rem_expr +@assign_bitwise_expr = @assign_and_expr | @assign_or_expr | @assign_xor_expr + | @assign_lshift_expr | @assign_rshift_expr | @assign_urshift_expr; + +@member_access_expr = @field_access_expr | @property_access_expr | @indexer_access_expr | @event_access_expr + | @method_access_expr | @type_access_expr | @dynamic_member_access_expr; +@access_expr = @member_access_expr | @this_access_expr | @base_access_expr | @assignable_access_expr | @namespace_access_expr; +@element_access_expr = @indexer_access_expr | @array_access_expr | @dynamic_element_access_expr; + +@local_variable_access = @local_variable_access_expr | @local_var_decl_expr; +@local_scope_variable_access_expr = @parameter_access_expr | @local_variable_access; +@variable_access_expr = @local_scope_variable_access_expr | @field_access_expr; + +@assignable_access_expr = @variable_access_expr | @property_access_expr | @element_access_expr + | @event_access_expr | @dynamic_member_access_expr; + +@objectorcollection_init_expr = @object_init_expr | @collection_init_expr; + +@delegate_creation_expr = @explicit_delegate_creation_expr | @implicit_delegate_creation_expr; + +@bin_arith_op_expr = @mul_expr | @div_expr | @rem_expr | @add_expr | @sub_expr; +@incr_op_expr = @pre_incr_expr | @post_incr_expr; +@decr_op_expr = @pre_decr_expr | @post_decr_expr; +@mut_op_expr = @incr_op_expr | @decr_op_expr; +@un_arith_op_expr = @plus_expr | @minus_expr | @mut_op_expr; +@arith_op_expr = @bin_arith_op_expr | @un_arith_op_expr; + +@ternary_log_op_expr = @conditional_expr; +@bin_log_op_expr = @log_and_expr | @log_or_expr | @null_coalescing_expr; +@un_log_op_expr = @log_not_expr; +@log_expr = @un_log_op_expr | @bin_log_op_expr | @ternary_log_op_expr; + +@bin_bit_op_expr = @bit_and_expr | @bit_or_expr | @bit_xor_expr | @lshift_expr + | @rshift_expr | @urshift_expr; +@un_bit_op_expr = @bit_not_expr; +@bit_expr = @un_bit_op_expr | @bin_bit_op_expr; + +@equality_op_expr = @eq_expr | @ne_expr; +@rel_op_expr = @gt_expr | @lt_expr| @ge_expr | @le_expr; +@comp_expr = @equality_op_expr | @rel_op_expr; + +@op_expr = @assign_expr | @un_op | @bin_op | @ternary_op; + +@ternary_op = @ternary_log_op_expr; +@bin_op = @bin_arith_op_expr | @bin_log_op_expr | @bin_bit_op_expr | @comp_expr; +@un_op = @un_arith_op_expr | @un_log_op_expr | @un_bit_op_expr | @sizeof_expr + | @pointer_indirection_expr | @address_of_expr; + +@anonymous_function_expr = @lambda_expr | @anonymous_method_expr; + +@call = @method_invocation_expr | @constructor_init_expr | @operator_invocation_expr + | @delegate_invocation_expr | @object_creation_expr | @call_access_expr + | @local_function_invocation_expr | @function_pointer_invocation_expr; + +@call_access_expr = @property_access_expr | @event_access_expr | @indexer_access_expr; + +@late_bindable_expr = @dynamic_element_access_expr | @dynamic_member_access_expr + | @object_creation_expr | @method_invocation_expr | @operator_invocation_expr; + +@throw_element = @throw_expr | @throw_stmt; + +@implicitly_typeable_object_creation_expr = @object_creation_expr | @explicit_delegate_creation_expr; + +implicitly_typed_array_creation( + unique int id: @array_creation_expr ref); + +explicitly_sized_array_creation( + unique int id: @array_creation_expr ref); + +stackalloc_array_creation( + unique int id: @array_creation_expr ref); + +implicitly_typed_object_creation( + unique int id: @implicitly_typeable_object_creation_expr ref); + +mutator_invocation_mode( + unique int id: @operator_invocation_expr ref, + int mode: int ref /* prefix = 1, postfix = 2*/); + +expr_value( + unique int id: @expr ref, + string value: string ref); + +expr_call( + unique int caller_id: @expr ref, + int target_id: @callable ref); + +expr_access( + unique int accesser_id: @access_expr ref, + int target_id: @accessible ref); + +@accessible = @method | @assignable | @local_function | @namespace; + +expr_location( + unique int id: @expr ref, + int loc: @location ref); + +dynamic_member_name( + unique int id: @late_bindable_expr ref, + string name: string ref); + +@qualifiable_expr = @member_access_expr + | @method_invocation_expr + | @element_access_expr; + +conditional_access( + unique int id: @qualifiable_expr ref); + +expr_argument( + unique int id: @expr ref, + int mode: int ref); + /* mode is the same as params: value = 0, ref = 1, out = 2 */ + +expr_argument_name( + unique int id: @expr ref, + string name: string ref); + +lambda_expr_return_type( + unique int id: @lambda_expr ref, + int type_id: @type_or_ref ref); + +/* Compiler generated */ + +compiler_generated(unique int id: @element ref); + +/** CONTROL/DATA FLOW **/ + +@control_flow_element = @stmt | @expr; + +/* XML Files */ + +xmlEncoding ( + unique int id: @file ref, + string encoding: string ref); + +xmlDTDs( + unique int id: @xmldtd, + string root: string ref, + string publicId: string ref, + string systemId: string ref, + int fileid: @file ref); + +xmlElements( + unique int id: @xmlelement, + string name: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int fileid: @file ref); + +xmlAttrs( + unique int id: @xmlattribute, + int elementid: @xmlelement ref, + string name: string ref, + string value: string ref, + int idx: int ref, + int fileid: @file ref); + +xmlNs( + int id: @xmlnamespace, + string prefixName: string ref, + string URI: string ref, + int fileid: @file ref); + +xmlHasNs( + int elementId: @xmlnamespaceable ref, + int nsId: @xmlnamespace ref, + int fileid: @file ref); + +xmlComments( + unique int id: @xmlcomment, + string text: string ref, + int parentid: @xmlparent ref, + int fileid: @file ref); + +xmlChars( + unique int id: @xmlcharacters, + string text: string ref, + int parentid: @xmlparent ref, + int idx: int ref, + int isCDATA: int ref, + int fileid: @file ref); + +@xmlparent = @file | @xmlelement; +@xmlnamespaceable = @xmlelement | @xmlattribute; + +xmllocations( + int xmlElement: @xmllocatable ref, + int location: @location_default ref); + +@xmllocatable = @xmlcharacters | @xmlelement | @xmlcomment | @xmlattribute | @xmldtd | @file | @xmlnamespace; + +/* Comments */ + +commentline( + unique int id: @commentline, + int kind: int ref, + string text: string ref, + string rawtext: string ref); + +case @commentline.kind of + 0 = @singlelinecomment +| 1 = @xmldoccomment +| 2 = @multilinecomment; + +commentline_location( + unique int id: @commentline ref, + int loc: @location ref); + +commentblock( + unique int id : @commentblock); + +commentblock_location( + unique int id: @commentblock ref, + int loc: @location ref); + +commentblock_binding( + int id: @commentblock ref, + int entity: @element ref, + int bindtype: int ref); /* 0: Parent, 1: Best, 2: Before, 3: After */ + +commentblock_child( + int id: @commentblock ref, + int commentline: @commentline ref, + int index: int ref); + +/* ASP.NET */ + +case @asp_element.kind of + 0=@asp_close_tag +| 1=@asp_code +| 2=@asp_comment +| 3=@asp_data_binding +| 4=@asp_directive +| 5=@asp_open_tag +| 6=@asp_quoted_string +| 7=@asp_text +| 8=@asp_xml_directive; + +@asp_attribute = @asp_code | @asp_data_binding | @asp_quoted_string; + +asp_elements( + unique int id: @asp_element, + int kind: int ref, + int loc: @location ref); + +asp_comment_server(unique int comment: @asp_comment ref); +asp_code_inline(unique int code: @asp_code ref); +asp_directive_attribute( + int directive: @asp_directive ref, + int index: int ref, + string name: string ref, + int value: @asp_quoted_string ref); +asp_directive_name( + unique int directive: @asp_directive ref, + string name: string ref); +asp_element_body( + unique int element: @asp_element ref, + string body: string ref); +asp_tag_attribute( + int tag: @asp_open_tag ref, + int index: int ref, + string name: string ref, + int attribute: @asp_attribute ref); +asp_tag_name( + unique int tag: @asp_open_tag ref, + string name: string ref); +asp_tag_isempty(int tag: @asp_open_tag ref); diff --git a/csharp/ql/lib/upgrades/a2bda57dbc6eea94c50128522aae536e8edd5a3c/upgrade.properties b/csharp/ql/lib/upgrades/a2bda57dbc6eea94c50128522aae536e8edd5a3c/upgrade.properties new file mode 100644 index 00000000000..1989c9c8847 --- /dev/null +++ b/csharp/ql/lib/upgrades/a2bda57dbc6eea94c50128522aae536e8edd5a3c/upgrade.properties @@ -0,0 +1,2 @@ +description: Add `interpolated_string_insert_expr` kind. +compatibility: partial From f582054ca4425b0013fa285d40126ce10bda8307 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 24 Mar 2025 09:17:56 +0000 Subject: [PATCH 031/409] Rust: Refactor the tests that have multiple control flow paths. --- .../CWE-825/AccessInvalidPointer.expected | 142 +++++++++--------- .../security/CWE-825/deallocation.rs | 97 ++++++++---- .../query-tests/security/CWE-825/lifetime.rs | 99 ++++++++---- .../test/query-tests/security/CWE-825/main.rs | 45 +++--- 4 files changed, 225 insertions(+), 158 deletions(-) diff --git a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected index 0067fcc17da..919bd224519 100644 --- a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected +++ b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected @@ -1,45 +1,44 @@ #select -| deallocation.rs:23:13:23:14 | m1 | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:23:13:23:14 | m1 | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | -| deallocation.rs:25:12:25:31 | ...::read::<...> | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:25:12:25:31 | ...::read::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | -| deallocation.rs:33:5:33:6 | m1 | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:33:5:33:6 | m1 | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | -| deallocation.rs:35:4:35:24 | ...::write::<...> | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:35:4:35:24 | ...::write::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | -| deallocation.rs:57:14:57:15 | m2 | deallocation.rs:54:23:54:24 | m2 | deallocation.rs:57:14:57:15 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:54:23:54:24 | m2 | invalid | -| deallocation.rs:58:14:58:15 | m2 | deallocation.rs:54:23:54:24 | m2 | deallocation.rs:58:14:58:15 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:54:23:54:24 | m2 | invalid | -| deallocation.rs:63:6:63:7 | m2 | deallocation.rs:54:23:54:24 | m2 | deallocation.rs:63:6:63:7 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:54:23:54:24 | m2 | invalid | -| deallocation.rs:64:6:64:7 | m2 | deallocation.rs:54:23:54:24 | m2 | deallocation.rs:64:6:64:7 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:54:23:54:24 | m2 | invalid | -| deallocation.rs:66:4:66:30 | ...::write::<...> | deallocation.rs:54:23:54:24 | m2 | deallocation.rs:66:4:66:30 | ...::write::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:54:23:54:24 | m2 | invalid | -| deallocation.rs:84:13:84:18 | my_ptr | deallocation.rs:81:14:81:19 | my_ptr | deallocation.rs:84:13:84:18 | my_ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:81:14:81:19 | my_ptr | invalid | -| deallocation.rs:99:14:99:15 | p1 | deallocation.rs:92:23:92:40 | ...::dangling | deallocation.rs:99:14:99:15 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:92:23:92:40 | ...::dangling | invalid | -| deallocation.rs:100:14:100:15 | p2 | deallocation.rs:93:21:93:42 | ...::dangling_mut | deallocation.rs:100:14:100:15 | p2 | This operation dereferences a pointer that may be $@. | deallocation.rs:93:21:93:42 | ...::dangling_mut | invalid | -| deallocation.rs:101:14:101:15 | p3 | deallocation.rs:94:23:94:36 | ...::null | deallocation.rs:101:14:101:15 | p3 | This operation dereferences a pointer that may be $@. | deallocation.rs:94:23:94:36 | ...::null | invalid | -| deallocation.rs:148:14:148:15 | p1 | deallocation.rs:145:27:145:28 | p1 | deallocation.rs:148:14:148:15 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:145:27:145:28 | p1 | invalid | -| deallocation.rs:179:18:179:20 | ptr | deallocation.rs:173:27:173:29 | ptr | deallocation.rs:179:18:179:20 | ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:173:27:173:29 | ptr | invalid | +| deallocation.rs:26:15:26:16 | m1 | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:26:15:26:16 | m1 | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | +| deallocation.rs:33:14:33:33 | ...::read::<...> | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:33:14:33:33 | ...::read::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | +| deallocation.rs:40:6:40:7 | m1 | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:40:6:40:7 | m1 | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | +| deallocation.rs:45:5:45:25 | ...::write::<...> | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:45:5:45:25 | ...::write::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | +| deallocation.rs:72:16:72:17 | m2 | deallocation.rs:66:23:66:24 | m2 | deallocation.rs:72:16:72:17 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:66:23:66:24 | m2 | invalid | +| deallocation.rs:77:16:77:17 | m2 | deallocation.rs:66:23:66:24 | m2 | deallocation.rs:77:16:77:17 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:66:23:66:24 | m2 | invalid | +| deallocation.rs:82:7:82:8 | m2 | deallocation.rs:66:23:66:24 | m2 | deallocation.rs:82:7:82:8 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:66:23:66:24 | m2 | invalid | +| deallocation.rs:86:7:86:8 | m2 | deallocation.rs:66:23:66:24 | m2 | deallocation.rs:86:7:86:8 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:66:23:66:24 | m2 | invalid | +| deallocation.rs:91:5:91:31 | ...::write::<...> | deallocation.rs:66:23:66:24 | m2 | deallocation.rs:91:5:91:31 | ...::write::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:66:23:66:24 | m2 | invalid | +| deallocation.rs:111:13:111:18 | my_ptr | deallocation.rs:108:14:108:19 | my_ptr | deallocation.rs:111:13:111:18 | my_ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:108:14:108:19 | my_ptr | invalid | +| deallocation.rs:126:14:126:15 | p1 | deallocation.rs:119:23:119:40 | ...::dangling | deallocation.rs:126:14:126:15 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:119:23:119:40 | ...::dangling | invalid | +| deallocation.rs:127:14:127:15 | p2 | deallocation.rs:120:21:120:42 | ...::dangling_mut | deallocation.rs:127:14:127:15 | p2 | This operation dereferences a pointer that may be $@. | deallocation.rs:120:21:120:42 | ...::dangling_mut | invalid | +| deallocation.rs:128:14:128:15 | p3 | deallocation.rs:121:23:121:36 | ...::null | deallocation.rs:128:14:128:15 | p3 | This operation dereferences a pointer that may be $@. | deallocation.rs:121:23:121:36 | ...::null | invalid | +| deallocation.rs:176:15:176:16 | p1 | deallocation.rs:172:27:172:28 | p1 | deallocation.rs:176:15:176:16 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:172:27:172:28 | p1 | invalid | +| deallocation.rs:210:18:210:20 | ptr | deallocation.rs:204:27:204:29 | ptr | deallocation.rs:210:18:210:20 | ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:204:27:204:29 | ptr | invalid | edges -| deallocation.rs:20:23:20:24 | m1 | deallocation.rs:23:13:23:14 | m1 | provenance | | -| deallocation.rs:20:23:20:24 | m1 | deallocation.rs:25:33:25:34 | m1 | provenance | | -| deallocation.rs:25:33:25:34 | m1 | deallocation.rs:25:12:25:31 | ...::read::<...> | provenance | MaD:1 Sink:MaD:1 | -| deallocation.rs:25:33:25:34 | m1 | deallocation.rs:33:5:33:6 | m1 | provenance | | -| deallocation.rs:25:33:25:34 | m1 | deallocation.rs:33:5:33:6 | m1 | provenance | | -| deallocation.rs:33:5:33:6 | m1 | deallocation.rs:35:26:35:27 | m1 | provenance | | -| deallocation.rs:35:26:35:27 | m1 | deallocation.rs:35:4:35:24 | ...::write::<...> | provenance | MaD:2 Sink:MaD:2 | -| deallocation.rs:54:23:54:24 | m2 | deallocation.rs:57:14:57:15 | m2 | provenance | | -| deallocation.rs:54:23:54:24 | m2 | deallocation.rs:58:14:58:15 | m2 | provenance | | -| deallocation.rs:54:23:54:24 | m2 | deallocation.rs:63:6:63:7 | m2 | provenance | | -| deallocation.rs:54:23:54:24 | m2 | deallocation.rs:64:6:64:7 | m2 | provenance | | -| deallocation.rs:54:23:54:24 | m2 | deallocation.rs:66:32:66:33 | m2 | provenance | | -| deallocation.rs:66:32:66:33 | m2 | deallocation.rs:66:4:66:30 | ...::write::<...> | provenance | MaD:2 Sink:MaD:2 | -| deallocation.rs:81:14:81:19 | my_ptr | deallocation.rs:84:13:84:18 | my_ptr | provenance | | -| deallocation.rs:92:6:92:7 | p1 | deallocation.rs:99:14:99:15 | p1 | provenance | | -| deallocation.rs:92:23:92:40 | ...::dangling | deallocation.rs:92:23:92:42 | ...::dangling(...) | provenance | Src:MaD:3 MaD:3 | -| deallocation.rs:92:23:92:42 | ...::dangling(...) | deallocation.rs:92:6:92:7 | p1 | provenance | | -| deallocation.rs:93:6:93:7 | p2 | deallocation.rs:100:14:100:15 | p2 | provenance | | -| deallocation.rs:93:21:93:42 | ...::dangling_mut | deallocation.rs:93:21:93:44 | ...::dangling_mut(...) | provenance | Src:MaD:4 MaD:4 | -| deallocation.rs:93:21:93:44 | ...::dangling_mut(...) | deallocation.rs:93:6:93:7 | p2 | provenance | | -| deallocation.rs:94:6:94:7 | p3 | deallocation.rs:101:14:101:15 | p3 | provenance | | -| deallocation.rs:94:23:94:36 | ...::null | deallocation.rs:94:23:94:38 | ...::null(...) | provenance | Src:MaD:5 MaD:5 | -| deallocation.rs:94:23:94:38 | ...::null(...) | deallocation.rs:94:6:94:7 | p3 | provenance | | -| deallocation.rs:145:27:145:28 | p1 | deallocation.rs:148:14:148:15 | p1 | provenance | | -| deallocation.rs:173:27:173:29 | ptr | deallocation.rs:179:18:179:20 | ptr | provenance | | +| deallocation.rs:20:23:20:24 | m1 | deallocation.rs:26:15:26:16 | m1 | provenance | | +| deallocation.rs:20:23:20:24 | m1 | deallocation.rs:33:35:33:36 | m1 | provenance | | +| deallocation.rs:20:23:20:24 | m1 | deallocation.rs:40:6:40:7 | m1 | provenance | | +| deallocation.rs:20:23:20:24 | m1 | deallocation.rs:45:27:45:28 | m1 | provenance | | +| deallocation.rs:33:35:33:36 | m1 | deallocation.rs:33:14:33:33 | ...::read::<...> | provenance | MaD:1 Sink:MaD:1 | +| deallocation.rs:45:27:45:28 | m1 | deallocation.rs:45:5:45:25 | ...::write::<...> | provenance | MaD:2 Sink:MaD:2 | +| deallocation.rs:66:23:66:24 | m2 | deallocation.rs:72:16:72:17 | m2 | provenance | | +| deallocation.rs:66:23:66:24 | m2 | deallocation.rs:77:16:77:17 | m2 | provenance | | +| deallocation.rs:66:23:66:24 | m2 | deallocation.rs:82:7:82:8 | m2 | provenance | | +| deallocation.rs:66:23:66:24 | m2 | deallocation.rs:86:7:86:8 | m2 | provenance | | +| deallocation.rs:66:23:66:24 | m2 | deallocation.rs:91:33:91:34 | m2 | provenance | | +| deallocation.rs:91:33:91:34 | m2 | deallocation.rs:91:5:91:31 | ...::write::<...> | provenance | MaD:2 Sink:MaD:2 | +| deallocation.rs:108:14:108:19 | my_ptr | deallocation.rs:111:13:111:18 | my_ptr | provenance | | +| deallocation.rs:119:6:119:7 | p1 | deallocation.rs:126:14:126:15 | p1 | provenance | | +| deallocation.rs:119:23:119:40 | ...::dangling | deallocation.rs:119:23:119:42 | ...::dangling(...) | provenance | Src:MaD:3 MaD:3 | +| deallocation.rs:119:23:119:42 | ...::dangling(...) | deallocation.rs:119:6:119:7 | p1 | provenance | | +| deallocation.rs:120:6:120:7 | p2 | deallocation.rs:127:14:127:15 | p2 | provenance | | +| deallocation.rs:120:21:120:42 | ...::dangling_mut | deallocation.rs:120:21:120:44 | ...::dangling_mut(...) | provenance | Src:MaD:4 MaD:4 | +| deallocation.rs:120:21:120:44 | ...::dangling_mut(...) | deallocation.rs:120:6:120:7 | p2 | provenance | | +| deallocation.rs:121:6:121:7 | p3 | deallocation.rs:128:14:128:15 | p3 | provenance | | +| deallocation.rs:121:23:121:36 | ...::null | deallocation.rs:121:23:121:38 | ...::null(...) | provenance | Src:MaD:5 MaD:5 | +| deallocation.rs:121:23:121:38 | ...::null(...) | deallocation.rs:121:6:121:7 | p3 | provenance | | +| deallocation.rs:172:27:172:28 | p1 | deallocation.rs:176:15:176:16 | p1 | provenance | | +| deallocation.rs:204:27:204:29 | ptr | deallocation.rs:210:18:210:20 | ptr | provenance | | models | 1 | Sink: lang:core; crate::ptr::read; pointer-access; Argument[0] | | 2 | Sink: lang:core; crate::ptr::write; pointer-access; Argument[0] | @@ -48,36 +47,35 @@ models | 5 | Source: lang:core; crate::ptr::null; pointer-invalidate; ReturnValue | nodes | deallocation.rs:20:23:20:24 | m1 | semmle.label | m1 | -| deallocation.rs:23:13:23:14 | m1 | semmle.label | m1 | -| deallocation.rs:25:12:25:31 | ...::read::<...> | semmle.label | ...::read::<...> | -| deallocation.rs:25:33:25:34 | m1 | semmle.label | m1 | -| deallocation.rs:33:5:33:6 | m1 | semmle.label | m1 | -| deallocation.rs:33:5:33:6 | m1 | semmle.label | m1 | -| deallocation.rs:35:4:35:24 | ...::write::<...> | semmle.label | ...::write::<...> | -| deallocation.rs:35:26:35:27 | m1 | semmle.label | m1 | -| deallocation.rs:54:23:54:24 | m2 | semmle.label | m2 | -| deallocation.rs:57:14:57:15 | m2 | semmle.label | m2 | -| deallocation.rs:58:14:58:15 | m2 | semmle.label | m2 | -| deallocation.rs:63:6:63:7 | m2 | semmle.label | m2 | -| deallocation.rs:64:6:64:7 | m2 | semmle.label | m2 | -| deallocation.rs:66:4:66:30 | ...::write::<...> | semmle.label | ...::write::<...> | -| deallocation.rs:66:32:66:33 | m2 | semmle.label | m2 | -| deallocation.rs:81:14:81:19 | my_ptr | semmle.label | my_ptr | -| deallocation.rs:84:13:84:18 | my_ptr | semmle.label | my_ptr | -| deallocation.rs:92:6:92:7 | p1 | semmle.label | p1 | -| deallocation.rs:92:23:92:40 | ...::dangling | semmle.label | ...::dangling | -| deallocation.rs:92:23:92:42 | ...::dangling(...) | semmle.label | ...::dangling(...) | -| deallocation.rs:93:6:93:7 | p2 | semmle.label | p2 | -| deallocation.rs:93:21:93:42 | ...::dangling_mut | semmle.label | ...::dangling_mut | -| deallocation.rs:93:21:93:44 | ...::dangling_mut(...) | semmle.label | ...::dangling_mut(...) | -| deallocation.rs:94:6:94:7 | p3 | semmle.label | p3 | -| deallocation.rs:94:23:94:36 | ...::null | semmle.label | ...::null | -| deallocation.rs:94:23:94:38 | ...::null(...) | semmle.label | ...::null(...) | -| deallocation.rs:99:14:99:15 | p1 | semmle.label | p1 | -| deallocation.rs:100:14:100:15 | p2 | semmle.label | p2 | -| deallocation.rs:101:14:101:15 | p3 | semmle.label | p3 | -| deallocation.rs:145:27:145:28 | p1 | semmle.label | p1 | -| deallocation.rs:148:14:148:15 | p1 | semmle.label | p1 | -| deallocation.rs:173:27:173:29 | ptr | semmle.label | ptr | -| deallocation.rs:179:18:179:20 | ptr | semmle.label | ptr | +| deallocation.rs:26:15:26:16 | m1 | semmle.label | m1 | +| deallocation.rs:33:14:33:33 | ...::read::<...> | semmle.label | ...::read::<...> | +| deallocation.rs:33:35:33:36 | m1 | semmle.label | m1 | +| deallocation.rs:40:6:40:7 | m1 | semmle.label | m1 | +| deallocation.rs:45:5:45:25 | ...::write::<...> | semmle.label | ...::write::<...> | +| deallocation.rs:45:27:45:28 | m1 | semmle.label | m1 | +| deallocation.rs:66:23:66:24 | m2 | semmle.label | m2 | +| deallocation.rs:72:16:72:17 | m2 | semmle.label | m2 | +| deallocation.rs:77:16:77:17 | m2 | semmle.label | m2 | +| deallocation.rs:82:7:82:8 | m2 | semmle.label | m2 | +| deallocation.rs:86:7:86:8 | m2 | semmle.label | m2 | +| deallocation.rs:91:5:91:31 | ...::write::<...> | semmle.label | ...::write::<...> | +| deallocation.rs:91:33:91:34 | m2 | semmle.label | m2 | +| deallocation.rs:108:14:108:19 | my_ptr | semmle.label | my_ptr | +| deallocation.rs:111:13:111:18 | my_ptr | semmle.label | my_ptr | +| deallocation.rs:119:6:119:7 | p1 | semmle.label | p1 | +| deallocation.rs:119:23:119:40 | ...::dangling | semmle.label | ...::dangling | +| deallocation.rs:119:23:119:42 | ...::dangling(...) | semmle.label | ...::dangling(...) | +| deallocation.rs:120:6:120:7 | p2 | semmle.label | p2 | +| deallocation.rs:120:21:120:42 | ...::dangling_mut | semmle.label | ...::dangling_mut | +| deallocation.rs:120:21:120:44 | ...::dangling_mut(...) | semmle.label | ...::dangling_mut(...) | +| deallocation.rs:121:6:121:7 | p3 | semmle.label | p3 | +| deallocation.rs:121:23:121:36 | ...::null | semmle.label | ...::null | +| deallocation.rs:121:23:121:38 | ...::null(...) | semmle.label | ...::null(...) | +| deallocation.rs:126:14:126:15 | p1 | semmle.label | p1 | +| deallocation.rs:127:14:127:15 | p2 | semmle.label | p2 | +| deallocation.rs:128:14:128:15 | p3 | semmle.label | p3 | +| deallocation.rs:172:27:172:28 | p1 | semmle.label | p1 | +| deallocation.rs:176:15:176:16 | p1 | semmle.label | p1 | +| deallocation.rs:204:27:204:29 | ptr | semmle.label | ptr | +| deallocation.rs:210:18:210:20 | ptr | semmle.label | ptr | subpaths diff --git a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs index 30677ddc07c..738abe77403 100644 --- a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs +++ b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs @@ -1,7 +1,7 @@ // --- std::alloc --- -pub fn test_alloc(do_dangerous_writes: bool) { +pub fn test_alloc(mode: i32) { let layout = std::alloc::Layout::new::(); unsafe { let m1 = std::alloc::alloc(layout); // *mut u8 @@ -20,25 +20,37 @@ pub fn test_alloc(do_dangerous_writes: bool) { std::alloc::dealloc(m1, layout); // $ Source=dealloc // (m1, m2 are now dangling) - let v5 = *m1; // $ Alert[rust/access-invalid-pointer]=dealloc - let v6 = *m2; // $ MISSING: Alert - let v7 = std::ptr::read::(m1); // $ Alert[rust/access-invalid-pointer]=dealloc - let v8 = std::ptr::read::(m2); // $ MISSING: Alert - println!(" v5 = {v5} (!)"); // corrupt in practice - println!(" v6 = {v6} (!)"); // corrupt in practice - println!(" v7 = {v7} (!)"); // corrupt in practice - println!(" v8 = {v8} (!)"); // corrupt in practice - - if do_dangerous_writes { - *m1 = 2; // $ Alert[rust/access-invalid-pointer]=dealloc - *m2 = 3; // $ MISSING: Alert - std::ptr::write::(m1, 4); // $ Alert[rust/access-invalid-pointer]=dealloc - std::ptr::write::(m2, 5); // $ MISSING: Alert + match mode { + 0 => { + // reads + let v5 = *m1; // $ Alert[rust/access-invalid-pointer]=dealloc + let v6 = *m2; // $ MISSING: Alert + println!(" v5 = {v5} (!)"); // corrupt in practice + println!(" v6 = {v6} (!)"); // corrupt in practice + }, + 100 => { + // more reads + let v7 = std::ptr::read::(m1); // $ Alert[rust/access-invalid-pointer]=dealloc + let v8 = std::ptr::read::(m2); // $ MISSING: Alert + println!(" v7 = {v7} (!)"); // corrupt in practice + println!(" v8 = {v8} (!)"); // corrupt in practice + }, + 101 => { + // writes + *m1 = 2; // $ Alert[rust/access-invalid-pointer]=dealloc + *m2 = 3; // $ MISSING: Alert + }, + 102 => { + // more writes + std::ptr::write::(m1, 4); // $ Alert[rust/access-invalid-pointer]=dealloc + std::ptr::write::(m2, 5); // $ MISSING: Alert + }, + _ => {} } } } -pub fn test_alloc_array(do_dangerous_writes: bool) { +pub fn test_alloc_array(mode: i32) { let layout = std::alloc::Layout::new::<[u8; 10]>(); unsafe { let m1 = std::alloc::alloc(layout); @@ -54,16 +66,31 @@ pub fn test_alloc_array(do_dangerous_writes: bool) { std::alloc::dealloc(m2 as *mut u8, layout); // $ Source=dealloc_array // m1, m2 are now dangling - let v3 = (*m2)[0]; // $ Alert[rust/access-invalid-pointer]=dealloc_array - let v4 = (*m2)[1]; // $ Alert[rust/access-invalid-pointer]=dealloc_array - println!(" v3 = {v3} (!)"); // corrupt in practice - println!(" v4 = {v4} (!)"); // corrupt in practice - - if do_dangerous_writes { - (*m2)[0] = 3; // $ Alert[rust/access-invalid-pointer]=dealloc_array - (*m2)[1] = 4; // $ Alert[rust/access-invalid-pointer]=dealloc_array - std::ptr::write::(m1, 5); // $ MISSING: Alert - std::ptr::write::<[u8; 10]>(m2, [6; 10]); // $ Alert[rust/access-invalid-pointer]=dealloc_array + match mode { + 0 => { + // read + let v3 = (*m2)[0]; // $ Alert[rust/access-invalid-pointer]=dealloc_array + println!(" v3 = {v3} (!)"); // corrupt in practice + }, + 110 => { + // another read + let v4 = (*m2)[1]; // $ Alert[rust/access-invalid-pointer]=dealloc_array + println!(" v4 = {v4} (!)"); // corrupt in practice + }, + 111 => { + // write + (*m2)[0] = 3; // $ Alert[rust/access-invalid-pointer]=dealloc_array + }, + 112 => { + // another write + (*m2)[1] = 4; // $ Alert[rust/access-invalid-pointer]=dealloc_array + }, + 113 => { + // more writes + std::ptr::write::(m1, 5); // $ MISSING: Alert + std::ptr::write::<[u8; 10]>(m2, [6; 10]); // $ Alert[rust/access-invalid-pointer]=dealloc_array + }, + _ => {} } } } @@ -88,12 +115,12 @@ pub fn test_libc() { // --- std::ptr --- -pub fn test_ptr_invalid(do_dangerous_accesses: bool) { +pub fn test_ptr_invalid(mode: i32) { let p1: *const i64 = std::ptr::dangling(); // $ Source=dangling let p2: *mut i64 = std::ptr::dangling_mut(); // $ Source=dangling_mut let p3: *const i64 = std::ptr::null(); // $ Source=null - if do_dangerous_accesses { + if mode == 120 { unsafe { // (a segmentation fault occurs in the code below) let v1 = *p1; // $ Alert[rust/access-invalid-pointer]=dangling @@ -129,7 +156,7 @@ pub fn test_drop() { } } -pub fn test_ptr_drop() { +pub fn test_ptr_drop(mode: i32) { let layout = std::alloc::Layout::new::>(); unsafe { let p1 = std::alloc::alloc(layout) as *mut Vec; // *mut i64 @@ -145,10 +172,14 @@ pub fn test_ptr_drop() { std::ptr::drop_in_place(p1); // $ Source=drop_in_place // explicitly destructs the pointed-to `m2` - let v3 = (*p1)[0]; // $ Alert[rust/access-invalid-pointer]=drop_in_place - let v4 = (*p2)[0]; // $ MISSING: Alert - println!(" v3 = {v3} (!)"); // corrupt in practice - println!(" v4 = {v4} (!)"); // corrupt in practice + if mode == 1 { + let v3 = (*p1)[0]; // $ Alert[rust/access-invalid-pointer]=drop_in_place + println!(" v3 = {v3} (!)"); // corrupt in practice + } + if mode == 130 { + let v4 = (*p2)[0]; // $ MISSING: Alert + println!(" v4 = {v4} (!)"); // corrupt in practice + } } } diff --git a/rust/ql/test/query-tests/security/CWE-825/lifetime.rs b/rust/ql/test/query-tests/security/CWE-825/lifetime.rs index 49b0678b035..d7fd8204993 100644 --- a/rust/ql/test/query-tests/security/CWE-825/lifetime.rs +++ b/rust/ql/test/query-tests/security/CWE-825/lifetime.rs @@ -88,7 +88,7 @@ pub fn test_local_dangling() { // --- local in scope --- -fn use_pointers(p1: *const i64, p2: *mut i64) { +fn use_pointers(p1: *const i64, p2: *mut i64, mode: i32) { let p3: *const i64; let my_local1 = 1; p3 = &my_local1; @@ -96,21 +96,27 @@ fn use_pointers(p1: *const i64, p2: *mut i64) { use_the_stack(); unsafe { - let v1 = *p1; // GOOD - let v2 = *p2; // GOOD - let v3 = *p3; // GOOD - *p2 = 2; // GOOD - println!(" v1 = {v1}"); - println!(" v2 = {v2}"); - println!(" v3 = {v3}"); + if (mode == 0) { + // reads + let v1 = *p1; // GOOD + let v2 = *p2; // GOOD + let v3 = *p3; // GOOD + println!(" v1 = {v1}"); + println!(" v2 = {v2}"); + println!(" v3 = {v3}"); + } + if (mode == 200) { + // writes + *p2 = 2; // GOOD + } } } -pub fn test_local_in_scope() { +pub fn test_local_in_scope(mode: i32) { let my_local3: i64 = 3; let mut my_local_mut4: i64 = 4; - use_pointers(&my_local3, &mut my_local_mut4); + use_pointers(&my_local3, &mut my_local_mut4, mode); } // --- static lifetime --- @@ -129,18 +135,24 @@ fn get_static_mut() -> *mut i64 { } } -pub fn test_static() { +pub fn test_static(mode: i32) { let p1 = get_const(); let p2 = get_static_mut(); use_the_stack(); unsafe { - let v1 = *p1; // GOOD - let v2 = *p2; // GOOD - *p2 = 3; // GOOD - println!(" v1 = {v1}"); - println!(" v2 = {v2}"); + if (mode == 0) { + // reads + let v1 = *p1; // GOOD + let v2 = *p2; // GOOD + println!(" v1 = {v1}"); + println!(" v2 = {v2}"); + } + if (mode == 210) { + // writes + *p2 = 3; // GOOD + } } } @@ -299,7 +311,7 @@ impl Drop for MyPair { } } -pub fn test_ptr_to_struct() { +pub fn test_ptr_to_struct(mode: i32) { let p1: *mut MyPair; let p2: *const i64; let p3: *mut i64; @@ -312,33 +324,54 @@ pub fn test_ptr_to_struct() { unsafe { let v1 = (*p1).a; // GOOD + println!(" v1 = {v1}"); + let v2 = (*p1).b; // GOOD + println!(" v2 = {v2}"); + let v3 = *p2; // GOOD let v4 = *p3; // GOOD - (*p1).a = 3; // GOOD - (*p1).b = 4; // GOOD - *p3 = 5; // GOOD - println!(" v1 = {v1}"); - println!(" v2 = {v2}"); println!(" v3 = {v3}"); println!(" v4 = {v4}"); + + (*p1).a = 3; // GOOD + *p3 = 4; // GOOD + (*p1).b = 5; // GOOD } }; // my_pair goes out of scope, thus p1, p2, p3 are dangling use_the_stack(); unsafe { - let v5 = (*p1).a; // $ MISSING: Alert - let v6 = (*p1).b; // $ MISSING: Alert - let v7 = *p2; // $ MISSING: Alert - let v8 = *p3; // $ MISSING: Alert - (*p1).a = 6; // $ MISSING: Alert - (*p1).b = 7; // $ MISSING: Alert - *p3 = 8; // $ MISSING: Alert - println!(" v5 = {v5} (!)"); // dropped in practice - println!(" v6 = {v6} (!)"); // dropped in practice - println!(" v7 = {v7} (!)"); // dropped in practice - println!(" v8 = {v8} (!)"); // dropped in practice + match mode { + 0 => { + // read + let v5 = (*p1).a; // $ MISSING: Alert + println!(" v5 = {v5} (!)"); // dropped in practice + }, + 220 => { + // another read + let v6 = (*p1).b; // $ MISSING: Alert + println!(" v6 = {v6} (!)"); // dropped in practice + }, + 221 => { + // more reads + let v7 = *p2; // $ MISSING: Alert + let v8 = *p3; // $ MISSING: Alert + println!(" v7 = {v7} (!)"); // dropped in practice + println!(" v8 = {v8} (!)"); // dropped in practice + }, + 222 => { + // writes + (*p1).a = 6; // $ MISSING: Alert + *p3 = 7; // $ MISSING: Alert + }, + 223 => { + // another write + (*p1).b = 8; // $ MISSING: Alert + }, + _ => {} + } } } diff --git a/rust/ql/test/query-tests/security/CWE-825/main.rs b/rust/ql/test/query-tests/security/CWE-825/main.rs index 9a3dfcd2889..0b3fc423de1 100644 --- a/rust/ql/test/query-tests/security/CWE-825/main.rs +++ b/rust/ql/test/query-tests/security/CWE-825/main.rs @@ -31,7 +31,7 @@ pub fn test_boxes_into() { } } -pub fn test_boxes_1(do_dangerous_writes: bool) { +pub fn test_boxes_1(mode: i32) { let p1: *const i64; let p2: *const i64; let p3: *mut i64; @@ -50,27 +50,28 @@ pub fn test_boxes_1(do_dangerous_writes: bool) { let v1 = *p1; // GOOD let v2 = *p2; // GOOD let v3 = *p3; // GOOD - *p3 = 4; - println!(" v1 = {v1}"); println!(" v2 = {v2}"); println!(" v3 = {v3}"); + *p3 = 4; } } // (b2, b3 go out of scope, thus p2, p3 are dangling) unsafe { - let v4 = *p1; // GOOD - let v5 = *p2; // $ MISSING: Alert - let v6 = *p3; // $ MISSING: Alert - - if do_dangerous_writes { + if mode == 0 { + // reads + let v4 = *p1; // GOOD + let v5 = *p2; // $ MISSING: Alert + let v6 = *p3; // $ MISSING: Alert + println!(" v4 = {v4}"); + println!(" v5 = {v5} (!)"); // corrupt in practice + println!(" v6 = {v6} (!)"); // corrupt in practice + } + if mode == 10 { + // write *p3 = 5; // $ MISSING: Alert use_the_heap(); // "malloc: Heap corruption detected" } - - println!(" v4 = {v4}"); - println!(" v5 = {v5} (!)"); // corrupt in practice - println!(" v6 = {v6} (!)"); // corrupt in practice } } @@ -94,11 +95,15 @@ pub fn test_boxes_2() { // --- main --- fn main() { + let mode = std::env::args().nth(1).unwrap_or("0".to_string()).parse::().unwrap_or(0); + // mode = which test cases to explore (0 should be safe; some will crash / segfault). + println!("mode = {mode}"); + println!("test_boxes_into:"); test_boxes_into(); println!("test_boxes_1:"); - test_boxes_1(false); + test_boxes_1(mode); println!("test_boxes_2:"); test_boxes_2(); @@ -106,22 +111,22 @@ fn main() { // --- println!("test_alloc:"); - test_alloc(false); + test_alloc(mode); println!("test_alloc_array:"); - test_alloc_array(false); + test_alloc_array(mode); println!("test_libc:"); test_libc(); println!("test_ptr_invalid:"); - test_ptr_invalid(false); + test_ptr_invalid(mode); println!("test_drop:"); test_drop(); println!("test_ptr_drop:"); - test_ptr_drop(); + test_ptr_drop(mode); println!("test_qhelp_tests:"); test_qhelp_tests(); @@ -135,10 +140,10 @@ fn main() { test_local_dangling(); println!("test_local_in_scope:"); - test_local_in_scope(); + test_local_in_scope(mode); println!("test_static:"); - test_static(); + test_static(mode); println!("test_call_contexts:"); test_call_contexts(); @@ -153,7 +158,7 @@ fn main() { test_enum(); println!("test_ptr_to_struct:"); - test_ptr_to_struct(); + test_ptr_to_struct(mode); println!("test_ptr_from_ref:"); test_ptr_from_ref(); From b7044bdcde3f7445148a1bc1953f1de9f92dc1e7 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 24 Mar 2025 11:21:02 +0000 Subject: [PATCH 032/409] Rust: Add a test of repeat sinks. --- .../CWE-825/AccessInvalidPointer.expected | 138 +++++++++--------- .../security/CWE-825/deallocation.rs | 4 + 2 files changed, 76 insertions(+), 66 deletions(-) diff --git a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected index 919bd224519..910252a4aca 100644 --- a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected +++ b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected @@ -1,44 +1,48 @@ #select | deallocation.rs:26:15:26:16 | m1 | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:26:15:26:16 | m1 | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | -| deallocation.rs:33:14:33:33 | ...::read::<...> | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:33:14:33:33 | ...::read::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | -| deallocation.rs:40:6:40:7 | m1 | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:40:6:40:7 | m1 | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | -| deallocation.rs:45:5:45:25 | ...::write::<...> | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:45:5:45:25 | ...::write::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | -| deallocation.rs:72:16:72:17 | m2 | deallocation.rs:66:23:66:24 | m2 | deallocation.rs:72:16:72:17 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:66:23:66:24 | m2 | invalid | -| deallocation.rs:77:16:77:17 | m2 | deallocation.rs:66:23:66:24 | m2 | deallocation.rs:77:16:77:17 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:66:23:66:24 | m2 | invalid | -| deallocation.rs:82:7:82:8 | m2 | deallocation.rs:66:23:66:24 | m2 | deallocation.rs:82:7:82:8 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:66:23:66:24 | m2 | invalid | -| deallocation.rs:86:7:86:8 | m2 | deallocation.rs:66:23:66:24 | m2 | deallocation.rs:86:7:86:8 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:66:23:66:24 | m2 | invalid | -| deallocation.rs:91:5:91:31 | ...::write::<...> | deallocation.rs:66:23:66:24 | m2 | deallocation.rs:91:5:91:31 | ...::write::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:66:23:66:24 | m2 | invalid | -| deallocation.rs:111:13:111:18 | my_ptr | deallocation.rs:108:14:108:19 | my_ptr | deallocation.rs:111:13:111:18 | my_ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:108:14:108:19 | my_ptr | invalid | -| deallocation.rs:126:14:126:15 | p1 | deallocation.rs:119:23:119:40 | ...::dangling | deallocation.rs:126:14:126:15 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:119:23:119:40 | ...::dangling | invalid | -| deallocation.rs:127:14:127:15 | p2 | deallocation.rs:120:21:120:42 | ...::dangling_mut | deallocation.rs:127:14:127:15 | p2 | This operation dereferences a pointer that may be $@. | deallocation.rs:120:21:120:42 | ...::dangling_mut | invalid | -| deallocation.rs:128:14:128:15 | p3 | deallocation.rs:121:23:121:36 | ...::null | deallocation.rs:128:14:128:15 | p3 | This operation dereferences a pointer that may be $@. | deallocation.rs:121:23:121:36 | ...::null | invalid | -| deallocation.rs:176:15:176:16 | p1 | deallocation.rs:172:27:172:28 | p1 | deallocation.rs:176:15:176:16 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:172:27:172:28 | p1 | invalid | -| deallocation.rs:210:18:210:20 | ptr | deallocation.rs:204:27:204:29 | ptr | deallocation.rs:210:18:210:20 | ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:204:27:204:29 | ptr | invalid | +| deallocation.rs:32:16:32:17 | m1 | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:32:16:32:17 | m1 | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | +| deallocation.rs:33:16:33:17 | m1 | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:33:16:33:17 | m1 | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | +| deallocation.rs:37:14:37:33 | ...::read::<...> | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:37:14:37:33 | ...::read::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | +| deallocation.rs:44:6:44:7 | m1 | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:44:6:44:7 | m1 | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | +| deallocation.rs:49:5:49:25 | ...::write::<...> | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:49:5:49:25 | ...::write::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | +| deallocation.rs:76:16:76:17 | m2 | deallocation.rs:70:23:70:24 | m2 | deallocation.rs:76:16:76:17 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:70:23:70:24 | m2 | invalid | +| deallocation.rs:81:16:81:17 | m2 | deallocation.rs:70:23:70:24 | m2 | deallocation.rs:81:16:81:17 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:70:23:70:24 | m2 | invalid | +| deallocation.rs:86:7:86:8 | m2 | deallocation.rs:70:23:70:24 | m2 | deallocation.rs:86:7:86:8 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:70:23:70:24 | m2 | invalid | +| deallocation.rs:90:7:90:8 | m2 | deallocation.rs:70:23:70:24 | m2 | deallocation.rs:90:7:90:8 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:70:23:70:24 | m2 | invalid | +| deallocation.rs:95:5:95:31 | ...::write::<...> | deallocation.rs:70:23:70:24 | m2 | deallocation.rs:95:5:95:31 | ...::write::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:70:23:70:24 | m2 | invalid | +| deallocation.rs:115:13:115:18 | my_ptr | deallocation.rs:112:14:112:19 | my_ptr | deallocation.rs:115:13:115:18 | my_ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:112:14:112:19 | my_ptr | invalid | +| deallocation.rs:130:14:130:15 | p1 | deallocation.rs:123:23:123:40 | ...::dangling | deallocation.rs:130:14:130:15 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:123:23:123:40 | ...::dangling | invalid | +| deallocation.rs:131:14:131:15 | p2 | deallocation.rs:124:21:124:42 | ...::dangling_mut | deallocation.rs:131:14:131:15 | p2 | This operation dereferences a pointer that may be $@. | deallocation.rs:124:21:124:42 | ...::dangling_mut | invalid | +| deallocation.rs:132:14:132:15 | p3 | deallocation.rs:125:23:125:36 | ...::null | deallocation.rs:132:14:132:15 | p3 | This operation dereferences a pointer that may be $@. | deallocation.rs:125:23:125:36 | ...::null | invalid | +| deallocation.rs:180:15:180:16 | p1 | deallocation.rs:176:27:176:28 | p1 | deallocation.rs:180:15:180:16 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:176:27:176:28 | p1 | invalid | +| deallocation.rs:214:18:214:20 | ptr | deallocation.rs:208:27:208:29 | ptr | deallocation.rs:214:18:214:20 | ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:208:27:208:29 | ptr | invalid | edges | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:26:15:26:16 | m1 | provenance | | -| deallocation.rs:20:23:20:24 | m1 | deallocation.rs:33:35:33:36 | m1 | provenance | | -| deallocation.rs:20:23:20:24 | m1 | deallocation.rs:40:6:40:7 | m1 | provenance | | -| deallocation.rs:20:23:20:24 | m1 | deallocation.rs:45:27:45:28 | m1 | provenance | | -| deallocation.rs:33:35:33:36 | m1 | deallocation.rs:33:14:33:33 | ...::read::<...> | provenance | MaD:1 Sink:MaD:1 | -| deallocation.rs:45:27:45:28 | m1 | deallocation.rs:45:5:45:25 | ...::write::<...> | provenance | MaD:2 Sink:MaD:2 | -| deallocation.rs:66:23:66:24 | m2 | deallocation.rs:72:16:72:17 | m2 | provenance | | -| deallocation.rs:66:23:66:24 | m2 | deallocation.rs:77:16:77:17 | m2 | provenance | | -| deallocation.rs:66:23:66:24 | m2 | deallocation.rs:82:7:82:8 | m2 | provenance | | -| deallocation.rs:66:23:66:24 | m2 | deallocation.rs:86:7:86:8 | m2 | provenance | | -| deallocation.rs:66:23:66:24 | m2 | deallocation.rs:91:33:91:34 | m2 | provenance | | -| deallocation.rs:91:33:91:34 | m2 | deallocation.rs:91:5:91:31 | ...::write::<...> | provenance | MaD:2 Sink:MaD:2 | -| deallocation.rs:108:14:108:19 | my_ptr | deallocation.rs:111:13:111:18 | my_ptr | provenance | | -| deallocation.rs:119:6:119:7 | p1 | deallocation.rs:126:14:126:15 | p1 | provenance | | -| deallocation.rs:119:23:119:40 | ...::dangling | deallocation.rs:119:23:119:42 | ...::dangling(...) | provenance | Src:MaD:3 MaD:3 | -| deallocation.rs:119:23:119:42 | ...::dangling(...) | deallocation.rs:119:6:119:7 | p1 | provenance | | -| deallocation.rs:120:6:120:7 | p2 | deallocation.rs:127:14:127:15 | p2 | provenance | | -| deallocation.rs:120:21:120:42 | ...::dangling_mut | deallocation.rs:120:21:120:44 | ...::dangling_mut(...) | provenance | Src:MaD:4 MaD:4 | -| deallocation.rs:120:21:120:44 | ...::dangling_mut(...) | deallocation.rs:120:6:120:7 | p2 | provenance | | -| deallocation.rs:121:6:121:7 | p3 | deallocation.rs:128:14:128:15 | p3 | provenance | | -| deallocation.rs:121:23:121:36 | ...::null | deallocation.rs:121:23:121:38 | ...::null(...) | provenance | Src:MaD:5 MaD:5 | -| deallocation.rs:121:23:121:38 | ...::null(...) | deallocation.rs:121:6:121:7 | p3 | provenance | | -| deallocation.rs:172:27:172:28 | p1 | deallocation.rs:176:15:176:16 | p1 | provenance | | -| deallocation.rs:204:27:204:29 | ptr | deallocation.rs:210:18:210:20 | ptr | provenance | | +| deallocation.rs:20:23:20:24 | m1 | deallocation.rs:32:16:32:17 | m1 | provenance | | +| deallocation.rs:20:23:20:24 | m1 | deallocation.rs:33:16:33:17 | m1 | provenance | | +| deallocation.rs:20:23:20:24 | m1 | deallocation.rs:37:35:37:36 | m1 | provenance | | +| deallocation.rs:20:23:20:24 | m1 | deallocation.rs:44:6:44:7 | m1 | provenance | | +| deallocation.rs:20:23:20:24 | m1 | deallocation.rs:49:27:49:28 | m1 | provenance | | +| deallocation.rs:37:35:37:36 | m1 | deallocation.rs:37:14:37:33 | ...::read::<...> | provenance | MaD:1 Sink:MaD:1 | +| deallocation.rs:49:27:49:28 | m1 | deallocation.rs:49:5:49:25 | ...::write::<...> | provenance | MaD:2 Sink:MaD:2 | +| deallocation.rs:70:23:70:24 | m2 | deallocation.rs:76:16:76:17 | m2 | provenance | | +| deallocation.rs:70:23:70:24 | m2 | deallocation.rs:81:16:81:17 | m2 | provenance | | +| deallocation.rs:70:23:70:24 | m2 | deallocation.rs:86:7:86:8 | m2 | provenance | | +| deallocation.rs:70:23:70:24 | m2 | deallocation.rs:90:7:90:8 | m2 | provenance | | +| deallocation.rs:70:23:70:24 | m2 | deallocation.rs:95:33:95:34 | m2 | provenance | | +| deallocation.rs:95:33:95:34 | m2 | deallocation.rs:95:5:95:31 | ...::write::<...> | provenance | MaD:2 Sink:MaD:2 | +| deallocation.rs:112:14:112:19 | my_ptr | deallocation.rs:115:13:115:18 | my_ptr | provenance | | +| deallocation.rs:123:6:123:7 | p1 | deallocation.rs:130:14:130:15 | p1 | provenance | | +| deallocation.rs:123:23:123:40 | ...::dangling | deallocation.rs:123:23:123:42 | ...::dangling(...) | provenance | Src:MaD:3 MaD:3 | +| deallocation.rs:123:23:123:42 | ...::dangling(...) | deallocation.rs:123:6:123:7 | p1 | provenance | | +| deallocation.rs:124:6:124:7 | p2 | deallocation.rs:131:14:131:15 | p2 | provenance | | +| deallocation.rs:124:21:124:42 | ...::dangling_mut | deallocation.rs:124:21:124:44 | ...::dangling_mut(...) | provenance | Src:MaD:4 MaD:4 | +| deallocation.rs:124:21:124:44 | ...::dangling_mut(...) | deallocation.rs:124:6:124:7 | p2 | provenance | | +| deallocation.rs:125:6:125:7 | p3 | deallocation.rs:132:14:132:15 | p3 | provenance | | +| deallocation.rs:125:23:125:36 | ...::null | deallocation.rs:125:23:125:38 | ...::null(...) | provenance | Src:MaD:5 MaD:5 | +| deallocation.rs:125:23:125:38 | ...::null(...) | deallocation.rs:125:6:125:7 | p3 | provenance | | +| deallocation.rs:176:27:176:28 | p1 | deallocation.rs:180:15:180:16 | p1 | provenance | | +| deallocation.rs:208:27:208:29 | ptr | deallocation.rs:214:18:214:20 | ptr | provenance | | models | 1 | Sink: lang:core; crate::ptr::read; pointer-access; Argument[0] | | 2 | Sink: lang:core; crate::ptr::write; pointer-access; Argument[0] | @@ -48,34 +52,36 @@ models nodes | deallocation.rs:20:23:20:24 | m1 | semmle.label | m1 | | deallocation.rs:26:15:26:16 | m1 | semmle.label | m1 | -| deallocation.rs:33:14:33:33 | ...::read::<...> | semmle.label | ...::read::<...> | -| deallocation.rs:33:35:33:36 | m1 | semmle.label | m1 | -| deallocation.rs:40:6:40:7 | m1 | semmle.label | m1 | -| deallocation.rs:45:5:45:25 | ...::write::<...> | semmle.label | ...::write::<...> | -| deallocation.rs:45:27:45:28 | m1 | semmle.label | m1 | -| deallocation.rs:66:23:66:24 | m2 | semmle.label | m2 | -| deallocation.rs:72:16:72:17 | m2 | semmle.label | m2 | -| deallocation.rs:77:16:77:17 | m2 | semmle.label | m2 | -| deallocation.rs:82:7:82:8 | m2 | semmle.label | m2 | +| deallocation.rs:32:16:32:17 | m1 | semmle.label | m1 | +| deallocation.rs:33:16:33:17 | m1 | semmle.label | m1 | +| deallocation.rs:37:14:37:33 | ...::read::<...> | semmle.label | ...::read::<...> | +| deallocation.rs:37:35:37:36 | m1 | semmle.label | m1 | +| deallocation.rs:44:6:44:7 | m1 | semmle.label | m1 | +| deallocation.rs:49:5:49:25 | ...::write::<...> | semmle.label | ...::write::<...> | +| deallocation.rs:49:27:49:28 | m1 | semmle.label | m1 | +| deallocation.rs:70:23:70:24 | m2 | semmle.label | m2 | +| deallocation.rs:76:16:76:17 | m2 | semmle.label | m2 | +| deallocation.rs:81:16:81:17 | m2 | semmle.label | m2 | | deallocation.rs:86:7:86:8 | m2 | semmle.label | m2 | -| deallocation.rs:91:5:91:31 | ...::write::<...> | semmle.label | ...::write::<...> | -| deallocation.rs:91:33:91:34 | m2 | semmle.label | m2 | -| deallocation.rs:108:14:108:19 | my_ptr | semmle.label | my_ptr | -| deallocation.rs:111:13:111:18 | my_ptr | semmle.label | my_ptr | -| deallocation.rs:119:6:119:7 | p1 | semmle.label | p1 | -| deallocation.rs:119:23:119:40 | ...::dangling | semmle.label | ...::dangling | -| deallocation.rs:119:23:119:42 | ...::dangling(...) | semmle.label | ...::dangling(...) | -| deallocation.rs:120:6:120:7 | p2 | semmle.label | p2 | -| deallocation.rs:120:21:120:42 | ...::dangling_mut | semmle.label | ...::dangling_mut | -| deallocation.rs:120:21:120:44 | ...::dangling_mut(...) | semmle.label | ...::dangling_mut(...) | -| deallocation.rs:121:6:121:7 | p3 | semmle.label | p3 | -| deallocation.rs:121:23:121:36 | ...::null | semmle.label | ...::null | -| deallocation.rs:121:23:121:38 | ...::null(...) | semmle.label | ...::null(...) | -| deallocation.rs:126:14:126:15 | p1 | semmle.label | p1 | -| deallocation.rs:127:14:127:15 | p2 | semmle.label | p2 | -| deallocation.rs:128:14:128:15 | p3 | semmle.label | p3 | -| deallocation.rs:172:27:172:28 | p1 | semmle.label | p1 | -| deallocation.rs:176:15:176:16 | p1 | semmle.label | p1 | -| deallocation.rs:204:27:204:29 | ptr | semmle.label | ptr | -| deallocation.rs:210:18:210:20 | ptr | semmle.label | ptr | +| deallocation.rs:90:7:90:8 | m2 | semmle.label | m2 | +| deallocation.rs:95:5:95:31 | ...::write::<...> | semmle.label | ...::write::<...> | +| deallocation.rs:95:33:95:34 | m2 | semmle.label | m2 | +| deallocation.rs:112:14:112:19 | my_ptr | semmle.label | my_ptr | +| deallocation.rs:115:13:115:18 | my_ptr | semmle.label | my_ptr | +| deallocation.rs:123:6:123:7 | p1 | semmle.label | p1 | +| deallocation.rs:123:23:123:40 | ...::dangling | semmle.label | ...::dangling | +| deallocation.rs:123:23:123:42 | ...::dangling(...) | semmle.label | ...::dangling(...) | +| deallocation.rs:124:6:124:7 | p2 | semmle.label | p2 | +| deallocation.rs:124:21:124:42 | ...::dangling_mut | semmle.label | ...::dangling_mut | +| deallocation.rs:124:21:124:44 | ...::dangling_mut(...) | semmle.label | ...::dangling_mut(...) | +| deallocation.rs:125:6:125:7 | p3 | semmle.label | p3 | +| deallocation.rs:125:23:125:36 | ...::null | semmle.label | ...::null | +| deallocation.rs:125:23:125:38 | ...::null(...) | semmle.label | ...::null(...) | +| deallocation.rs:130:14:130:15 | p1 | semmle.label | p1 | +| deallocation.rs:131:14:131:15 | p2 | semmle.label | p2 | +| deallocation.rs:132:14:132:15 | p3 | semmle.label | p3 | +| deallocation.rs:176:27:176:28 | p1 | semmle.label | p1 | +| deallocation.rs:180:15:180:16 | p1 | semmle.label | p1 | +| deallocation.rs:208:27:208:29 | ptr | semmle.label | ptr | +| deallocation.rs:214:18:214:20 | ptr | semmle.label | ptr | subpaths diff --git a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs index 738abe77403..a1e3676b860 100644 --- a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs +++ b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs @@ -27,6 +27,10 @@ pub fn test_alloc(mode: i32) { let v6 = *m2; // $ MISSING: Alert println!(" v5 = {v5} (!)"); // corrupt in practice println!(" v6 = {v6} (!)"); // corrupt in practice + + // test repeat reads (we don't want lots of very similar results for the same dealloc) + let v5b = *m1; // $ Alert[rust/access-invalid-pointer]=dealloc + let v5c = *m1; // $ Alert[rust/access-invalid-pointer]=dealloc }, 100 => { // more reads From e4cadf09ce49753261f0854336438a17705618c8 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 24 Mar 2025 11:01:47 +0000 Subject: [PATCH 033/409] Rust: Don't report excessive results for the same source. --- .../ql/src/queries/security/CWE-825/AccessInvalidPointer.ql | 5 +++++ .../security/CWE-825/AccessInvalidPointer.expected | 6 ------ rust/ql/test/query-tests/security/CWE-825/deallocation.rs | 4 ++-- 3 files changed, 7 insertions(+), 8 deletions(-) diff --git a/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql b/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql index cb474d0bb0f..15d13dcc479 100644 --- a/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql +++ b/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql @@ -26,6 +26,11 @@ module AccessInvalidPointerConfig implements DataFlow::ConfigSig { predicate isSink(DataFlow::Node node) { node instanceof AccessInvalidPointer::Sink } predicate isBarrier(DataFlow::Node barrier) { barrier instanceof AccessInvalidPointer::Barrier } + + predicate isBarrierOut(DataFlow::Node node) { + // make sinks barriers so that we only report the closest instance + isSink(node) + } } module AccessInvalidPointerFlow = DataFlow::Global; diff --git a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected index 910252a4aca..abab6319917 100644 --- a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected +++ b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected @@ -1,7 +1,5 @@ #select | deallocation.rs:26:15:26:16 | m1 | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:26:15:26:16 | m1 | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | -| deallocation.rs:32:16:32:17 | m1 | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:32:16:32:17 | m1 | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | -| deallocation.rs:33:16:33:17 | m1 | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:33:16:33:17 | m1 | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | | deallocation.rs:37:14:37:33 | ...::read::<...> | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:37:14:37:33 | ...::read::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | | deallocation.rs:44:6:44:7 | m1 | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:44:6:44:7 | m1 | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | | deallocation.rs:49:5:49:25 | ...::write::<...> | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:49:5:49:25 | ...::write::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | @@ -18,8 +16,6 @@ | deallocation.rs:214:18:214:20 | ptr | deallocation.rs:208:27:208:29 | ptr | deallocation.rs:214:18:214:20 | ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:208:27:208:29 | ptr | invalid | edges | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:26:15:26:16 | m1 | provenance | | -| deallocation.rs:20:23:20:24 | m1 | deallocation.rs:32:16:32:17 | m1 | provenance | | -| deallocation.rs:20:23:20:24 | m1 | deallocation.rs:33:16:33:17 | m1 | provenance | | | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:37:35:37:36 | m1 | provenance | | | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:44:6:44:7 | m1 | provenance | | | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:49:27:49:28 | m1 | provenance | | @@ -52,8 +48,6 @@ models nodes | deallocation.rs:20:23:20:24 | m1 | semmle.label | m1 | | deallocation.rs:26:15:26:16 | m1 | semmle.label | m1 | -| deallocation.rs:32:16:32:17 | m1 | semmle.label | m1 | -| deallocation.rs:33:16:33:17 | m1 | semmle.label | m1 | | deallocation.rs:37:14:37:33 | ...::read::<...> | semmle.label | ...::read::<...> | | deallocation.rs:37:35:37:36 | m1 | semmle.label | m1 | | deallocation.rs:44:6:44:7 | m1 | semmle.label | m1 | diff --git a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs index a1e3676b860..77f687b5ae2 100644 --- a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs +++ b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs @@ -29,8 +29,8 @@ pub fn test_alloc(mode: i32) { println!(" v6 = {v6} (!)"); // corrupt in practice // test repeat reads (we don't want lots of very similar results for the same dealloc) - let v5b = *m1; // $ Alert[rust/access-invalid-pointer]=dealloc - let v5c = *m1; // $ Alert[rust/access-invalid-pointer]=dealloc + let v5b = *m1; + let v5c = *m1; }, 100 => { // more reads From 363128f4ecfa63084c4a7be819fc52e78fc015b4 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 24 Mar 2025 12:21:51 +0000 Subject: [PATCH 034/409] Apply suggestions from code review Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com> --- .../src/queries/security/CWE-825/AccessInvalidPointer.qhelp | 6 +++--- .../ql/src/queries/security/CWE-825/AccessInvalidPointer.ql | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.qhelp b/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.qhelp index 2981564b9ee..2aa2b8abef8 100644 --- a/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.qhelp +++ b/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.qhelp @@ -5,7 +5,7 @@

    -Dereferencing an invalid or dangling pointer is undefined behavior. Memory may be corrupted +Dereferencing an invalid or dangling pointer may cause undefined behavior. Memory may be corrupted causing the program to crash or behave incorrectly, in some cases exposing the program to potential attacks.

    @@ -17,7 +17,7 @@ potential attacks. When dereferencing a pointer in unsafe code, take care that the pointer is valid and points to the intended data. Code may need to be rearranged or additional checks added to ensure safety in all circumstances. If possible, rewrite the code using safe Rust types to avoid this -class of problems altogether. +kind of problems altogether.

    @@ -32,7 +32,7 @@ undefined behavior:

    -In this case undefined behavior can be avoided by rearranging the code so that the dereference +In this case, undefined behavior can be avoided by rearranging the code so that the dereferencing comes before the call to std::ptr::drop_in_place:

    diff --git a/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql b/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql index 15d13dcc479..1d84fffe1ee 100644 --- a/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql +++ b/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql @@ -1,6 +1,6 @@ /** * @name Access of invalid pointer - * @description Dereferencing an invalid or dangling pointer is undefined behavior and may cause memory corruption. + * @description Dereferencing an invalid or dangling pointer causes undefined behavior and may result in memory corruption. * @kind path-problem * @problem.severity error * @security-severity 7.5 From 82068a262d1463fcbb912419727a323780b6ec6c Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 24 Mar 2025 12:23:48 +0000 Subject: [PATCH 035/409] Rust: Further rephrasing. --- rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.qhelp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.qhelp b/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.qhelp index 2aa2b8abef8..1c6a0452c53 100644 --- a/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.qhelp +++ b/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.qhelp @@ -17,7 +17,7 @@ potential attacks. When dereferencing a pointer in unsafe code, take care that the pointer is valid and points to the intended data. Code may need to be rearranged or additional checks added to ensure safety in all circumstances. If possible, rewrite the code using safe Rust types to avoid this -kind of problems altogether. +kind of problem altogether.

    From 29a23a3d20deddbceb7c85db87ac42260c9b928a Mon Sep 17 00:00:00 2001 From: Marco Gario Date: Wed, 26 Mar 2025 13:28:34 +0100 Subject: [PATCH 036/409] Update UseOfKnownVulnerableAction.ql Name should not end in a `.` --- actions/ql/src/Security/CWE-1395/UseOfKnownVulnerableAction.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/actions/ql/src/Security/CWE-1395/UseOfKnownVulnerableAction.ql b/actions/ql/src/Security/CWE-1395/UseOfKnownVulnerableAction.ql index 497a3b9feb9..05603dae68b 100644 --- a/actions/ql/src/Security/CWE-1395/UseOfKnownVulnerableAction.ql +++ b/actions/ql/src/Security/CWE-1395/UseOfKnownVulnerableAction.ql @@ -1,5 +1,5 @@ /** - * @name Use of a known vulnerable action. + * @name Use of a known vulnerable action * @description The workflow is using an action with known vulnerabilities. * @kind problem * @problem.severity error From b1737858fa07cdcde9513bac72f738fee9a81dbf Mon Sep 17 00:00:00 2001 From: Marco Gario Date: Wed, 26 Mar 2025 12:49:48 +0000 Subject: [PATCH 037/409] UntrustedCheckout: Try and differentiate between two versions of the rule --- actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql b/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql index c1d3729701d..b004b26c603 100644 --- a/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql +++ b/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql @@ -1,5 +1,5 @@ /** - * @name Checkout of untrusted code in trusted context + * @name Checkout of untrusted code in trusted context with poisonable step * @description Privileged workflows have read/write access to the base repository and access to secrets. * By explicitly checking out and running the build script from a fork the untrusted code is running in an environment * that is able to push to the base repository and to access secrets. From 288fcb60928710b975adaa61a034968955b60e2c Mon Sep 17 00:00:00 2001 From: Marco Gario Date: Wed, 26 Mar 2025 15:53:20 +0100 Subject: [PATCH 038/409] Update CWE-829 description for clarity --- actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql b/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql index b004b26c603..90feab533a4 100644 --- a/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql +++ b/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql @@ -1,5 +1,5 @@ /** - * @name Checkout of untrusted code in trusted context with poisonable step + * @name Checkout of untrusted code in priviledged context * @description Privileged workflows have read/write access to the base repository and access to secrets. * By explicitly checking out and running the build script from a fork the untrusted code is running in an environment * that is able to push to the base repository and to access secrets. From 0a04191a6173d403c5ea6fc6bcad5a97a27ca77d Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 26 Mar 2025 15:06:03 +0000 Subject: [PATCH 039/409] Rust: Effect of merging main (duplicate results). --- .../CWE-825/AccessInvalidPointer.expected | 35 +++++++++++++++---- 1 file changed, 29 insertions(+), 6 deletions(-) diff --git a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected index abab6319917..78c94169f19 100644 --- a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected +++ b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected @@ -1,7 +1,11 @@ #select +| deallocation.rs:26:15:26:16 | m1 | deallocation.rs:20:3:20:21 | ...::dealloc | deallocation.rs:26:15:26:16 | m1 | This operation dereferences a pointer that may be $@. | deallocation.rs:20:3:20:21 | ...::dealloc | invalid | | deallocation.rs:26:15:26:16 | m1 | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:26:15:26:16 | m1 | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | +| deallocation.rs:37:14:37:33 | ...::read::<...> | deallocation.rs:20:3:20:21 | ...::dealloc | deallocation.rs:37:14:37:33 | ...::read::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:20:3:20:21 | ...::dealloc | invalid | | deallocation.rs:37:14:37:33 | ...::read::<...> | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:37:14:37:33 | ...::read::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | +| deallocation.rs:44:6:44:7 | m1 | deallocation.rs:20:3:20:21 | ...::dealloc | deallocation.rs:44:6:44:7 | m1 | This operation dereferences a pointer that may be $@. | deallocation.rs:20:3:20:21 | ...::dealloc | invalid | | deallocation.rs:44:6:44:7 | m1 | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:44:6:44:7 | m1 | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | +| deallocation.rs:49:5:49:25 | ...::write::<...> | deallocation.rs:20:3:20:21 | ...::dealloc | deallocation.rs:49:5:49:25 | ...::write::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:20:3:20:21 | ...::dealloc | invalid | | deallocation.rs:49:5:49:25 | ...::write::<...> | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:49:5:49:25 | ...::write::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | | deallocation.rs:76:16:76:17 | m2 | deallocation.rs:70:23:70:24 | m2 | deallocation.rs:76:16:76:17 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:70:23:70:24 | m2 | invalid | | deallocation.rs:81:16:81:17 | m2 | deallocation.rs:70:23:70:24 | m2 | deallocation.rs:81:16:81:17 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:70:23:70:24 | m2 | invalid | @@ -12,9 +16,16 @@ | deallocation.rs:130:14:130:15 | p1 | deallocation.rs:123:23:123:40 | ...::dangling | deallocation.rs:130:14:130:15 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:123:23:123:40 | ...::dangling | invalid | | deallocation.rs:131:14:131:15 | p2 | deallocation.rs:124:21:124:42 | ...::dangling_mut | deallocation.rs:131:14:131:15 | p2 | This operation dereferences a pointer that may be $@. | deallocation.rs:124:21:124:42 | ...::dangling_mut | invalid | | deallocation.rs:132:14:132:15 | p3 | deallocation.rs:125:23:125:36 | ...::null | deallocation.rs:132:14:132:15 | p3 | This operation dereferences a pointer that may be $@. | deallocation.rs:125:23:125:36 | ...::null | invalid | +| deallocation.rs:180:15:180:16 | p1 | deallocation.rs:176:3:176:25 | ...::drop_in_place | deallocation.rs:180:15:180:16 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:176:3:176:25 | ...::drop_in_place | invalid | | deallocation.rs:180:15:180:16 | p1 | deallocation.rs:176:27:176:28 | p1 | deallocation.rs:180:15:180:16 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:176:27:176:28 | p1 | invalid | +| deallocation.rs:214:18:214:20 | ptr | deallocation.rs:208:3:208:25 | ...::drop_in_place | deallocation.rs:214:18:214:20 | ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:208:3:208:25 | ...::drop_in_place | invalid | | deallocation.rs:214:18:214:20 | ptr | deallocation.rs:208:27:208:29 | ptr | deallocation.rs:214:18:214:20 | ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:208:27:208:29 | ptr | invalid | edges +| deallocation.rs:20:3:20:21 | ...::dealloc | deallocation.rs:20:23:20:24 | [post] m1 | provenance | Src:MaD:3 MaD:3 | +| deallocation.rs:20:23:20:24 | [post] m1 | deallocation.rs:26:15:26:16 | m1 | provenance | | +| deallocation.rs:20:23:20:24 | [post] m1 | deallocation.rs:37:35:37:36 | m1 | provenance | | +| deallocation.rs:20:23:20:24 | [post] m1 | deallocation.rs:44:6:44:7 | m1 | provenance | | +| deallocation.rs:20:23:20:24 | [post] m1 | deallocation.rs:49:27:49:28 | m1 | provenance | | | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:26:15:26:16 | m1 | provenance | | | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:37:35:37:36 | m1 | provenance | | | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:44:6:44:7 | m1 | provenance | | @@ -29,23 +40,31 @@ edges | deallocation.rs:95:33:95:34 | m2 | deallocation.rs:95:5:95:31 | ...::write::<...> | provenance | MaD:2 Sink:MaD:2 | | deallocation.rs:112:14:112:19 | my_ptr | deallocation.rs:115:13:115:18 | my_ptr | provenance | | | deallocation.rs:123:6:123:7 | p1 | deallocation.rs:130:14:130:15 | p1 | provenance | | -| deallocation.rs:123:23:123:40 | ...::dangling | deallocation.rs:123:23:123:42 | ...::dangling(...) | provenance | Src:MaD:3 MaD:3 | +| deallocation.rs:123:23:123:40 | ...::dangling | deallocation.rs:123:23:123:42 | ...::dangling(...) | provenance | Src:MaD:4 MaD:4 | | deallocation.rs:123:23:123:42 | ...::dangling(...) | deallocation.rs:123:6:123:7 | p1 | provenance | | | deallocation.rs:124:6:124:7 | p2 | deallocation.rs:131:14:131:15 | p2 | provenance | | -| deallocation.rs:124:21:124:42 | ...::dangling_mut | deallocation.rs:124:21:124:44 | ...::dangling_mut(...) | provenance | Src:MaD:4 MaD:4 | +| deallocation.rs:124:21:124:42 | ...::dangling_mut | deallocation.rs:124:21:124:44 | ...::dangling_mut(...) | provenance | Src:MaD:5 MaD:5 | | deallocation.rs:124:21:124:44 | ...::dangling_mut(...) | deallocation.rs:124:6:124:7 | p2 | provenance | | | deallocation.rs:125:6:125:7 | p3 | deallocation.rs:132:14:132:15 | p3 | provenance | | -| deallocation.rs:125:23:125:36 | ...::null | deallocation.rs:125:23:125:38 | ...::null(...) | provenance | Src:MaD:5 MaD:5 | +| deallocation.rs:125:23:125:36 | ...::null | deallocation.rs:125:23:125:38 | ...::null(...) | provenance | Src:MaD:7 MaD:7 | | deallocation.rs:125:23:125:38 | ...::null(...) | deallocation.rs:125:6:125:7 | p3 | provenance | | +| deallocation.rs:176:3:176:25 | ...::drop_in_place | deallocation.rs:176:27:176:28 | [post] p1 | provenance | Src:MaD:6 MaD:6 | +| deallocation.rs:176:27:176:28 | [post] p1 | deallocation.rs:180:15:180:16 | p1 | provenance | | | deallocation.rs:176:27:176:28 | p1 | deallocation.rs:180:15:180:16 | p1 | provenance | | +| deallocation.rs:208:3:208:25 | ...::drop_in_place | deallocation.rs:208:27:208:29 | [post] ptr | provenance | Src:MaD:6 MaD:6 | +| deallocation.rs:208:27:208:29 | [post] ptr | deallocation.rs:214:18:214:20 | ptr | provenance | | | deallocation.rs:208:27:208:29 | ptr | deallocation.rs:214:18:214:20 | ptr | provenance | | models | 1 | Sink: lang:core; crate::ptr::read; pointer-access; Argument[0] | | 2 | Sink: lang:core; crate::ptr::write; pointer-access; Argument[0] | -| 3 | Source: lang:core; crate::ptr::dangling; pointer-invalidate; ReturnValue | -| 4 | Source: lang:core; crate::ptr::dangling_mut; pointer-invalidate; ReturnValue | -| 5 | Source: lang:core; crate::ptr::null; pointer-invalidate; ReturnValue | +| 3 | Source: lang:alloc; crate::alloc::dealloc; pointer-invalidate; Argument[0] | +| 4 | Source: lang:core; crate::ptr::dangling; pointer-invalidate; ReturnValue | +| 5 | Source: lang:core; crate::ptr::dangling_mut; pointer-invalidate; ReturnValue | +| 6 | Source: lang:core; crate::ptr::drop_in_place; pointer-invalidate; Argument[0] | +| 7 | Source: lang:core; crate::ptr::null; pointer-invalidate; ReturnValue | nodes +| deallocation.rs:20:3:20:21 | ...::dealloc | semmle.label | ...::dealloc | +| deallocation.rs:20:23:20:24 | [post] m1 | semmle.label | [post] m1 | | deallocation.rs:20:23:20:24 | m1 | semmle.label | m1 | | deallocation.rs:26:15:26:16 | m1 | semmle.label | m1 | | deallocation.rs:37:14:37:33 | ...::read::<...> | semmle.label | ...::read::<...> | @@ -74,8 +93,12 @@ nodes | deallocation.rs:130:14:130:15 | p1 | semmle.label | p1 | | deallocation.rs:131:14:131:15 | p2 | semmle.label | p2 | | deallocation.rs:132:14:132:15 | p3 | semmle.label | p3 | +| deallocation.rs:176:3:176:25 | ...::drop_in_place | semmle.label | ...::drop_in_place | +| deallocation.rs:176:27:176:28 | [post] p1 | semmle.label | [post] p1 | | deallocation.rs:176:27:176:28 | p1 | semmle.label | p1 | | deallocation.rs:180:15:180:16 | p1 | semmle.label | p1 | +| deallocation.rs:208:3:208:25 | ...::drop_in_place | semmle.label | ...::drop_in_place | +| deallocation.rs:208:27:208:29 | [post] ptr | semmle.label | [post] ptr | | deallocation.rs:208:27:208:29 | ptr | semmle.label | ptr | | deallocation.rs:214:18:214:20 | ptr | semmle.label | ptr | subpaths From c84e2cd7cb5467a38e603714c13ea617796c3d85 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 26 Mar 2025 15:35:44 +0000 Subject: [PATCH 040/409] Rust: Reduce the workaround (fixes duplicate results). --- .../security/AccessInvalidPointerExtensions.qll | 2 +- .../CWE-825/AccessInvalidPointer.expected | 15 --------------- 2 files changed, 1 insertion(+), 16 deletions(-) diff --git a/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll b/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll index 9f895ef6f87..c20a4966edd 100644 --- a/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll @@ -50,7 +50,7 @@ module AccessInvalidPointer { sourceNode(n, "pointer-invalidate") and n.(FlowSummaryNode).getSourceElement() = ce.getFunction() and arg = ce.getArgList().getAnArg() and - this.asExpr().getExpr().getParentNode*() = arg + this.asExpr().getExpr().getParentNode+() = arg ) } } diff --git a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected index 78c94169f19..ca5982fdb2d 100644 --- a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected +++ b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected @@ -1,12 +1,8 @@ #select | deallocation.rs:26:15:26:16 | m1 | deallocation.rs:20:3:20:21 | ...::dealloc | deallocation.rs:26:15:26:16 | m1 | This operation dereferences a pointer that may be $@. | deallocation.rs:20:3:20:21 | ...::dealloc | invalid | -| deallocation.rs:26:15:26:16 | m1 | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:26:15:26:16 | m1 | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | | deallocation.rs:37:14:37:33 | ...::read::<...> | deallocation.rs:20:3:20:21 | ...::dealloc | deallocation.rs:37:14:37:33 | ...::read::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:20:3:20:21 | ...::dealloc | invalid | -| deallocation.rs:37:14:37:33 | ...::read::<...> | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:37:14:37:33 | ...::read::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | | deallocation.rs:44:6:44:7 | m1 | deallocation.rs:20:3:20:21 | ...::dealloc | deallocation.rs:44:6:44:7 | m1 | This operation dereferences a pointer that may be $@. | deallocation.rs:20:3:20:21 | ...::dealloc | invalid | -| deallocation.rs:44:6:44:7 | m1 | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:44:6:44:7 | m1 | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | | deallocation.rs:49:5:49:25 | ...::write::<...> | deallocation.rs:20:3:20:21 | ...::dealloc | deallocation.rs:49:5:49:25 | ...::write::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:20:3:20:21 | ...::dealloc | invalid | -| deallocation.rs:49:5:49:25 | ...::write::<...> | deallocation.rs:20:23:20:24 | m1 | deallocation.rs:49:5:49:25 | ...::write::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:20:23:20:24 | m1 | invalid | | deallocation.rs:76:16:76:17 | m2 | deallocation.rs:70:23:70:24 | m2 | deallocation.rs:76:16:76:17 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:70:23:70:24 | m2 | invalid | | deallocation.rs:81:16:81:17 | m2 | deallocation.rs:70:23:70:24 | m2 | deallocation.rs:81:16:81:17 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:70:23:70:24 | m2 | invalid | | deallocation.rs:86:7:86:8 | m2 | deallocation.rs:70:23:70:24 | m2 | deallocation.rs:86:7:86:8 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:70:23:70:24 | m2 | invalid | @@ -17,19 +13,13 @@ | deallocation.rs:131:14:131:15 | p2 | deallocation.rs:124:21:124:42 | ...::dangling_mut | deallocation.rs:131:14:131:15 | p2 | This operation dereferences a pointer that may be $@. | deallocation.rs:124:21:124:42 | ...::dangling_mut | invalid | | deallocation.rs:132:14:132:15 | p3 | deallocation.rs:125:23:125:36 | ...::null | deallocation.rs:132:14:132:15 | p3 | This operation dereferences a pointer that may be $@. | deallocation.rs:125:23:125:36 | ...::null | invalid | | deallocation.rs:180:15:180:16 | p1 | deallocation.rs:176:3:176:25 | ...::drop_in_place | deallocation.rs:180:15:180:16 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:176:3:176:25 | ...::drop_in_place | invalid | -| deallocation.rs:180:15:180:16 | p1 | deallocation.rs:176:27:176:28 | p1 | deallocation.rs:180:15:180:16 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:176:27:176:28 | p1 | invalid | | deallocation.rs:214:18:214:20 | ptr | deallocation.rs:208:3:208:25 | ...::drop_in_place | deallocation.rs:214:18:214:20 | ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:208:3:208:25 | ...::drop_in_place | invalid | -| deallocation.rs:214:18:214:20 | ptr | deallocation.rs:208:27:208:29 | ptr | deallocation.rs:214:18:214:20 | ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:208:27:208:29 | ptr | invalid | edges | deallocation.rs:20:3:20:21 | ...::dealloc | deallocation.rs:20:23:20:24 | [post] m1 | provenance | Src:MaD:3 MaD:3 | | deallocation.rs:20:23:20:24 | [post] m1 | deallocation.rs:26:15:26:16 | m1 | provenance | | | deallocation.rs:20:23:20:24 | [post] m1 | deallocation.rs:37:35:37:36 | m1 | provenance | | | deallocation.rs:20:23:20:24 | [post] m1 | deallocation.rs:44:6:44:7 | m1 | provenance | | | deallocation.rs:20:23:20:24 | [post] m1 | deallocation.rs:49:27:49:28 | m1 | provenance | | -| deallocation.rs:20:23:20:24 | m1 | deallocation.rs:26:15:26:16 | m1 | provenance | | -| deallocation.rs:20:23:20:24 | m1 | deallocation.rs:37:35:37:36 | m1 | provenance | | -| deallocation.rs:20:23:20:24 | m1 | deallocation.rs:44:6:44:7 | m1 | provenance | | -| deallocation.rs:20:23:20:24 | m1 | deallocation.rs:49:27:49:28 | m1 | provenance | | | deallocation.rs:37:35:37:36 | m1 | deallocation.rs:37:14:37:33 | ...::read::<...> | provenance | MaD:1 Sink:MaD:1 | | deallocation.rs:49:27:49:28 | m1 | deallocation.rs:49:5:49:25 | ...::write::<...> | provenance | MaD:2 Sink:MaD:2 | | deallocation.rs:70:23:70:24 | m2 | deallocation.rs:76:16:76:17 | m2 | provenance | | @@ -50,10 +40,8 @@ edges | deallocation.rs:125:23:125:38 | ...::null(...) | deallocation.rs:125:6:125:7 | p3 | provenance | | | deallocation.rs:176:3:176:25 | ...::drop_in_place | deallocation.rs:176:27:176:28 | [post] p1 | provenance | Src:MaD:6 MaD:6 | | deallocation.rs:176:27:176:28 | [post] p1 | deallocation.rs:180:15:180:16 | p1 | provenance | | -| deallocation.rs:176:27:176:28 | p1 | deallocation.rs:180:15:180:16 | p1 | provenance | | | deallocation.rs:208:3:208:25 | ...::drop_in_place | deallocation.rs:208:27:208:29 | [post] ptr | provenance | Src:MaD:6 MaD:6 | | deallocation.rs:208:27:208:29 | [post] ptr | deallocation.rs:214:18:214:20 | ptr | provenance | | -| deallocation.rs:208:27:208:29 | ptr | deallocation.rs:214:18:214:20 | ptr | provenance | | models | 1 | Sink: lang:core; crate::ptr::read; pointer-access; Argument[0] | | 2 | Sink: lang:core; crate::ptr::write; pointer-access; Argument[0] | @@ -65,7 +53,6 @@ models nodes | deallocation.rs:20:3:20:21 | ...::dealloc | semmle.label | ...::dealloc | | deallocation.rs:20:23:20:24 | [post] m1 | semmle.label | [post] m1 | -| deallocation.rs:20:23:20:24 | m1 | semmle.label | m1 | | deallocation.rs:26:15:26:16 | m1 | semmle.label | m1 | | deallocation.rs:37:14:37:33 | ...::read::<...> | semmle.label | ...::read::<...> | | deallocation.rs:37:35:37:36 | m1 | semmle.label | m1 | @@ -95,10 +82,8 @@ nodes | deallocation.rs:132:14:132:15 | p3 | semmle.label | p3 | | deallocation.rs:176:3:176:25 | ...::drop_in_place | semmle.label | ...::drop_in_place | | deallocation.rs:176:27:176:28 | [post] p1 | semmle.label | [post] p1 | -| deallocation.rs:176:27:176:28 | p1 | semmle.label | p1 | | deallocation.rs:180:15:180:16 | p1 | semmle.label | p1 | | deallocation.rs:208:3:208:25 | ...::drop_in_place | semmle.label | ...::drop_in_place | | deallocation.rs:208:27:208:29 | [post] ptr | semmle.label | [post] ptr | -| deallocation.rs:208:27:208:29 | ptr | semmle.label | ptr | | deallocation.rs:214:18:214:20 | ptr | semmle.label | ptr | subpaths From d1a0237e87cf1f7fe780bba86b413e535d57d87c Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 27 Mar 2025 09:20:25 +0000 Subject: [PATCH 041/409] Rust: Correct a few details in the test. --- .../security/CWE-825/AccessInvalidPointer.expected | 12 ++++++------ .../query-tests/security/CWE-825/deallocation.rs | 14 +++++++++----- rust/ql/test/query-tests/security/CWE-825/main.rs | 2 +- 3 files changed, 16 insertions(+), 12 deletions(-) diff --git a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected index ca5982fdb2d..05fb5477512 100644 --- a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected +++ b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected @@ -13,7 +13,7 @@ | deallocation.rs:131:14:131:15 | p2 | deallocation.rs:124:21:124:42 | ...::dangling_mut | deallocation.rs:131:14:131:15 | p2 | This operation dereferences a pointer that may be $@. | deallocation.rs:124:21:124:42 | ...::dangling_mut | invalid | | deallocation.rs:132:14:132:15 | p3 | deallocation.rs:125:23:125:36 | ...::null | deallocation.rs:132:14:132:15 | p3 | This operation dereferences a pointer that may be $@. | deallocation.rs:125:23:125:36 | ...::null | invalid | | deallocation.rs:180:15:180:16 | p1 | deallocation.rs:176:3:176:25 | ...::drop_in_place | deallocation.rs:180:15:180:16 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:176:3:176:25 | ...::drop_in_place | invalid | -| deallocation.rs:214:18:214:20 | ptr | deallocation.rs:208:3:208:25 | ...::drop_in_place | deallocation.rs:214:18:214:20 | ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:208:3:208:25 | ...::drop_in_place | invalid | +| deallocation.rs:216:18:216:20 | ptr | deallocation.rs:210:3:210:25 | ...::drop_in_place | deallocation.rs:216:18:216:20 | ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:210:3:210:25 | ...::drop_in_place | invalid | edges | deallocation.rs:20:3:20:21 | ...::dealloc | deallocation.rs:20:23:20:24 | [post] m1 | provenance | Src:MaD:3 MaD:3 | | deallocation.rs:20:23:20:24 | [post] m1 | deallocation.rs:26:15:26:16 | m1 | provenance | | @@ -40,8 +40,8 @@ edges | deallocation.rs:125:23:125:38 | ...::null(...) | deallocation.rs:125:6:125:7 | p3 | provenance | | | deallocation.rs:176:3:176:25 | ...::drop_in_place | deallocation.rs:176:27:176:28 | [post] p1 | provenance | Src:MaD:6 MaD:6 | | deallocation.rs:176:27:176:28 | [post] p1 | deallocation.rs:180:15:180:16 | p1 | provenance | | -| deallocation.rs:208:3:208:25 | ...::drop_in_place | deallocation.rs:208:27:208:29 | [post] ptr | provenance | Src:MaD:6 MaD:6 | -| deallocation.rs:208:27:208:29 | [post] ptr | deallocation.rs:214:18:214:20 | ptr | provenance | | +| deallocation.rs:210:3:210:25 | ...::drop_in_place | deallocation.rs:210:27:210:29 | [post] ptr | provenance | Src:MaD:6 MaD:6 | +| deallocation.rs:210:27:210:29 | [post] ptr | deallocation.rs:216:18:216:20 | ptr | provenance | | models | 1 | Sink: lang:core; crate::ptr::read; pointer-access; Argument[0] | | 2 | Sink: lang:core; crate::ptr::write; pointer-access; Argument[0] | @@ -83,7 +83,7 @@ nodes | deallocation.rs:176:3:176:25 | ...::drop_in_place | semmle.label | ...::drop_in_place | | deallocation.rs:176:27:176:28 | [post] p1 | semmle.label | [post] p1 | | deallocation.rs:180:15:180:16 | p1 | semmle.label | p1 | -| deallocation.rs:208:3:208:25 | ...::drop_in_place | semmle.label | ...::drop_in_place | -| deallocation.rs:208:27:208:29 | [post] ptr | semmle.label | [post] ptr | -| deallocation.rs:214:18:214:20 | ptr | semmle.label | ptr | +| deallocation.rs:210:3:210:25 | ...::drop_in_place | semmle.label | ...::drop_in_place | +| deallocation.rs:210:27:210:29 | [post] ptr | semmle.label | [post] ptr | +| deallocation.rs:216:18:216:20 | ptr | semmle.label | ptr | subpaths diff --git a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs index 77f687b5ae2..de3b7cbc16c 100644 --- a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs +++ b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs @@ -187,11 +187,13 @@ pub fn test_ptr_drop(mode: i32) { } } +// --- qhelp examples --- + fn do_something(s: &String) { println!(" s = {}", s); } -fn test_qhelp_test_good(ptr: *mut String) { +fn test_qhelp_example_good(ptr: *mut String) { unsafe { do_something(&*ptr); } @@ -203,7 +205,7 @@ fn test_qhelp_test_good(ptr: *mut String) { } } -fn test_qhelp_test_bad(ptr: *mut String) { +fn test_qhelp_example_bad(ptr: *mut String) { unsafe { std::ptr::drop_in_place(ptr); // $ Source=drop_in_place } @@ -215,7 +217,7 @@ fn test_qhelp_test_bad(ptr: *mut String) { } } -pub fn test_qhelp_tests() { +pub fn test_qhelp_examples() { let layout = std::alloc::Layout::new::<[String; 2]>(); unsafe { let ptr = std::alloc::alloc(layout); @@ -226,14 +228,16 @@ pub fn test_qhelp_tests() { *ptr1 = String::from("123"); *ptr2 = String::from("456"); - test_qhelp_test_good(ptr1); + test_qhelp_example_good(ptr1); - test_qhelp_test_bad(ptr2); + test_qhelp_example_bad(ptr2); std::alloc::dealloc(ptr, layout); } } +// --- Vec --- + pub fn test_vec_reserve() { let mut vec1 = Vec::::new(); vec1.push(100); diff --git a/rust/ql/test/query-tests/security/CWE-825/main.rs b/rust/ql/test/query-tests/security/CWE-825/main.rs index 0b3fc423de1..ec135011f70 100644 --- a/rust/ql/test/query-tests/security/CWE-825/main.rs +++ b/rust/ql/test/query-tests/security/CWE-825/main.rs @@ -129,7 +129,7 @@ fn main() { test_ptr_drop(mode); println!("test_qhelp_tests:"); - test_qhelp_tests(); + test_qhelp_examples(); println!("test_vec_reserve:"); test_vec_reserve(); From 8598d619f231a19db8734712019668ce3c368437 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 27 Mar 2025 09:39:25 +0000 Subject: [PATCH 042/409] Rust: Add a test case involving a Drop method. --- .../CWE-825/AccessInvalidPointer.expected | 14 +++++---- .../security/CWE-825/deallocation.rs | 29 +++++++++++++++++++ 2 files changed, 37 insertions(+), 6 deletions(-) diff --git a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected index 05fb5477512..479a53ba823 100644 --- a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected +++ b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected @@ -13,7 +13,8 @@ | deallocation.rs:131:14:131:15 | p2 | deallocation.rs:124:21:124:42 | ...::dangling_mut | deallocation.rs:131:14:131:15 | p2 | This operation dereferences a pointer that may be $@. | deallocation.rs:124:21:124:42 | ...::dangling_mut | invalid | | deallocation.rs:132:14:132:15 | p3 | deallocation.rs:125:23:125:36 | ...::null | deallocation.rs:132:14:132:15 | p3 | This operation dereferences a pointer that may be $@. | deallocation.rs:125:23:125:36 | ...::null | invalid | | deallocation.rs:180:15:180:16 | p1 | deallocation.rs:176:3:176:25 | ...::drop_in_place | deallocation.rs:180:15:180:16 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:176:3:176:25 | ...::drop_in_place | invalid | -| deallocation.rs:216:18:216:20 | ptr | deallocation.rs:210:3:210:25 | ...::drop_in_place | deallocation.rs:216:18:216:20 | ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:210:3:210:25 | ...::drop_in_place | invalid | +| deallocation.rs:212:10:212:17 | self.ptr | deallocation.rs:212:10:212:17 | self.ptr | deallocation.rs:212:10:212:17 | self.ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:212:10:212:17 | self.ptr | invalid | +| deallocation.rs:245:18:245:20 | ptr | deallocation.rs:239:3:239:25 | ...::drop_in_place | deallocation.rs:245:18:245:20 | ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:239:3:239:25 | ...::drop_in_place | invalid | edges | deallocation.rs:20:3:20:21 | ...::dealloc | deallocation.rs:20:23:20:24 | [post] m1 | provenance | Src:MaD:3 MaD:3 | | deallocation.rs:20:23:20:24 | [post] m1 | deallocation.rs:26:15:26:16 | m1 | provenance | | @@ -40,8 +41,8 @@ edges | deallocation.rs:125:23:125:38 | ...::null(...) | deallocation.rs:125:6:125:7 | p3 | provenance | | | deallocation.rs:176:3:176:25 | ...::drop_in_place | deallocation.rs:176:27:176:28 | [post] p1 | provenance | Src:MaD:6 MaD:6 | | deallocation.rs:176:27:176:28 | [post] p1 | deallocation.rs:180:15:180:16 | p1 | provenance | | -| deallocation.rs:210:3:210:25 | ...::drop_in_place | deallocation.rs:210:27:210:29 | [post] ptr | provenance | Src:MaD:6 MaD:6 | -| deallocation.rs:210:27:210:29 | [post] ptr | deallocation.rs:216:18:216:20 | ptr | provenance | | +| deallocation.rs:239:3:239:25 | ...::drop_in_place | deallocation.rs:239:27:239:29 | [post] ptr | provenance | Src:MaD:6 MaD:6 | +| deallocation.rs:239:27:239:29 | [post] ptr | deallocation.rs:245:18:245:20 | ptr | provenance | | models | 1 | Sink: lang:core; crate::ptr::read; pointer-access; Argument[0] | | 2 | Sink: lang:core; crate::ptr::write; pointer-access; Argument[0] | @@ -83,7 +84,8 @@ nodes | deallocation.rs:176:3:176:25 | ...::drop_in_place | semmle.label | ...::drop_in_place | | deallocation.rs:176:27:176:28 | [post] p1 | semmle.label | [post] p1 | | deallocation.rs:180:15:180:16 | p1 | semmle.label | p1 | -| deallocation.rs:210:3:210:25 | ...::drop_in_place | semmle.label | ...::drop_in_place | -| deallocation.rs:210:27:210:29 | [post] ptr | semmle.label | [post] ptr | -| deallocation.rs:216:18:216:20 | ptr | semmle.label | ptr | +| deallocation.rs:212:10:212:17 | self.ptr | semmle.label | self.ptr | +| deallocation.rs:239:3:239:25 | ...::drop_in_place | semmle.label | ...::drop_in_place | +| deallocation.rs:239:27:239:29 | [post] ptr | semmle.label | [post] ptr | +| deallocation.rs:245:18:245:20 | ptr | semmle.label | ptr | subpaths diff --git a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs index de3b7cbc16c..ed507fee408 100644 --- a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs +++ b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs @@ -187,6 +187,35 @@ pub fn test_ptr_drop(mode: i32) { } } +struct MyDropBuffer { + ptr: *mut u8, +} + +impl MyDropBuffer { + unsafe fn new() -> MyDropBuffer { + let layout = std::alloc::Layout::from_size_align(1024, 1).unwrap(); + + MyDropBuffer { + ptr: std::alloc::alloc(layout), + } + + // ... + } +} + +impl Drop for MyDropBuffer { + fn drop(&mut self) { + let layout = std::alloc::Layout::from_size_align(1024, 1).unwrap(); + + unsafe { + _ = *self.ptr; + drop(*self.ptr); // $ MISSING: Source=drop SPURIOUS: Alert[rust/access-invalid-pointer]=drop + _ = *self.ptr; // $ MISSING: Alert[rust/access-invalid-pointer]=drop + std::alloc::dealloc(self.ptr, layout); + } + } +} + // --- qhelp examples --- fn do_something(s: &String) { From 4e496fe7b2d7229610c63bc7f3f438bf98dc42c8 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 27 Mar 2025 09:48:53 +0000 Subject: [PATCH 043/409] Rust: Lets just not model 'drop' incorrectly, for now. --- .../ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml | 2 -- .../codeql/rust/security/AccessInvalidPointerExtensions.qll | 5 +++++ .../security/CWE-825/AccessInvalidPointer.expected | 2 -- rust/ql/test/query-tests/security/CWE-825/deallocation.rs | 2 +- 4 files changed, 6 insertions(+), 5 deletions(-) diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml index 0960dd9c541..69c5a1f3ba4 100644 --- a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml @@ -30,8 +30,6 @@ extensions: pack: codeql/rust-all extensible: sourceModel data: - # Mem - - ["lang:core", "crate::mem::drop", "Argument[0]", "pointer-invalidate", "manual"] # Ptr - ["lang:core", "crate::ptr::drop_in_place", "Argument[0]", "pointer-invalidate", "manual"] - ["lang:core", "crate::ptr::dangling", "ReturnValue", "pointer-invalidate", "manual"] diff --git a/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll b/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll index c20a4966edd..360a66e402c 100644 --- a/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll @@ -36,6 +36,11 @@ module AccessInvalidPointer { /** * A pointer invalidation from model data. + * + * Note: we don't currently support invalidation via the object itself rather than via a pointer, such as: + * ``` + * drop(obj) + * ``` */ private class ModelsAsDataSource extends Source { ModelsAsDataSource() { sourceNode(this, "pointer-invalidate") } diff --git a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected index 479a53ba823..19dabe2fe8b 100644 --- a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected +++ b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected @@ -13,7 +13,6 @@ | deallocation.rs:131:14:131:15 | p2 | deallocation.rs:124:21:124:42 | ...::dangling_mut | deallocation.rs:131:14:131:15 | p2 | This operation dereferences a pointer that may be $@. | deallocation.rs:124:21:124:42 | ...::dangling_mut | invalid | | deallocation.rs:132:14:132:15 | p3 | deallocation.rs:125:23:125:36 | ...::null | deallocation.rs:132:14:132:15 | p3 | This operation dereferences a pointer that may be $@. | deallocation.rs:125:23:125:36 | ...::null | invalid | | deallocation.rs:180:15:180:16 | p1 | deallocation.rs:176:3:176:25 | ...::drop_in_place | deallocation.rs:180:15:180:16 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:176:3:176:25 | ...::drop_in_place | invalid | -| deallocation.rs:212:10:212:17 | self.ptr | deallocation.rs:212:10:212:17 | self.ptr | deallocation.rs:212:10:212:17 | self.ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:212:10:212:17 | self.ptr | invalid | | deallocation.rs:245:18:245:20 | ptr | deallocation.rs:239:3:239:25 | ...::drop_in_place | deallocation.rs:245:18:245:20 | ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:239:3:239:25 | ...::drop_in_place | invalid | edges | deallocation.rs:20:3:20:21 | ...::dealloc | deallocation.rs:20:23:20:24 | [post] m1 | provenance | Src:MaD:3 MaD:3 | @@ -84,7 +83,6 @@ nodes | deallocation.rs:176:3:176:25 | ...::drop_in_place | semmle.label | ...::drop_in_place | | deallocation.rs:176:27:176:28 | [post] p1 | semmle.label | [post] p1 | | deallocation.rs:180:15:180:16 | p1 | semmle.label | p1 | -| deallocation.rs:212:10:212:17 | self.ptr | semmle.label | self.ptr | | deallocation.rs:239:3:239:25 | ...::drop_in_place | semmle.label | ...::drop_in_place | | deallocation.rs:239:27:239:29 | [post] ptr | semmle.label | [post] ptr | | deallocation.rs:245:18:245:20 | ptr | semmle.label | ptr | diff --git a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs index ed507fee408..9ddb011c4b2 100644 --- a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs +++ b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs @@ -209,7 +209,7 @@ impl Drop for MyDropBuffer { unsafe { _ = *self.ptr; - drop(*self.ptr); // $ MISSING: Source=drop SPURIOUS: Alert[rust/access-invalid-pointer]=drop + drop(*self.ptr); // $ MISSING: Source=drop _ = *self.ptr; // $ MISSING: Alert[rust/access-invalid-pointer]=drop std::alloc::dealloc(self.ptr, layout); } From 9ae271a7d14c688de98d7dc3d0e4e1d0ec76e10b Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 27 Mar 2025 12:55:36 +0000 Subject: [PATCH 044/409] Rust: Fix incidentally affected test merge conflict. --- .../test/query-tests/security/CWE-020/RegexInjection.expected | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected b/rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected index 0e1ea0fb063..2902f9a4f51 100644 --- a/rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected +++ b/rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected @@ -3,14 +3,14 @@ edges | main.rs:4:9:4:16 | username | main.rs:5:25:5:44 | MacroExpr | provenance | | | main.rs:4:20:4:32 | ...::var | main.rs:4:20:4:40 | ...::var(...) [Ok] | provenance | Src:MaD:63 | -| main.rs:4:20:4:40 | ...::var(...) [Ok] | main.rs:4:20:4:66 | ... .unwrap_or(...) | provenance | MaD:1607 | +| main.rs:4:20:4:40 | ...::var(...) [Ok] | main.rs:4:20:4:66 | ... .unwrap_or(...) | provenance | MaD:1606 | | main.rs:4:20:4:66 | ... .unwrap_or(...) | main.rs:4:9:4:16 | username | provenance | | | main.rs:5:9:5:13 | regex | main.rs:6:26:6:30 | regex | provenance | | | main.rs:5:17:5:45 | res | main.rs:5:25:5:44 | { ... } | provenance | | | main.rs:5:25:5:44 | ...::format(...) | main.rs:5:17:5:45 | res | provenance | | | main.rs:5:25:5:44 | ...::must_use(...) | main.rs:5:9:5:13 | regex | provenance | | | main.rs:5:25:5:44 | MacroExpr | main.rs:5:25:5:44 | ...::format(...) | provenance | MaD:67 | -| main.rs:5:25:5:44 | { ... } | main.rs:5:25:5:44 | ...::must_use(...) | provenance | MaD:3030 | +| main.rs:5:25:5:44 | { ... } | main.rs:5:25:5:44 | ...::must_use(...) | provenance | MaD:3029 | | main.rs:6:26:6:30 | regex | main.rs:6:25:6:30 | ®ex | provenance | | nodes | main.rs:4:9:4:16 | username | semmle.label | username | From f6ac82aff04c09471f36281abe46225c121ab156 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Thu, 27 Mar 2025 15:10:14 +0100 Subject: [PATCH 045/409] Rust: Add more path resolution tests --- .../library-tests/path-resolution/main.rs | 22 ++++ .../test/library-tests/path-resolution/my.rs | 6 + .../path-resolution/my/my4/my5/mod.rs | 3 + .../path-resolution/path-resolution.expected | 124 ++++++++++-------- 4 files changed, 101 insertions(+), 54 deletions(-) create mode 100644 rust/ql/test/library-tests/path-resolution/my/my4/my5/mod.rs diff --git a/rust/ql/test/library-tests/path-resolution/main.rs b/rust/ql/test/library-tests/path-resolution/main.rs index 7857ddc6cf5..6b2052a1b3c 100644 --- a/rust/ql/test/library-tests/path-resolution/main.rs +++ b/rust/ql/test/library-tests/path-resolution/main.rs @@ -473,6 +473,26 @@ mod m17 { } // I99 } +mod m18 { + fn f() { + println!("m18::f"); + } // I101 + + pub mod m19 { + fn f() { + println!("m18::m19::f"); + } // I102 + + pub mod m20 { + pub fn g() { + println!("m18::m19::m20::g"); + super::f(); // $ item=I102 + super::super::f(); // $ item=I101 + } // I103 + } + } +} + fn main() { my::nested::nested1::nested2::f(); // $ item=I4 my::f(); // $ item=I38 @@ -498,4 +518,6 @@ fn main() { nested6::f(); // $ item=I116 nested8::f(); // $ item=I119 my3::f(); // $ item=I200 + nested_f(); // $ MISSING: item=I201 + m18::m19::m20::g(); // $ item=I103 } diff --git a/rust/ql/test/library-tests/path-resolution/my.rs b/rust/ql/test/library-tests/path-resolution/my.rs index fd9511a2118..487b0e78769 100644 --- a/rust/ql/test/library-tests/path-resolution/my.rs +++ b/rust/ql/test/library-tests/path-resolution/my.rs @@ -10,3 +10,9 @@ pub fn h() { println!("my.rs::h"); g(); // $ item=I7 } // I39 + +mod my4 { + pub mod my5; +} + +pub use my4::my5::f as nested_f; // $ MISSING: item=I201 diff --git a/rust/ql/test/library-tests/path-resolution/my/my4/my5/mod.rs b/rust/ql/test/library-tests/path-resolution/my/my4/my5/mod.rs new file mode 100644 index 00000000000..25a94fee7c1 --- /dev/null +++ b/rust/ql/test/library-tests/path-resolution/my/my4/my5/mod.rs @@ -0,0 +1,3 @@ +pub fn f() { + println!("my/my4/my5/mod.rs::f"); +} // I201 diff --git a/rust/ql/test/library-tests/path-resolution/path-resolution.expected b/rust/ql/test/library-tests/path-resolution/path-resolution.expected index 51dcc55b9e2..6bf3f656734 100644 --- a/rust/ql/test/library-tests/path-resolution/path-resolution.expected +++ b/rust/ql/test/library-tests/path-resolution/path-resolution.expected @@ -21,6 +21,9 @@ mod | main.rs:294:1:348:1 | mod m15 | | main.rs:350:1:442:1 | mod m16 | | main.rs:444:1:474:1 | mod m17 | +| main.rs:476:1:494:1 | mod m18 | +| main.rs:481:5:493:5 | mod m19 | +| main.rs:486:9:492:9 | mod m20 | | my2/mod.rs:1:1:1:16 | mod nested2 | | my2/mod.rs:12:1:12:12 | mod my3 | | my2/nested2.rs:1:1:11:1 | mod nested3 | @@ -30,6 +33,8 @@ mod | my2/nested2.rs:21:1:27:1 | mod nested7 | | my2/nested2.rs:22:5:26:5 | mod nested8 | | my.rs:1:1:1:15 | mod nested | +| my.rs:14:1:16:1 | mod my4 | +| my.rs:15:5:15:16 | mod my5 | | my/nested.rs:1:1:17:1 | mod nested1 | | my/nested.rs:2:5:11:5 | mod nested2 | resolvePath @@ -51,7 +56,7 @@ resolvePath | main.rs:30:17:30:21 | super | main.rs:18:5:36:5 | mod m2 | | main.rs:30:17:30:24 | ...::f | main.rs:19:9:21:9 | fn f | | main.rs:33:17:33:17 | f | main.rs:19:9:21:9 | fn f | -| main.rs:40:9:40:13 | super | main.rs:1:1:501:2 | SourceFile | +| main.rs:40:9:40:13 | super | main.rs:1:1:523:2 | SourceFile | | main.rs:40:9:40:17 | ...::m1 | main.rs:13:1:37:1 | mod m1 | | main.rs:40:9:40:21 | ...::m2 | main.rs:18:5:36:5 | mod m2 | | main.rs:40:9:40:24 | ...::g | main.rs:23:9:27:9 | fn g | @@ -63,7 +68,7 @@ resolvePath | main.rs:61:17:61:19 | Foo | main.rs:59:9:59:21 | struct Foo | | main.rs:64:13:64:15 | Foo | main.rs:53:5:53:17 | struct Foo | | main.rs:66:5:66:5 | f | main.rs:55:5:62:5 | fn f | -| main.rs:68:5:68:8 | self | main.rs:1:1:501:2 | SourceFile | +| main.rs:68:5:68:8 | self | main.rs:1:1:523:2 | SourceFile | | main.rs:68:5:68:11 | ...::i | main.rs:71:1:83:1 | fn i | | main.rs:74:13:74:15 | Foo | main.rs:48:1:48:13 | struct Foo | | main.rs:81:17:81:19 | Foo | main.rs:77:9:79:9 | struct Foo | @@ -77,7 +82,7 @@ resolvePath | main.rs:87:57:87:66 | ...::g | my2/nested2.rs:7:9:9:9 | fn g | | main.rs:87:80:87:86 | nested4 | my2/nested2.rs:2:5:10:5 | mod nested4 | | main.rs:100:5:100:22 | f_defined_in_macro | main.rs:99:18:99:42 | fn f_defined_in_macro | -| main.rs:117:13:117:17 | super | main.rs:1:1:501:2 | SourceFile | +| main.rs:117:13:117:17 | super | main.rs:1:1:523:2 | SourceFile | | main.rs:117:13:117:21 | ...::m5 | main.rs:103:1:107:1 | mod m5 | | main.rs:118:9:118:9 | f | main.rs:104:5:106:5 | fn f | | main.rs:118:9:118:9 | f | main.rs:110:5:112:5 | fn f | @@ -210,56 +215,65 @@ resolvePath | main.rs:465:9:465:18 | ...::f | main.rs:446:9:446:20 | fn f | | main.rs:470:9:470:9 | g | main.rs:459:5:466:5 | fn g | | main.rs:471:11:471:11 | S | main.rs:449:5:449:13 | struct S | -| main.rs:477:5:477:6 | my | main.rs:1:1:1:7 | mod my | -| main.rs:477:5:477:14 | ...::nested | my.rs:1:1:1:15 | mod nested | -| main.rs:477:5:477:23 | ...::nested1 | my/nested.rs:1:1:17:1 | mod nested1 | -| main.rs:477:5:477:32 | ...::nested2 | my/nested.rs:2:5:11:5 | mod nested2 | -| main.rs:477:5:477:35 | ...::f | my/nested.rs:3:9:5:9 | fn f | -| main.rs:478:5:478:6 | my | main.rs:1:1:1:7 | mod my | -| main.rs:478:5:478:9 | ...::f | my.rs:5:1:7:1 | fn f | -| main.rs:479:5:479:11 | nested2 | my2/mod.rs:1:1:1:16 | mod nested2 | -| main.rs:479:5:479:20 | ...::nested3 | my2/nested2.rs:1:1:11:1 | mod nested3 | -| main.rs:479:5:479:29 | ...::nested4 | my2/nested2.rs:2:5:10:5 | mod nested4 | -| main.rs:479:5:479:32 | ...::f | my2/nested2.rs:3:9:5:9 | fn f | -| main.rs:480:5:480:5 | f | my2/nested2.rs:3:9:5:9 | fn f | -| main.rs:481:5:481:5 | g | my2/nested2.rs:7:9:9:9 | fn g | -| main.rs:482:5:482:9 | crate | main.rs:0:0:0:0 | Crate(main@0.0.1) | -| main.rs:482:5:482:12 | ...::h | main.rs:50:1:69:1 | fn h | -| main.rs:483:5:483:6 | m1 | main.rs:13:1:37:1 | mod m1 | -| main.rs:483:5:483:10 | ...::m2 | main.rs:18:5:36:5 | mod m2 | -| main.rs:483:5:483:13 | ...::g | main.rs:23:9:27:9 | fn g | -| main.rs:484:5:484:6 | m1 | main.rs:13:1:37:1 | mod m1 | -| main.rs:484:5:484:10 | ...::m2 | main.rs:18:5:36:5 | mod m2 | -| main.rs:484:5:484:14 | ...::m3 | main.rs:29:9:35:9 | mod m3 | -| main.rs:484:5:484:17 | ...::h | main.rs:30:27:34:13 | fn h | -| main.rs:485:5:485:6 | m4 | main.rs:39:1:46:1 | mod m4 | -| main.rs:485:5:485:9 | ...::i | main.rs:42:5:45:5 | fn i | -| main.rs:486:5:486:5 | h | main.rs:50:1:69:1 | fn h | -| main.rs:487:5:487:11 | f_alias | my2/nested2.rs:3:9:5:9 | fn f | -| main.rs:488:5:488:11 | g_alias | my2/nested2.rs:7:9:9:9 | fn g | -| main.rs:489:5:489:5 | j | main.rs:97:1:101:1 | fn j | -| main.rs:490:5:490:6 | m6 | main.rs:109:1:120:1 | mod m6 | -| main.rs:490:5:490:9 | ...::g | main.rs:114:5:119:5 | fn g | -| main.rs:491:5:491:6 | m7 | main.rs:122:1:137:1 | mod m7 | -| main.rs:491:5:491:9 | ...::f | main.rs:129:5:136:5 | fn f | -| main.rs:492:5:492:6 | m8 | main.rs:139:1:193:1 | mod m8 | -| main.rs:492:5:492:9 | ...::g | main.rs:177:5:192:5 | fn g | -| main.rs:493:5:493:6 | m9 | main.rs:195:1:203:1 | mod m9 | -| main.rs:493:5:493:9 | ...::f | main.rs:198:5:202:5 | fn f | -| main.rs:494:5:494:7 | m11 | main.rs:226:1:263:1 | mod m11 | -| main.rs:494:5:494:10 | ...::f | main.rs:231:5:234:5 | fn f | -| main.rs:495:5:495:7 | m15 | main.rs:294:1:348:1 | mod m15 | -| main.rs:495:5:495:10 | ...::f | main.rs:335:5:347:5 | fn f | -| main.rs:496:5:496:7 | m16 | main.rs:350:1:442:1 | mod m16 | -| main.rs:496:5:496:10 | ...::f | main.rs:417:5:441:5 | fn f | -| main.rs:497:5:497:7 | m17 | main.rs:444:1:474:1 | mod m17 | -| main.rs:497:5:497:10 | ...::f | main.rs:468:5:473:5 | fn f | -| main.rs:498:5:498:11 | nested6 | my2/nested2.rs:14:5:18:5 | mod nested6 | -| main.rs:498:5:498:14 | ...::f | my2/nested2.rs:15:9:17:9 | fn f | -| main.rs:499:5:499:11 | nested8 | my2/nested2.rs:22:5:26:5 | mod nested8 | -| main.rs:499:5:499:14 | ...::f | my2/nested2.rs:23:9:25:9 | fn f | -| main.rs:500:5:500:7 | my3 | my2/mod.rs:12:1:12:12 | mod my3 | -| main.rs:500:5:500:10 | ...::f | my2/my3/mod.rs:1:1:5:1 | fn f | +| main.rs:489:17:489:21 | super | main.rs:481:5:493:5 | mod m19 | +| main.rs:489:17:489:24 | ...::f | main.rs:482:9:484:9 | fn f | +| main.rs:490:17:490:21 | super | main.rs:481:5:493:5 | mod m19 | +| main.rs:490:17:490:28 | ...::super | main.rs:476:1:494:1 | mod m18 | +| main.rs:490:17:490:31 | ...::f | main.rs:477:5:479:5 | fn f | +| main.rs:497:5:497:6 | my | main.rs:1:1:1:7 | mod my | +| main.rs:497:5:497:14 | ...::nested | my.rs:1:1:1:15 | mod nested | +| main.rs:497:5:497:23 | ...::nested1 | my/nested.rs:1:1:17:1 | mod nested1 | +| main.rs:497:5:497:32 | ...::nested2 | my/nested.rs:2:5:11:5 | mod nested2 | +| main.rs:497:5:497:35 | ...::f | my/nested.rs:3:9:5:9 | fn f | +| main.rs:498:5:498:6 | my | main.rs:1:1:1:7 | mod my | +| main.rs:498:5:498:9 | ...::f | my.rs:5:1:7:1 | fn f | +| main.rs:499:5:499:11 | nested2 | my2/mod.rs:1:1:1:16 | mod nested2 | +| main.rs:499:5:499:20 | ...::nested3 | my2/nested2.rs:1:1:11:1 | mod nested3 | +| main.rs:499:5:499:29 | ...::nested4 | my2/nested2.rs:2:5:10:5 | mod nested4 | +| main.rs:499:5:499:32 | ...::f | my2/nested2.rs:3:9:5:9 | fn f | +| main.rs:500:5:500:5 | f | my2/nested2.rs:3:9:5:9 | fn f | +| main.rs:501:5:501:5 | g | my2/nested2.rs:7:9:9:9 | fn g | +| main.rs:502:5:502:9 | crate | main.rs:0:0:0:0 | Crate(main@0.0.1) | +| main.rs:502:5:502:12 | ...::h | main.rs:50:1:69:1 | fn h | +| main.rs:503:5:503:6 | m1 | main.rs:13:1:37:1 | mod m1 | +| main.rs:503:5:503:10 | ...::m2 | main.rs:18:5:36:5 | mod m2 | +| main.rs:503:5:503:13 | ...::g | main.rs:23:9:27:9 | fn g | +| main.rs:504:5:504:6 | m1 | main.rs:13:1:37:1 | mod m1 | +| main.rs:504:5:504:10 | ...::m2 | main.rs:18:5:36:5 | mod m2 | +| main.rs:504:5:504:14 | ...::m3 | main.rs:29:9:35:9 | mod m3 | +| main.rs:504:5:504:17 | ...::h | main.rs:30:27:34:13 | fn h | +| main.rs:505:5:505:6 | m4 | main.rs:39:1:46:1 | mod m4 | +| main.rs:505:5:505:9 | ...::i | main.rs:42:5:45:5 | fn i | +| main.rs:506:5:506:5 | h | main.rs:50:1:69:1 | fn h | +| main.rs:507:5:507:11 | f_alias | my2/nested2.rs:3:9:5:9 | fn f | +| main.rs:508:5:508:11 | g_alias | my2/nested2.rs:7:9:9:9 | fn g | +| main.rs:509:5:509:5 | j | main.rs:97:1:101:1 | fn j | +| main.rs:510:5:510:6 | m6 | main.rs:109:1:120:1 | mod m6 | +| main.rs:510:5:510:9 | ...::g | main.rs:114:5:119:5 | fn g | +| main.rs:511:5:511:6 | m7 | main.rs:122:1:137:1 | mod m7 | +| main.rs:511:5:511:9 | ...::f | main.rs:129:5:136:5 | fn f | +| main.rs:512:5:512:6 | m8 | main.rs:139:1:193:1 | mod m8 | +| main.rs:512:5:512:9 | ...::g | main.rs:177:5:192:5 | fn g | +| main.rs:513:5:513:6 | m9 | main.rs:195:1:203:1 | mod m9 | +| main.rs:513:5:513:9 | ...::f | main.rs:198:5:202:5 | fn f | +| main.rs:514:5:514:7 | m11 | main.rs:226:1:263:1 | mod m11 | +| main.rs:514:5:514:10 | ...::f | main.rs:231:5:234:5 | fn f | +| main.rs:515:5:515:7 | m15 | main.rs:294:1:348:1 | mod m15 | +| main.rs:515:5:515:10 | ...::f | main.rs:335:5:347:5 | fn f | +| main.rs:516:5:516:7 | m16 | main.rs:350:1:442:1 | mod m16 | +| main.rs:516:5:516:10 | ...::f | main.rs:417:5:441:5 | fn f | +| main.rs:517:5:517:7 | m17 | main.rs:444:1:474:1 | mod m17 | +| main.rs:517:5:517:10 | ...::f | main.rs:468:5:473:5 | fn f | +| main.rs:518:5:518:11 | nested6 | my2/nested2.rs:14:5:18:5 | mod nested6 | +| main.rs:518:5:518:14 | ...::f | my2/nested2.rs:15:9:17:9 | fn f | +| main.rs:519:5:519:11 | nested8 | my2/nested2.rs:22:5:26:5 | mod nested8 | +| main.rs:519:5:519:14 | ...::f | my2/nested2.rs:23:9:25:9 | fn f | +| main.rs:520:5:520:7 | my3 | my2/mod.rs:12:1:12:12 | mod my3 | +| main.rs:520:5:520:10 | ...::f | my2/my3/mod.rs:1:1:5:1 | fn f | +| main.rs:522:5:522:7 | m18 | main.rs:476:1:494:1 | mod m18 | +| main.rs:522:5:522:12 | ...::m19 | main.rs:481:5:493:5 | mod m19 | +| main.rs:522:5:522:17 | ...::m20 | main.rs:486:9:492:9 | mod m20 | +| main.rs:522:5:522:20 | ...::g | main.rs:487:13:491:13 | fn g | | my2/mod.rs:5:5:5:11 | nested2 | my2/mod.rs:1:1:1:16 | mod nested2 | | my2/mod.rs:5:5:5:20 | ...::nested3 | my2/nested2.rs:1:1:11:1 | mod nested3 | | my2/mod.rs:5:5:5:29 | ...::nested4 | my2/nested2.rs:2:5:10:5 | mod nested4 | @@ -273,13 +287,15 @@ resolvePath | my2/my3/mod.rs:3:5:3:5 | g | my2/mod.rs:3:1:6:1 | fn g | | my2/my3/mod.rs:4:5:4:5 | h | main.rs:50:1:69:1 | fn h | | my2/my3/mod.rs:7:5:7:9 | super | my2/mod.rs:1:1:12:13 | SourceFile | -| my2/my3/mod.rs:7:5:7:16 | ...::super | main.rs:1:1:501:2 | SourceFile | +| my2/my3/mod.rs:7:5:7:16 | ...::super | main.rs:1:1:523:2 | SourceFile | | my2/my3/mod.rs:7:5:7:19 | ...::h | main.rs:50:1:69:1 | fn h | | my2/my3/mod.rs:8:5:8:9 | super | my2/mod.rs:1:1:12:13 | SourceFile | | my2/my3/mod.rs:8:5:8:12 | ...::g | my2/mod.rs:3:1:6:1 | fn g | | my.rs:3:5:3:10 | nested | my.rs:1:1:1:15 | mod nested | | my.rs:3:5:3:13 | ...::g | my/nested.rs:19:1:22:1 | fn g | | my.rs:11:5:11:5 | g | my/nested.rs:19:1:22:1 | fn g | +| my.rs:18:9:18:11 | my4 | my.rs:14:1:16:1 | mod my4 | +| my.rs:18:9:18:16 | ...::my5 | my.rs:15:5:15:16 | mod my5 | | my/nested.rs:9:13:9:13 | f | my/nested.rs:3:9:5:9 | fn f | | my/nested.rs:15:9:15:15 | nested2 | my/nested.rs:2:5:11:5 | mod nested2 | | my/nested.rs:15:9:15:18 | ...::f | my/nested.rs:3:9:5:9 | fn f | From 2dcd7895ec963ce8379bb89b3923922a03b620b9 Mon Sep 17 00:00:00 2001 From: Taus Date: Thu, 27 Mar 2025 15:27:42 +0000 Subject: [PATCH 046/409] Python: Modernise `py/mixed-tuple-returns` Removes the dependence on points-to in favour of an approach based on (local) data-flow. I first tried a version that used type tracking, as this more accurately mimics the behaviour of the old query. However, I soon discovered that there were _many_ false positives in this setup. The main bad pattern I saw was a helper function somewhere deep inside the code that both receives and returns an argument that can be tuples with different sizes and origins. In this case, global flow produces something akin to a cartesian product of "n-tuples that flow into the function" and "m-tuples that flow into the function" where m < n. To combat this, I decided to instead focus on only flow _within_ a given function (and so local data-flow was sufficient). Additionally, another class of false positives I saw was cases where the return type actually witnessed that the function in question could return tuples of varying sizes. In this case it seems reasonable to not flag these instances, since they are already (presumably) being checked by a type checker. More generally, if you've annotated the return type of the function with anything (not just `Tuple[...]`), then there's probably little need to flag it. --- .../src/Functions/ReturnConsistentTupleSizes.ql | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/python/ql/src/Functions/ReturnConsistentTupleSizes.ql b/python/ql/src/Functions/ReturnConsistentTupleSizes.ql index 9046f52cecb..f0cb83067e0 100644 --- a/python/ql/src/Functions/ReturnConsistentTupleSizes.ql +++ b/python/ql/src/Functions/ReturnConsistentTupleSizes.ql @@ -4,6 +4,7 @@ * @kind problem * @tags reliability * maintainability + * quality * @problem.severity recommendation * @sub-severity high * @precision high @@ -11,13 +12,15 @@ */ import python +import semmle.python.ApiGraphs -predicate returns_tuple_of_size(Function func, int size, AstNode origin) { - exists(Return return, TupleValue val | +predicate returns_tuple_of_size(Function func, int size, Tuple tuple) { + exists(Return return, DataFlow::Node value | + value.asExpr() = return.getValue() and return.getScope() = func and - return.getValue().pointsTo(val, origin) + any(DataFlow::LocalSourceNode n | n.asExpr() = tuple).flowsTo(value) | - size = val.length() + size = count(int n | exists(tuple.getElt(n))) ) } @@ -25,6 +28,8 @@ from Function func, int s1, int s2, AstNode t1, AstNode t2 where returns_tuple_of_size(func, s1, t1) and returns_tuple_of_size(func, s2, t2) and - s1 < s2 + s1 < s2 and + // Don't report on functions that have a return type annotation + not exists(func.getDefinition().(FunctionExpr).getReturns()) select func, func.getQualifiedName() + " returns $@ and $@.", t1, "tuple of size " + s1, t2, "tuple of size " + s2 From f601f4ad9ba2a5d56365ef7692b7f7b6bb8e1ee9 Mon Sep 17 00:00:00 2001 From: Taus Date: Thu, 27 Mar 2025 15:31:28 +0000 Subject: [PATCH 047/409] Python: Update test expectations As we're no longer tracking tuples across function boundaries, we lose the result that related to this setup (which, as the preceding commit explains, lead to a lot of false positives). --- .../Functions/return_values/ReturnConsistentTupleSizes.expected | 1 - 1 file changed, 1 deletion(-) diff --git a/python/ql/test/query-tests/Functions/return_values/ReturnConsistentTupleSizes.expected b/python/ql/test/query-tests/Functions/return_values/ReturnConsistentTupleSizes.expected index fd4f1ee2dd7..2733ae8c26a 100644 --- a/python/ql/test/query-tests/Functions/return_values/ReturnConsistentTupleSizes.expected +++ b/python/ql/test/query-tests/Functions/return_values/ReturnConsistentTupleSizes.expected @@ -1,2 +1 @@ | functions_test.py:306:1:306:39 | Function returning_different_tuple_sizes | returning_different_tuple_sizes returns $@ and $@. | functions_test.py:308:16:308:18 | Tuple | tuple of size 2 | functions_test.py:310:16:310:20 | Tuple | tuple of size 3 | -| functions_test.py:324:1:324:50 | Function indirectly_returning_different_tuple_sizes | indirectly_returning_different_tuple_sizes returns $@ and $@. | functions_test.py:319:12:319:14 | Tuple | tuple of size 2 | functions_test.py:322:12:322:16 | Tuple | tuple of size 3 | From 980c7d83dac91f6dae11d352a5603a45d23b52ca Mon Sep 17 00:00:00 2001 From: Taus Date: Thu, 27 Mar 2025 15:33:00 +0000 Subject: [PATCH 048/409] Python: Add change note --- .../2025-03-27-modernize-mixed-tuple-returns-query.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 python/ql/src/change-notes/2025-03-27-modernize-mixed-tuple-returns-query.md diff --git a/python/ql/src/change-notes/2025-03-27-modernize-mixed-tuple-returns-query.md b/python/ql/src/change-notes/2025-03-27-modernize-mixed-tuple-returns-query.md new file mode 100644 index 00000000000..9f527b6b5a3 --- /dev/null +++ b/python/ql/src/change-notes/2025-03-27-modernize-mixed-tuple-returns-query.md @@ -0,0 +1,5 @@ +--- +category: minorAnalysis +--- + +- The `py/mixed-tuple-returns` query no longer flags instances where the tuple is passed into the function as an argument, as this lead to too many false positives. From 68668b8e224a95591342610812b07e1f6489b113 Mon Sep 17 00:00:00 2001 From: Taus Date: Thu, 27 Mar 2025 23:23:29 +0100 Subject: [PATCH 049/409] Python: Fix grammar in change note --- .../2025-03-27-modernize-mixed-tuple-returns-query.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/ql/src/change-notes/2025-03-27-modernize-mixed-tuple-returns-query.md b/python/ql/src/change-notes/2025-03-27-modernize-mixed-tuple-returns-query.md index 9f527b6b5a3..57cf5c69a13 100644 --- a/python/ql/src/change-notes/2025-03-27-modernize-mixed-tuple-returns-query.md +++ b/python/ql/src/change-notes/2025-03-27-modernize-mixed-tuple-returns-query.md @@ -2,4 +2,4 @@ category: minorAnalysis --- -- The `py/mixed-tuple-returns` query no longer flags instances where the tuple is passed into the function as an argument, as this lead to too many false positives. +- The `py/mixed-tuple-returns` query no longer flags instances where the tuple is passed into the function as an argument, as this led to too many false positives. From ff99d5c6880c347171183712a909bac3ec9bee85 Mon Sep 17 00:00:00 2001 From: Asger F Date: Mon, 24 Mar 2025 12:36:52 +0100 Subject: [PATCH 050/409] JS: Add test for API graph through spread args --- .../ql/test/ApiGraphs/spread/VerifyAssertions.expected | 2 ++ javascript/ql/test/ApiGraphs/spread/tst.js | 9 +++++++++ 2 files changed, 11 insertions(+) diff --git a/javascript/ql/test/ApiGraphs/spread/VerifyAssertions.expected b/javascript/ql/test/ApiGraphs/spread/VerifyAssertions.expected index e69de29bb2d..366c66f0763 100644 --- a/javascript/ql/test/ApiGraphs/spread/VerifyAssertions.expected +++ b/javascript/ql/test/ApiGraphs/spread/VerifyAssertions.expected @@ -0,0 +1,2 @@ +| tst.js:15:14:15:101 | /* def= ... r(0) */ | use moduleImport("something").getMember("exports").getMember("m2") has no outgoing edge labelled getParameter(0); it does have outgoing edges labelled getReceiver(), getReturn(). | +| tst.js:16:14:16:101 | /* def= ... r(1) */ | use moduleImport("something").getMember("exports").getMember("m2") has no outgoing edge labelled getParameter(1); it does have outgoing edges labelled getReceiver(), getReturn(). | diff --git a/javascript/ql/test/ApiGraphs/spread/tst.js b/javascript/ql/test/ApiGraphs/spread/tst.js index cece4692043..ebacd48d1f3 100644 --- a/javascript/ql/test/ApiGraphs/spread/tst.js +++ b/javascript/ql/test/ApiGraphs/spread/tst.js @@ -9,3 +9,12 @@ function f() { lib.m1({ ...f() }) + +function getArgs() { + return [ + 'x', /* def=moduleImport("something").getMember("exports").getMember("m2").getParameter(0) */ + 'y', /* def=moduleImport("something").getMember("exports").getMember("m2").getParameter(1) */ + ] +} + +lib.m2(...getArgs()); From 1ad471cb32559d8c6ff7505ff70aa199405ca5c9 Mon Sep 17 00:00:00 2001 From: Asger F Date: Mon, 24 Mar 2025 13:33:58 +0100 Subject: [PATCH 051/409] JS: Track through spread/rest params in API graphs --- .../ql/lib/semmle/javascript/ApiGraphs.qll | 50 +++++++++++++++++++ .../semmle/javascript/dataflow/Sources.qll | 6 +++ .../spread/VerifyAssertions.expected | 2 - javascript/ql/test/ApiGraphs/spread/tst.js | 4 +- .../Security/CWE-918/RequestForgery.expected | 12 +++++ .../Security/CWE-918/apollo.serverSide.ts | 4 +- 6 files changed, 72 insertions(+), 6 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/ApiGraphs.qll b/javascript/ql/lib/semmle/javascript/ApiGraphs.qll index 4ef187de4d8..c53d7e4279c 100644 --- a/javascript/ql/lib/semmle/javascript/ApiGraphs.qll +++ b/javascript/ql/lib/semmle/javascript/ApiGraphs.qll @@ -318,6 +318,11 @@ module API { Node getParameter(int i) { Stages::ApiStage::ref() and result = this.getASuccessor(Label::parameter(i)) + or + exists(int spreadIndex, string arrayProp | + result = this.getASuccessor(Label::spreadArgument(spreadIndex)).getMember(arrayProp) and + i = spreadIndex + arrayProp.toInt() + ) } /** @@ -860,6 +865,15 @@ module API { .getStaticMember(name, DataFlow::MemberKind::getter()) .getAReturn() ) + or + exists(Function fun, DataFlow::InvokeNode invoke, int argIndex, Parameter rest | + fun.getRestParameter() = rest and + rest.flow() = pred and + invoke.getACallee() = fun and + invoke.getArgument(argIndex) = rhs and + argIndex >= rest.getIndex() and + lbl = Label::member((argIndex - rest.getIndex()).toString()) + ) ) or exists(DataFlow::ClassNode cls, string name | @@ -888,6 +902,11 @@ module API { i = -1 and lbl = Label::receiver() ) or + exists(int i | + spreadArgumentPassing(base, i, rhs) and + lbl = Label::spreadArgument(i) + ) + or exists(DataFlow::SourceNode src, DataFlow::PropWrite pw | use(base, src) and pw = trackUseNode(src).getAPropertyWrite() and rhs = pw.getRhs() | @@ -931,6 +950,21 @@ module API { ) } + pragma[nomagic] + private int firstSpreadIndex(InvokeExpr expr) { + result = min(int i | expr.getArgument(i) instanceof SpreadElement) + } + + private predicate spreadArgumentPassing(TApiNode base, int i, DataFlow::Node spreadArray) { + exists(DataFlow::Node use, DataFlow::SourceNode pred, int bound, InvokeExpr invoke | + use(base, use) and + pred = trackUseNode(use, _, bound, "") and + invoke = pred.getAnInvocation().asExpr() and + i = firstSpreadIndex(invoke) and + spreadArray = invoke.getArgument(i - bound).(SpreadElement).getOperand().flow() + ) + } + /** * Holds if `rhs` is the right-hand side of a definition of node `nd`. */ @@ -1579,6 +1613,9 @@ module API { /** Gets the edge label for the receiver. */ LabelReceiver receiver() { any() } + /** Gets the edge label for a spread argument passed at index `i`. */ + LabelSpreadArgument spreadArgument(int i) { result.getIndex() = i } + /** Gets the `return` edge label. */ LabelReturn return() { any() } @@ -1628,6 +1665,7 @@ module API { } or MkLabelReceiver() or MkLabelReturn() or + MkLabelSpreadArgument(int index) { index = [0 .. 10] } or MkLabelDecoratedClass() or MkLabelDecoratedMember() or MkLabelDecoratedParameter() or @@ -1743,6 +1781,18 @@ module API { override string toString() { result = "getReceiver()" } } + /** A label representing an array passed as a spread argument at a given index. */ + class LabelSpreadArgument extends ApiLabel, MkLabelSpreadArgument { + private int index; + + LabelSpreadArgument() { this = MkLabelSpreadArgument(index) } + + /** The argument index at which the spread argument appears. */ + int getIndex() { result = index } + + override string toString() { result = "getSpreadArgument(" + index + ")" } + } + /** A label for a function that is a wrapper around another function. */ class LabelForwardingFunction extends ApiLabel, MkLabelForwardingFunction { override string toString() { result = "getForwardingFunction()" } diff --git a/javascript/ql/lib/semmle/javascript/dataflow/Sources.qll b/javascript/ql/lib/semmle/javascript/dataflow/Sources.qll index de103ef1c90..06729815e9a 100644 --- a/javascript/ql/lib/semmle/javascript/dataflow/Sources.qll +++ b/javascript/ql/lib/semmle/javascript/dataflow/Sources.qll @@ -254,6 +254,12 @@ private module Cached { cached predicate invocation(DataFlow::SourceNode func, DataFlow::InvokeNode invoke) { hasLocalSource(invoke.getCalleeNode(), func) + or + exists(ClassDefinition cls, SuperCall call | + hasLocalSource(cls.getSuperClass().flow(), func) and + call.getBinder() = cls.getConstructor().getBody() and + invoke = call.flow() + ) } /** diff --git a/javascript/ql/test/ApiGraphs/spread/VerifyAssertions.expected b/javascript/ql/test/ApiGraphs/spread/VerifyAssertions.expected index 366c66f0763..e69de29bb2d 100644 --- a/javascript/ql/test/ApiGraphs/spread/VerifyAssertions.expected +++ b/javascript/ql/test/ApiGraphs/spread/VerifyAssertions.expected @@ -1,2 +0,0 @@ -| tst.js:15:14:15:101 | /* def= ... r(0) */ | use moduleImport("something").getMember("exports").getMember("m2") has no outgoing edge labelled getParameter(0); it does have outgoing edges labelled getReceiver(), getReturn(). | -| tst.js:16:14:16:101 | /* def= ... r(1) */ | use moduleImport("something").getMember("exports").getMember("m2") has no outgoing edge labelled getParameter(1); it does have outgoing edges labelled getReceiver(), getReturn(). | diff --git a/javascript/ql/test/ApiGraphs/spread/tst.js b/javascript/ql/test/ApiGraphs/spread/tst.js index ebacd48d1f3..67fed3ef13e 100644 --- a/javascript/ql/test/ApiGraphs/spread/tst.js +++ b/javascript/ql/test/ApiGraphs/spread/tst.js @@ -12,8 +12,8 @@ lib.m1({ function getArgs() { return [ - 'x', /* def=moduleImport("something").getMember("exports").getMember("m2").getParameter(0) */ - 'y', /* def=moduleImport("something").getMember("exports").getMember("m2").getParameter(1) */ + 'x', /* def=moduleImport("something").getMember("exports").getMember("m2").getSpreadArgument(0).getArrayElement() */ + 'y', /* def=moduleImport("something").getMember("exports").getMember("m2").getSpreadArgument(0).getArrayElement() */ ] } diff --git a/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected b/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected index 6b33506d502..78b02c5f7db 100644 --- a/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected +++ b/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected @@ -1,5 +1,6 @@ #select | apollo.serverSide.ts:8:39:8:64 | get(fil ... => {}) | apollo.serverSide.ts:7:36:7:44 | { files } | apollo.serverSide.ts:8:43:8:50 | file.url | The $@ of this request depends on a $@. | apollo.serverSide.ts:8:43:8:50 | file.url | URL | apollo.serverSide.ts:7:36:7:44 | { files } | user-provided value | +| apollo.serverSide.ts:18:37:18:62 | get(fil ... => {}) | apollo.serverSide.ts:17:34:17:42 | { files } | apollo.serverSide.ts:18:41:18:48 | file.url | The $@ of this request depends on a $@. | apollo.serverSide.ts:18:41:18:48 | file.url | URL | apollo.serverSide.ts:17:34:17:42 | { files } | user-provided value | | axiosInterceptors.serverSide.js:11:26:11:40 | userProvidedUrl | axiosInterceptors.serverSide.js:19:21:19:28 | req.body | axiosInterceptors.serverSide.js:11:26:11:40 | userProvidedUrl | The $@ of this request depends on a $@. | axiosInterceptors.serverSide.js:11:26:11:40 | userProvidedUrl | endpoint | axiosInterceptors.serverSide.js:19:21:19:28 | req.body | user-provided value | | serverSide.js:18:5:18:20 | request(tainted) | serverSide.js:14:29:14:35 | req.url | serverSide.js:18:13:18:19 | tainted | The $@ of this request depends on a $@. | serverSide.js:18:13:18:19 | tainted | URL | serverSide.js:14:29:14:35 | req.url | user-provided value | | serverSide.js:20:5:20:24 | request.get(tainted) | serverSide.js:14:29:14:35 | req.url | serverSide.js:20:17:20:23 | tainted | The $@ of this request depends on a $@. | serverSide.js:20:17:20:23 | tainted | URL | serverSide.js:14:29:14:35 | req.url | user-provided value | @@ -31,6 +32,11 @@ edges | apollo.serverSide.ts:8:13:8:17 | files | apollo.serverSide.ts:8:28:8:31 | file | provenance | | | apollo.serverSide.ts:8:28:8:31 | file | apollo.serverSide.ts:8:43:8:46 | file | provenance | | | apollo.serverSide.ts:8:43:8:46 | file | apollo.serverSide.ts:8:43:8:50 | file.url | provenance | | +| apollo.serverSide.ts:17:34:17:42 | files | apollo.serverSide.ts:18:11:18:15 | files | provenance | | +| apollo.serverSide.ts:17:34:17:42 | { files } | apollo.serverSide.ts:17:34:17:42 | files | provenance | | +| apollo.serverSide.ts:18:11:18:15 | files | apollo.serverSide.ts:18:26:18:29 | file | provenance | | +| apollo.serverSide.ts:18:26:18:29 | file | apollo.serverSide.ts:18:41:18:44 | file | provenance | | +| apollo.serverSide.ts:18:41:18:44 | file | apollo.serverSide.ts:18:41:18:48 | file.url | provenance | | | axiosInterceptors.serverSide.js:19:11:19:17 | { url } | axiosInterceptors.serverSide.js:19:11:19:28 | url | provenance | | | axiosInterceptors.serverSide.js:19:11:19:28 | url | axiosInterceptors.serverSide.js:20:23:20:25 | url | provenance | | | axiosInterceptors.serverSide.js:19:21:19:28 | req.body | axiosInterceptors.serverSide.js:19:11:19:17 | { url } | provenance | | @@ -91,6 +97,12 @@ nodes | apollo.serverSide.ts:8:28:8:31 | file | semmle.label | file | | apollo.serverSide.ts:8:43:8:46 | file | semmle.label | file | | apollo.serverSide.ts:8:43:8:50 | file.url | semmle.label | file.url | +| apollo.serverSide.ts:17:34:17:42 | files | semmle.label | files | +| apollo.serverSide.ts:17:34:17:42 | { files } | semmle.label | { files } | +| apollo.serverSide.ts:18:11:18:15 | files | semmle.label | files | +| apollo.serverSide.ts:18:26:18:29 | file | semmle.label | file | +| apollo.serverSide.ts:18:41:18:44 | file | semmle.label | file | +| apollo.serverSide.ts:18:41:18:48 | file.url | semmle.label | file.url | | axiosInterceptors.serverSide.js:11:26:11:40 | userProvidedUrl | semmle.label | userProvidedUrl | | axiosInterceptors.serverSide.js:19:11:19:17 | { url } | semmle.label | { url } | | axiosInterceptors.serverSide.js:19:11:19:28 | url | semmle.label | url | diff --git a/javascript/ql/test/query-tests/Security/CWE-918/apollo.serverSide.ts b/javascript/ql/test/query-tests/Security/CWE-918/apollo.serverSide.ts index 1d6aabd87fa..0f1c4afa554 100644 --- a/javascript/ql/test/query-tests/Security/CWE-918/apollo.serverSide.ts +++ b/javascript/ql/test/query-tests/Security/CWE-918/apollo.serverSide.ts @@ -14,8 +14,8 @@ function createApolloServer(typeDefs) { const resolvers2 = { Mutation: { - downloadFiles: async (_, { files }) => { // $ MISSING: Source[js/request-forgery] - files.forEach((file) => { get(file.url, (res) => {}); }); // $ MISSING: Alert[js/request-forgery] Sink[js/request-forgery] + downloadFiles: async (_, { files }) => { // $ Source[js/request-forgery] + files.forEach((file) => { get(file.url, (res) => {}); }); // $ Alert[js/request-forgery] Sink[js/request-forgery] return true; }, }, From b834ffe246afb01eff645c0049063a68204da6cc Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 27 Mar 2025 20:53:32 +0100 Subject: [PATCH 052/409] JS: Fix a bad join order --- javascript/ql/lib/semmle/javascript/ApiGraphs.qll | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/ApiGraphs.qll b/javascript/ql/lib/semmle/javascript/ApiGraphs.qll index c53d7e4279c..f7b7a3e96d4 100644 --- a/javascript/ql/lib/semmle/javascript/ApiGraphs.qll +++ b/javascript/ql/lib/semmle/javascript/ApiGraphs.qll @@ -955,12 +955,17 @@ module API { result = min(int i | expr.getArgument(i) instanceof SpreadElement) } + pragma[nomagic] + private InvokeExpr getAnInvocationWithSpread(DataFlow::SourceNode node, int i) { + result = node.getAnInvocation().asExpr() and + i = firstSpreadIndex(result) + } + private predicate spreadArgumentPassing(TApiNode base, int i, DataFlow::Node spreadArray) { exists(DataFlow::Node use, DataFlow::SourceNode pred, int bound, InvokeExpr invoke | use(base, use) and pred = trackUseNode(use, _, bound, "") and - invoke = pred.getAnInvocation().asExpr() and - i = firstSpreadIndex(invoke) and + invoke = getAnInvocationWithSpread(pred, i) and spreadArray = invoke.getArgument(i - bound).(SpreadElement).getOperand().flow() ) } From ce7a0fd094e5b1b131aa85daefff69014dd3f2fe Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 28 Mar 2025 10:45:54 +0000 Subject: [PATCH 053/409] Rust: Test for sinks inside sources. --- .../security/CWE-825/AccessInvalidPointer.expected | 14 ++++++++------ .../query-tests/security/CWE-825/deallocation.rs | 5 ++++- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected index 19dabe2fe8b..9479cffc7f5 100644 --- a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected +++ b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected @@ -13,7 +13,8 @@ | deallocation.rs:131:14:131:15 | p2 | deallocation.rs:124:21:124:42 | ...::dangling_mut | deallocation.rs:131:14:131:15 | p2 | This operation dereferences a pointer that may be $@. | deallocation.rs:124:21:124:42 | ...::dangling_mut | invalid | | deallocation.rs:132:14:132:15 | p3 | deallocation.rs:125:23:125:36 | ...::null | deallocation.rs:132:14:132:15 | p3 | This operation dereferences a pointer that may be $@. | deallocation.rs:125:23:125:36 | ...::null | invalid | | deallocation.rs:180:15:180:16 | p1 | deallocation.rs:176:3:176:25 | ...::drop_in_place | deallocation.rs:180:15:180:16 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:176:3:176:25 | ...::drop_in_place | invalid | -| deallocation.rs:245:18:245:20 | ptr | deallocation.rs:239:3:239:25 | ...::drop_in_place | deallocation.rs:245:18:245:20 | ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:239:3:239:25 | ...::drop_in_place | invalid | +| deallocation.rs:189:29:189:30 | p3 | deallocation.rs:189:29:189:30 | p3 | deallocation.rs:189:29:189:30 | p3 | This operation dereferences a pointer that may be $@. | deallocation.rs:189:29:189:30 | p3 | invalid | +| deallocation.rs:248:18:248:20 | ptr | deallocation.rs:242:3:242:25 | ...::drop_in_place | deallocation.rs:248:18:248:20 | ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:242:3:242:25 | ...::drop_in_place | invalid | edges | deallocation.rs:20:3:20:21 | ...::dealloc | deallocation.rs:20:23:20:24 | [post] m1 | provenance | Src:MaD:3 MaD:3 | | deallocation.rs:20:23:20:24 | [post] m1 | deallocation.rs:26:15:26:16 | m1 | provenance | | @@ -40,8 +41,8 @@ edges | deallocation.rs:125:23:125:38 | ...::null(...) | deallocation.rs:125:6:125:7 | p3 | provenance | | | deallocation.rs:176:3:176:25 | ...::drop_in_place | deallocation.rs:176:27:176:28 | [post] p1 | provenance | Src:MaD:6 MaD:6 | | deallocation.rs:176:27:176:28 | [post] p1 | deallocation.rs:180:15:180:16 | p1 | provenance | | -| deallocation.rs:239:3:239:25 | ...::drop_in_place | deallocation.rs:239:27:239:29 | [post] ptr | provenance | Src:MaD:6 MaD:6 | -| deallocation.rs:239:27:239:29 | [post] ptr | deallocation.rs:245:18:245:20 | ptr | provenance | | +| deallocation.rs:242:3:242:25 | ...::drop_in_place | deallocation.rs:242:27:242:29 | [post] ptr | provenance | Src:MaD:6 MaD:6 | +| deallocation.rs:242:27:242:29 | [post] ptr | deallocation.rs:248:18:248:20 | ptr | provenance | | models | 1 | Sink: lang:core; crate::ptr::read; pointer-access; Argument[0] | | 2 | Sink: lang:core; crate::ptr::write; pointer-access; Argument[0] | @@ -83,7 +84,8 @@ nodes | deallocation.rs:176:3:176:25 | ...::drop_in_place | semmle.label | ...::drop_in_place | | deallocation.rs:176:27:176:28 | [post] p1 | semmle.label | [post] p1 | | deallocation.rs:180:15:180:16 | p1 | semmle.label | p1 | -| deallocation.rs:239:3:239:25 | ...::drop_in_place | semmle.label | ...::drop_in_place | -| deallocation.rs:239:27:239:29 | [post] ptr | semmle.label | [post] ptr | -| deallocation.rs:245:18:245:20 | ptr | semmle.label | ptr | +| deallocation.rs:189:29:189:30 | p3 | semmle.label | p3 | +| deallocation.rs:242:3:242:25 | ...::drop_in_place | semmle.label | ...::drop_in_place | +| deallocation.rs:242:27:242:29 | [post] ptr | semmle.label | [post] ptr | +| deallocation.rs:248:18:248:20 | ptr | semmle.label | ptr | subpaths diff --git a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs index 9ddb011c4b2..dde42aa9414 100644 --- a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs +++ b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs @@ -163,7 +163,7 @@ pub fn test_drop() { pub fn test_ptr_drop(mode: i32) { let layout = std::alloc::Layout::new::>(); unsafe { - let p1 = std::alloc::alloc(layout) as *mut Vec; // *mut i64 + let p1 = std::alloc::alloc(layout) as *mut Vec; let p2 = p1; *p1 = vec!(1, 2, 3); @@ -184,6 +184,9 @@ pub fn test_ptr_drop(mode: i32) { let v4 = (*p2)[0]; // $ MISSING: Alert println!(" v4 = {v4} (!)"); // corrupt in practice } + + let p3 = std::alloc::alloc(layout) as *mut Vec; + std::ptr::drop_in_place((*p3).as_mut_ptr()); // $ SPURIOUS: Alert[rust/access-invalid-pointer] } } From 00753a1fe40a8de525d54e77163ba904166f4b9c Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Fri, 28 Mar 2025 14:41:59 +0100 Subject: [PATCH 054/409] C#: Address review comments. --- .../stringinterpolation/stringInterpolation.ql | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/csharp/ql/test/library-tests/stringinterpolation/stringInterpolation.ql b/csharp/ql/test/library-tests/stringinterpolation/stringInterpolation.ql index 21b33b12b56..f4d68385810 100644 --- a/csharp/ql/test/library-tests/stringinterpolation/stringInterpolation.ql +++ b/csharp/ql/test/library-tests/stringinterpolation/stringInterpolation.ql @@ -1,11 +1,9 @@ import csharp -query predicate inserts(InterpolatedStringExpr expr, Expr e) { - expr.getAnInsert() = e // and inSpecificSource(expr) -} +query predicate inserts(InterpolatedStringExpr expr, Expr e) { expr.getAnInsert() = e } query predicate texts(InterpolatedStringExpr expr, StringLiteral literal) { - expr.getAText() = literal // and inSpecificSource(expr) + expr.getAText() = literal } query predicate interpolationInsertsWithAlign(InterpolatedStringExpr expr, Expr insert, Expr align) { From 605cf359706695f0dbba46c411a393861297d9bf Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Thu, 27 Mar 2025 15:10:25 +0100 Subject: [PATCH 055/409] Rust: More path resolution improvements --- .../codeql/rust/internal/PathResolution.qll | 101 ++++++++++++++---- .../library-tests/path-resolution/main.rs | 2 +- .../test/library-tests/path-resolution/my.rs | 2 +- .../path-resolution/path-resolution.expected | 2 + 4 files changed, 84 insertions(+), 23 deletions(-) diff --git a/rust/ql/lib/codeql/rust/internal/PathResolution.qll b/rust/ql/lib/codeql/rust/internal/PathResolution.qll index 2128bb8e7a8..ae4ed9cf726 100644 --- a/rust/ql/lib/codeql/rust/internal/PathResolution.qll +++ b/rust/ql/lib/codeql/rust/internal/PathResolution.qll @@ -116,7 +116,7 @@ abstract class ItemNode extends Locatable { } pragma[nomagic] - private ItemNode getASuccessorRec(string name) { + ItemNode getASuccessorRec(string name) { sourceFileEdge(this, name, result) or this = result.getImmediateParent() and @@ -613,11 +613,11 @@ private predicate fileModule(SourceFile f, string name, Folder folder) { } /** - * Holds if `m` is a `mod name;` module declaration happening in a file named - * `fileName.rs`, inside the folder `parent`. + * Holds if `m` is a `mod name;` module declaration, where the corresponding + * module file needs to be looked up in `lookup` or one of its descandants. */ -private predicate modImport(Module m, string fileName, string name, Folder parent) { - exists(File f | +private predicate modImport0(Module m, string name, Folder lookup) { + exists(File f, Folder parent, string fileName | f = m.getFile() and not m.hasItemList() and // TODO: handle @@ -629,17 +629,63 @@ private predicate modImport(Module m, string fileName, string name, Folder paren name = m.getName().getText() and parent = f.getParentContainer() and fileName = f.getStem() + | + // sibling import + lookup = parent and + ( + m.getFile() = any(CrateItemNode c).getModuleNode().(SourceFileItemNode).getFile() + or + m.getFile().getBaseName() = "mod.rs" + ) + or + // child import + lookup = parent.getFolder(fileName) + ) +} + +/** + * Holds if `m` is a `mod name;` module declaration, which happens inside a + * nested module, and `pred -> succ` is a module edge leading to `m`. + */ +private predicate modImportNested(ModuleItemNode m, ModuleItemNode pred, ModuleItemNode succ) { + pred.getAnItemInScope() = succ and + ( + modImport0(m, _, _) and + succ = m + or + modImportNested(m, succ, _) + ) +} + +/** + * Holds if `m` is a `mod name;` module declaration, which happens inside a + * nested module, where `ancestor` is a reflexive transitive ancestor module + * of `m` with corresponding lookup folder `lookup`. + */ +private predicate modImportNestedLookup(Module m, ModuleItemNode ancestor, Folder lookup) { + modImport0(m, _, lookup) and + modImportNested(m, ancestor, _) and + not modImportNested(m, _, ancestor) + or + exists(ModuleItemNode m1, Folder mid | + modImportNestedLookup(m, m1, mid) and + modImportNested(m, m1, ancestor) and + lookup = mid.getFolder(m1.getName()) ) } /** Holds if `m` is a `mod name;` item importing file `f`. */ private predicate fileImport(Module m, SourceFile f) { - exists(string fileName, string name, Folder parent | modImport(m, fileName, name, parent) | - // sibling import + exists(string name, Folder parent | + modImport0(m, name, _) and fileModule(f, name, parent) + | + // `m` is not inside a nested module + modImport0(m, name, parent) and + not modImportNested(m, _, _) or - // child import - fileModule(f, name, parent.getFolder(fileName)) + // `m` is inside a nested module + modImportNestedLookup(m, m, parent) ) } @@ -651,7 +697,7 @@ pragma[nomagic] private predicate fileImportEdge(Module mod, string name, ItemNode item) { exists(SourceFileItemNode f | fileImport(mod, f) and - item = f.getASuccessor(name) + item = f.getASuccessorRec(name) ) } @@ -660,7 +706,7 @@ private predicate fileImportEdge(Module mod, string name, ItemNode item) { */ pragma[nomagic] private predicate crateDefEdge(CrateItemNode c, string name, ItemNode i) { - i = c.getModuleNode().getASuccessor(name) and + i = c.getModuleNode().getASuccessorRec(name) and not i instanceof Crate } @@ -742,7 +788,16 @@ private predicate unqualifiedPathLookup(RelevantPath p, string name, Namespace n // lookup in an outer scope, but only if the item is not declared in inner scope exists(ItemNode mid | unqualifiedPathLookup(p, name, ns, mid) and - not declares(mid, ns, name) + not declares(mid, ns, name) and + not name = ["super", "self"] and + not ( + name = "Self" and + mid = any(ImplOrTraitItemNode i).getAnItemInSelfScope() + ) and + not ( + name = "crate" and + mid = any(CrateItemNode i).getASourceFile() + ) | // nested modules do not have unqualified access to items from outer modules, // except for items declared at top-level in the source file @@ -943,15 +998,19 @@ private predicate useImportEdge(Use use, string name, ItemNode item) { encl.getADescendant() = use and item = getASuccessor(used, name, ns) and // glob imports can be shadowed - not declares(encl, ns, name) + not declares(encl, ns, name) and + not name = ["super", "self", "Self", "crate"] ) - else item = used - | - not tree.hasRename() and - name = item.getName() - or - name = tree.getRename().getName().getText() and - name != "_" + else ( + item = used and + ( + not tree.hasRename() and + name = item.getName() + or + name = tree.getRename().getName().getText() and + name != "_" + ) + ) ) } @@ -961,7 +1020,7 @@ private module Debug { exists(string filepath, int startline, int startcolumn, int endline, int endcolumn | result.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) and filepath.matches("%/main.rs") and - startline = 1 + startline = [1, 3] ) } diff --git a/rust/ql/test/library-tests/path-resolution/main.rs b/rust/ql/test/library-tests/path-resolution/main.rs index 6b2052a1b3c..374f290b00e 100644 --- a/rust/ql/test/library-tests/path-resolution/main.rs +++ b/rust/ql/test/library-tests/path-resolution/main.rs @@ -518,6 +518,6 @@ fn main() { nested6::f(); // $ item=I116 nested8::f(); // $ item=I119 my3::f(); // $ item=I200 - nested_f(); // $ MISSING: item=I201 + nested_f(); // $ item=I201 m18::m19::m20::g(); // $ item=I103 } diff --git a/rust/ql/test/library-tests/path-resolution/my.rs b/rust/ql/test/library-tests/path-resolution/my.rs index 487b0e78769..2dcb1c76aeb 100644 --- a/rust/ql/test/library-tests/path-resolution/my.rs +++ b/rust/ql/test/library-tests/path-resolution/my.rs @@ -15,4 +15,4 @@ mod my4 { pub mod my5; } -pub use my4::my5::f as nested_f; // $ MISSING: item=I201 +pub use my4::my5::f as nested_f; // $ item=I201 diff --git a/rust/ql/test/library-tests/path-resolution/path-resolution.expected b/rust/ql/test/library-tests/path-resolution/path-resolution.expected index 6bf3f656734..235ad7451c5 100644 --- a/rust/ql/test/library-tests/path-resolution/path-resolution.expected +++ b/rust/ql/test/library-tests/path-resolution/path-resolution.expected @@ -270,6 +270,7 @@ resolvePath | main.rs:519:5:519:14 | ...::f | my2/nested2.rs:23:9:25:9 | fn f | | main.rs:520:5:520:7 | my3 | my2/mod.rs:12:1:12:12 | mod my3 | | main.rs:520:5:520:10 | ...::f | my2/my3/mod.rs:1:1:5:1 | fn f | +| main.rs:521:5:521:12 | nested_f | my/my4/my5/mod.rs:1:1:3:1 | fn f | | main.rs:522:5:522:7 | m18 | main.rs:476:1:494:1 | mod m18 | | main.rs:522:5:522:12 | ...::m19 | main.rs:481:5:493:5 | mod m19 | | main.rs:522:5:522:17 | ...::m20 | main.rs:486:9:492:9 | mod m20 | @@ -296,6 +297,7 @@ resolvePath | my.rs:11:5:11:5 | g | my/nested.rs:19:1:22:1 | fn g | | my.rs:18:9:18:11 | my4 | my.rs:14:1:16:1 | mod my4 | | my.rs:18:9:18:16 | ...::my5 | my.rs:15:5:15:16 | mod my5 | +| my.rs:18:9:18:19 | ...::f | my/my4/my5/mod.rs:1:1:3:1 | fn f | | my/nested.rs:9:13:9:13 | f | my/nested.rs:3:9:5:9 | fn f | | my/nested.rs:15:9:15:15 | nested2 | my/nested.rs:2:5:11:5 | mod nested2 | | my/nested.rs:15:9:15:18 | ...::f | my/nested.rs:3:9:5:9 | fn f | From 52b889f008c310ac3bc03f56d4310559f6d5a342 Mon Sep 17 00:00:00 2001 From: Edward Minnix III Date: Sat, 8 Mar 2025 17:16:22 -0500 Subject: [PATCH 056/409] Support when a property is specified by a string literal instead of a `nameof` expression In earlier versions of the Razor generator, a string literal was used instead of a `nameof` expression in order to indicate the name of the property being modified. This means we need to look up the property by name instead of using a more explicit access. --- .../csharp/frameworks/microsoft/aspnetcore/Components.qll | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/aspnetcore/Components.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/aspnetcore/Components.qll index be937661b47..5fb79418c27 100644 --- a/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/aspnetcore/Components.qll +++ b/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/aspnetcore/Components.qll @@ -159,7 +159,13 @@ private module JumpNodes { */ Property getParameterProperty() { result.getAnAttribute() instanceof MicrosoftAspNetCoreComponentsParameterAttribute and - exists(NameOfExpr ne | ne = this.getArgument(1) | result.getAnAccess() = ne.getAccess()) + ( + exists(NameOfExpr ne | ne = this.getArgument(1) | result.getAnAccess() = ne.getAccess()) + or + exists(string propertyName | propertyName = this.getArgument(1).(StringLiteral).getValue() | + result.hasName(propertyName) + ) + ) } /** From 3d0a85b3cd5a608e964e865dffe27d16a0f636c8 Mon Sep 17 00:00:00 2001 From: Edward Minnix III Date: Sat, 8 Mar 2025 17:18:15 -0500 Subject: [PATCH 057/409] Add test case using string literal in property name --- .../microsoft/aspnetcore/blazor/NameList2.cs | 50 +++++++++++++++++++ .../microsoft/aspnetcore/blazor/Xss.expected | 3 ++ .../blazor/remoteFlowSource.expected | 3 ++ 3 files changed, 56 insertions(+) create mode 100644 csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/NameList2.cs diff --git a/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/NameList2.cs b/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/NameList2.cs new file mode 100644 index 00000000000..d27d6f2dcde --- /dev/null +++ b/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/NameList2.cs @@ -0,0 +1,50 @@ +namespace VulnerableBlazorApp.Components +{ + using System.Collections.Generic; + using Microsoft.AspNetCore.Components; + + [RouteAttribute("/names2/{name?}")] + public partial class NameList2 : Microsoft.AspNetCore.Components.ComponentBase + { + protected override void BuildRenderTree(Microsoft.AspNetCore.Components.Rendering.RenderTreeBuilder builder) + { + if (Names is not null) + { + builder.OpenElement(0, "div"); + builder.OpenElement(1, "ul"); + foreach (var name in Names) + { + builder.OpenElement(2, "li"); + builder.OpenComponent(3); + builder.AddComponentParameter(4, "TheName", name); + builder.CloseComponent(); + builder.CloseElement(); + } + builder.CloseElement(); + builder.CloseElement(); + } + + builder.OpenElement(5, "div"); + builder.OpenElement(6, "p"); + builder.AddContent(7, "Name: "); + builder.OpenComponent(8); + builder.AddComponentParameter(9, "TheName", Name); + builder.CloseComponent(); + builder.CloseElement(); + } + + [Parameter] + public string Name { get; set; } + + protected override void OnParametersSet() + { + if (Name is not null) + { + Names.Add(Name); + } + } + + + public List Names { get; set; } = new List(); + } +} \ No newline at end of file diff --git a/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/Xss.expected b/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/Xss.expected index 951269f2b58..3b9a54fafb3 100644 --- a/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/Xss.expected +++ b/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/Xss.expected @@ -1,12 +1,15 @@ edges +| NameList2.cs:31:57:31:60 | access to property Name : String | Name.cs:13:53:13:59 | access to property TheName | provenance | Sink:MaD:149 | | NameList.cs:31:99:31:102 | access to property Name : String | Name.cs:13:53:13:59 | access to property TheName | provenance | Sink:MaD:149 | nodes | Components_Pages_TestPage_razor.g.cs:138:15:138:22 | access to property UrlParam | semmle.label | access to property UrlParam | | Components_Pages_TestPage_razor.g.cs:188:18:188:27 | access to property QueryParam | semmle.label | access to property QueryParam | | Name.cs:13:53:13:59 | access to property TheName | semmle.label | access to property TheName | +| NameList2.cs:31:57:31:60 | access to property Name : String | semmle.label | access to property Name : String | | NameList.cs:31:99:31:102 | access to property Name : String | semmle.label | access to property Name : String | subpaths #select | Components_Pages_TestPage_razor.g.cs:138:15:138:22 | access to property UrlParam | Components_Pages_TestPage_razor.g.cs:138:15:138:22 | access to property UrlParam | Components_Pages_TestPage_razor.g.cs:138:15:138:22 | access to property UrlParam | $@ flows to here and is written to HTML or JavaScript. | Components_Pages_TestPage_razor.g.cs:138:15:138:22 | access to property UrlParam | User-provided value | | Components_Pages_TestPage_razor.g.cs:188:18:188:27 | access to property QueryParam | Components_Pages_TestPage_razor.g.cs:188:18:188:27 | access to property QueryParam | Components_Pages_TestPage_razor.g.cs:188:18:188:27 | access to property QueryParam | $@ flows to here and is written to HTML or JavaScript. | Components_Pages_TestPage_razor.g.cs:188:18:188:27 | access to property QueryParam | User-provided value | +| Name.cs:13:53:13:59 | access to property TheName | NameList2.cs:31:57:31:60 | access to property Name : String | Name.cs:13:53:13:59 | access to property TheName | $@ flows to here and is written to HTML or JavaScript. | NameList2.cs:31:57:31:60 | access to property Name : String | User-provided value | | Name.cs:13:53:13:59 | access to property TheName | NameList.cs:31:99:31:102 | access to property Name : String | Name.cs:13:53:13:59 | access to property TheName | $@ flows to here and is written to HTML or JavaScript. | NameList.cs:31:99:31:102 | access to property Name : String | User-provided value | diff --git a/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/remoteFlowSource.expected b/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/remoteFlowSource.expected index 2a9268cf01e..e1b3724f44d 100644 --- a/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/remoteFlowSource.expected +++ b/csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/remoteFlowSource.expected @@ -2,6 +2,9 @@ | Components_Pages_TestPage_razor.g.cs:138:15:138:22 | access to property UrlParam | ASP.NET Core component route parameter | | Components_Pages_TestPage_razor.g.cs:176:1:176:10 | access to property QueryParam | external | | Components_Pages_TestPage_razor.g.cs:188:18:188:27 | access to property QueryParam | external | +| NameList2.cs:31:57:31:60 | access to property Name | ASP.NET Core component route parameter | +| NameList2.cs:41:17:41:20 | access to property Name | ASP.NET Core component route parameter | +| NameList2.cs:43:27:43:30 | access to property Name | ASP.NET Core component route parameter | | NameList.cs:31:99:31:102 | access to property Name | ASP.NET Core component route parameter | | NameList.cs:41:17:41:20 | access to property Name | ASP.NET Core component route parameter | | NameList.cs:43:27:43:30 | access to property Name | ASP.NET Core component route parameter | From d601c26355f27c2079fa38fbec99199cdbc20e77 Mon Sep 17 00:00:00 2001 From: Edward Minnix III Date: Sat, 8 Mar 2025 17:24:49 -0500 Subject: [PATCH 058/409] [change-note] Blazor parameter passing string literal --- .../2025-03-08-blazor-parameter-passing-string-literal.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 csharp/ql/lib/change-notes/2025-03-08-blazor-parameter-passing-string-literal.md diff --git a/csharp/ql/lib/change-notes/2025-03-08-blazor-parameter-passing-string-literal.md b/csharp/ql/lib/change-notes/2025-03-08-blazor-parameter-passing-string-literal.md new file mode 100644 index 00000000000..66ebd26f653 --- /dev/null +++ b/csharp/ql/lib/change-notes/2025-03-08-blazor-parameter-passing-string-literal.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Blazor support can now better recognize when a property being set is specified with a string literal, rather than referenced in a `nameof` expression. \ No newline at end of file From 72fb6ed078c3de87871a87a9fe8315f9eb10b4d9 Mon Sep 17 00:00:00 2001 From: Tamas Vajk Date: Fri, 28 Mar 2025 11:52:52 +0100 Subject: [PATCH 059/409] Restrict name based property lookup to opened component types --- .../microsoft/aspnetcore/Components.qll | 75 ++++++++++++++++++- 1 file changed, 73 insertions(+), 2 deletions(-) diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/aspnetcore/Components.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/aspnetcore/Components.qll index 5fb79418c27..8cf5ce659e4 100644 --- a/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/aspnetcore/Components.qll +++ b/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/aspnetcore/Components.qll @@ -122,6 +122,38 @@ private class MicrosoftAspNetCoreComponentsAddComponentParameterMethod extends M } } +/** + * The `Microsoft.AspNetCore.Components.Rendering.RenderTreeBuilder::OpenComponent` method. + */ +private class MicrosoftAspNetCoreComponentsOpenComponentTComponentMethod extends Method { + MicrosoftAspNetCoreComponentsOpenComponentTComponentMethod() { + this.hasFullyQualifiedName("Microsoft.AspNetCore.Components.Rendering", "RenderTreeBuilder", + "OpenComponent`1") and + this.getNumberOfParameters() = 1 + } +} + +/** + * The `Microsoft.AspNetCore.Components.Rendering.RenderTreeBuilder::OpenComponent` method. + */ +private class MicrosoftAspNetCoreComponentsOpenComponentMethod extends Method { + MicrosoftAspNetCoreComponentsOpenComponentMethod() { + this.hasFullyQualifiedName("Microsoft.AspNetCore.Components.Rendering", "RenderTreeBuilder", + "OpenComponent") and + this.getNumberOfParameters() = 2 + } +} + +/** + * The `Microsoft.AspNetCore.Components.Rendering.RenderTreeBuilder::CloseComponent` method. + */ +private class MicrosoftAspNetCoreComponentsCloseComponentMethod extends Method { + MicrosoftAspNetCoreComponentsCloseComponentMethod() { + this.hasFullyQualifiedName("Microsoft.AspNetCore.Components.Rendering", "RenderTreeBuilder", + "CloseComponent") + } +} + private module Sources { private import semmle.code.csharp.security.dataflow.flowsources.Remote @@ -144,6 +176,38 @@ private module Sources { } } +/** + * Holds for matching `RenderTreeBuilder.OpenComponent` and `RenderTreeBuilder.CloseComponent` calls with index `openCallIndex` and `closeCallIndex` respectively + * within the `enclosing` enclosing callabale. The `componentType` is the type of the component that is being opened and closed. + */ +private predicate matchingOpenCloseComponentCalls( + MethodCall openCall, int openCallIndex, MethodCall closeCall, int closeCallIndex, + Callable enclosing, Type componentType +) { + ( + openCall.getTarget().getUnboundDeclaration() instanceof + MicrosoftAspNetCoreComponentsOpenComponentTComponentMethod and + openCall.getTarget().(ConstructedGeneric).getTypeArgument(0) = componentType + or + openCall.getTarget() instanceof MicrosoftAspNetCoreComponentsOpenComponentMethod and + openCall.getArgument(1).(TypeofExpr).getTypeAccess().getTarget() = componentType + ) and + openCall.getEnclosingCallable() = enclosing and + closeCall.getTarget() instanceof MicrosoftAspNetCoreComponentsCloseComponentMethod and + closeCall.getEnclosingCallable() = enclosing and + closeCall.getParent().getParent() = openCall.getParent().getParent() and + openCall.getParent().getIndex() = openCallIndex and + closeCall.getParent().getIndex() = closeCallIndex and + closeCallIndex > openCallIndex and + not exists(int k, MethodCall otherCloseCall | + k in [openCallIndex + 1 .. closeCallIndex - 1] and + otherCloseCall.getTarget() instanceof MicrosoftAspNetCoreComponentsCloseComponentMethod and + otherCloseCall.getEnclosingCallable() = enclosing and + otherCloseCall.getParent().getParent() = openCall.getParent().getParent() and + otherCloseCall.getParent().getIndex() = k + ) +} + private module JumpNodes { /** * A call to `Microsoft.AspNetCore.Components.Rendering.RenderTreeBuilder::AddComponentParameter` which @@ -162,8 +226,15 @@ private module JumpNodes { ( exists(NameOfExpr ne | ne = this.getArgument(1) | result.getAnAccess() = ne.getAccess()) or - exists(string propertyName | propertyName = this.getArgument(1).(StringLiteral).getValue() | - result.hasName(propertyName) + exists( + string propertyName, MethodCall openComponent, int i, MethodCall closeComponent, int j + | + propertyName = this.getArgument(1).(StringLiteral).getValue() and + result.hasName(propertyName) and + matchingOpenCloseComponentCalls(openComponent, i, closeComponent, j, + this.getEnclosingCallable(), result.getDeclaringType()) and + this.getParent().getParent() = openComponent.getParent().getParent() and + this.getParent().getIndex() in [i + 1 .. j - 1] ) ) } From 32448c14bd9253f55afc9d0e92370b598f5dc2d7 Mon Sep 17 00:00:00 2001 From: Tamas Vajk Date: Fri, 28 Mar 2025 13:06:36 +0100 Subject: [PATCH 060/409] Adjust expected test file --- .../all-platforms/blazor_net_8/XSS.expected | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/csharp/ql/integration-tests/all-platforms/blazor_net_8/XSS.expected b/csharp/ql/integration-tests/all-platforms/blazor_net_8/XSS.expected index 204c3194595..dbf056053b3 100644 --- a/csharp/ql/integration-tests/all-platforms/blazor_net_8/XSS.expected +++ b/csharp/ql/integration-tests/all-platforms/blazor_net_8/XSS.expected @@ -1,8 +1,18 @@ #select +| BlazorTest/Components/MyOutput.razor:5:53:5:57 | access to property Value | BlazorTest/Components/Pages/TestPage.razor:85:23:85:32 | access to property QueryParam : String | BlazorTest/Components/MyOutput.razor:5:53:5:57 | access to property Value | $@ flows to here and is written to HTML or JavaScript. | BlazorTest/Components/Pages/TestPage.razor:85:23:85:32 | access to property QueryParam : String | User-provided value | | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | $@ flows to here and is written to HTML or JavaScript. | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | User-provided value | | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | $@ flows to here and is written to HTML or JavaScript. | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | User-provided value | edges +| BlazorTest/Components/Pages/TestPage.razor:85:23:85:32 | access to property QueryParam : String | BlazorTest/obj/Debug/net8.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:497:59:505:13 | call to method TypeCheck : String | provenance | Src:MaD:2 MaD:3 | +| BlazorTest/obj/Debug/net8.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:497:59:505:13 | call to method TypeCheck : String | BlazorTest/Components/MyOutput.razor:5:53:5:57 | access to property Value | provenance | Sink:MaD:1 | +models +| 1 | Sink: Microsoft.AspNetCore.Components; MarkupString; false; MarkupString; (System.String); ; Argument[0]; html-injection; manual | +| 2 | Source: Microsoft.AspNetCore.Components; SupplyParameterFromQueryAttribute; false; ; ; Attribute.Getter; ReturnValue; remote; manual | +| 3 | Summary: Microsoft.AspNetCore.Components.CompilerServices; RuntimeHelpers; false; TypeCheck; (T); ; Argument[0]; ReturnValue; value; manual | nodes +| BlazorTest/Components/MyOutput.razor:5:53:5:57 | access to property Value | semmle.label | access to property Value | | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | semmle.label | access to property UrlParam | | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | semmle.label | access to property QueryParam | +| BlazorTest/Components/Pages/TestPage.razor:85:23:85:32 | access to property QueryParam : String | semmle.label | access to property QueryParam : String | +| BlazorTest/obj/Debug/net8.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:497:59:505:13 | call to method TypeCheck : String | semmle.label | call to method TypeCheck : String | subpaths From 6674288fd2bdb9425e3e64ae4eb83711b096b6c8 Mon Sep 17 00:00:00 2001 From: Taus Date: Fri, 28 Mar 2025 15:12:39 +0000 Subject: [PATCH 061/409] Python: Update test cases Adds a comment explaining why we no longer flag the indirect tuple example. Also adds a test case which _would_ be flagged if not for the type annotation. --- .../query-tests/Functions/return_values/functions_test.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/python/ql/test/query-tests/Functions/return_values/functions_test.py b/python/ql/test/query-tests/Functions/return_values/functions_test.py index 24b1943feeb..9f72a7fec60 100644 --- a/python/ql/test/query-tests/Functions/return_values/functions_test.py +++ b/python/ql/test/query-tests/Functions/return_values/functions_test.py @@ -321,7 +321,7 @@ def function_returning_2_tuple(): def function_returning_3_tuple(): return 1,2,3 -def indirectly_returning_different_tuple_sizes(x): +def indirectly_returning_different_tuple_sizes(x): # OK, since we only look at local tuple returns if x: return function_returning_2_tuple() else: @@ -347,3 +347,9 @@ def ok_match2(x): # FP return 0 case _: return 1 + +def ok_tuple_returns_captured_in_type(x: bool) -> tuple[int, ...]: # OK because there is a type annotation present + if x: + return 1, 2 + else: + return 1, 2, 3 From 4a76b5b3db817b90b82d97a4b049ef456dbf046f Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 28 Mar 2025 15:40:18 +0000 Subject: [PATCH 062/409] Rust: Accept consistency check failures. --- .../CWE-825/CONSISTENCY/DataFlowConsistency.expected | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 rust/ql/test/query-tests/security/CWE-825/CONSISTENCY/DataFlowConsistency.expected diff --git a/rust/ql/test/query-tests/security/CWE-825/CONSISTENCY/DataFlowConsistency.expected b/rust/ql/test/query-tests/security/CWE-825/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 00000000000..f518ed81ffa --- /dev/null +++ b/rust/ql/test/query-tests/security/CWE-825/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,10 @@ +postWithInFlow +| deallocation.rs:20:23:20:24 | [post] m1 | PostUpdateNode should not be the target of local flow. | +| deallocation.rs:70:23:70:35 | [post] m2 as ... | PostUpdateNode should not be the target of local flow. | +| deallocation.rs:112:14:112:40 | [post] my_ptr as ... | PostUpdateNode should not be the target of local flow. | +| deallocation.rs:176:27:176:28 | [post] p1 | PostUpdateNode should not be the target of local flow. | +| deallocation.rs:189:27:189:44 | [post] ... .as_mut_ptr(...) | PostUpdateNode should not be the target of local flow. | +| deallocation.rs:217:24:217:31 | [post] self.ptr | PostUpdateNode should not be the target of local flow. | +| deallocation.rs:236:27:236:29 | [post] ptr | PostUpdateNode should not be the target of local flow. | +| deallocation.rs:242:27:242:29 | [post] ptr | PostUpdateNode should not be the target of local flow. | +| deallocation.rs:267:23:267:25 | [post] ptr | PostUpdateNode should not be the target of local flow. | From ca6444ce98faae024d48b36915a4661449ff10f6 Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Thu, 27 Mar 2025 11:02:46 +0100 Subject: [PATCH 063/409] VariableCapture: Replace phi-read reference with SSA data flow integration module. --- .../codeql/dataflow/VariableCapture.qll | 148 ++++++++++-------- 1 file changed, 83 insertions(+), 65 deletions(-) diff --git a/shared/dataflow/codeql/dataflow/VariableCapture.qll b/shared/dataflow/codeql/dataflow/VariableCapture.qll index 3077739338e..c76e1320a37 100644 --- a/shared/dataflow/codeql/dataflow/VariableCapture.qll +++ b/shared/dataflow/codeql/dataflow/VariableCapture.qll @@ -699,6 +699,7 @@ module Flow Input> implements OutputSig class SourceVariable = CaptureContainer; predicate variableWrite(BasicBlock bb, int i, SourceVariable cc, boolean certain) { + Cached::ref() and ( exists(CapturedVariable v | cc = TVariable(v) and captureWrite(v, bb, i, true, _)) or @@ -721,23 +722,55 @@ module Flow Input> implements OutputSig private module CaptureSsa = Ssa::Make; - private newtype TClosureNode = - TSynthRead(CapturedVariable v, BasicBlock bb, int i, Boolean isPost) { - synthRead(v, bb, i, _, _) - } or - TSynthThisQualifier(BasicBlock bb, int i, Boolean isPost) { synthThisQualifier(bb, i) } or - TSynthPhi(CaptureSsa::DefinitionExt phi) { - phi instanceof CaptureSsa::PhiNode or phi instanceof CaptureSsa::PhiReadNode - } or - TExprNode(Expr expr, Boolean isPost) { - expr instanceof VariableRead - or - synthRead(_, _, _, _, expr) - } or - TParamNode(CapturedParameter p) or - TThisParamNode(Callable c) { captureAccess(_, c) } or - TMallocNode(ClosureExpr ce) { hasConstructorCapture(ce, _) } or - TVariableWriteSourceNode(VariableWrite write) + private module DataFlowIntegrationInput implements CaptureSsa::DataFlowIntegrationInputSig { + private import codeql.util.Void + + class Expr instanceof Input::ControlFlowNode { + string toString() { result = super.toString() } + + predicate hasCfgNode(BasicBlock bb, int i) { bb.getNode(i) = this } + } + + class Guard extends Void { + predicate controlsBranchEdge(BasicBlock bb1, BasicBlock bb2, boolean branch) { none() } + } + + predicate guardDirectlyControlsBlock(Guard guard, BasicBlock bb, boolean branch) { none() } + + predicate includeWriteDefsInFlowStep() { none() } + + predicate supportBarrierGuardsOnPhiEdges() { none() } + } + + private module SsaFlow = CaptureSsa::DataFlowIntegration; + + cached + private module Cached { + cached + predicate ref() { any() } + + cached + predicate backref() { localFlowStep(_, _) implies any() } + + cached + newtype TClosureNode = + TSynthRead(CapturedVariable v, BasicBlock bb, int i, Boolean isPost) { + synthRead(v, bb, i, _, _) + } or + TSynthThisQualifier(BasicBlock bb, int i, Boolean isPost) { synthThisQualifier(bb, i) } or + TSynthSsa(SsaFlow::SsaNode n) or + TExprNode(Expr expr, Boolean isPost) { + expr instanceof VariableRead + or + synthRead(_, _, _, _, expr) + } or + TParamNode(CapturedParameter p) or + TThisParamNode(Callable c) { captureAccess(_, c) } or + TMallocNode(ClosureExpr ce) { hasConstructorCapture(ce, _) } or + TVariableWriteSourceNode(VariableWrite write) + } + + private import Cached class ClosureNode extends TClosureNode { /** Gets a textual representation of this node. */ @@ -746,11 +779,7 @@ module Flow Input> implements OutputSig or result = "this" and this = TSynthThisQualifier(_, _, _) or - exists(CaptureSsa::DefinitionExt phi, CaptureContainer cc | - this = TSynthPhi(phi) and - phi.definesAt(cc, _, _, _) and - result = "phi(" + cc.toString() + ")" - ) + exists(SsaFlow::SsaNode n | this = TSynthSsa(n) and result = n.toString()) or exists(Expr expr, boolean isPost | this = TExprNode(expr, isPost) | isPost = false and result = expr.toString() @@ -784,9 +813,7 @@ module Flow Input> implements OutputSig captureWrite(_, bb, i, false, any(VariableWrite vw | result = vw.getLocation())) ) or - exists(CaptureSsa::DefinitionExt phi, BasicBlock bb | - this = TSynthPhi(phi) and phi.definesAt(_, bb, _, _) and result = bb.getLocation() - ) + exists(SsaFlow::SsaNode n | this = TSynthSsa(n) and result = n.getLocation()) or exists(Expr expr | this = TExprNode(expr, _) and result = expr.getLocation()) or @@ -802,7 +829,7 @@ module Flow Input> implements OutputSig } } - private class TSynthesizedCaptureNode = TSynthRead or TSynthThisQualifier or TSynthPhi; + private class TSynthesizedCaptureNode = TSynthRead or TSynthThisQualifier or TSynthSsa; class SynthesizedCaptureNode extends ClosureNode, TSynthesizedCaptureNode { BasicBlock getBasicBlock() { @@ -810,9 +837,7 @@ module Flow Input> implements OutputSig or this = TSynthThisQualifier(result, _, _) or - exists(CaptureSsa::DefinitionExt phi | - this = TSynthPhi(phi) and phi.definesAt(_, result, _, _) - ) + exists(SsaFlow::SsaNode n | this = TSynthSsa(n) and n.getBasicBlock() = result) } Callable getEnclosingCallable() { result = this.getBasicBlock().getEnclosingCallable() } @@ -820,17 +845,13 @@ module Flow Input> implements OutputSig predicate isVariableAccess(CapturedVariable v) { this = TSynthRead(v, _, _, _) or - exists(CaptureSsa::DefinitionExt phi | - this = TSynthPhi(phi) and phi.definesAt(TVariable(v), _, _, _) - ) + exists(SsaFlow::SsaNode n | this = TSynthSsa(n) and n.getSourceVariable() = TVariable(v)) } predicate isInstanceAccess() { this instanceof TSynthThisQualifier or - exists(CaptureSsa::DefinitionExt phi | - this = TSynthPhi(phi) and phi.definesAt(TThis(_), _, _, _) - ) + exists(SsaFlow::SsaNode n | this = TSynthSsa(n) and n.getSourceVariable() = TThis(_)) } } @@ -872,18 +893,7 @@ module Flow Input> implements OutputSig ) } - private predicate step(CaptureContainer cc, BasicBlock bb1, int i1, BasicBlock bb2, int i2) { - CaptureSsa::adjacentDefReadExt(_, cc, bb1, i1, bb2, i2) - } - - private predicate stepToPhi(CaptureContainer cc, BasicBlock bb, int i, TSynthPhi phi) { - exists(CaptureSsa::DefinitionExt next | - CaptureSsa::lastRefRedefExt(_, cc, bb, i, next) and - phi = TSynthPhi(next) - ) - } - - private predicate ssaAccessAt( + private predicate ssaReadAt( ClosureNode n, CaptureContainer cc, boolean isPost, BasicBlock bb, int i ) { exists(CapturedVariable v | @@ -894,49 +904,57 @@ module Flow Input> implements OutputSig or n = TSynthThisQualifier(bb, i, isPost) and cc = TThis(bb.getEnclosingCallable()) or - exists(CaptureSsa::DefinitionExt phi | - n = TSynthPhi(phi) and phi.definesAt(cc, bb, i, _) and isPost = false - ) - or exists(VariableRead vr, CapturedVariable v | captureRead(v, bb, i, true, vr) and n = TExprNode(vr, isPost) and cc = TVariable(v) ) - or + } + + private predicate ssaWriteAt(ClosureNode n, CaptureContainer cc, BasicBlock bb, int i) { exists(VariableWrite vw, CapturedVariable v | captureWrite(v, bb, i, true, vw) and n = TVariableWriteSourceNode(vw) and - isPost = false and cc = TVariable(v) ) or exists(CapturedParameter p | entryDef(cc, bb, i) and cc = TVariable(p) and - n = TParamNode(p) and - isPost = false + n = TParamNode(p) ) or exists(Callable c | entryDef(cc, bb, i) and cc = TThis(c) and - n = TThisParamNode(c) and - isPost = false + n = TThisParamNode(c) ) } - predicate localFlowStep(ClosureNode node1, ClosureNode node2) { - exists(CaptureContainer cc, BasicBlock bb1, int i1, BasicBlock bb2, int i2 | - step(cc, bb1, i1, bb2, i2) and - ssaAccessAt(node1, pragma[only_bind_into](cc), _, bb1, i1) and - ssaAccessAt(node2, pragma[only_bind_into](cc), false, bb2, i2) + bindingset[result, cc] + pragma[inline_late] + private SsaFlow::Node asNode(CaptureContainer cc, ClosureNode n) { + n = TSynthSsa(result) + or + exists(BasicBlock bb, int i | + result.(SsaFlow::ExprNode).getExpr().hasCfgNode(bb, i) and + ssaReadAt(n, cc, false, bb, i) ) or - exists(CaptureContainer cc, BasicBlock bb, int i | - stepToPhi(cc, bb, i, node2) and - ssaAccessAt(node1, cc, _, bb, i) + exists(BasicBlock bb, int i | + result.(SsaFlow::ExprPostUpdateNode).getExpr().hasCfgNode(bb, i) and + ssaReadAt(n, cc, true, bb, i) ) + or + exists(BasicBlock bb, int i | + result.(SsaFlow::WriteDefSourceNode).getDefinition().definesAt(cc, bb, i) and + ssaWriteAt(n, cc, bb, i) + ) + } + + cached + predicate localFlowStep(ClosureNode n1, ClosureNode n2) { + exists(CaptureContainer cc | SsaFlow::localFlowStep(cc, asNode(cc, n1), asNode(cc, n2), _)) } private predicate storeStepClosure( From 70e53c2f8b3cca70fa272516f709d4b53fe41a8f Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Fri, 28 Mar 2025 16:28:12 +0100 Subject: [PATCH 064/409] SSA: Push includeWriteDefsInFlowStep constraint into newtype. --- shared/ssa/codeql/ssa/Ssa.qll | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/shared/ssa/codeql/ssa/Ssa.qll b/shared/ssa/codeql/ssa/Ssa.qll index 2bbdb6e2a47..fcaa1eb6a9f 100644 --- a/shared/ssa/codeql/ssa/Ssa.qll +++ b/shared/ssa/codeql/ssa/Ssa.qll @@ -1661,7 +1661,16 @@ module Make Input> { private newtype TNode = TWriteDefSource(WriteDefinition def) { DfInput::ssaDefHasSource(def) } or TExprNode(DfInput::Expr e, Boolean isPost) { e = DfInput::getARead(_) } or - TSsaDefinitionNode(DefinitionExt def) { not phiHasUniqNextNode(def) } or + TSsaDefinitionNode(DefinitionExt def) { + not phiHasUniqNextNode(def) and + if DfInput::includeWriteDefsInFlowStep() + then any() + else ( + def instanceof PhiNode or + def instanceof PhiReadNode or + DfInput::allowFlowIntoUncertainDef(def) + ) + } or TSsaInputNode(SsaPhiExt phi, BasicBlock input) { relevantPhiInputNode(phi, input) } /** @@ -1904,14 +1913,7 @@ module Make Input> { exists(DefinitionExt def | nodeFrom.(SsaDefinitionExtNodeImpl).getDefExt() = def and def.definesAt(v, bb, i, _) and - isUseStep = false and - if DfInput::includeWriteDefsInFlowStep() - then any() - else ( - def instanceof PhiNode or - def instanceof PhiReadNode or - DfInput::allowFlowIntoUncertainDef(def) - ) + isUseStep = false ) or [nodeFrom, nodeFrom.(ExprPostUpdateNode).getPreUpdateNode()].(ReadNode).readsAt(bb, i, v) and From b4daba30a5eb7500945740a9647f3956695588dc Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Mon, 31 Mar 2025 10:42:50 +0200 Subject: [PATCH 065/409] SSA: Remove dead code. --- shared/ssa/codeql/ssa/Ssa.qll | 2 -- 1 file changed, 2 deletions(-) diff --git a/shared/ssa/codeql/ssa/Ssa.qll b/shared/ssa/codeql/ssa/Ssa.qll index fcaa1eb6a9f..7e48feb42dc 100644 --- a/shared/ssa/codeql/ssa/Ssa.qll +++ b/shared/ssa/codeql/ssa/Ssa.qll @@ -1757,8 +1757,6 @@ module Make Input> { this.getExpr().hasCfgNode(bb_, i_) } - SourceVariable getVariable() { result = v_ } - pragma[nomagic] predicate readsAt(BasicBlock bb, int i, SourceVariable v) { bb = bb_ and From 133f08784fa738aa4ddf3711d505f8bd132ab80c Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Thu, 20 Mar 2025 13:12:48 +0100 Subject: [PATCH 066/409] C++: Eliminate dead code, uncertain is always false. --- .../ir/dataflow/internal/DataFlowPrivate.qll | 44 ++++--------------- 1 file changed, 9 insertions(+), 35 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll index f6371e5b696..e3e07c1522c 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll @@ -1879,15 +1879,6 @@ module IteratorFlow { phi.definesAt(sv, bb2, i2, _) ) } - - cached - Node getAPriorDefinition(IteratorSsa::DefinitionExt next) { - exists(IRBlock bb, int i, SourceVariable sv, IteratorSsa::DefinitionExt def | - IteratorSsa::lastRefRedefExt(pragma[only_bind_into](def), pragma[only_bind_into](sv), - pragma[only_bind_into](bb), pragma[only_bind_into](i), next) and - nodeToDefOrUse(result, sv, bb, i, _) - ) - } } /** The set of nodes necessary for iterator flow. */ @@ -1912,25 +1903,19 @@ module IteratorFlow { private import IteratorSsaCached - private predicate defToNode(Node node, Def def, boolean uncertain) { - ( - nodeHasOperand(node, def.getValue().asOperand(), def.getIndirectionIndex()) - or - nodeHasInstruction(node, def.getValue().asInstruction(), def.getIndirectionIndex()) - ) and - uncertain = false + private predicate defToNode(Node node, Def def) { + nodeHasOperand(node, def.getValue().asOperand(), def.getIndirectionIndex()) + or + nodeHasInstruction(node, def.getValue().asInstruction(), def.getIndirectionIndex()) } - private predicate nodeToDefOrUse( - Node node, SourceVariable sv, IRBlock bb, int i, boolean uncertain - ) { + private predicate nodeToDefOrUse(Node node, SourceVariable sv, IRBlock bb, int i) { exists(Def def | def.hasIndexInBlock(bb, i, sv) and - defToNode(node, def, uncertain) + defToNode(node, def) ) or - useToNode(bb, i, sv, node) and - uncertain = false + useToNode(bb, i, sv, node) } private predicate useToNode(IRBlock bb, int i, SourceVariable sv, Node nodeTo) { @@ -1949,21 +1934,10 @@ module IteratorFlow { * Holds if `nodeFrom` flows to `nodeTo` in a single step. */ predicate localFlowStep(Node nodeFrom, Node nodeTo) { - exists( - Node nFrom, SourceVariable sv, IRBlock bb1, int i1, IRBlock bb2, int i2, boolean uncertain - | + exists(SourceVariable sv, IRBlock bb1, int i1, IRBlock bb2, int i2 | adjacentDefRead(bb1, i1, sv, bb2, i2) and - nodeToDefOrUse(nFrom, sv, bb1, i1, uncertain) and + nodeToDefOrUse(nodeFrom, sv, bb1, i1) and useToNode(bb2, i2, sv, nodeTo) - | - if uncertain = true - then - nodeFrom = - [ - nFrom, - getAPriorDefinition(any(IteratorSsa::DefinitionExt next | next.definesAt(sv, bb1, i1, _))) - ] - else nFrom = nodeFrom ) } } From aaa7e4cf95f00fcad879e187a96ef1f7ef3a5405 Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Wed, 26 Mar 2025 13:58:58 +0100 Subject: [PATCH 067/409] C++: Def is only used in defToNode, which doesn't include phi reads nodes. --- .../semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll index e3e07c1522c..13243f2b22e 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll @@ -1834,7 +1834,7 @@ module IteratorFlow { private module IteratorSsa = SsaImpl::Make; - private class Def extends IteratorSsa::DefinitionExt { + private class Def extends IteratorSsa::Definition { final override Location getLocation() { result = this.getImpl().getLocation() } /** @@ -1842,7 +1842,7 @@ module IteratorFlow { * and is a definition (or use) of the variable `sv`. */ predicate hasIndexInBlock(IRBlock block, int index, SourceVariable sv) { - super.definesAt(sv, block, index, _) + super.definesAt(sv, block, index) } private Ssa::DefImpl getImpl() { From a6a694dec65b2e086cebc3676ddbadaab9a2ad92 Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Thu, 20 Mar 2025 14:36:17 +0100 Subject: [PATCH 068/409] C++: Use DataFlowIntegration in IteratorFlow. --- .../ir/dataflow/internal/DataFlowPrivate.qll | 102 ++++++++++-------- .../cpp/ir/dataflow/internal/SsaInternals.qll | 2 +- 2 files changed, 56 insertions(+), 48 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll index 13243f2b22e..8a515523930 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll @@ -1834,6 +1834,46 @@ module IteratorFlow { private module IteratorSsa = SsaImpl::Make; + private module DataFlowIntegrationInput implements IteratorSsa::DataFlowIntegrationInputSig { + private import codeql.util.Void + + class Expr extends Instruction { + Expr() { + exists(IRBlock bb, int i | + SsaInput::variableRead(bb, i, _, true) and + this = bb.getInstruction(i) + ) + } + + predicate hasCfgNode(SsaInput::BasicBlock bb, int i) { bb.getInstruction(i) = this } + } + + predicate ssaDefHasSource(IteratorSsa::WriteDefinition def) { none() } + + predicate allowFlowIntoUncertainDef(IteratorSsa::UncertainWriteDefinition def) { any() } + + class Guard extends Void { + predicate controlsBranchEdge( + SsaInput::BasicBlock bb1, SsaInput::BasicBlock bb2, boolean branch + ) { + none() + } + } + + predicate guardDirectlyControlsBlock(Guard guard, SsaInput::BasicBlock bb, boolean branch) { + none() + } + + predicate supportBarrierGuardsOnPhiEdges() { none() } + } + + private module DataFlowIntegrationImpl = + IteratorSsa::DataFlowIntegration; + + private class IteratorSynthNode extends DataFlowIntegrationImpl::SsaNode { + IteratorSynthNode() { not this.asDefinition() instanceof IteratorSsa::WriteDefinition } + } + private class Def extends IteratorSsa::Definition { final override Location getLocation() { result = this.getImpl().getLocation() } @@ -1859,37 +1899,15 @@ module IteratorFlow { int getIndirectionIndex() { result = this.getImpl().getIndirectionIndex() } } - private class PhiNode extends IteratorSsa::DefinitionExt { - PhiNode() { - this instanceof IteratorSsa::PhiNode or - this instanceof IteratorSsa::PhiReadNode - } - - SsaIteratorNode getNode() { result.getIteratorFlowNode() = this } - } - - cached - private module IteratorSsaCached { - cached - predicate adjacentDefRead(IRBlock bb1, int i1, SourceVariable sv, IRBlock bb2, int i2) { - IteratorSsa::adjacentDefReadExt(_, sv, bb1, i1, bb2, i2) - or - exists(PhiNode phi | - IteratorSsa::lastRefRedefExt(_, sv, bb1, i1, phi) and - phi.definesAt(sv, bb2, i2, _) - ) - } - } - /** The set of nodes necessary for iterator flow. */ - class IteratorFlowNode instanceof PhiNode { + class IteratorFlowNode instanceof IteratorSynthNode { /** Gets a textual representation of this node. */ string toString() { result = super.toString() } /** Gets the type of this node. */ DataFlowType getType() { exists(Ssa::SourceVariable sv | - super.definesAt(sv, _, _, _) and + super.getSourceVariable() = sv and result = sv.getType() ) } @@ -1901,43 +1919,33 @@ module IteratorFlow { Location getLocation() { result = super.getBasicBlock().getLocation() } } - private import IteratorSsaCached - private predicate defToNode(Node node, Def def) { nodeHasOperand(node, def.getValue().asOperand(), def.getIndirectionIndex()) or nodeHasInstruction(node, def.getValue().asInstruction(), def.getIndirectionIndex()) } - private predicate nodeToDefOrUse(Node node, SourceVariable sv, IRBlock bb, int i) { - exists(Def def | - def.hasIndexInBlock(bb, i, sv) and - defToNode(node, def) + bindingset[result, v] + pragma[inline_late] + private DataFlowIntegrationImpl::Node fromDfNode(Node n, SourceVariable v) { + result = n.(SsaIteratorNode).getIteratorFlowNode() + or + exists(Ssa::UseImpl use, IRBlock bb, int i | + result.(DataFlowIntegrationImpl::ExprNode).getExpr().hasCfgNode(bb, i) and + use.hasIndexInBlock(bb, i, v) and + use.getNode() = n ) or - useToNode(bb, i, sv, node) - } - - private predicate useToNode(IRBlock bb, int i, SourceVariable sv, Node nodeTo) { - exists(PhiNode phi | - phi.definesAt(sv, bb, i, _) and - nodeTo = phi.getNode() - ) - or - exists(Ssa::UseImpl use | - use.hasIndexInBlock(bb, i, sv) and - nodeTo = use.getNode() - ) + defToNode(n, result.(DataFlowIntegrationImpl::SsaDefinitionNode).getDefinition()) } /** * Holds if `nodeFrom` flows to `nodeTo` in a single step. */ predicate localFlowStep(Node nodeFrom, Node nodeTo) { - exists(SourceVariable sv, IRBlock bb1, int i1, IRBlock bb2, int i2 | - adjacentDefRead(bb1, i1, sv, bb2, i2) and - nodeToDefOrUse(nodeFrom, sv, bb1, i1) and - useToNode(bb2, i2, sv, nodeTo) + exists(SourceVariable v | + nodeFrom != nodeTo and + DataFlowIntegrationImpl::localFlowStep(v, fromDfNode(nodeFrom, v), fromDfNode(nodeTo, v), _) ) } } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll index 202d3fa32c8..51829f13df5 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaInternals.qll @@ -1069,7 +1069,7 @@ module BarrierGuard { bindingset[result, v] pragma[inline_late] -DataFlowIntegrationImpl::Node fromDfNode(Node n, SourceVariable v) { +private DataFlowIntegrationImpl::Node fromDfNode(Node n, SourceVariable v) { result = n.(SsaSynthNode).getSynthNode() or exists(UseImpl use, IRBlock bb, int i | From 8a67e4fddcb9e4ad5ae5aa93be573d1fd6a38785 Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Mon, 31 Mar 2025 11:20:40 +0200 Subject: [PATCH 069/409] Misc: Add stage overlap script --- misc/scripts/stageoverlap.py | 81 ++++++++++++++++++++++++++++++++++++ 1 file changed, 81 insertions(+) create mode 100755 misc/scripts/stageoverlap.py diff --git a/misc/scripts/stageoverlap.py b/misc/scripts/stageoverlap.py new file mode 100755 index 00000000000..42b3d8db0b2 --- /dev/null +++ b/misc/scripts/stageoverlap.py @@ -0,0 +1,81 @@ +#!/usr/bin/env python3 + +import sys +import os +import re + +# read first argument +if len(sys.argv) < 2: + print("Usage: stagestats.py ") + sys.exit(1) + +dilfile = sys.argv[1] + +seen_stages = set() +computed_predicates = {} +stage_number = 0 + +def process_stage(stage, cached): + global stage_number + stage_key = ' '.join(cached) + # skip repeated stages (in case we're looking at DIL for several queries, e.g. from a .qls) + if stage_key in seen_stages: + return + # don't count the query-stage as seen, since we don't want to skip those + if not '#select' in cached: + seen_stages.add(stage_key) + stage_number += 1 + print('STAGE ' + str(stage_number) + ':') + print(str(len(cached)) + ' cached predicate(s)') + print(' '.join(cached)) + for predicate in stage: + # strip trailing characters matching the regex '#[bf]+', i.e. disregard magic + predicate = re.sub('#[bf]+$', '', predicate) + # TODO: maybe also strip the hash? + # predicate = re.sub('#[a-f0-9]+$', '', predicate) + if predicate in computed_predicates.keys(): + # skip db-relations and some generated predicates + if predicate.startswith('@') or predicate.startswith('project#'): + continue + prior_stage = computed_predicates[predicate] + print('Recompute from ' + str(prior_stage) + ': ' + predicate) + else: + computed_predicates[predicate] = stage_number + print() + +with open(dilfile, 'r') as f: + stage = [] + cached = [] + query = False + for line in f: + # skip lines starting with a space, i.e. predicate bodies + if line.startswith(' '): continue + # get the part of the line containing no spaces occuring before the first '(' + # this is the predicate name + parenpos = line.find('(') + if parenpos != -1: + start = line.rfind(' ', 0, parenpos) + predicate = line[start+1:parenpos] + if predicate.startswith('`'): + # remove the leading and trailing backticks + predicate = predicate[1:-1] + stage.append(predicate) + continue + # query predicates, aka cached predicates, are written either as + # 'query = ...' on one line, or split across 2+ lines + if line.startswith('query '): + predicate = line.split(' ')[1] + cached.append(predicate) + continue + if line == 'query\n': + query = True + continue + if query: + predicate = line.split(' ')[0] + cached.append(predicate) + query = False + continue + if line == '/* ---------- END STAGE ---------- */\n': + process_stage(stage, cached) + stage = [] + cached = [] From 9a8ab2d45b2d0ea46c56075357dbde4a4777eb5b Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Mon, 31 Mar 2025 11:28:29 +0200 Subject: [PATCH 070/409] Update misc/scripts/stageoverlap.py Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- misc/scripts/stageoverlap.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/misc/scripts/stageoverlap.py b/misc/scripts/stageoverlap.py index 42b3d8db0b2..979fc61571e 100755 --- a/misc/scripts/stageoverlap.py +++ b/misc/scripts/stageoverlap.py @@ -6,7 +6,7 @@ import re # read first argument if len(sys.argv) < 2: - print("Usage: stagestats.py ") + print("Usage: stageoverlap.py ") sys.exit(1) dilfile = sys.argv[1] From 56c46d74f91a17c6f0e25577ab32b46ffb4a85c0 Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Mon, 31 Mar 2025 11:44:37 +0200 Subject: [PATCH 071/409] Java/Rust/Swift: Accept qltest changes. --- .../test/library-tests/dataflow/capture/test.expected | 2 -- .../local/CONSISTENCY/DataFlowConsistency.expected | 2 -- .../library-tests/dataflow/local/DataFlowStep.expected | 9 ++++----- .../library-tests/dataflow/dataflow/LocalFlow.expected | 10 +++++----- 4 files changed, 9 insertions(+), 14 deletions(-) delete mode 100644 rust/ql/test/library-tests/dataflow/local/CONSISTENCY/DataFlowConsistency.expected diff --git a/java/ql/test/library-tests/dataflow/capture/test.expected b/java/ql/test/library-tests/dataflow/capture/test.expected index 1e8a2d7d334..a744f468fbe 100644 --- a/java/ql/test/library-tests/dataflow/capture/test.expected +++ b/java/ql/test/library-tests/dataflow/capture/test.expected @@ -18,7 +18,6 @@ | A.java:21:11:21:13 | "B" : String | A.java:15:16:15:22 | get(...) : String | | A.java:21:11:21:13 | "B" : String | A.java:21:7:21:13 | ...=... : String | | A.java:21:11:21:13 | "B" : String | A.java:25:5:25:26 | SSA phi(s) : String | -| A.java:21:11:21:13 | "B" : String | A.java:25:5:25:26 | phi(String s) : String | | A.java:21:11:21:13 | "B" : String | A.java:28:11:38:5 | String s : String | | A.java:21:11:21:13 | "B" : String | A.java:28:11:38:5 | new (...) : new A(...) { ... } [String s] | | A.java:21:11:21:13 | "B" : String | A.java:30:14:30:16 | parameter this : new A(...) { ... } [String s] | @@ -35,7 +34,6 @@ | A.java:23:11:23:13 | "C" : String | A.java:15:16:15:22 | get(...) : String | | A.java:23:11:23:13 | "C" : String | A.java:23:7:23:13 | ...=... : String | | A.java:23:11:23:13 | "C" : String | A.java:25:5:25:26 | SSA phi(s) : String | -| A.java:23:11:23:13 | "C" : String | A.java:25:5:25:26 | phi(String s) : String | | A.java:23:11:23:13 | "C" : String | A.java:28:11:38:5 | String s : String | | A.java:23:11:23:13 | "C" : String | A.java:28:11:38:5 | new (...) : new A(...) { ... } [String s] | | A.java:23:11:23:13 | "C" : String | A.java:30:14:30:16 | parameter this : new A(...) { ... } [String s] | diff --git a/rust/ql/test/library-tests/dataflow/local/CONSISTENCY/DataFlowConsistency.expected b/rust/ql/test/library-tests/dataflow/local/CONSISTENCY/DataFlowConsistency.expected deleted file mode 100644 index e20ac1da53f..00000000000 --- a/rust/ql/test/library-tests/dataflow/local/CONSISTENCY/DataFlowConsistency.expected +++ /dev/null @@ -1,2 +0,0 @@ -identityLocalStep -| main.rs:442:9:442:20 | phi(default_name) | Node steps to itself | diff --git a/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected b/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected index 2766d8c0fd8..7fd8c3fe8a8 100644 --- a/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected +++ b/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected @@ -647,10 +647,9 @@ localStep | main.rs:441:24:441:33 | [post] receiver for source(...) | main.rs:441:24:441:33 | [post] source(...) | | main.rs:441:24:441:33 | source(...) | main.rs:441:24:441:33 | receiver for source(...) | | main.rs:441:24:441:45 | ... .to_string(...) | main.rs:441:9:441:20 | default_name | -| main.rs:441:24:441:45 | ... .to_string(...) | main.rs:442:9:442:20 | phi(default_name) | +| main.rs:441:24:441:45 | ... .to_string(...) | main.rs:442:9:442:20 | SSA phi read(default_name) | | main.rs:442:5:448:5 | for ... in ... { ... } | main.rs:440:75:449:1 | { ... } | -| main.rs:442:9:442:20 | phi(default_name) | main.rs:442:9:442:20 | phi(default_name) | -| main.rs:442:9:442:20 | phi(default_name) | main.rs:444:41:444:67 | default_name | +| main.rs:442:9:442:20 | SSA phi read(default_name) | main.rs:444:41:444:67 | default_name | | main.rs:442:10:442:13 | [SSA] cond | main.rs:443:12:443:15 | cond | | main.rs:442:10:442:13 | cond | main.rs:442:10:442:13 | [SSA] cond | | main.rs:442:10:442:13 | cond | main.rs:442:10:442:13 | cond | @@ -664,9 +663,9 @@ localStep | main.rs:444:21:444:24 | [post] receiver for name | main.rs:444:21:444:24 | [post] name | | main.rs:444:21:444:24 | name | main.rs:444:21:444:24 | receiver for name | | main.rs:444:21:444:68 | name.unwrap_or_else(...) | main.rs:444:17:444:17 | n | -| main.rs:444:41:444:67 | [post] default_name | main.rs:442:9:442:20 | phi(default_name) | +| main.rs:444:41:444:67 | [post] default_name | main.rs:442:9:442:20 | SSA phi read(default_name) | | main.rs:444:41:444:67 | closure self in \|...\| ... | main.rs:444:44:444:55 | this | -| main.rs:444:41:444:67 | default_name | main.rs:442:9:442:20 | phi(default_name) | +| main.rs:444:41:444:67 | default_name | main.rs:442:9:442:20 | SSA phi read(default_name) | | main.rs:444:44:444:55 | [post] receiver for default_name | main.rs:444:44:444:55 | [post] default_name | | main.rs:444:44:444:55 | default_name | main.rs:444:44:444:55 | receiver for default_name | | main.rs:445:18:445:18 | [post] receiver for n | main.rs:445:18:445:18 | [post] n | diff --git a/swift/ql/test/library-tests/dataflow/dataflow/LocalFlow.expected b/swift/ql/test/library-tests/dataflow/dataflow/LocalFlow.expected index 7ec3f1a5aa4..b3dca868067 100644 --- a/swift/ql/test/library-tests/dataflow/dataflow/LocalFlow.expected +++ b/swift/ql/test/library-tests/dataflow/dataflow/LocalFlow.expected @@ -1378,17 +1378,17 @@ | test.swift:888:9:888:9 | stream | test.swift:888:9:888:9 | SSA def(stream) | | test.swift:888:18:896:6 | call to AsyncStream.init(_:bufferingPolicy:_:) | test.swift:888:9:888:9 | stream | | test.swift:889:9:889:9 | continuation | test.swift:890:27:895:13 | continuation | -| test.swift:890:27:895:13 | closure self parameter | test.swift:891:17:891:17 | phi(this) | +| test.swift:890:27:895:13 | closure self parameter | test.swift:891:17:891:17 | SSA phi read(this) | | test.swift:891:17:891:17 | $generator | test.swift:891:17:891:17 | &... | | test.swift:891:17:891:17 | &... | test.swift:891:17:891:17 | $generator | +| test.swift:891:17:891:17 | SSA phi read(this) | test.swift:892:21:892:21 | this | +| test.swift:891:17:891:17 | SSA phi read(this) | test.swift:894:17:894:17 | this | | test.swift:891:17:891:17 | [post] $generator | test.swift:891:17:891:17 | &... | -| test.swift:891:17:891:17 | phi(this) | test.swift:892:21:892:21 | this | -| test.swift:891:17:891:17 | phi(this) | test.swift:894:17:894:17 | this | | test.swift:891:26:891:26 | $generator | test.swift:891:26:891:26 | SSA def($generator) | | test.swift:891:26:891:26 | SSA def($generator) | test.swift:891:17:891:17 | $generator | | test.swift:891:26:891:30 | call to makeIterator() | test.swift:891:26:891:26 | $generator | -| test.swift:892:21:892:21 | this | test.swift:891:17:891:17 | phi(this) | -| test.swift:892:21:892:21 | this | test.swift:891:17:891:17 | phi(this) | +| test.swift:892:21:892:21 | this | test.swift:891:17:891:17 | SSA phi read(this) | +| test.swift:892:21:892:21 | this | test.swift:891:17:891:17 | SSA phi read(this) | | test.swift:898:5:898:5 | $i$generator | test.swift:898:5:898:5 | &... | | test.swift:898:5:898:5 | &... | test.swift:898:5:898:5 | $i$generator | | test.swift:898:5:898:5 | [post] $i$generator | test.swift:898:5:898:5 | &... | From e30fed6eecf67a28bdc5ca06939d0cc68cee6b73 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Mon, 31 Mar 2025 11:30:40 +0200 Subject: [PATCH 072/409] C#: Improve upgrade script. --- .../string_interpol_insert.ql | 57 +++++++++++++++++++ .../upgrade.properties | 4 +- 2 files changed, 60 insertions(+), 1 deletion(-) create mode 100644 csharp/ql/lib/upgrades/a2bda57dbc6eea94c50128522aae536e8edd5a3c/string_interpol_insert.ql diff --git a/csharp/ql/lib/upgrades/a2bda57dbc6eea94c50128522aae536e8edd5a3c/string_interpol_insert.ql b/csharp/ql/lib/upgrades/a2bda57dbc6eea94c50128522aae536e8edd5a3c/string_interpol_insert.ql new file mode 100644 index 00000000000..2df164b2842 --- /dev/null +++ b/csharp/ql/lib/upgrades/a2bda57dbc6eea94c50128522aae536e8edd5a3c/string_interpol_insert.ql @@ -0,0 +1,57 @@ +class Expr extends @expr { + string toString() { none() } +} + +class TypeOrRef extends @type_or_ref { + string toString() { none() } +} + +class StringLiteral extends Expr, @string_literal_expr { } + +class InterpolatedStringExpr extends Expr, @interpolated_string_expr { } + +class StringInterpolationInsert extends Expr, @element { + StringInterpolationInsert() { + expressions(this, _, _) and + expr_parent(this, _, any(InterpolatedStringExpr x)) and + not this instanceof StringLiteral + } +} + +newtype TAddedElement = TInsert(StringInterpolationInsert e) + +module Fresh = QlBuiltins::NewEntity; + +class TNewExpr = @expr or Fresh::EntityId; + +class NewExpr extends TNewExpr { + string toString() { none() } +} + +query predicate new_expressions(NewExpr id, int kind, TypeOrRef t) { + expressions(id, kind, t) + or + exists(StringInterpolationInsert e | + // The type of `e` is just copied even though a null type would be preferred. + expressions(e, _, t) and + Fresh::map(TInsert(e)) = id and + kind = 138 + ) +} + +query predicate new_expr_parent(NewExpr id, int child, NewExpr parent) { + // Keep all parent child relationships except for string interpolation inserts + expr_parent(id, child, parent) and not id instanceof StringInterpolationInsert + or + exists(StringInterpolationInsert e, int child0, NewExpr p0, NewExpr new_id | + expr_parent(e, child0, p0) and new_id = Fresh::map(TInsert(e)) + | + id = new_id and + child = child0 and + parent = p0 + or + id = e and + child = 0 and + parent = new_id + ) +} diff --git a/csharp/ql/lib/upgrades/a2bda57dbc6eea94c50128522aae536e8edd5a3c/upgrade.properties b/csharp/ql/lib/upgrades/a2bda57dbc6eea94c50128522aae536e8edd5a3c/upgrade.properties index 1989c9c8847..ef7a5cbf343 100644 --- a/csharp/ql/lib/upgrades/a2bda57dbc6eea94c50128522aae536e8edd5a3c/upgrade.properties +++ b/csharp/ql/lib/upgrades/a2bda57dbc6eea94c50128522aae536e8edd5a3c/upgrade.properties @@ -1,2 +1,4 @@ description: Add `interpolated_string_insert_expr` kind. -compatibility: partial +compatibility: backwards +expressions.rel: run string_interpol_insert.qlo new_expressions +expr_parent.rel: run string_interpol_insert.qlo new_expr_parent From 8e1282bfde17e8a35194edf9e6adc90d2ff259ec Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Mon, 31 Mar 2025 13:39:03 +0200 Subject: [PATCH 073/409] C#: Improve downgrade script. --- .../expressions.ql | 13 ------- .../string_interpol_insert.ql | 39 +++++++++++++++++++ .../upgrade.properties | 5 ++- 3 files changed, 42 insertions(+), 15 deletions(-) delete mode 100644 csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/expressions.ql create mode 100644 csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/string_interpol_insert.ql diff --git a/csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/expressions.ql b/csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/expressions.ql deleted file mode 100644 index 4f516d1d5cb..00000000000 --- a/csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/expressions.ql +++ /dev/null @@ -1,13 +0,0 @@ -class Expression extends @expr { - string toString() { none() } -} - -class TypeOrRef extends @type_or_ref { - string toString() { none() } -} - -from Expression e, int k, int kind, TypeOrRef t -where - expressions(e, k, t) and - if k = 138 then kind = 106 else kind = k -select e, kind, t diff --git a/csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/string_interpol_insert.ql b/csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/string_interpol_insert.ql new file mode 100644 index 00000000000..3f83b1ea3cc --- /dev/null +++ b/csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/string_interpol_insert.ql @@ -0,0 +1,39 @@ +class Expr extends @expr { + string toString() { none() } +} + +class TypeOrRef extends @type_or_ref { + string toString() { none() } +} + +class InterpolatedStringInsertExpr extends Expr, @interpolated_string_insert_expr { } + +private predicate remove_expr(Expr e) { + exists(InterpolatedStringInsertExpr ie | + e = ie + or + // Alignment + expr_parent(e, 1, ie) + or + // Format + expr_parent(e, 2, ie) + ) +} + +query predicate new_expressions(Expr e, int kind, TypeOrRef t) { + expressions(e, kind, t) and + // Remove the syntheetic intert expression and previously un-extracted children + not remove_expr(e) +} + +query predicate new_expr_parent(Expr e, int child, Expr parent) { + expr_parent(e, child, parent) and + not remove_expr(e) and + not remove_expr(parent) + or + // Use the string interpolation as parent instead of the synthetic insert expression + exists(InterpolatedStringInsertExpr ie | + expr_parent(e, 0, ie) and + expr_parent(ie, child, parent) + ) +} diff --git a/csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/upgrade.properties b/csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/upgrade.properties index 9e9a659b10a..9e8118060f2 100644 --- a/csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/upgrade.properties +++ b/csharp/downgrades/66044cfa5bbf2ecfabd06ead25e91db2bdd79764/upgrade.properties @@ -1,3 +1,4 @@ description: Remove `interpolated_string_insert_expr` kind. -compatibility: partial -expressions.rel: run expressions.qlo +compatibility: backwards +expressions.rel: run string_interpol_insert.qlo new_expressions +expr_parent.rel: run string_interpol_insert.qlo new_expr_parent From f64bdccd6de48aa8e758e2cdc0b38aa76dc687c7 Mon Sep 17 00:00:00 2001 From: Asger F Date: Mon, 31 Mar 2025 15:30:59 +0200 Subject: [PATCH 074/409] Update javascript/ql/lib/semmle/javascript/ApiGraphs.qll Co-authored-by: Erik Krogh Kristensen --- javascript/ql/lib/semmle/javascript/ApiGraphs.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/javascript/ql/lib/semmle/javascript/ApiGraphs.qll b/javascript/ql/lib/semmle/javascript/ApiGraphs.qll index f7b7a3e96d4..1669af0b255 100644 --- a/javascript/ql/lib/semmle/javascript/ApiGraphs.qll +++ b/javascript/ql/lib/semmle/javascript/ApiGraphs.qll @@ -1792,7 +1792,7 @@ module API { LabelSpreadArgument() { this = MkLabelSpreadArgument(index) } - /** The argument index at which the spread argument appears. */ + /** Gets the argument index at which the spread argument appears. */ int getIndex() { result = index } override string toString() { result = "getSpreadArgument(" + index + ")" } From 149ec20758460697132cefbf85c401b2a404bdbc Mon Sep 17 00:00:00 2001 From: Asger F Date: Mon, 31 Mar 2025 15:39:09 +0200 Subject: [PATCH 075/409] JS: Add comment about internal edge --- javascript/ql/lib/semmle/javascript/ApiGraphs.qll | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/javascript/ql/lib/semmle/javascript/ApiGraphs.qll b/javascript/ql/lib/semmle/javascript/ApiGraphs.qll index 1669af0b255..a1ffc8c02f1 100644 --- a/javascript/ql/lib/semmle/javascript/ApiGraphs.qll +++ b/javascript/ql/lib/semmle/javascript/ApiGraphs.qll @@ -1795,7 +1795,10 @@ module API { /** Gets the argument index at which the spread argument appears. */ int getIndex() { result = index } - override string toString() { result = "getSpreadArgument(" + index + ")" } + override string toString() { + // Note: This refers to the internal edge that has no corresponding method on API::Node + result = "getSpreadArgument(" + index + ")" + } } /** A label for a function that is a wrapper around another function. */ From e7bb47f335b29661e43ee22e54d66f78c385cb1c Mon Sep 17 00:00:00 2001 From: yoff Date: Fri, 28 Mar 2025 12:57:58 +0100 Subject: [PATCH 076/409] ruby: add MaD model for permissions needed by actions Use this to suggest minimal set of nedded permissions --- actions/ql/lib/codeql/actions/Ast.qll | 2 + .../lib/codeql/actions/ast/internal/Ast.qll | 2 + .../ql/lib/codeql/actions/config/Config.qll | 10 +++++ .../actions/config/ConfigExtensions.qll | 5 +++ .../ql/lib/ext/config/actions_permissions.yml | 37 +++++++++++++++++++ .../CWE-275/MissingActionsPermissions.ql | 29 +++++++++++++-- .../CWE-275/.github/workflows/perms6.yml | 13 +++++++ .../MissingActionsPermissions.expected | 7 ++-- 8 files changed, 99 insertions(+), 6 deletions(-) create mode 100644 actions/ql/lib/ext/config/actions_permissions.yml create mode 100644 actions/ql/test/query-tests/Security/CWE-275/.github/workflows/perms6.yml diff --git a/actions/ql/lib/codeql/actions/Ast.qll b/actions/ql/lib/codeql/actions/Ast.qll index 8c1925f3288..a50febdea97 100644 --- a/actions/ql/lib/codeql/actions/Ast.qll +++ b/actions/ql/lib/codeql/actions/Ast.qll @@ -242,6 +242,8 @@ class Step extends AstNode instanceof StepImpl { If getIf() { result = super.getIf() } + AstNode getUses() { result = super.getUses() } + StepsContainer getContainer() { result = super.getContainer() } Step getNextStep() { result = super.getNextStep() } diff --git a/actions/ql/lib/codeql/actions/ast/internal/Ast.qll b/actions/ql/lib/codeql/actions/ast/internal/Ast.qll index b0cbb8a1d79..44ae082a34d 100644 --- a/actions/ql/lib/codeql/actions/ast/internal/Ast.qll +++ b/actions/ql/lib/codeql/actions/ast/internal/Ast.qll @@ -1194,6 +1194,8 @@ class StepImpl extends AstNodeImpl, TStepNode { /** Gets the value of the `if` field in this step, if any. */ IfImpl getIf() { result.getNode() = n.lookup("if") } + AstNodeImpl getUses() { result.getNode() = n.lookup("uses") } + /** Gets the Runs or LocalJob that this step is in. */ StepsContainerImpl getContainer() { result = this.getParentNode().(RunsImpl) or diff --git a/actions/ql/lib/codeql/actions/config/Config.qll b/actions/ql/lib/codeql/actions/config/Config.qll index 08bc7e860c6..e55d36f1bab 100644 --- a/actions/ql/lib/codeql/actions/config/Config.qll +++ b/actions/ql/lib/codeql/actions/config/Config.qll @@ -154,3 +154,13 @@ predicate untrustedGitCommandDataModel(string cmd_regex, string flag) { predicate untrustedGhCommandDataModel(string cmd_regex, string flag) { Extensions::untrustedGhCommandDataModel(cmd_regex, flag) } + +/** + * MaD models for permissions needed by actions + * Fields: + * - action: action name + * - permission: permission name + */ +predicate actionsPermissionsDataModel(string action, string permission) { + Extensions::actionsPermissionsDataModel(action, permission) +} diff --git a/actions/ql/lib/codeql/actions/config/ConfigExtensions.qll b/actions/ql/lib/codeql/actions/config/ConfigExtensions.qll index 68685f5874b..b86ce68a5fd 100644 --- a/actions/ql/lib/codeql/actions/config/ConfigExtensions.qll +++ b/actions/ql/lib/codeql/actions/config/ConfigExtensions.qll @@ -77,3 +77,8 @@ extensible predicate untrustedGitCommandDataModel(string cmd_regex, string flag) * Holds for gh commands that may introduce untrusted data */ extensible predicate untrustedGhCommandDataModel(string cmd_regex, string flag); + +/** + * Holds if `action` needs `permission` to run. + */ +extensible predicate actionsPermissionsDataModel(string action, string permission); diff --git a/actions/ql/lib/ext/config/actions_permissions.yml b/actions/ql/lib/ext/config/actions_permissions.yml new file mode 100644 index 00000000000..6e0081973de --- /dev/null +++ b/actions/ql/lib/ext/config/actions_permissions.yml @@ -0,0 +1,37 @@ +extensions: + - addsTo: + pack: codeql/actions-all + extensible: actionsPermissionsDataModel + data: + - ["actions/checkout", "contents: read"] + - ["actions/setup-node", "contents: read"] + - ["actions/setup-python", "contents: read"] + - ["actions/setup-java", "contents: read"] + - ["actions/setup-go", "contents: read"] + - ["actions/setup-dotnet", "contents: read"] + - ["actions/labeler", "contents: read"] + - ["actions/labeler", "pull-requests: write"] + - ["actions/attest", "id-token: write"] + - ["actions/attest", "attestations: write"] + # No permissions needed for actions/add-to-project + - ["actions/dependency-review-action", "contents: read"] + - ["actions/attest-sbom", "id-token: write"] + - ["actions/attest-sbom", "attestations: write"] + - ["actions/stale", "contents: write"] + - ["actions/stale", "issues: write"] + - ["actions/stale", "pull-requests: write"] + - ["actions/attest-build-provenance", "id-token: write"] + - ["actions/attest-build-provenance", "attestations: write"] + - ["actions/jekyll-build-pages", "contents: read"] + - ["actions/jekyll-build-pages", "pages: write"] + - ["actions/jekyll-build-pages", "id-token: write"] + - ["actions/publish-action", "contents: write"] + - ["actions/versions-package-tools", "contents: read"] + - ["actions/versions-package-tools", "actions: read"] + - ["actions/reusable-workflows", "contents: read"] + - ["actions/reusable-workflows", "actions: read"] + # TODO: Add permissions for actions/download-artifact + # TODO: Add permissions for actions/upload-artifact + # TODO: Add permissions for actions/cache + + diff --git a/actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql b/actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql index 4f7e951d7ed..6d5bd04b3e2 100644 --- a/actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql +++ b/actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql @@ -14,7 +14,28 @@ import actions -from Job job +Step stepInJob(Job job) { result = job.(LocalJob).getAStep() } + +bindingset[fullActionSelector] +string versionedAction(string fullActionSelector) { + result = fullActionSelector.substring(0, fullActionSelector.indexOf("@")) + or + not exists(fullActionSelector.indexOf("@")) and + result = fullActionSelector +} + +string stepUses(Step step) { result = step.getUses().(ScalarValue).getValue() } + +string jobNeedsPersmission(Job job) { + actionsPermissionsDataModel(versionedAction(stepUses(stepInJob(job))), result) +} + +string permissionsForJob(Job job) { + result = + "{" + concat(string permission | permission = jobNeedsPersmission(job) | permission, ", ") + "}" +} + +from Job job, string permissions where not exists(job.getPermissions()) and not exists(job.getEnclosingWorkflow().getPermissions()) and @@ -22,5 +43,7 @@ where exists(Event e | e = job.getATriggerEvent() and not e.getName() = "workflow_call" - ) -select job, "Actions Job or Workflow does not set permissions" + ) and + permissions = permissionsForJob(job) +select job, + "Actions Job or Workflow does not set permissions. A minimal set might be " + permissions diff --git a/actions/ql/test/query-tests/Security/CWE-275/.github/workflows/perms6.yml b/actions/ql/test/query-tests/Security/CWE-275/.github/workflows/perms6.yml new file mode 100644 index 00000000000..2824ca14a7e --- /dev/null +++ b/actions/ql/test/query-tests/Security/CWE-275/.github/workflows/perms6.yml @@ -0,0 +1,13 @@ +on: + workflow_call: + workflow_dispatch: + +jobs: + build: + name: Build and test + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: actions/jekyll-build-pages + + diff --git a/actions/ql/test/query-tests/Security/CWE-275/MissingActionsPermissions.expected b/actions/ql/test/query-tests/Security/CWE-275/MissingActionsPermissions.expected index 8f94d0dc45a..c7103d6f8dd 100644 --- a/actions/ql/test/query-tests/Security/CWE-275/MissingActionsPermissions.expected +++ b/actions/ql/test/query-tests/Security/CWE-275/MissingActionsPermissions.expected @@ -1,3 +1,4 @@ -| .github/workflows/perms1.yml:6:5:9:32 | Job: build | Actions Job or Workflow does not set permissions | -| .github/workflows/perms2.yml:6:5:10:2 | Job: build | Actions Job or Workflow does not set permissions | -| .github/workflows/perms5.yml:7:5:10:32 | Job: build | Actions Job or Workflow does not set permissions | +| .github/workflows/perms1.yml:6:5:9:32 | Job: build | Actions Job or Workflow does not set permissions. A minimal set might be {contents: read} | +| .github/workflows/perms2.yml:6:5:10:2 | Job: build | Actions Job or Workflow does not set permissions. A minimal set might be {contents: read} | +| .github/workflows/perms5.yml:7:5:10:32 | Job: build | Actions Job or Workflow does not set permissions. A minimal set might be {contents: read} | +| .github/workflows/perms6.yml:7:5:11:39 | Job: build | Actions Job or Workflow does not set permissions. A minimal set might be {contents: read, id-token: write, pages: write} | From f5d6fd081d1aba415836168cb435fe102737c1e3 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Mon, 31 Mar 2025 16:49:45 +0200 Subject: [PATCH 077/409] Rust: introduce upgrades/downgrades infrastructure --- misc/scripts/prepare-db-upgrade.sh | 2 +- rust/BUILD.bazel | 1 + rust/downgrades/BUILD.bazel | 12 + rust/downgrades/initial/rust.dbscheme | 3601 ++++++++++++++++++++ rust/downgrades/qlpack.yml | 5 + rust/ql/lib/upgrades/initial/rust.dbscheme | 3601 ++++++++++++++++++++ 6 files changed, 7221 insertions(+), 1 deletion(-) create mode 100644 rust/downgrades/BUILD.bazel create mode 100644 rust/downgrades/initial/rust.dbscheme create mode 100644 rust/downgrades/qlpack.yml create mode 100644 rust/ql/lib/upgrades/initial/rust.dbscheme diff --git a/misc/scripts/prepare-db-upgrade.sh b/misc/scripts/prepare-db-upgrade.sh index 8a8b32d1740..bbbeefc4318 100755 --- a/misc/scripts/prepare-db-upgrade.sh +++ b/misc/scripts/prepare-db-upgrade.sh @@ -86,7 +86,7 @@ case "${lang}" in csharp | cpp | javascript | python) scheme_file="${lang}/ql/lib/semmlecode.${lang}.dbscheme" ;; - go | ruby | swift) + go | ruby | rust | swift) scheme_file="${lang}/ql/lib/${lang}.dbscheme" ;; *) diff --git a/rust/BUILD.bazel b/rust/BUILD.bazel index f70f87a9b63..9cdc89dd52f 100644 --- a/rust/BUILD.bazel +++ b/rust/BUILD.bazel @@ -55,6 +55,7 @@ codeql_pack( srcs = [ ":root-files", ":tools", + "//rust/downgrades", ], experimental = True, ) diff --git a/rust/downgrades/BUILD.bazel b/rust/downgrades/BUILD.bazel new file mode 100644 index 00000000000..8aff16d8071 --- /dev/null +++ b/rust/downgrades/BUILD.bazel @@ -0,0 +1,12 @@ +load("@rules_pkg//pkg:mappings.bzl", "pkg_files", "strip_prefix") + +pkg_files( + name = "downgrades", + srcs = glob( + ["**"], + exclude = ["BUILD.bazel"], + ), + prefix = "downgrades", + strip_prefix = strip_prefix.from_pkg(), + visibility = ["//rust:__pkg__"], +) diff --git a/rust/downgrades/initial/rust.dbscheme b/rust/downgrades/initial/rust.dbscheme new file mode 100644 index 00000000000..256e80c2dce --- /dev/null +++ b/rust/downgrades/initial/rust.dbscheme @@ -0,0 +1,3601 @@ +// generated by codegen, do not edit + +// from ../shared/tree-sitter-extractor/src/generator/prefix.dbscheme +/*- Files and folders -*/ + +/** + * The location of an element. + * The location spans column `startcolumn` of line `startline` to + * column `endcolumn` of line `endline` in file `file`. + * For more information, see + * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). + */ +locations_default( + unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref +); + +files( + unique int id: @file, + string name: string ref +); + +folders( + unique int id: @folder, + string name: string ref +); + +@container = @file | @folder + +containerparent( + int parent: @container ref, + unique int child: @container ref +); + +/*- Empty location -*/ + +empty_location( + int location: @location_default ref +); + +/*- Source location prefix -*/ + +/** + * The source location of the snapshot. + */ +sourceLocationPrefix(string prefix : string ref); + +/*- Diagnostic messages -*/ + +diagnostics( + unique int id: @diagnostic, + int severity: int ref, + string error_tag: string ref, + string error_message: string ref, + string full_error_message: string ref, + int location: @location_default ref +); + +/*- Diagnostic messages: severity -*/ + +case @diagnostic.severity of + 10 = @diagnostic_debug +| 20 = @diagnostic_info +| 30 = @diagnostic_warning +| 40 = @diagnostic_error +; + +/*- YAML -*/ + +#keyset[parent, idx] +yaml (unique int id: @yaml_node, + int kind: int ref, + int parent: @yaml_node_parent ref, + int idx: int ref, + string tag: string ref, + string tostring: string ref); + +case @yaml_node.kind of + 0 = @yaml_scalar_node +| 1 = @yaml_mapping_node +| 2 = @yaml_sequence_node +| 3 = @yaml_alias_node +; + +@yaml_collection_node = @yaml_mapping_node | @yaml_sequence_node; + +@yaml_node_parent = @yaml_collection_node | @file; + +yaml_anchors (unique int node: @yaml_node ref, + string anchor: string ref); + +yaml_aliases (unique int alias: @yaml_alias_node ref, + string target: string ref); + +yaml_scalars (unique int scalar: @yaml_scalar_node ref, + int style: int ref, + string value: string ref); + +yaml_errors (unique int id: @yaml_error, + string message: string ref); + +yaml_locations(unique int locatable: @yaml_locatable ref, + int location: @location_default ref); + +@yaml_locatable = @yaml_node | @yaml_error; + + +// from prefix.dbscheme +#keyset[id] +locatable_locations( + int id: @locatable ref, + int location: @location_default ref +); + + +// from schema + +@element = + @extractor_step +| @locatable +| @named_crate +| @unextracted +; + +extractor_steps( + unique int id: @extractor_step, + string action: string ref, + int duration_ms: int ref +); + +#keyset[id] +extractor_step_files( + int id: @extractor_step ref, + int file: @file ref +); + +@locatable = + @ast_node +| @crate +; + +named_crates( + unique int id: @named_crate, + string name: string ref, + int crate: @crate ref +); + +@unextracted = + @missing +| @unimplemented +; + +@ast_node = + @abi +| @addressable +| @arg_list +| @asm_dir_spec +| @asm_operand +| @asm_operand_expr +| @asm_option +| @asm_piece +| @asm_reg_spec +| @assoc_item +| @assoc_item_list +| @attr +| @callable +| @closure_binder +| @expr +| @extern_item +| @extern_item_list +| @field_list +| @format_args_arg +| @generic_arg +| @generic_arg_list +| @generic_param +| @generic_param_list +| @item_list +| @label +| @let_else +| @macro_items +| @macro_stmts +| @match_arm +| @match_arm_list +| @match_guard +| @meta +| @name +| @param_base +| @param_list +| @parenthesized_arg_list +| @pat +| @path +| @path_segment +| @rename +| @resolvable +| @ret_type_repr +| @return_type_syntax +| @source_file +| @stmt +| @stmt_list +| @struct_expr_field +| @struct_expr_field_list +| @struct_field +| @struct_pat_field +| @struct_pat_field_list +| @token +| @token_tree +| @tuple_field +| @type_bound +| @type_bound_list +| @type_repr +| @use_bound_generic_arg +| @use_bound_generic_args +| @use_tree +| @use_tree_list +| @variant_def +| @variant_list +| @visibility +| @where_clause +| @where_pred +; + +crates( + unique int id: @crate +); + +#keyset[id] +crate_names( + int id: @crate ref, + string name: string ref +); + +#keyset[id] +crate_versions( + int id: @crate ref, + string version: string ref +); + +#keyset[id] +crate_modules( + int id: @crate ref, + int module: @module ref +); + +#keyset[id, index] +crate_cfg_options( + int id: @crate ref, + int index: int ref, + string cfg_option: string ref +); + +#keyset[id, index] +crate_named_dependencies( + int id: @crate ref, + int index: int ref, + int named_dependency: @named_crate ref +); + +missings( + unique int id: @missing +); + +unimplementeds( + unique int id: @unimplemented +); + +abis( + unique int id: @abi +); + +#keyset[id] +abi_abi_strings( + int id: @abi ref, + string abi_string: string ref +); + +@addressable = + @item +| @variant +; + +#keyset[id] +addressable_extended_canonical_paths( + int id: @addressable ref, + string extended_canonical_path: string ref +); + +#keyset[id] +addressable_crate_origins( + int id: @addressable ref, + string crate_origin: string ref +); + +arg_lists( + unique int id: @arg_list +); + +#keyset[id, index] +arg_list_args( + int id: @arg_list ref, + int index: int ref, + int arg: @expr ref +); + +asm_dir_specs( + unique int id: @asm_dir_spec +); + +@asm_operand = + @asm_const +| @asm_label +| @asm_reg_operand +| @asm_sym +; + +asm_operand_exprs( + unique int id: @asm_operand_expr +); + +#keyset[id] +asm_operand_expr_in_exprs( + int id: @asm_operand_expr ref, + int in_expr: @expr ref +); + +#keyset[id] +asm_operand_expr_out_exprs( + int id: @asm_operand_expr ref, + int out_expr: @expr ref +); + +asm_options( + unique int id: @asm_option +); + +#keyset[id] +asm_option_is_raw( + int id: @asm_option ref +); + +@asm_piece = + @asm_clobber_abi +| @asm_operand_named +| @asm_options_list +; + +asm_reg_specs( + unique int id: @asm_reg_spec +); + +#keyset[id] +asm_reg_spec_identifiers( + int id: @asm_reg_spec ref, + int identifier: @name_ref ref +); + +@assoc_item = + @const +| @function +| @macro_call +| @type_alias +; + +assoc_item_lists( + unique int id: @assoc_item_list +); + +#keyset[id, index] +assoc_item_list_assoc_items( + int id: @assoc_item_list ref, + int index: int ref, + int assoc_item: @assoc_item ref +); + +#keyset[id, index] +assoc_item_list_attrs( + int id: @assoc_item_list ref, + int index: int ref, + int attr: @attr ref +); + +attrs( + unique int id: @attr +); + +#keyset[id] +attr_meta( + int id: @attr ref, + int meta: @meta ref +); + +@callable = + @closure_expr +| @function +; + +#keyset[id] +callable_param_lists( + int id: @callable ref, + int param_list: @param_list ref +); + +#keyset[id, index] +callable_attrs( + int id: @callable ref, + int index: int ref, + int attr: @attr ref +); + +closure_binders( + unique int id: @closure_binder +); + +#keyset[id] +closure_binder_generic_param_lists( + int id: @closure_binder ref, + int generic_param_list: @generic_param_list ref +); + +@expr = + @array_expr_internal +| @asm_expr +| @await_expr +| @become_expr +| @binary_expr +| @break_expr +| @call_expr_base +| @cast_expr +| @closure_expr +| @continue_expr +| @field_expr +| @format_args_expr +| @if_expr +| @index_expr +| @labelable_expr +| @let_expr +| @literal_expr +| @macro_expr +| @match_expr +| @offset_of_expr +| @paren_expr +| @path_expr_base +| @prefix_expr +| @range_expr +| @ref_expr +| @return_expr +| @struct_expr +| @try_expr +| @tuple_expr +| @underscore_expr +| @yeet_expr +| @yield_expr +; + +@extern_item = + @function +| @macro_call +| @static +| @type_alias +; + +extern_item_lists( + unique int id: @extern_item_list +); + +#keyset[id, index] +extern_item_list_attrs( + int id: @extern_item_list ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id, index] +extern_item_list_extern_items( + int id: @extern_item_list ref, + int index: int ref, + int extern_item: @extern_item ref +); + +@field_list = + @struct_field_list +| @tuple_field_list +; + +format_args_args( + unique int id: @format_args_arg +); + +#keyset[id] +format_args_arg_exprs( + int id: @format_args_arg ref, + int expr: @expr ref +); + +#keyset[id] +format_args_arg_names( + int id: @format_args_arg ref, + int name: @name ref +); + +@generic_arg = + @assoc_type_arg +| @const_arg +| @lifetime_arg +| @type_arg +; + +generic_arg_lists( + unique int id: @generic_arg_list +); + +#keyset[id, index] +generic_arg_list_generic_args( + int id: @generic_arg_list ref, + int index: int ref, + int generic_arg: @generic_arg ref +); + +@generic_param = + @const_param +| @lifetime_param +| @type_param +; + +generic_param_lists( + unique int id: @generic_param_list +); + +#keyset[id, index] +generic_param_list_generic_params( + int id: @generic_param_list ref, + int index: int ref, + int generic_param: @generic_param ref +); + +item_lists( + unique int id: @item_list +); + +#keyset[id, index] +item_list_attrs( + int id: @item_list ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id, index] +item_list_items( + int id: @item_list ref, + int index: int ref, + int item: @item ref +); + +labels( + unique int id: @label +); + +#keyset[id] +label_lifetimes( + int id: @label ref, + int lifetime: @lifetime ref +); + +let_elses( + unique int id: @let_else +); + +#keyset[id] +let_else_block_exprs( + int id: @let_else ref, + int block_expr: @block_expr ref +); + +macro_items( + unique int id: @macro_items +); + +#keyset[id, index] +macro_items_items( + int id: @macro_items ref, + int index: int ref, + int item: @item ref +); + +macro_stmts( + unique int id: @macro_stmts +); + +#keyset[id] +macro_stmts_exprs( + int id: @macro_stmts ref, + int expr: @expr ref +); + +#keyset[id, index] +macro_stmts_statements( + int id: @macro_stmts ref, + int index: int ref, + int statement: @stmt ref +); + +match_arms( + unique int id: @match_arm +); + +#keyset[id, index] +match_arm_attrs( + int id: @match_arm ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +match_arm_exprs( + int id: @match_arm ref, + int expr: @expr ref +); + +#keyset[id] +match_arm_guards( + int id: @match_arm ref, + int guard: @match_guard ref +); + +#keyset[id] +match_arm_pats( + int id: @match_arm ref, + int pat: @pat ref +); + +match_arm_lists( + unique int id: @match_arm_list +); + +#keyset[id, index] +match_arm_list_arms( + int id: @match_arm_list ref, + int index: int ref, + int arm: @match_arm ref +); + +#keyset[id, index] +match_arm_list_attrs( + int id: @match_arm_list ref, + int index: int ref, + int attr: @attr ref +); + +match_guards( + unique int id: @match_guard +); + +#keyset[id] +match_guard_conditions( + int id: @match_guard ref, + int condition: @expr ref +); + +meta( + unique int id: @meta +); + +#keyset[id] +meta_exprs( + int id: @meta ref, + int expr: @expr ref +); + +#keyset[id] +meta_is_unsafe( + int id: @meta ref +); + +#keyset[id] +meta_paths( + int id: @meta ref, + int path: @path ref +); + +#keyset[id] +meta_token_trees( + int id: @meta ref, + int token_tree: @token_tree ref +); + +names( + unique int id: @name +); + +#keyset[id] +name_texts( + int id: @name ref, + string text: string ref +); + +@param_base = + @param +| @self_param +; + +#keyset[id, index] +param_base_attrs( + int id: @param_base ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +param_base_type_reprs( + int id: @param_base ref, + int type_repr: @type_repr ref +); + +param_lists( + unique int id: @param_list +); + +#keyset[id, index] +param_list_params( + int id: @param_list ref, + int index: int ref, + int param: @param ref +); + +#keyset[id] +param_list_self_params( + int id: @param_list ref, + int self_param: @self_param ref +); + +parenthesized_arg_lists( + unique int id: @parenthesized_arg_list +); + +#keyset[id, index] +parenthesized_arg_list_type_args( + int id: @parenthesized_arg_list ref, + int index: int ref, + int type_arg: @type_arg ref +); + +@pat = + @box_pat +| @const_block_pat +| @ident_pat +| @literal_pat +| @macro_pat +| @or_pat +| @paren_pat +| @path_pat +| @range_pat +| @ref_pat +| @rest_pat +| @slice_pat +| @struct_pat +| @tuple_pat +| @tuple_struct_pat +| @wildcard_pat +; + +paths( + unique int id: @path +); + +#keyset[id] +path_qualifiers( + int id: @path ref, + int qualifier: @path ref +); + +#keyset[id] +path_segments_( + int id: @path ref, + int segment: @path_segment ref +); + +path_segments( + unique int id: @path_segment +); + +#keyset[id] +path_segment_generic_arg_lists( + int id: @path_segment ref, + int generic_arg_list: @generic_arg_list ref +); + +#keyset[id] +path_segment_identifiers( + int id: @path_segment ref, + int identifier: @name_ref ref +); + +#keyset[id] +path_segment_parenthesized_arg_lists( + int id: @path_segment ref, + int parenthesized_arg_list: @parenthesized_arg_list ref +); + +#keyset[id] +path_segment_ret_types( + int id: @path_segment ref, + int ret_type: @ret_type_repr ref +); + +#keyset[id] +path_segment_return_type_syntaxes( + int id: @path_segment ref, + int return_type_syntax: @return_type_syntax ref +); + +#keyset[id] +path_segment_type_reprs( + int id: @path_segment ref, + int type_repr: @type_repr ref +); + +#keyset[id] +path_segment_trait_type_reprs( + int id: @path_segment ref, + int trait_type_repr: @path_type_repr ref +); + +renames( + unique int id: @rename +); + +#keyset[id] +rename_names( + int id: @rename ref, + int name: @name ref +); + +@resolvable = + @method_call_expr +| @path_ast_node +; + +#keyset[id] +resolvable_resolved_paths( + int id: @resolvable ref, + string resolved_path: string ref +); + +#keyset[id] +resolvable_resolved_crate_origins( + int id: @resolvable ref, + string resolved_crate_origin: string ref +); + +ret_type_reprs( + unique int id: @ret_type_repr +); + +#keyset[id] +ret_type_repr_type_reprs( + int id: @ret_type_repr ref, + int type_repr: @type_repr ref +); + +return_type_syntaxes( + unique int id: @return_type_syntax +); + +source_files( + unique int id: @source_file +); + +#keyset[id, index] +source_file_attrs( + int id: @source_file ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id, index] +source_file_items( + int id: @source_file ref, + int index: int ref, + int item: @item ref +); + +@stmt = + @expr_stmt +| @item +| @let_stmt +; + +stmt_lists( + unique int id: @stmt_list +); + +#keyset[id, index] +stmt_list_attrs( + int id: @stmt_list ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id, index] +stmt_list_statements( + int id: @stmt_list ref, + int index: int ref, + int statement: @stmt ref +); + +#keyset[id] +stmt_list_tail_exprs( + int id: @stmt_list ref, + int tail_expr: @expr ref +); + +struct_expr_fields( + unique int id: @struct_expr_field +); + +#keyset[id, index] +struct_expr_field_attrs( + int id: @struct_expr_field ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +struct_expr_field_exprs( + int id: @struct_expr_field ref, + int expr: @expr ref +); + +#keyset[id] +struct_expr_field_identifiers( + int id: @struct_expr_field ref, + int identifier: @name_ref ref +); + +struct_expr_field_lists( + unique int id: @struct_expr_field_list +); + +#keyset[id, index] +struct_expr_field_list_attrs( + int id: @struct_expr_field_list ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id, index] +struct_expr_field_list_fields( + int id: @struct_expr_field_list ref, + int index: int ref, + int field: @struct_expr_field ref +); + +#keyset[id] +struct_expr_field_list_spreads( + int id: @struct_expr_field_list ref, + int spread: @expr ref +); + +struct_fields( + unique int id: @struct_field +); + +#keyset[id, index] +struct_field_attrs( + int id: @struct_field ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +struct_field_defaults( + int id: @struct_field ref, + int default: @expr ref +); + +#keyset[id] +struct_field_names( + int id: @struct_field ref, + int name: @name ref +); + +#keyset[id] +struct_field_type_reprs( + int id: @struct_field ref, + int type_repr: @type_repr ref +); + +#keyset[id] +struct_field_visibilities( + int id: @struct_field ref, + int visibility: @visibility ref +); + +struct_pat_fields( + unique int id: @struct_pat_field +); + +#keyset[id, index] +struct_pat_field_attrs( + int id: @struct_pat_field ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +struct_pat_field_identifiers( + int id: @struct_pat_field ref, + int identifier: @name_ref ref +); + +#keyset[id] +struct_pat_field_pats( + int id: @struct_pat_field ref, + int pat: @pat ref +); + +struct_pat_field_lists( + unique int id: @struct_pat_field_list +); + +#keyset[id, index] +struct_pat_field_list_fields( + int id: @struct_pat_field_list ref, + int index: int ref, + int field: @struct_pat_field ref +); + +#keyset[id] +struct_pat_field_list_rest_pats( + int id: @struct_pat_field_list ref, + int rest_pat: @rest_pat ref +); + +@token = + @comment +; + +token_trees( + unique int id: @token_tree +); + +tuple_fields( + unique int id: @tuple_field +); + +#keyset[id, index] +tuple_field_attrs( + int id: @tuple_field ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +tuple_field_type_reprs( + int id: @tuple_field ref, + int type_repr: @type_repr ref +); + +#keyset[id] +tuple_field_visibilities( + int id: @tuple_field ref, + int visibility: @visibility ref +); + +type_bounds( + unique int id: @type_bound +); + +#keyset[id] +type_bound_is_async( + int id: @type_bound ref +); + +#keyset[id] +type_bound_is_const( + int id: @type_bound ref +); + +#keyset[id] +type_bound_lifetimes( + int id: @type_bound ref, + int lifetime: @lifetime ref +); + +#keyset[id] +type_bound_type_reprs( + int id: @type_bound ref, + int type_repr: @type_repr ref +); + +#keyset[id] +type_bound_use_bound_generic_args( + int id: @type_bound ref, + int use_bound_generic_args: @use_bound_generic_args ref +); + +type_bound_lists( + unique int id: @type_bound_list +); + +#keyset[id, index] +type_bound_list_bounds( + int id: @type_bound_list ref, + int index: int ref, + int bound: @type_bound ref +); + +@type_repr = + @array_type_repr +| @dyn_trait_type_repr +| @fn_ptr_type_repr +| @for_type_repr +| @impl_trait_type_repr +| @infer_type_repr +| @macro_type_repr +| @never_type_repr +| @paren_type_repr +| @path_type_repr +| @ptr_type_repr +| @ref_type_repr +| @slice_type_repr +| @tuple_type_repr +; + +@use_bound_generic_arg = + @lifetime +| @name_ref +; + +use_bound_generic_args( + unique int id: @use_bound_generic_args +); + +#keyset[id, index] +use_bound_generic_args_use_bound_generic_args( + int id: @use_bound_generic_args ref, + int index: int ref, + int use_bound_generic_arg: @use_bound_generic_arg ref +); + +use_trees( + unique int id: @use_tree +); + +#keyset[id] +use_tree_is_glob( + int id: @use_tree ref +); + +#keyset[id] +use_tree_paths( + int id: @use_tree ref, + int path: @path ref +); + +#keyset[id] +use_tree_renames( + int id: @use_tree ref, + int rename: @rename ref +); + +#keyset[id] +use_tree_use_tree_lists( + int id: @use_tree ref, + int use_tree_list: @use_tree_list ref +); + +use_tree_lists( + unique int id: @use_tree_list +); + +#keyset[id, index] +use_tree_list_use_trees( + int id: @use_tree_list ref, + int index: int ref, + int use_tree: @use_tree ref +); + +@variant_def = + @struct +| @union +| @variant +; + +variant_lists( + unique int id: @variant_list +); + +#keyset[id, index] +variant_list_variants( + int id: @variant_list ref, + int index: int ref, + int variant: @variant ref +); + +visibilities( + unique int id: @visibility +); + +#keyset[id] +visibility_paths( + int id: @visibility ref, + int path: @path ref +); + +where_clauses( + unique int id: @where_clause +); + +#keyset[id, index] +where_clause_predicates( + int id: @where_clause ref, + int index: int ref, + int predicate: @where_pred ref +); + +where_preds( + unique int id: @where_pred +); + +#keyset[id] +where_pred_generic_param_lists( + int id: @where_pred ref, + int generic_param_list: @generic_param_list ref +); + +#keyset[id] +where_pred_lifetimes( + int id: @where_pred ref, + int lifetime: @lifetime ref +); + +#keyset[id] +where_pred_type_reprs( + int id: @where_pred ref, + int type_repr: @type_repr ref +); + +#keyset[id] +where_pred_type_bound_lists( + int id: @where_pred ref, + int type_bound_list: @type_bound_list ref +); + +array_expr_internals( + unique int id: @array_expr_internal +); + +#keyset[id, index] +array_expr_internal_attrs( + int id: @array_expr_internal ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id, index] +array_expr_internal_exprs( + int id: @array_expr_internal ref, + int index: int ref, + int expr: @expr ref +); + +#keyset[id] +array_expr_internal_is_semicolon( + int id: @array_expr_internal ref +); + +array_type_reprs( + unique int id: @array_type_repr +); + +#keyset[id] +array_type_repr_const_args( + int id: @array_type_repr ref, + int const_arg: @const_arg ref +); + +#keyset[id] +array_type_repr_element_type_reprs( + int id: @array_type_repr ref, + int element_type_repr: @type_repr ref +); + +asm_clobber_abis( + unique int id: @asm_clobber_abi +); + +asm_consts( + unique int id: @asm_const +); + +#keyset[id] +asm_const_exprs( + int id: @asm_const ref, + int expr: @expr ref +); + +#keyset[id] +asm_const_is_const( + int id: @asm_const ref +); + +asm_exprs( + unique int id: @asm_expr +); + +#keyset[id, index] +asm_expr_asm_pieces( + int id: @asm_expr ref, + int index: int ref, + int asm_piece: @asm_piece ref +); + +#keyset[id, index] +asm_expr_attrs( + int id: @asm_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id, index] +asm_expr_templates( + int id: @asm_expr ref, + int index: int ref, + int template: @expr ref +); + +asm_labels( + unique int id: @asm_label +); + +#keyset[id] +asm_label_block_exprs( + int id: @asm_label ref, + int block_expr: @block_expr ref +); + +asm_operand_nameds( + unique int id: @asm_operand_named +); + +#keyset[id] +asm_operand_named_asm_operands( + int id: @asm_operand_named ref, + int asm_operand: @asm_operand ref +); + +#keyset[id] +asm_operand_named_names( + int id: @asm_operand_named ref, + int name: @name ref +); + +asm_options_lists( + unique int id: @asm_options_list +); + +#keyset[id, index] +asm_options_list_asm_options( + int id: @asm_options_list ref, + int index: int ref, + int asm_option: @asm_option ref +); + +asm_reg_operands( + unique int id: @asm_reg_operand +); + +#keyset[id] +asm_reg_operand_asm_dir_specs( + int id: @asm_reg_operand ref, + int asm_dir_spec: @asm_dir_spec ref +); + +#keyset[id] +asm_reg_operand_asm_operand_exprs( + int id: @asm_reg_operand ref, + int asm_operand_expr: @asm_operand_expr ref +); + +#keyset[id] +asm_reg_operand_asm_reg_specs( + int id: @asm_reg_operand ref, + int asm_reg_spec: @asm_reg_spec ref +); + +asm_syms( + unique int id: @asm_sym +); + +#keyset[id] +asm_sym_paths( + int id: @asm_sym ref, + int path: @path ref +); + +assoc_type_args( + unique int id: @assoc_type_arg +); + +#keyset[id] +assoc_type_arg_const_args( + int id: @assoc_type_arg ref, + int const_arg: @const_arg ref +); + +#keyset[id] +assoc_type_arg_generic_arg_lists( + int id: @assoc_type_arg ref, + int generic_arg_list: @generic_arg_list ref +); + +#keyset[id] +assoc_type_arg_identifiers( + int id: @assoc_type_arg ref, + int identifier: @name_ref ref +); + +#keyset[id] +assoc_type_arg_param_lists( + int id: @assoc_type_arg ref, + int param_list: @param_list ref +); + +#keyset[id] +assoc_type_arg_ret_types( + int id: @assoc_type_arg ref, + int ret_type: @ret_type_repr ref +); + +#keyset[id] +assoc_type_arg_return_type_syntaxes( + int id: @assoc_type_arg ref, + int return_type_syntax: @return_type_syntax ref +); + +#keyset[id] +assoc_type_arg_type_reprs( + int id: @assoc_type_arg ref, + int type_repr: @type_repr ref +); + +#keyset[id] +assoc_type_arg_type_bound_lists( + int id: @assoc_type_arg ref, + int type_bound_list: @type_bound_list ref +); + +await_exprs( + unique int id: @await_expr +); + +#keyset[id, index] +await_expr_attrs( + int id: @await_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +await_expr_exprs( + int id: @await_expr ref, + int expr: @expr ref +); + +become_exprs( + unique int id: @become_expr +); + +#keyset[id, index] +become_expr_attrs( + int id: @become_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +become_expr_exprs( + int id: @become_expr ref, + int expr: @expr ref +); + +binary_exprs( + unique int id: @binary_expr +); + +#keyset[id, index] +binary_expr_attrs( + int id: @binary_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +binary_expr_lhs( + int id: @binary_expr ref, + int lhs: @expr ref +); + +#keyset[id] +binary_expr_operator_names( + int id: @binary_expr ref, + string operator_name: string ref +); + +#keyset[id] +binary_expr_rhs( + int id: @binary_expr ref, + int rhs: @expr ref +); + +box_pats( + unique int id: @box_pat +); + +#keyset[id] +box_pat_pats( + int id: @box_pat ref, + int pat: @pat ref +); + +break_exprs( + unique int id: @break_expr +); + +#keyset[id, index] +break_expr_attrs( + int id: @break_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +break_expr_exprs( + int id: @break_expr ref, + int expr: @expr ref +); + +#keyset[id] +break_expr_lifetimes( + int id: @break_expr ref, + int lifetime: @lifetime ref +); + +@call_expr_base = + @call_expr +| @method_call_expr +; + +#keyset[id] +call_expr_base_arg_lists( + int id: @call_expr_base ref, + int arg_list: @arg_list ref +); + +#keyset[id, index] +call_expr_base_attrs( + int id: @call_expr_base ref, + int index: int ref, + int attr: @attr ref +); + +cast_exprs( + unique int id: @cast_expr +); + +#keyset[id, index] +cast_expr_attrs( + int id: @cast_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +cast_expr_exprs( + int id: @cast_expr ref, + int expr: @expr ref +); + +#keyset[id] +cast_expr_type_reprs( + int id: @cast_expr ref, + int type_repr: @type_repr ref +); + +closure_exprs( + unique int id: @closure_expr +); + +#keyset[id] +closure_expr_bodies( + int id: @closure_expr ref, + int body: @expr ref +); + +#keyset[id] +closure_expr_closure_binders( + int id: @closure_expr ref, + int closure_binder: @closure_binder ref +); + +#keyset[id] +closure_expr_is_async( + int id: @closure_expr ref +); + +#keyset[id] +closure_expr_is_const( + int id: @closure_expr ref +); + +#keyset[id] +closure_expr_is_gen( + int id: @closure_expr ref +); + +#keyset[id] +closure_expr_is_move( + int id: @closure_expr ref +); + +#keyset[id] +closure_expr_is_static( + int id: @closure_expr ref +); + +#keyset[id] +closure_expr_ret_types( + int id: @closure_expr ref, + int ret_type: @ret_type_repr ref +); + +comments( + unique int id: @comment, + int parent: @ast_node ref, + string text: string ref +); + +const_args( + unique int id: @const_arg +); + +#keyset[id] +const_arg_exprs( + int id: @const_arg ref, + int expr: @expr ref +); + +const_block_pats( + unique int id: @const_block_pat +); + +#keyset[id] +const_block_pat_block_exprs( + int id: @const_block_pat ref, + int block_expr: @block_expr ref +); + +#keyset[id] +const_block_pat_is_const( + int id: @const_block_pat ref +); + +const_params( + unique int id: @const_param +); + +#keyset[id, index] +const_param_attrs( + int id: @const_param ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +const_param_default_vals( + int id: @const_param ref, + int default_val: @const_arg ref +); + +#keyset[id] +const_param_is_const( + int id: @const_param ref +); + +#keyset[id] +const_param_names( + int id: @const_param ref, + int name: @name ref +); + +#keyset[id] +const_param_type_reprs( + int id: @const_param ref, + int type_repr: @type_repr ref +); + +continue_exprs( + unique int id: @continue_expr +); + +#keyset[id, index] +continue_expr_attrs( + int id: @continue_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +continue_expr_lifetimes( + int id: @continue_expr ref, + int lifetime: @lifetime ref +); + +dyn_trait_type_reprs( + unique int id: @dyn_trait_type_repr +); + +#keyset[id] +dyn_trait_type_repr_type_bound_lists( + int id: @dyn_trait_type_repr ref, + int type_bound_list: @type_bound_list ref +); + +expr_stmts( + unique int id: @expr_stmt +); + +#keyset[id] +expr_stmt_exprs( + int id: @expr_stmt ref, + int expr: @expr ref +); + +field_exprs( + unique int id: @field_expr +); + +#keyset[id, index] +field_expr_attrs( + int id: @field_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +field_expr_containers( + int id: @field_expr ref, + int container: @expr ref +); + +#keyset[id] +field_expr_identifiers( + int id: @field_expr ref, + int identifier: @name_ref ref +); + +fn_ptr_type_reprs( + unique int id: @fn_ptr_type_repr +); + +#keyset[id] +fn_ptr_type_repr_abis( + int id: @fn_ptr_type_repr ref, + int abi: @abi ref +); + +#keyset[id] +fn_ptr_type_repr_is_async( + int id: @fn_ptr_type_repr ref +); + +#keyset[id] +fn_ptr_type_repr_is_const( + int id: @fn_ptr_type_repr ref +); + +#keyset[id] +fn_ptr_type_repr_is_unsafe( + int id: @fn_ptr_type_repr ref +); + +#keyset[id] +fn_ptr_type_repr_param_lists( + int id: @fn_ptr_type_repr ref, + int param_list: @param_list ref +); + +#keyset[id] +fn_ptr_type_repr_ret_types( + int id: @fn_ptr_type_repr ref, + int ret_type: @ret_type_repr ref +); + +for_type_reprs( + unique int id: @for_type_repr +); + +#keyset[id] +for_type_repr_generic_param_lists( + int id: @for_type_repr ref, + int generic_param_list: @generic_param_list ref +); + +#keyset[id] +for_type_repr_type_reprs( + int id: @for_type_repr ref, + int type_repr: @type_repr ref +); + +format_args_exprs( + unique int id: @format_args_expr +); + +#keyset[id, index] +format_args_expr_args( + int id: @format_args_expr ref, + int index: int ref, + int arg: @format_args_arg ref +); + +#keyset[id, index] +format_args_expr_attrs( + int id: @format_args_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +format_args_expr_templates( + int id: @format_args_expr ref, + int template: @expr ref +); + +ident_pats( + unique int id: @ident_pat +); + +#keyset[id, index] +ident_pat_attrs( + int id: @ident_pat ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +ident_pat_is_mut( + int id: @ident_pat ref +); + +#keyset[id] +ident_pat_is_ref( + int id: @ident_pat ref +); + +#keyset[id] +ident_pat_names( + int id: @ident_pat ref, + int name: @name ref +); + +#keyset[id] +ident_pat_pats( + int id: @ident_pat ref, + int pat: @pat ref +); + +if_exprs( + unique int id: @if_expr +); + +#keyset[id, index] +if_expr_attrs( + int id: @if_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +if_expr_conditions( + int id: @if_expr ref, + int condition: @expr ref +); + +#keyset[id] +if_expr_elses( + int id: @if_expr ref, + int else: @expr ref +); + +#keyset[id] +if_expr_thens( + int id: @if_expr ref, + int then: @block_expr ref +); + +impl_trait_type_reprs( + unique int id: @impl_trait_type_repr +); + +#keyset[id] +impl_trait_type_repr_type_bound_lists( + int id: @impl_trait_type_repr ref, + int type_bound_list: @type_bound_list ref +); + +index_exprs( + unique int id: @index_expr +); + +#keyset[id, index] +index_expr_attrs( + int id: @index_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +index_expr_bases( + int id: @index_expr ref, + int base: @expr ref +); + +#keyset[id] +index_expr_indices( + int id: @index_expr ref, + int index: @expr ref +); + +infer_type_reprs( + unique int id: @infer_type_repr +); + +@item = + @const +| @enum +| @extern_block +| @extern_crate +| @function +| @impl +| @macro_call +| @macro_def +| @macro_rules +| @module +| @static +| @struct +| @trait +| @trait_alias +| @type_alias +| @union +| @use +; + +@labelable_expr = + @block_expr +| @looping_expr +; + +#keyset[id] +labelable_expr_labels( + int id: @labelable_expr ref, + int label: @label ref +); + +let_exprs( + unique int id: @let_expr +); + +#keyset[id, index] +let_expr_attrs( + int id: @let_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +let_expr_scrutinees( + int id: @let_expr ref, + int scrutinee: @expr ref +); + +#keyset[id] +let_expr_pats( + int id: @let_expr ref, + int pat: @pat ref +); + +let_stmts( + unique int id: @let_stmt +); + +#keyset[id, index] +let_stmt_attrs( + int id: @let_stmt ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +let_stmt_initializers( + int id: @let_stmt ref, + int initializer: @expr ref +); + +#keyset[id] +let_stmt_let_elses( + int id: @let_stmt ref, + int let_else: @let_else ref +); + +#keyset[id] +let_stmt_pats( + int id: @let_stmt ref, + int pat: @pat ref +); + +#keyset[id] +let_stmt_type_reprs( + int id: @let_stmt ref, + int type_repr: @type_repr ref +); + +lifetimes( + unique int id: @lifetime +); + +#keyset[id] +lifetime_texts( + int id: @lifetime ref, + string text: string ref +); + +lifetime_args( + unique int id: @lifetime_arg +); + +#keyset[id] +lifetime_arg_lifetimes( + int id: @lifetime_arg ref, + int lifetime: @lifetime ref +); + +lifetime_params( + unique int id: @lifetime_param +); + +#keyset[id, index] +lifetime_param_attrs( + int id: @lifetime_param ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +lifetime_param_lifetimes( + int id: @lifetime_param ref, + int lifetime: @lifetime ref +); + +#keyset[id] +lifetime_param_type_bound_lists( + int id: @lifetime_param ref, + int type_bound_list: @type_bound_list ref +); + +literal_exprs( + unique int id: @literal_expr +); + +#keyset[id, index] +literal_expr_attrs( + int id: @literal_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +literal_expr_text_values( + int id: @literal_expr ref, + string text_value: string ref +); + +literal_pats( + unique int id: @literal_pat +); + +#keyset[id] +literal_pat_literals( + int id: @literal_pat ref, + int literal: @literal_expr ref +); + +macro_exprs( + unique int id: @macro_expr +); + +#keyset[id] +macro_expr_macro_calls( + int id: @macro_expr ref, + int macro_call: @macro_call ref +); + +macro_pats( + unique int id: @macro_pat +); + +#keyset[id] +macro_pat_macro_calls( + int id: @macro_pat ref, + int macro_call: @macro_call ref +); + +macro_type_reprs( + unique int id: @macro_type_repr +); + +#keyset[id] +macro_type_repr_macro_calls( + int id: @macro_type_repr ref, + int macro_call: @macro_call ref +); + +match_exprs( + unique int id: @match_expr +); + +#keyset[id, index] +match_expr_attrs( + int id: @match_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +match_expr_scrutinees( + int id: @match_expr ref, + int scrutinee: @expr ref +); + +#keyset[id] +match_expr_match_arm_lists( + int id: @match_expr ref, + int match_arm_list: @match_arm_list ref +); + +name_refs( + unique int id: @name_ref +); + +#keyset[id] +name_ref_texts( + int id: @name_ref ref, + string text: string ref +); + +never_type_reprs( + unique int id: @never_type_repr +); + +offset_of_exprs( + unique int id: @offset_of_expr +); + +#keyset[id, index] +offset_of_expr_attrs( + int id: @offset_of_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id, index] +offset_of_expr_fields( + int id: @offset_of_expr ref, + int index: int ref, + int field: @name_ref ref +); + +#keyset[id] +offset_of_expr_type_reprs( + int id: @offset_of_expr ref, + int type_repr: @type_repr ref +); + +or_pats( + unique int id: @or_pat +); + +#keyset[id, index] +or_pat_pats( + int id: @or_pat ref, + int index: int ref, + int pat: @pat ref +); + +params( + unique int id: @param +); + +#keyset[id] +param_pats( + int id: @param ref, + int pat: @pat ref +); + +paren_exprs( + unique int id: @paren_expr +); + +#keyset[id, index] +paren_expr_attrs( + int id: @paren_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +paren_expr_exprs( + int id: @paren_expr ref, + int expr: @expr ref +); + +paren_pats( + unique int id: @paren_pat +); + +#keyset[id] +paren_pat_pats( + int id: @paren_pat ref, + int pat: @pat ref +); + +paren_type_reprs( + unique int id: @paren_type_repr +); + +#keyset[id] +paren_type_repr_type_reprs( + int id: @paren_type_repr ref, + int type_repr: @type_repr ref +); + +@path_ast_node = + @path_expr +| @path_pat +| @struct_expr +| @struct_pat +| @tuple_struct_pat +; + +#keyset[id] +path_ast_node_paths( + int id: @path_ast_node ref, + int path: @path ref +); + +@path_expr_base = + @path_expr +; + +path_type_reprs( + unique int id: @path_type_repr +); + +#keyset[id] +path_type_repr_paths( + int id: @path_type_repr ref, + int path: @path ref +); + +prefix_exprs( + unique int id: @prefix_expr +); + +#keyset[id, index] +prefix_expr_attrs( + int id: @prefix_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +prefix_expr_exprs( + int id: @prefix_expr ref, + int expr: @expr ref +); + +#keyset[id] +prefix_expr_operator_names( + int id: @prefix_expr ref, + string operator_name: string ref +); + +ptr_type_reprs( + unique int id: @ptr_type_repr +); + +#keyset[id] +ptr_type_repr_is_const( + int id: @ptr_type_repr ref +); + +#keyset[id] +ptr_type_repr_is_mut( + int id: @ptr_type_repr ref +); + +#keyset[id] +ptr_type_repr_type_reprs( + int id: @ptr_type_repr ref, + int type_repr: @type_repr ref +); + +range_exprs( + unique int id: @range_expr +); + +#keyset[id, index] +range_expr_attrs( + int id: @range_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +range_expr_ends( + int id: @range_expr ref, + int end: @expr ref +); + +#keyset[id] +range_expr_operator_names( + int id: @range_expr ref, + string operator_name: string ref +); + +#keyset[id] +range_expr_starts( + int id: @range_expr ref, + int start: @expr ref +); + +range_pats( + unique int id: @range_pat +); + +#keyset[id] +range_pat_ends( + int id: @range_pat ref, + int end: @pat ref +); + +#keyset[id] +range_pat_operator_names( + int id: @range_pat ref, + string operator_name: string ref +); + +#keyset[id] +range_pat_starts( + int id: @range_pat ref, + int start: @pat ref +); + +ref_exprs( + unique int id: @ref_expr +); + +#keyset[id, index] +ref_expr_attrs( + int id: @ref_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +ref_expr_exprs( + int id: @ref_expr ref, + int expr: @expr ref +); + +#keyset[id] +ref_expr_is_const( + int id: @ref_expr ref +); + +#keyset[id] +ref_expr_is_mut( + int id: @ref_expr ref +); + +#keyset[id] +ref_expr_is_raw( + int id: @ref_expr ref +); + +ref_pats( + unique int id: @ref_pat +); + +#keyset[id] +ref_pat_is_mut( + int id: @ref_pat ref +); + +#keyset[id] +ref_pat_pats( + int id: @ref_pat ref, + int pat: @pat ref +); + +ref_type_reprs( + unique int id: @ref_type_repr +); + +#keyset[id] +ref_type_repr_is_mut( + int id: @ref_type_repr ref +); + +#keyset[id] +ref_type_repr_lifetimes( + int id: @ref_type_repr ref, + int lifetime: @lifetime ref +); + +#keyset[id] +ref_type_repr_type_reprs( + int id: @ref_type_repr ref, + int type_repr: @type_repr ref +); + +rest_pats( + unique int id: @rest_pat +); + +#keyset[id, index] +rest_pat_attrs( + int id: @rest_pat ref, + int index: int ref, + int attr: @attr ref +); + +return_exprs( + unique int id: @return_expr +); + +#keyset[id, index] +return_expr_attrs( + int id: @return_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +return_expr_exprs( + int id: @return_expr ref, + int expr: @expr ref +); + +self_params( + unique int id: @self_param +); + +#keyset[id] +self_param_is_ref( + int id: @self_param ref +); + +#keyset[id] +self_param_is_mut( + int id: @self_param ref +); + +#keyset[id] +self_param_lifetimes( + int id: @self_param ref, + int lifetime: @lifetime ref +); + +#keyset[id] +self_param_names( + int id: @self_param ref, + int name: @name ref +); + +slice_pats( + unique int id: @slice_pat +); + +#keyset[id, index] +slice_pat_pats( + int id: @slice_pat ref, + int index: int ref, + int pat: @pat ref +); + +slice_type_reprs( + unique int id: @slice_type_repr +); + +#keyset[id] +slice_type_repr_type_reprs( + int id: @slice_type_repr ref, + int type_repr: @type_repr ref +); + +struct_field_lists( + unique int id: @struct_field_list +); + +#keyset[id, index] +struct_field_list_fields( + int id: @struct_field_list ref, + int index: int ref, + int field: @struct_field ref +); + +try_exprs( + unique int id: @try_expr +); + +#keyset[id, index] +try_expr_attrs( + int id: @try_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +try_expr_exprs( + int id: @try_expr ref, + int expr: @expr ref +); + +tuple_exprs( + unique int id: @tuple_expr +); + +#keyset[id, index] +tuple_expr_attrs( + int id: @tuple_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id, index] +tuple_expr_fields( + int id: @tuple_expr ref, + int index: int ref, + int field: @expr ref +); + +tuple_field_lists( + unique int id: @tuple_field_list +); + +#keyset[id, index] +tuple_field_list_fields( + int id: @tuple_field_list ref, + int index: int ref, + int field: @tuple_field ref +); + +tuple_pats( + unique int id: @tuple_pat +); + +#keyset[id, index] +tuple_pat_fields( + int id: @tuple_pat ref, + int index: int ref, + int field: @pat ref +); + +tuple_type_reprs( + unique int id: @tuple_type_repr +); + +#keyset[id, index] +tuple_type_repr_fields( + int id: @tuple_type_repr ref, + int index: int ref, + int field: @type_repr ref +); + +type_args( + unique int id: @type_arg +); + +#keyset[id] +type_arg_type_reprs( + int id: @type_arg ref, + int type_repr: @type_repr ref +); + +type_params( + unique int id: @type_param +); + +#keyset[id, index] +type_param_attrs( + int id: @type_param ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +type_param_default_types( + int id: @type_param ref, + int default_type: @type_repr ref +); + +#keyset[id] +type_param_names( + int id: @type_param ref, + int name: @name ref +); + +#keyset[id] +type_param_type_bound_lists( + int id: @type_param ref, + int type_bound_list: @type_bound_list ref +); + +underscore_exprs( + unique int id: @underscore_expr +); + +#keyset[id, index] +underscore_expr_attrs( + int id: @underscore_expr ref, + int index: int ref, + int attr: @attr ref +); + +variants( + unique int id: @variant +); + +#keyset[id, index] +variant_attrs( + int id: @variant ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +variant_discriminants( + int id: @variant ref, + int discriminant: @expr ref +); + +#keyset[id] +variant_field_lists( + int id: @variant ref, + int field_list: @field_list ref +); + +#keyset[id] +variant_names( + int id: @variant ref, + int name: @name ref +); + +#keyset[id] +variant_visibilities( + int id: @variant ref, + int visibility: @visibility ref +); + +wildcard_pats( + unique int id: @wildcard_pat +); + +yeet_exprs( + unique int id: @yeet_expr +); + +#keyset[id, index] +yeet_expr_attrs( + int id: @yeet_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +yeet_expr_exprs( + int id: @yeet_expr ref, + int expr: @expr ref +); + +yield_exprs( + unique int id: @yield_expr +); + +#keyset[id, index] +yield_expr_attrs( + int id: @yield_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +yield_expr_exprs( + int id: @yield_expr ref, + int expr: @expr ref +); + +block_exprs( + unique int id: @block_expr +); + +#keyset[id, index] +block_expr_attrs( + int id: @block_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +block_expr_is_async( + int id: @block_expr ref +); + +#keyset[id] +block_expr_is_const( + int id: @block_expr ref +); + +#keyset[id] +block_expr_is_gen( + int id: @block_expr ref +); + +#keyset[id] +block_expr_is_move( + int id: @block_expr ref +); + +#keyset[id] +block_expr_is_try( + int id: @block_expr ref +); + +#keyset[id] +block_expr_is_unsafe( + int id: @block_expr ref +); + +#keyset[id] +block_expr_stmt_lists( + int id: @block_expr ref, + int stmt_list: @stmt_list ref +); + +call_exprs( + unique int id: @call_expr +); + +#keyset[id] +call_expr_functions( + int id: @call_expr ref, + int function: @expr ref +); + +consts( + unique int id: @const +); + +#keyset[id, index] +const_attrs( + int id: @const ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +const_bodies( + int id: @const ref, + int body: @expr ref +); + +#keyset[id] +const_is_const( + int id: @const ref +); + +#keyset[id] +const_is_default( + int id: @const ref +); + +#keyset[id] +const_names( + int id: @const ref, + int name: @name ref +); + +#keyset[id] +const_type_reprs( + int id: @const ref, + int type_repr: @type_repr ref +); + +#keyset[id] +const_visibilities( + int id: @const ref, + int visibility: @visibility ref +); + +enums( + unique int id: @enum +); + +#keyset[id, index] +enum_attrs( + int id: @enum ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +enum_generic_param_lists( + int id: @enum ref, + int generic_param_list: @generic_param_list ref +); + +#keyset[id] +enum_names( + int id: @enum ref, + int name: @name ref +); + +#keyset[id] +enum_variant_lists( + int id: @enum ref, + int variant_list: @variant_list ref +); + +#keyset[id] +enum_visibilities( + int id: @enum ref, + int visibility: @visibility ref +); + +#keyset[id] +enum_where_clauses( + int id: @enum ref, + int where_clause: @where_clause ref +); + +extern_blocks( + unique int id: @extern_block +); + +#keyset[id] +extern_block_abis( + int id: @extern_block ref, + int abi: @abi ref +); + +#keyset[id, index] +extern_block_attrs( + int id: @extern_block ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +extern_block_extern_item_lists( + int id: @extern_block ref, + int extern_item_list: @extern_item_list ref +); + +#keyset[id] +extern_block_is_unsafe( + int id: @extern_block ref +); + +extern_crates( + unique int id: @extern_crate +); + +#keyset[id, index] +extern_crate_attrs( + int id: @extern_crate ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +extern_crate_identifiers( + int id: @extern_crate ref, + int identifier: @name_ref ref +); + +#keyset[id] +extern_crate_renames( + int id: @extern_crate ref, + int rename: @rename ref +); + +#keyset[id] +extern_crate_visibilities( + int id: @extern_crate ref, + int visibility: @visibility ref +); + +functions( + unique int id: @function +); + +#keyset[id] +function_abis( + int id: @function ref, + int abi: @abi ref +); + +#keyset[id] +function_bodies( + int id: @function ref, + int body: @block_expr ref +); + +#keyset[id] +function_generic_param_lists( + int id: @function ref, + int generic_param_list: @generic_param_list ref +); + +#keyset[id] +function_is_async( + int id: @function ref +); + +#keyset[id] +function_is_const( + int id: @function ref +); + +#keyset[id] +function_is_default( + int id: @function ref +); + +#keyset[id] +function_is_gen( + int id: @function ref +); + +#keyset[id] +function_is_unsafe( + int id: @function ref +); + +#keyset[id] +function_names( + int id: @function ref, + int name: @name ref +); + +#keyset[id] +function_ret_types( + int id: @function ref, + int ret_type: @ret_type_repr ref +); + +#keyset[id] +function_visibilities( + int id: @function ref, + int visibility: @visibility ref +); + +#keyset[id] +function_where_clauses( + int id: @function ref, + int where_clause: @where_clause ref +); + +impls( + unique int id: @impl +); + +#keyset[id] +impl_assoc_item_lists( + int id: @impl ref, + int assoc_item_list: @assoc_item_list ref +); + +#keyset[id, index] +impl_attrs( + int id: @impl ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +impl_generic_param_lists( + int id: @impl ref, + int generic_param_list: @generic_param_list ref +); + +#keyset[id] +impl_is_const( + int id: @impl ref +); + +#keyset[id] +impl_is_default( + int id: @impl ref +); + +#keyset[id] +impl_is_unsafe( + int id: @impl ref +); + +#keyset[id] +impl_self_ties( + int id: @impl ref, + int self_ty: @type_repr ref +); + +#keyset[id] +impl_traits( + int id: @impl ref, + int trait: @type_repr ref +); + +#keyset[id] +impl_visibilities( + int id: @impl ref, + int visibility: @visibility ref +); + +#keyset[id] +impl_where_clauses( + int id: @impl ref, + int where_clause: @where_clause ref +); + +@looping_expr = + @for_expr +| @loop_expr +| @while_expr +; + +#keyset[id] +looping_expr_loop_bodies( + int id: @looping_expr ref, + int loop_body: @block_expr ref +); + +macro_calls( + unique int id: @macro_call +); + +#keyset[id, index] +macro_call_attrs( + int id: @macro_call ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +macro_call_paths( + int id: @macro_call ref, + int path: @path ref +); + +#keyset[id] +macro_call_token_trees( + int id: @macro_call ref, + int token_tree: @token_tree ref +); + +#keyset[id] +macro_call_expandeds( + int id: @macro_call ref, + int expanded: @ast_node ref +); + +macro_defs( + unique int id: @macro_def +); + +#keyset[id] +macro_def_args( + int id: @macro_def ref, + int args: @token_tree ref +); + +#keyset[id, index] +macro_def_attrs( + int id: @macro_def ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +macro_def_bodies( + int id: @macro_def ref, + int body: @token_tree ref +); + +#keyset[id] +macro_def_names( + int id: @macro_def ref, + int name: @name ref +); + +#keyset[id] +macro_def_visibilities( + int id: @macro_def ref, + int visibility: @visibility ref +); + +macro_rules( + unique int id: @macro_rules +); + +#keyset[id, index] +macro_rules_attrs( + int id: @macro_rules ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +macro_rules_names( + int id: @macro_rules ref, + int name: @name ref +); + +#keyset[id] +macro_rules_token_trees( + int id: @macro_rules ref, + int token_tree: @token_tree ref +); + +#keyset[id] +macro_rules_visibilities( + int id: @macro_rules ref, + int visibility: @visibility ref +); + +method_call_exprs( + unique int id: @method_call_expr +); + +#keyset[id] +method_call_expr_generic_arg_lists( + int id: @method_call_expr ref, + int generic_arg_list: @generic_arg_list ref +); + +#keyset[id] +method_call_expr_identifiers( + int id: @method_call_expr ref, + int identifier: @name_ref ref +); + +#keyset[id] +method_call_expr_receivers( + int id: @method_call_expr ref, + int receiver: @expr ref +); + +modules( + unique int id: @module +); + +#keyset[id, index] +module_attrs( + int id: @module ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +module_item_lists( + int id: @module ref, + int item_list: @item_list ref +); + +#keyset[id] +module_names( + int id: @module ref, + int name: @name ref +); + +#keyset[id] +module_visibilities( + int id: @module ref, + int visibility: @visibility ref +); + +path_exprs( + unique int id: @path_expr +); + +#keyset[id, index] +path_expr_attrs( + int id: @path_expr ref, + int index: int ref, + int attr: @attr ref +); + +path_pats( + unique int id: @path_pat +); + +statics( + unique int id: @static +); + +#keyset[id, index] +static_attrs( + int id: @static ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +static_bodies( + int id: @static ref, + int body: @expr ref +); + +#keyset[id] +static_is_mut( + int id: @static ref +); + +#keyset[id] +static_is_static( + int id: @static ref +); + +#keyset[id] +static_is_unsafe( + int id: @static ref +); + +#keyset[id] +static_names( + int id: @static ref, + int name: @name ref +); + +#keyset[id] +static_type_reprs( + int id: @static ref, + int type_repr: @type_repr ref +); + +#keyset[id] +static_visibilities( + int id: @static ref, + int visibility: @visibility ref +); + +structs( + unique int id: @struct +); + +#keyset[id, index] +struct_attrs( + int id: @struct ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +struct_field_lists_( + int id: @struct ref, + int field_list: @field_list ref +); + +#keyset[id] +struct_generic_param_lists( + int id: @struct ref, + int generic_param_list: @generic_param_list ref +); + +#keyset[id] +struct_names( + int id: @struct ref, + int name: @name ref +); + +#keyset[id] +struct_visibilities( + int id: @struct ref, + int visibility: @visibility ref +); + +#keyset[id] +struct_where_clauses( + int id: @struct ref, + int where_clause: @where_clause ref +); + +struct_exprs( + unique int id: @struct_expr +); + +#keyset[id] +struct_expr_struct_expr_field_lists( + int id: @struct_expr ref, + int struct_expr_field_list: @struct_expr_field_list ref +); + +struct_pats( + unique int id: @struct_pat +); + +#keyset[id] +struct_pat_struct_pat_field_lists( + int id: @struct_pat ref, + int struct_pat_field_list: @struct_pat_field_list ref +); + +traits( + unique int id: @trait +); + +#keyset[id] +trait_assoc_item_lists( + int id: @trait ref, + int assoc_item_list: @assoc_item_list ref +); + +#keyset[id, index] +trait_attrs( + int id: @trait ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +trait_generic_param_lists( + int id: @trait ref, + int generic_param_list: @generic_param_list ref +); + +#keyset[id] +trait_is_auto( + int id: @trait ref +); + +#keyset[id] +trait_is_unsafe( + int id: @trait ref +); + +#keyset[id] +trait_names( + int id: @trait ref, + int name: @name ref +); + +#keyset[id] +trait_type_bound_lists( + int id: @trait ref, + int type_bound_list: @type_bound_list ref +); + +#keyset[id] +trait_visibilities( + int id: @trait ref, + int visibility: @visibility ref +); + +#keyset[id] +trait_where_clauses( + int id: @trait ref, + int where_clause: @where_clause ref +); + +trait_aliases( + unique int id: @trait_alias +); + +#keyset[id, index] +trait_alias_attrs( + int id: @trait_alias ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +trait_alias_generic_param_lists( + int id: @trait_alias ref, + int generic_param_list: @generic_param_list ref +); + +#keyset[id] +trait_alias_names( + int id: @trait_alias ref, + int name: @name ref +); + +#keyset[id] +trait_alias_type_bound_lists( + int id: @trait_alias ref, + int type_bound_list: @type_bound_list ref +); + +#keyset[id] +trait_alias_visibilities( + int id: @trait_alias ref, + int visibility: @visibility ref +); + +#keyset[id] +trait_alias_where_clauses( + int id: @trait_alias ref, + int where_clause: @where_clause ref +); + +tuple_struct_pats( + unique int id: @tuple_struct_pat +); + +#keyset[id, index] +tuple_struct_pat_fields( + int id: @tuple_struct_pat ref, + int index: int ref, + int field: @pat ref +); + +type_aliases( + unique int id: @type_alias +); + +#keyset[id, index] +type_alias_attrs( + int id: @type_alias ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +type_alias_generic_param_lists( + int id: @type_alias ref, + int generic_param_list: @generic_param_list ref +); + +#keyset[id] +type_alias_is_default( + int id: @type_alias ref +); + +#keyset[id] +type_alias_names( + int id: @type_alias ref, + int name: @name ref +); + +#keyset[id] +type_alias_type_reprs( + int id: @type_alias ref, + int type_repr: @type_repr ref +); + +#keyset[id] +type_alias_type_bound_lists( + int id: @type_alias ref, + int type_bound_list: @type_bound_list ref +); + +#keyset[id] +type_alias_visibilities( + int id: @type_alias ref, + int visibility: @visibility ref +); + +#keyset[id] +type_alias_where_clauses( + int id: @type_alias ref, + int where_clause: @where_clause ref +); + +unions( + unique int id: @union +); + +#keyset[id, index] +union_attrs( + int id: @union ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +union_generic_param_lists( + int id: @union ref, + int generic_param_list: @generic_param_list ref +); + +#keyset[id] +union_names( + int id: @union ref, + int name: @name ref +); + +#keyset[id] +union_struct_field_lists( + int id: @union ref, + int struct_field_list: @struct_field_list ref +); + +#keyset[id] +union_visibilities( + int id: @union ref, + int visibility: @visibility ref +); + +#keyset[id] +union_where_clauses( + int id: @union ref, + int where_clause: @where_clause ref +); + +uses( + unique int id: @use +); + +#keyset[id, index] +use_attrs( + int id: @use ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +use_use_trees( + int id: @use ref, + int use_tree: @use_tree ref +); + +#keyset[id] +use_visibilities( + int id: @use ref, + int visibility: @visibility ref +); + +for_exprs( + unique int id: @for_expr +); + +#keyset[id, index] +for_expr_attrs( + int id: @for_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +for_expr_iterables( + int id: @for_expr ref, + int iterable: @expr ref +); + +#keyset[id] +for_expr_pats( + int id: @for_expr ref, + int pat: @pat ref +); + +loop_exprs( + unique int id: @loop_expr +); + +#keyset[id, index] +loop_expr_attrs( + int id: @loop_expr ref, + int index: int ref, + int attr: @attr ref +); + +while_exprs( + unique int id: @while_expr +); + +#keyset[id, index] +while_expr_attrs( + int id: @while_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +while_expr_conditions( + int id: @while_expr ref, + int condition: @expr ref +); diff --git a/rust/downgrades/qlpack.yml b/rust/downgrades/qlpack.yml new file mode 100644 index 00000000000..5bfaa9be4e5 --- /dev/null +++ b/rust/downgrades/qlpack.yml @@ -0,0 +1,5 @@ +name: codeql/rust-downgrades +groups: rust +downgrades: . +library: true +warnOnImplicitThis: true diff --git a/rust/ql/lib/upgrades/initial/rust.dbscheme b/rust/ql/lib/upgrades/initial/rust.dbscheme new file mode 100644 index 00000000000..256e80c2dce --- /dev/null +++ b/rust/ql/lib/upgrades/initial/rust.dbscheme @@ -0,0 +1,3601 @@ +// generated by codegen, do not edit + +// from ../shared/tree-sitter-extractor/src/generator/prefix.dbscheme +/*- Files and folders -*/ + +/** + * The location of an element. + * The location spans column `startcolumn` of line `startline` to + * column `endcolumn` of line `endline` in file `file`. + * For more information, see + * [Locations](https://codeql.github.com/docs/writing-codeql-queries/providing-locations-in-codeql-queries/). + */ +locations_default( + unique int id: @location_default, + int file: @file ref, + int beginLine: int ref, + int beginColumn: int ref, + int endLine: int ref, + int endColumn: int ref +); + +files( + unique int id: @file, + string name: string ref +); + +folders( + unique int id: @folder, + string name: string ref +); + +@container = @file | @folder + +containerparent( + int parent: @container ref, + unique int child: @container ref +); + +/*- Empty location -*/ + +empty_location( + int location: @location_default ref +); + +/*- Source location prefix -*/ + +/** + * The source location of the snapshot. + */ +sourceLocationPrefix(string prefix : string ref); + +/*- Diagnostic messages -*/ + +diagnostics( + unique int id: @diagnostic, + int severity: int ref, + string error_tag: string ref, + string error_message: string ref, + string full_error_message: string ref, + int location: @location_default ref +); + +/*- Diagnostic messages: severity -*/ + +case @diagnostic.severity of + 10 = @diagnostic_debug +| 20 = @diagnostic_info +| 30 = @diagnostic_warning +| 40 = @diagnostic_error +; + +/*- YAML -*/ + +#keyset[parent, idx] +yaml (unique int id: @yaml_node, + int kind: int ref, + int parent: @yaml_node_parent ref, + int idx: int ref, + string tag: string ref, + string tostring: string ref); + +case @yaml_node.kind of + 0 = @yaml_scalar_node +| 1 = @yaml_mapping_node +| 2 = @yaml_sequence_node +| 3 = @yaml_alias_node +; + +@yaml_collection_node = @yaml_mapping_node | @yaml_sequence_node; + +@yaml_node_parent = @yaml_collection_node | @file; + +yaml_anchors (unique int node: @yaml_node ref, + string anchor: string ref); + +yaml_aliases (unique int alias: @yaml_alias_node ref, + string target: string ref); + +yaml_scalars (unique int scalar: @yaml_scalar_node ref, + int style: int ref, + string value: string ref); + +yaml_errors (unique int id: @yaml_error, + string message: string ref); + +yaml_locations(unique int locatable: @yaml_locatable ref, + int location: @location_default ref); + +@yaml_locatable = @yaml_node | @yaml_error; + + +// from prefix.dbscheme +#keyset[id] +locatable_locations( + int id: @locatable ref, + int location: @location_default ref +); + + +// from schema + +@element = + @extractor_step +| @locatable +| @named_crate +| @unextracted +; + +extractor_steps( + unique int id: @extractor_step, + string action: string ref, + int duration_ms: int ref +); + +#keyset[id] +extractor_step_files( + int id: @extractor_step ref, + int file: @file ref +); + +@locatable = + @ast_node +| @crate +; + +named_crates( + unique int id: @named_crate, + string name: string ref, + int crate: @crate ref +); + +@unextracted = + @missing +| @unimplemented +; + +@ast_node = + @abi +| @addressable +| @arg_list +| @asm_dir_spec +| @asm_operand +| @asm_operand_expr +| @asm_option +| @asm_piece +| @asm_reg_spec +| @assoc_item +| @assoc_item_list +| @attr +| @callable +| @closure_binder +| @expr +| @extern_item +| @extern_item_list +| @field_list +| @format_args_arg +| @generic_arg +| @generic_arg_list +| @generic_param +| @generic_param_list +| @item_list +| @label +| @let_else +| @macro_items +| @macro_stmts +| @match_arm +| @match_arm_list +| @match_guard +| @meta +| @name +| @param_base +| @param_list +| @parenthesized_arg_list +| @pat +| @path +| @path_segment +| @rename +| @resolvable +| @ret_type_repr +| @return_type_syntax +| @source_file +| @stmt +| @stmt_list +| @struct_expr_field +| @struct_expr_field_list +| @struct_field +| @struct_pat_field +| @struct_pat_field_list +| @token +| @token_tree +| @tuple_field +| @type_bound +| @type_bound_list +| @type_repr +| @use_bound_generic_arg +| @use_bound_generic_args +| @use_tree +| @use_tree_list +| @variant_def +| @variant_list +| @visibility +| @where_clause +| @where_pred +; + +crates( + unique int id: @crate +); + +#keyset[id] +crate_names( + int id: @crate ref, + string name: string ref +); + +#keyset[id] +crate_versions( + int id: @crate ref, + string version: string ref +); + +#keyset[id] +crate_modules( + int id: @crate ref, + int module: @module ref +); + +#keyset[id, index] +crate_cfg_options( + int id: @crate ref, + int index: int ref, + string cfg_option: string ref +); + +#keyset[id, index] +crate_named_dependencies( + int id: @crate ref, + int index: int ref, + int named_dependency: @named_crate ref +); + +missings( + unique int id: @missing +); + +unimplementeds( + unique int id: @unimplemented +); + +abis( + unique int id: @abi +); + +#keyset[id] +abi_abi_strings( + int id: @abi ref, + string abi_string: string ref +); + +@addressable = + @item +| @variant +; + +#keyset[id] +addressable_extended_canonical_paths( + int id: @addressable ref, + string extended_canonical_path: string ref +); + +#keyset[id] +addressable_crate_origins( + int id: @addressable ref, + string crate_origin: string ref +); + +arg_lists( + unique int id: @arg_list +); + +#keyset[id, index] +arg_list_args( + int id: @arg_list ref, + int index: int ref, + int arg: @expr ref +); + +asm_dir_specs( + unique int id: @asm_dir_spec +); + +@asm_operand = + @asm_const +| @asm_label +| @asm_reg_operand +| @asm_sym +; + +asm_operand_exprs( + unique int id: @asm_operand_expr +); + +#keyset[id] +asm_operand_expr_in_exprs( + int id: @asm_operand_expr ref, + int in_expr: @expr ref +); + +#keyset[id] +asm_operand_expr_out_exprs( + int id: @asm_operand_expr ref, + int out_expr: @expr ref +); + +asm_options( + unique int id: @asm_option +); + +#keyset[id] +asm_option_is_raw( + int id: @asm_option ref +); + +@asm_piece = + @asm_clobber_abi +| @asm_operand_named +| @asm_options_list +; + +asm_reg_specs( + unique int id: @asm_reg_spec +); + +#keyset[id] +asm_reg_spec_identifiers( + int id: @asm_reg_spec ref, + int identifier: @name_ref ref +); + +@assoc_item = + @const +| @function +| @macro_call +| @type_alias +; + +assoc_item_lists( + unique int id: @assoc_item_list +); + +#keyset[id, index] +assoc_item_list_assoc_items( + int id: @assoc_item_list ref, + int index: int ref, + int assoc_item: @assoc_item ref +); + +#keyset[id, index] +assoc_item_list_attrs( + int id: @assoc_item_list ref, + int index: int ref, + int attr: @attr ref +); + +attrs( + unique int id: @attr +); + +#keyset[id] +attr_meta( + int id: @attr ref, + int meta: @meta ref +); + +@callable = + @closure_expr +| @function +; + +#keyset[id] +callable_param_lists( + int id: @callable ref, + int param_list: @param_list ref +); + +#keyset[id, index] +callable_attrs( + int id: @callable ref, + int index: int ref, + int attr: @attr ref +); + +closure_binders( + unique int id: @closure_binder +); + +#keyset[id] +closure_binder_generic_param_lists( + int id: @closure_binder ref, + int generic_param_list: @generic_param_list ref +); + +@expr = + @array_expr_internal +| @asm_expr +| @await_expr +| @become_expr +| @binary_expr +| @break_expr +| @call_expr_base +| @cast_expr +| @closure_expr +| @continue_expr +| @field_expr +| @format_args_expr +| @if_expr +| @index_expr +| @labelable_expr +| @let_expr +| @literal_expr +| @macro_expr +| @match_expr +| @offset_of_expr +| @paren_expr +| @path_expr_base +| @prefix_expr +| @range_expr +| @ref_expr +| @return_expr +| @struct_expr +| @try_expr +| @tuple_expr +| @underscore_expr +| @yeet_expr +| @yield_expr +; + +@extern_item = + @function +| @macro_call +| @static +| @type_alias +; + +extern_item_lists( + unique int id: @extern_item_list +); + +#keyset[id, index] +extern_item_list_attrs( + int id: @extern_item_list ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id, index] +extern_item_list_extern_items( + int id: @extern_item_list ref, + int index: int ref, + int extern_item: @extern_item ref +); + +@field_list = + @struct_field_list +| @tuple_field_list +; + +format_args_args( + unique int id: @format_args_arg +); + +#keyset[id] +format_args_arg_exprs( + int id: @format_args_arg ref, + int expr: @expr ref +); + +#keyset[id] +format_args_arg_names( + int id: @format_args_arg ref, + int name: @name ref +); + +@generic_arg = + @assoc_type_arg +| @const_arg +| @lifetime_arg +| @type_arg +; + +generic_arg_lists( + unique int id: @generic_arg_list +); + +#keyset[id, index] +generic_arg_list_generic_args( + int id: @generic_arg_list ref, + int index: int ref, + int generic_arg: @generic_arg ref +); + +@generic_param = + @const_param +| @lifetime_param +| @type_param +; + +generic_param_lists( + unique int id: @generic_param_list +); + +#keyset[id, index] +generic_param_list_generic_params( + int id: @generic_param_list ref, + int index: int ref, + int generic_param: @generic_param ref +); + +item_lists( + unique int id: @item_list +); + +#keyset[id, index] +item_list_attrs( + int id: @item_list ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id, index] +item_list_items( + int id: @item_list ref, + int index: int ref, + int item: @item ref +); + +labels( + unique int id: @label +); + +#keyset[id] +label_lifetimes( + int id: @label ref, + int lifetime: @lifetime ref +); + +let_elses( + unique int id: @let_else +); + +#keyset[id] +let_else_block_exprs( + int id: @let_else ref, + int block_expr: @block_expr ref +); + +macro_items( + unique int id: @macro_items +); + +#keyset[id, index] +macro_items_items( + int id: @macro_items ref, + int index: int ref, + int item: @item ref +); + +macro_stmts( + unique int id: @macro_stmts +); + +#keyset[id] +macro_stmts_exprs( + int id: @macro_stmts ref, + int expr: @expr ref +); + +#keyset[id, index] +macro_stmts_statements( + int id: @macro_stmts ref, + int index: int ref, + int statement: @stmt ref +); + +match_arms( + unique int id: @match_arm +); + +#keyset[id, index] +match_arm_attrs( + int id: @match_arm ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +match_arm_exprs( + int id: @match_arm ref, + int expr: @expr ref +); + +#keyset[id] +match_arm_guards( + int id: @match_arm ref, + int guard: @match_guard ref +); + +#keyset[id] +match_arm_pats( + int id: @match_arm ref, + int pat: @pat ref +); + +match_arm_lists( + unique int id: @match_arm_list +); + +#keyset[id, index] +match_arm_list_arms( + int id: @match_arm_list ref, + int index: int ref, + int arm: @match_arm ref +); + +#keyset[id, index] +match_arm_list_attrs( + int id: @match_arm_list ref, + int index: int ref, + int attr: @attr ref +); + +match_guards( + unique int id: @match_guard +); + +#keyset[id] +match_guard_conditions( + int id: @match_guard ref, + int condition: @expr ref +); + +meta( + unique int id: @meta +); + +#keyset[id] +meta_exprs( + int id: @meta ref, + int expr: @expr ref +); + +#keyset[id] +meta_is_unsafe( + int id: @meta ref +); + +#keyset[id] +meta_paths( + int id: @meta ref, + int path: @path ref +); + +#keyset[id] +meta_token_trees( + int id: @meta ref, + int token_tree: @token_tree ref +); + +names( + unique int id: @name +); + +#keyset[id] +name_texts( + int id: @name ref, + string text: string ref +); + +@param_base = + @param +| @self_param +; + +#keyset[id, index] +param_base_attrs( + int id: @param_base ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +param_base_type_reprs( + int id: @param_base ref, + int type_repr: @type_repr ref +); + +param_lists( + unique int id: @param_list +); + +#keyset[id, index] +param_list_params( + int id: @param_list ref, + int index: int ref, + int param: @param ref +); + +#keyset[id] +param_list_self_params( + int id: @param_list ref, + int self_param: @self_param ref +); + +parenthesized_arg_lists( + unique int id: @parenthesized_arg_list +); + +#keyset[id, index] +parenthesized_arg_list_type_args( + int id: @parenthesized_arg_list ref, + int index: int ref, + int type_arg: @type_arg ref +); + +@pat = + @box_pat +| @const_block_pat +| @ident_pat +| @literal_pat +| @macro_pat +| @or_pat +| @paren_pat +| @path_pat +| @range_pat +| @ref_pat +| @rest_pat +| @slice_pat +| @struct_pat +| @tuple_pat +| @tuple_struct_pat +| @wildcard_pat +; + +paths( + unique int id: @path +); + +#keyset[id] +path_qualifiers( + int id: @path ref, + int qualifier: @path ref +); + +#keyset[id] +path_segments_( + int id: @path ref, + int segment: @path_segment ref +); + +path_segments( + unique int id: @path_segment +); + +#keyset[id] +path_segment_generic_arg_lists( + int id: @path_segment ref, + int generic_arg_list: @generic_arg_list ref +); + +#keyset[id] +path_segment_identifiers( + int id: @path_segment ref, + int identifier: @name_ref ref +); + +#keyset[id] +path_segment_parenthesized_arg_lists( + int id: @path_segment ref, + int parenthesized_arg_list: @parenthesized_arg_list ref +); + +#keyset[id] +path_segment_ret_types( + int id: @path_segment ref, + int ret_type: @ret_type_repr ref +); + +#keyset[id] +path_segment_return_type_syntaxes( + int id: @path_segment ref, + int return_type_syntax: @return_type_syntax ref +); + +#keyset[id] +path_segment_type_reprs( + int id: @path_segment ref, + int type_repr: @type_repr ref +); + +#keyset[id] +path_segment_trait_type_reprs( + int id: @path_segment ref, + int trait_type_repr: @path_type_repr ref +); + +renames( + unique int id: @rename +); + +#keyset[id] +rename_names( + int id: @rename ref, + int name: @name ref +); + +@resolvable = + @method_call_expr +| @path_ast_node +; + +#keyset[id] +resolvable_resolved_paths( + int id: @resolvable ref, + string resolved_path: string ref +); + +#keyset[id] +resolvable_resolved_crate_origins( + int id: @resolvable ref, + string resolved_crate_origin: string ref +); + +ret_type_reprs( + unique int id: @ret_type_repr +); + +#keyset[id] +ret_type_repr_type_reprs( + int id: @ret_type_repr ref, + int type_repr: @type_repr ref +); + +return_type_syntaxes( + unique int id: @return_type_syntax +); + +source_files( + unique int id: @source_file +); + +#keyset[id, index] +source_file_attrs( + int id: @source_file ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id, index] +source_file_items( + int id: @source_file ref, + int index: int ref, + int item: @item ref +); + +@stmt = + @expr_stmt +| @item +| @let_stmt +; + +stmt_lists( + unique int id: @stmt_list +); + +#keyset[id, index] +stmt_list_attrs( + int id: @stmt_list ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id, index] +stmt_list_statements( + int id: @stmt_list ref, + int index: int ref, + int statement: @stmt ref +); + +#keyset[id] +stmt_list_tail_exprs( + int id: @stmt_list ref, + int tail_expr: @expr ref +); + +struct_expr_fields( + unique int id: @struct_expr_field +); + +#keyset[id, index] +struct_expr_field_attrs( + int id: @struct_expr_field ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +struct_expr_field_exprs( + int id: @struct_expr_field ref, + int expr: @expr ref +); + +#keyset[id] +struct_expr_field_identifiers( + int id: @struct_expr_field ref, + int identifier: @name_ref ref +); + +struct_expr_field_lists( + unique int id: @struct_expr_field_list +); + +#keyset[id, index] +struct_expr_field_list_attrs( + int id: @struct_expr_field_list ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id, index] +struct_expr_field_list_fields( + int id: @struct_expr_field_list ref, + int index: int ref, + int field: @struct_expr_field ref +); + +#keyset[id] +struct_expr_field_list_spreads( + int id: @struct_expr_field_list ref, + int spread: @expr ref +); + +struct_fields( + unique int id: @struct_field +); + +#keyset[id, index] +struct_field_attrs( + int id: @struct_field ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +struct_field_defaults( + int id: @struct_field ref, + int default: @expr ref +); + +#keyset[id] +struct_field_names( + int id: @struct_field ref, + int name: @name ref +); + +#keyset[id] +struct_field_type_reprs( + int id: @struct_field ref, + int type_repr: @type_repr ref +); + +#keyset[id] +struct_field_visibilities( + int id: @struct_field ref, + int visibility: @visibility ref +); + +struct_pat_fields( + unique int id: @struct_pat_field +); + +#keyset[id, index] +struct_pat_field_attrs( + int id: @struct_pat_field ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +struct_pat_field_identifiers( + int id: @struct_pat_field ref, + int identifier: @name_ref ref +); + +#keyset[id] +struct_pat_field_pats( + int id: @struct_pat_field ref, + int pat: @pat ref +); + +struct_pat_field_lists( + unique int id: @struct_pat_field_list +); + +#keyset[id, index] +struct_pat_field_list_fields( + int id: @struct_pat_field_list ref, + int index: int ref, + int field: @struct_pat_field ref +); + +#keyset[id] +struct_pat_field_list_rest_pats( + int id: @struct_pat_field_list ref, + int rest_pat: @rest_pat ref +); + +@token = + @comment +; + +token_trees( + unique int id: @token_tree +); + +tuple_fields( + unique int id: @tuple_field +); + +#keyset[id, index] +tuple_field_attrs( + int id: @tuple_field ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +tuple_field_type_reprs( + int id: @tuple_field ref, + int type_repr: @type_repr ref +); + +#keyset[id] +tuple_field_visibilities( + int id: @tuple_field ref, + int visibility: @visibility ref +); + +type_bounds( + unique int id: @type_bound +); + +#keyset[id] +type_bound_is_async( + int id: @type_bound ref +); + +#keyset[id] +type_bound_is_const( + int id: @type_bound ref +); + +#keyset[id] +type_bound_lifetimes( + int id: @type_bound ref, + int lifetime: @lifetime ref +); + +#keyset[id] +type_bound_type_reprs( + int id: @type_bound ref, + int type_repr: @type_repr ref +); + +#keyset[id] +type_bound_use_bound_generic_args( + int id: @type_bound ref, + int use_bound_generic_args: @use_bound_generic_args ref +); + +type_bound_lists( + unique int id: @type_bound_list +); + +#keyset[id, index] +type_bound_list_bounds( + int id: @type_bound_list ref, + int index: int ref, + int bound: @type_bound ref +); + +@type_repr = + @array_type_repr +| @dyn_trait_type_repr +| @fn_ptr_type_repr +| @for_type_repr +| @impl_trait_type_repr +| @infer_type_repr +| @macro_type_repr +| @never_type_repr +| @paren_type_repr +| @path_type_repr +| @ptr_type_repr +| @ref_type_repr +| @slice_type_repr +| @tuple_type_repr +; + +@use_bound_generic_arg = + @lifetime +| @name_ref +; + +use_bound_generic_args( + unique int id: @use_bound_generic_args +); + +#keyset[id, index] +use_bound_generic_args_use_bound_generic_args( + int id: @use_bound_generic_args ref, + int index: int ref, + int use_bound_generic_arg: @use_bound_generic_arg ref +); + +use_trees( + unique int id: @use_tree +); + +#keyset[id] +use_tree_is_glob( + int id: @use_tree ref +); + +#keyset[id] +use_tree_paths( + int id: @use_tree ref, + int path: @path ref +); + +#keyset[id] +use_tree_renames( + int id: @use_tree ref, + int rename: @rename ref +); + +#keyset[id] +use_tree_use_tree_lists( + int id: @use_tree ref, + int use_tree_list: @use_tree_list ref +); + +use_tree_lists( + unique int id: @use_tree_list +); + +#keyset[id, index] +use_tree_list_use_trees( + int id: @use_tree_list ref, + int index: int ref, + int use_tree: @use_tree ref +); + +@variant_def = + @struct +| @union +| @variant +; + +variant_lists( + unique int id: @variant_list +); + +#keyset[id, index] +variant_list_variants( + int id: @variant_list ref, + int index: int ref, + int variant: @variant ref +); + +visibilities( + unique int id: @visibility +); + +#keyset[id] +visibility_paths( + int id: @visibility ref, + int path: @path ref +); + +where_clauses( + unique int id: @where_clause +); + +#keyset[id, index] +where_clause_predicates( + int id: @where_clause ref, + int index: int ref, + int predicate: @where_pred ref +); + +where_preds( + unique int id: @where_pred +); + +#keyset[id] +where_pred_generic_param_lists( + int id: @where_pred ref, + int generic_param_list: @generic_param_list ref +); + +#keyset[id] +where_pred_lifetimes( + int id: @where_pred ref, + int lifetime: @lifetime ref +); + +#keyset[id] +where_pred_type_reprs( + int id: @where_pred ref, + int type_repr: @type_repr ref +); + +#keyset[id] +where_pred_type_bound_lists( + int id: @where_pred ref, + int type_bound_list: @type_bound_list ref +); + +array_expr_internals( + unique int id: @array_expr_internal +); + +#keyset[id, index] +array_expr_internal_attrs( + int id: @array_expr_internal ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id, index] +array_expr_internal_exprs( + int id: @array_expr_internal ref, + int index: int ref, + int expr: @expr ref +); + +#keyset[id] +array_expr_internal_is_semicolon( + int id: @array_expr_internal ref +); + +array_type_reprs( + unique int id: @array_type_repr +); + +#keyset[id] +array_type_repr_const_args( + int id: @array_type_repr ref, + int const_arg: @const_arg ref +); + +#keyset[id] +array_type_repr_element_type_reprs( + int id: @array_type_repr ref, + int element_type_repr: @type_repr ref +); + +asm_clobber_abis( + unique int id: @asm_clobber_abi +); + +asm_consts( + unique int id: @asm_const +); + +#keyset[id] +asm_const_exprs( + int id: @asm_const ref, + int expr: @expr ref +); + +#keyset[id] +asm_const_is_const( + int id: @asm_const ref +); + +asm_exprs( + unique int id: @asm_expr +); + +#keyset[id, index] +asm_expr_asm_pieces( + int id: @asm_expr ref, + int index: int ref, + int asm_piece: @asm_piece ref +); + +#keyset[id, index] +asm_expr_attrs( + int id: @asm_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id, index] +asm_expr_templates( + int id: @asm_expr ref, + int index: int ref, + int template: @expr ref +); + +asm_labels( + unique int id: @asm_label +); + +#keyset[id] +asm_label_block_exprs( + int id: @asm_label ref, + int block_expr: @block_expr ref +); + +asm_operand_nameds( + unique int id: @asm_operand_named +); + +#keyset[id] +asm_operand_named_asm_operands( + int id: @asm_operand_named ref, + int asm_operand: @asm_operand ref +); + +#keyset[id] +asm_operand_named_names( + int id: @asm_operand_named ref, + int name: @name ref +); + +asm_options_lists( + unique int id: @asm_options_list +); + +#keyset[id, index] +asm_options_list_asm_options( + int id: @asm_options_list ref, + int index: int ref, + int asm_option: @asm_option ref +); + +asm_reg_operands( + unique int id: @asm_reg_operand +); + +#keyset[id] +asm_reg_operand_asm_dir_specs( + int id: @asm_reg_operand ref, + int asm_dir_spec: @asm_dir_spec ref +); + +#keyset[id] +asm_reg_operand_asm_operand_exprs( + int id: @asm_reg_operand ref, + int asm_operand_expr: @asm_operand_expr ref +); + +#keyset[id] +asm_reg_operand_asm_reg_specs( + int id: @asm_reg_operand ref, + int asm_reg_spec: @asm_reg_spec ref +); + +asm_syms( + unique int id: @asm_sym +); + +#keyset[id] +asm_sym_paths( + int id: @asm_sym ref, + int path: @path ref +); + +assoc_type_args( + unique int id: @assoc_type_arg +); + +#keyset[id] +assoc_type_arg_const_args( + int id: @assoc_type_arg ref, + int const_arg: @const_arg ref +); + +#keyset[id] +assoc_type_arg_generic_arg_lists( + int id: @assoc_type_arg ref, + int generic_arg_list: @generic_arg_list ref +); + +#keyset[id] +assoc_type_arg_identifiers( + int id: @assoc_type_arg ref, + int identifier: @name_ref ref +); + +#keyset[id] +assoc_type_arg_param_lists( + int id: @assoc_type_arg ref, + int param_list: @param_list ref +); + +#keyset[id] +assoc_type_arg_ret_types( + int id: @assoc_type_arg ref, + int ret_type: @ret_type_repr ref +); + +#keyset[id] +assoc_type_arg_return_type_syntaxes( + int id: @assoc_type_arg ref, + int return_type_syntax: @return_type_syntax ref +); + +#keyset[id] +assoc_type_arg_type_reprs( + int id: @assoc_type_arg ref, + int type_repr: @type_repr ref +); + +#keyset[id] +assoc_type_arg_type_bound_lists( + int id: @assoc_type_arg ref, + int type_bound_list: @type_bound_list ref +); + +await_exprs( + unique int id: @await_expr +); + +#keyset[id, index] +await_expr_attrs( + int id: @await_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +await_expr_exprs( + int id: @await_expr ref, + int expr: @expr ref +); + +become_exprs( + unique int id: @become_expr +); + +#keyset[id, index] +become_expr_attrs( + int id: @become_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +become_expr_exprs( + int id: @become_expr ref, + int expr: @expr ref +); + +binary_exprs( + unique int id: @binary_expr +); + +#keyset[id, index] +binary_expr_attrs( + int id: @binary_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +binary_expr_lhs( + int id: @binary_expr ref, + int lhs: @expr ref +); + +#keyset[id] +binary_expr_operator_names( + int id: @binary_expr ref, + string operator_name: string ref +); + +#keyset[id] +binary_expr_rhs( + int id: @binary_expr ref, + int rhs: @expr ref +); + +box_pats( + unique int id: @box_pat +); + +#keyset[id] +box_pat_pats( + int id: @box_pat ref, + int pat: @pat ref +); + +break_exprs( + unique int id: @break_expr +); + +#keyset[id, index] +break_expr_attrs( + int id: @break_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +break_expr_exprs( + int id: @break_expr ref, + int expr: @expr ref +); + +#keyset[id] +break_expr_lifetimes( + int id: @break_expr ref, + int lifetime: @lifetime ref +); + +@call_expr_base = + @call_expr +| @method_call_expr +; + +#keyset[id] +call_expr_base_arg_lists( + int id: @call_expr_base ref, + int arg_list: @arg_list ref +); + +#keyset[id, index] +call_expr_base_attrs( + int id: @call_expr_base ref, + int index: int ref, + int attr: @attr ref +); + +cast_exprs( + unique int id: @cast_expr +); + +#keyset[id, index] +cast_expr_attrs( + int id: @cast_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +cast_expr_exprs( + int id: @cast_expr ref, + int expr: @expr ref +); + +#keyset[id] +cast_expr_type_reprs( + int id: @cast_expr ref, + int type_repr: @type_repr ref +); + +closure_exprs( + unique int id: @closure_expr +); + +#keyset[id] +closure_expr_bodies( + int id: @closure_expr ref, + int body: @expr ref +); + +#keyset[id] +closure_expr_closure_binders( + int id: @closure_expr ref, + int closure_binder: @closure_binder ref +); + +#keyset[id] +closure_expr_is_async( + int id: @closure_expr ref +); + +#keyset[id] +closure_expr_is_const( + int id: @closure_expr ref +); + +#keyset[id] +closure_expr_is_gen( + int id: @closure_expr ref +); + +#keyset[id] +closure_expr_is_move( + int id: @closure_expr ref +); + +#keyset[id] +closure_expr_is_static( + int id: @closure_expr ref +); + +#keyset[id] +closure_expr_ret_types( + int id: @closure_expr ref, + int ret_type: @ret_type_repr ref +); + +comments( + unique int id: @comment, + int parent: @ast_node ref, + string text: string ref +); + +const_args( + unique int id: @const_arg +); + +#keyset[id] +const_arg_exprs( + int id: @const_arg ref, + int expr: @expr ref +); + +const_block_pats( + unique int id: @const_block_pat +); + +#keyset[id] +const_block_pat_block_exprs( + int id: @const_block_pat ref, + int block_expr: @block_expr ref +); + +#keyset[id] +const_block_pat_is_const( + int id: @const_block_pat ref +); + +const_params( + unique int id: @const_param +); + +#keyset[id, index] +const_param_attrs( + int id: @const_param ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +const_param_default_vals( + int id: @const_param ref, + int default_val: @const_arg ref +); + +#keyset[id] +const_param_is_const( + int id: @const_param ref +); + +#keyset[id] +const_param_names( + int id: @const_param ref, + int name: @name ref +); + +#keyset[id] +const_param_type_reprs( + int id: @const_param ref, + int type_repr: @type_repr ref +); + +continue_exprs( + unique int id: @continue_expr +); + +#keyset[id, index] +continue_expr_attrs( + int id: @continue_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +continue_expr_lifetimes( + int id: @continue_expr ref, + int lifetime: @lifetime ref +); + +dyn_trait_type_reprs( + unique int id: @dyn_trait_type_repr +); + +#keyset[id] +dyn_trait_type_repr_type_bound_lists( + int id: @dyn_trait_type_repr ref, + int type_bound_list: @type_bound_list ref +); + +expr_stmts( + unique int id: @expr_stmt +); + +#keyset[id] +expr_stmt_exprs( + int id: @expr_stmt ref, + int expr: @expr ref +); + +field_exprs( + unique int id: @field_expr +); + +#keyset[id, index] +field_expr_attrs( + int id: @field_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +field_expr_containers( + int id: @field_expr ref, + int container: @expr ref +); + +#keyset[id] +field_expr_identifiers( + int id: @field_expr ref, + int identifier: @name_ref ref +); + +fn_ptr_type_reprs( + unique int id: @fn_ptr_type_repr +); + +#keyset[id] +fn_ptr_type_repr_abis( + int id: @fn_ptr_type_repr ref, + int abi: @abi ref +); + +#keyset[id] +fn_ptr_type_repr_is_async( + int id: @fn_ptr_type_repr ref +); + +#keyset[id] +fn_ptr_type_repr_is_const( + int id: @fn_ptr_type_repr ref +); + +#keyset[id] +fn_ptr_type_repr_is_unsafe( + int id: @fn_ptr_type_repr ref +); + +#keyset[id] +fn_ptr_type_repr_param_lists( + int id: @fn_ptr_type_repr ref, + int param_list: @param_list ref +); + +#keyset[id] +fn_ptr_type_repr_ret_types( + int id: @fn_ptr_type_repr ref, + int ret_type: @ret_type_repr ref +); + +for_type_reprs( + unique int id: @for_type_repr +); + +#keyset[id] +for_type_repr_generic_param_lists( + int id: @for_type_repr ref, + int generic_param_list: @generic_param_list ref +); + +#keyset[id] +for_type_repr_type_reprs( + int id: @for_type_repr ref, + int type_repr: @type_repr ref +); + +format_args_exprs( + unique int id: @format_args_expr +); + +#keyset[id, index] +format_args_expr_args( + int id: @format_args_expr ref, + int index: int ref, + int arg: @format_args_arg ref +); + +#keyset[id, index] +format_args_expr_attrs( + int id: @format_args_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +format_args_expr_templates( + int id: @format_args_expr ref, + int template: @expr ref +); + +ident_pats( + unique int id: @ident_pat +); + +#keyset[id, index] +ident_pat_attrs( + int id: @ident_pat ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +ident_pat_is_mut( + int id: @ident_pat ref +); + +#keyset[id] +ident_pat_is_ref( + int id: @ident_pat ref +); + +#keyset[id] +ident_pat_names( + int id: @ident_pat ref, + int name: @name ref +); + +#keyset[id] +ident_pat_pats( + int id: @ident_pat ref, + int pat: @pat ref +); + +if_exprs( + unique int id: @if_expr +); + +#keyset[id, index] +if_expr_attrs( + int id: @if_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +if_expr_conditions( + int id: @if_expr ref, + int condition: @expr ref +); + +#keyset[id] +if_expr_elses( + int id: @if_expr ref, + int else: @expr ref +); + +#keyset[id] +if_expr_thens( + int id: @if_expr ref, + int then: @block_expr ref +); + +impl_trait_type_reprs( + unique int id: @impl_trait_type_repr +); + +#keyset[id] +impl_trait_type_repr_type_bound_lists( + int id: @impl_trait_type_repr ref, + int type_bound_list: @type_bound_list ref +); + +index_exprs( + unique int id: @index_expr +); + +#keyset[id, index] +index_expr_attrs( + int id: @index_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +index_expr_bases( + int id: @index_expr ref, + int base: @expr ref +); + +#keyset[id] +index_expr_indices( + int id: @index_expr ref, + int index: @expr ref +); + +infer_type_reprs( + unique int id: @infer_type_repr +); + +@item = + @const +| @enum +| @extern_block +| @extern_crate +| @function +| @impl +| @macro_call +| @macro_def +| @macro_rules +| @module +| @static +| @struct +| @trait +| @trait_alias +| @type_alias +| @union +| @use +; + +@labelable_expr = + @block_expr +| @looping_expr +; + +#keyset[id] +labelable_expr_labels( + int id: @labelable_expr ref, + int label: @label ref +); + +let_exprs( + unique int id: @let_expr +); + +#keyset[id, index] +let_expr_attrs( + int id: @let_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +let_expr_scrutinees( + int id: @let_expr ref, + int scrutinee: @expr ref +); + +#keyset[id] +let_expr_pats( + int id: @let_expr ref, + int pat: @pat ref +); + +let_stmts( + unique int id: @let_stmt +); + +#keyset[id, index] +let_stmt_attrs( + int id: @let_stmt ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +let_stmt_initializers( + int id: @let_stmt ref, + int initializer: @expr ref +); + +#keyset[id] +let_stmt_let_elses( + int id: @let_stmt ref, + int let_else: @let_else ref +); + +#keyset[id] +let_stmt_pats( + int id: @let_stmt ref, + int pat: @pat ref +); + +#keyset[id] +let_stmt_type_reprs( + int id: @let_stmt ref, + int type_repr: @type_repr ref +); + +lifetimes( + unique int id: @lifetime +); + +#keyset[id] +lifetime_texts( + int id: @lifetime ref, + string text: string ref +); + +lifetime_args( + unique int id: @lifetime_arg +); + +#keyset[id] +lifetime_arg_lifetimes( + int id: @lifetime_arg ref, + int lifetime: @lifetime ref +); + +lifetime_params( + unique int id: @lifetime_param +); + +#keyset[id, index] +lifetime_param_attrs( + int id: @lifetime_param ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +lifetime_param_lifetimes( + int id: @lifetime_param ref, + int lifetime: @lifetime ref +); + +#keyset[id] +lifetime_param_type_bound_lists( + int id: @lifetime_param ref, + int type_bound_list: @type_bound_list ref +); + +literal_exprs( + unique int id: @literal_expr +); + +#keyset[id, index] +literal_expr_attrs( + int id: @literal_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +literal_expr_text_values( + int id: @literal_expr ref, + string text_value: string ref +); + +literal_pats( + unique int id: @literal_pat +); + +#keyset[id] +literal_pat_literals( + int id: @literal_pat ref, + int literal: @literal_expr ref +); + +macro_exprs( + unique int id: @macro_expr +); + +#keyset[id] +macro_expr_macro_calls( + int id: @macro_expr ref, + int macro_call: @macro_call ref +); + +macro_pats( + unique int id: @macro_pat +); + +#keyset[id] +macro_pat_macro_calls( + int id: @macro_pat ref, + int macro_call: @macro_call ref +); + +macro_type_reprs( + unique int id: @macro_type_repr +); + +#keyset[id] +macro_type_repr_macro_calls( + int id: @macro_type_repr ref, + int macro_call: @macro_call ref +); + +match_exprs( + unique int id: @match_expr +); + +#keyset[id, index] +match_expr_attrs( + int id: @match_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +match_expr_scrutinees( + int id: @match_expr ref, + int scrutinee: @expr ref +); + +#keyset[id] +match_expr_match_arm_lists( + int id: @match_expr ref, + int match_arm_list: @match_arm_list ref +); + +name_refs( + unique int id: @name_ref +); + +#keyset[id] +name_ref_texts( + int id: @name_ref ref, + string text: string ref +); + +never_type_reprs( + unique int id: @never_type_repr +); + +offset_of_exprs( + unique int id: @offset_of_expr +); + +#keyset[id, index] +offset_of_expr_attrs( + int id: @offset_of_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id, index] +offset_of_expr_fields( + int id: @offset_of_expr ref, + int index: int ref, + int field: @name_ref ref +); + +#keyset[id] +offset_of_expr_type_reprs( + int id: @offset_of_expr ref, + int type_repr: @type_repr ref +); + +or_pats( + unique int id: @or_pat +); + +#keyset[id, index] +or_pat_pats( + int id: @or_pat ref, + int index: int ref, + int pat: @pat ref +); + +params( + unique int id: @param +); + +#keyset[id] +param_pats( + int id: @param ref, + int pat: @pat ref +); + +paren_exprs( + unique int id: @paren_expr +); + +#keyset[id, index] +paren_expr_attrs( + int id: @paren_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +paren_expr_exprs( + int id: @paren_expr ref, + int expr: @expr ref +); + +paren_pats( + unique int id: @paren_pat +); + +#keyset[id] +paren_pat_pats( + int id: @paren_pat ref, + int pat: @pat ref +); + +paren_type_reprs( + unique int id: @paren_type_repr +); + +#keyset[id] +paren_type_repr_type_reprs( + int id: @paren_type_repr ref, + int type_repr: @type_repr ref +); + +@path_ast_node = + @path_expr +| @path_pat +| @struct_expr +| @struct_pat +| @tuple_struct_pat +; + +#keyset[id] +path_ast_node_paths( + int id: @path_ast_node ref, + int path: @path ref +); + +@path_expr_base = + @path_expr +; + +path_type_reprs( + unique int id: @path_type_repr +); + +#keyset[id] +path_type_repr_paths( + int id: @path_type_repr ref, + int path: @path ref +); + +prefix_exprs( + unique int id: @prefix_expr +); + +#keyset[id, index] +prefix_expr_attrs( + int id: @prefix_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +prefix_expr_exprs( + int id: @prefix_expr ref, + int expr: @expr ref +); + +#keyset[id] +prefix_expr_operator_names( + int id: @prefix_expr ref, + string operator_name: string ref +); + +ptr_type_reprs( + unique int id: @ptr_type_repr +); + +#keyset[id] +ptr_type_repr_is_const( + int id: @ptr_type_repr ref +); + +#keyset[id] +ptr_type_repr_is_mut( + int id: @ptr_type_repr ref +); + +#keyset[id] +ptr_type_repr_type_reprs( + int id: @ptr_type_repr ref, + int type_repr: @type_repr ref +); + +range_exprs( + unique int id: @range_expr +); + +#keyset[id, index] +range_expr_attrs( + int id: @range_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +range_expr_ends( + int id: @range_expr ref, + int end: @expr ref +); + +#keyset[id] +range_expr_operator_names( + int id: @range_expr ref, + string operator_name: string ref +); + +#keyset[id] +range_expr_starts( + int id: @range_expr ref, + int start: @expr ref +); + +range_pats( + unique int id: @range_pat +); + +#keyset[id] +range_pat_ends( + int id: @range_pat ref, + int end: @pat ref +); + +#keyset[id] +range_pat_operator_names( + int id: @range_pat ref, + string operator_name: string ref +); + +#keyset[id] +range_pat_starts( + int id: @range_pat ref, + int start: @pat ref +); + +ref_exprs( + unique int id: @ref_expr +); + +#keyset[id, index] +ref_expr_attrs( + int id: @ref_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +ref_expr_exprs( + int id: @ref_expr ref, + int expr: @expr ref +); + +#keyset[id] +ref_expr_is_const( + int id: @ref_expr ref +); + +#keyset[id] +ref_expr_is_mut( + int id: @ref_expr ref +); + +#keyset[id] +ref_expr_is_raw( + int id: @ref_expr ref +); + +ref_pats( + unique int id: @ref_pat +); + +#keyset[id] +ref_pat_is_mut( + int id: @ref_pat ref +); + +#keyset[id] +ref_pat_pats( + int id: @ref_pat ref, + int pat: @pat ref +); + +ref_type_reprs( + unique int id: @ref_type_repr +); + +#keyset[id] +ref_type_repr_is_mut( + int id: @ref_type_repr ref +); + +#keyset[id] +ref_type_repr_lifetimes( + int id: @ref_type_repr ref, + int lifetime: @lifetime ref +); + +#keyset[id] +ref_type_repr_type_reprs( + int id: @ref_type_repr ref, + int type_repr: @type_repr ref +); + +rest_pats( + unique int id: @rest_pat +); + +#keyset[id, index] +rest_pat_attrs( + int id: @rest_pat ref, + int index: int ref, + int attr: @attr ref +); + +return_exprs( + unique int id: @return_expr +); + +#keyset[id, index] +return_expr_attrs( + int id: @return_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +return_expr_exprs( + int id: @return_expr ref, + int expr: @expr ref +); + +self_params( + unique int id: @self_param +); + +#keyset[id] +self_param_is_ref( + int id: @self_param ref +); + +#keyset[id] +self_param_is_mut( + int id: @self_param ref +); + +#keyset[id] +self_param_lifetimes( + int id: @self_param ref, + int lifetime: @lifetime ref +); + +#keyset[id] +self_param_names( + int id: @self_param ref, + int name: @name ref +); + +slice_pats( + unique int id: @slice_pat +); + +#keyset[id, index] +slice_pat_pats( + int id: @slice_pat ref, + int index: int ref, + int pat: @pat ref +); + +slice_type_reprs( + unique int id: @slice_type_repr +); + +#keyset[id] +slice_type_repr_type_reprs( + int id: @slice_type_repr ref, + int type_repr: @type_repr ref +); + +struct_field_lists( + unique int id: @struct_field_list +); + +#keyset[id, index] +struct_field_list_fields( + int id: @struct_field_list ref, + int index: int ref, + int field: @struct_field ref +); + +try_exprs( + unique int id: @try_expr +); + +#keyset[id, index] +try_expr_attrs( + int id: @try_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +try_expr_exprs( + int id: @try_expr ref, + int expr: @expr ref +); + +tuple_exprs( + unique int id: @tuple_expr +); + +#keyset[id, index] +tuple_expr_attrs( + int id: @tuple_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id, index] +tuple_expr_fields( + int id: @tuple_expr ref, + int index: int ref, + int field: @expr ref +); + +tuple_field_lists( + unique int id: @tuple_field_list +); + +#keyset[id, index] +tuple_field_list_fields( + int id: @tuple_field_list ref, + int index: int ref, + int field: @tuple_field ref +); + +tuple_pats( + unique int id: @tuple_pat +); + +#keyset[id, index] +tuple_pat_fields( + int id: @tuple_pat ref, + int index: int ref, + int field: @pat ref +); + +tuple_type_reprs( + unique int id: @tuple_type_repr +); + +#keyset[id, index] +tuple_type_repr_fields( + int id: @tuple_type_repr ref, + int index: int ref, + int field: @type_repr ref +); + +type_args( + unique int id: @type_arg +); + +#keyset[id] +type_arg_type_reprs( + int id: @type_arg ref, + int type_repr: @type_repr ref +); + +type_params( + unique int id: @type_param +); + +#keyset[id, index] +type_param_attrs( + int id: @type_param ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +type_param_default_types( + int id: @type_param ref, + int default_type: @type_repr ref +); + +#keyset[id] +type_param_names( + int id: @type_param ref, + int name: @name ref +); + +#keyset[id] +type_param_type_bound_lists( + int id: @type_param ref, + int type_bound_list: @type_bound_list ref +); + +underscore_exprs( + unique int id: @underscore_expr +); + +#keyset[id, index] +underscore_expr_attrs( + int id: @underscore_expr ref, + int index: int ref, + int attr: @attr ref +); + +variants( + unique int id: @variant +); + +#keyset[id, index] +variant_attrs( + int id: @variant ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +variant_discriminants( + int id: @variant ref, + int discriminant: @expr ref +); + +#keyset[id] +variant_field_lists( + int id: @variant ref, + int field_list: @field_list ref +); + +#keyset[id] +variant_names( + int id: @variant ref, + int name: @name ref +); + +#keyset[id] +variant_visibilities( + int id: @variant ref, + int visibility: @visibility ref +); + +wildcard_pats( + unique int id: @wildcard_pat +); + +yeet_exprs( + unique int id: @yeet_expr +); + +#keyset[id, index] +yeet_expr_attrs( + int id: @yeet_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +yeet_expr_exprs( + int id: @yeet_expr ref, + int expr: @expr ref +); + +yield_exprs( + unique int id: @yield_expr +); + +#keyset[id, index] +yield_expr_attrs( + int id: @yield_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +yield_expr_exprs( + int id: @yield_expr ref, + int expr: @expr ref +); + +block_exprs( + unique int id: @block_expr +); + +#keyset[id, index] +block_expr_attrs( + int id: @block_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +block_expr_is_async( + int id: @block_expr ref +); + +#keyset[id] +block_expr_is_const( + int id: @block_expr ref +); + +#keyset[id] +block_expr_is_gen( + int id: @block_expr ref +); + +#keyset[id] +block_expr_is_move( + int id: @block_expr ref +); + +#keyset[id] +block_expr_is_try( + int id: @block_expr ref +); + +#keyset[id] +block_expr_is_unsafe( + int id: @block_expr ref +); + +#keyset[id] +block_expr_stmt_lists( + int id: @block_expr ref, + int stmt_list: @stmt_list ref +); + +call_exprs( + unique int id: @call_expr +); + +#keyset[id] +call_expr_functions( + int id: @call_expr ref, + int function: @expr ref +); + +consts( + unique int id: @const +); + +#keyset[id, index] +const_attrs( + int id: @const ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +const_bodies( + int id: @const ref, + int body: @expr ref +); + +#keyset[id] +const_is_const( + int id: @const ref +); + +#keyset[id] +const_is_default( + int id: @const ref +); + +#keyset[id] +const_names( + int id: @const ref, + int name: @name ref +); + +#keyset[id] +const_type_reprs( + int id: @const ref, + int type_repr: @type_repr ref +); + +#keyset[id] +const_visibilities( + int id: @const ref, + int visibility: @visibility ref +); + +enums( + unique int id: @enum +); + +#keyset[id, index] +enum_attrs( + int id: @enum ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +enum_generic_param_lists( + int id: @enum ref, + int generic_param_list: @generic_param_list ref +); + +#keyset[id] +enum_names( + int id: @enum ref, + int name: @name ref +); + +#keyset[id] +enum_variant_lists( + int id: @enum ref, + int variant_list: @variant_list ref +); + +#keyset[id] +enum_visibilities( + int id: @enum ref, + int visibility: @visibility ref +); + +#keyset[id] +enum_where_clauses( + int id: @enum ref, + int where_clause: @where_clause ref +); + +extern_blocks( + unique int id: @extern_block +); + +#keyset[id] +extern_block_abis( + int id: @extern_block ref, + int abi: @abi ref +); + +#keyset[id, index] +extern_block_attrs( + int id: @extern_block ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +extern_block_extern_item_lists( + int id: @extern_block ref, + int extern_item_list: @extern_item_list ref +); + +#keyset[id] +extern_block_is_unsafe( + int id: @extern_block ref +); + +extern_crates( + unique int id: @extern_crate +); + +#keyset[id, index] +extern_crate_attrs( + int id: @extern_crate ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +extern_crate_identifiers( + int id: @extern_crate ref, + int identifier: @name_ref ref +); + +#keyset[id] +extern_crate_renames( + int id: @extern_crate ref, + int rename: @rename ref +); + +#keyset[id] +extern_crate_visibilities( + int id: @extern_crate ref, + int visibility: @visibility ref +); + +functions( + unique int id: @function +); + +#keyset[id] +function_abis( + int id: @function ref, + int abi: @abi ref +); + +#keyset[id] +function_bodies( + int id: @function ref, + int body: @block_expr ref +); + +#keyset[id] +function_generic_param_lists( + int id: @function ref, + int generic_param_list: @generic_param_list ref +); + +#keyset[id] +function_is_async( + int id: @function ref +); + +#keyset[id] +function_is_const( + int id: @function ref +); + +#keyset[id] +function_is_default( + int id: @function ref +); + +#keyset[id] +function_is_gen( + int id: @function ref +); + +#keyset[id] +function_is_unsafe( + int id: @function ref +); + +#keyset[id] +function_names( + int id: @function ref, + int name: @name ref +); + +#keyset[id] +function_ret_types( + int id: @function ref, + int ret_type: @ret_type_repr ref +); + +#keyset[id] +function_visibilities( + int id: @function ref, + int visibility: @visibility ref +); + +#keyset[id] +function_where_clauses( + int id: @function ref, + int where_clause: @where_clause ref +); + +impls( + unique int id: @impl +); + +#keyset[id] +impl_assoc_item_lists( + int id: @impl ref, + int assoc_item_list: @assoc_item_list ref +); + +#keyset[id, index] +impl_attrs( + int id: @impl ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +impl_generic_param_lists( + int id: @impl ref, + int generic_param_list: @generic_param_list ref +); + +#keyset[id] +impl_is_const( + int id: @impl ref +); + +#keyset[id] +impl_is_default( + int id: @impl ref +); + +#keyset[id] +impl_is_unsafe( + int id: @impl ref +); + +#keyset[id] +impl_self_ties( + int id: @impl ref, + int self_ty: @type_repr ref +); + +#keyset[id] +impl_traits( + int id: @impl ref, + int trait: @type_repr ref +); + +#keyset[id] +impl_visibilities( + int id: @impl ref, + int visibility: @visibility ref +); + +#keyset[id] +impl_where_clauses( + int id: @impl ref, + int where_clause: @where_clause ref +); + +@looping_expr = + @for_expr +| @loop_expr +| @while_expr +; + +#keyset[id] +looping_expr_loop_bodies( + int id: @looping_expr ref, + int loop_body: @block_expr ref +); + +macro_calls( + unique int id: @macro_call +); + +#keyset[id, index] +macro_call_attrs( + int id: @macro_call ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +macro_call_paths( + int id: @macro_call ref, + int path: @path ref +); + +#keyset[id] +macro_call_token_trees( + int id: @macro_call ref, + int token_tree: @token_tree ref +); + +#keyset[id] +macro_call_expandeds( + int id: @macro_call ref, + int expanded: @ast_node ref +); + +macro_defs( + unique int id: @macro_def +); + +#keyset[id] +macro_def_args( + int id: @macro_def ref, + int args: @token_tree ref +); + +#keyset[id, index] +macro_def_attrs( + int id: @macro_def ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +macro_def_bodies( + int id: @macro_def ref, + int body: @token_tree ref +); + +#keyset[id] +macro_def_names( + int id: @macro_def ref, + int name: @name ref +); + +#keyset[id] +macro_def_visibilities( + int id: @macro_def ref, + int visibility: @visibility ref +); + +macro_rules( + unique int id: @macro_rules +); + +#keyset[id, index] +macro_rules_attrs( + int id: @macro_rules ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +macro_rules_names( + int id: @macro_rules ref, + int name: @name ref +); + +#keyset[id] +macro_rules_token_trees( + int id: @macro_rules ref, + int token_tree: @token_tree ref +); + +#keyset[id] +macro_rules_visibilities( + int id: @macro_rules ref, + int visibility: @visibility ref +); + +method_call_exprs( + unique int id: @method_call_expr +); + +#keyset[id] +method_call_expr_generic_arg_lists( + int id: @method_call_expr ref, + int generic_arg_list: @generic_arg_list ref +); + +#keyset[id] +method_call_expr_identifiers( + int id: @method_call_expr ref, + int identifier: @name_ref ref +); + +#keyset[id] +method_call_expr_receivers( + int id: @method_call_expr ref, + int receiver: @expr ref +); + +modules( + unique int id: @module +); + +#keyset[id, index] +module_attrs( + int id: @module ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +module_item_lists( + int id: @module ref, + int item_list: @item_list ref +); + +#keyset[id] +module_names( + int id: @module ref, + int name: @name ref +); + +#keyset[id] +module_visibilities( + int id: @module ref, + int visibility: @visibility ref +); + +path_exprs( + unique int id: @path_expr +); + +#keyset[id, index] +path_expr_attrs( + int id: @path_expr ref, + int index: int ref, + int attr: @attr ref +); + +path_pats( + unique int id: @path_pat +); + +statics( + unique int id: @static +); + +#keyset[id, index] +static_attrs( + int id: @static ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +static_bodies( + int id: @static ref, + int body: @expr ref +); + +#keyset[id] +static_is_mut( + int id: @static ref +); + +#keyset[id] +static_is_static( + int id: @static ref +); + +#keyset[id] +static_is_unsafe( + int id: @static ref +); + +#keyset[id] +static_names( + int id: @static ref, + int name: @name ref +); + +#keyset[id] +static_type_reprs( + int id: @static ref, + int type_repr: @type_repr ref +); + +#keyset[id] +static_visibilities( + int id: @static ref, + int visibility: @visibility ref +); + +structs( + unique int id: @struct +); + +#keyset[id, index] +struct_attrs( + int id: @struct ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +struct_field_lists_( + int id: @struct ref, + int field_list: @field_list ref +); + +#keyset[id] +struct_generic_param_lists( + int id: @struct ref, + int generic_param_list: @generic_param_list ref +); + +#keyset[id] +struct_names( + int id: @struct ref, + int name: @name ref +); + +#keyset[id] +struct_visibilities( + int id: @struct ref, + int visibility: @visibility ref +); + +#keyset[id] +struct_where_clauses( + int id: @struct ref, + int where_clause: @where_clause ref +); + +struct_exprs( + unique int id: @struct_expr +); + +#keyset[id] +struct_expr_struct_expr_field_lists( + int id: @struct_expr ref, + int struct_expr_field_list: @struct_expr_field_list ref +); + +struct_pats( + unique int id: @struct_pat +); + +#keyset[id] +struct_pat_struct_pat_field_lists( + int id: @struct_pat ref, + int struct_pat_field_list: @struct_pat_field_list ref +); + +traits( + unique int id: @trait +); + +#keyset[id] +trait_assoc_item_lists( + int id: @trait ref, + int assoc_item_list: @assoc_item_list ref +); + +#keyset[id, index] +trait_attrs( + int id: @trait ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +trait_generic_param_lists( + int id: @trait ref, + int generic_param_list: @generic_param_list ref +); + +#keyset[id] +trait_is_auto( + int id: @trait ref +); + +#keyset[id] +trait_is_unsafe( + int id: @trait ref +); + +#keyset[id] +trait_names( + int id: @trait ref, + int name: @name ref +); + +#keyset[id] +trait_type_bound_lists( + int id: @trait ref, + int type_bound_list: @type_bound_list ref +); + +#keyset[id] +trait_visibilities( + int id: @trait ref, + int visibility: @visibility ref +); + +#keyset[id] +trait_where_clauses( + int id: @trait ref, + int where_clause: @where_clause ref +); + +trait_aliases( + unique int id: @trait_alias +); + +#keyset[id, index] +trait_alias_attrs( + int id: @trait_alias ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +trait_alias_generic_param_lists( + int id: @trait_alias ref, + int generic_param_list: @generic_param_list ref +); + +#keyset[id] +trait_alias_names( + int id: @trait_alias ref, + int name: @name ref +); + +#keyset[id] +trait_alias_type_bound_lists( + int id: @trait_alias ref, + int type_bound_list: @type_bound_list ref +); + +#keyset[id] +trait_alias_visibilities( + int id: @trait_alias ref, + int visibility: @visibility ref +); + +#keyset[id] +trait_alias_where_clauses( + int id: @trait_alias ref, + int where_clause: @where_clause ref +); + +tuple_struct_pats( + unique int id: @tuple_struct_pat +); + +#keyset[id, index] +tuple_struct_pat_fields( + int id: @tuple_struct_pat ref, + int index: int ref, + int field: @pat ref +); + +type_aliases( + unique int id: @type_alias +); + +#keyset[id, index] +type_alias_attrs( + int id: @type_alias ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +type_alias_generic_param_lists( + int id: @type_alias ref, + int generic_param_list: @generic_param_list ref +); + +#keyset[id] +type_alias_is_default( + int id: @type_alias ref +); + +#keyset[id] +type_alias_names( + int id: @type_alias ref, + int name: @name ref +); + +#keyset[id] +type_alias_type_reprs( + int id: @type_alias ref, + int type_repr: @type_repr ref +); + +#keyset[id] +type_alias_type_bound_lists( + int id: @type_alias ref, + int type_bound_list: @type_bound_list ref +); + +#keyset[id] +type_alias_visibilities( + int id: @type_alias ref, + int visibility: @visibility ref +); + +#keyset[id] +type_alias_where_clauses( + int id: @type_alias ref, + int where_clause: @where_clause ref +); + +unions( + unique int id: @union +); + +#keyset[id, index] +union_attrs( + int id: @union ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +union_generic_param_lists( + int id: @union ref, + int generic_param_list: @generic_param_list ref +); + +#keyset[id] +union_names( + int id: @union ref, + int name: @name ref +); + +#keyset[id] +union_struct_field_lists( + int id: @union ref, + int struct_field_list: @struct_field_list ref +); + +#keyset[id] +union_visibilities( + int id: @union ref, + int visibility: @visibility ref +); + +#keyset[id] +union_where_clauses( + int id: @union ref, + int where_clause: @where_clause ref +); + +uses( + unique int id: @use +); + +#keyset[id, index] +use_attrs( + int id: @use ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +use_use_trees( + int id: @use ref, + int use_tree: @use_tree ref +); + +#keyset[id] +use_visibilities( + int id: @use ref, + int visibility: @visibility ref +); + +for_exprs( + unique int id: @for_expr +); + +#keyset[id, index] +for_expr_attrs( + int id: @for_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +for_expr_iterables( + int id: @for_expr ref, + int iterable: @expr ref +); + +#keyset[id] +for_expr_pats( + int id: @for_expr ref, + int pat: @pat ref +); + +loop_exprs( + unique int id: @loop_expr +); + +#keyset[id, index] +loop_expr_attrs( + int id: @loop_expr ref, + int index: int ref, + int attr: @attr ref +); + +while_exprs( + unique int id: @while_expr +); + +#keyset[id, index] +while_expr_attrs( + int id: @while_expr ref, + int index: int ref, + int attr: @attr ref +); + +#keyset[id] +while_expr_conditions( + int id: @while_expr ref, + int condition: @expr ref +); From f83f14bab2b81fa262e1896f62c84d85a5a4fb12 Mon Sep 17 00:00:00 2001 From: idrissrio Date: Fri, 28 Mar 2025 16:31:01 +0100 Subject: [PATCH 078/409] C++: add calling convention specifier class --- cpp/ql/lib/semmle/code/cpp/Specifier.qll | 12 ++++++++++++ .../calling-convention/calling-convention.ql | 5 +++++ 2 files changed, 17 insertions(+) create mode 100644 cpp/ql/test/library-tests/calling-convention/calling-convention.ql diff --git a/cpp/ql/lib/semmle/code/cpp/Specifier.qll b/cpp/ql/lib/semmle/code/cpp/Specifier.qll index 2f1976d220c..28ba2195656 100644 --- a/cpp/ql/lib/semmle/code/cpp/Specifier.qll +++ b/cpp/ql/lib/semmle/code/cpp/Specifier.qll @@ -97,6 +97,18 @@ class AccessSpecifier extends Specifier { override string getAPrimaryQlClass() { result = "AccessSpecifier" } } +/** + * A C/C++ calling convention specifier: `cdecl`, `fastcall`, `stdcall`, `thiscall`, + * `vectorcall`, or `clrcall`. + */ +class CallingConventionSpecifier extends Specifier { + CallingConventionSpecifier() { + this.hasName(["cdecl", "fastcall", "stdcall", "thiscall", "vectorcall", "clrcall"]) + } + + override string getAPrimaryQlClass() { result = "CallingConventionSpecifier" } +} + /** * An attribute introduced by GNU's `__attribute__((name))` syntax, * Microsoft's `__declspec(name)` syntax, Microsoft's `[name]` syntax, the diff --git a/cpp/ql/test/library-tests/calling-convention/calling-convention.ql b/cpp/ql/test/library-tests/calling-convention/calling-convention.ql new file mode 100644 index 00000000000..02e3b3af5ce --- /dev/null +++ b/cpp/ql/test/library-tests/calling-convention/calling-convention.ql @@ -0,0 +1,5 @@ +import cpp + +from FunctionDeclarationEntry func, CallingConventionSpecifier ccs +where ccs.hasName(func.getASpecifier()) +select func, func.getASpecifier() From 9ec7f3c9a5587398a5796dd530f7fca2f1c79ed8 Mon Sep 17 00:00:00 2001 From: idrissrio Date: Mon, 31 Mar 2025 11:57:32 +0200 Subject: [PATCH 079/409] C++: add test for calling conventions --- .../calling-convention.expected | 7 +++++++ .../library-tests/calling-convention/test.cpp | 16 ++++++++++++++++ 2 files changed, 23 insertions(+) create mode 100644 cpp/ql/test/library-tests/calling-convention/calling-convention.expected create mode 100644 cpp/ql/test/library-tests/calling-convention/test.cpp diff --git a/cpp/ql/test/library-tests/calling-convention/calling-convention.expected b/cpp/ql/test/library-tests/calling-convention/calling-convention.expected new file mode 100644 index 00000000000..a2dd4106616 --- /dev/null +++ b/cpp/ql/test/library-tests/calling-convention/calling-convention.expected @@ -0,0 +1,7 @@ +| test.cpp:4:21:4:35 | definition of thiscall_method | thiscall | +| test.cpp:7:14:7:23 | definition of func_cdecl | cdecl | +| test.cpp:9:16:9:27 | definition of func_stdcall | stdcall | +| test.cpp:11:17:11:29 | definition of func_fastcall | fastcall | +| test.cpp:13:20:13:34 | definition of func_vectorcall | vectorcall | +| test.cpp:15:13:15:25 | definition of func_overload | cdecl | +| test.cpp:16:15:16:27 | definition of func_overload | stdcall | diff --git a/cpp/ql/test/library-tests/calling-convention/test.cpp b/cpp/ql/test/library-tests/calling-convention/test.cpp new file mode 100644 index 00000000000..982c3c0caea --- /dev/null +++ b/cpp/ql/test/library-tests/calling-convention/test.cpp @@ -0,0 +1,16 @@ +// semmle-extractor-options: --microsoft + +struct call_conventions { + void __thiscall thiscall_method() {} +}; + +void __cdecl func_cdecl() {} + +void __stdcall func_stdcall() {} + +void __fastcall func_fastcall() {} + +void __vectorcall func_vectorcall() {} + +int __cdecl func_overload() {} +int __stdcall func_overload(int x) {} From ae555f2f2e3ac85dc7f2c2bff1330a8b016789ae Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 5 Feb 2025 17:23:49 +0000 Subject: [PATCH 080/409] Rust: Add a test for uncontrolled allocation size. --- .../UncontrolledAllocationSize.expected | 0 .../CWE-770/UncontrolledAllocationSize.qlref | 4 + .../test/query-tests/security/CWE-770/main.rs | 223 ++++++++++++++++++ .../query-tests/security/CWE-770/options.yml | 3 + .../security/CWE-770/rust-toolchain.toml | 2 + 5 files changed, 232 insertions(+) create mode 100644 rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected create mode 100644 rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.qlref create mode 100644 rust/ql/test/query-tests/security/CWE-770/main.rs create mode 100644 rust/ql/test/query-tests/security/CWE-770/options.yml create mode 100644 rust/ql/test/query-tests/security/CWE-770/rust-toolchain.toml diff --git a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected new file mode 100644 index 00000000000..e69de29bb2d diff --git a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.qlref b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.qlref new file mode 100644 index 00000000000..2e30becb92c --- /dev/null +++ b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.qlref @@ -0,0 +1,4 @@ +query: queries/security/CWE-770/UncontrolledAllocationSize.ql +postprocess: + - utils/test/InlineExpectationsTestQuery.ql + - utils/test/PrettyPrintModels.ql diff --git a/rust/ql/test/query-tests/security/CWE-770/main.rs b/rust/ql/test/query-tests/security/CWE-770/main.rs new file mode 100644 index 00000000000..c2a1eb111c3 --- /dev/null +++ b/rust/ql/test/query-tests/security/CWE-770/main.rs @@ -0,0 +1,223 @@ +#![feature(alloc_layout_extra)] +#![feature(allocator_api)] +#![feature(try_with_capacity)] +#![feature(box_vec_non_null)] +#![feature(non_null_from_ref)] + +struct MyStruct { + _a: usize, + _b: i64, +} + +unsafe fn test_std_alloc_from_size(v: usize) { + let l1 = std::alloc::Layout::from_size_align(16, 1).unwrap(); + let m1 = std::alloc::alloc(l1); + let _ = std::alloc::alloc(l1.align_to(8).unwrap()); + let _ = std::alloc::alloc(l1.align_to(8).unwrap().pad_to_align()); + let _ = std::alloc::alloc_zeroed(l1); + let _ = std::alloc::realloc(m1, l1, v); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + + let l2 = std::alloc::Layout::from_size_align(v, 1).unwrap(); + let _ = std::alloc::alloc(l2); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc(l2.align_to(8).unwrap()); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc(l2.align_to(8).unwrap().pad_to_align()); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc_zeroed(l2); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + + let l3 = std::alloc::Layout::from_size_align(1, v).unwrap(); // not obviously dangerous? + let _ = std::alloc::alloc(l3); + + let l4 = std::alloc::Layout::from_size_align_unchecked(v, 1); + let _ = std::alloc::alloc(l4); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + + let l5 = std::alloc::Layout::from_size_align_unchecked(v * std::mem::size_of::(), std::mem::size_of::()); + let _ = std::alloc::alloc(l5); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + + let s6 = (std::mem::size_of::() * v) + 1; + let l6 = std::alloc::Layout::from_size_align_unchecked(s6, 4); + let _ = std::alloc::alloc(l6); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + + let l7 = std::alloc::Layout::from_size_align_unchecked(l6.size(), 8); + let _ = std::alloc::alloc(l7); // $ MISSING: Alert[rust/uncontrolled-allocation-size] +} + +unsafe fn test_std_alloc_new_repeat_extend(v: usize) { + let l1 = std::alloc::Layout::new::<[u8; 10]>(); + let _ = std::alloc::alloc(l1); + + let l2 = std::alloc::Layout::new::(); + let _ = std::alloc::alloc(l2); + let _ = std::alloc::alloc(l2.repeat(10).unwrap().0); + let _ = std::alloc::alloc(l2.repeat(v).unwrap().0); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc(l2.repeat(v + 1).unwrap().0); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc(l2.repeat_packed(10).unwrap()); + let _ = std::alloc::alloc(l2.repeat_packed(v).unwrap()); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc(l2.repeat_packed(v * 10).unwrap()); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + + let l3 = std::alloc::Layout::array::(10).unwrap(); + let _ = std::alloc::alloc(l3); + let (k1, _offs1) = l3.repeat(v).expect("arithmetic overflow?"); + let _ = std::alloc::alloc(k1); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let (k2, _offs2) = l3.extend(k1).unwrap(); + let _ = std::alloc::alloc(k2); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let (k3, _offs3) = k1.extend(l3).unwrap(); + let _ = std::alloc::alloc(k3); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc(l3.extend_packed(k1).unwrap()); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc(k1.extend_packed(l3).unwrap()); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + + let l4 = std::alloc::Layout::array::(v).unwrap(); + let _ = std::alloc::alloc(l4); // $ MISSING: Alert[rust/uncontrolled-allocation-size] +} + +fn clamp(v: T, min: T, max: T) -> T { + if v < min { + return min; + } else if v > max { + return max; + } else { + return v; + } +} + +unsafe fn test_std_alloc_with_bounds(v: usize) { + let l1 = std::alloc::Layout::array::(v).unwrap(); + + if v < 100 { + let _ = std::alloc::alloc(l1); + } else { + let _ = std::alloc::alloc(l1); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + } + + if v == 100 { + let _ = std::alloc::alloc(l1); + } else { + let _ = std::alloc::alloc(l1); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + } + + { + let mut v_mut = v; + + if v_mut > 100 { + v_mut = 100; + } + + let l2 = std::alloc::Layout::array::(v_mut).unwrap(); + let _ = std::alloc::alloc(l2); + + let l3 = std::alloc::Layout::array::(v).unwrap(); + let _ = std::alloc::alloc(l3); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + } + + let l4 = std::alloc::Layout::array::(std::cmp::min(v, 100)).unwrap(); + let _ = std::alloc::alloc(l4); + + let l5 = std::alloc::Layout::array::(std::cmp::max(v, 100)).unwrap(); + let _ = std::alloc::alloc(l5); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + + let l6 = std::alloc::Layout::array::(clamp(v, 1, 100)).unwrap(); + let _ = std::alloc::alloc(l6); + + let _ = std::alloc::alloc(l1); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + if v > 100 { + return; + } + let _ = std::alloc::alloc(l1); +} + +use std::alloc::{GlobalAlloc, Allocator}; + +unsafe fn test_system_alloc(v: usize) { + let l1 = std::alloc::Layout::array::(10).unwrap(); + let _ = std::alloc::System.alloc(l1); + let _ = std::alloc::System.alloc_zeroed(l1); + let _ = std::alloc::System.allocate(l1).unwrap(); + let _ = std::alloc::System.allocate_zeroed(l1).unwrap(); + let _ = std::alloc::Global.allocate(l1).unwrap(); + let _ = std::alloc::Global.allocate_zeroed(l1).unwrap(); + + let l2 = std::alloc::Layout::array::(v).unwrap(); + let _ = std::alloc::System.alloc(l2); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::System.alloc_zeroed(l2); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::System.allocate(l2).unwrap(); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::System.allocate_zeroed(l2).unwrap(); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::Global.allocate(l2).unwrap(); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::Global.allocate_zeroed(l2).unwrap(); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + + let l3 = std::alloc::Layout::array::(10).unwrap(); + let m3 = std::alloc::System.alloc(l3); + let _ = std::alloc::System.realloc(m3, l3, v); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + + let l4 = std::alloc::Layout::array::(10).unwrap(); + let m4 = std::ptr::NonNull::::new(std::alloc::alloc(l4)).unwrap(); + if v > 10 { + if v % 2 == 0 { + let _ = std::alloc::System.grow(m4, l4, l2).unwrap(); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + } else { + let _ = std::alloc::System.grow_zeroed(m4, l4, l2).unwrap(); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + } + } else { + let _ = std::alloc::System.shrink(m4, l4, l2).unwrap(); + } +} + +unsafe fn test_libc_alloc(v: usize) { + let m1 = libc::malloc(256); + let _ = libc::malloc(v); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = libc::aligned_alloc(8, v); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = libc::aligned_alloc(v, 8); + let _ = libc::calloc(64, v); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = libc::calloc(v, std::mem::size_of::()); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = libc::realloc(m1, v); // $ MISSING: Alert[rust/uncontrolled-allocation-size] +} + +unsafe fn test_vectors(v: usize) { + let _ = Vec::::try_with_capacity(v).unwrap(); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = Vec::::with_capacity(v); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = Vec::::try_with_capacity_in(v, std::alloc::Global).unwrap(); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = Vec::::with_capacity_in(v, std::alloc::Global); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + + let mut v1 = Vec::::with_capacity(100); + v1.reserve(v); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + v1.reserve_exact(v); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = v1.try_reserve(v).unwrap(); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = v1.try_reserve_exact(v).unwrap(); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + v1.resize(v, 1); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + v1.set_len(v); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + + let l2 = std::alloc::Layout::new::<[u64; 200]>(); + let m2 = std::ptr::NonNull::::new(std::alloc::alloc(l2).cast::()).unwrap(); + let _ = Vec::::from_parts(m2, v, 200); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + + let m3 = std::ptr::NonNull::::new(std::alloc::alloc(l2).cast::()).unwrap(); + let _ = Vec::::from_parts(m3, 100, v); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + + let m4 = std::ptr::NonNull::::new(std::alloc::alloc(l2).cast::()).unwrap(); + let _ = Vec::::from_parts_in(m4, 100, v, std::alloc::Global); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + + let m5 = std::alloc::alloc(l2).cast::(); + let _ = Vec::::from_raw_parts(m5, v, 200); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + + let m6 = std::alloc::alloc(l2).cast::(); + let _ = Vec::::from_raw_parts(m6, 100, v); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + + let m7 = std::alloc::alloc(l2).cast::(); + let _ = Vec::::from_raw_parts_in(m7, 100, v, std::alloc::Global); // $ MISSING: Alert[rust/uncontrolled-allocation-size] +} + +// --- main --- + +fn main() { + println!("--- begin ---"); + + let v = std::env::args().nth(1).unwrap_or("1024".to_string()).parse::().unwrap(); // $ Source=arg1 + + unsafe { + test_std_alloc_from_size(v); + test_std_alloc_new_repeat_extend(v); + test_std_alloc_with_bounds(v); + test_system_alloc(v); + test_libc_alloc(v); + test_vectors(v); + } + + println!("--- end ---"); +} diff --git a/rust/ql/test/query-tests/security/CWE-770/options.yml b/rust/ql/test/query-tests/security/CWE-770/options.yml new file mode 100644 index 00000000000..95a17a53b43 --- /dev/null +++ b/rust/ql/test/query-tests/security/CWE-770/options.yml @@ -0,0 +1,3 @@ +qltest_cargo_check: true +qltest_dependencies: + - libc = { version = "0.2.11" } diff --git a/rust/ql/test/query-tests/security/CWE-770/rust-toolchain.toml b/rust/ql/test/query-tests/security/CWE-770/rust-toolchain.toml new file mode 100644 index 00000000000..afeb5929325 --- /dev/null +++ b/rust/ql/test/query-tests/security/CWE-770/rust-toolchain.toml @@ -0,0 +1,2 @@ +[toolchain] +channel = "nightly-2025-03-17" From 9409cd6ed7d0f9ee2fb3d863dda9df48831837f0 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 5 Feb 2025 18:32:43 +0000 Subject: [PATCH 081/409] Rust: Prototype query. --- .../UncontrolledAllocationSizeExtensions.qll | 34 ++++++++++++++ .../CWE-770/UncontrolledAllocationSize.ql | 44 +++++++++++++++++++ .../UncontrolledAllocationSize.expected | 4 ++ 3 files changed, 82 insertions(+) create mode 100644 rust/ql/lib/codeql/rust/security/UncontrolledAllocationSizeExtensions.qll create mode 100644 rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSize.ql diff --git a/rust/ql/lib/codeql/rust/security/UncontrolledAllocationSizeExtensions.qll b/rust/ql/lib/codeql/rust/security/UncontrolledAllocationSizeExtensions.qll new file mode 100644 index 00000000000..bb0ffbb4e3c --- /dev/null +++ b/rust/ql/lib/codeql/rust/security/UncontrolledAllocationSizeExtensions.qll @@ -0,0 +1,34 @@ +/** + * Provides classes and predicates for reasoning about uncontrolled allocation + * size vulnerabilities. + */ + +import rust +private import codeql.rust.Concepts +private import codeql.rust.dataflow.DataFlow +private import codeql.rust.dataflow.FlowSink + +/** + * Provides default sources, sinks and barriers for detecting uncontrolled + * allocation size vulnerabilities, as well as extension points for adding your own. + */ +module UncontrolledAllocationSize { + /** + * A data flow sink for uncontrolled allocation size vulnerabilities. + */ + abstract class Sink extends QuerySink::Range { + override string getSinkType() { result = "UncontrolledAllocationSize" } + } + + /** + * A barrier for uncontrolled allocation size vulnerabilities. + */ + abstract class Barrier extends DataFlow::Node { } + + /** + * sink for uncontrolled allocation size from model data. + */ + private class ModelsAsDataSink extends Sink { + ModelsAsDataSink() { sinkNode(this, ["alloc-size", "alloc-layout"]) } + } +} diff --git a/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSize.ql b/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSize.ql new file mode 100644 index 00000000000..bbaaaf06a02 --- /dev/null +++ b/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSize.ql @@ -0,0 +1,44 @@ +/** + * @name Uncontrolled allocation size + * @description Allocating memory with a size controlled by an external user can result in + * arbitrary amounts of memory being allocated. + * @kind path-problem + * @problem.severity recommendation + * @security-severity 7.5 + * @precision high + * @id rust/uncontrolled-allocation-size + * @tags reliability + * security + * external/cwe/cwe-770 + * external/cwe/cwe-789 + */ + +import rust +import codeql.rust.Concepts +import codeql.rust.dataflow.DataFlow +import codeql.rust.dataflow.TaintTracking +import codeql.rust.dataflow.internal.DataFlowImpl +import codeql.rust.security.UncontrolledAllocationSizeExtensions + +/** + * A taint-tracking configuration for uncontrolled allocation size vulnerabilities. + */ +module UncontrolledAllocationConfig implements DataFlow::ConfigSig { + import UncontrolledAllocationSize + + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } + + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } + + predicate isBarrier(DataFlow::Node barrier) { barrier instanceof Barrier } +} + +module UncontrolledAllocationFlow = TaintTracking::Global; + +import UncontrolledAllocationFlow::PathGraph + +from UncontrolledAllocationFlow::PathNode source, UncontrolledAllocationFlow::PathNode sink +where UncontrolledAllocationFlow::flowPath(source, sink) +select sink.getNode(), source, sink, + "This allocation size is derived from a $@ and could allocate arbitrary amounts of memory.", + source.getNode(), "user-provided value" diff --git a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected index e69de29bb2d..58f42bec0c8 100644 --- a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected +++ b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected @@ -0,0 +1,4 @@ +#select +edges +nodes +subpaths From 03f94de3cb70178c7c5da4c1ba9b2d300a316390 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 5 Feb 2025 17:49:03 +0000 Subject: [PATCH 082/409] Rust: Add models. --- .../lib/codeql/rust/frameworks/libc.model.yml | 9 + .../frameworks/stdlib/lang-alloc.model.yml | 25 + .../frameworks/stdlib/lang-core.model.yml | 14 +- .../diagnostics/SummaryStats.expected | 2 +- .../UncontrolledAllocationSize.expected | 443 ++++++++++++++++++ .../test/query-tests/security/CWE-770/main.rs | 80 ++-- 6 files changed, 531 insertions(+), 42 deletions(-) create mode 100644 rust/ql/lib/codeql/rust/frameworks/libc.model.yml create mode 100644 rust/ql/lib/codeql/rust/frameworks/stdlib/lang-alloc.model.yml diff --git a/rust/ql/lib/codeql/rust/frameworks/libc.model.yml b/rust/ql/lib/codeql/rust/frameworks/libc.model.yml new file mode 100644 index 00000000000..f952656a21e --- /dev/null +++ b/rust/ql/lib/codeql/rust/frameworks/libc.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: codeql/rust-all + extensible: sinkModel + data: + - ["repo:https://github.com/rust-lang/libc:libc", "::malloc", "Argument[0]", "alloc-size", "manual"] + - ["repo:https://github.com/rust-lang/libc:libc", "::aligned_alloc", "Argument[1]", "alloc-size", "manual"] + - ["repo:https://github.com/rust-lang/libc:libc", "::calloc", "Argument[0,1]", "alloc-size", "manual"] + - ["repo:https://github.com/rust-lang/libc:libc", "::realloc", "Argument[1]", "alloc-size", "manual"] diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-alloc.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-alloc.model.yml new file mode 100644 index 00000000000..85cd97fb462 --- /dev/null +++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-alloc.model.yml @@ -0,0 +1,25 @@ +extensions: + - addsTo: + pack: codeql/rust-all + extensible: sinkModel + data: + # Alloc + - ["lang:alloc", "crate::alloc::alloc", "Argument[0]", "alloc-layout", "manual"] + - ["lang:alloc", "crate::alloc::alloc_zeroed", "Argument[0]", "alloc-layout", "manual"] + - ["lang:alloc", "crate::alloc::realloc", "Argument[2]", "alloc-size", "manual"] + - ["lang:std", "::alloc", "Argument[0]", "alloc-layout", "manual"] + - ["lang:std", "::alloc_zeroed", "Argument[0]", "alloc-layout", "manual"] + - ["lang:std", "::allocate", "Argument[0]", "alloc-layout", "manual"] + - ["lang:std", "::allocate_zeroed", "Argument[0]", "alloc-layout", "manual"] + - ["lang:std", "::grow", "Argument[2]", "alloc-layout", "manual"] + - ["lang:std", "::grow_zeroed", "Argument[2]", "alloc-layout", "manual"] + - ["lang:alloc", "::alloc", "Argument[0]", "alloc-layout", "manual"] + - ["lang:alloc", "::alloc_zeroed", "Argument[0]", "alloc-layout", "manual"] + - ["lang:alloc", "::allocate", "Argument[0]", "alloc-layout", "manual"] + - ["lang:alloc", "::allocate_zeroed", "Argument[0]", "alloc-layout", "manual"] + - ["lang:alloc", "::grow", "Argument[2]", "alloc-layout", "manual"] + - ["lang:alloc", "::grow_zeroed", "Argument[2]", "alloc-layout", "manual"] + - ["repo:https://github.com/rust-lang/libc:libc", "::malloc", "Argument[0]", "alloc-size", "manual"] + - ["repo:https://github.com/rust-lang/libc:libc", "::aligned_alloc", "Argument[1]", "alloc-size", "manual"] + - ["repo:https://github.com/rust-lang/libc:libc", "::calloc", "Argument[0,1]", "alloc-size", "manual"] + - ["repo:https://github.com/rust-lang/libc:libc", "::realloc", "Argument[1]", "alloc-size", "manual"] diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml index a2f6b15ab2c..710949b07e0 100644 --- a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml @@ -19,7 +19,19 @@ extensions: - ["lang:core", "::collect", "Argument[self].Element", "ReturnValue.Element", "value", "manual"] - ["lang:core", "::map", "Argument[self].Element", "Argument[0].Parameter[0]", "value", "manual"] - ["lang:core", "::for_each", "Argument[self].Element", "Argument[0].Parameter[0]", "value", "manual"] - # ptr + # Layout + - ["lang:core", "::from_size_align", "Argument[0]", "ReturnValue.Field[crate::result::Result::Ok(0)]", "taint", "manual"] + - ["lang:core", "::from_size_align_unchecked", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["lang:core", "::array", "Argument[0]", "ReturnValue.Field[crate::result::Result::Ok(0)]", "taint", "manual"] + - ["lang:core", "::repeat", "Argument[self]", "ReturnValue.Field[crate::result::Result::Ok(0)].Field[0]", "taint", "manual"] + - ["lang:core", "::repeat", "Argument[0]", "ReturnValue.Field[crate::result::Result::Ok(0)].Field[0]", "taint", "manual"] + - ["lang:core", "::repeat_packed", "Argument[self]", "ReturnValue.Field[crate::result::Result::Ok(0)]", "taint", "manual"] + - ["lang:core", "::repeat_packed", "Argument[0]", "ReturnValue.Field[crate::result::Result::Ok(0)]", "taint", "manual"] + - ["lang:core", "::extend", "Argument[self]", "ReturnValue.Field[crate::result::Result::Ok(0)].Field[0]", "taint", "manual"] + - ["lang:core", "::extend", "Argument[0]", "ReturnValue.Field[crate::result::Result::Ok(0)].Field[0]", "taint", "manual"] + - ["lang:core", "::extend_packed", "Argument[self]", "ReturnValue.Field[crate::result::Result::Ok(0)]", "taint", "manual"] + - ["lang:core", "::extend_packed", "Argument[0]", "ReturnValue.Field[crate::result::Result::Ok(0)]", "taint", "manual"] + # Ptr - ["lang:core", "crate::ptr::read", "Argument[0].Reference", "ReturnValue", "value", "manual"] - ["lang:core", "crate::ptr::read_unaligned", "Argument[0].Reference", "ReturnValue", "value", "manual"] - ["lang:core", "crate::ptr::read_volatile", "Argument[0].Reference", "ReturnValue", "value", "manual"] diff --git a/rust/ql/test/query-tests/diagnostics/SummaryStats.expected b/rust/ql/test/query-tests/diagnostics/SummaryStats.expected index d34cd849069..a8833f62680 100644 --- a/rust/ql/test/query-tests/diagnostics/SummaryStats.expected +++ b/rust/ql/test/query-tests/diagnostics/SummaryStats.expected @@ -15,7 +15,7 @@ | Macro calls - resolved | 8 | | Macro calls - total | 9 | | Macro calls - unresolved | 1 | -| Taint edges - number of edges | 1674 | +| Taint edges - number of edges | 1675 | | Taint reach - nodes tainted | 0 | | Taint reach - per million nodes | 0 | | Taint sinks - cryptographic operations | 0 | diff --git a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected index 58f42bec0c8..4dcc0f1b558 100644 --- a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected +++ b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected @@ -1,4 +1,447 @@ #select +| main.rs:18:13:18:31 | ...::realloc | main.rs:211:13:211:26 | ...::args | main.rs:18:13:18:31 | ...::realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:21:13:21:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:21:13:21:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:24:13:24:36 | ...::alloc_zeroed | main.rs:211:13:211:26 | ...::args | main.rs:24:13:24:36 | ...::alloc_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:30:13:30:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:30:13:30:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:33:13:33:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:33:13:33:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:37:13:37:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:37:13:37:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:50:13:50:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:50:13:50:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:51:13:51:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:51:13:51:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:53:13:53:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:53:13:53:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:54:13:54:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:54:13:54:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:59:13:59:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:59:13:59:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:61:13:61:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:61:13:61:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:63:13:63:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:63:13:63:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:64:13:64:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:64:13:64:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:65:13:65:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:65:13:65:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:68:13:68:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:68:13:68:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:85:17:85:33 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:85:17:85:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:87:17:87:33 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:87:17:87:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:91:17:91:33 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:91:17:91:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:93:17:93:33 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:93:17:93:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:104:17:104:33 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:104:17:104:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:107:17:107:33 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:107:17:107:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:111:13:111:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:111:13:111:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:114:13:114:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:114:13:114:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:117:13:117:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:117:13:117:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:119:13:119:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:119:13:119:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:123:13:123:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:123:13:123:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:138:32:138:36 | alloc | main.rs:211:13:211:26 | ...::args | main.rs:138:32:138:36 | alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:139:32:139:43 | alloc_zeroed | main.rs:211:13:211:26 | ...::args | main.rs:139:32:139:43 | alloc_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:140:32:140:39 | allocate | main.rs:211:13:211:26 | ...::args | main.rs:140:32:140:39 | allocate | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:141:32:141:46 | allocate_zeroed | main.rs:211:13:211:26 | ...::args | main.rs:141:32:141:46 | allocate_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:142:32:142:39 | allocate | main.rs:211:13:211:26 | ...::args | main.rs:142:32:142:39 | allocate | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:143:32:143:46 | allocate_zeroed | main.rs:211:13:211:26 | ...::args | main.rs:143:32:143:46 | allocate_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:153:40:153:43 | grow | main.rs:211:13:211:26 | ...::args | main.rs:153:40:153:43 | grow | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:155:40:155:50 | grow_zeroed | main.rs:211:13:211:26 | ...::args | main.rs:155:40:155:50 | grow_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:164:13:164:24 | ...::malloc | main.rs:211:13:211:26 | ...::args | main.rs:164:13:164:24 | ...::malloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:164:13:164:24 | ...::malloc | main.rs:211:13:211:26 | ...::args | main.rs:164:13:164:24 | ...::malloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:165:13:165:31 | ...::aligned_alloc | main.rs:211:13:211:26 | ...::args | main.rs:165:13:165:31 | ...::aligned_alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:165:13:165:31 | ...::aligned_alloc | main.rs:211:13:211:26 | ...::args | main.rs:165:13:165:31 | ...::aligned_alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:167:13:167:24 | ...::calloc | main.rs:211:13:211:26 | ...::args | main.rs:167:13:167:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:167:13:167:24 | ...::calloc | main.rs:211:13:211:26 | ...::args | main.rs:167:13:167:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:168:13:168:24 | ...::calloc | main.rs:211:13:211:26 | ...::args | main.rs:168:13:168:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:168:13:168:24 | ...::calloc | main.rs:211:13:211:26 | ...::args | main.rs:168:13:168:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:169:13:169:25 | ...::realloc | main.rs:211:13:211:26 | ...::args | main.rs:169:13:169:25 | ...::realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:169:13:169:25 | ...::realloc | main.rs:211:13:211:26 | ...::args | main.rs:169:13:169:25 | ...::realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | edges +| main.rs:12:36:12:43 | ...: usize | main.rs:18:41:18:41 | v | provenance | | +| main.rs:18:41:18:41 | v | main.rs:18:13:18:31 | ...::realloc | provenance | MaD:5 Sink:MaD:5 | +| main.rs:18:41:18:41 | v | main.rs:20:50:20:50 | v | provenance | | +| main.rs:18:41:18:41 | v | main.rs:29:60:29:60 | v | provenance | | +| main.rs:18:41:18:41 | v | main.rs:32:60:32:89 | ... * ... | provenance | | +| main.rs:18:41:18:41 | v | main.rs:35:9:35:10 | s6 | provenance | | +| main.rs:20:9:20:10 | l2 | main.rs:21:31:21:32 | l2 | provenance | | +| main.rs:20:14:20:54 | ...::from_size_align(...) [Ok] | main.rs:20:14:20:63 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:20:14:20:63 | ... .unwrap(...) | main.rs:20:9:20:10 | l2 | provenance | | +| main.rs:20:50:20:50 | v | main.rs:20:14:20:54 | ...::from_size_align(...) [Ok] | provenance | MaD:22 | +| main.rs:21:31:21:32 | l2 | main.rs:21:13:21:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:21:31:21:32 | l2 | main.rs:24:38:24:39 | l2 | provenance | | +| main.rs:24:38:24:39 | l2 | main.rs:24:13:24:36 | ...::alloc_zeroed | provenance | MaD:4 Sink:MaD:4 | +| main.rs:29:9:29:10 | l4 | main.rs:30:31:30:32 | l4 | provenance | | +| main.rs:29:14:29:64 | ...::from_size_align_unchecked(...) | main.rs:29:9:29:10 | l4 | provenance | | +| main.rs:29:60:29:60 | v | main.rs:29:14:29:64 | ...::from_size_align_unchecked(...) | provenance | MaD:23 | +| main.rs:30:31:30:32 | l4 | main.rs:30:13:30:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:32:9:32:10 | l5 | main.rs:33:31:33:32 | l5 | provenance | | +| main.rs:32:14:32:118 | ...::from_size_align_unchecked(...) | main.rs:32:9:32:10 | l5 | provenance | | +| main.rs:32:60:32:89 | ... * ... | main.rs:32:14:32:118 | ...::from_size_align_unchecked(...) | provenance | MaD:23 | +| main.rs:33:31:33:32 | l5 | main.rs:33:13:33:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:35:9:35:10 | s6 | main.rs:36:60:36:61 | s6 | provenance | | +| main.rs:36:9:36:10 | l6 | main.rs:37:31:37:32 | l6 | provenance | | +| main.rs:36:14:36:65 | ...::from_size_align_unchecked(...) | main.rs:36:9:36:10 | l6 | provenance | | +| main.rs:36:60:36:61 | s6 | main.rs:36:14:36:65 | ...::from_size_align_unchecked(...) | provenance | MaD:23 | +| main.rs:37:31:37:32 | l6 | main.rs:37:13:37:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:43:44:43:51 | ...: usize | main.rs:50:41:50:41 | v | provenance | | +| main.rs:43:44:43:51 | ...: usize | main.rs:51:41:51:45 | ... + ... | provenance | | +| main.rs:43:44:43:51 | ...: usize | main.rs:53:48:53:48 | v | provenance | | +| main.rs:43:44:43:51 | ...: usize | main.rs:54:48:54:53 | ... * ... | provenance | | +| main.rs:43:44:43:51 | ...: usize | main.rs:58:34:58:34 | v | provenance | | +| main.rs:43:44:43:51 | ...: usize | main.rs:67:46:67:46 | v | provenance | | +| main.rs:50:31:50:42 | l2.repeat(...) [Ok, tuple.0] | main.rs:50:31:50:51 | ... .unwrap(...) [tuple.0] | provenance | MaD:28 | +| main.rs:50:31:50:51 | ... .unwrap(...) [tuple.0] | main.rs:50:31:50:53 | ... .0 | provenance | | +| main.rs:50:31:50:53 | ... .0 | main.rs:50:13:50:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:50:41:50:41 | v | main.rs:50:31:50:42 | l2.repeat(...) [Ok, tuple.0] | provenance | MaD:24 | +| main.rs:51:31:51:46 | l2.repeat(...) [Ok, tuple.0] | main.rs:51:31:51:55 | ... .unwrap(...) [tuple.0] | provenance | MaD:28 | +| main.rs:51:31:51:55 | ... .unwrap(...) [tuple.0] | main.rs:51:31:51:57 | ... .0 | provenance | | +| main.rs:51:31:51:57 | ... .0 | main.rs:51:13:51:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:51:41:51:45 | ... + ... | main.rs:51:31:51:46 | l2.repeat(...) [Ok, tuple.0] | provenance | MaD:24 | +| main.rs:53:31:53:49 | l2.repeat_packed(...) [Ok] | main.rs:53:31:53:58 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:53:31:53:58 | ... .unwrap(...) | main.rs:53:13:53:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:53:48:53:48 | v | main.rs:53:31:53:49 | l2.repeat_packed(...) [Ok] | provenance | MaD:25 | +| main.rs:54:31:54:54 | l2.repeat_packed(...) [Ok] | main.rs:54:31:54:63 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:54:31:54:63 | ... .unwrap(...) | main.rs:54:13:54:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:54:48:54:53 | ... * ... | main.rs:54:31:54:54 | l2.repeat_packed(...) [Ok] | provenance | MaD:25 | +| main.rs:58:9:58:20 | TuplePat [tuple.0] | main.rs:58:10:58:11 | k1 | provenance | | +| main.rs:58:10:58:11 | k1 | main.rs:59:31:59:32 | k1 | provenance | | +| main.rs:58:24:58:35 | l3.repeat(...) [Ok, tuple.0] | main.rs:58:24:58:66 | ... .expect(...) [tuple.0] | provenance | MaD:27 | +| main.rs:58:24:58:66 | ... .expect(...) [tuple.0] | main.rs:58:9:58:20 | TuplePat [tuple.0] | provenance | | +| main.rs:58:34:58:34 | v | main.rs:58:24:58:35 | l3.repeat(...) [Ok, tuple.0] | provenance | MaD:24 | +| main.rs:59:31:59:32 | k1 | main.rs:59:13:59:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:59:31:59:32 | k1 | main.rs:60:34:60:35 | k1 | provenance | | +| main.rs:59:31:59:32 | k1 | main.rs:62:24:62:36 | k1.extend(...) [Ok, tuple.0] | provenance | MaD:19 | +| main.rs:59:31:59:32 | k1 | main.rs:64:48:64:49 | k1 | provenance | | +| main.rs:59:31:59:32 | k1 | main.rs:65:31:65:50 | k1.extend_packed(...) [Ok] | provenance | MaD:21 | +| main.rs:60:9:60:20 | TuplePat [tuple.0] | main.rs:60:10:60:11 | k2 | provenance | | +| main.rs:60:10:60:11 | k2 | main.rs:61:31:61:32 | k2 | provenance | | +| main.rs:60:24:60:36 | l3.extend(...) [Ok, tuple.0] | main.rs:60:24:60:45 | ... .unwrap(...) [tuple.0] | provenance | MaD:28 | +| main.rs:60:24:60:45 | ... .unwrap(...) [tuple.0] | main.rs:60:9:60:20 | TuplePat [tuple.0] | provenance | | +| main.rs:60:34:60:35 | k1 | main.rs:60:24:60:36 | l3.extend(...) [Ok, tuple.0] | provenance | MaD:18 | +| main.rs:61:31:61:32 | k2 | main.rs:61:13:61:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:62:9:62:20 | TuplePat [tuple.0] | main.rs:62:10:62:11 | k3 | provenance | | +| main.rs:62:10:62:11 | k3 | main.rs:63:31:63:32 | k3 | provenance | | +| main.rs:62:24:62:36 | k1.extend(...) [Ok, tuple.0] | main.rs:62:24:62:45 | ... .unwrap(...) [tuple.0] | provenance | MaD:28 | +| main.rs:62:24:62:45 | ... .unwrap(...) [tuple.0] | main.rs:62:9:62:20 | TuplePat [tuple.0] | provenance | | +| main.rs:63:31:63:32 | k3 | main.rs:63:13:63:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:64:31:64:50 | l3.extend_packed(...) [Ok] | main.rs:64:31:64:59 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:64:31:64:59 | ... .unwrap(...) | main.rs:64:13:64:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:64:48:64:49 | k1 | main.rs:64:31:64:50 | l3.extend_packed(...) [Ok] | provenance | MaD:20 | +| main.rs:65:31:65:50 | k1.extend_packed(...) [Ok] | main.rs:65:31:65:59 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:65:31:65:59 | ... .unwrap(...) | main.rs:65:13:65:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:67:9:67:10 | l4 | main.rs:68:31:68:32 | l4 | provenance | | +| main.rs:67:14:67:47 | ...::array::<...>(...) [Ok] | main.rs:67:14:67:56 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:67:14:67:56 | ... .unwrap(...) | main.rs:67:9:67:10 | l4 | provenance | | +| main.rs:67:46:67:46 | v | main.rs:67:14:67:47 | ...::array::<...>(...) [Ok] | provenance | MaD:17 | +| main.rs:68:31:68:32 | l4 | main.rs:68:13:68:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:71:35:71:38 | ...: T | main.rs:77:9:77:16 | return v | provenance | | +| main.rs:81:38:81:45 | ...: usize | main.rs:82:47:82:47 | v | provenance | | +| main.rs:81:38:81:45 | ...: usize | main.rs:97:13:97:21 | mut v_mut | provenance | | +| main.rs:81:38:81:45 | ...: usize | main.rs:106:51:106:51 | v | provenance | | +| main.rs:81:38:81:45 | ...: usize | main.rs:110:61:110:61 | v | provenance | | +| main.rs:81:38:81:45 | ...: usize | main.rs:113:61:113:61 | v | provenance | | +| main.rs:81:38:81:45 | ...: usize | main.rs:116:53:116:53 | v | provenance | | +| main.rs:82:9:82:10 | l1 | main.rs:85:35:85:36 | l1 | provenance | | +| main.rs:82:9:82:10 | l1 | main.rs:87:35:87:36 | l1 | provenance | | +| main.rs:82:14:82:48 | ...::array::<...>(...) [Ok] | main.rs:82:14:82:57 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:82:14:82:57 | ... .unwrap(...) | main.rs:82:9:82:10 | l1 | provenance | | +| main.rs:82:47:82:47 | v | main.rs:82:14:82:48 | ...::array::<...>(...) [Ok] | provenance | MaD:17 | +| main.rs:85:35:85:36 | l1 | main.rs:85:17:85:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:85:35:85:36 | l1 | main.rs:91:35:91:36 | l1 | provenance | | +| main.rs:85:35:85:36 | l1 | main.rs:93:35:93:36 | l1 | provenance | | +| main.rs:87:35:87:36 | l1 | main.rs:87:17:87:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:87:35:87:36 | l1 | main.rs:91:35:91:36 | l1 | provenance | | +| main.rs:87:35:87:36 | l1 | main.rs:93:35:93:36 | l1 | provenance | | +| main.rs:91:35:91:36 | l1 | main.rs:91:17:91:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:91:35:91:36 | l1 | main.rs:119:31:119:32 | l1 | provenance | | +| main.rs:93:35:93:36 | l1 | main.rs:93:17:93:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:93:35:93:36 | l1 | main.rs:119:31:119:32 | l1 | provenance | | +| main.rs:97:13:97:21 | mut v_mut | main.rs:103:51:103:55 | v_mut | provenance | | +| main.rs:103:13:103:14 | l2 | main.rs:104:35:104:36 | l2 | provenance | | +| main.rs:103:18:103:56 | ...::array::<...>(...) [Ok] | main.rs:103:18:103:65 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:103:18:103:65 | ... .unwrap(...) | main.rs:103:13:103:14 | l2 | provenance | | +| main.rs:103:51:103:55 | v_mut | main.rs:103:18:103:56 | ...::array::<...>(...) [Ok] | provenance | MaD:17 | +| main.rs:104:35:104:36 | l2 | main.rs:104:17:104:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:106:13:106:14 | l3 | main.rs:107:35:107:36 | l3 | provenance | | +| main.rs:106:18:106:52 | ...::array::<...>(...) [Ok] | main.rs:106:18:106:61 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:106:18:106:61 | ... .unwrap(...) | main.rs:106:13:106:14 | l3 | provenance | | +| main.rs:106:51:106:51 | v | main.rs:106:18:106:52 | ...::array::<...>(...) [Ok] | provenance | MaD:17 | +| main.rs:107:35:107:36 | l3 | main.rs:107:17:107:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:110:9:110:10 | l4 | main.rs:111:31:111:32 | l4 | provenance | | +| main.rs:110:14:110:68 | ...::array::<...>(...) [Ok] | main.rs:110:14:110:77 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:110:14:110:77 | ... .unwrap(...) | main.rs:110:9:110:10 | l4 | provenance | | +| main.rs:110:47:110:67 | ...::min(...) | main.rs:110:14:110:68 | ...::array::<...>(...) [Ok] | provenance | MaD:17 | +| main.rs:110:61:110:61 | v | main.rs:110:47:110:67 | ...::min(...) | provenance | MaD:31 | +| main.rs:111:31:111:32 | l4 | main.rs:111:13:111:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:113:9:113:10 | l5 | main.rs:114:31:114:32 | l5 | provenance | | +| main.rs:113:14:113:68 | ...::array::<...>(...) [Ok] | main.rs:113:14:113:77 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:113:14:113:77 | ... .unwrap(...) | main.rs:113:9:113:10 | l5 | provenance | | +| main.rs:113:47:113:67 | ...::max(...) | main.rs:113:14:113:68 | ...::array::<...>(...) [Ok] | provenance | MaD:17 | +| main.rs:113:61:113:61 | v | main.rs:113:47:113:67 | ...::max(...) | provenance | MaD:30 | +| main.rs:114:31:114:32 | l5 | main.rs:114:13:114:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:116:9:116:10 | l6 | main.rs:117:31:117:32 | l6 | provenance | | +| main.rs:116:14:116:63 | ...::array::<...>(...) [Ok] | main.rs:116:14:116:72 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:116:14:116:72 | ... .unwrap(...) | main.rs:116:9:116:10 | l6 | provenance | | +| main.rs:116:47:116:62 | clamp(...) | main.rs:116:14:116:63 | ...::array::<...>(...) [Ok] | provenance | MaD:17 | +| main.rs:116:53:116:53 | v | main.rs:71:35:71:38 | ...: T | provenance | | +| main.rs:116:53:116:53 | v | main.rs:116:47:116:62 | clamp(...) | provenance | | +| main.rs:117:31:117:32 | l6 | main.rs:117:13:117:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:119:31:119:32 | l1 | main.rs:119:13:119:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:119:31:119:32 | l1 | main.rs:123:31:123:32 | l1 | provenance | | +| main.rs:123:31:123:32 | l1 | main.rs:123:13:123:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:128:29:128:36 | ...: usize | main.rs:137:46:137:46 | v | provenance | | +| main.rs:137:9:137:10 | l2 | main.rs:138:38:138:39 | l2 | provenance | | +| main.rs:137:14:137:47 | ...::array::<...>(...) [Ok] | main.rs:137:14:137:56 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:137:14:137:56 | ... .unwrap(...) | main.rs:137:9:137:10 | l2 | provenance | | +| main.rs:137:46:137:46 | v | main.rs:137:14:137:47 | ...::array::<...>(...) [Ok] | provenance | MaD:17 | +| main.rs:138:38:138:39 | l2 | main.rs:138:32:138:36 | alloc | provenance | MaD:10 Sink:MaD:10 | +| main.rs:138:38:138:39 | l2 | main.rs:139:45:139:46 | l2 | provenance | | +| main.rs:139:45:139:46 | l2 | main.rs:139:32:139:43 | alloc_zeroed | provenance | MaD:11 Sink:MaD:11 | +| main.rs:139:45:139:46 | l2 | main.rs:140:41:140:42 | l2 | provenance | | +| main.rs:140:41:140:42 | l2 | main.rs:140:32:140:39 | allocate | provenance | MaD:6 Sink:MaD:6 | +| main.rs:140:41:140:42 | l2 | main.rs:141:48:141:49 | l2 | provenance | | +| main.rs:141:48:141:49 | l2 | main.rs:141:32:141:46 | allocate_zeroed | provenance | MaD:7 Sink:MaD:7 | +| main.rs:141:48:141:49 | l2 | main.rs:142:41:142:42 | l2 | provenance | | +| main.rs:142:41:142:42 | l2 | main.rs:142:32:142:39 | allocate | provenance | MaD:1 Sink:MaD:1 | +| main.rs:142:41:142:42 | l2 | main.rs:143:48:143:49 | l2 | provenance | | +| main.rs:143:48:143:49 | l2 | main.rs:143:32:143:46 | allocate_zeroed | provenance | MaD:2 Sink:MaD:2 | +| main.rs:143:48:143:49 | l2 | main.rs:153:53:153:54 | l2 | provenance | | +| main.rs:143:48:143:49 | l2 | main.rs:155:60:155:61 | l2 | provenance | | +| main.rs:153:53:153:54 | l2 | main.rs:153:40:153:43 | grow | provenance | MaD:8 Sink:MaD:8 | +| main.rs:155:60:155:61 | l2 | main.rs:155:40:155:50 | grow_zeroed | provenance | MaD:9 Sink:MaD:9 | +| main.rs:162:27:162:34 | ...: usize | main.rs:164:26:164:26 | v | provenance | | +| main.rs:164:26:164:26 | v | main.rs:164:13:164:24 | ...::malloc | provenance | MaD:14 Sink:MaD:14 | +| main.rs:164:26:164:26 | v | main.rs:164:13:164:24 | ...::malloc | provenance | MaD:14 Sink:MaD:14 | +| main.rs:164:26:164:26 | v | main.rs:165:36:165:36 | v | provenance | | +| main.rs:165:36:165:36 | v | main.rs:165:13:165:31 | ...::aligned_alloc | provenance | MaD:12 Sink:MaD:12 | +| main.rs:165:36:165:36 | v | main.rs:165:13:165:31 | ...::aligned_alloc | provenance | MaD:12 Sink:MaD:12 | +| main.rs:165:36:165:36 | v | main.rs:167:30:167:30 | v | provenance | | +| main.rs:167:30:167:30 | v | main.rs:167:13:167:24 | ...::calloc | provenance | MaD:13 Sink:MaD:13 | +| main.rs:167:30:167:30 | v | main.rs:167:13:167:24 | ...::calloc | provenance | MaD:13 Sink:MaD:13 | +| main.rs:167:30:167:30 | v | main.rs:168:26:168:26 | v | provenance | | +| main.rs:168:26:168:26 | v | main.rs:168:13:168:24 | ...::calloc | provenance | MaD:13 Sink:MaD:13 | +| main.rs:168:26:168:26 | v | main.rs:168:13:168:24 | ...::calloc | provenance | MaD:13 Sink:MaD:13 | +| main.rs:168:26:168:26 | v | main.rs:169:31:169:31 | v | provenance | | +| main.rs:169:31:169:31 | v | main.rs:169:13:169:25 | ...::realloc | provenance | MaD:15 Sink:MaD:15 | +| main.rs:169:31:169:31 | v | main.rs:169:13:169:25 | ...::realloc | provenance | MaD:15 Sink:MaD:15 | +| main.rs:211:9:211:9 | v | main.rs:214:34:214:34 | v | provenance | | +| main.rs:211:9:211:9 | v | main.rs:215:42:215:42 | v | provenance | | +| main.rs:211:9:211:9 | v | main.rs:216:36:216:36 | v | provenance | | +| main.rs:211:9:211:9 | v | main.rs:217:27:217:27 | v | provenance | | +| main.rs:211:9:211:9 | v | main.rs:218:25:218:25 | v | provenance | | +| main.rs:211:13:211:26 | ...::args | main.rs:211:13:211:28 | ...::args(...) [element] | provenance | Src:MaD:16 | +| main.rs:211:13:211:28 | ...::args(...) [element] | main.rs:211:13:211:35 | ... .nth(...) [Some] | provenance | MaD:32 | +| main.rs:211:13:211:35 | ... .nth(...) [Some] | main.rs:211:13:211:65 | ... .unwrap_or(...) | provenance | MaD:26 | +| main.rs:211:13:211:65 | ... .unwrap_or(...) | main.rs:211:13:211:82 | ... .parse(...) [Ok] | provenance | MaD:29 | +| main.rs:211:13:211:82 | ... .parse(...) [Ok] | main.rs:211:13:211:91 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:211:13:211:91 | ... .unwrap(...) | main.rs:211:9:211:9 | v | provenance | | +| main.rs:214:34:214:34 | v | main.rs:12:36:12:43 | ...: usize | provenance | | +| main.rs:215:42:215:42 | v | main.rs:43:44:43:51 | ...: usize | provenance | | +| main.rs:216:36:216:36 | v | main.rs:81:38:81:45 | ...: usize | provenance | | +| main.rs:217:27:217:27 | v | main.rs:128:29:128:36 | ...: usize | provenance | | +| main.rs:218:25:218:25 | v | main.rs:162:27:162:34 | ...: usize | provenance | | +models +| 1 | Sink: lang:alloc; ::allocate; alloc-layout; Argument[0] | +| 2 | Sink: lang:alloc; ::allocate_zeroed; alloc-layout; Argument[0] | +| 3 | Sink: lang:alloc; crate::alloc::alloc; alloc-layout; Argument[0] | +| 4 | Sink: lang:alloc; crate::alloc::alloc_zeroed; alloc-layout; Argument[0] | +| 5 | Sink: lang:alloc; crate::alloc::realloc; alloc-size; Argument[2] | +| 6 | Sink: lang:std; ::allocate; alloc-layout; Argument[0] | +| 7 | Sink: lang:std; ::allocate_zeroed; alloc-layout; Argument[0] | +| 8 | Sink: lang:std; ::grow; alloc-layout; Argument[2] | +| 9 | Sink: lang:std; ::grow_zeroed; alloc-layout; Argument[2] | +| 10 | Sink: lang:std; ::alloc; alloc-layout; Argument[0] | +| 11 | Sink: lang:std; ::alloc_zeroed; alloc-layout; Argument[0] | +| 12 | Sink: repo:https://github.com/rust-lang/libc:libc; ::aligned_alloc; alloc-size; Argument[1] | +| 13 | Sink: repo:https://github.com/rust-lang/libc:libc; ::calloc; alloc-size; Argument[0,1] | +| 14 | Sink: repo:https://github.com/rust-lang/libc:libc; ::malloc; alloc-size; Argument[0] | +| 15 | Sink: repo:https://github.com/rust-lang/libc:libc; ::realloc; alloc-size; Argument[1] | +| 16 | Source: lang:std; crate::env::args; command-line-source; ReturnValue.Element | +| 17 | Summary: lang:core; ::array; Argument[0]; ReturnValue.Field[crate::result::Result::Ok(0)]; taint | +| 18 | Summary: lang:core; ::extend; Argument[0]; ReturnValue.Field[crate::result::Result::Ok(0)].Field[0]; taint | +| 19 | Summary: lang:core; ::extend; Argument[self]; ReturnValue.Field[crate::result::Result::Ok(0)].Field[0]; taint | +| 20 | Summary: lang:core; ::extend_packed; Argument[0]; ReturnValue.Field[crate::result::Result::Ok(0)]; taint | +| 21 | Summary: lang:core; ::extend_packed; Argument[self]; ReturnValue.Field[crate::result::Result::Ok(0)]; taint | +| 22 | Summary: lang:core; ::from_size_align; Argument[0]; ReturnValue.Field[crate::result::Result::Ok(0)]; taint | +| 23 | Summary: lang:core; ::from_size_align_unchecked; Argument[0]; ReturnValue; taint | +| 24 | Summary: lang:core; ::repeat; Argument[0]; ReturnValue.Field[crate::result::Result::Ok(0)].Field[0]; taint | +| 25 | Summary: lang:core; ::repeat_packed; Argument[0]; ReturnValue.Field[crate::result::Result::Ok(0)]; taint | +| 26 | Summary: lang:core; ::unwrap_or; Argument[self].Field[crate::option::Option::Some(0)]; ReturnValue; value | +| 27 | Summary: lang:core; ::expect; Argument[self].Field[crate::result::Result::Ok(0)]; ReturnValue; value | +| 28 | Summary: lang:core; ::unwrap; Argument[self].Field[crate::result::Result::Ok(0)]; ReturnValue; value | +| 29 | Summary: lang:core; ::parse; Argument[self]; ReturnValue.Field[crate::result::Result::Ok(0)]; taint | +| 30 | Summary: lang:core; crate::cmp::max; Argument[0]; ReturnValue; value | +| 31 | Summary: lang:core; crate::cmp::min; Argument[0]; ReturnValue; value | +| 32 | Summary: lang:core; crate::iter::traits::iterator::Iterator::nth; Argument[self].Element; ReturnValue.Field[crate::option::Option::Some(0)]; value | nodes +| main.rs:12:36:12:43 | ...: usize | semmle.label | ...: usize | +| main.rs:18:13:18:31 | ...::realloc | semmle.label | ...::realloc | +| main.rs:18:41:18:41 | v | semmle.label | v | +| main.rs:20:9:20:10 | l2 | semmle.label | l2 | +| main.rs:20:14:20:54 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | +| main.rs:20:14:20:63 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:20:50:20:50 | v | semmle.label | v | +| main.rs:21:13:21:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:21:31:21:32 | l2 | semmle.label | l2 | +| main.rs:24:13:24:36 | ...::alloc_zeroed | semmle.label | ...::alloc_zeroed | +| main.rs:24:38:24:39 | l2 | semmle.label | l2 | +| main.rs:29:9:29:10 | l4 | semmle.label | l4 | +| main.rs:29:14:29:64 | ...::from_size_align_unchecked(...) | semmle.label | ...::from_size_align_unchecked(...) | +| main.rs:29:60:29:60 | v | semmle.label | v | +| main.rs:30:13:30:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:30:31:30:32 | l4 | semmle.label | l4 | +| main.rs:32:9:32:10 | l5 | semmle.label | l5 | +| main.rs:32:14:32:118 | ...::from_size_align_unchecked(...) | semmle.label | ...::from_size_align_unchecked(...) | +| main.rs:32:60:32:89 | ... * ... | semmle.label | ... * ... | +| main.rs:33:13:33:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:33:31:33:32 | l5 | semmle.label | l5 | +| main.rs:35:9:35:10 | s6 | semmle.label | s6 | +| main.rs:36:9:36:10 | l6 | semmle.label | l6 | +| main.rs:36:14:36:65 | ...::from_size_align_unchecked(...) | semmle.label | ...::from_size_align_unchecked(...) | +| main.rs:36:60:36:61 | s6 | semmle.label | s6 | +| main.rs:37:13:37:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:37:31:37:32 | l6 | semmle.label | l6 | +| main.rs:43:44:43:51 | ...: usize | semmle.label | ...: usize | +| main.rs:50:13:50:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:50:31:50:42 | l2.repeat(...) [Ok, tuple.0] | semmle.label | l2.repeat(...) [Ok, tuple.0] | +| main.rs:50:31:50:51 | ... .unwrap(...) [tuple.0] | semmle.label | ... .unwrap(...) [tuple.0] | +| main.rs:50:31:50:53 | ... .0 | semmle.label | ... .0 | +| main.rs:50:41:50:41 | v | semmle.label | v | +| main.rs:51:13:51:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:51:31:51:46 | l2.repeat(...) [Ok, tuple.0] | semmle.label | l2.repeat(...) [Ok, tuple.0] | +| main.rs:51:31:51:55 | ... .unwrap(...) [tuple.0] | semmle.label | ... .unwrap(...) [tuple.0] | +| main.rs:51:31:51:57 | ... .0 | semmle.label | ... .0 | +| main.rs:51:41:51:45 | ... + ... | semmle.label | ... + ... | +| main.rs:53:13:53:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:53:31:53:49 | l2.repeat_packed(...) [Ok] | semmle.label | l2.repeat_packed(...) [Ok] | +| main.rs:53:31:53:58 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:53:48:53:48 | v | semmle.label | v | +| main.rs:54:13:54:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:54:31:54:54 | l2.repeat_packed(...) [Ok] | semmle.label | l2.repeat_packed(...) [Ok] | +| main.rs:54:31:54:63 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:54:48:54:53 | ... * ... | semmle.label | ... * ... | +| main.rs:58:9:58:20 | TuplePat [tuple.0] | semmle.label | TuplePat [tuple.0] | +| main.rs:58:10:58:11 | k1 | semmle.label | k1 | +| main.rs:58:24:58:35 | l3.repeat(...) [Ok, tuple.0] | semmle.label | l3.repeat(...) [Ok, tuple.0] | +| main.rs:58:24:58:66 | ... .expect(...) [tuple.0] | semmle.label | ... .expect(...) [tuple.0] | +| main.rs:58:34:58:34 | v | semmle.label | v | +| main.rs:59:13:59:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:59:31:59:32 | k1 | semmle.label | k1 | +| main.rs:60:9:60:20 | TuplePat [tuple.0] | semmle.label | TuplePat [tuple.0] | +| main.rs:60:10:60:11 | k2 | semmle.label | k2 | +| main.rs:60:24:60:36 | l3.extend(...) [Ok, tuple.0] | semmle.label | l3.extend(...) [Ok, tuple.0] | +| main.rs:60:24:60:45 | ... .unwrap(...) [tuple.0] | semmle.label | ... .unwrap(...) [tuple.0] | +| main.rs:60:34:60:35 | k1 | semmle.label | k1 | +| main.rs:61:13:61:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:61:31:61:32 | k2 | semmle.label | k2 | +| main.rs:62:9:62:20 | TuplePat [tuple.0] | semmle.label | TuplePat [tuple.0] | +| main.rs:62:10:62:11 | k3 | semmle.label | k3 | +| main.rs:62:24:62:36 | k1.extend(...) [Ok, tuple.0] | semmle.label | k1.extend(...) [Ok, tuple.0] | +| main.rs:62:24:62:45 | ... .unwrap(...) [tuple.0] | semmle.label | ... .unwrap(...) [tuple.0] | +| main.rs:63:13:63:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:63:31:63:32 | k3 | semmle.label | k3 | +| main.rs:64:13:64:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:64:31:64:50 | l3.extend_packed(...) [Ok] | semmle.label | l3.extend_packed(...) [Ok] | +| main.rs:64:31:64:59 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:64:48:64:49 | k1 | semmle.label | k1 | +| main.rs:65:13:65:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:65:31:65:50 | k1.extend_packed(...) [Ok] | semmle.label | k1.extend_packed(...) [Ok] | +| main.rs:65:31:65:59 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:67:9:67:10 | l4 | semmle.label | l4 | +| main.rs:67:14:67:47 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | +| main.rs:67:14:67:56 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:67:46:67:46 | v | semmle.label | v | +| main.rs:68:13:68:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:68:31:68:32 | l4 | semmle.label | l4 | +| main.rs:71:35:71:38 | ...: T | semmle.label | ...: T | +| main.rs:77:9:77:16 | return v | semmle.label | return v | +| main.rs:81:38:81:45 | ...: usize | semmle.label | ...: usize | +| main.rs:82:9:82:10 | l1 | semmle.label | l1 | +| main.rs:82:14:82:48 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | +| main.rs:82:14:82:57 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:82:47:82:47 | v | semmle.label | v | +| main.rs:85:17:85:33 | ...::alloc | semmle.label | ...::alloc | +| main.rs:85:35:85:36 | l1 | semmle.label | l1 | +| main.rs:87:17:87:33 | ...::alloc | semmle.label | ...::alloc | +| main.rs:87:35:87:36 | l1 | semmle.label | l1 | +| main.rs:91:17:91:33 | ...::alloc | semmle.label | ...::alloc | +| main.rs:91:35:91:36 | l1 | semmle.label | l1 | +| main.rs:93:17:93:33 | ...::alloc | semmle.label | ...::alloc | +| main.rs:93:35:93:36 | l1 | semmle.label | l1 | +| main.rs:97:13:97:21 | mut v_mut | semmle.label | mut v_mut | +| main.rs:103:13:103:14 | l2 | semmle.label | l2 | +| main.rs:103:18:103:56 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | +| main.rs:103:18:103:65 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:103:51:103:55 | v_mut | semmle.label | v_mut | +| main.rs:104:17:104:33 | ...::alloc | semmle.label | ...::alloc | +| main.rs:104:35:104:36 | l2 | semmle.label | l2 | +| main.rs:106:13:106:14 | l3 | semmle.label | l3 | +| main.rs:106:18:106:52 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | +| main.rs:106:18:106:61 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:106:51:106:51 | v | semmle.label | v | +| main.rs:107:17:107:33 | ...::alloc | semmle.label | ...::alloc | +| main.rs:107:35:107:36 | l3 | semmle.label | l3 | +| main.rs:110:9:110:10 | l4 | semmle.label | l4 | +| main.rs:110:14:110:68 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | +| main.rs:110:14:110:77 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:110:47:110:67 | ...::min(...) | semmle.label | ...::min(...) | +| main.rs:110:61:110:61 | v | semmle.label | v | +| main.rs:111:13:111:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:111:31:111:32 | l4 | semmle.label | l4 | +| main.rs:113:9:113:10 | l5 | semmle.label | l5 | +| main.rs:113:14:113:68 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | +| main.rs:113:14:113:77 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:113:47:113:67 | ...::max(...) | semmle.label | ...::max(...) | +| main.rs:113:61:113:61 | v | semmle.label | v | +| main.rs:114:13:114:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:114:31:114:32 | l5 | semmle.label | l5 | +| main.rs:116:9:116:10 | l6 | semmle.label | l6 | +| main.rs:116:14:116:63 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | +| main.rs:116:14:116:72 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:116:47:116:62 | clamp(...) | semmle.label | clamp(...) | +| main.rs:116:53:116:53 | v | semmle.label | v | +| main.rs:117:13:117:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:117:31:117:32 | l6 | semmle.label | l6 | +| main.rs:119:13:119:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:119:31:119:32 | l1 | semmle.label | l1 | +| main.rs:123:13:123:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:123:31:123:32 | l1 | semmle.label | l1 | +| main.rs:128:29:128:36 | ...: usize | semmle.label | ...: usize | +| main.rs:137:9:137:10 | l2 | semmle.label | l2 | +| main.rs:137:14:137:47 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | +| main.rs:137:14:137:56 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:137:46:137:46 | v | semmle.label | v | +| main.rs:138:32:138:36 | alloc | semmle.label | alloc | +| main.rs:138:38:138:39 | l2 | semmle.label | l2 | +| main.rs:139:32:139:43 | alloc_zeroed | semmle.label | alloc_zeroed | +| main.rs:139:45:139:46 | l2 | semmle.label | l2 | +| main.rs:140:32:140:39 | allocate | semmle.label | allocate | +| main.rs:140:41:140:42 | l2 | semmle.label | l2 | +| main.rs:141:32:141:46 | allocate_zeroed | semmle.label | allocate_zeroed | +| main.rs:141:48:141:49 | l2 | semmle.label | l2 | +| main.rs:142:32:142:39 | allocate | semmle.label | allocate | +| main.rs:142:41:142:42 | l2 | semmle.label | l2 | +| main.rs:143:32:143:46 | allocate_zeroed | semmle.label | allocate_zeroed | +| main.rs:143:48:143:49 | l2 | semmle.label | l2 | +| main.rs:153:40:153:43 | grow | semmle.label | grow | +| main.rs:153:53:153:54 | l2 | semmle.label | l2 | +| main.rs:155:40:155:50 | grow_zeroed | semmle.label | grow_zeroed | +| main.rs:155:60:155:61 | l2 | semmle.label | l2 | +| main.rs:162:27:162:34 | ...: usize | semmle.label | ...: usize | +| main.rs:164:13:164:24 | ...::malloc | semmle.label | ...::malloc | +| main.rs:164:13:164:24 | ...::malloc | semmle.label | ...::malloc | +| main.rs:164:26:164:26 | v | semmle.label | v | +| main.rs:165:13:165:31 | ...::aligned_alloc | semmle.label | ...::aligned_alloc | +| main.rs:165:13:165:31 | ...::aligned_alloc | semmle.label | ...::aligned_alloc | +| main.rs:165:36:165:36 | v | semmle.label | v | +| main.rs:167:13:167:24 | ...::calloc | semmle.label | ...::calloc | +| main.rs:167:13:167:24 | ...::calloc | semmle.label | ...::calloc | +| main.rs:167:30:167:30 | v | semmle.label | v | +| main.rs:168:13:168:24 | ...::calloc | semmle.label | ...::calloc | +| main.rs:168:13:168:24 | ...::calloc | semmle.label | ...::calloc | +| main.rs:168:26:168:26 | v | semmle.label | v | +| main.rs:169:13:169:25 | ...::realloc | semmle.label | ...::realloc | +| main.rs:169:13:169:25 | ...::realloc | semmle.label | ...::realloc | +| main.rs:169:31:169:31 | v | semmle.label | v | +| main.rs:211:9:211:9 | v | semmle.label | v | +| main.rs:211:13:211:26 | ...::args | semmle.label | ...::args | +| main.rs:211:13:211:28 | ...::args(...) [element] | semmle.label | ...::args(...) [element] | +| main.rs:211:13:211:35 | ... .nth(...) [Some] | semmle.label | ... .nth(...) [Some] | +| main.rs:211:13:211:65 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) | +| main.rs:211:13:211:82 | ... .parse(...) [Ok] | semmle.label | ... .parse(...) [Ok] | +| main.rs:211:13:211:91 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:214:34:214:34 | v | semmle.label | v | +| main.rs:215:42:215:42 | v | semmle.label | v | +| main.rs:216:36:216:36 | v | semmle.label | v | +| main.rs:217:27:217:27 | v | semmle.label | v | +| main.rs:218:25:218:25 | v | semmle.label | v | subpaths +| main.rs:116:53:116:53 | v | main.rs:71:35:71:38 | ...: T | main.rs:77:9:77:16 | return v | main.rs:116:47:116:62 | clamp(...) | diff --git a/rust/ql/test/query-tests/security/CWE-770/main.rs b/rust/ql/test/query-tests/security/CWE-770/main.rs index c2a1eb111c3..0af7d0eb536 100644 --- a/rust/ql/test/query-tests/security/CWE-770/main.rs +++ b/rust/ql/test/query-tests/security/CWE-770/main.rs @@ -15,26 +15,26 @@ unsafe fn test_std_alloc_from_size(v: usize) { let _ = std::alloc::alloc(l1.align_to(8).unwrap()); let _ = std::alloc::alloc(l1.align_to(8).unwrap().pad_to_align()); let _ = std::alloc::alloc_zeroed(l1); - let _ = std::alloc::realloc(m1, l1, v); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::realloc(m1, l1, v); // $ Alert[rust/uncontrolled-allocation-size]=arg1 let l2 = std::alloc::Layout::from_size_align(v, 1).unwrap(); - let _ = std::alloc::alloc(l2); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc(l2); // $ Alert[rust/uncontrolled-allocation-size]=arg1 let _ = std::alloc::alloc(l2.align_to(8).unwrap()); // $ MISSING: Alert[rust/uncontrolled-allocation-size] let _ = std::alloc::alloc(l2.align_to(8).unwrap().pad_to_align()); // $ MISSING: Alert[rust/uncontrolled-allocation-size] - let _ = std::alloc::alloc_zeroed(l2); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc_zeroed(l2); // $ Alert[rust/uncontrolled-allocation-size]=arg1 let l3 = std::alloc::Layout::from_size_align(1, v).unwrap(); // not obviously dangerous? let _ = std::alloc::alloc(l3); let l4 = std::alloc::Layout::from_size_align_unchecked(v, 1); - let _ = std::alloc::alloc(l4); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc(l4); // $ Alert[rust/uncontrolled-allocation-size]=arg1 let l5 = std::alloc::Layout::from_size_align_unchecked(v * std::mem::size_of::(), std::mem::size_of::()); - let _ = std::alloc::alloc(l5); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc(l5); // $ Alert[rust/uncontrolled-allocation-size]=arg1 let s6 = (std::mem::size_of::() * v) + 1; let l6 = std::alloc::Layout::from_size_align_unchecked(s6, 4); - let _ = std::alloc::alloc(l6); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc(l6); // $ Alert[rust/uncontrolled-allocation-size]=arg1 let l7 = std::alloc::Layout::from_size_align_unchecked(l6.size(), 8); let _ = std::alloc::alloc(l7); // $ MISSING: Alert[rust/uncontrolled-allocation-size] @@ -47,25 +47,25 @@ unsafe fn test_std_alloc_new_repeat_extend(v: usize) { let l2 = std::alloc::Layout::new::(); let _ = std::alloc::alloc(l2); let _ = std::alloc::alloc(l2.repeat(10).unwrap().0); - let _ = std::alloc::alloc(l2.repeat(v).unwrap().0); // $ MISSING: Alert[rust/uncontrolled-allocation-size] - let _ = std::alloc::alloc(l2.repeat(v + 1).unwrap().0); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc(l2.repeat(v).unwrap().0); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l2.repeat(v + 1).unwrap().0); // $ Alert[rust/uncontrolled-allocation-size]=arg1 let _ = std::alloc::alloc(l2.repeat_packed(10).unwrap()); - let _ = std::alloc::alloc(l2.repeat_packed(v).unwrap()); // $ MISSING: Alert[rust/uncontrolled-allocation-size] - let _ = std::alloc::alloc(l2.repeat_packed(v * 10).unwrap()); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc(l2.repeat_packed(v).unwrap()); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l2.repeat_packed(v * 10).unwrap()); // $ Alert[rust/uncontrolled-allocation-size]=arg1 let l3 = std::alloc::Layout::array::(10).unwrap(); let _ = std::alloc::alloc(l3); let (k1, _offs1) = l3.repeat(v).expect("arithmetic overflow?"); - let _ = std::alloc::alloc(k1); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc(k1); // $ Alert[rust/uncontrolled-allocation-size]=arg1 let (k2, _offs2) = l3.extend(k1).unwrap(); - let _ = std::alloc::alloc(k2); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc(k2); // $ Alert[rust/uncontrolled-allocation-size]=arg1 let (k3, _offs3) = k1.extend(l3).unwrap(); - let _ = std::alloc::alloc(k3); // $ MISSING: Alert[rust/uncontrolled-allocation-size] - let _ = std::alloc::alloc(l3.extend_packed(k1).unwrap()); // $ MISSING: Alert[rust/uncontrolled-allocation-size] - let _ = std::alloc::alloc(k1.extend_packed(l3).unwrap()); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc(k3); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l3.extend_packed(k1).unwrap()); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(k1.extend_packed(l3).unwrap()); // $ Alert[rust/uncontrolled-allocation-size]=arg1 let l4 = std::alloc::Layout::array::(v).unwrap(); - let _ = std::alloc::alloc(l4); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc(l4); // $ Alert[rust/uncontrolled-allocation-size]=arg1 } fn clamp(v: T, min: T, max: T) -> T { @@ -82,15 +82,15 @@ unsafe fn test_std_alloc_with_bounds(v: usize) { let l1 = std::alloc::Layout::array::(v).unwrap(); if v < 100 { - let _ = std::alloc::alloc(l1); + let _ = std::alloc::alloc(l1); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 } else { - let _ = std::alloc::alloc(l1); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc(l1); // $ Alert[rust/uncontrolled-allocation-size]=arg1 } if v == 100 { - let _ = std::alloc::alloc(l1); + let _ = std::alloc::alloc(l1); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 } else { - let _ = std::alloc::alloc(l1); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc(l1); // $ Alert[rust/uncontrolled-allocation-size]=arg1 } { @@ -101,26 +101,26 @@ unsafe fn test_std_alloc_with_bounds(v: usize) { } let l2 = std::alloc::Layout::array::(v_mut).unwrap(); - let _ = std::alloc::alloc(l2); + let _ = std::alloc::alloc(l2); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 let l3 = std::alloc::Layout::array::(v).unwrap(); - let _ = std::alloc::alloc(l3); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc(l3); // $ Alert[rust/uncontrolled-allocation-size]=arg1 } let l4 = std::alloc::Layout::array::(std::cmp::min(v, 100)).unwrap(); - let _ = std::alloc::alloc(l4); + let _ = std::alloc::alloc(l4); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 let l5 = std::alloc::Layout::array::(std::cmp::max(v, 100)).unwrap(); - let _ = std::alloc::alloc(l5); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc(l5); // $ Alert[rust/uncontrolled-allocation-size]=arg1 let l6 = std::alloc::Layout::array::(clamp(v, 1, 100)).unwrap(); - let _ = std::alloc::alloc(l6); + let _ = std::alloc::alloc(l6); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 - let _ = std::alloc::alloc(l1); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc(l1); // $ Alert[rust/uncontrolled-allocation-size]=arg1 if v > 100 { return; } - let _ = std::alloc::alloc(l1); + let _ = std::alloc::alloc(l1); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 } use std::alloc::{GlobalAlloc, Allocator}; @@ -135,12 +135,12 @@ unsafe fn test_system_alloc(v: usize) { let _ = std::alloc::Global.allocate_zeroed(l1).unwrap(); let l2 = std::alloc::Layout::array::(v).unwrap(); - let _ = std::alloc::System.alloc(l2); // $ MISSING: Alert[rust/uncontrolled-allocation-size] - let _ = std::alloc::System.alloc_zeroed(l2); // $ MISSING: Alert[rust/uncontrolled-allocation-size] - let _ = std::alloc::System.allocate(l2).unwrap(); // $ MISSING: Alert[rust/uncontrolled-allocation-size] - let _ = std::alloc::System.allocate_zeroed(l2).unwrap(); // $ MISSING: Alert[rust/uncontrolled-allocation-size] - let _ = std::alloc::Global.allocate(l2).unwrap(); // $ MISSING: Alert[rust/uncontrolled-allocation-size] - let _ = std::alloc::Global.allocate_zeroed(l2).unwrap(); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::System.alloc(l2); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::System.alloc_zeroed(l2); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::System.allocate(l2).unwrap(); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::System.allocate_zeroed(l2).unwrap(); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::Global.allocate(l2).unwrap(); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::Global.allocate_zeroed(l2).unwrap(); // $ Alert[rust/uncontrolled-allocation-size]=arg1 let l3 = std::alloc::Layout::array::(10).unwrap(); let m3 = std::alloc::System.alloc(l3); @@ -150,9 +150,9 @@ unsafe fn test_system_alloc(v: usize) { let m4 = std::ptr::NonNull::::new(std::alloc::alloc(l4)).unwrap(); if v > 10 { if v % 2 == 0 { - let _ = std::alloc::System.grow(m4, l4, l2).unwrap(); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::System.grow(m4, l4, l2).unwrap(); // $ Alert[rust/uncontrolled-allocation-size]=arg1 } else { - let _ = std::alloc::System.grow_zeroed(m4, l4, l2).unwrap(); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::System.grow_zeroed(m4, l4, l2).unwrap(); // $ Alert[rust/uncontrolled-allocation-size]=arg1 } } else { let _ = std::alloc::System.shrink(m4, l4, l2).unwrap(); @@ -161,12 +161,12 @@ unsafe fn test_system_alloc(v: usize) { unsafe fn test_libc_alloc(v: usize) { let m1 = libc::malloc(256); - let _ = libc::malloc(v); // $ MISSING: Alert[rust/uncontrolled-allocation-size] - let _ = libc::aligned_alloc(8, v); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = libc::malloc(v); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = libc::aligned_alloc(8, v); // $ Alert[rust/uncontrolled-allocation-size]=arg1 let _ = libc::aligned_alloc(v, 8); - let _ = libc::calloc(64, v); // $ MISSING: Alert[rust/uncontrolled-allocation-size] - let _ = libc::calloc(v, std::mem::size_of::()); // $ MISSING: Alert[rust/uncontrolled-allocation-size] - let _ = libc::realloc(m1, v); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = libc::calloc(64, v); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = libc::calloc(v, std::mem::size_of::()); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = libc::realloc(m1, v); // $ Alert[rust/uncontrolled-allocation-size]=arg1 } unsafe fn test_vectors(v: usize) { From e49c1afe72c249e32abd4740fcc0bb43c37648c0 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 31 Mar 2025 10:08:32 +0100 Subject: [PATCH 083/409] Rust: Add a few missing models. --- .../frameworks/stdlib/lang-core.model.yml | 3 + .../diagnostics/SummaryStats.expected | 2 +- .../UncontrolledAllocationSize.expected | 152 +++++++++++------- .../test/query-tests/security/CWE-770/main.rs | 6 +- 4 files changed, 98 insertions(+), 65 deletions(-) diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml index 710949b07e0..1f840626b3f 100644 --- a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-core.model.yml @@ -31,6 +31,9 @@ extensions: - ["lang:core", "::extend", "Argument[0]", "ReturnValue.Field[crate::result::Result::Ok(0)].Field[0]", "taint", "manual"] - ["lang:core", "::extend_packed", "Argument[self]", "ReturnValue.Field[crate::result::Result::Ok(0)]", "taint", "manual"] - ["lang:core", "::extend_packed", "Argument[0]", "ReturnValue.Field[crate::result::Result::Ok(0)]", "taint", "manual"] + - ["lang:core", "::align_to", "Argument[self]", "ReturnValue.Field[crate::result::Result::Ok(0)]", "taint", "manual"] + - ["lang:core", "::pad_to_align", "Argument[self]", "ReturnValue", "taint", "manual"] + - ["lang:core", "::size", "Argument[self]", "ReturnValue", "taint", "manual"] # Ptr - ["lang:core", "crate::ptr::read", "Argument[0].Reference", "ReturnValue", "value", "manual"] - ["lang:core", "crate::ptr::read_unaligned", "Argument[0].Reference", "ReturnValue", "value", "manual"] diff --git a/rust/ql/test/query-tests/diagnostics/SummaryStats.expected b/rust/ql/test/query-tests/diagnostics/SummaryStats.expected index a8833f62680..787fc3ddbbe 100644 --- a/rust/ql/test/query-tests/diagnostics/SummaryStats.expected +++ b/rust/ql/test/query-tests/diagnostics/SummaryStats.expected @@ -15,7 +15,7 @@ | Macro calls - resolved | 8 | | Macro calls - total | 9 | | Macro calls - unresolved | 1 | -| Taint edges - number of edges | 1675 | +| Taint edges - number of edges | 1677 | | Taint reach - nodes tainted | 0 | | Taint reach - per million nodes | 0 | | Taint sinks - cryptographic operations | 0 | diff --git a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected index 4dcc0f1b558..0d8c10db39f 100644 --- a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected +++ b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected @@ -1,10 +1,13 @@ #select | main.rs:18:13:18:31 | ...::realloc | main.rs:211:13:211:26 | ...::args | main.rs:18:13:18:31 | ...::realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | | main.rs:21:13:21:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:21:13:21:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:22:13:22:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:22:13:22:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:23:13:23:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:23:13:23:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | | main.rs:24:13:24:36 | ...::alloc_zeroed | main.rs:211:13:211:26 | ...::args | main.rs:24:13:24:36 | ...::alloc_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | | main.rs:30:13:30:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:30:13:30:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | | main.rs:33:13:33:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:33:13:33:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | | main.rs:37:13:37:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:37:13:37:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:40:13:40:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:40:13:40:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | | main.rs:50:13:50:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:50:13:50:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | | main.rs:51:13:51:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:51:13:51:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | | main.rs:53:13:53:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:53:13:53:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | @@ -52,75 +55,87 @@ edges | main.rs:18:41:18:41 | v | main.rs:32:60:32:89 | ... * ... | provenance | | | main.rs:18:41:18:41 | v | main.rs:35:9:35:10 | s6 | provenance | | | main.rs:20:9:20:10 | l2 | main.rs:21:31:21:32 | l2 | provenance | | -| main.rs:20:14:20:54 | ...::from_size_align(...) [Ok] | main.rs:20:14:20:63 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:20:14:20:54 | ...::from_size_align(...) [Ok] | main.rs:20:14:20:63 | ... .unwrap(...) | provenance | MaD:31 | | main.rs:20:14:20:63 | ... .unwrap(...) | main.rs:20:9:20:10 | l2 | provenance | | -| main.rs:20:50:20:50 | v | main.rs:20:14:20:54 | ...::from_size_align(...) [Ok] | provenance | MaD:22 | +| main.rs:20:50:20:50 | v | main.rs:20:14:20:54 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | | main.rs:21:31:21:32 | l2 | main.rs:21:13:21:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:21:31:21:32 | l2 | main.rs:22:31:22:44 | l2.align_to(...) [Ok] | provenance | MaD:17 | +| main.rs:21:31:21:32 | l2 | main.rs:23:31:23:44 | l2.align_to(...) [Ok] | provenance | MaD:17 | | main.rs:21:31:21:32 | l2 | main.rs:24:38:24:39 | l2 | provenance | | +| main.rs:22:31:22:44 | l2.align_to(...) [Ok] | main.rs:22:31:22:53 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:22:31:22:53 | ... .unwrap(...) | main.rs:22:13:22:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:23:31:23:44 | l2.align_to(...) [Ok] | main.rs:23:31:23:53 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:23:31:23:53 | ... .unwrap(...) | main.rs:23:31:23:68 | ... .pad_to_align(...) | provenance | MaD:25 | +| main.rs:23:31:23:68 | ... .pad_to_align(...) | main.rs:23:13:23:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:24:38:24:39 | l2 | main.rs:24:13:24:36 | ...::alloc_zeroed | provenance | MaD:4 Sink:MaD:4 | | main.rs:29:9:29:10 | l4 | main.rs:30:31:30:32 | l4 | provenance | | | main.rs:29:14:29:64 | ...::from_size_align_unchecked(...) | main.rs:29:9:29:10 | l4 | provenance | | -| main.rs:29:60:29:60 | v | main.rs:29:14:29:64 | ...::from_size_align_unchecked(...) | provenance | MaD:23 | +| main.rs:29:60:29:60 | v | main.rs:29:14:29:64 | ...::from_size_align_unchecked(...) | provenance | MaD:24 | | main.rs:30:31:30:32 | l4 | main.rs:30:13:30:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:32:9:32:10 | l5 | main.rs:33:31:33:32 | l5 | provenance | | | main.rs:32:14:32:118 | ...::from_size_align_unchecked(...) | main.rs:32:9:32:10 | l5 | provenance | | -| main.rs:32:60:32:89 | ... * ... | main.rs:32:14:32:118 | ...::from_size_align_unchecked(...) | provenance | MaD:23 | +| main.rs:32:60:32:89 | ... * ... | main.rs:32:14:32:118 | ...::from_size_align_unchecked(...) | provenance | MaD:24 | | main.rs:33:31:33:32 | l5 | main.rs:33:13:33:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:35:9:35:10 | s6 | main.rs:36:60:36:61 | s6 | provenance | | | main.rs:36:9:36:10 | l6 | main.rs:37:31:37:32 | l6 | provenance | | | main.rs:36:14:36:65 | ...::from_size_align_unchecked(...) | main.rs:36:9:36:10 | l6 | provenance | | -| main.rs:36:60:36:61 | s6 | main.rs:36:14:36:65 | ...::from_size_align_unchecked(...) | provenance | MaD:23 | +| main.rs:36:60:36:61 | s6 | main.rs:36:14:36:65 | ...::from_size_align_unchecked(...) | provenance | MaD:24 | | main.rs:37:31:37:32 | l6 | main.rs:37:13:37:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:37:31:37:32 | l6 | main.rs:39:60:39:68 | l6.size(...) | provenance | MaD:28 | +| main.rs:39:9:39:10 | l7 | main.rs:40:31:40:32 | l7 | provenance | | +| main.rs:39:14:39:72 | ...::from_size_align_unchecked(...) | main.rs:39:9:39:10 | l7 | provenance | | +| main.rs:39:60:39:68 | l6.size(...) | main.rs:39:14:39:72 | ...::from_size_align_unchecked(...) | provenance | MaD:24 | +| main.rs:40:31:40:32 | l7 | main.rs:40:13:40:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:43:44:43:51 | ...: usize | main.rs:50:41:50:41 | v | provenance | | | main.rs:43:44:43:51 | ...: usize | main.rs:51:41:51:45 | ... + ... | provenance | | | main.rs:43:44:43:51 | ...: usize | main.rs:53:48:53:48 | v | provenance | | | main.rs:43:44:43:51 | ...: usize | main.rs:54:48:54:53 | ... * ... | provenance | | | main.rs:43:44:43:51 | ...: usize | main.rs:58:34:58:34 | v | provenance | | | main.rs:43:44:43:51 | ...: usize | main.rs:67:46:67:46 | v | provenance | | -| main.rs:50:31:50:42 | l2.repeat(...) [Ok, tuple.0] | main.rs:50:31:50:51 | ... .unwrap(...) [tuple.0] | provenance | MaD:28 | +| main.rs:50:31:50:42 | l2.repeat(...) [Ok, tuple.0] | main.rs:50:31:50:51 | ... .unwrap(...) [tuple.0] | provenance | MaD:31 | | main.rs:50:31:50:51 | ... .unwrap(...) [tuple.0] | main.rs:50:31:50:53 | ... .0 | provenance | | | main.rs:50:31:50:53 | ... .0 | main.rs:50:13:50:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:50:41:50:41 | v | main.rs:50:31:50:42 | l2.repeat(...) [Ok, tuple.0] | provenance | MaD:24 | -| main.rs:51:31:51:46 | l2.repeat(...) [Ok, tuple.0] | main.rs:51:31:51:55 | ... .unwrap(...) [tuple.0] | provenance | MaD:28 | +| main.rs:50:41:50:41 | v | main.rs:50:31:50:42 | l2.repeat(...) [Ok, tuple.0] | provenance | MaD:26 | +| main.rs:51:31:51:46 | l2.repeat(...) [Ok, tuple.0] | main.rs:51:31:51:55 | ... .unwrap(...) [tuple.0] | provenance | MaD:31 | | main.rs:51:31:51:55 | ... .unwrap(...) [tuple.0] | main.rs:51:31:51:57 | ... .0 | provenance | | | main.rs:51:31:51:57 | ... .0 | main.rs:51:13:51:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:51:41:51:45 | ... + ... | main.rs:51:31:51:46 | l2.repeat(...) [Ok, tuple.0] | provenance | MaD:24 | -| main.rs:53:31:53:49 | l2.repeat_packed(...) [Ok] | main.rs:53:31:53:58 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:51:41:51:45 | ... + ... | main.rs:51:31:51:46 | l2.repeat(...) [Ok, tuple.0] | provenance | MaD:26 | +| main.rs:53:31:53:49 | l2.repeat_packed(...) [Ok] | main.rs:53:31:53:58 | ... .unwrap(...) | provenance | MaD:31 | | main.rs:53:31:53:58 | ... .unwrap(...) | main.rs:53:13:53:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:53:48:53:48 | v | main.rs:53:31:53:49 | l2.repeat_packed(...) [Ok] | provenance | MaD:25 | -| main.rs:54:31:54:54 | l2.repeat_packed(...) [Ok] | main.rs:54:31:54:63 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:53:48:53:48 | v | main.rs:53:31:53:49 | l2.repeat_packed(...) [Ok] | provenance | MaD:27 | +| main.rs:54:31:54:54 | l2.repeat_packed(...) [Ok] | main.rs:54:31:54:63 | ... .unwrap(...) | provenance | MaD:31 | | main.rs:54:31:54:63 | ... .unwrap(...) | main.rs:54:13:54:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:54:48:54:53 | ... * ... | main.rs:54:31:54:54 | l2.repeat_packed(...) [Ok] | provenance | MaD:25 | +| main.rs:54:48:54:53 | ... * ... | main.rs:54:31:54:54 | l2.repeat_packed(...) [Ok] | provenance | MaD:27 | | main.rs:58:9:58:20 | TuplePat [tuple.0] | main.rs:58:10:58:11 | k1 | provenance | | | main.rs:58:10:58:11 | k1 | main.rs:59:31:59:32 | k1 | provenance | | -| main.rs:58:24:58:35 | l3.repeat(...) [Ok, tuple.0] | main.rs:58:24:58:66 | ... .expect(...) [tuple.0] | provenance | MaD:27 | +| main.rs:58:24:58:35 | l3.repeat(...) [Ok, tuple.0] | main.rs:58:24:58:66 | ... .expect(...) [tuple.0] | provenance | MaD:30 | | main.rs:58:24:58:66 | ... .expect(...) [tuple.0] | main.rs:58:9:58:20 | TuplePat [tuple.0] | provenance | | -| main.rs:58:34:58:34 | v | main.rs:58:24:58:35 | l3.repeat(...) [Ok, tuple.0] | provenance | MaD:24 | +| main.rs:58:34:58:34 | v | main.rs:58:24:58:35 | l3.repeat(...) [Ok, tuple.0] | provenance | MaD:26 | | main.rs:59:31:59:32 | k1 | main.rs:59:13:59:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:59:31:59:32 | k1 | main.rs:60:34:60:35 | k1 | provenance | | -| main.rs:59:31:59:32 | k1 | main.rs:62:24:62:36 | k1.extend(...) [Ok, tuple.0] | provenance | MaD:19 | +| main.rs:59:31:59:32 | k1 | main.rs:62:24:62:36 | k1.extend(...) [Ok, tuple.0] | provenance | MaD:20 | | main.rs:59:31:59:32 | k1 | main.rs:64:48:64:49 | k1 | provenance | | -| main.rs:59:31:59:32 | k1 | main.rs:65:31:65:50 | k1.extend_packed(...) [Ok] | provenance | MaD:21 | +| main.rs:59:31:59:32 | k1 | main.rs:65:31:65:50 | k1.extend_packed(...) [Ok] | provenance | MaD:22 | | main.rs:60:9:60:20 | TuplePat [tuple.0] | main.rs:60:10:60:11 | k2 | provenance | | | main.rs:60:10:60:11 | k2 | main.rs:61:31:61:32 | k2 | provenance | | -| main.rs:60:24:60:36 | l3.extend(...) [Ok, tuple.0] | main.rs:60:24:60:45 | ... .unwrap(...) [tuple.0] | provenance | MaD:28 | +| main.rs:60:24:60:36 | l3.extend(...) [Ok, tuple.0] | main.rs:60:24:60:45 | ... .unwrap(...) [tuple.0] | provenance | MaD:31 | | main.rs:60:24:60:45 | ... .unwrap(...) [tuple.0] | main.rs:60:9:60:20 | TuplePat [tuple.0] | provenance | | -| main.rs:60:34:60:35 | k1 | main.rs:60:24:60:36 | l3.extend(...) [Ok, tuple.0] | provenance | MaD:18 | +| main.rs:60:34:60:35 | k1 | main.rs:60:24:60:36 | l3.extend(...) [Ok, tuple.0] | provenance | MaD:19 | | main.rs:61:31:61:32 | k2 | main.rs:61:13:61:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:62:9:62:20 | TuplePat [tuple.0] | main.rs:62:10:62:11 | k3 | provenance | | | main.rs:62:10:62:11 | k3 | main.rs:63:31:63:32 | k3 | provenance | | -| main.rs:62:24:62:36 | k1.extend(...) [Ok, tuple.0] | main.rs:62:24:62:45 | ... .unwrap(...) [tuple.0] | provenance | MaD:28 | +| main.rs:62:24:62:36 | k1.extend(...) [Ok, tuple.0] | main.rs:62:24:62:45 | ... .unwrap(...) [tuple.0] | provenance | MaD:31 | | main.rs:62:24:62:45 | ... .unwrap(...) [tuple.0] | main.rs:62:9:62:20 | TuplePat [tuple.0] | provenance | | | main.rs:63:31:63:32 | k3 | main.rs:63:13:63:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:64:31:64:50 | l3.extend_packed(...) [Ok] | main.rs:64:31:64:59 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:64:31:64:50 | l3.extend_packed(...) [Ok] | main.rs:64:31:64:59 | ... .unwrap(...) | provenance | MaD:31 | | main.rs:64:31:64:59 | ... .unwrap(...) | main.rs:64:13:64:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:64:48:64:49 | k1 | main.rs:64:31:64:50 | l3.extend_packed(...) [Ok] | provenance | MaD:20 | -| main.rs:65:31:65:50 | k1.extend_packed(...) [Ok] | main.rs:65:31:65:59 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:64:48:64:49 | k1 | main.rs:64:31:64:50 | l3.extend_packed(...) [Ok] | provenance | MaD:21 | +| main.rs:65:31:65:50 | k1.extend_packed(...) [Ok] | main.rs:65:31:65:59 | ... .unwrap(...) | provenance | MaD:31 | | main.rs:65:31:65:59 | ... .unwrap(...) | main.rs:65:13:65:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:67:9:67:10 | l4 | main.rs:68:31:68:32 | l4 | provenance | | -| main.rs:67:14:67:47 | ...::array::<...>(...) [Ok] | main.rs:67:14:67:56 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:67:14:67:47 | ...::array::<...>(...) [Ok] | main.rs:67:14:67:56 | ... .unwrap(...) | provenance | MaD:31 | | main.rs:67:14:67:56 | ... .unwrap(...) | main.rs:67:9:67:10 | l4 | provenance | | -| main.rs:67:46:67:46 | v | main.rs:67:14:67:47 | ...::array::<...>(...) [Ok] | provenance | MaD:17 | +| main.rs:67:46:67:46 | v | main.rs:67:14:67:47 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | | main.rs:68:31:68:32 | l4 | main.rs:68:13:68:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:71:35:71:38 | ...: T | main.rs:77:9:77:16 | return v | provenance | | | main.rs:81:38:81:45 | ...: usize | main.rs:82:47:82:47 | v | provenance | | @@ -131,9 +146,9 @@ edges | main.rs:81:38:81:45 | ...: usize | main.rs:116:53:116:53 | v | provenance | | | main.rs:82:9:82:10 | l1 | main.rs:85:35:85:36 | l1 | provenance | | | main.rs:82:9:82:10 | l1 | main.rs:87:35:87:36 | l1 | provenance | | -| main.rs:82:14:82:48 | ...::array::<...>(...) [Ok] | main.rs:82:14:82:57 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:82:14:82:48 | ...::array::<...>(...) [Ok] | main.rs:82:14:82:57 | ... .unwrap(...) | provenance | MaD:31 | | main.rs:82:14:82:57 | ... .unwrap(...) | main.rs:82:9:82:10 | l1 | provenance | | -| main.rs:82:47:82:47 | v | main.rs:82:14:82:48 | ...::array::<...>(...) [Ok] | provenance | MaD:17 | +| main.rs:82:47:82:47 | v | main.rs:82:14:82:48 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | | main.rs:85:35:85:36 | l1 | main.rs:85:17:85:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:85:35:85:36 | l1 | main.rs:91:35:91:36 | l1 | provenance | | | main.rs:85:35:85:36 | l1 | main.rs:93:35:93:36 | l1 | provenance | | @@ -146,31 +161,31 @@ edges | main.rs:93:35:93:36 | l1 | main.rs:119:31:119:32 | l1 | provenance | | | main.rs:97:13:97:21 | mut v_mut | main.rs:103:51:103:55 | v_mut | provenance | | | main.rs:103:13:103:14 | l2 | main.rs:104:35:104:36 | l2 | provenance | | -| main.rs:103:18:103:56 | ...::array::<...>(...) [Ok] | main.rs:103:18:103:65 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:103:18:103:56 | ...::array::<...>(...) [Ok] | main.rs:103:18:103:65 | ... .unwrap(...) | provenance | MaD:31 | | main.rs:103:18:103:65 | ... .unwrap(...) | main.rs:103:13:103:14 | l2 | provenance | | -| main.rs:103:51:103:55 | v_mut | main.rs:103:18:103:56 | ...::array::<...>(...) [Ok] | provenance | MaD:17 | +| main.rs:103:51:103:55 | v_mut | main.rs:103:18:103:56 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | | main.rs:104:35:104:36 | l2 | main.rs:104:17:104:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:106:13:106:14 | l3 | main.rs:107:35:107:36 | l3 | provenance | | -| main.rs:106:18:106:52 | ...::array::<...>(...) [Ok] | main.rs:106:18:106:61 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:106:18:106:52 | ...::array::<...>(...) [Ok] | main.rs:106:18:106:61 | ... .unwrap(...) | provenance | MaD:31 | | main.rs:106:18:106:61 | ... .unwrap(...) | main.rs:106:13:106:14 | l3 | provenance | | -| main.rs:106:51:106:51 | v | main.rs:106:18:106:52 | ...::array::<...>(...) [Ok] | provenance | MaD:17 | +| main.rs:106:51:106:51 | v | main.rs:106:18:106:52 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | | main.rs:107:35:107:36 | l3 | main.rs:107:17:107:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:110:9:110:10 | l4 | main.rs:111:31:111:32 | l4 | provenance | | -| main.rs:110:14:110:68 | ...::array::<...>(...) [Ok] | main.rs:110:14:110:77 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:110:14:110:68 | ...::array::<...>(...) [Ok] | main.rs:110:14:110:77 | ... .unwrap(...) | provenance | MaD:31 | | main.rs:110:14:110:77 | ... .unwrap(...) | main.rs:110:9:110:10 | l4 | provenance | | -| main.rs:110:47:110:67 | ...::min(...) | main.rs:110:14:110:68 | ...::array::<...>(...) [Ok] | provenance | MaD:17 | -| main.rs:110:61:110:61 | v | main.rs:110:47:110:67 | ...::min(...) | provenance | MaD:31 | +| main.rs:110:47:110:67 | ...::min(...) | main.rs:110:14:110:68 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | +| main.rs:110:61:110:61 | v | main.rs:110:47:110:67 | ...::min(...) | provenance | MaD:34 | | main.rs:111:31:111:32 | l4 | main.rs:111:13:111:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:113:9:113:10 | l5 | main.rs:114:31:114:32 | l5 | provenance | | -| main.rs:113:14:113:68 | ...::array::<...>(...) [Ok] | main.rs:113:14:113:77 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:113:14:113:68 | ...::array::<...>(...) [Ok] | main.rs:113:14:113:77 | ... .unwrap(...) | provenance | MaD:31 | | main.rs:113:14:113:77 | ... .unwrap(...) | main.rs:113:9:113:10 | l5 | provenance | | -| main.rs:113:47:113:67 | ...::max(...) | main.rs:113:14:113:68 | ...::array::<...>(...) [Ok] | provenance | MaD:17 | -| main.rs:113:61:113:61 | v | main.rs:113:47:113:67 | ...::max(...) | provenance | MaD:30 | +| main.rs:113:47:113:67 | ...::max(...) | main.rs:113:14:113:68 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | +| main.rs:113:61:113:61 | v | main.rs:113:47:113:67 | ...::max(...) | provenance | MaD:33 | | main.rs:114:31:114:32 | l5 | main.rs:114:13:114:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:116:9:116:10 | l6 | main.rs:117:31:117:32 | l6 | provenance | | -| main.rs:116:14:116:63 | ...::array::<...>(...) [Ok] | main.rs:116:14:116:72 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:116:14:116:63 | ...::array::<...>(...) [Ok] | main.rs:116:14:116:72 | ... .unwrap(...) | provenance | MaD:31 | | main.rs:116:14:116:72 | ... .unwrap(...) | main.rs:116:9:116:10 | l6 | provenance | | -| main.rs:116:47:116:62 | clamp(...) | main.rs:116:14:116:63 | ...::array::<...>(...) [Ok] | provenance | MaD:17 | +| main.rs:116:47:116:62 | clamp(...) | main.rs:116:14:116:63 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | | main.rs:116:53:116:53 | v | main.rs:71:35:71:38 | ...: T | provenance | | | main.rs:116:53:116:53 | v | main.rs:116:47:116:62 | clamp(...) | provenance | | | main.rs:117:31:117:32 | l6 | main.rs:117:13:117:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | @@ -179,9 +194,9 @@ edges | main.rs:123:31:123:32 | l1 | main.rs:123:13:123:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:128:29:128:36 | ...: usize | main.rs:137:46:137:46 | v | provenance | | | main.rs:137:9:137:10 | l2 | main.rs:138:38:138:39 | l2 | provenance | | -| main.rs:137:14:137:47 | ...::array::<...>(...) [Ok] | main.rs:137:14:137:56 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:137:14:137:47 | ...::array::<...>(...) [Ok] | main.rs:137:14:137:56 | ... .unwrap(...) | provenance | MaD:31 | | main.rs:137:14:137:56 | ... .unwrap(...) | main.rs:137:9:137:10 | l2 | provenance | | -| main.rs:137:46:137:46 | v | main.rs:137:14:137:47 | ...::array::<...>(...) [Ok] | provenance | MaD:17 | +| main.rs:137:46:137:46 | v | main.rs:137:14:137:47 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | | main.rs:138:38:138:39 | l2 | main.rs:138:32:138:36 | alloc | provenance | MaD:10 Sink:MaD:10 | | main.rs:138:38:138:39 | l2 | main.rs:139:45:139:46 | l2 | provenance | | | main.rs:139:45:139:46 | l2 | main.rs:139:32:139:43 | alloc_zeroed | provenance | MaD:11 Sink:MaD:11 | @@ -218,10 +233,10 @@ edges | main.rs:211:9:211:9 | v | main.rs:217:27:217:27 | v | provenance | | | main.rs:211:9:211:9 | v | main.rs:218:25:218:25 | v | provenance | | | main.rs:211:13:211:26 | ...::args | main.rs:211:13:211:28 | ...::args(...) [element] | provenance | Src:MaD:16 | -| main.rs:211:13:211:28 | ...::args(...) [element] | main.rs:211:13:211:35 | ... .nth(...) [Some] | provenance | MaD:32 | -| main.rs:211:13:211:35 | ... .nth(...) [Some] | main.rs:211:13:211:65 | ... .unwrap_or(...) | provenance | MaD:26 | -| main.rs:211:13:211:65 | ... .unwrap_or(...) | main.rs:211:13:211:82 | ... .parse(...) [Ok] | provenance | MaD:29 | -| main.rs:211:13:211:82 | ... .parse(...) [Ok] | main.rs:211:13:211:91 | ... .unwrap(...) | provenance | MaD:28 | +| main.rs:211:13:211:28 | ...::args(...) [element] | main.rs:211:13:211:35 | ... .nth(...) [Some] | provenance | MaD:35 | +| main.rs:211:13:211:35 | ... .nth(...) [Some] | main.rs:211:13:211:65 | ... .unwrap_or(...) | provenance | MaD:29 | +| main.rs:211:13:211:65 | ... .unwrap_or(...) | main.rs:211:13:211:82 | ... .parse(...) [Ok] | provenance | MaD:32 | +| main.rs:211:13:211:82 | ... .parse(...) [Ok] | main.rs:211:13:211:91 | ... .unwrap(...) | provenance | MaD:31 | | main.rs:211:13:211:91 | ... .unwrap(...) | main.rs:211:9:211:9 | v | provenance | | | main.rs:214:34:214:34 | v | main.rs:12:36:12:43 | ...: usize | provenance | | | main.rs:215:42:215:42 | v | main.rs:43:44:43:51 | ...: usize | provenance | | @@ -245,22 +260,25 @@ models | 14 | Sink: repo:https://github.com/rust-lang/libc:libc; ::malloc; alloc-size; Argument[0] | | 15 | Sink: repo:https://github.com/rust-lang/libc:libc; ::realloc; alloc-size; Argument[1] | | 16 | Source: lang:std; crate::env::args; command-line-source; ReturnValue.Element | -| 17 | Summary: lang:core; ::array; Argument[0]; ReturnValue.Field[crate::result::Result::Ok(0)]; taint | -| 18 | Summary: lang:core; ::extend; Argument[0]; ReturnValue.Field[crate::result::Result::Ok(0)].Field[0]; taint | -| 19 | Summary: lang:core; ::extend; Argument[self]; ReturnValue.Field[crate::result::Result::Ok(0)].Field[0]; taint | -| 20 | Summary: lang:core; ::extend_packed; Argument[0]; ReturnValue.Field[crate::result::Result::Ok(0)]; taint | -| 21 | Summary: lang:core; ::extend_packed; Argument[self]; ReturnValue.Field[crate::result::Result::Ok(0)]; taint | -| 22 | Summary: lang:core; ::from_size_align; Argument[0]; ReturnValue.Field[crate::result::Result::Ok(0)]; taint | -| 23 | Summary: lang:core; ::from_size_align_unchecked; Argument[0]; ReturnValue; taint | -| 24 | Summary: lang:core; ::repeat; Argument[0]; ReturnValue.Field[crate::result::Result::Ok(0)].Field[0]; taint | -| 25 | Summary: lang:core; ::repeat_packed; Argument[0]; ReturnValue.Field[crate::result::Result::Ok(0)]; taint | -| 26 | Summary: lang:core; ::unwrap_or; Argument[self].Field[crate::option::Option::Some(0)]; ReturnValue; value | -| 27 | Summary: lang:core; ::expect; Argument[self].Field[crate::result::Result::Ok(0)]; ReturnValue; value | -| 28 | Summary: lang:core; ::unwrap; Argument[self].Field[crate::result::Result::Ok(0)]; ReturnValue; value | -| 29 | Summary: lang:core; ::parse; Argument[self]; ReturnValue.Field[crate::result::Result::Ok(0)]; taint | -| 30 | Summary: lang:core; crate::cmp::max; Argument[0]; ReturnValue; value | -| 31 | Summary: lang:core; crate::cmp::min; Argument[0]; ReturnValue; value | -| 32 | Summary: lang:core; crate::iter::traits::iterator::Iterator::nth; Argument[self].Element; ReturnValue.Field[crate::option::Option::Some(0)]; value | +| 17 | Summary: lang:core; ::align_to; Argument[self]; ReturnValue.Field[crate::result::Result::Ok(0)]; taint | +| 18 | Summary: lang:core; ::array; Argument[0]; ReturnValue.Field[crate::result::Result::Ok(0)]; taint | +| 19 | Summary: lang:core; ::extend; Argument[0]; ReturnValue.Field[crate::result::Result::Ok(0)].Field[0]; taint | +| 20 | Summary: lang:core; ::extend; Argument[self]; ReturnValue.Field[crate::result::Result::Ok(0)].Field[0]; taint | +| 21 | Summary: lang:core; ::extend_packed; Argument[0]; ReturnValue.Field[crate::result::Result::Ok(0)]; taint | +| 22 | Summary: lang:core; ::extend_packed; Argument[self]; ReturnValue.Field[crate::result::Result::Ok(0)]; taint | +| 23 | Summary: lang:core; ::from_size_align; Argument[0]; ReturnValue.Field[crate::result::Result::Ok(0)]; taint | +| 24 | Summary: lang:core; ::from_size_align_unchecked; Argument[0]; ReturnValue; taint | +| 25 | Summary: lang:core; ::pad_to_align; Argument[self]; ReturnValue; taint | +| 26 | Summary: lang:core; ::repeat; Argument[0]; ReturnValue.Field[crate::result::Result::Ok(0)].Field[0]; taint | +| 27 | Summary: lang:core; ::repeat_packed; Argument[0]; ReturnValue.Field[crate::result::Result::Ok(0)]; taint | +| 28 | Summary: lang:core; ::size; Argument[self]; ReturnValue; taint | +| 29 | Summary: lang:core; ::unwrap_or; Argument[self].Field[crate::option::Option::Some(0)]; ReturnValue; value | +| 30 | Summary: lang:core; ::expect; Argument[self].Field[crate::result::Result::Ok(0)]; ReturnValue; value | +| 31 | Summary: lang:core; ::unwrap; Argument[self].Field[crate::result::Result::Ok(0)]; ReturnValue; value | +| 32 | Summary: lang:core; ::parse; Argument[self]; ReturnValue.Field[crate::result::Result::Ok(0)]; taint | +| 33 | Summary: lang:core; crate::cmp::max; Argument[0]; ReturnValue; value | +| 34 | Summary: lang:core; crate::cmp::min; Argument[0]; ReturnValue; value | +| 35 | Summary: lang:core; crate::iter::traits::iterator::Iterator::nth; Argument[self].Element; ReturnValue.Field[crate::option::Option::Some(0)]; value | nodes | main.rs:12:36:12:43 | ...: usize | semmle.label | ...: usize | | main.rs:18:13:18:31 | ...::realloc | semmle.label | ...::realloc | @@ -271,6 +289,13 @@ nodes | main.rs:20:50:20:50 | v | semmle.label | v | | main.rs:21:13:21:29 | ...::alloc | semmle.label | ...::alloc | | main.rs:21:31:21:32 | l2 | semmle.label | l2 | +| main.rs:22:13:22:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:22:31:22:44 | l2.align_to(...) [Ok] | semmle.label | l2.align_to(...) [Ok] | +| main.rs:22:31:22:53 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:23:13:23:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:23:31:23:44 | l2.align_to(...) [Ok] | semmle.label | l2.align_to(...) [Ok] | +| main.rs:23:31:23:53 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:23:31:23:68 | ... .pad_to_align(...) | semmle.label | ... .pad_to_align(...) | | main.rs:24:13:24:36 | ...::alloc_zeroed | semmle.label | ...::alloc_zeroed | | main.rs:24:38:24:39 | l2 | semmle.label | l2 | | main.rs:29:9:29:10 | l4 | semmle.label | l4 | @@ -289,6 +314,11 @@ nodes | main.rs:36:60:36:61 | s6 | semmle.label | s6 | | main.rs:37:13:37:29 | ...::alloc | semmle.label | ...::alloc | | main.rs:37:31:37:32 | l6 | semmle.label | l6 | +| main.rs:39:9:39:10 | l7 | semmle.label | l7 | +| main.rs:39:14:39:72 | ...::from_size_align_unchecked(...) | semmle.label | ...::from_size_align_unchecked(...) | +| main.rs:39:60:39:68 | l6.size(...) | semmle.label | l6.size(...) | +| main.rs:40:13:40:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:40:31:40:32 | l7 | semmle.label | l7 | | main.rs:43:44:43:51 | ...: usize | semmle.label | ...: usize | | main.rs:50:13:50:29 | ...::alloc | semmle.label | ...::alloc | | main.rs:50:31:50:42 | l2.repeat(...) [Ok, tuple.0] | semmle.label | l2.repeat(...) [Ok, tuple.0] | diff --git a/rust/ql/test/query-tests/security/CWE-770/main.rs b/rust/ql/test/query-tests/security/CWE-770/main.rs index 0af7d0eb536..d2b5c109fa7 100644 --- a/rust/ql/test/query-tests/security/CWE-770/main.rs +++ b/rust/ql/test/query-tests/security/CWE-770/main.rs @@ -19,8 +19,8 @@ unsafe fn test_std_alloc_from_size(v: usize) { let l2 = std::alloc::Layout::from_size_align(v, 1).unwrap(); let _ = std::alloc::alloc(l2); // $ Alert[rust/uncontrolled-allocation-size]=arg1 - let _ = std::alloc::alloc(l2.align_to(8).unwrap()); // $ MISSING: Alert[rust/uncontrolled-allocation-size] - let _ = std::alloc::alloc(l2.align_to(8).unwrap().pad_to_align()); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc(l2.align_to(8).unwrap()); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l2.align_to(8).unwrap().pad_to_align()); // $ Alert[rust/uncontrolled-allocation-size]=arg1 let _ = std::alloc::alloc_zeroed(l2); // $ Alert[rust/uncontrolled-allocation-size]=arg1 let l3 = std::alloc::Layout::from_size_align(1, v).unwrap(); // not obviously dangerous? @@ -37,7 +37,7 @@ unsafe fn test_std_alloc_from_size(v: usize) { let _ = std::alloc::alloc(l6); // $ Alert[rust/uncontrolled-allocation-size]=arg1 let l7 = std::alloc::Layout::from_size_align_unchecked(l6.size(), 8); - let _ = std::alloc::alloc(l7); // $ MISSING: Alert[rust/uncontrolled-allocation-size] + let _ = std::alloc::alloc(l7); // $ Alert[rust/uncontrolled-allocation-size]=arg1 } unsafe fn test_std_alloc_new_repeat_extend(v: usize) { From 64aa4e8bae685efee1f4751c6bea20173dadb756 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 25 Mar 2025 09:38:16 +0000 Subject: [PATCH 084/409] Rust: Ensure that the sinks for this query appear in metrics. --- rust/ql/src/queries/summary/Stats.qll | 1 + 1 file changed, 1 insertion(+) diff --git a/rust/ql/src/queries/summary/Stats.qll b/rust/ql/src/queries/summary/Stats.qll index a2220398b41..119a53d7d72 100644 --- a/rust/ql/src/queries/summary/Stats.qll +++ b/rust/ql/src/queries/summary/Stats.qll @@ -15,6 +15,7 @@ private import codeql.rust.Concepts private import codeql.rust.security.CleartextLoggingExtensions private import codeql.rust.security.SqlInjectionExtensions private import codeql.rust.security.WeakSensitiveDataHashingExtensions +private import codeql.rust.security.UncontrolledAllocationSizeExtensions private import codeql.rust.security.regex.RegexInjectionExtensions /** From addc1d34d86860b220e674557ead9135dd60403c Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 25 Mar 2025 16:05:35 +0000 Subject: [PATCH 085/409] Rust: Add qhelp, examples, and tests of examples. --- .../CWE-770/UncontrolledAllocationSize.qhelp | 41 ++++ .../CWE-770/UncontrolledAllocationSizeBad.rs | 11 + .../CWE-770/UncontrolledAllocationSizeGood.rs | 17 ++ .../UncontrolledAllocationSize.expected | 210 +++++++++++------- .../test/query-tests/security/CWE-770/main.rs | 52 +++++ 5 files changed, 255 insertions(+), 76 deletions(-) create mode 100644 rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSize.qhelp create mode 100644 rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSizeBad.rs create mode 100644 rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSizeGood.rs diff --git a/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSize.qhelp b/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSize.qhelp new file mode 100644 index 00000000000..936c2761976 --- /dev/null +++ b/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSize.qhelp @@ -0,0 +1,41 @@ + + + + +

    Allocating memory with a size based on user input may allow arbitrary amounts of memory to be +allocated, leading to a crash or denial of service incident.

    + +

    If the user input is multiplied by a constant, such as the size of a type, the result may +overflow. In a build with the --release flag Rust performs two's complement wrapping, +with the result that less memory may be allocated than expected. This can lead to buffer overflow +incidents.

    + +     + + +

    Implement a guard to limit the amount of memory that is allocated, and reject the request if +the guard is not met. Ensure that any multiplications in the calculation cannot overflow, either +by guarding their inputs, or using a multiplication routine such as checked_mul that +does not wrap around.

    + +     + + +

    In the following example, an arbitrary amount of memory is allocated based on user input. In +addition, due to the multiplication operation the result may overflow if a very large value is +provided, leading to less memory being allocated than other parts of the program expect.

    + + +

    In the fixed example, the user input is checked against a maximum value. If the check fails an +error is returned, and both the multiplication and alloaction do not take place.

    + + +     + + +
  • The Rust Programming Language: Data Types - Integer Overflow.
    • + +     +     diff --git a/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSizeBad.rs b/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSizeBad.rs new file mode 100644 index 00000000000..40794494f3b --- /dev/null +++ b/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSizeBad.rs @@ -0,0 +1,11 @@ + +fn allocate_buffer(user_input: String) -> Result<*mut u8, Error> { + let num_bytes = user_input.parse::()? * std::mem::size_of::(); + + let layout = std::alloc::Layout::from_size_align(num_bytes, 1).unwrap(); + unsafe { + let buffer = std::alloc::alloc(layout); // BAD: uncontrolled allocation size + + Ok(buffer) + } +} diff --git a/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSizeGood.rs b/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSizeGood.rs new file mode 100644 index 00000000000..c0758431289 --- /dev/null +++ b/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSizeGood.rs @@ -0,0 +1,17 @@ + +const BUFFER_LIMIT: usize = 10 * 1024; + +fn allocate_buffer(user_input: String) -> Result<*mut u8, Error> { + let size = user_input.parse::()?; + if (size > BUFFER_LIMIT) { + return Err("Size exceeds limit".into()); + } + let num_bytes = size * std::mem::size_of::(); + + let layout = std::alloc::Layout::from_size_align(num_bytes, 1).unwrap(); + unsafe { + let buffer = std::alloc::alloc(layout); // GOOD + + Ok(buffer) + } +} diff --git a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected index 0d8c10db39f..7ef8327b64e 100644 --- a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected +++ b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected @@ -1,52 +1,54 @@ #select -| main.rs:18:13:18:31 | ...::realloc | main.rs:211:13:211:26 | ...::args | main.rs:18:13:18:31 | ...::realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:21:13:21:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:21:13:21:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:22:13:22:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:22:13:22:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:23:13:23:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:23:13:23:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:24:13:24:36 | ...::alloc_zeroed | main.rs:211:13:211:26 | ...::args | main.rs:24:13:24:36 | ...::alloc_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:30:13:30:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:30:13:30:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:33:13:33:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:33:13:33:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:37:13:37:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:37:13:37:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:40:13:40:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:40:13:40:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:50:13:50:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:50:13:50:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:51:13:51:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:51:13:51:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:53:13:53:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:53:13:53:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:54:13:54:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:54:13:54:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:59:13:59:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:59:13:59:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:61:13:61:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:61:13:61:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:63:13:63:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:63:13:63:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:64:13:64:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:64:13:64:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:65:13:65:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:65:13:65:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:68:13:68:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:68:13:68:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:85:17:85:33 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:85:17:85:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:87:17:87:33 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:87:17:87:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:91:17:91:33 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:91:17:91:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:93:17:93:33 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:93:17:93:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:104:17:104:33 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:104:17:104:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:107:17:107:33 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:107:17:107:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:111:13:111:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:111:13:111:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:114:13:114:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:114:13:114:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:117:13:117:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:117:13:117:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:119:13:119:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:119:13:119:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:123:13:123:29 | ...::alloc | main.rs:211:13:211:26 | ...::args | main.rs:123:13:123:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:138:32:138:36 | alloc | main.rs:211:13:211:26 | ...::args | main.rs:138:32:138:36 | alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:139:32:139:43 | alloc_zeroed | main.rs:211:13:211:26 | ...::args | main.rs:139:32:139:43 | alloc_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:140:32:140:39 | allocate | main.rs:211:13:211:26 | ...::args | main.rs:140:32:140:39 | allocate | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:141:32:141:46 | allocate_zeroed | main.rs:211:13:211:26 | ...::args | main.rs:141:32:141:46 | allocate_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:142:32:142:39 | allocate | main.rs:211:13:211:26 | ...::args | main.rs:142:32:142:39 | allocate | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:143:32:143:46 | allocate_zeroed | main.rs:211:13:211:26 | ...::args | main.rs:143:32:143:46 | allocate_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:153:40:153:43 | grow | main.rs:211:13:211:26 | ...::args | main.rs:153:40:153:43 | grow | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:155:40:155:50 | grow_zeroed | main.rs:211:13:211:26 | ...::args | main.rs:155:40:155:50 | grow_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:164:13:164:24 | ...::malloc | main.rs:211:13:211:26 | ...::args | main.rs:164:13:164:24 | ...::malloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:164:13:164:24 | ...::malloc | main.rs:211:13:211:26 | ...::args | main.rs:164:13:164:24 | ...::malloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:165:13:165:31 | ...::aligned_alloc | main.rs:211:13:211:26 | ...::args | main.rs:165:13:165:31 | ...::aligned_alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:165:13:165:31 | ...::aligned_alloc | main.rs:211:13:211:26 | ...::args | main.rs:165:13:165:31 | ...::aligned_alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:167:13:167:24 | ...::calloc | main.rs:211:13:211:26 | ...::args | main.rs:167:13:167:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:167:13:167:24 | ...::calloc | main.rs:211:13:211:26 | ...::args | main.rs:167:13:167:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:168:13:168:24 | ...::calloc | main.rs:211:13:211:26 | ...::args | main.rs:168:13:168:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:168:13:168:24 | ...::calloc | main.rs:211:13:211:26 | ...::args | main.rs:168:13:168:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:169:13:169:25 | ...::realloc | main.rs:211:13:211:26 | ...::args | main.rs:169:13:169:25 | ...::realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | -| main.rs:169:13:169:25 | ...::realloc | main.rs:211:13:211:26 | ...::args | main.rs:169:13:169:25 | ...::realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:211:13:211:26 | ...::args | user-provided value | +| main.rs:18:13:18:31 | ...::realloc | main.rs:262:13:262:26 | ...::args | main.rs:18:13:18:31 | ...::realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:21:13:21:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:21:13:21:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:22:13:22:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:22:13:22:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:23:13:23:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:23:13:23:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:24:13:24:36 | ...::alloc_zeroed | main.rs:262:13:262:26 | ...::args | main.rs:24:13:24:36 | ...::alloc_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:30:13:30:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:30:13:30:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:33:13:33:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:33:13:33:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:37:13:37:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:37:13:37:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:40:13:40:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:40:13:40:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:50:13:50:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:50:13:50:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:51:13:51:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:51:13:51:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:53:13:53:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:53:13:53:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:54:13:54:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:54:13:54:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:59:13:59:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:59:13:59:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:61:13:61:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:61:13:61:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:63:13:63:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:63:13:63:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:64:13:64:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:64:13:64:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:65:13:65:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:65:13:65:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:68:13:68:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:68:13:68:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:85:17:85:33 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:85:17:85:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:87:17:87:33 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:87:17:87:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:91:17:91:33 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:91:17:91:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:93:17:93:33 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:93:17:93:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:104:17:104:33 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:104:17:104:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:107:17:107:33 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:107:17:107:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:111:13:111:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:111:13:111:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:114:13:114:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:114:13:114:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:117:13:117:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:117:13:117:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:119:13:119:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:119:13:119:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:123:13:123:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:123:13:123:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:138:32:138:36 | alloc | main.rs:262:13:262:26 | ...::args | main.rs:138:32:138:36 | alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:139:32:139:43 | alloc_zeroed | main.rs:262:13:262:26 | ...::args | main.rs:139:32:139:43 | alloc_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:140:32:140:39 | allocate | main.rs:262:13:262:26 | ...::args | main.rs:140:32:140:39 | allocate | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:141:32:141:46 | allocate_zeroed | main.rs:262:13:262:26 | ...::args | main.rs:141:32:141:46 | allocate_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:142:32:142:39 | allocate | main.rs:262:13:262:26 | ...::args | main.rs:142:32:142:39 | allocate | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:143:32:143:46 | allocate_zeroed | main.rs:262:13:262:26 | ...::args | main.rs:143:32:143:46 | allocate_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:153:40:153:43 | grow | main.rs:262:13:262:26 | ...::args | main.rs:153:40:153:43 | grow | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:155:40:155:50 | grow_zeroed | main.rs:262:13:262:26 | ...::args | main.rs:155:40:155:50 | grow_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:164:13:164:24 | ...::malloc | main.rs:262:13:262:26 | ...::args | main.rs:164:13:164:24 | ...::malloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:164:13:164:24 | ...::malloc | main.rs:262:13:262:26 | ...::args | main.rs:164:13:164:24 | ...::malloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:165:13:165:31 | ...::aligned_alloc | main.rs:262:13:262:26 | ...::args | main.rs:165:13:165:31 | ...::aligned_alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:165:13:165:31 | ...::aligned_alloc | main.rs:262:13:262:26 | ...::args | main.rs:165:13:165:31 | ...::aligned_alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:167:13:167:24 | ...::calloc | main.rs:262:13:262:26 | ...::args | main.rs:167:13:167:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:167:13:167:24 | ...::calloc | main.rs:262:13:262:26 | ...::args | main.rs:167:13:167:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:168:13:168:24 | ...::calloc | main.rs:262:13:262:26 | ...::args | main.rs:168:13:168:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:168:13:168:24 | ...::calloc | main.rs:262:13:262:26 | ...::args | main.rs:168:13:168:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:169:13:169:25 | ...::realloc | main.rs:262:13:262:26 | ...::args | main.rs:169:13:169:25 | ...::realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:169:13:169:25 | ...::realloc | main.rs:262:13:262:26 | ...::args | main.rs:169:13:169:25 | ...::realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | +| main.rs:229:22:229:38 | ...::alloc | main.rs:253:25:253:38 | ...::args | main.rs:229:22:229:38 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:253:25:253:38 | ...::args | user-provided value | +| main.rs:246:22:246:38 | ...::alloc | main.rs:254:26:254:39 | ...::args | main.rs:246:22:246:38 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:254:26:254:39 | ...::args | user-provided value | edges | main.rs:12:36:12:43 | ...: usize | main.rs:18:41:18:41 | v | provenance | | | main.rs:18:41:18:41 | v | main.rs:18:13:18:31 | ...::realloc | provenance | MaD:5 Sink:MaD:5 | @@ -227,22 +229,49 @@ edges | main.rs:168:26:168:26 | v | main.rs:169:31:169:31 | v | provenance | | | main.rs:169:31:169:31 | v | main.rs:169:13:169:25 | ...::realloc | provenance | MaD:15 Sink:MaD:15 | | main.rs:169:31:169:31 | v | main.rs:169:13:169:25 | ...::realloc | provenance | MaD:15 Sink:MaD:15 | -| main.rs:211:9:211:9 | v | main.rs:214:34:214:34 | v | provenance | | -| main.rs:211:9:211:9 | v | main.rs:215:42:215:42 | v | provenance | | -| main.rs:211:9:211:9 | v | main.rs:216:36:216:36 | v | provenance | | -| main.rs:211:9:211:9 | v | main.rs:217:27:217:27 | v | provenance | | -| main.rs:211:9:211:9 | v | main.rs:218:25:218:25 | v | provenance | | -| main.rs:211:13:211:26 | ...::args | main.rs:211:13:211:28 | ...::args(...) [element] | provenance | Src:MaD:16 | -| main.rs:211:13:211:28 | ...::args(...) [element] | main.rs:211:13:211:35 | ... .nth(...) [Some] | provenance | MaD:35 | -| main.rs:211:13:211:35 | ... .nth(...) [Some] | main.rs:211:13:211:65 | ... .unwrap_or(...) | provenance | MaD:29 | -| main.rs:211:13:211:65 | ... .unwrap_or(...) | main.rs:211:13:211:82 | ... .parse(...) [Ok] | provenance | MaD:32 | -| main.rs:211:13:211:82 | ... .parse(...) [Ok] | main.rs:211:13:211:91 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:211:13:211:91 | ... .unwrap(...) | main.rs:211:9:211:9 | v | provenance | | -| main.rs:214:34:214:34 | v | main.rs:12:36:12:43 | ...: usize | provenance | | -| main.rs:215:42:215:42 | v | main.rs:43:44:43:51 | ...: usize | provenance | | -| main.rs:216:36:216:36 | v | main.rs:81:38:81:45 | ...: usize | provenance | | -| main.rs:217:27:217:27 | v | main.rs:128:29:128:36 | ...: usize | provenance | | -| main.rs:218:25:218:25 | v | main.rs:162:27:162:34 | ...: usize | provenance | | +| main.rs:224:24:224:41 | ...: String | main.rs:225:21:225:47 | user_input.parse(...) [Ok] | provenance | MaD:32 | +| main.rs:225:9:225:17 | num_bytes | main.rs:227:54:227:62 | num_bytes | provenance | | +| main.rs:225:21:225:47 | user_input.parse(...) [Ok] | main.rs:225:21:225:48 | TryExpr | provenance | | +| main.rs:225:21:225:48 | TryExpr | main.rs:225:9:225:17 | num_bytes | provenance | | +| main.rs:227:9:227:14 | layout | main.rs:229:40:229:45 | layout | provenance | | +| main.rs:227:18:227:66 | ...::from_size_align(...) [Ok] | main.rs:227:18:227:75 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:227:18:227:75 | ... .unwrap(...) | main.rs:227:9:227:14 | layout | provenance | | +| main.rs:227:54:227:62 | num_bytes | main.rs:227:18:227:66 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | +| main.rs:229:40:229:45 | layout | main.rs:229:22:229:38 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:237:25:237:42 | ...: String | main.rs:238:16:238:42 | user_input.parse(...) [Ok] | provenance | MaD:32 | +| main.rs:238:9:238:12 | size | main.rs:242:9:242:17 | num_bytes | provenance | | +| main.rs:238:16:238:42 | user_input.parse(...) [Ok] | main.rs:238:16:238:43 | TryExpr | provenance | | +| main.rs:238:16:238:43 | TryExpr | main.rs:238:9:238:12 | size | provenance | | +| main.rs:242:9:242:17 | num_bytes | main.rs:244:54:244:62 | num_bytes | provenance | | +| main.rs:244:9:244:14 | layout | main.rs:246:40:246:45 | layout | provenance | | +| main.rs:244:18:244:66 | ...::from_size_align(...) [Ok] | main.rs:244:18:244:75 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:244:18:244:75 | ... .unwrap(...) | main.rs:244:9:244:14 | layout | provenance | | +| main.rs:244:54:244:62 | num_bytes | main.rs:244:18:244:66 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | +| main.rs:246:40:246:45 | layout | main.rs:246:22:246:38 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:253:25:253:38 | ...::args | main.rs:253:25:253:40 | ...::args(...) [element] | provenance | Src:MaD:16 | +| main.rs:253:25:253:40 | ...::args(...) [element] | main.rs:253:25:253:47 | ... .nth(...) [Some] | provenance | MaD:35 | +| main.rs:253:25:253:47 | ... .nth(...) [Some] | main.rs:253:25:253:74 | ... .unwrap_or(...) | provenance | MaD:29 | +| main.rs:253:25:253:74 | ... .unwrap_or(...) | main.rs:224:24:224:41 | ...: String | provenance | | +| main.rs:254:26:254:39 | ...::args | main.rs:254:26:254:41 | ...::args(...) [element] | provenance | Src:MaD:16 | +| main.rs:254:26:254:41 | ...::args(...) [element] | main.rs:254:26:254:48 | ... .nth(...) [Some] | provenance | MaD:35 | +| main.rs:254:26:254:48 | ... .nth(...) [Some] | main.rs:254:26:254:75 | ... .unwrap_or(...) | provenance | MaD:29 | +| main.rs:254:26:254:75 | ... .unwrap_or(...) | main.rs:237:25:237:42 | ...: String | provenance | | +| main.rs:262:9:262:9 | v | main.rs:265:34:265:34 | v | provenance | | +| main.rs:262:9:262:9 | v | main.rs:266:42:266:42 | v | provenance | | +| main.rs:262:9:262:9 | v | main.rs:267:36:267:36 | v | provenance | | +| main.rs:262:9:262:9 | v | main.rs:268:27:268:27 | v | provenance | | +| main.rs:262:9:262:9 | v | main.rs:269:25:269:25 | v | provenance | | +| main.rs:262:13:262:26 | ...::args | main.rs:262:13:262:28 | ...::args(...) [element] | provenance | Src:MaD:16 | +| main.rs:262:13:262:28 | ...::args(...) [element] | main.rs:262:13:262:35 | ... .nth(...) [Some] | provenance | MaD:35 | +| main.rs:262:13:262:35 | ... .nth(...) [Some] | main.rs:262:13:262:65 | ... .unwrap_or(...) | provenance | MaD:29 | +| main.rs:262:13:262:65 | ... .unwrap_or(...) | main.rs:262:13:262:82 | ... .parse(...) [Ok] | provenance | MaD:32 | +| main.rs:262:13:262:82 | ... .parse(...) [Ok] | main.rs:262:13:262:91 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:262:13:262:91 | ... .unwrap(...) | main.rs:262:9:262:9 | v | provenance | | +| main.rs:265:34:265:34 | v | main.rs:12:36:12:43 | ...: usize | provenance | | +| main.rs:266:42:266:42 | v | main.rs:43:44:43:51 | ...: usize | provenance | | +| main.rs:267:36:267:36 | v | main.rs:81:38:81:45 | ...: usize | provenance | | +| main.rs:268:27:268:27 | v | main.rs:128:29:128:36 | ...: usize | provenance | | +| main.rs:269:25:269:25 | v | main.rs:162:27:162:34 | ...: usize | provenance | | models | 1 | Sink: lang:alloc; ::allocate; alloc-layout; Argument[0] | | 2 | Sink: lang:alloc; ::allocate_zeroed; alloc-layout; Argument[0] | @@ -461,17 +490,46 @@ nodes | main.rs:169:13:169:25 | ...::realloc | semmle.label | ...::realloc | | main.rs:169:13:169:25 | ...::realloc | semmle.label | ...::realloc | | main.rs:169:31:169:31 | v | semmle.label | v | -| main.rs:211:9:211:9 | v | semmle.label | v | -| main.rs:211:13:211:26 | ...::args | semmle.label | ...::args | -| main.rs:211:13:211:28 | ...::args(...) [element] | semmle.label | ...::args(...) [element] | -| main.rs:211:13:211:35 | ... .nth(...) [Some] | semmle.label | ... .nth(...) [Some] | -| main.rs:211:13:211:65 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) | -| main.rs:211:13:211:82 | ... .parse(...) [Ok] | semmle.label | ... .parse(...) [Ok] | -| main.rs:211:13:211:91 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:214:34:214:34 | v | semmle.label | v | -| main.rs:215:42:215:42 | v | semmle.label | v | -| main.rs:216:36:216:36 | v | semmle.label | v | -| main.rs:217:27:217:27 | v | semmle.label | v | -| main.rs:218:25:218:25 | v | semmle.label | v | +| main.rs:224:24:224:41 | ...: String | semmle.label | ...: String | +| main.rs:225:9:225:17 | num_bytes | semmle.label | num_bytes | +| main.rs:225:21:225:47 | user_input.parse(...) [Ok] | semmle.label | user_input.parse(...) [Ok] | +| main.rs:225:21:225:48 | TryExpr | semmle.label | TryExpr | +| main.rs:227:9:227:14 | layout | semmle.label | layout | +| main.rs:227:18:227:66 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | +| main.rs:227:18:227:75 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:227:54:227:62 | num_bytes | semmle.label | num_bytes | +| main.rs:229:22:229:38 | ...::alloc | semmle.label | ...::alloc | +| main.rs:229:40:229:45 | layout | semmle.label | layout | +| main.rs:237:25:237:42 | ...: String | semmle.label | ...: String | +| main.rs:238:9:238:12 | size | semmle.label | size | +| main.rs:238:16:238:42 | user_input.parse(...) [Ok] | semmle.label | user_input.parse(...) [Ok] | +| main.rs:238:16:238:43 | TryExpr | semmle.label | TryExpr | +| main.rs:242:9:242:17 | num_bytes | semmle.label | num_bytes | +| main.rs:244:9:244:14 | layout | semmle.label | layout | +| main.rs:244:18:244:66 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | +| main.rs:244:18:244:75 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:244:54:244:62 | num_bytes | semmle.label | num_bytes | +| main.rs:246:22:246:38 | ...::alloc | semmle.label | ...::alloc | +| main.rs:246:40:246:45 | layout | semmle.label | layout | +| main.rs:253:25:253:38 | ...::args | semmle.label | ...::args | +| main.rs:253:25:253:40 | ...::args(...) [element] | semmle.label | ...::args(...) [element] | +| main.rs:253:25:253:47 | ... .nth(...) [Some] | semmle.label | ... .nth(...) [Some] | +| main.rs:253:25:253:74 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) | +| main.rs:254:26:254:39 | ...::args | semmle.label | ...::args | +| main.rs:254:26:254:41 | ...::args(...) [element] | semmle.label | ...::args(...) [element] | +| main.rs:254:26:254:48 | ... .nth(...) [Some] | semmle.label | ... .nth(...) [Some] | +| main.rs:254:26:254:75 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) | +| main.rs:262:9:262:9 | v | semmle.label | v | +| main.rs:262:13:262:26 | ...::args | semmle.label | ...::args | +| main.rs:262:13:262:28 | ...::args(...) [element] | semmle.label | ...::args(...) [element] | +| main.rs:262:13:262:35 | ... .nth(...) [Some] | semmle.label | ... .nth(...) [Some] | +| main.rs:262:13:262:65 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) | +| main.rs:262:13:262:82 | ... .parse(...) [Ok] | semmle.label | ... .parse(...) [Ok] | +| main.rs:262:13:262:91 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:265:34:265:34 | v | semmle.label | v | +| main.rs:266:42:266:42 | v | semmle.label | v | +| main.rs:267:36:267:36 | v | semmle.label | v | +| main.rs:268:27:268:27 | v | semmle.label | v | +| main.rs:269:25:269:25 | v | semmle.label | v | subpaths | main.rs:116:53:116:53 | v | main.rs:71:35:71:38 | ...: T | main.rs:77:9:77:16 | return v | main.rs:116:47:116:62 | clamp(...) | diff --git a/rust/ql/test/query-tests/security/CWE-770/main.rs b/rust/ql/test/query-tests/security/CWE-770/main.rs index d2b5c109fa7..a699767dc1a 100644 --- a/rust/ql/test/query-tests/security/CWE-770/main.rs +++ b/rust/ql/test/query-tests/security/CWE-770/main.rs @@ -203,6 +203,57 @@ unsafe fn test_vectors(v: usize) { let _ = Vec::::from_raw_parts_in(m7, 100, v, std::alloc::Global); // $ MISSING: Alert[rust/uncontrolled-allocation-size] } +// --- examples from the qhelp --- + +struct Error { + msg: String, +} + +impl From for Error { + fn from(err: std::num::ParseIntError) -> Self { + Error { msg: "ParseIntError".to_string() } + } +} + +impl From<&str> for Error { + fn from(msg: &str) -> Self { + Error { msg: msg.to_string() } + } +} + +fn allocate_buffer_bad(user_input: String) -> Result<*mut u8, Error> { + let num_bytes = user_input.parse::()? * std::mem::size_of::(); + + let layout = std::alloc::Layout::from_size_align(num_bytes, 1).unwrap(); + unsafe { + let buffer = std::alloc::alloc(layout); // $ Alert[rust/uncontrolled-allocation-size]=example1 + + Ok(buffer) + } +} + +const BUFFER_LIMIT: usize = 10 * 1024; + +fn allocate_buffer_good(user_input: String) -> Result<*mut u8, Error> { + let size = user_input.parse::()?; + if (size > BUFFER_LIMIT) { + return Err("Size exceeds limit".into()); + } + let num_bytes = size * std::mem::size_of::(); + + let layout = std::alloc::Layout::from_size_align(num_bytes, 1).unwrap(); + unsafe { + let buffer = std::alloc::alloc(layout); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=example2 + + Ok(buffer) + } +} + +fn test_examples() { + allocate_buffer_bad(std::env::args().nth(1).unwrap_or("0".to_string())); // $ Source=example1 + allocate_buffer_good(std::env::args().nth(1).unwrap_or("0".to_string())); // $ Source=example2 +} + // --- main --- fn main() { @@ -217,6 +268,7 @@ fn main() { test_system_alloc(v); test_libc_alloc(v); test_vectors(v); + test_examples(); } println!("--- end ---"); From cdd5cb05237dd1300945f4888af1a1236fe53063 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 31 Mar 2025 09:28:10 +0100 Subject: [PATCH 086/409] Rust: More test cases for bounds / guards. --- .../UncontrolledAllocationSize.expected | 780 +++++++++++------- .../test/query-tests/security/CWE-770/main.rs | 83 +- 2 files changed, 537 insertions(+), 326 deletions(-) diff --git a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected index 7ef8327b64e..cca67133563 100644 --- a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected +++ b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected @@ -1,54 +1,66 @@ #select -| main.rs:18:13:18:31 | ...::realloc | main.rs:262:13:262:26 | ...::args | main.rs:18:13:18:31 | ...::realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:21:13:21:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:21:13:21:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:22:13:22:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:22:13:22:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:23:13:23:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:23:13:23:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:24:13:24:36 | ...::alloc_zeroed | main.rs:262:13:262:26 | ...::args | main.rs:24:13:24:36 | ...::alloc_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:30:13:30:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:30:13:30:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:33:13:33:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:33:13:33:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:37:13:37:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:37:13:37:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:40:13:40:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:40:13:40:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:50:13:50:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:50:13:50:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:51:13:51:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:51:13:51:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:53:13:53:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:53:13:53:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:54:13:54:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:54:13:54:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:59:13:59:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:59:13:59:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:61:13:61:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:61:13:61:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:63:13:63:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:63:13:63:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:64:13:64:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:64:13:64:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:65:13:65:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:65:13:65:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:68:13:68:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:68:13:68:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:85:17:85:33 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:85:17:85:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:87:17:87:33 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:87:17:87:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:91:17:91:33 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:91:17:91:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:93:17:93:33 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:93:17:93:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:104:17:104:33 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:104:17:104:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:107:17:107:33 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:107:17:107:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:111:13:111:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:111:13:111:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:114:13:114:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:114:13:114:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:117:13:117:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:117:13:117:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:119:13:119:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:119:13:119:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:123:13:123:29 | ...::alloc | main.rs:262:13:262:26 | ...::args | main.rs:123:13:123:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:138:32:138:36 | alloc | main.rs:262:13:262:26 | ...::args | main.rs:138:32:138:36 | alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:139:32:139:43 | alloc_zeroed | main.rs:262:13:262:26 | ...::args | main.rs:139:32:139:43 | alloc_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:140:32:140:39 | allocate | main.rs:262:13:262:26 | ...::args | main.rs:140:32:140:39 | allocate | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:141:32:141:46 | allocate_zeroed | main.rs:262:13:262:26 | ...::args | main.rs:141:32:141:46 | allocate_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:142:32:142:39 | allocate | main.rs:262:13:262:26 | ...::args | main.rs:142:32:142:39 | allocate | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:143:32:143:46 | allocate_zeroed | main.rs:262:13:262:26 | ...::args | main.rs:143:32:143:46 | allocate_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:153:40:153:43 | grow | main.rs:262:13:262:26 | ...::args | main.rs:153:40:153:43 | grow | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:155:40:155:50 | grow_zeroed | main.rs:262:13:262:26 | ...::args | main.rs:155:40:155:50 | grow_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:164:13:164:24 | ...::malloc | main.rs:262:13:262:26 | ...::args | main.rs:164:13:164:24 | ...::malloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:164:13:164:24 | ...::malloc | main.rs:262:13:262:26 | ...::args | main.rs:164:13:164:24 | ...::malloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:165:13:165:31 | ...::aligned_alloc | main.rs:262:13:262:26 | ...::args | main.rs:165:13:165:31 | ...::aligned_alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:165:13:165:31 | ...::aligned_alloc | main.rs:262:13:262:26 | ...::args | main.rs:165:13:165:31 | ...::aligned_alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:167:13:167:24 | ...::calloc | main.rs:262:13:262:26 | ...::args | main.rs:167:13:167:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:167:13:167:24 | ...::calloc | main.rs:262:13:262:26 | ...::args | main.rs:167:13:167:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:168:13:168:24 | ...::calloc | main.rs:262:13:262:26 | ...::args | main.rs:168:13:168:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:168:13:168:24 | ...::calloc | main.rs:262:13:262:26 | ...::args | main.rs:168:13:168:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:169:13:169:25 | ...::realloc | main.rs:262:13:262:26 | ...::args | main.rs:169:13:169:25 | ...::realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:169:13:169:25 | ...::realloc | main.rs:262:13:262:26 | ...::args | main.rs:169:13:169:25 | ...::realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:262:13:262:26 | ...::args | user-provided value | -| main.rs:229:22:229:38 | ...::alloc | main.rs:253:25:253:38 | ...::args | main.rs:229:22:229:38 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:253:25:253:38 | ...::args | user-provided value | -| main.rs:246:22:246:38 | ...::alloc | main.rs:254:26:254:39 | ...::args | main.rs:246:22:246:38 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:254:26:254:39 | ...::args | user-provided value | +| main.rs:18:13:18:31 | ...::realloc | main.rs:317:13:317:26 | ...::args | main.rs:18:13:18:31 | ...::realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:21:13:21:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:21:13:21:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:22:13:22:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:22:13:22:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:23:13:23:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:23:13:23:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:24:13:24:36 | ...::alloc_zeroed | main.rs:317:13:317:26 | ...::args | main.rs:24:13:24:36 | ...::alloc_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:30:13:30:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:30:13:30:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:33:13:33:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:33:13:33:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:37:13:37:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:37:13:37:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:40:13:40:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:40:13:40:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:50:13:50:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:50:13:50:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:51:13:51:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:51:13:51:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:53:13:53:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:53:13:53:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:54:13:54:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:54:13:54:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:59:13:59:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:59:13:59:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:61:13:61:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:61:13:61:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:63:13:63:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:63:13:63:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:64:13:64:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:64:13:64:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:65:13:65:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:65:13:65:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:68:13:68:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:68:13:68:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:83:13:83:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:83:13:83:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:88:13:88:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:88:13:88:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:96:17:96:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:96:17:96:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:97:17:97:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:97:17:97:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:102:17:102:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:102:17:102:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:103:17:103:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:103:17:103:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:109:17:109:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:109:17:109:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:111:17:111:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:111:17:111:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:116:17:116:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:116:17:116:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:121:17:121:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:121:17:121:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:126:17:126:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:126:17:126:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:135:13:135:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:135:13:135:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:146:17:146:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:146:17:146:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:147:17:147:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:147:17:147:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:148:17:148:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:148:17:148:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:152:13:152:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:152:13:152:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:155:13:155:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:155:13:155:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:158:13:158:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:158:13:158:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:162:17:162:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:162:17:162:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:169:17:169:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:169:17:169:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:170:17:170:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:170:17:170:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:177:13:177:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:177:13:177:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:178:13:178:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:178:13:178:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:193:32:193:36 | alloc | main.rs:317:13:317:26 | ...::args | main.rs:193:32:193:36 | alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:194:32:194:43 | alloc_zeroed | main.rs:317:13:317:26 | ...::args | main.rs:194:32:194:43 | alloc_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:195:32:195:39 | allocate | main.rs:317:13:317:26 | ...::args | main.rs:195:32:195:39 | allocate | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:196:32:196:46 | allocate_zeroed | main.rs:317:13:317:26 | ...::args | main.rs:196:32:196:46 | allocate_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:197:32:197:39 | allocate | main.rs:317:13:317:26 | ...::args | main.rs:197:32:197:39 | allocate | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:198:32:198:46 | allocate_zeroed | main.rs:317:13:317:26 | ...::args | main.rs:198:32:198:46 | allocate_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:208:40:208:43 | grow | main.rs:317:13:317:26 | ...::args | main.rs:208:40:208:43 | grow | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:210:40:210:50 | grow_zeroed | main.rs:317:13:317:26 | ...::args | main.rs:210:40:210:50 | grow_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:219:13:219:24 | ...::malloc | main.rs:317:13:317:26 | ...::args | main.rs:219:13:219:24 | ...::malloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:219:13:219:24 | ...::malloc | main.rs:317:13:317:26 | ...::args | main.rs:219:13:219:24 | ...::malloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:220:13:220:31 | ...::aligned_alloc | main.rs:317:13:317:26 | ...::args | main.rs:220:13:220:31 | ...::aligned_alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:220:13:220:31 | ...::aligned_alloc | main.rs:317:13:317:26 | ...::args | main.rs:220:13:220:31 | ...::aligned_alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:222:13:222:24 | ...::calloc | main.rs:317:13:317:26 | ...::args | main.rs:222:13:222:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:222:13:222:24 | ...::calloc | main.rs:317:13:317:26 | ...::args | main.rs:222:13:222:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:223:13:223:24 | ...::calloc | main.rs:317:13:317:26 | ...::args | main.rs:223:13:223:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:223:13:223:24 | ...::calloc | main.rs:317:13:317:26 | ...::args | main.rs:223:13:223:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:224:13:224:25 | ...::realloc | main.rs:317:13:317:26 | ...::args | main.rs:224:13:224:25 | ...::realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:224:13:224:25 | ...::realloc | main.rs:317:13:317:26 | ...::args | main.rs:224:13:224:25 | ...::realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:284:22:284:38 | ...::alloc | main.rs:308:25:308:38 | ...::args | main.rs:284:22:284:38 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:308:25:308:38 | ...::args | user-provided value | +| main.rs:301:22:301:38 | ...::alloc | main.rs:309:26:309:39 | ...::args | main.rs:301:22:301:38 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:309:26:309:39 | ...::args | user-provided value | edges | main.rs:12:36:12:43 | ...: usize | main.rs:18:41:18:41 | v | provenance | | | main.rs:18:41:18:41 | v | main.rs:18:13:18:31 | ...::realloc | provenance | MaD:5 Sink:MaD:5 | @@ -140,138 +152,210 @@ edges | main.rs:67:46:67:46 | v | main.rs:67:14:67:47 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | | main.rs:68:31:68:32 | l4 | main.rs:68:13:68:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:71:35:71:38 | ...: T | main.rs:77:9:77:16 | return v | provenance | | -| main.rs:81:38:81:45 | ...: usize | main.rs:82:47:82:47 | v | provenance | | -| main.rs:81:38:81:45 | ...: usize | main.rs:97:13:97:21 | mut v_mut | provenance | | -| main.rs:81:38:81:45 | ...: usize | main.rs:106:51:106:51 | v | provenance | | -| main.rs:81:38:81:45 | ...: usize | main.rs:110:61:110:61 | v | provenance | | -| main.rs:81:38:81:45 | ...: usize | main.rs:113:61:113:61 | v | provenance | | -| main.rs:81:38:81:45 | ...: usize | main.rs:116:53:116:53 | v | provenance | | -| main.rs:82:9:82:10 | l1 | main.rs:85:35:85:36 | l1 | provenance | | -| main.rs:82:9:82:10 | l1 | main.rs:87:35:87:36 | l1 | provenance | | -| main.rs:82:14:82:48 | ...::array::<...>(...) [Ok] | main.rs:82:14:82:57 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:82:14:82:57 | ... .unwrap(...) | main.rs:82:9:82:10 | l1 | provenance | | -| main.rs:82:47:82:47 | v | main.rs:82:14:82:48 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | -| main.rs:85:35:85:36 | l1 | main.rs:85:17:85:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:85:35:85:36 | l1 | main.rs:91:35:91:36 | l1 | provenance | | -| main.rs:85:35:85:36 | l1 | main.rs:93:35:93:36 | l1 | provenance | | -| main.rs:87:35:87:36 | l1 | main.rs:87:17:87:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:87:35:87:36 | l1 | main.rs:91:35:91:36 | l1 | provenance | | -| main.rs:87:35:87:36 | l1 | main.rs:93:35:93:36 | l1 | provenance | | -| main.rs:91:35:91:36 | l1 | main.rs:91:17:91:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:91:35:91:36 | l1 | main.rs:119:31:119:32 | l1 | provenance | | -| main.rs:93:35:93:36 | l1 | main.rs:93:17:93:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:93:35:93:36 | l1 | main.rs:119:31:119:32 | l1 | provenance | | -| main.rs:97:13:97:21 | mut v_mut | main.rs:103:51:103:55 | v_mut | provenance | | -| main.rs:103:13:103:14 | l2 | main.rs:104:35:104:36 | l2 | provenance | | -| main.rs:103:18:103:56 | ...::array::<...>(...) [Ok] | main.rs:103:18:103:65 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:103:18:103:65 | ... .unwrap(...) | main.rs:103:13:103:14 | l2 | provenance | | -| main.rs:103:51:103:55 | v_mut | main.rs:103:18:103:56 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | -| main.rs:104:35:104:36 | l2 | main.rs:104:17:104:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:106:13:106:14 | l3 | main.rs:107:35:107:36 | l3 | provenance | | -| main.rs:106:18:106:52 | ...::array::<...>(...) [Ok] | main.rs:106:18:106:61 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:106:18:106:61 | ... .unwrap(...) | main.rs:106:13:106:14 | l3 | provenance | | -| main.rs:106:51:106:51 | v | main.rs:106:18:106:52 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | -| main.rs:107:35:107:36 | l3 | main.rs:107:17:107:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:110:9:110:10 | l4 | main.rs:111:31:111:32 | l4 | provenance | | -| main.rs:110:14:110:68 | ...::array::<...>(...) [Ok] | main.rs:110:14:110:77 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:110:14:110:77 | ... .unwrap(...) | main.rs:110:9:110:10 | l4 | provenance | | -| main.rs:110:47:110:67 | ...::min(...) | main.rs:110:14:110:68 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | -| main.rs:110:61:110:61 | v | main.rs:110:47:110:67 | ...::min(...) | provenance | MaD:34 | -| main.rs:111:31:111:32 | l4 | main.rs:111:13:111:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:113:9:113:10 | l5 | main.rs:114:31:114:32 | l5 | provenance | | -| main.rs:113:14:113:68 | ...::array::<...>(...) [Ok] | main.rs:113:14:113:77 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:113:14:113:77 | ... .unwrap(...) | main.rs:113:9:113:10 | l5 | provenance | | -| main.rs:113:47:113:67 | ...::max(...) | main.rs:113:14:113:68 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | -| main.rs:113:61:113:61 | v | main.rs:113:47:113:67 | ...::max(...) | provenance | MaD:33 | -| main.rs:114:31:114:32 | l5 | main.rs:114:13:114:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:116:9:116:10 | l6 | main.rs:117:31:117:32 | l6 | provenance | | -| main.rs:116:14:116:63 | ...::array::<...>(...) [Ok] | main.rs:116:14:116:72 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:116:14:116:72 | ... .unwrap(...) | main.rs:116:9:116:10 | l6 | provenance | | -| main.rs:116:47:116:62 | clamp(...) | main.rs:116:14:116:63 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | -| main.rs:116:53:116:53 | v | main.rs:71:35:71:38 | ...: T | provenance | | -| main.rs:116:53:116:53 | v | main.rs:116:47:116:62 | clamp(...) | provenance | | -| main.rs:117:31:117:32 | l6 | main.rs:117:13:117:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:119:31:119:32 | l1 | main.rs:119:13:119:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:119:31:119:32 | l1 | main.rs:123:31:123:32 | l1 | provenance | | -| main.rs:123:31:123:32 | l1 | main.rs:123:13:123:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:128:29:128:36 | ...: usize | main.rs:137:46:137:46 | v | provenance | | -| main.rs:137:9:137:10 | l2 | main.rs:138:38:138:39 | l2 | provenance | | -| main.rs:137:14:137:47 | ...::array::<...>(...) [Ok] | main.rs:137:14:137:56 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:137:14:137:56 | ... .unwrap(...) | main.rs:137:9:137:10 | l2 | provenance | | -| main.rs:137:46:137:46 | v | main.rs:137:14:137:47 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | -| main.rs:138:38:138:39 | l2 | main.rs:138:32:138:36 | alloc | provenance | MaD:10 Sink:MaD:10 | -| main.rs:138:38:138:39 | l2 | main.rs:139:45:139:46 | l2 | provenance | | -| main.rs:139:45:139:46 | l2 | main.rs:139:32:139:43 | alloc_zeroed | provenance | MaD:11 Sink:MaD:11 | -| main.rs:139:45:139:46 | l2 | main.rs:140:41:140:42 | l2 | provenance | | -| main.rs:140:41:140:42 | l2 | main.rs:140:32:140:39 | allocate | provenance | MaD:6 Sink:MaD:6 | -| main.rs:140:41:140:42 | l2 | main.rs:141:48:141:49 | l2 | provenance | | -| main.rs:141:48:141:49 | l2 | main.rs:141:32:141:46 | allocate_zeroed | provenance | MaD:7 Sink:MaD:7 | -| main.rs:141:48:141:49 | l2 | main.rs:142:41:142:42 | l2 | provenance | | -| main.rs:142:41:142:42 | l2 | main.rs:142:32:142:39 | allocate | provenance | MaD:1 Sink:MaD:1 | -| main.rs:142:41:142:42 | l2 | main.rs:143:48:143:49 | l2 | provenance | | -| main.rs:143:48:143:49 | l2 | main.rs:143:32:143:46 | allocate_zeroed | provenance | MaD:2 Sink:MaD:2 | -| main.rs:143:48:143:49 | l2 | main.rs:153:53:153:54 | l2 | provenance | | -| main.rs:143:48:143:49 | l2 | main.rs:155:60:155:61 | l2 | provenance | | -| main.rs:153:53:153:54 | l2 | main.rs:153:40:153:43 | grow | provenance | MaD:8 Sink:MaD:8 | -| main.rs:155:60:155:61 | l2 | main.rs:155:40:155:50 | grow_zeroed | provenance | MaD:9 Sink:MaD:9 | -| main.rs:162:27:162:34 | ...: usize | main.rs:164:26:164:26 | v | provenance | | -| main.rs:164:26:164:26 | v | main.rs:164:13:164:24 | ...::malloc | provenance | MaD:14 Sink:MaD:14 | -| main.rs:164:26:164:26 | v | main.rs:164:13:164:24 | ...::malloc | provenance | MaD:14 Sink:MaD:14 | -| main.rs:164:26:164:26 | v | main.rs:165:36:165:36 | v | provenance | | -| main.rs:165:36:165:36 | v | main.rs:165:13:165:31 | ...::aligned_alloc | provenance | MaD:12 Sink:MaD:12 | -| main.rs:165:36:165:36 | v | main.rs:165:13:165:31 | ...::aligned_alloc | provenance | MaD:12 Sink:MaD:12 | -| main.rs:165:36:165:36 | v | main.rs:167:30:167:30 | v | provenance | | -| main.rs:167:30:167:30 | v | main.rs:167:13:167:24 | ...::calloc | provenance | MaD:13 Sink:MaD:13 | -| main.rs:167:30:167:30 | v | main.rs:167:13:167:24 | ...::calloc | provenance | MaD:13 Sink:MaD:13 | -| main.rs:167:30:167:30 | v | main.rs:168:26:168:26 | v | provenance | | -| main.rs:168:26:168:26 | v | main.rs:168:13:168:24 | ...::calloc | provenance | MaD:13 Sink:MaD:13 | -| main.rs:168:26:168:26 | v | main.rs:168:13:168:24 | ...::calloc | provenance | MaD:13 Sink:MaD:13 | -| main.rs:168:26:168:26 | v | main.rs:169:31:169:31 | v | provenance | | -| main.rs:169:31:169:31 | v | main.rs:169:13:169:25 | ...::realloc | provenance | MaD:15 Sink:MaD:15 | -| main.rs:169:31:169:31 | v | main.rs:169:13:169:25 | ...::realloc | provenance | MaD:15 Sink:MaD:15 | -| main.rs:224:24:224:41 | ...: String | main.rs:225:21:225:47 | user_input.parse(...) [Ok] | provenance | MaD:32 | -| main.rs:225:9:225:17 | num_bytes | main.rs:227:54:227:62 | num_bytes | provenance | | -| main.rs:225:21:225:47 | user_input.parse(...) [Ok] | main.rs:225:21:225:48 | TryExpr | provenance | | -| main.rs:225:21:225:48 | TryExpr | main.rs:225:9:225:17 | num_bytes | provenance | | -| main.rs:227:9:227:14 | layout | main.rs:229:40:229:45 | layout | provenance | | -| main.rs:227:18:227:66 | ...::from_size_align(...) [Ok] | main.rs:227:18:227:75 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:227:18:227:75 | ... .unwrap(...) | main.rs:227:9:227:14 | layout | provenance | | -| main.rs:227:54:227:62 | num_bytes | main.rs:227:18:227:66 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | -| main.rs:229:40:229:45 | layout | main.rs:229:22:229:38 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:237:25:237:42 | ...: String | main.rs:238:16:238:42 | user_input.parse(...) [Ok] | provenance | MaD:32 | -| main.rs:238:9:238:12 | size | main.rs:242:9:242:17 | num_bytes | provenance | | -| main.rs:238:16:238:42 | user_input.parse(...) [Ok] | main.rs:238:16:238:43 | TryExpr | provenance | | -| main.rs:238:16:238:43 | TryExpr | main.rs:238:9:238:12 | size | provenance | | -| main.rs:242:9:242:17 | num_bytes | main.rs:244:54:244:62 | num_bytes | provenance | | -| main.rs:244:9:244:14 | layout | main.rs:246:40:246:45 | layout | provenance | | -| main.rs:244:18:244:66 | ...::from_size_align(...) [Ok] | main.rs:244:18:244:75 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:244:18:244:75 | ... .unwrap(...) | main.rs:244:9:244:14 | layout | provenance | | -| main.rs:244:54:244:62 | num_bytes | main.rs:244:18:244:66 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | -| main.rs:246:40:246:45 | layout | main.rs:246:22:246:38 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:253:25:253:38 | ...::args | main.rs:253:25:253:40 | ...::args(...) [element] | provenance | Src:MaD:16 | -| main.rs:253:25:253:40 | ...::args(...) [element] | main.rs:253:25:253:47 | ... .nth(...) [Some] | provenance | MaD:35 | -| main.rs:253:25:253:47 | ... .nth(...) [Some] | main.rs:253:25:253:74 | ... .unwrap_or(...) | provenance | MaD:29 | -| main.rs:253:25:253:74 | ... .unwrap_or(...) | main.rs:224:24:224:41 | ...: String | provenance | | -| main.rs:254:26:254:39 | ...::args | main.rs:254:26:254:41 | ...::args(...) [element] | provenance | Src:MaD:16 | -| main.rs:254:26:254:41 | ...::args(...) [element] | main.rs:254:26:254:48 | ... .nth(...) [Some] | provenance | MaD:35 | -| main.rs:254:26:254:48 | ... .nth(...) [Some] | main.rs:254:26:254:75 | ... .unwrap_or(...) | provenance | MaD:29 | -| main.rs:254:26:254:75 | ... .unwrap_or(...) | main.rs:237:25:237:42 | ...: String | provenance | | -| main.rs:262:9:262:9 | v | main.rs:265:34:265:34 | v | provenance | | -| main.rs:262:9:262:9 | v | main.rs:266:42:266:42 | v | provenance | | -| main.rs:262:9:262:9 | v | main.rs:267:36:267:36 | v | provenance | | -| main.rs:262:9:262:9 | v | main.rs:268:27:268:27 | v | provenance | | -| main.rs:262:9:262:9 | v | main.rs:269:25:269:25 | v | provenance | | -| main.rs:262:13:262:26 | ...::args | main.rs:262:13:262:28 | ...::args(...) [element] | provenance | Src:MaD:16 | -| main.rs:262:13:262:28 | ...::args(...) [element] | main.rs:262:13:262:35 | ... .nth(...) [Some] | provenance | MaD:35 | -| main.rs:262:13:262:35 | ... .nth(...) [Some] | main.rs:262:13:262:65 | ... .unwrap_or(...) | provenance | MaD:29 | -| main.rs:262:13:262:65 | ... .unwrap_or(...) | main.rs:262:13:262:82 | ... .parse(...) [Ok] | provenance | MaD:32 | -| main.rs:262:13:262:82 | ... .parse(...) [Ok] | main.rs:262:13:262:91 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:262:13:262:91 | ... .unwrap(...) | main.rs:262:9:262:9 | v | provenance | | -| main.rs:265:34:265:34 | v | main.rs:12:36:12:43 | ...: usize | provenance | | -| main.rs:266:42:266:42 | v | main.rs:43:44:43:51 | ...: usize | provenance | | -| main.rs:267:36:267:36 | v | main.rs:81:38:81:45 | ...: usize | provenance | | -| main.rs:268:27:268:27 | v | main.rs:128:29:128:36 | ...: usize | provenance | | -| main.rs:269:25:269:25 | v | main.rs:162:27:162:34 | ...: usize | provenance | | +| main.rs:81:33:81:40 | ...: usize | main.rs:82:54:82:54 | v | provenance | | +| main.rs:82:9:82:14 | layout | main.rs:83:31:83:36 | layout | provenance | | +| main.rs:82:18:82:58 | ...::from_size_align(...) [Ok] | main.rs:82:18:82:67 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:82:18:82:67 | ... .unwrap(...) | main.rs:82:9:82:14 | layout | provenance | | +| main.rs:82:54:82:54 | v | main.rs:82:18:82:58 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | +| main.rs:83:31:83:36 | layout | main.rs:83:13:83:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:86:35:86:42 | ...: usize | main.rs:87:54:87:54 | v | provenance | | +| main.rs:87:9:87:14 | layout | main.rs:88:31:88:36 | layout | provenance | | +| main.rs:87:18:87:58 | ...::from_size_align(...) [Ok] | main.rs:87:18:87:67 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:87:18:87:67 | ... .unwrap(...) | main.rs:87:9:87:14 | layout | provenance | | +| main.rs:87:54:87:54 | v | main.rs:87:18:87:58 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | +| main.rs:88:31:88:36 | layout | main.rs:88:13:88:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:91:38:91:45 | ...: usize | main.rs:92:47:92:47 | v | provenance | | +| main.rs:91:38:91:45 | ...: usize | main.rs:95:51:95:51 | v | provenance | | +| main.rs:91:38:91:45 | ...: usize | main.rs:99:31:99:31 | v | provenance | | +| main.rs:91:38:91:45 | ...: usize | main.rs:101:51:101:51 | v | provenance | | +| main.rs:91:38:91:45 | ...: usize | main.rs:105:33:105:33 | v | provenance | | +| main.rs:91:38:91:45 | ...: usize | main.rs:115:54:115:54 | v | provenance | | +| main.rs:91:38:91:45 | ...: usize | main.rs:120:54:120:54 | v | provenance | | +| main.rs:91:38:91:45 | ...: usize | main.rs:125:54:125:54 | v | provenance | | +| main.rs:91:38:91:45 | ...: usize | main.rs:131:50:131:50 | v | provenance | | +| main.rs:91:38:91:45 | ...: usize | main.rs:138:13:138:21 | mut v_mut | provenance | | +| main.rs:91:38:91:45 | ...: usize | main.rs:145:51:145:51 | v | provenance | | +| main.rs:91:38:91:45 | ...: usize | main.rs:151:62:151:62 | v | provenance | | +| main.rs:91:38:91:45 | ...: usize | main.rs:154:62:154:62 | v | provenance | | +| main.rs:91:38:91:45 | ...: usize | main.rs:157:54:157:54 | v | provenance | | +| main.rs:91:38:91:45 | ...: usize | main.rs:161:55:161:55 | v | provenance | | +| main.rs:91:38:91:45 | ...: usize | main.rs:168:55:168:55 | v | provenance | | +| main.rs:91:38:91:45 | ...: usize | main.rs:176:51:176:51 | v | provenance | | +| main.rs:92:9:92:10 | l1 | main.rs:96:35:96:36 | l1 | provenance | | +| main.rs:92:9:92:10 | l1 | main.rs:102:35:102:36 | l1 | provenance | | +| main.rs:92:14:92:48 | ...::array::<...>(...) [Ok] | main.rs:92:14:92:57 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:92:14:92:57 | ... .unwrap(...) | main.rs:92:9:92:10 | l1 | provenance | | +| main.rs:92:47:92:47 | v | main.rs:92:14:92:48 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | +| main.rs:95:13:95:14 | l2 | main.rs:97:35:97:36 | l2 | provenance | | +| main.rs:95:18:95:52 | ...::array::<...>(...) [Ok] | main.rs:95:18:95:61 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:95:18:95:61 | ... .unwrap(...) | main.rs:95:13:95:14 | l2 | provenance | | +| main.rs:95:51:95:51 | v | main.rs:95:18:95:52 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | +| main.rs:96:35:96:36 | l1 | main.rs:96:17:96:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:96:35:96:36 | l1 | main.rs:109:35:109:36 | l1 | provenance | | +| main.rs:96:35:96:36 | l1 | main.rs:111:35:111:36 | l1 | provenance | | +| main.rs:97:35:97:36 | l2 | main.rs:97:17:97:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:99:31:99:31 | v | main.rs:81:33:81:40 | ...: usize | provenance | | +| main.rs:101:13:101:14 | l3 | main.rs:103:35:103:36 | l3 | provenance | | +| main.rs:101:18:101:52 | ...::array::<...>(...) [Ok] | main.rs:101:18:101:61 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:101:18:101:61 | ... .unwrap(...) | main.rs:101:13:101:14 | l3 | provenance | | +| main.rs:101:51:101:51 | v | main.rs:101:18:101:52 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | +| main.rs:102:35:102:36 | l1 | main.rs:102:17:102:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:102:35:102:36 | l1 | main.rs:109:35:109:36 | l1 | provenance | | +| main.rs:102:35:102:36 | l1 | main.rs:111:35:111:36 | l1 | provenance | | +| main.rs:103:35:103:36 | l3 | main.rs:103:17:103:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:105:33:105:33 | v | main.rs:86:35:86:42 | ...: usize | provenance | | +| main.rs:109:35:109:36 | l1 | main.rs:109:17:109:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:109:35:109:36 | l1 | main.rs:146:35:146:36 | l1 | provenance | | +| main.rs:111:35:111:36 | l1 | main.rs:111:17:111:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:111:35:111:36 | l1 | main.rs:146:35:146:36 | l1 | provenance | | +| main.rs:115:13:115:14 | l4 | main.rs:116:35:116:36 | l4 | provenance | | +| main.rs:115:18:115:58 | ...::from_size_align(...) [Ok] | main.rs:115:18:115:67 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:115:18:115:67 | ... .unwrap(...) | main.rs:115:13:115:14 | l4 | provenance | | +| main.rs:115:54:115:54 | v | main.rs:115:18:115:58 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | +| main.rs:116:35:116:36 | l4 | main.rs:116:17:116:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:120:13:120:14 | l5 | main.rs:121:35:121:36 | l5 | provenance | | +| main.rs:120:18:120:58 | ...::from_size_align(...) [Ok] | main.rs:120:18:120:67 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:120:18:120:67 | ... .unwrap(...) | main.rs:120:13:120:14 | l5 | provenance | | +| main.rs:120:54:120:54 | v | main.rs:120:18:120:58 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | +| main.rs:121:35:121:36 | l5 | main.rs:121:17:121:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:125:13:125:14 | l6 | main.rs:126:35:126:36 | l6 | provenance | | +| main.rs:125:18:125:58 | ...::from_size_align(...) [Ok] | main.rs:125:18:125:67 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:125:18:125:67 | ... .unwrap(...) | main.rs:125:13:125:14 | l6 | provenance | | +| main.rs:125:54:125:54 | v | main.rs:125:18:125:58 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | +| main.rs:126:35:126:36 | l6 | main.rs:126:17:126:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:131:9:131:10 | l7 | main.rs:135:31:135:32 | l7 | provenance | | +| main.rs:131:14:131:54 | ...::from_size_align(...) [Ok] | main.rs:131:14:131:63 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:131:14:131:63 | ... .unwrap(...) | main.rs:131:9:131:10 | l7 | provenance | | +| main.rs:131:50:131:50 | v | main.rs:131:14:131:54 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | +| main.rs:135:31:135:32 | l7 | main.rs:135:13:135:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:138:13:138:21 | mut v_mut | main.rs:144:51:144:55 | v_mut | provenance | | +| main.rs:144:13:144:14 | l8 | main.rs:147:35:147:36 | l8 | provenance | | +| main.rs:144:18:144:56 | ...::array::<...>(...) [Ok] | main.rs:144:18:144:65 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:144:18:144:65 | ... .unwrap(...) | main.rs:144:13:144:14 | l8 | provenance | | +| main.rs:144:51:144:55 | v_mut | main.rs:144:18:144:56 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | +| main.rs:145:13:145:14 | l9 | main.rs:148:35:148:36 | l9 | provenance | | +| main.rs:145:18:145:52 | ...::array::<...>(...) [Ok] | main.rs:145:18:145:61 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:145:18:145:61 | ... .unwrap(...) | main.rs:145:13:145:14 | l9 | provenance | | +| main.rs:145:51:145:51 | v | main.rs:145:18:145:52 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | +| main.rs:146:35:146:36 | l1 | main.rs:146:17:146:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:146:35:146:36 | l1 | main.rs:177:31:177:32 | l1 | provenance | | +| main.rs:147:35:147:36 | l8 | main.rs:147:17:147:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:148:35:148:36 | l9 | main.rs:148:17:148:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:151:9:151:11 | l10 | main.rs:152:31:152:33 | l10 | provenance | | +| main.rs:151:15:151:69 | ...::array::<...>(...) [Ok] | main.rs:151:15:151:78 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:151:15:151:78 | ... .unwrap(...) | main.rs:151:9:151:11 | l10 | provenance | | +| main.rs:151:48:151:68 | ...::min(...) | main.rs:151:15:151:69 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | +| main.rs:151:62:151:62 | v | main.rs:151:48:151:68 | ...::min(...) | provenance | MaD:34 | +| main.rs:152:31:152:33 | l10 | main.rs:152:13:152:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:154:9:154:11 | l11 | main.rs:155:31:155:33 | l11 | provenance | | +| main.rs:154:15:154:69 | ...::array::<...>(...) [Ok] | main.rs:154:15:154:78 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:154:15:154:78 | ... .unwrap(...) | main.rs:154:9:154:11 | l11 | provenance | | +| main.rs:154:48:154:68 | ...::max(...) | main.rs:154:15:154:69 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | +| main.rs:154:62:154:62 | v | main.rs:154:48:154:68 | ...::max(...) | provenance | MaD:33 | +| main.rs:155:31:155:33 | l11 | main.rs:155:13:155:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:157:9:157:11 | l12 | main.rs:158:31:158:33 | l12 | provenance | | +| main.rs:157:15:157:64 | ...::array::<...>(...) [Ok] | main.rs:157:15:157:73 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:157:15:157:73 | ... .unwrap(...) | main.rs:157:9:157:11 | l12 | provenance | | +| main.rs:157:48:157:63 | clamp(...) | main.rs:157:15:157:64 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | +| main.rs:157:54:157:54 | v | main.rs:71:35:71:38 | ...: T | provenance | | +| main.rs:157:54:157:54 | v | main.rs:157:48:157:63 | clamp(...) | provenance | | +| main.rs:158:31:158:33 | l12 | main.rs:158:13:158:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:161:13:161:15 | l13 | main.rs:162:35:162:37 | l13 | provenance | | +| main.rs:161:19:161:59 | ...::from_size_align(...) [Ok] | main.rs:161:19:161:68 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:161:19:161:68 | ... .unwrap(...) | main.rs:161:13:161:15 | l13 | provenance | | +| main.rs:161:55:161:55 | v | main.rs:161:19:161:59 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | +| main.rs:162:35:162:37 | l13 | main.rs:162:17:162:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:162:35:162:37 | l13 | main.rs:169:35:169:37 | l13 | provenance | | +| main.rs:168:13:168:15 | l14 | main.rs:170:35:170:37 | l14 | provenance | | +| main.rs:168:19:168:59 | ...::from_size_align(...) [Ok] | main.rs:168:19:168:68 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:168:19:168:68 | ... .unwrap(...) | main.rs:168:13:168:15 | l14 | provenance | | +| main.rs:168:55:168:55 | v | main.rs:168:19:168:59 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | +| main.rs:169:35:169:37 | l13 | main.rs:169:17:169:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:170:35:170:37 | l14 | main.rs:170:17:170:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:176:9:176:11 | l15 | main.rs:178:31:178:33 | l15 | provenance | | +| main.rs:176:15:176:55 | ...::from_size_align(...) [Ok] | main.rs:176:15:176:64 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:176:15:176:64 | ... .unwrap(...) | main.rs:176:9:176:11 | l15 | provenance | | +| main.rs:176:51:176:51 | v | main.rs:176:15:176:55 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | +| main.rs:177:31:177:32 | l1 | main.rs:177:13:177:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:178:31:178:33 | l15 | main.rs:178:13:178:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:183:29:183:36 | ...: usize | main.rs:192:46:192:46 | v | provenance | | +| main.rs:192:9:192:10 | l2 | main.rs:193:38:193:39 | l2 | provenance | | +| main.rs:192:14:192:47 | ...::array::<...>(...) [Ok] | main.rs:192:14:192:56 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:192:14:192:56 | ... .unwrap(...) | main.rs:192:9:192:10 | l2 | provenance | | +| main.rs:192:46:192:46 | v | main.rs:192:14:192:47 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | +| main.rs:193:38:193:39 | l2 | main.rs:193:32:193:36 | alloc | provenance | MaD:10 Sink:MaD:10 | +| main.rs:193:38:193:39 | l2 | main.rs:194:45:194:46 | l2 | provenance | | +| main.rs:194:45:194:46 | l2 | main.rs:194:32:194:43 | alloc_zeroed | provenance | MaD:11 Sink:MaD:11 | +| main.rs:194:45:194:46 | l2 | main.rs:195:41:195:42 | l2 | provenance | | +| main.rs:195:41:195:42 | l2 | main.rs:195:32:195:39 | allocate | provenance | MaD:6 Sink:MaD:6 | +| main.rs:195:41:195:42 | l2 | main.rs:196:48:196:49 | l2 | provenance | | +| main.rs:196:48:196:49 | l2 | main.rs:196:32:196:46 | allocate_zeroed | provenance | MaD:7 Sink:MaD:7 | +| main.rs:196:48:196:49 | l2 | main.rs:197:41:197:42 | l2 | provenance | | +| main.rs:197:41:197:42 | l2 | main.rs:197:32:197:39 | allocate | provenance | MaD:1 Sink:MaD:1 | +| main.rs:197:41:197:42 | l2 | main.rs:198:48:198:49 | l2 | provenance | | +| main.rs:198:48:198:49 | l2 | main.rs:198:32:198:46 | allocate_zeroed | provenance | MaD:2 Sink:MaD:2 | +| main.rs:198:48:198:49 | l2 | main.rs:208:53:208:54 | l2 | provenance | | +| main.rs:198:48:198:49 | l2 | main.rs:210:60:210:61 | l2 | provenance | | +| main.rs:208:53:208:54 | l2 | main.rs:208:40:208:43 | grow | provenance | MaD:8 Sink:MaD:8 | +| main.rs:210:60:210:61 | l2 | main.rs:210:40:210:50 | grow_zeroed | provenance | MaD:9 Sink:MaD:9 | +| main.rs:217:27:217:34 | ...: usize | main.rs:219:26:219:26 | v | provenance | | +| main.rs:219:26:219:26 | v | main.rs:219:13:219:24 | ...::malloc | provenance | MaD:14 Sink:MaD:14 | +| main.rs:219:26:219:26 | v | main.rs:219:13:219:24 | ...::malloc | provenance | MaD:14 Sink:MaD:14 | +| main.rs:219:26:219:26 | v | main.rs:220:36:220:36 | v | provenance | | +| main.rs:220:36:220:36 | v | main.rs:220:13:220:31 | ...::aligned_alloc | provenance | MaD:12 Sink:MaD:12 | +| main.rs:220:36:220:36 | v | main.rs:220:13:220:31 | ...::aligned_alloc | provenance | MaD:12 Sink:MaD:12 | +| main.rs:220:36:220:36 | v | main.rs:222:30:222:30 | v | provenance | | +| main.rs:222:30:222:30 | v | main.rs:222:13:222:24 | ...::calloc | provenance | MaD:13 Sink:MaD:13 | +| main.rs:222:30:222:30 | v | main.rs:222:13:222:24 | ...::calloc | provenance | MaD:13 Sink:MaD:13 | +| main.rs:222:30:222:30 | v | main.rs:223:26:223:26 | v | provenance | | +| main.rs:223:26:223:26 | v | main.rs:223:13:223:24 | ...::calloc | provenance | MaD:13 Sink:MaD:13 | +| main.rs:223:26:223:26 | v | main.rs:223:13:223:24 | ...::calloc | provenance | MaD:13 Sink:MaD:13 | +| main.rs:223:26:223:26 | v | main.rs:224:31:224:31 | v | provenance | | +| main.rs:224:31:224:31 | v | main.rs:224:13:224:25 | ...::realloc | provenance | MaD:15 Sink:MaD:15 | +| main.rs:224:31:224:31 | v | main.rs:224:13:224:25 | ...::realloc | provenance | MaD:15 Sink:MaD:15 | +| main.rs:279:24:279:41 | ...: String | main.rs:280:21:280:47 | user_input.parse(...) [Ok] | provenance | MaD:32 | +| main.rs:280:9:280:17 | num_bytes | main.rs:282:54:282:62 | num_bytes | provenance | | +| main.rs:280:21:280:47 | user_input.parse(...) [Ok] | main.rs:280:21:280:48 | TryExpr | provenance | | +| main.rs:280:21:280:48 | TryExpr | main.rs:280:9:280:17 | num_bytes | provenance | | +| main.rs:282:9:282:14 | layout | main.rs:284:40:284:45 | layout | provenance | | +| main.rs:282:18:282:66 | ...::from_size_align(...) [Ok] | main.rs:282:18:282:75 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:282:18:282:75 | ... .unwrap(...) | main.rs:282:9:282:14 | layout | provenance | | +| main.rs:282:54:282:62 | num_bytes | main.rs:282:18:282:66 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | +| main.rs:284:40:284:45 | layout | main.rs:284:22:284:38 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:292:25:292:42 | ...: String | main.rs:293:16:293:42 | user_input.parse(...) [Ok] | provenance | MaD:32 | +| main.rs:293:9:293:12 | size | main.rs:297:9:297:17 | num_bytes | provenance | | +| main.rs:293:16:293:42 | user_input.parse(...) [Ok] | main.rs:293:16:293:43 | TryExpr | provenance | | +| main.rs:293:16:293:43 | TryExpr | main.rs:293:9:293:12 | size | provenance | | +| main.rs:297:9:297:17 | num_bytes | main.rs:299:54:299:62 | num_bytes | provenance | | +| main.rs:299:9:299:14 | layout | main.rs:301:40:301:45 | layout | provenance | | +| main.rs:299:18:299:66 | ...::from_size_align(...) [Ok] | main.rs:299:18:299:75 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:299:18:299:75 | ... .unwrap(...) | main.rs:299:9:299:14 | layout | provenance | | +| main.rs:299:54:299:62 | num_bytes | main.rs:299:18:299:66 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | +| main.rs:301:40:301:45 | layout | main.rs:301:22:301:38 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:308:25:308:38 | ...::args | main.rs:308:25:308:40 | ...::args(...) [element] | provenance | Src:MaD:16 | +| main.rs:308:25:308:40 | ...::args(...) [element] | main.rs:308:25:308:47 | ... .nth(...) [Some] | provenance | MaD:35 | +| main.rs:308:25:308:47 | ... .nth(...) [Some] | main.rs:308:25:308:74 | ... .unwrap_or(...) | provenance | MaD:29 | +| main.rs:308:25:308:74 | ... .unwrap_or(...) | main.rs:279:24:279:41 | ...: String | provenance | | +| main.rs:309:26:309:39 | ...::args | main.rs:309:26:309:41 | ...::args(...) [element] | provenance | Src:MaD:16 | +| main.rs:309:26:309:41 | ...::args(...) [element] | main.rs:309:26:309:48 | ... .nth(...) [Some] | provenance | MaD:35 | +| main.rs:309:26:309:48 | ... .nth(...) [Some] | main.rs:309:26:309:75 | ... .unwrap_or(...) | provenance | MaD:29 | +| main.rs:309:26:309:75 | ... .unwrap_or(...) | main.rs:292:25:292:42 | ...: String | provenance | | +| main.rs:317:9:317:9 | v | main.rs:320:34:320:34 | v | provenance | | +| main.rs:317:9:317:9 | v | main.rs:321:42:321:42 | v | provenance | | +| main.rs:317:9:317:9 | v | main.rs:322:36:322:36 | v | provenance | | +| main.rs:317:9:317:9 | v | main.rs:323:27:323:27 | v | provenance | | +| main.rs:317:9:317:9 | v | main.rs:324:25:324:25 | v | provenance | | +| main.rs:317:13:317:26 | ...::args | main.rs:317:13:317:28 | ...::args(...) [element] | provenance | Src:MaD:16 | +| main.rs:317:13:317:28 | ...::args(...) [element] | main.rs:317:13:317:35 | ... .nth(...) [Some] | provenance | MaD:35 | +| main.rs:317:13:317:35 | ... .nth(...) [Some] | main.rs:317:13:317:65 | ... .unwrap_or(...) | provenance | MaD:29 | +| main.rs:317:13:317:65 | ... .unwrap_or(...) | main.rs:317:13:317:82 | ... .parse(...) [Ok] | provenance | MaD:32 | +| main.rs:317:13:317:82 | ... .parse(...) [Ok] | main.rs:317:13:317:91 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:317:13:317:91 | ... .unwrap(...) | main.rs:317:9:317:9 | v | provenance | | +| main.rs:320:34:320:34 | v | main.rs:12:36:12:43 | ...: usize | provenance | | +| main.rs:321:42:321:42 | v | main.rs:43:44:43:51 | ...: usize | provenance | | +| main.rs:322:36:322:36 | v | main.rs:91:38:91:45 | ...: usize | provenance | | +| main.rs:323:27:323:27 | v | main.rs:183:29:183:36 | ...: usize | provenance | | +| main.rs:324:25:324:25 | v | main.rs:217:27:217:34 | ...: usize | provenance | | models | 1 | Sink: lang:alloc; ::allocate; alloc-layout; Argument[0] | | 2 | Sink: lang:alloc; ::allocate_zeroed; alloc-layout; Argument[0] | @@ -402,134 +486,206 @@ nodes | main.rs:68:31:68:32 | l4 | semmle.label | l4 | | main.rs:71:35:71:38 | ...: T | semmle.label | ...: T | | main.rs:77:9:77:16 | return v | semmle.label | return v | -| main.rs:81:38:81:45 | ...: usize | semmle.label | ...: usize | -| main.rs:82:9:82:10 | l1 | semmle.label | l1 | -| main.rs:82:14:82:48 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | -| main.rs:82:14:82:57 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:82:47:82:47 | v | semmle.label | v | -| main.rs:85:17:85:33 | ...::alloc | semmle.label | ...::alloc | -| main.rs:85:35:85:36 | l1 | semmle.label | l1 | -| main.rs:87:17:87:33 | ...::alloc | semmle.label | ...::alloc | -| main.rs:87:35:87:36 | l1 | semmle.label | l1 | -| main.rs:91:17:91:33 | ...::alloc | semmle.label | ...::alloc | -| main.rs:91:35:91:36 | l1 | semmle.label | l1 | -| main.rs:93:17:93:33 | ...::alloc | semmle.label | ...::alloc | -| main.rs:93:35:93:36 | l1 | semmle.label | l1 | -| main.rs:97:13:97:21 | mut v_mut | semmle.label | mut v_mut | -| main.rs:103:13:103:14 | l2 | semmle.label | l2 | -| main.rs:103:18:103:56 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | -| main.rs:103:18:103:65 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:103:51:103:55 | v_mut | semmle.label | v_mut | -| main.rs:104:17:104:33 | ...::alloc | semmle.label | ...::alloc | -| main.rs:104:35:104:36 | l2 | semmle.label | l2 | -| main.rs:106:13:106:14 | l3 | semmle.label | l3 | -| main.rs:106:18:106:52 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | -| main.rs:106:18:106:61 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:106:51:106:51 | v | semmle.label | v | -| main.rs:107:17:107:33 | ...::alloc | semmle.label | ...::alloc | -| main.rs:107:35:107:36 | l3 | semmle.label | l3 | -| main.rs:110:9:110:10 | l4 | semmle.label | l4 | -| main.rs:110:14:110:68 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | -| main.rs:110:14:110:77 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:110:47:110:67 | ...::min(...) | semmle.label | ...::min(...) | -| main.rs:110:61:110:61 | v | semmle.label | v | -| main.rs:111:13:111:29 | ...::alloc | semmle.label | ...::alloc | -| main.rs:111:31:111:32 | l4 | semmle.label | l4 | -| main.rs:113:9:113:10 | l5 | semmle.label | l5 | -| main.rs:113:14:113:68 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | -| main.rs:113:14:113:77 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:113:47:113:67 | ...::max(...) | semmle.label | ...::max(...) | -| main.rs:113:61:113:61 | v | semmle.label | v | -| main.rs:114:13:114:29 | ...::alloc | semmle.label | ...::alloc | -| main.rs:114:31:114:32 | l5 | semmle.label | l5 | -| main.rs:116:9:116:10 | l6 | semmle.label | l6 | -| main.rs:116:14:116:63 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | -| main.rs:116:14:116:72 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:116:47:116:62 | clamp(...) | semmle.label | clamp(...) | -| main.rs:116:53:116:53 | v | semmle.label | v | -| main.rs:117:13:117:29 | ...::alloc | semmle.label | ...::alloc | -| main.rs:117:31:117:32 | l6 | semmle.label | l6 | -| main.rs:119:13:119:29 | ...::alloc | semmle.label | ...::alloc | -| main.rs:119:31:119:32 | l1 | semmle.label | l1 | -| main.rs:123:13:123:29 | ...::alloc | semmle.label | ...::alloc | -| main.rs:123:31:123:32 | l1 | semmle.label | l1 | -| main.rs:128:29:128:36 | ...: usize | semmle.label | ...: usize | -| main.rs:137:9:137:10 | l2 | semmle.label | l2 | -| main.rs:137:14:137:47 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | -| main.rs:137:14:137:56 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:137:46:137:46 | v | semmle.label | v | -| main.rs:138:32:138:36 | alloc | semmle.label | alloc | -| main.rs:138:38:138:39 | l2 | semmle.label | l2 | -| main.rs:139:32:139:43 | alloc_zeroed | semmle.label | alloc_zeroed | -| main.rs:139:45:139:46 | l2 | semmle.label | l2 | -| main.rs:140:32:140:39 | allocate | semmle.label | allocate | -| main.rs:140:41:140:42 | l2 | semmle.label | l2 | -| main.rs:141:32:141:46 | allocate_zeroed | semmle.label | allocate_zeroed | -| main.rs:141:48:141:49 | l2 | semmle.label | l2 | -| main.rs:142:32:142:39 | allocate | semmle.label | allocate | -| main.rs:142:41:142:42 | l2 | semmle.label | l2 | -| main.rs:143:32:143:46 | allocate_zeroed | semmle.label | allocate_zeroed | -| main.rs:143:48:143:49 | l2 | semmle.label | l2 | -| main.rs:153:40:153:43 | grow | semmle.label | grow | -| main.rs:153:53:153:54 | l2 | semmle.label | l2 | -| main.rs:155:40:155:50 | grow_zeroed | semmle.label | grow_zeroed | -| main.rs:155:60:155:61 | l2 | semmle.label | l2 | -| main.rs:162:27:162:34 | ...: usize | semmle.label | ...: usize | -| main.rs:164:13:164:24 | ...::malloc | semmle.label | ...::malloc | -| main.rs:164:13:164:24 | ...::malloc | semmle.label | ...::malloc | -| main.rs:164:26:164:26 | v | semmle.label | v | -| main.rs:165:13:165:31 | ...::aligned_alloc | semmle.label | ...::aligned_alloc | -| main.rs:165:13:165:31 | ...::aligned_alloc | semmle.label | ...::aligned_alloc | -| main.rs:165:36:165:36 | v | semmle.label | v | -| main.rs:167:13:167:24 | ...::calloc | semmle.label | ...::calloc | -| main.rs:167:13:167:24 | ...::calloc | semmle.label | ...::calloc | -| main.rs:167:30:167:30 | v | semmle.label | v | -| main.rs:168:13:168:24 | ...::calloc | semmle.label | ...::calloc | -| main.rs:168:13:168:24 | ...::calloc | semmle.label | ...::calloc | -| main.rs:168:26:168:26 | v | semmle.label | v | -| main.rs:169:13:169:25 | ...::realloc | semmle.label | ...::realloc | -| main.rs:169:13:169:25 | ...::realloc | semmle.label | ...::realloc | -| main.rs:169:31:169:31 | v | semmle.label | v | -| main.rs:224:24:224:41 | ...: String | semmle.label | ...: String | -| main.rs:225:9:225:17 | num_bytes | semmle.label | num_bytes | -| main.rs:225:21:225:47 | user_input.parse(...) [Ok] | semmle.label | user_input.parse(...) [Ok] | -| main.rs:225:21:225:48 | TryExpr | semmle.label | TryExpr | -| main.rs:227:9:227:14 | layout | semmle.label | layout | -| main.rs:227:18:227:66 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | -| main.rs:227:18:227:75 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:227:54:227:62 | num_bytes | semmle.label | num_bytes | -| main.rs:229:22:229:38 | ...::alloc | semmle.label | ...::alloc | -| main.rs:229:40:229:45 | layout | semmle.label | layout | -| main.rs:237:25:237:42 | ...: String | semmle.label | ...: String | -| main.rs:238:9:238:12 | size | semmle.label | size | -| main.rs:238:16:238:42 | user_input.parse(...) [Ok] | semmle.label | user_input.parse(...) [Ok] | -| main.rs:238:16:238:43 | TryExpr | semmle.label | TryExpr | -| main.rs:242:9:242:17 | num_bytes | semmle.label | num_bytes | -| main.rs:244:9:244:14 | layout | semmle.label | layout | -| main.rs:244:18:244:66 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | -| main.rs:244:18:244:75 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:244:54:244:62 | num_bytes | semmle.label | num_bytes | -| main.rs:246:22:246:38 | ...::alloc | semmle.label | ...::alloc | -| main.rs:246:40:246:45 | layout | semmle.label | layout | -| main.rs:253:25:253:38 | ...::args | semmle.label | ...::args | -| main.rs:253:25:253:40 | ...::args(...) [element] | semmle.label | ...::args(...) [element] | -| main.rs:253:25:253:47 | ... .nth(...) [Some] | semmle.label | ... .nth(...) [Some] | -| main.rs:253:25:253:74 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) | -| main.rs:254:26:254:39 | ...::args | semmle.label | ...::args | -| main.rs:254:26:254:41 | ...::args(...) [element] | semmle.label | ...::args(...) [element] | -| main.rs:254:26:254:48 | ... .nth(...) [Some] | semmle.label | ... .nth(...) [Some] | -| main.rs:254:26:254:75 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) | -| main.rs:262:9:262:9 | v | semmle.label | v | -| main.rs:262:13:262:26 | ...::args | semmle.label | ...::args | -| main.rs:262:13:262:28 | ...::args(...) [element] | semmle.label | ...::args(...) [element] | -| main.rs:262:13:262:35 | ... .nth(...) [Some] | semmle.label | ... .nth(...) [Some] | -| main.rs:262:13:262:65 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) | -| main.rs:262:13:262:82 | ... .parse(...) [Ok] | semmle.label | ... .parse(...) [Ok] | -| main.rs:262:13:262:91 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:265:34:265:34 | v | semmle.label | v | -| main.rs:266:42:266:42 | v | semmle.label | v | -| main.rs:267:36:267:36 | v | semmle.label | v | -| main.rs:268:27:268:27 | v | semmle.label | v | -| main.rs:269:25:269:25 | v | semmle.label | v | +| main.rs:81:33:81:40 | ...: usize | semmle.label | ...: usize | +| main.rs:82:9:82:14 | layout | semmle.label | layout | +| main.rs:82:18:82:58 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | +| main.rs:82:18:82:67 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:82:54:82:54 | v | semmle.label | v | +| main.rs:83:13:83:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:83:31:83:36 | layout | semmle.label | layout | +| main.rs:86:35:86:42 | ...: usize | semmle.label | ...: usize | +| main.rs:87:9:87:14 | layout | semmle.label | layout | +| main.rs:87:18:87:58 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | +| main.rs:87:18:87:67 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:87:54:87:54 | v | semmle.label | v | +| main.rs:88:13:88:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:88:31:88:36 | layout | semmle.label | layout | +| main.rs:91:38:91:45 | ...: usize | semmle.label | ...: usize | +| main.rs:92:9:92:10 | l1 | semmle.label | l1 | +| main.rs:92:14:92:48 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | +| main.rs:92:14:92:57 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:92:47:92:47 | v | semmle.label | v | +| main.rs:95:13:95:14 | l2 | semmle.label | l2 | +| main.rs:95:18:95:52 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | +| main.rs:95:18:95:61 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:95:51:95:51 | v | semmle.label | v | +| main.rs:96:17:96:33 | ...::alloc | semmle.label | ...::alloc | +| main.rs:96:35:96:36 | l1 | semmle.label | l1 | +| main.rs:97:17:97:33 | ...::alloc | semmle.label | ...::alloc | +| main.rs:97:35:97:36 | l2 | semmle.label | l2 | +| main.rs:99:31:99:31 | v | semmle.label | v | +| main.rs:101:13:101:14 | l3 | semmle.label | l3 | +| main.rs:101:18:101:52 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | +| main.rs:101:18:101:61 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:101:51:101:51 | v | semmle.label | v | +| main.rs:102:17:102:33 | ...::alloc | semmle.label | ...::alloc | +| main.rs:102:35:102:36 | l1 | semmle.label | l1 | +| main.rs:103:17:103:33 | ...::alloc | semmle.label | ...::alloc | +| main.rs:103:35:103:36 | l3 | semmle.label | l3 | +| main.rs:105:33:105:33 | v | semmle.label | v | +| main.rs:109:17:109:33 | ...::alloc | semmle.label | ...::alloc | +| main.rs:109:35:109:36 | l1 | semmle.label | l1 | +| main.rs:111:17:111:33 | ...::alloc | semmle.label | ...::alloc | +| main.rs:111:35:111:36 | l1 | semmle.label | l1 | +| main.rs:115:13:115:14 | l4 | semmle.label | l4 | +| main.rs:115:18:115:58 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | +| main.rs:115:18:115:67 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:115:54:115:54 | v | semmle.label | v | +| main.rs:116:17:116:33 | ...::alloc | semmle.label | ...::alloc | +| main.rs:116:35:116:36 | l4 | semmle.label | l4 | +| main.rs:120:13:120:14 | l5 | semmle.label | l5 | +| main.rs:120:18:120:58 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | +| main.rs:120:18:120:67 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:120:54:120:54 | v | semmle.label | v | +| main.rs:121:17:121:33 | ...::alloc | semmle.label | ...::alloc | +| main.rs:121:35:121:36 | l5 | semmle.label | l5 | +| main.rs:125:13:125:14 | l6 | semmle.label | l6 | +| main.rs:125:18:125:58 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | +| main.rs:125:18:125:67 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:125:54:125:54 | v | semmle.label | v | +| main.rs:126:17:126:33 | ...::alloc | semmle.label | ...::alloc | +| main.rs:126:35:126:36 | l6 | semmle.label | l6 | +| main.rs:131:9:131:10 | l7 | semmle.label | l7 | +| main.rs:131:14:131:54 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | +| main.rs:131:14:131:63 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:131:50:131:50 | v | semmle.label | v | +| main.rs:135:13:135:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:135:31:135:32 | l7 | semmle.label | l7 | +| main.rs:138:13:138:21 | mut v_mut | semmle.label | mut v_mut | +| main.rs:144:13:144:14 | l8 | semmle.label | l8 | +| main.rs:144:18:144:56 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | +| main.rs:144:18:144:65 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:144:51:144:55 | v_mut | semmle.label | v_mut | +| main.rs:145:13:145:14 | l9 | semmle.label | l9 | +| main.rs:145:18:145:52 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | +| main.rs:145:18:145:61 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:145:51:145:51 | v | semmle.label | v | +| main.rs:146:17:146:33 | ...::alloc | semmle.label | ...::alloc | +| main.rs:146:35:146:36 | l1 | semmle.label | l1 | +| main.rs:147:17:147:33 | ...::alloc | semmle.label | ...::alloc | +| main.rs:147:35:147:36 | l8 | semmle.label | l8 | +| main.rs:148:17:148:33 | ...::alloc | semmle.label | ...::alloc | +| main.rs:148:35:148:36 | l9 | semmle.label | l9 | +| main.rs:151:9:151:11 | l10 | semmle.label | l10 | +| main.rs:151:15:151:69 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | +| main.rs:151:15:151:78 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:151:48:151:68 | ...::min(...) | semmle.label | ...::min(...) | +| main.rs:151:62:151:62 | v | semmle.label | v | +| main.rs:152:13:152:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:152:31:152:33 | l10 | semmle.label | l10 | +| main.rs:154:9:154:11 | l11 | semmle.label | l11 | +| main.rs:154:15:154:69 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | +| main.rs:154:15:154:78 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:154:48:154:68 | ...::max(...) | semmle.label | ...::max(...) | +| main.rs:154:62:154:62 | v | semmle.label | v | +| main.rs:155:13:155:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:155:31:155:33 | l11 | semmle.label | l11 | +| main.rs:157:9:157:11 | l12 | semmle.label | l12 | +| main.rs:157:15:157:64 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | +| main.rs:157:15:157:73 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:157:48:157:63 | clamp(...) | semmle.label | clamp(...) | +| main.rs:157:54:157:54 | v | semmle.label | v | +| main.rs:158:13:158:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:158:31:158:33 | l12 | semmle.label | l12 | +| main.rs:161:13:161:15 | l13 | semmle.label | l13 | +| main.rs:161:19:161:59 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | +| main.rs:161:19:161:68 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:161:55:161:55 | v | semmle.label | v | +| main.rs:162:17:162:33 | ...::alloc | semmle.label | ...::alloc | +| main.rs:162:35:162:37 | l13 | semmle.label | l13 | +| main.rs:168:13:168:15 | l14 | semmle.label | l14 | +| main.rs:168:19:168:59 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | +| main.rs:168:19:168:68 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:168:55:168:55 | v | semmle.label | v | +| main.rs:169:17:169:33 | ...::alloc | semmle.label | ...::alloc | +| main.rs:169:35:169:37 | l13 | semmle.label | l13 | +| main.rs:170:17:170:33 | ...::alloc | semmle.label | ...::alloc | +| main.rs:170:35:170:37 | l14 | semmle.label | l14 | +| main.rs:176:9:176:11 | l15 | semmle.label | l15 | +| main.rs:176:15:176:55 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | +| main.rs:176:15:176:64 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:176:51:176:51 | v | semmle.label | v | +| main.rs:177:13:177:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:177:31:177:32 | l1 | semmle.label | l1 | +| main.rs:178:13:178:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:178:31:178:33 | l15 | semmle.label | l15 | +| main.rs:183:29:183:36 | ...: usize | semmle.label | ...: usize | +| main.rs:192:9:192:10 | l2 | semmle.label | l2 | +| main.rs:192:14:192:47 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | +| main.rs:192:14:192:56 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:192:46:192:46 | v | semmle.label | v | +| main.rs:193:32:193:36 | alloc | semmle.label | alloc | +| main.rs:193:38:193:39 | l2 | semmle.label | l2 | +| main.rs:194:32:194:43 | alloc_zeroed | semmle.label | alloc_zeroed | +| main.rs:194:45:194:46 | l2 | semmle.label | l2 | +| main.rs:195:32:195:39 | allocate | semmle.label | allocate | +| main.rs:195:41:195:42 | l2 | semmle.label | l2 | +| main.rs:196:32:196:46 | allocate_zeroed | semmle.label | allocate_zeroed | +| main.rs:196:48:196:49 | l2 | semmle.label | l2 | +| main.rs:197:32:197:39 | allocate | semmle.label | allocate | +| main.rs:197:41:197:42 | l2 | semmle.label | l2 | +| main.rs:198:32:198:46 | allocate_zeroed | semmle.label | allocate_zeroed | +| main.rs:198:48:198:49 | l2 | semmle.label | l2 | +| main.rs:208:40:208:43 | grow | semmle.label | grow | +| main.rs:208:53:208:54 | l2 | semmle.label | l2 | +| main.rs:210:40:210:50 | grow_zeroed | semmle.label | grow_zeroed | +| main.rs:210:60:210:61 | l2 | semmle.label | l2 | +| main.rs:217:27:217:34 | ...: usize | semmle.label | ...: usize | +| main.rs:219:13:219:24 | ...::malloc | semmle.label | ...::malloc | +| main.rs:219:13:219:24 | ...::malloc | semmle.label | ...::malloc | +| main.rs:219:26:219:26 | v | semmle.label | v | +| main.rs:220:13:220:31 | ...::aligned_alloc | semmle.label | ...::aligned_alloc | +| main.rs:220:13:220:31 | ...::aligned_alloc | semmle.label | ...::aligned_alloc | +| main.rs:220:36:220:36 | v | semmle.label | v | +| main.rs:222:13:222:24 | ...::calloc | semmle.label | ...::calloc | +| main.rs:222:13:222:24 | ...::calloc | semmle.label | ...::calloc | +| main.rs:222:30:222:30 | v | semmle.label | v | +| main.rs:223:13:223:24 | ...::calloc | semmle.label | ...::calloc | +| main.rs:223:13:223:24 | ...::calloc | semmle.label | ...::calloc | +| main.rs:223:26:223:26 | v | semmle.label | v | +| main.rs:224:13:224:25 | ...::realloc | semmle.label | ...::realloc | +| main.rs:224:13:224:25 | ...::realloc | semmle.label | ...::realloc | +| main.rs:224:31:224:31 | v | semmle.label | v | +| main.rs:279:24:279:41 | ...: String | semmle.label | ...: String | +| main.rs:280:9:280:17 | num_bytes | semmle.label | num_bytes | +| main.rs:280:21:280:47 | user_input.parse(...) [Ok] | semmle.label | user_input.parse(...) [Ok] | +| main.rs:280:21:280:48 | TryExpr | semmle.label | TryExpr | +| main.rs:282:9:282:14 | layout | semmle.label | layout | +| main.rs:282:18:282:66 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | +| main.rs:282:18:282:75 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:282:54:282:62 | num_bytes | semmle.label | num_bytes | +| main.rs:284:22:284:38 | ...::alloc | semmle.label | ...::alloc | +| main.rs:284:40:284:45 | layout | semmle.label | layout | +| main.rs:292:25:292:42 | ...: String | semmle.label | ...: String | +| main.rs:293:9:293:12 | size | semmle.label | size | +| main.rs:293:16:293:42 | user_input.parse(...) [Ok] | semmle.label | user_input.parse(...) [Ok] | +| main.rs:293:16:293:43 | TryExpr | semmle.label | TryExpr | +| main.rs:297:9:297:17 | num_bytes | semmle.label | num_bytes | +| main.rs:299:9:299:14 | layout | semmle.label | layout | +| main.rs:299:18:299:66 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | +| main.rs:299:18:299:75 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:299:54:299:62 | num_bytes | semmle.label | num_bytes | +| main.rs:301:22:301:38 | ...::alloc | semmle.label | ...::alloc | +| main.rs:301:40:301:45 | layout | semmle.label | layout | +| main.rs:308:25:308:38 | ...::args | semmle.label | ...::args | +| main.rs:308:25:308:40 | ...::args(...) [element] | semmle.label | ...::args(...) [element] | +| main.rs:308:25:308:47 | ... .nth(...) [Some] | semmle.label | ... .nth(...) [Some] | +| main.rs:308:25:308:74 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) | +| main.rs:309:26:309:39 | ...::args | semmle.label | ...::args | +| main.rs:309:26:309:41 | ...::args(...) [element] | semmle.label | ...::args(...) [element] | +| main.rs:309:26:309:48 | ... .nth(...) [Some] | semmle.label | ... .nth(...) [Some] | +| main.rs:309:26:309:75 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) | +| main.rs:317:9:317:9 | v | semmle.label | v | +| main.rs:317:13:317:26 | ...::args | semmle.label | ...::args | +| main.rs:317:13:317:28 | ...::args(...) [element] | semmle.label | ...::args(...) [element] | +| main.rs:317:13:317:35 | ... .nth(...) [Some] | semmle.label | ... .nth(...) [Some] | +| main.rs:317:13:317:65 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) | +| main.rs:317:13:317:82 | ... .parse(...) [Ok] | semmle.label | ... .parse(...) [Ok] | +| main.rs:317:13:317:91 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:320:34:320:34 | v | semmle.label | v | +| main.rs:321:42:321:42 | v | semmle.label | v | +| main.rs:322:36:322:36 | v | semmle.label | v | +| main.rs:323:27:323:27 | v | semmle.label | v | +| main.rs:324:25:324:25 | v | semmle.label | v | subpaths -| main.rs:116:53:116:53 | v | main.rs:71:35:71:38 | ...: T | main.rs:77:9:77:16 | return v | main.rs:116:47:116:62 | clamp(...) | +| main.rs:157:54:157:54 | v | main.rs:71:35:71:38 | ...: T | main.rs:77:9:77:16 | return v | main.rs:157:48:157:63 | clamp(...) | diff --git a/rust/ql/test/query-tests/security/CWE-770/main.rs b/rust/ql/test/query-tests/security/CWE-770/main.rs index a699767dc1a..558979ebfc2 100644 --- a/rust/ql/test/query-tests/security/CWE-770/main.rs +++ b/rust/ql/test/query-tests/security/CWE-770/main.rs @@ -78,13 +78,31 @@ fn clamp(v: T, min: T, max: T) -> T { } } -unsafe fn test_std_alloc_with_bounds(v: usize) { +unsafe fn test_fn_alloc_bounded(v: usize) { + let layout = std::alloc::Layout::from_size_align(v, 1).unwrap(); + let _ = std::alloc::alloc(layout); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 +} + +unsafe fn test_fn_alloc_unbounded(v: usize) { + let layout = std::alloc::Layout::from_size_align(v, 1).unwrap(); + let _ = std::alloc::alloc(layout); // $ Alert[rust/uncontrolled-allocation-size]=arg1 +} + +unsafe fn test_std_alloc_with_bounds(v: usize, limit: usize) { let l1 = std::alloc::Layout::array::(v).unwrap(); if v < 100 { + let l2 = std::alloc::Layout::array::(v).unwrap(); let _ = std::alloc::alloc(l1); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l2); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 + + test_fn_alloc_bounded(v); } else { + let l3 = std::alloc::Layout::array::(v).unwrap(); let _ = std::alloc::alloc(l1); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l3); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + + test_fn_alloc_unbounded(v); } if v == 100 { @@ -93,6 +111,29 @@ unsafe fn test_std_alloc_with_bounds(v: usize) { let _ = std::alloc::alloc(l1); // $ Alert[rust/uncontrolled-allocation-size]=arg1 } + if (v < limit) { + let l4 = std::alloc::Layout::from_size_align(v, 1).unwrap(); + let _ = std::alloc::alloc(l4); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 + } + + if (v < 2 * v) { // not a good bound + let l5 = std::alloc::Layout::from_size_align(v, 1).unwrap(); + let _ = std::alloc::alloc(l5); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + } + + if (true && v < limit && true) { + let l6 = std::alloc::Layout::from_size_align(v, 1).unwrap(); + let _ = std::alloc::alloc(l6); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 + } + + let mut l7; + if (v < 100) { + l7 = std::alloc::Layout::from_size_align(v, 1).unwrap(); + } else { + l7 = std::alloc::Layout::from_size_align(100, 1).unwrap(); + } + let _ = std::alloc::alloc(l7); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 + { let mut v_mut = v; @@ -100,27 +141,41 @@ unsafe fn test_std_alloc_with_bounds(v: usize) { v_mut = 100; } - let l2 = std::alloc::Layout::array::(v_mut).unwrap(); - let _ = std::alloc::alloc(l2); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 - - let l3 = std::alloc::Layout::array::(v).unwrap(); - let _ = std::alloc::alloc(l3); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + let l8 = std::alloc::Layout::array::(v_mut).unwrap(); + let l9 = std::alloc::Layout::array::(v).unwrap(); + let _ = std::alloc::alloc(l1); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l8); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l9); // $ Alert[rust/uncontrolled-allocation-size]=arg1 } - let l4 = std::alloc::Layout::array::(std::cmp::min(v, 100)).unwrap(); - let _ = std::alloc::alloc(l4); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 + let l10 = std::alloc::Layout::array::(std::cmp::min(v, 100)).unwrap(); + let _ = std::alloc::alloc(l10); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 - let l5 = std::alloc::Layout::array::(std::cmp::max(v, 100)).unwrap(); - let _ = std::alloc::alloc(l5); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + let l11 = std::alloc::Layout::array::(std::cmp::max(v, 100)).unwrap(); + let _ = std::alloc::alloc(l11); // $ Alert[rust/uncontrolled-allocation-size]=arg1 - let l6 = std::alloc::Layout::array::(clamp(v, 1, 100)).unwrap(); - let _ = std::alloc::alloc(l6); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 + let l12 = std::alloc::Layout::array::(clamp(v, 1, 100)).unwrap(); + let _ = std::alloc::alloc(l12); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 + + for i in 0..10 { + let l13 = std::alloc::Layout::from_size_align(v, 1).unwrap(); + let _ = std::alloc::alloc(l13); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + + if (v > 1000) { + continue; + } + + let l14 = std::alloc::Layout::from_size_align(v, 1).unwrap(); + let _ = std::alloc::alloc(l13); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l14); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 + } - let _ = std::alloc::alloc(l1); // $ Alert[rust/uncontrolled-allocation-size]=arg1 if v > 100 { return; } + let l15 = std::alloc::Layout::from_size_align(v, 1).unwrap(); let _ = std::alloc::alloc(l1); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l15); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 } use std::alloc::{GlobalAlloc, Allocator}; @@ -264,7 +319,7 @@ fn main() { unsafe { test_std_alloc_from_size(v); test_std_alloc_new_repeat_extend(v); - test_std_alloc_with_bounds(v); + test_std_alloc_with_bounds(v, 1000); test_system_alloc(v); test_libc_alloc(v); test_vectors(v); From f7d3a51f2728d3bb4769c1813b3ff455fd190e0c Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 28 Mar 2025 19:37:05 +0000 Subject: [PATCH 087/409] Rust: Implement barrier guard. --- .../UncontrolledAllocationSizeExtensions.qll | 20 +- .../UncontrolledAllocationSize.expected | 272 +----------------- .../test/query-tests/security/CWE-770/main.rs | 38 +-- 3 files changed, 41 insertions(+), 289 deletions(-) diff --git a/rust/ql/lib/codeql/rust/security/UncontrolledAllocationSizeExtensions.qll b/rust/ql/lib/codeql/rust/security/UncontrolledAllocationSizeExtensions.qll index bb0ffbb4e3c..9efffeee9ae 100644 --- a/rust/ql/lib/codeql/rust/security/UncontrolledAllocationSizeExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/UncontrolledAllocationSizeExtensions.qll @@ -7,6 +7,8 @@ import rust private import codeql.rust.Concepts private import codeql.rust.dataflow.DataFlow private import codeql.rust.dataflow.FlowSink +private import codeql.rust.controlflow.ControlFlowGraph as Cfg +private import codeql.rust.controlflow.CfgNodes as CfgNodes /** * Provides default sources, sinks and barriers for detecting uncontrolled @@ -26,9 +28,25 @@ module UncontrolledAllocationSize { abstract class Barrier extends DataFlow::Node { } /** - * sink for uncontrolled allocation size from model data. + * A sink for uncontrolled allocation size from model data. */ private class ModelsAsDataSink extends Sink { ModelsAsDataSink() { sinkNode(this, ["alloc-size", "alloc-layout"]) } } + + /** + * A barrier for uncontrolled allocation size that is an guard / bound check. + */ + private class BoundCheckBarrier extends Barrier { + BoundCheckBarrier() { this = DataFlow::BarrierGuard::getABarrierNode() } + } + + private predicate isBoundCheck(CfgNodes::AstCfgNode g, Cfg::CfgNode node, boolean branch) { + // any comparison (`g` / `cmp`) guards the expression on either side (`node`) + exists(BinaryExpr cmp | + g = cmp.getACfgNode() and + [cmp.getLhs(), cmp.getRhs()].getACfgNode() = node and + branch = [true, false] + ) + } } diff --git a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected index cca67133563..e10c26338dc 100644 --- a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected +++ b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected @@ -18,29 +18,12 @@ | main.rs:64:13:64:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:64:13:64:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:65:13:65:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:65:13:65:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:68:13:68:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:68:13:68:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:83:13:83:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:83:13:83:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:88:13:88:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:88:13:88:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:96:17:96:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:96:17:96:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:97:17:97:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:97:17:97:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:102:17:102:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:102:17:102:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:103:17:103:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:103:17:103:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:109:17:109:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:109:17:109:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:111:17:111:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:111:17:111:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:116:17:116:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:116:17:116:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:121:17:121:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:121:17:121:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:126:17:126:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:126:17:126:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:135:13:135:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:135:13:135:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:146:17:146:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:146:17:146:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:147:17:147:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:147:17:147:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:148:17:148:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:148:17:148:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:152:13:152:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:152:13:152:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:155:13:155:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:155:13:155:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:158:13:158:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:158:13:158:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:162:17:162:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:162:17:162:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:169:17:169:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:169:17:169:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:170:17:170:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:170:17:170:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:177:13:177:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:177:13:177:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:178:13:178:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:178:13:178:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:193:32:193:36 | alloc | main.rs:317:13:317:26 | ...::args | main.rs:193:32:193:36 | alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:194:32:194:43 | alloc_zeroed | main.rs:317:13:317:26 | ...::args | main.rs:194:32:194:43 | alloc_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:195:32:195:39 | allocate | main.rs:317:13:317:26 | ...::args | main.rs:195:32:195:39 | allocate | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | @@ -60,7 +43,6 @@ | main.rs:224:13:224:25 | ...::realloc | main.rs:317:13:317:26 | ...::args | main.rs:224:13:224:25 | ...::realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:224:13:224:25 | ...::realloc | main.rs:317:13:317:26 | ...::args | main.rs:224:13:224:25 | ...::realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:284:22:284:38 | ...::alloc | main.rs:308:25:308:38 | ...::args | main.rs:284:22:284:38 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:308:25:308:38 | ...::args | user-provided value | -| main.rs:301:22:301:38 | ...::alloc | main.rs:309:26:309:39 | ...::args | main.rs:301:22:301:38 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:309:26:309:39 | ...::args | user-provided value | edges | main.rs:12:36:12:43 | ...: usize | main.rs:18:41:18:41 | v | provenance | | | main.rs:18:41:18:41 | v | main.rs:18:13:18:31 | ...::realloc | provenance | MaD:5 Sink:MaD:5 | @@ -151,133 +133,25 @@ edges | main.rs:67:14:67:56 | ... .unwrap(...) | main.rs:67:9:67:10 | l4 | provenance | | | main.rs:67:46:67:46 | v | main.rs:67:14:67:47 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | | main.rs:68:31:68:32 | l4 | main.rs:68:13:68:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:71:35:71:38 | ...: T | main.rs:77:9:77:16 | return v | provenance | | -| main.rs:81:33:81:40 | ...: usize | main.rs:82:54:82:54 | v | provenance | | -| main.rs:82:9:82:14 | layout | main.rs:83:31:83:36 | layout | provenance | | -| main.rs:82:18:82:58 | ...::from_size_align(...) [Ok] | main.rs:82:18:82:67 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:82:18:82:67 | ... .unwrap(...) | main.rs:82:9:82:14 | layout | provenance | | -| main.rs:82:54:82:54 | v | main.rs:82:18:82:58 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | -| main.rs:83:31:83:36 | layout | main.rs:83:13:83:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:86:35:86:42 | ...: usize | main.rs:87:54:87:54 | v | provenance | | -| main.rs:87:9:87:14 | layout | main.rs:88:31:88:36 | layout | provenance | | -| main.rs:87:18:87:58 | ...::from_size_align(...) [Ok] | main.rs:87:18:87:67 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:87:18:87:67 | ... .unwrap(...) | main.rs:87:9:87:14 | layout | provenance | | -| main.rs:87:54:87:54 | v | main.rs:87:18:87:58 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | -| main.rs:88:31:88:36 | layout | main.rs:88:13:88:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:91:38:91:45 | ...: usize | main.rs:92:47:92:47 | v | provenance | | -| main.rs:91:38:91:45 | ...: usize | main.rs:95:51:95:51 | v | provenance | | -| main.rs:91:38:91:45 | ...: usize | main.rs:99:31:99:31 | v | provenance | | -| main.rs:91:38:91:45 | ...: usize | main.rs:101:51:101:51 | v | provenance | | -| main.rs:91:38:91:45 | ...: usize | main.rs:105:33:105:33 | v | provenance | | -| main.rs:91:38:91:45 | ...: usize | main.rs:115:54:115:54 | v | provenance | | -| main.rs:91:38:91:45 | ...: usize | main.rs:120:54:120:54 | v | provenance | | -| main.rs:91:38:91:45 | ...: usize | main.rs:125:54:125:54 | v | provenance | | -| main.rs:91:38:91:45 | ...: usize | main.rs:131:50:131:50 | v | provenance | | -| main.rs:91:38:91:45 | ...: usize | main.rs:138:13:138:21 | mut v_mut | provenance | | -| main.rs:91:38:91:45 | ...: usize | main.rs:145:51:145:51 | v | provenance | | -| main.rs:91:38:91:45 | ...: usize | main.rs:151:62:151:62 | v | provenance | | -| main.rs:91:38:91:45 | ...: usize | main.rs:154:62:154:62 | v | provenance | | -| main.rs:91:38:91:45 | ...: usize | main.rs:157:54:157:54 | v | provenance | | -| main.rs:91:38:91:45 | ...: usize | main.rs:161:55:161:55 | v | provenance | | -| main.rs:91:38:91:45 | ...: usize | main.rs:168:55:168:55 | v | provenance | | -| main.rs:91:38:91:45 | ...: usize | main.rs:176:51:176:51 | v | provenance | | | main.rs:92:9:92:10 | l1 | main.rs:96:35:96:36 | l1 | provenance | | | main.rs:92:9:92:10 | l1 | main.rs:102:35:102:36 | l1 | provenance | | | main.rs:92:14:92:48 | ...::array::<...>(...) [Ok] | main.rs:92:14:92:57 | ... .unwrap(...) | provenance | MaD:31 | | main.rs:92:14:92:57 | ... .unwrap(...) | main.rs:92:9:92:10 | l1 | provenance | | | main.rs:92:47:92:47 | v | main.rs:92:14:92:48 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | -| main.rs:95:13:95:14 | l2 | main.rs:97:35:97:36 | l2 | provenance | | -| main.rs:95:18:95:52 | ...::array::<...>(...) [Ok] | main.rs:95:18:95:61 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:95:18:95:61 | ... .unwrap(...) | main.rs:95:13:95:14 | l2 | provenance | | -| main.rs:95:51:95:51 | v | main.rs:95:18:95:52 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | | main.rs:96:35:96:36 | l1 | main.rs:96:17:96:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:96:35:96:36 | l1 | main.rs:109:35:109:36 | l1 | provenance | | | main.rs:96:35:96:36 | l1 | main.rs:111:35:111:36 | l1 | provenance | | -| main.rs:97:35:97:36 | l2 | main.rs:97:17:97:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:99:31:99:31 | v | main.rs:81:33:81:40 | ...: usize | provenance | | -| main.rs:101:13:101:14 | l3 | main.rs:103:35:103:36 | l3 | provenance | | -| main.rs:101:18:101:52 | ...::array::<...>(...) [Ok] | main.rs:101:18:101:61 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:101:18:101:61 | ... .unwrap(...) | main.rs:101:13:101:14 | l3 | provenance | | -| main.rs:101:51:101:51 | v | main.rs:101:18:101:52 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | | main.rs:102:35:102:36 | l1 | main.rs:102:17:102:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:102:35:102:36 | l1 | main.rs:109:35:109:36 | l1 | provenance | | | main.rs:102:35:102:36 | l1 | main.rs:111:35:111:36 | l1 | provenance | | -| main.rs:103:35:103:36 | l3 | main.rs:103:17:103:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:105:33:105:33 | v | main.rs:86:35:86:42 | ...: usize | provenance | | | main.rs:109:35:109:36 | l1 | main.rs:109:17:109:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:109:35:109:36 | l1 | main.rs:146:35:146:36 | l1 | provenance | | | main.rs:111:35:111:36 | l1 | main.rs:111:17:111:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:111:35:111:36 | l1 | main.rs:146:35:146:36 | l1 | provenance | | -| main.rs:115:13:115:14 | l4 | main.rs:116:35:116:36 | l4 | provenance | | -| main.rs:115:18:115:58 | ...::from_size_align(...) [Ok] | main.rs:115:18:115:67 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:115:18:115:67 | ... .unwrap(...) | main.rs:115:13:115:14 | l4 | provenance | | -| main.rs:115:54:115:54 | v | main.rs:115:18:115:58 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | -| main.rs:116:35:116:36 | l4 | main.rs:116:17:116:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:120:13:120:14 | l5 | main.rs:121:35:121:36 | l5 | provenance | | -| main.rs:120:18:120:58 | ...::from_size_align(...) [Ok] | main.rs:120:18:120:67 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:120:18:120:67 | ... .unwrap(...) | main.rs:120:13:120:14 | l5 | provenance | | -| main.rs:120:54:120:54 | v | main.rs:120:18:120:58 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | -| main.rs:121:35:121:36 | l5 | main.rs:121:17:121:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:125:13:125:14 | l6 | main.rs:126:35:126:36 | l6 | provenance | | -| main.rs:125:18:125:58 | ...::from_size_align(...) [Ok] | main.rs:125:18:125:67 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:125:18:125:67 | ... .unwrap(...) | main.rs:125:13:125:14 | l6 | provenance | | -| main.rs:125:54:125:54 | v | main.rs:125:18:125:58 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | -| main.rs:126:35:126:36 | l6 | main.rs:126:17:126:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:131:9:131:10 | l7 | main.rs:135:31:135:32 | l7 | provenance | | -| main.rs:131:14:131:54 | ...::from_size_align(...) [Ok] | main.rs:131:14:131:63 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:131:14:131:63 | ... .unwrap(...) | main.rs:131:9:131:10 | l7 | provenance | | -| main.rs:131:50:131:50 | v | main.rs:131:14:131:54 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | -| main.rs:135:31:135:32 | l7 | main.rs:135:13:135:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:138:13:138:21 | mut v_mut | main.rs:144:51:144:55 | v_mut | provenance | | -| main.rs:144:13:144:14 | l8 | main.rs:147:35:147:36 | l8 | provenance | | -| main.rs:144:18:144:56 | ...::array::<...>(...) [Ok] | main.rs:144:18:144:65 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:144:18:144:65 | ... .unwrap(...) | main.rs:144:13:144:14 | l8 | provenance | | -| main.rs:144:51:144:55 | v_mut | main.rs:144:18:144:56 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | -| main.rs:145:13:145:14 | l9 | main.rs:148:35:148:36 | l9 | provenance | | -| main.rs:145:18:145:52 | ...::array::<...>(...) [Ok] | main.rs:145:18:145:61 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:145:18:145:61 | ... .unwrap(...) | main.rs:145:13:145:14 | l9 | provenance | | -| main.rs:145:51:145:51 | v | main.rs:145:18:145:52 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | | main.rs:146:35:146:36 | l1 | main.rs:146:17:146:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:146:35:146:36 | l1 | main.rs:177:31:177:32 | l1 | provenance | | -| main.rs:147:35:147:36 | l8 | main.rs:147:17:147:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:148:35:148:36 | l9 | main.rs:148:17:148:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:151:9:151:11 | l10 | main.rs:152:31:152:33 | l10 | provenance | | -| main.rs:151:15:151:69 | ...::array::<...>(...) [Ok] | main.rs:151:15:151:78 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:151:15:151:78 | ... .unwrap(...) | main.rs:151:9:151:11 | l10 | provenance | | -| main.rs:151:48:151:68 | ...::min(...) | main.rs:151:15:151:69 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | -| main.rs:151:62:151:62 | v | main.rs:151:48:151:68 | ...::min(...) | provenance | MaD:34 | -| main.rs:152:31:152:33 | l10 | main.rs:152:13:152:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:154:9:154:11 | l11 | main.rs:155:31:155:33 | l11 | provenance | | -| main.rs:154:15:154:69 | ...::array::<...>(...) [Ok] | main.rs:154:15:154:78 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:154:15:154:78 | ... .unwrap(...) | main.rs:154:9:154:11 | l11 | provenance | | -| main.rs:154:48:154:68 | ...::max(...) | main.rs:154:15:154:69 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | -| main.rs:154:62:154:62 | v | main.rs:154:48:154:68 | ...::max(...) | provenance | MaD:33 | -| main.rs:155:31:155:33 | l11 | main.rs:155:13:155:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:157:9:157:11 | l12 | main.rs:158:31:158:33 | l12 | provenance | | -| main.rs:157:15:157:64 | ...::array::<...>(...) [Ok] | main.rs:157:15:157:73 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:157:15:157:73 | ... .unwrap(...) | main.rs:157:9:157:11 | l12 | provenance | | -| main.rs:157:48:157:63 | clamp(...) | main.rs:157:15:157:64 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | -| main.rs:157:54:157:54 | v | main.rs:71:35:71:38 | ...: T | provenance | | -| main.rs:157:54:157:54 | v | main.rs:157:48:157:63 | clamp(...) | provenance | | -| main.rs:158:31:158:33 | l12 | main.rs:158:13:158:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:161:13:161:15 | l13 | main.rs:162:35:162:37 | l13 | provenance | | -| main.rs:161:19:161:59 | ...::from_size_align(...) [Ok] | main.rs:161:19:161:68 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:161:19:161:68 | ... .unwrap(...) | main.rs:161:13:161:15 | l13 | provenance | | -| main.rs:161:55:161:55 | v | main.rs:161:19:161:59 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | -| main.rs:162:35:162:37 | l13 | main.rs:162:17:162:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:162:35:162:37 | l13 | main.rs:169:35:169:37 | l13 | provenance | | -| main.rs:168:13:168:15 | l14 | main.rs:170:35:170:37 | l14 | provenance | | -| main.rs:168:19:168:59 | ...::from_size_align(...) [Ok] | main.rs:168:19:168:68 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:168:19:168:68 | ... .unwrap(...) | main.rs:168:13:168:15 | l14 | provenance | | -| main.rs:168:55:168:55 | v | main.rs:168:19:168:59 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | -| main.rs:169:35:169:37 | l13 | main.rs:169:17:169:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:170:35:170:37 | l14 | main.rs:170:17:170:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:176:9:176:11 | l15 | main.rs:178:31:178:33 | l15 | provenance | | -| main.rs:176:15:176:55 | ...::from_size_align(...) [Ok] | main.rs:176:15:176:64 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:176:15:176:64 | ... .unwrap(...) | main.rs:176:9:176:11 | l15 | provenance | | -| main.rs:176:51:176:51 | v | main.rs:176:15:176:55 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | | main.rs:177:31:177:32 | l1 | main.rs:177:13:177:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:178:31:178:33 | l15 | main.rs:178:13:178:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:183:29:183:36 | ...: usize | main.rs:192:46:192:46 | v | provenance | | | main.rs:192:9:192:10 | l2 | main.rs:193:38:193:39 | l2 | provenance | | | main.rs:192:14:192:47 | ...::array::<...>(...) [Ok] | main.rs:192:14:192:56 | ... .unwrap(...) | provenance | MaD:31 | @@ -322,31 +196,17 @@ edges | main.rs:282:18:282:75 | ... .unwrap(...) | main.rs:282:9:282:14 | layout | provenance | | | main.rs:282:54:282:62 | num_bytes | main.rs:282:18:282:66 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | | main.rs:284:40:284:45 | layout | main.rs:284:22:284:38 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:292:25:292:42 | ...: String | main.rs:293:16:293:42 | user_input.parse(...) [Ok] | provenance | MaD:32 | -| main.rs:293:9:293:12 | size | main.rs:297:9:297:17 | num_bytes | provenance | | -| main.rs:293:16:293:42 | user_input.parse(...) [Ok] | main.rs:293:16:293:43 | TryExpr | provenance | | -| main.rs:293:16:293:43 | TryExpr | main.rs:293:9:293:12 | size | provenance | | -| main.rs:297:9:297:17 | num_bytes | main.rs:299:54:299:62 | num_bytes | provenance | | -| main.rs:299:9:299:14 | layout | main.rs:301:40:301:45 | layout | provenance | | -| main.rs:299:18:299:66 | ...::from_size_align(...) [Ok] | main.rs:299:18:299:75 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:299:18:299:75 | ... .unwrap(...) | main.rs:299:9:299:14 | layout | provenance | | -| main.rs:299:54:299:62 | num_bytes | main.rs:299:18:299:66 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | -| main.rs:301:40:301:45 | layout | main.rs:301:22:301:38 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:308:25:308:38 | ...::args | main.rs:308:25:308:40 | ...::args(...) [element] | provenance | Src:MaD:16 | -| main.rs:308:25:308:40 | ...::args(...) [element] | main.rs:308:25:308:47 | ... .nth(...) [Some] | provenance | MaD:35 | +| main.rs:308:25:308:40 | ...::args(...) [element] | main.rs:308:25:308:47 | ... .nth(...) [Some] | provenance | MaD:33 | | main.rs:308:25:308:47 | ... .nth(...) [Some] | main.rs:308:25:308:74 | ... .unwrap_or(...) | provenance | MaD:29 | | main.rs:308:25:308:74 | ... .unwrap_or(...) | main.rs:279:24:279:41 | ...: String | provenance | | -| main.rs:309:26:309:39 | ...::args | main.rs:309:26:309:41 | ...::args(...) [element] | provenance | Src:MaD:16 | -| main.rs:309:26:309:41 | ...::args(...) [element] | main.rs:309:26:309:48 | ... .nth(...) [Some] | provenance | MaD:35 | -| main.rs:309:26:309:48 | ... .nth(...) [Some] | main.rs:309:26:309:75 | ... .unwrap_or(...) | provenance | MaD:29 | -| main.rs:309:26:309:75 | ... .unwrap_or(...) | main.rs:292:25:292:42 | ...: String | provenance | | | main.rs:317:9:317:9 | v | main.rs:320:34:320:34 | v | provenance | | | main.rs:317:9:317:9 | v | main.rs:321:42:321:42 | v | provenance | | | main.rs:317:9:317:9 | v | main.rs:322:36:322:36 | v | provenance | | | main.rs:317:9:317:9 | v | main.rs:323:27:323:27 | v | provenance | | | main.rs:317:9:317:9 | v | main.rs:324:25:324:25 | v | provenance | | | main.rs:317:13:317:26 | ...::args | main.rs:317:13:317:28 | ...::args(...) [element] | provenance | Src:MaD:16 | -| main.rs:317:13:317:28 | ...::args(...) [element] | main.rs:317:13:317:35 | ... .nth(...) [Some] | provenance | MaD:35 | +| main.rs:317:13:317:28 | ...::args(...) [element] | main.rs:317:13:317:35 | ... .nth(...) [Some] | provenance | MaD:33 | | main.rs:317:13:317:35 | ... .nth(...) [Some] | main.rs:317:13:317:65 | ... .unwrap_or(...) | provenance | MaD:29 | | main.rs:317:13:317:65 | ... .unwrap_or(...) | main.rs:317:13:317:82 | ... .parse(...) [Ok] | provenance | MaD:32 | | main.rs:317:13:317:82 | ... .parse(...) [Ok] | main.rs:317:13:317:91 | ... .unwrap(...) | provenance | MaD:31 | @@ -389,9 +249,7 @@ models | 30 | Summary: lang:core; ::expect; Argument[self].Field[crate::result::Result::Ok(0)]; ReturnValue; value | | 31 | Summary: lang:core; ::unwrap; Argument[self].Field[crate::result::Result::Ok(0)]; ReturnValue; value | | 32 | Summary: lang:core; ::parse; Argument[self]; ReturnValue.Field[crate::result::Result::Ok(0)]; taint | -| 33 | Summary: lang:core; crate::cmp::max; Argument[0]; ReturnValue; value | -| 34 | Summary: lang:core; crate::cmp::min; Argument[0]; ReturnValue; value | -| 35 | Summary: lang:core; crate::iter::traits::iterator::Iterator::nth; Argument[self].Element; ReturnValue.Field[crate::option::Option::Some(0)]; value | +| 33 | Summary: lang:core; crate::iter::traits::iterator::Iterator::nth; Argument[self].Element; ReturnValue.Field[crate::option::Option::Some(0)]; value | nodes | main.rs:12:36:12:43 | ...: usize | semmle.label | ...: usize | | main.rs:18:13:18:31 | ...::realloc | semmle.label | ...::realloc | @@ -484,131 +342,23 @@ nodes | main.rs:67:46:67:46 | v | semmle.label | v | | main.rs:68:13:68:29 | ...::alloc | semmle.label | ...::alloc | | main.rs:68:31:68:32 | l4 | semmle.label | l4 | -| main.rs:71:35:71:38 | ...: T | semmle.label | ...: T | -| main.rs:77:9:77:16 | return v | semmle.label | return v | -| main.rs:81:33:81:40 | ...: usize | semmle.label | ...: usize | -| main.rs:82:9:82:14 | layout | semmle.label | layout | -| main.rs:82:18:82:58 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | -| main.rs:82:18:82:67 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:82:54:82:54 | v | semmle.label | v | -| main.rs:83:13:83:29 | ...::alloc | semmle.label | ...::alloc | -| main.rs:83:31:83:36 | layout | semmle.label | layout | -| main.rs:86:35:86:42 | ...: usize | semmle.label | ...: usize | -| main.rs:87:9:87:14 | layout | semmle.label | layout | -| main.rs:87:18:87:58 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | -| main.rs:87:18:87:67 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:87:54:87:54 | v | semmle.label | v | -| main.rs:88:13:88:29 | ...::alloc | semmle.label | ...::alloc | -| main.rs:88:31:88:36 | layout | semmle.label | layout | | main.rs:91:38:91:45 | ...: usize | semmle.label | ...: usize | | main.rs:92:9:92:10 | l1 | semmle.label | l1 | | main.rs:92:14:92:48 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | | main.rs:92:14:92:57 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | | main.rs:92:47:92:47 | v | semmle.label | v | -| main.rs:95:13:95:14 | l2 | semmle.label | l2 | -| main.rs:95:18:95:52 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | -| main.rs:95:18:95:61 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:95:51:95:51 | v | semmle.label | v | | main.rs:96:17:96:33 | ...::alloc | semmle.label | ...::alloc | | main.rs:96:35:96:36 | l1 | semmle.label | l1 | -| main.rs:97:17:97:33 | ...::alloc | semmle.label | ...::alloc | -| main.rs:97:35:97:36 | l2 | semmle.label | l2 | -| main.rs:99:31:99:31 | v | semmle.label | v | -| main.rs:101:13:101:14 | l3 | semmle.label | l3 | -| main.rs:101:18:101:52 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | -| main.rs:101:18:101:61 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:101:51:101:51 | v | semmle.label | v | | main.rs:102:17:102:33 | ...::alloc | semmle.label | ...::alloc | | main.rs:102:35:102:36 | l1 | semmle.label | l1 | -| main.rs:103:17:103:33 | ...::alloc | semmle.label | ...::alloc | -| main.rs:103:35:103:36 | l3 | semmle.label | l3 | -| main.rs:105:33:105:33 | v | semmle.label | v | | main.rs:109:17:109:33 | ...::alloc | semmle.label | ...::alloc | | main.rs:109:35:109:36 | l1 | semmle.label | l1 | | main.rs:111:17:111:33 | ...::alloc | semmle.label | ...::alloc | | main.rs:111:35:111:36 | l1 | semmle.label | l1 | -| main.rs:115:13:115:14 | l4 | semmle.label | l4 | -| main.rs:115:18:115:58 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | -| main.rs:115:18:115:67 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:115:54:115:54 | v | semmle.label | v | -| main.rs:116:17:116:33 | ...::alloc | semmle.label | ...::alloc | -| main.rs:116:35:116:36 | l4 | semmle.label | l4 | -| main.rs:120:13:120:14 | l5 | semmle.label | l5 | -| main.rs:120:18:120:58 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | -| main.rs:120:18:120:67 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:120:54:120:54 | v | semmle.label | v | -| main.rs:121:17:121:33 | ...::alloc | semmle.label | ...::alloc | -| main.rs:121:35:121:36 | l5 | semmle.label | l5 | -| main.rs:125:13:125:14 | l6 | semmle.label | l6 | -| main.rs:125:18:125:58 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | -| main.rs:125:18:125:67 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:125:54:125:54 | v | semmle.label | v | -| main.rs:126:17:126:33 | ...::alloc | semmle.label | ...::alloc | -| main.rs:126:35:126:36 | l6 | semmle.label | l6 | -| main.rs:131:9:131:10 | l7 | semmle.label | l7 | -| main.rs:131:14:131:54 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | -| main.rs:131:14:131:63 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:131:50:131:50 | v | semmle.label | v | -| main.rs:135:13:135:29 | ...::alloc | semmle.label | ...::alloc | -| main.rs:135:31:135:32 | l7 | semmle.label | l7 | -| main.rs:138:13:138:21 | mut v_mut | semmle.label | mut v_mut | -| main.rs:144:13:144:14 | l8 | semmle.label | l8 | -| main.rs:144:18:144:56 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | -| main.rs:144:18:144:65 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:144:51:144:55 | v_mut | semmle.label | v_mut | -| main.rs:145:13:145:14 | l9 | semmle.label | l9 | -| main.rs:145:18:145:52 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | -| main.rs:145:18:145:61 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:145:51:145:51 | v | semmle.label | v | | main.rs:146:17:146:33 | ...::alloc | semmle.label | ...::alloc | | main.rs:146:35:146:36 | l1 | semmle.label | l1 | -| main.rs:147:17:147:33 | ...::alloc | semmle.label | ...::alloc | -| main.rs:147:35:147:36 | l8 | semmle.label | l8 | -| main.rs:148:17:148:33 | ...::alloc | semmle.label | ...::alloc | -| main.rs:148:35:148:36 | l9 | semmle.label | l9 | -| main.rs:151:9:151:11 | l10 | semmle.label | l10 | -| main.rs:151:15:151:69 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | -| main.rs:151:15:151:78 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:151:48:151:68 | ...::min(...) | semmle.label | ...::min(...) | -| main.rs:151:62:151:62 | v | semmle.label | v | -| main.rs:152:13:152:29 | ...::alloc | semmle.label | ...::alloc | -| main.rs:152:31:152:33 | l10 | semmle.label | l10 | -| main.rs:154:9:154:11 | l11 | semmle.label | l11 | -| main.rs:154:15:154:69 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | -| main.rs:154:15:154:78 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:154:48:154:68 | ...::max(...) | semmle.label | ...::max(...) | -| main.rs:154:62:154:62 | v | semmle.label | v | -| main.rs:155:13:155:29 | ...::alloc | semmle.label | ...::alloc | -| main.rs:155:31:155:33 | l11 | semmle.label | l11 | -| main.rs:157:9:157:11 | l12 | semmle.label | l12 | -| main.rs:157:15:157:64 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | -| main.rs:157:15:157:73 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:157:48:157:63 | clamp(...) | semmle.label | clamp(...) | -| main.rs:157:54:157:54 | v | semmle.label | v | -| main.rs:158:13:158:29 | ...::alloc | semmle.label | ...::alloc | -| main.rs:158:31:158:33 | l12 | semmle.label | l12 | -| main.rs:161:13:161:15 | l13 | semmle.label | l13 | -| main.rs:161:19:161:59 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | -| main.rs:161:19:161:68 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:161:55:161:55 | v | semmle.label | v | -| main.rs:162:17:162:33 | ...::alloc | semmle.label | ...::alloc | -| main.rs:162:35:162:37 | l13 | semmle.label | l13 | -| main.rs:168:13:168:15 | l14 | semmle.label | l14 | -| main.rs:168:19:168:59 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | -| main.rs:168:19:168:68 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:168:55:168:55 | v | semmle.label | v | -| main.rs:169:17:169:33 | ...::alloc | semmle.label | ...::alloc | -| main.rs:169:35:169:37 | l13 | semmle.label | l13 | -| main.rs:170:17:170:33 | ...::alloc | semmle.label | ...::alloc | -| main.rs:170:35:170:37 | l14 | semmle.label | l14 | -| main.rs:176:9:176:11 | l15 | semmle.label | l15 | -| main.rs:176:15:176:55 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | -| main.rs:176:15:176:64 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:176:51:176:51 | v | semmle.label | v | | main.rs:177:13:177:29 | ...::alloc | semmle.label | ...::alloc | | main.rs:177:31:177:32 | l1 | semmle.label | l1 | -| main.rs:178:13:178:29 | ...::alloc | semmle.label | ...::alloc | -| main.rs:178:31:178:33 | l15 | semmle.label | l15 | | main.rs:183:29:183:36 | ...: usize | semmle.label | ...: usize | | main.rs:192:9:192:10 | l2 | semmle.label | l2 | | main.rs:192:14:192:47 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | @@ -656,25 +406,10 @@ nodes | main.rs:282:54:282:62 | num_bytes | semmle.label | num_bytes | | main.rs:284:22:284:38 | ...::alloc | semmle.label | ...::alloc | | main.rs:284:40:284:45 | layout | semmle.label | layout | -| main.rs:292:25:292:42 | ...: String | semmle.label | ...: String | -| main.rs:293:9:293:12 | size | semmle.label | size | -| main.rs:293:16:293:42 | user_input.parse(...) [Ok] | semmle.label | user_input.parse(...) [Ok] | -| main.rs:293:16:293:43 | TryExpr | semmle.label | TryExpr | -| main.rs:297:9:297:17 | num_bytes | semmle.label | num_bytes | -| main.rs:299:9:299:14 | layout | semmle.label | layout | -| main.rs:299:18:299:66 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | -| main.rs:299:18:299:75 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:299:54:299:62 | num_bytes | semmle.label | num_bytes | -| main.rs:301:22:301:38 | ...::alloc | semmle.label | ...::alloc | -| main.rs:301:40:301:45 | layout | semmle.label | layout | | main.rs:308:25:308:38 | ...::args | semmle.label | ...::args | | main.rs:308:25:308:40 | ...::args(...) [element] | semmle.label | ...::args(...) [element] | | main.rs:308:25:308:47 | ... .nth(...) [Some] | semmle.label | ... .nth(...) [Some] | | main.rs:308:25:308:74 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) | -| main.rs:309:26:309:39 | ...::args | semmle.label | ...::args | -| main.rs:309:26:309:41 | ...::args(...) [element] | semmle.label | ...::args(...) [element] | -| main.rs:309:26:309:48 | ... .nth(...) [Some] | semmle.label | ... .nth(...) [Some] | -| main.rs:309:26:309:75 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) | | main.rs:317:9:317:9 | v | semmle.label | v | | main.rs:317:13:317:26 | ...::args | semmle.label | ...::args | | main.rs:317:13:317:28 | ...::args(...) [element] | semmle.label | ...::args(...) [element] | @@ -688,4 +423,3 @@ nodes | main.rs:323:27:323:27 | v | semmle.label | v | | main.rs:324:25:324:25 | v | semmle.label | v | subpaths -| main.rs:157:54:157:54 | v | main.rs:71:35:71:38 | ...: T | main.rs:77:9:77:16 | return v | main.rs:157:48:157:63 | clamp(...) | diff --git a/rust/ql/test/query-tests/security/CWE-770/main.rs b/rust/ql/test/query-tests/security/CWE-770/main.rs index 558979ebfc2..e9cea0f604a 100644 --- a/rust/ql/test/query-tests/security/CWE-770/main.rs +++ b/rust/ql/test/query-tests/security/CWE-770/main.rs @@ -80,12 +80,12 @@ fn clamp(v: T, min: T, max: T) -> T { unsafe fn test_fn_alloc_bounded(v: usize) { let layout = std::alloc::Layout::from_size_align(v, 1).unwrap(); - let _ = std::alloc::alloc(layout); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(layout); // $ GOOD (bounded) } unsafe fn test_fn_alloc_unbounded(v: usize) { let layout = std::alloc::Layout::from_size_align(v, 1).unwrap(); - let _ = std::alloc::alloc(layout); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(layout); // $ MISSING: Alert[rust/uncontrolled-allocation-size]=arg1 } unsafe fn test_std_alloc_with_bounds(v: usize, limit: usize) { @@ -94,13 +94,13 @@ unsafe fn test_std_alloc_with_bounds(v: usize, limit: usize) { if v < 100 { let l2 = std::alloc::Layout::array::(v).unwrap(); let _ = std::alloc::alloc(l1); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 - let _ = std::alloc::alloc(l2); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l2); // $ GOOD (bounded) test_fn_alloc_bounded(v); } else { let l3 = std::alloc::Layout::array::(v).unwrap(); let _ = std::alloc::alloc(l1); // $ Alert[rust/uncontrolled-allocation-size]=arg1 - let _ = std::alloc::alloc(l3); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l3); // $ MISSING: Alert[rust/uncontrolled-allocation-size]=arg1 test_fn_alloc_unbounded(v); } @@ -113,17 +113,17 @@ unsafe fn test_std_alloc_with_bounds(v: usize, limit: usize) { if (v < limit) { let l4 = std::alloc::Layout::from_size_align(v, 1).unwrap(); - let _ = std::alloc::alloc(l4); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l4); // $ GOOD (bounded) } if (v < 2 * v) { // not a good bound let l5 = std::alloc::Layout::from_size_align(v, 1).unwrap(); - let _ = std::alloc::alloc(l5); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l5); // $ MISSING: Alert[rust/uncontrolled-allocation-size]=arg1 } if (true && v < limit && true) { let l6 = std::alloc::Layout::from_size_align(v, 1).unwrap(); - let _ = std::alloc::alloc(l6); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l6); // $ GOOD (bounded) } let mut l7; @@ -132,7 +132,7 @@ unsafe fn test_std_alloc_with_bounds(v: usize, limit: usize) { } else { l7 = std::alloc::Layout::from_size_align(100, 1).unwrap(); } - let _ = std::alloc::alloc(l7); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l7); // $ GOOD (bounded) { let mut v_mut = v; @@ -144,30 +144,30 @@ unsafe fn test_std_alloc_with_bounds(v: usize, limit: usize) { let l8 = std::alloc::Layout::array::(v_mut).unwrap(); let l9 = std::alloc::Layout::array::(v).unwrap(); let _ = std::alloc::alloc(l1); // $ Alert[rust/uncontrolled-allocation-size]=arg1 - let _ = std::alloc::alloc(l8); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 - let _ = std::alloc::alloc(l9); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l8); // $ GOOD (bounded) + let _ = std::alloc::alloc(l9); // $ MISSING: Alert[rust/uncontrolled-allocation-size]=arg1 } let l10 = std::alloc::Layout::array::(std::cmp::min(v, 100)).unwrap(); - let _ = std::alloc::alloc(l10); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l10); // $ GOOD (bounded) let l11 = std::alloc::Layout::array::(std::cmp::max(v, 100)).unwrap(); - let _ = std::alloc::alloc(l11); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l11); // $ MISSING: Alert[rust/uncontrolled-allocation-size]=arg1 let l12 = std::alloc::Layout::array::(clamp(v, 1, 100)).unwrap(); - let _ = std::alloc::alloc(l12); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l12); // $ GOOD (bounded) for i in 0..10 { let l13 = std::alloc::Layout::from_size_align(v, 1).unwrap(); - let _ = std::alloc::alloc(l13); // $ Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l13); // $ MISSING: Alert[rust/uncontrolled-allocation-size]=arg1 if (v > 1000) { continue; } let l14 = std::alloc::Layout::from_size_align(v, 1).unwrap(); - let _ = std::alloc::alloc(l13); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 - let _ = std::alloc::alloc(l14); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l13); // $ GOOD (bounded) + let _ = std::alloc::alloc(l14); // $ GOOD (bounded) } if v > 100 { @@ -175,7 +175,7 @@ unsafe fn test_std_alloc_with_bounds(v: usize, limit: usize) { } let l15 = std::alloc::Layout::from_size_align(v, 1).unwrap(); let _ = std::alloc::alloc(l1); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 - let _ = std::alloc::alloc(l15); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l15); // $ GOOD (bounded) } use std::alloc::{GlobalAlloc, Allocator}; @@ -298,7 +298,7 @@ fn allocate_buffer_good(user_input: String) -> Result<*mut u8, Error> { let layout = std::alloc::Layout::from_size_align(num_bytes, 1).unwrap(); unsafe { - let buffer = std::alloc::alloc(layout); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=example2 + let buffer = std::alloc::alloc(layout); // $ GOOD (bounded) Ok(buffer) } @@ -306,7 +306,7 @@ fn allocate_buffer_good(user_input: String) -> Result<*mut u8, Error> { fn test_examples() { allocate_buffer_bad(std::env::args().nth(1).unwrap_or("0".to_string())); // $ Source=example1 - allocate_buffer_good(std::env::args().nth(1).unwrap_or("0".to_string())); // $ Source=example2 + allocate_buffer_good(std::env::args().nth(1).unwrap_or("0".to_string())); } // --- main --- From 6a5a1001bbd1d4e72e4f3c14b5d6e2e181a2e59b Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 31 Mar 2025 17:27:36 +0100 Subject: [PATCH 088/409] Rust: Refine the barrier guard. --- .../UncontrolledAllocationSizeExtensions.qll | 59 +++++++++-- .../UncontrolledAllocationSize.expected | 99 ++++++++++++++++++- .../test/query-tests/security/CWE-770/main.rs | 14 +-- 3 files changed, 154 insertions(+), 18 deletions(-) diff --git a/rust/ql/lib/codeql/rust/security/UncontrolledAllocationSizeExtensions.qll b/rust/ql/lib/codeql/rust/security/UncontrolledAllocationSizeExtensions.qll index 9efffeee9ae..b8ab16090d1 100644 --- a/rust/ql/lib/codeql/rust/security/UncontrolledAllocationSizeExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/UncontrolledAllocationSizeExtensions.qll @@ -35,18 +35,61 @@ module UncontrolledAllocationSize { } /** - * A barrier for uncontrolled allocation size that is an guard / bound check. + * A barrier for uncontrolled allocation size that is an upper bound check / guard. */ - private class BoundCheckBarrier extends Barrier { - BoundCheckBarrier() { this = DataFlow::BarrierGuard::getABarrierNode() } + private class UpperBoundCheckBarrier extends Barrier { + UpperBoundCheckBarrier() { + this = DataFlow::BarrierGuard::getABarrierNode() + } } - private predicate isBoundCheck(CfgNodes::AstCfgNode g, Cfg::CfgNode node, boolean branch) { - // any comparison (`g` / `cmp`) guards the expression on either side (`node`) - exists(BinaryExpr cmp | - g = cmp.getACfgNode() and + /** + * Gets the operand on the "greater" (or "greater-or-equal") side + * of this relational expression, that is, the side that is larger + * if the overall expression evaluates to `true`; for example on + * `x <= 20` this is the `20`, and on `y > 0` it is `y`. + */ + private Expr getGreaterOperand(BinaryExpr op) { + op.getOperatorName() = ["<", "<="] and + result = op.getRhs() + or + op.getOperatorName() = [">", ">="] and + result = op.getLhs() + } + + /** + * Gets the operand on the "lesser" (or "lesser-or-equal") side + * of this relational expression, that is, the side that is smaller + * if the overall expression evaluates to `true`; for example on + * `x <= 20` this is `x`, and on `y > 0` it is the `0`. + */ + private Expr getLesserOperand(BinaryExpr op) { + op.getOperatorName() = ["<", "<="] and + result = op.getLhs() + or + op.getOperatorName() = [">", ">="] and + result = op.getRhs() + } + + /** + * Holds if comparison `g` having result `branch` indicates an upper bound for the sub-expression + * `node`. For example when the comparison `x < 10` is true, we have an upper bound for `x`. + */ + private predicate isUpperBoundCheck(CfgNodes::AstCfgNode g, Cfg::CfgNode node, boolean branch) { + exists(BinaryExpr cmp | g = cmp.getACfgNode() | + node = getLesserOperand(cmp).getACfgNode() and + branch = true + or + node = getGreaterOperand(cmp).getACfgNode() and + branch = false + or + cmp.getOperatorName() = "==" and [cmp.getLhs(), cmp.getRhs()].getACfgNode() = node and - branch = [true, false] + branch = true + or + cmp.getOperatorName() = "!=" and + [cmp.getLhs(), cmp.getRhs()].getACfgNode() = node and + branch = false ) } } diff --git a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected index e10c26338dc..fa30dde511b 100644 --- a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected +++ b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected @@ -18,11 +18,18 @@ | main.rs:64:13:64:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:64:13:64:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:65:13:65:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:65:13:65:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:68:13:68:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:68:13:68:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:88:13:88:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:88:13:88:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:96:17:96:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:96:17:96:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:102:17:102:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:102:17:102:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:103:17:103:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:103:17:103:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:109:17:109:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:109:17:109:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:111:17:111:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:111:17:111:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:146:17:146:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:146:17:146:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:148:17:148:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:148:17:148:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:152:13:152:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:152:13:152:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:155:13:155:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:155:13:155:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:162:17:162:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:162:17:162:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | +| main.rs:169:17:169:33 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:169:17:169:33 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:177:13:177:29 | ...::alloc | main.rs:317:13:317:26 | ...::args | main.rs:177:13:177:29 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:193:32:193:36 | alloc | main.rs:317:13:317:26 | ...::args | main.rs:193:32:193:36 | alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:194:32:194:43 | alloc_zeroed | main.rs:317:13:317:26 | ...::args | main.rs:194:32:194:43 | alloc_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | @@ -133,7 +140,19 @@ edges | main.rs:67:14:67:56 | ... .unwrap(...) | main.rs:67:9:67:10 | l4 | provenance | | | main.rs:67:46:67:46 | v | main.rs:67:14:67:47 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | | main.rs:68:31:68:32 | l4 | main.rs:68:13:68:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:86:35:86:42 | ...: usize | main.rs:87:54:87:54 | v | provenance | | +| main.rs:87:9:87:14 | layout | main.rs:88:31:88:36 | layout | provenance | | +| main.rs:87:18:87:58 | ...::from_size_align(...) [Ok] | main.rs:87:18:87:67 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:87:18:87:67 | ... .unwrap(...) | main.rs:87:9:87:14 | layout | provenance | | +| main.rs:87:54:87:54 | v | main.rs:87:18:87:58 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | +| main.rs:88:31:88:36 | layout | main.rs:88:13:88:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:91:38:91:45 | ...: usize | main.rs:92:47:92:47 | v | provenance | | +| main.rs:91:38:91:45 | ...: usize | main.rs:101:51:101:51 | v | provenance | | +| main.rs:91:38:91:45 | ...: usize | main.rs:105:33:105:33 | v | provenance | | +| main.rs:91:38:91:45 | ...: usize | main.rs:145:51:145:51 | v | provenance | | +| main.rs:91:38:91:45 | ...: usize | main.rs:151:62:151:62 | v | provenance | | +| main.rs:91:38:91:45 | ...: usize | main.rs:154:62:154:62 | v | provenance | | +| main.rs:91:38:91:45 | ...: usize | main.rs:161:55:161:55 | v | provenance | | | main.rs:92:9:92:10 | l1 | main.rs:96:35:96:36 | l1 | provenance | | | main.rs:92:9:92:10 | l1 | main.rs:102:35:102:36 | l1 | provenance | | | main.rs:92:14:92:48 | ...::array::<...>(...) [Ok] | main.rs:92:14:92:57 | ... .unwrap(...) | provenance | MaD:31 | @@ -142,15 +161,45 @@ edges | main.rs:96:35:96:36 | l1 | main.rs:96:17:96:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:96:35:96:36 | l1 | main.rs:109:35:109:36 | l1 | provenance | | | main.rs:96:35:96:36 | l1 | main.rs:111:35:111:36 | l1 | provenance | | +| main.rs:101:13:101:14 | l3 | main.rs:103:35:103:36 | l3 | provenance | | +| main.rs:101:18:101:52 | ...::array::<...>(...) [Ok] | main.rs:101:18:101:61 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:101:18:101:61 | ... .unwrap(...) | main.rs:101:13:101:14 | l3 | provenance | | +| main.rs:101:51:101:51 | v | main.rs:101:18:101:52 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | | main.rs:102:35:102:36 | l1 | main.rs:102:17:102:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:102:35:102:36 | l1 | main.rs:109:35:109:36 | l1 | provenance | | | main.rs:102:35:102:36 | l1 | main.rs:111:35:111:36 | l1 | provenance | | +| main.rs:103:35:103:36 | l3 | main.rs:103:17:103:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:105:33:105:33 | v | main.rs:86:35:86:42 | ...: usize | provenance | | | main.rs:109:35:109:36 | l1 | main.rs:109:17:109:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:109:35:109:36 | l1 | main.rs:146:35:146:36 | l1 | provenance | | | main.rs:111:35:111:36 | l1 | main.rs:111:17:111:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:111:35:111:36 | l1 | main.rs:146:35:146:36 | l1 | provenance | | +| main.rs:145:13:145:14 | l9 | main.rs:148:35:148:36 | l9 | provenance | | +| main.rs:145:18:145:52 | ...::array::<...>(...) [Ok] | main.rs:145:18:145:61 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:145:18:145:61 | ... .unwrap(...) | main.rs:145:13:145:14 | l9 | provenance | | +| main.rs:145:51:145:51 | v | main.rs:145:18:145:52 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | | main.rs:146:35:146:36 | l1 | main.rs:146:17:146:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:146:35:146:36 | l1 | main.rs:177:31:177:32 | l1 | provenance | | +| main.rs:148:35:148:36 | l9 | main.rs:148:17:148:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:151:9:151:11 | l10 | main.rs:152:31:152:33 | l10 | provenance | | +| main.rs:151:15:151:69 | ...::array::<...>(...) [Ok] | main.rs:151:15:151:78 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:151:15:151:78 | ... .unwrap(...) | main.rs:151:9:151:11 | l10 | provenance | | +| main.rs:151:48:151:68 | ...::min(...) | main.rs:151:15:151:69 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | +| main.rs:151:62:151:62 | v | main.rs:151:48:151:68 | ...::min(...) | provenance | MaD:34 | +| main.rs:152:31:152:33 | l10 | main.rs:152:13:152:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:154:9:154:11 | l11 | main.rs:155:31:155:33 | l11 | provenance | | +| main.rs:154:15:154:69 | ...::array::<...>(...) [Ok] | main.rs:154:15:154:78 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:154:15:154:78 | ... .unwrap(...) | main.rs:154:9:154:11 | l11 | provenance | | +| main.rs:154:48:154:68 | ...::max(...) | main.rs:154:15:154:69 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | +| main.rs:154:62:154:62 | v | main.rs:154:48:154:68 | ...::max(...) | provenance | MaD:33 | +| main.rs:155:31:155:33 | l11 | main.rs:155:13:155:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:161:13:161:15 | l13 | main.rs:162:35:162:37 | l13 | provenance | | +| main.rs:161:19:161:59 | ...::from_size_align(...) [Ok] | main.rs:161:19:161:68 | ... .unwrap(...) | provenance | MaD:31 | +| main.rs:161:19:161:68 | ... .unwrap(...) | main.rs:161:13:161:15 | l13 | provenance | | +| main.rs:161:55:161:55 | v | main.rs:161:19:161:59 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | +| main.rs:162:35:162:37 | l13 | main.rs:162:17:162:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:162:35:162:37 | l13 | main.rs:169:35:169:37 | l13 | provenance | | +| main.rs:169:35:169:37 | l13 | main.rs:169:17:169:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:177:31:177:32 | l1 | main.rs:177:13:177:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:183:29:183:36 | ...: usize | main.rs:192:46:192:46 | v | provenance | | | main.rs:192:9:192:10 | l2 | main.rs:193:38:193:39 | l2 | provenance | | @@ -197,7 +246,7 @@ edges | main.rs:282:54:282:62 | num_bytes | main.rs:282:18:282:66 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | | main.rs:284:40:284:45 | layout | main.rs:284:22:284:38 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:308:25:308:38 | ...::args | main.rs:308:25:308:40 | ...::args(...) [element] | provenance | Src:MaD:16 | -| main.rs:308:25:308:40 | ...::args(...) [element] | main.rs:308:25:308:47 | ... .nth(...) [Some] | provenance | MaD:33 | +| main.rs:308:25:308:40 | ...::args(...) [element] | main.rs:308:25:308:47 | ... .nth(...) [Some] | provenance | MaD:35 | | main.rs:308:25:308:47 | ... .nth(...) [Some] | main.rs:308:25:308:74 | ... .unwrap_or(...) | provenance | MaD:29 | | main.rs:308:25:308:74 | ... .unwrap_or(...) | main.rs:279:24:279:41 | ...: String | provenance | | | main.rs:317:9:317:9 | v | main.rs:320:34:320:34 | v | provenance | | @@ -206,7 +255,7 @@ edges | main.rs:317:9:317:9 | v | main.rs:323:27:323:27 | v | provenance | | | main.rs:317:9:317:9 | v | main.rs:324:25:324:25 | v | provenance | | | main.rs:317:13:317:26 | ...::args | main.rs:317:13:317:28 | ...::args(...) [element] | provenance | Src:MaD:16 | -| main.rs:317:13:317:28 | ...::args(...) [element] | main.rs:317:13:317:35 | ... .nth(...) [Some] | provenance | MaD:33 | +| main.rs:317:13:317:28 | ...::args(...) [element] | main.rs:317:13:317:35 | ... .nth(...) [Some] | provenance | MaD:35 | | main.rs:317:13:317:35 | ... .nth(...) [Some] | main.rs:317:13:317:65 | ... .unwrap_or(...) | provenance | MaD:29 | | main.rs:317:13:317:65 | ... .unwrap_or(...) | main.rs:317:13:317:82 | ... .parse(...) [Ok] | provenance | MaD:32 | | main.rs:317:13:317:82 | ... .parse(...) [Ok] | main.rs:317:13:317:91 | ... .unwrap(...) | provenance | MaD:31 | @@ -249,7 +298,9 @@ models | 30 | Summary: lang:core; ::expect; Argument[self].Field[crate::result::Result::Ok(0)]; ReturnValue; value | | 31 | Summary: lang:core; ::unwrap; Argument[self].Field[crate::result::Result::Ok(0)]; ReturnValue; value | | 32 | Summary: lang:core; ::parse; Argument[self]; ReturnValue.Field[crate::result::Result::Ok(0)]; taint | -| 33 | Summary: lang:core; crate::iter::traits::iterator::Iterator::nth; Argument[self].Element; ReturnValue.Field[crate::option::Option::Some(0)]; value | +| 33 | Summary: lang:core; crate::cmp::max; Argument[0]; ReturnValue; value | +| 34 | Summary: lang:core; crate::cmp::min; Argument[0]; ReturnValue; value | +| 35 | Summary: lang:core; crate::iter::traits::iterator::Iterator::nth; Argument[self].Element; ReturnValue.Field[crate::option::Option::Some(0)]; value | nodes | main.rs:12:36:12:43 | ...: usize | semmle.label | ...: usize | | main.rs:18:13:18:31 | ...::realloc | semmle.label | ...::realloc | @@ -342,6 +393,13 @@ nodes | main.rs:67:46:67:46 | v | semmle.label | v | | main.rs:68:13:68:29 | ...::alloc | semmle.label | ...::alloc | | main.rs:68:31:68:32 | l4 | semmle.label | l4 | +| main.rs:86:35:86:42 | ...: usize | semmle.label | ...: usize | +| main.rs:87:9:87:14 | layout | semmle.label | layout | +| main.rs:87:18:87:58 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | +| main.rs:87:18:87:67 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:87:54:87:54 | v | semmle.label | v | +| main.rs:88:13:88:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:88:31:88:36 | layout | semmle.label | layout | | main.rs:91:38:91:45 | ...: usize | semmle.label | ...: usize | | main.rs:92:9:92:10 | l1 | semmle.label | l1 | | main.rs:92:14:92:48 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | @@ -349,14 +407,49 @@ nodes | main.rs:92:47:92:47 | v | semmle.label | v | | main.rs:96:17:96:33 | ...::alloc | semmle.label | ...::alloc | | main.rs:96:35:96:36 | l1 | semmle.label | l1 | +| main.rs:101:13:101:14 | l3 | semmle.label | l3 | +| main.rs:101:18:101:52 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | +| main.rs:101:18:101:61 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:101:51:101:51 | v | semmle.label | v | | main.rs:102:17:102:33 | ...::alloc | semmle.label | ...::alloc | | main.rs:102:35:102:36 | l1 | semmle.label | l1 | +| main.rs:103:17:103:33 | ...::alloc | semmle.label | ...::alloc | +| main.rs:103:35:103:36 | l3 | semmle.label | l3 | +| main.rs:105:33:105:33 | v | semmle.label | v | | main.rs:109:17:109:33 | ...::alloc | semmle.label | ...::alloc | | main.rs:109:35:109:36 | l1 | semmle.label | l1 | | main.rs:111:17:111:33 | ...::alloc | semmle.label | ...::alloc | | main.rs:111:35:111:36 | l1 | semmle.label | l1 | +| main.rs:145:13:145:14 | l9 | semmle.label | l9 | +| main.rs:145:18:145:52 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | +| main.rs:145:18:145:61 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:145:51:145:51 | v | semmle.label | v | | main.rs:146:17:146:33 | ...::alloc | semmle.label | ...::alloc | | main.rs:146:35:146:36 | l1 | semmle.label | l1 | +| main.rs:148:17:148:33 | ...::alloc | semmle.label | ...::alloc | +| main.rs:148:35:148:36 | l9 | semmle.label | l9 | +| main.rs:151:9:151:11 | l10 | semmle.label | l10 | +| main.rs:151:15:151:69 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | +| main.rs:151:15:151:78 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:151:48:151:68 | ...::min(...) | semmle.label | ...::min(...) | +| main.rs:151:62:151:62 | v | semmle.label | v | +| main.rs:152:13:152:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:152:31:152:33 | l10 | semmle.label | l10 | +| main.rs:154:9:154:11 | l11 | semmle.label | l11 | +| main.rs:154:15:154:69 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | +| main.rs:154:15:154:78 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:154:48:154:68 | ...::max(...) | semmle.label | ...::max(...) | +| main.rs:154:62:154:62 | v | semmle.label | v | +| main.rs:155:13:155:29 | ...::alloc | semmle.label | ...::alloc | +| main.rs:155:31:155:33 | l11 | semmle.label | l11 | +| main.rs:161:13:161:15 | l13 | semmle.label | l13 | +| main.rs:161:19:161:59 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | +| main.rs:161:19:161:68 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:161:55:161:55 | v | semmle.label | v | +| main.rs:162:17:162:33 | ...::alloc | semmle.label | ...::alloc | +| main.rs:162:35:162:37 | l13 | semmle.label | l13 | +| main.rs:169:17:169:33 | ...::alloc | semmle.label | ...::alloc | +| main.rs:169:35:169:37 | l13 | semmle.label | l13 | | main.rs:177:13:177:29 | ...::alloc | semmle.label | ...::alloc | | main.rs:177:31:177:32 | l1 | semmle.label | l1 | | main.rs:183:29:183:36 | ...: usize | semmle.label | ...: usize | diff --git a/rust/ql/test/query-tests/security/CWE-770/main.rs b/rust/ql/test/query-tests/security/CWE-770/main.rs index e9cea0f604a..37533e746ed 100644 --- a/rust/ql/test/query-tests/security/CWE-770/main.rs +++ b/rust/ql/test/query-tests/security/CWE-770/main.rs @@ -85,7 +85,7 @@ unsafe fn test_fn_alloc_bounded(v: usize) { unsafe fn test_fn_alloc_unbounded(v: usize) { let layout = std::alloc::Layout::from_size_align(v, 1).unwrap(); - let _ = std::alloc::alloc(layout); // $ MISSING: Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(layout); // $ Alert[rust/uncontrolled-allocation-size]=arg1 } unsafe fn test_std_alloc_with_bounds(v: usize, limit: usize) { @@ -100,7 +100,7 @@ unsafe fn test_std_alloc_with_bounds(v: usize, limit: usize) { } else { let l3 = std::alloc::Layout::array::(v).unwrap(); let _ = std::alloc::alloc(l1); // $ Alert[rust/uncontrolled-allocation-size]=arg1 - let _ = std::alloc::alloc(l3); // $ MISSING: Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l3); // $ Alert[rust/uncontrolled-allocation-size]=arg1 test_fn_alloc_unbounded(v); } @@ -145,28 +145,28 @@ unsafe fn test_std_alloc_with_bounds(v: usize, limit: usize) { let l9 = std::alloc::Layout::array::(v).unwrap(); let _ = std::alloc::alloc(l1); // $ Alert[rust/uncontrolled-allocation-size]=arg1 let _ = std::alloc::alloc(l8); // $ GOOD (bounded) - let _ = std::alloc::alloc(l9); // $ MISSING: Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l9); // $ Alert[rust/uncontrolled-allocation-size]=arg1 } let l10 = std::alloc::Layout::array::(std::cmp::min(v, 100)).unwrap(); - let _ = std::alloc::alloc(l10); // $ GOOD (bounded) + let _ = std::alloc::alloc(l10); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 let l11 = std::alloc::Layout::array::(std::cmp::max(v, 100)).unwrap(); - let _ = std::alloc::alloc(l11); // $ MISSING: Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l11); // $ Alert[rust/uncontrolled-allocation-size]=arg1 let l12 = std::alloc::Layout::array::(clamp(v, 1, 100)).unwrap(); let _ = std::alloc::alloc(l12); // $ GOOD (bounded) for i in 0..10 { let l13 = std::alloc::Layout::from_size_align(v, 1).unwrap(); - let _ = std::alloc::alloc(l13); // $ MISSING: Alert[rust/uncontrolled-allocation-size]=arg1 + let _ = std::alloc::alloc(l13); // $ Alert[rust/uncontrolled-allocation-size]=arg1 if (v > 1000) { continue; } let l14 = std::alloc::Layout::from_size_align(v, 1).unwrap(); - let _ = std::alloc::alloc(l13); // $ GOOD (bounded) + let _ = std::alloc::alloc(l13); // $ SPURIOUS: Alert[rust/uncontrolled-allocation-size]=arg1 let _ = std::alloc::alloc(l14); // $ GOOD (bounded) } From fb22d5587855a3183602a3b3c3e5c3410268bd2f Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 31 Mar 2025 18:12:30 +0100 Subject: [PATCH 089/409] Rust: Remove duplicate models. --- .../rust/frameworks/stdlib/lang-alloc.model.yml | 4 ---- .../CWE-770/UncontrolledAllocationSize.expected | 15 --------------- 2 files changed, 19 deletions(-) diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-alloc.model.yml b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-alloc.model.yml index 85cd97fb462..999f711ba37 100644 --- a/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-alloc.model.yml +++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/lang-alloc.model.yml @@ -19,7 +19,3 @@ extensions: - ["lang:alloc", "::allocate_zeroed", "Argument[0]", "alloc-layout", "manual"] - ["lang:alloc", "::grow", "Argument[2]", "alloc-layout", "manual"] - ["lang:alloc", "::grow_zeroed", "Argument[2]", "alloc-layout", "manual"] - - ["repo:https://github.com/rust-lang/libc:libc", "::malloc", "Argument[0]", "alloc-size", "manual"] - - ["repo:https://github.com/rust-lang/libc:libc", "::aligned_alloc", "Argument[1]", "alloc-size", "manual"] - - ["repo:https://github.com/rust-lang/libc:libc", "::calloc", "Argument[0,1]", "alloc-size", "manual"] - - ["repo:https://github.com/rust-lang/libc:libc", "::realloc", "Argument[1]", "alloc-size", "manual"] diff --git a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected index fa30dde511b..9cc7f803aac 100644 --- a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected +++ b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected @@ -40,14 +40,9 @@ | main.rs:208:40:208:43 | grow | main.rs:317:13:317:26 | ...::args | main.rs:208:40:208:43 | grow | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:210:40:210:50 | grow_zeroed | main.rs:317:13:317:26 | ...::args | main.rs:210:40:210:50 | grow_zeroed | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:219:13:219:24 | ...::malloc | main.rs:317:13:317:26 | ...::args | main.rs:219:13:219:24 | ...::malloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:219:13:219:24 | ...::malloc | main.rs:317:13:317:26 | ...::args | main.rs:219:13:219:24 | ...::malloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:220:13:220:31 | ...::aligned_alloc | main.rs:317:13:317:26 | ...::args | main.rs:220:13:220:31 | ...::aligned_alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:220:13:220:31 | ...::aligned_alloc | main.rs:317:13:317:26 | ...::args | main.rs:220:13:220:31 | ...::aligned_alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:222:13:222:24 | ...::calloc | main.rs:317:13:317:26 | ...::args | main.rs:222:13:222:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:222:13:222:24 | ...::calloc | main.rs:317:13:317:26 | ...::args | main.rs:222:13:222:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:223:13:223:24 | ...::calloc | main.rs:317:13:317:26 | ...::args | main.rs:223:13:223:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:223:13:223:24 | ...::calloc | main.rs:317:13:317:26 | ...::args | main.rs:223:13:223:24 | ...::calloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | -| main.rs:224:13:224:25 | ...::realloc | main.rs:317:13:317:26 | ...::args | main.rs:224:13:224:25 | ...::realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:224:13:224:25 | ...::realloc | main.rs:317:13:317:26 | ...::args | main.rs:224:13:224:25 | ...::realloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:317:13:317:26 | ...::args | user-provided value | | main.rs:284:22:284:38 | ...::alloc | main.rs:308:25:308:38 | ...::args | main.rs:284:22:284:38 | ...::alloc | This allocation size is derived from a $@ and could allocate arbitrary amounts of memory. | main.rs:308:25:308:38 | ...::args | user-provided value | edges @@ -223,19 +218,14 @@ edges | main.rs:210:60:210:61 | l2 | main.rs:210:40:210:50 | grow_zeroed | provenance | MaD:9 Sink:MaD:9 | | main.rs:217:27:217:34 | ...: usize | main.rs:219:26:219:26 | v | provenance | | | main.rs:219:26:219:26 | v | main.rs:219:13:219:24 | ...::malloc | provenance | MaD:14 Sink:MaD:14 | -| main.rs:219:26:219:26 | v | main.rs:219:13:219:24 | ...::malloc | provenance | MaD:14 Sink:MaD:14 | | main.rs:219:26:219:26 | v | main.rs:220:36:220:36 | v | provenance | | | main.rs:220:36:220:36 | v | main.rs:220:13:220:31 | ...::aligned_alloc | provenance | MaD:12 Sink:MaD:12 | -| main.rs:220:36:220:36 | v | main.rs:220:13:220:31 | ...::aligned_alloc | provenance | MaD:12 Sink:MaD:12 | | main.rs:220:36:220:36 | v | main.rs:222:30:222:30 | v | provenance | | | main.rs:222:30:222:30 | v | main.rs:222:13:222:24 | ...::calloc | provenance | MaD:13 Sink:MaD:13 | -| main.rs:222:30:222:30 | v | main.rs:222:13:222:24 | ...::calloc | provenance | MaD:13 Sink:MaD:13 | | main.rs:222:30:222:30 | v | main.rs:223:26:223:26 | v | provenance | | | main.rs:223:26:223:26 | v | main.rs:223:13:223:24 | ...::calloc | provenance | MaD:13 Sink:MaD:13 | -| main.rs:223:26:223:26 | v | main.rs:223:13:223:24 | ...::calloc | provenance | MaD:13 Sink:MaD:13 | | main.rs:223:26:223:26 | v | main.rs:224:31:224:31 | v | provenance | | | main.rs:224:31:224:31 | v | main.rs:224:13:224:25 | ...::realloc | provenance | MaD:15 Sink:MaD:15 | -| main.rs:224:31:224:31 | v | main.rs:224:13:224:25 | ...::realloc | provenance | MaD:15 Sink:MaD:15 | | main.rs:279:24:279:41 | ...: String | main.rs:280:21:280:47 | user_input.parse(...) [Ok] | provenance | MaD:32 | | main.rs:280:9:280:17 | num_bytes | main.rs:282:54:282:62 | num_bytes | provenance | | | main.rs:280:21:280:47 | user_input.parse(...) [Ok] | main.rs:280:21:280:48 | TryExpr | provenance | | @@ -475,19 +465,14 @@ nodes | main.rs:210:60:210:61 | l2 | semmle.label | l2 | | main.rs:217:27:217:34 | ...: usize | semmle.label | ...: usize | | main.rs:219:13:219:24 | ...::malloc | semmle.label | ...::malloc | -| main.rs:219:13:219:24 | ...::malloc | semmle.label | ...::malloc | | main.rs:219:26:219:26 | v | semmle.label | v | | main.rs:220:13:220:31 | ...::aligned_alloc | semmle.label | ...::aligned_alloc | -| main.rs:220:13:220:31 | ...::aligned_alloc | semmle.label | ...::aligned_alloc | | main.rs:220:36:220:36 | v | semmle.label | v | | main.rs:222:13:222:24 | ...::calloc | semmle.label | ...::calloc | -| main.rs:222:13:222:24 | ...::calloc | semmle.label | ...::calloc | | main.rs:222:30:222:30 | v | semmle.label | v | | main.rs:223:13:223:24 | ...::calloc | semmle.label | ...::calloc | -| main.rs:223:13:223:24 | ...::calloc | semmle.label | ...::calloc | | main.rs:223:26:223:26 | v | semmle.label | v | | main.rs:224:13:224:25 | ...::realloc | semmle.label | ...::realloc | -| main.rs:224:13:224:25 | ...::realloc | semmle.label | ...::realloc | | main.rs:224:31:224:31 | v | semmle.label | v | | main.rs:279:24:279:41 | ...: String | semmle.label | ...: String | | main.rs:280:9:280:17 | num_bytes | semmle.label | num_bytes | From ff2a1ca961b95881bbff2b164e6d50e8a2f91628 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 11 Mar 2025 17:31:13 +0000 Subject: [PATCH 090/409] Rust: Group the data in rust/summary/summary-statistics. --- rust/ql/src/queries/summary/SummaryStats.ql | 37 +++++++++++++++------ 1 file changed, 26 insertions(+), 11 deletions(-) diff --git a/rust/ql/src/queries/summary/SummaryStats.ql b/rust/ql/src/queries/summary/SummaryStats.ql index 69ab796c869..d9c88a7c56e 100644 --- a/rust/ql/src/queries/summary/SummaryStats.ql +++ b/rust/ql/src/queries/summary/SummaryStats.ql @@ -9,7 +9,6 @@ import rust import codeql.rust.Concepts import codeql.rust.security.SensitiveData -import codeql.rust.security.WeakSensitiveDataHashingExtensions import codeql.rust.Diagnostics import Stats import TaintReach @@ -22,13 +21,14 @@ class CrateElement extends Element { } } -from string key, int value -where +predicate elementStats(string key, int value) { key = "Elements extracted" and value = count(Element e | not e instanceof Unextracted and not e instanceof CrateElement) or key = "Elements unextracted" and value = count(Unextracted e) - or +} + +predicate extractionStats(string key, int value) { key = "Extraction errors" and value = count(ExtractionError e) or key = "Extraction warnings" and value = count(ExtractionWarning w) @@ -53,6 +53,14 @@ where or key = "Lines of user code extracted" and value = getLinesOfUserCode() or + key = "Macro calls - total" and value = count(MacroCall mc) + or + key = "Macro calls - resolved" and value = count(MacroCall mc | mc.hasExpanded()) + or + key = "Macro calls - unresolved" and value = count(MacroCall mc | not mc.hasExpanded()) +} + +predicate inconsistencyStats(string key, int value) { key = "Inconsistencies - AST" and value = getTotalAstInconsistencies() or key = "Inconsistencies - Path resolution" and value = getTotalPathResolutionInconsistencies() @@ -60,13 +68,9 @@ where key = "Inconsistencies - CFG" and value = getTotalCfgInconsistencies() or key = "Inconsistencies - data flow" and value = getTotalDataFlowInconsistencies() - or - key = "Macro calls - total" and value = count(MacroCall mc) - or - key = "Macro calls - resolved" and value = count(MacroCall mc | mc.hasExpanded()) - or - key = "Macro calls - unresolved" and value = count(MacroCall mc | not mc.hasExpanded()) - or +} + +predicate taintStats(string key, int value) { key = "Taint sources - active" and value = count(ActiveThreatModelSource s) or key = "Taint sources - disabled" and @@ -84,4 +88,15 @@ where or key = "Taint sinks - cryptographic operations" and value = count(Cryptography::CryptographicOperation o) +} + +from string key, int value +where + elementStats(key, value) + or + extractionStats(key, value) + or + inconsistencyStats(key, value) + or + taintStats(key, value) select key, value order by key From 8737acb6a95715602f92a4699421cc1c61770cfe Mon Sep 17 00:00:00 2001 From: Marco Gario Date: Mon, 31 Mar 2025 20:42:03 +0200 Subject: [PATCH 091/409] Update actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql Co-authored-by: Andrew Eisenberg --- actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql b/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql index 90feab533a4..9676e942f7c 100644 --- a/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql +++ b/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql @@ -1,5 +1,5 @@ /** - * @name Checkout of untrusted code in priviledged context + * @name Checkout of untrusted code in a priviledged context * @description Privileged workflows have read/write access to the base repository and access to secrets. * By explicitly checking out and running the build script from a fork the untrusted code is running in an environment * that is able to push to the base repository and to access secrets. From 1186699269225a58ea4a8a0b79e1940ef4afc9b1 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 1 Apr 2025 00:25:24 +0000 Subject: [PATCH 092/409] Add changed framework coverage reports --- csharp/documentation/library-coverage/coverage.csv | 2 +- csharp/documentation/library-coverage/coverage.rst | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/csharp/documentation/library-coverage/coverage.csv b/csharp/documentation/library-coverage/coverage.csv index 21bf90cae72..8ec9be90060 100644 --- a/csharp/documentation/library-coverage/coverage.csv +++ b/csharp/documentation/library-coverage/coverage.csv @@ -42,5 +42,5 @@ MySql.Data.MySqlClient,48,,,,,,,,,,,,48,,,,,,,,,, Newtonsoft.Json,,,91,,,,,,,,,,,,,,,,,,,73,18 ServiceStack,194,,7,27,,,,,75,,,,92,,,,,,,,,7, SourceGenerators,,,5,,,,,,,,,,,,,,,,,,,,5 -System,54,47,12241,,6,5,5,,,4,1,,33,2,,6,15,17,4,3,,5941,6300 +System,54,47,12255,,6,5,5,,,4,1,,33,2,,6,15,17,4,3,,5955,6300 Windows.Security.Cryptography.Core,1,,,,,,,1,,,,,,,,,,,,,,, diff --git a/csharp/documentation/library-coverage/coverage.rst b/csharp/documentation/library-coverage/coverage.rst index 3288a1fbaa9..64adc583943 100644 --- a/csharp/documentation/library-coverage/coverage.rst +++ b/csharp/documentation/library-coverage/coverage.rst @@ -8,7 +8,7 @@ C# framework & library support Framework / library,Package,Flow sources,Taint & value steps,Sinks (total),`CWE-079` :sub:`Cross-site scripting` `ServiceStack `_,"``ServiceStack.*``, ``ServiceStack``",,7,194, - System,"``System.*``, ``System``",47,12241,54,5 + System,"``System.*``, ``System``",47,12255,54,5 Others,"``Amazon.Lambda.APIGatewayEvents``, ``Amazon.Lambda.Core``, ``Dapper``, ``ILCompiler``, ``ILLink.RoslynAnalyzer``, ``ILLink.Shared``, ``ILLink.Tasks``, ``Internal.IL``, ``Internal.Pgo``, ``Internal.TypeSystem``, ``Microsoft.ApplicationBlocks.Data``, ``Microsoft.AspNetCore.Components``, ``Microsoft.AspNetCore.Http``, ``Microsoft.AspNetCore.Mvc``, ``Microsoft.AspNetCore.WebUtilities``, ``Microsoft.CSharp``, ``Microsoft.Diagnostics.Tools.Pgo``, ``Microsoft.DotNet.Build.Tasks``, ``Microsoft.DotNet.PlatformAbstractions``, ``Microsoft.EntityFrameworkCore``, ``Microsoft.Extensions.Caching.Distributed``, ``Microsoft.Extensions.Caching.Memory``, ``Microsoft.Extensions.Configuration``, ``Microsoft.Extensions.DependencyInjection``, ``Microsoft.Extensions.DependencyModel``, ``Microsoft.Extensions.Diagnostics.Metrics``, ``Microsoft.Extensions.FileProviders``, ``Microsoft.Extensions.FileSystemGlobbing``, ``Microsoft.Extensions.Hosting``, ``Microsoft.Extensions.Http``, ``Microsoft.Extensions.Logging``, ``Microsoft.Extensions.Options``, ``Microsoft.Extensions.Primitives``, ``Microsoft.Interop``, ``Microsoft.JSInterop``, ``Microsoft.NET.Build.Tasks``, ``Microsoft.VisualBasic``, ``Microsoft.Win32``, ``Mono.Linker``, ``MySql.Data.MySqlClient``, ``Newtonsoft.Json``, ``SourceGenerators``, ``Windows.Security.Cryptography.Core``",60,2272,152,4 - Totals,,107,14520,400,9 + Totals,,107,14534,400,9 From ba26953f0b66d60239574b0b0bb68733a11cfd49 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 26 Mar 2025 12:02:43 +0100 Subject: [PATCH 093/409] C#: Update generated .NET 9 models. --- csharp/ql/lib/ext/generated/System.Net.Http.model.yml | 5 +---- csharp/ql/lib/ext/generated/System.model.yml | 9 --------- 2 files changed, 1 insertion(+), 13 deletions(-) diff --git a/csharp/ql/lib/ext/generated/System.Net.Http.model.yml b/csharp/ql/lib/ext/generated/System.Net.Http.model.yml index d080bab51f3..90bc48a115f 100644 --- a/csharp/ql/lib/ext/generated/System.Net.Http.model.yml +++ b/csharp/ql/lib/ext/generated/System.Net.Http.model.yml @@ -44,10 +44,7 @@ extensions: - ["System.Net.Http", "HttpMethod", False, "ToString", "()", "", "Argument[this].SyntheticField[System.Net.Http.HttpMethod._method]", "ReturnValue", "value", "dfc-generated"] - ["System.Net.Http", "HttpMethod", False, "get_Method", "()", "", "Argument[this].SyntheticField[System.Net.Http.HttpMethod._method]", "ReturnValue", "value", "dfc-generated"] - ["System.Net.Http", "HttpRequestException", False, "HttpRequestException", "(System.String,System.Exception,System.Nullable)", "", "Argument[2]", "Argument[this].Property[System.Net.Http.HttpRequestException.StatusCode]", "value", "dfc-generated"] - - ["System.Net.Http", "HttpRequestMessage", False, "HttpRequestMessage", "(System.Net.Http.HttpMethod,System.Uri)", "", "Argument[0]", "Argument[this].SyntheticField[System.Net.Http.HttpRequestMessage._method]", "value", "dfc-generated"] - - ["System.Net.Http", "HttpRequestMessage", False, "HttpRequestMessage", "(System.Net.Http.HttpMethod,System.Uri)", "", "Argument[1]", "Argument[this].SyntheticField[System.Net.Http.HttpRequestMessage._requestUri]", "value", "dfc-generated"] - - ["System.Net.Http", "HttpRequestMessage", False, "ToString", "()", "", "Argument[this].SyntheticField[System.Net.Http.HttpRequestMessage._method]", "ReturnValue", "taint", "dfc-generated"] - - ["System.Net.Http", "HttpRequestMessage", False, "ToString", "()", "", "Argument[this].SyntheticField[System.Net.Http.HttpRequestMessage._requestUri]", "ReturnValue", "taint", "dfc-generated"] + - ["System.Net.Http", "HttpRequestMessage", False, "ToString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Net.Http", "HttpRequestMessage", False, "get_Properties", "()", "", "Argument[this].Property[System.Net.Http.HttpRequestMessage.Options]", "ReturnValue", "value", "dfc-generated"] - ["System.Net.Http", "HttpRequestOptions", False, "get_Keys", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Net.Http", "HttpRequestOptions", False, "get_Values", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.model.yml b/csharp/ql/lib/ext/generated/System.model.yml index b594d40ba1b..03b23b02725 100644 --- a/csharp/ql/lib/ext/generated/System.model.yml +++ b/csharp/ql/lib/ext/generated/System.model.yml @@ -746,13 +746,6 @@ extensions: - ["System", "Uri", False, "get_LocalPath", "()", "", "Argument[this].SyntheticField[System.Uri._string]", "ReturnValue", "value", "dfc-generated"] - ["System", "Uri", False, "get_Scheme", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System", "Uri", False, "get_UserInfo", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System", "UriBuilder", False, "UriBuilder", "(System.String)", "", "Argument[0]", "Argument[this].SyntheticField[System.UriBuilder._uri]", "taint", "dfc-generated"] - - ["System", "UriBuilder", False, "UriBuilder", "(System.String,System.String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["System", "UriBuilder", False, "UriBuilder", "(System.String,System.String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["System", "UriBuilder", False, "UriBuilder", "(System.String,System.String,System.Int32,System.String)", "", "Argument[3]", "Argument[this]", "taint", "df-generated"] - - ["System", "UriBuilder", False, "UriBuilder", "(System.String,System.String,System.Int32,System.String,System.String)", "", "Argument[4]", "Argument[this]", "taint", "df-generated"] - - ["System", "UriBuilder", False, "UriBuilder", "(System.Uri)", "", "Argument[0]", "Argument[this].SyntheticField[System.UriBuilder._uri]", "value", "dfc-generated"] - - ["System", "UriBuilder", False, "get_Uri", "()", "", "Argument[this].SyntheticField[System.UriBuilder._uri]", "ReturnValue", "value", "dfc-generated"] - ["System", "UriParser", False, "Register", "(System.UriParser,System.String,System.Int32)", "", "Argument[1]", "Argument[0]", "taint", "df-generated"] - ["System", "UriParser", True, "GetComponents", "(System.Uri,System.UriComponents,System.UriFormat)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System", "UriParser", True, "OnNewUri", "()", "", "Argument[this]", "ReturnValue", "value", "dfc-generated"] @@ -5395,8 +5388,6 @@ extensions: - ["System", "Uri", "op_Inequality", "(System.Uri,System.Uri)", "summary", "df-generated"] - ["System", "UriBuilder", "Equals", "(System.Object)", "summary", "df-generated"] - ["System", "UriBuilder", "GetHashCode", "()", "summary", "df-generated"] - - ["System", "UriBuilder", "ToString", "()", "summary", "df-generated"] - - ["System", "UriBuilder", "UriBuilder", "(System.String,System.String,System.Int32)", "summary", "df-generated"] - ["System", "UriFormatException", "UriFormatException", "(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext)", "summary", "df-generated"] - ["System", "UriFormatException", "UriFormatException", "(System.String)", "summary", "df-generated"] - ["System", "UriFormatException", "UriFormatException", "(System.String,System.Exception)", "summary", "df-generated"] From 2487f7734b874d380e3299250f2f21737c27beba Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 26 Mar 2025 12:55:37 +0100 Subject: [PATCH 094/409] C#: Update the generated .NET 9 models. --- .../ILLink.RoslynAnalyzer.DataFlow.model.yml | 6 +- .../generated/Internal.TypeSystem.model.yml | 24 +++--- .../Microsoft.Diagnostics.Tools.Pgo.model.yml | 6 +- ...guration.Binder.SourceGeneration.model.yml | 9 +- ...crosoft.Extensions.Configuration.model.yml | 2 +- ...t.Extensions.Diagnostics.Metrics.model.yml | 2 +- .../Microsoft.Extensions.Primitives.model.yml | 4 +- .../ext/generated/Microsoft.Interop.model.yml | 26 +++--- ...oft.VisualBasic.CompilerServices.model.yml | 6 +- .../generated/Microsoft.VisualBasic.model.yml | 12 +-- .../ext/generated/Mono.Linker.Steps.model.yml | 6 +- .../lib/ext/generated/Mono.Linker.model.yml | 6 +- .../ext/generated/System.Buffers.model.yml | 46 +++++----- .../System.CodeDom.Compiler.model.yml | 12 +-- .../System.Collections.Concurrent.model.yml | 12 +-- .../System.Collections.Frozen.model.yml | 8 +- .../System.Collections.Generic.model.yml | 34 ++++---- .../System.Collections.Immutable.model.yml | 67 +++++++-------- .../System.Collections.ObjectModel.model.yml | 5 +- .../generated/System.Collections.model.yml | 3 +- ...mponentModel.Composition.Hosting.model.yml | 6 +- ...odel.Composition.ReflectionModel.model.yml | 2 +- .../System.Composition.Hosting.Core.model.yml | 6 +- .../generated/System.Composition.model.yml | 10 +-- .../System.Configuration.Internal.model.yml | 7 +- .../generated/System.Data.Common.model.yml | 2 +- .../System.Diagnostics.Tracing.model.yml | 7 +- .../generated/System.Diagnostics.model.yml | 15 ++-- .../ext/generated/System.Dynamic.model.yml | 2 +- .../generated/System.Formats.Asn1.model.yml | 6 +- .../generated/System.IO.Enumeration.model.yml | 4 +- .../ql/lib/ext/generated/System.IO.model.yml | 4 +- .../System.Net.Http.Headers.model.yml | 12 +-- .../ext/generated/System.Net.Mail.model.yml | 22 ++--- .../generated/System.Net.Sockets.model.yml | 24 +++--- .../ext/generated/System.Numerics.model.yml | 4 +- .../System.Reflection.Emit.model.yml | 1 + ...stem.Reflection.Metadata.Ecma335.model.yml | 12 +-- .../System.Reflection.Metadata.model.yml | 2 +- ...em.Reflection.PortableExecutable.model.yml | 2 +- .../ext/generated/System.Reflection.model.yml | 4 - .../ext/generated/System.Resources.model.yml | 2 +- .../System.Runtime.CompilerServices.model.yml | 84 ++++++++----------- ...time.InteropServices.Marshalling.model.yml | 4 +- .../System.Runtime.InteropServices.model.yml | 17 ++-- .../System.Runtime.Intrinsics.model.yml | 8 +- ...time.Serialization.DataContracts.model.yml | 4 +- .../System.Runtime.Serialization.model.yml | 4 +- ...ystem.Security.Cryptography.Pkcs.model.yml | 10 +-- ...System.Security.Cryptography.Xml.model.yml | 2 +- .../System.Text.Json.Nodes.model.yml | 4 +- .../System.Text.Json.Serialization.model.yml | 3 +- .../ext/generated/System.Text.Json.model.yml | 26 +++--- .../System.Text.RegularExpressions.model.yml | 2 +- .../generated/System.Text.Unicode.model.yml | 4 +- .../System.Threading.RateLimiting.model.yml | 4 +- .../System.Threading.Tasks.Dataflow.model.yml | 6 +- .../ext/generated/System.Threading.model.yml | 40 +++++---- .../System.Xml.Serialization.model.yml | 5 +- .../System.Xml.Xsl.Runtime.model.yml | 11 +-- .../ql/lib/ext/generated/System.Xml.model.yml | 12 +-- csharp/ql/lib/ext/generated/System.model.yml | 28 +++---- 62 files changed, 348 insertions(+), 382 deletions(-) diff --git a/csharp/ql/lib/ext/generated/ILLink.RoslynAnalyzer.DataFlow.model.yml b/csharp/ql/lib/ext/generated/ILLink.RoslynAnalyzer.DataFlow.model.yml index 7bec23ae842..a70583ae7d0 100644 --- a/csharp/ql/lib/ext/generated/ILLink.RoslynAnalyzer.DataFlow.model.yml +++ b/csharp/ql/lib/ext/generated/ILLink.RoslynAnalyzer.DataFlow.model.yml @@ -11,9 +11,9 @@ extensions: - ["ILLink.RoslynAnalyzer.DataFlow", "ControlFlowGraphProxy", False, "CreateProxyBranch", "(Microsoft.CodeAnalysis.FlowAnalysis.ControlFlowBranch)", "", "Argument[0].Property[Microsoft.CodeAnalysis.FlowAnalysis.ControlFlowBranch.Source]", "ReturnValue.Field[ILLink.Shared.DataFlow.IControlFlowGraph`2+ControlFlowBranch.Source].Property[ILLink.RoslynAnalyzer.DataFlow.BlockProxy.Block]", "value", "dfc-generated"] - ["ILLink.RoslynAnalyzer.DataFlow", "ControlFlowGraphProxy", False, "FirstBlock", "(ILLink.RoslynAnalyzer.DataFlow.RegionProxy)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["ILLink.RoslynAnalyzer.DataFlow", "ControlFlowGraphProxy", False, "LastBlock", "(ILLink.RoslynAnalyzer.DataFlow.RegionProxy)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["ILLink.RoslynAnalyzer.DataFlow", "ControlFlowGraphProxy", False, "TryGetEnclosingFinally", "(ILLink.RoslynAnalyzer.DataFlow.BlockProxy,ILLink.RoslynAnalyzer.DataFlow.RegionProxy)", "", "Argument[0].Property[ILLink.RoslynAnalyzer.DataFlow.BlockProxy.Block].Property[Microsoft.CodeAnalysis.FlowAnalysis.BasicBlock.EnclosingRegion]", "ReturnValue.Property[ILLink.RoslynAnalyzer.DataFlow.RegionProxy.Region]", "value", "dfc-generated"] - - ["ILLink.RoslynAnalyzer.DataFlow", "ControlFlowGraphProxy", False, "TryGetEnclosingTryOrCatchOrFilter", "(ILLink.RoslynAnalyzer.DataFlow.BlockProxy,ILLink.RoslynAnalyzer.DataFlow.RegionProxy)", "", "Argument[0].Property[ILLink.RoslynAnalyzer.DataFlow.BlockProxy.Block].Property[Microsoft.CodeAnalysis.FlowAnalysis.BasicBlock.EnclosingRegion]", "ReturnValue.Property[ILLink.RoslynAnalyzer.DataFlow.RegionProxy.Region]", "value", "dfc-generated"] - - ["ILLink.RoslynAnalyzer.DataFlow", "ControlFlowGraphProxy", False, "TryGetEnclosingTryOrCatchOrFilter", "(ILLink.RoslynAnalyzer.DataFlow.RegionProxy,ILLink.RoslynAnalyzer.DataFlow.RegionProxy)", "", "Argument[0].Property[ILLink.RoslynAnalyzer.DataFlow.RegionProxy.Region].Property[Microsoft.CodeAnalysis.FlowAnalysis.ControlFlowRegion.EnclosingRegion]", "ReturnValue.Property[ILLink.RoslynAnalyzer.DataFlow.RegionProxy.Region]", "value", "dfc-generated"] + - ["ILLink.RoslynAnalyzer.DataFlow", "ControlFlowGraphProxy", False, "TryGetEnclosingFinally", "(ILLink.RoslynAnalyzer.DataFlow.BlockProxy,ILLink.RoslynAnalyzer.DataFlow.RegionProxy)", "", "Argument[0].Property[ILLink.RoslynAnalyzer.DataFlow.BlockProxy.Block].Property[Microsoft.CodeAnalysis.FlowAnalysis.BasicBlock.EnclosingRegion]", "Argument[1].Property[ILLink.RoslynAnalyzer.DataFlow.RegionProxy.Region]", "value", "dfc-generated"] + - ["ILLink.RoslynAnalyzer.DataFlow", "ControlFlowGraphProxy", False, "TryGetEnclosingTryOrCatchOrFilter", "(ILLink.RoslynAnalyzer.DataFlow.BlockProxy,ILLink.RoslynAnalyzer.DataFlow.RegionProxy)", "", "Argument[0].Property[ILLink.RoslynAnalyzer.DataFlow.BlockProxy.Block].Property[Microsoft.CodeAnalysis.FlowAnalysis.BasicBlock.EnclosingRegion]", "Argument[1].Property[ILLink.RoslynAnalyzer.DataFlow.RegionProxy.Region]", "value", "dfc-generated"] + - ["ILLink.RoslynAnalyzer.DataFlow", "ControlFlowGraphProxy", False, "TryGetEnclosingTryOrCatchOrFilter", "(ILLink.RoslynAnalyzer.DataFlow.RegionProxy,ILLink.RoslynAnalyzer.DataFlow.RegionProxy)", "", "Argument[0].Property[ILLink.RoslynAnalyzer.DataFlow.RegionProxy.Region].Property[Microsoft.CodeAnalysis.FlowAnalysis.ControlFlowRegion.EnclosingRegion]", "Argument[1].Property[ILLink.RoslynAnalyzer.DataFlow.RegionProxy.Region]", "value", "dfc-generated"] - ["ILLink.RoslynAnalyzer.DataFlow", "ControlFlowGraphProxy", False, "get_Blocks", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["ILLink.RoslynAnalyzer.DataFlow", "ControlFlowGraphProxy", False, "get_Entry", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["ILLink.RoslynAnalyzer.DataFlow", "FeatureChecksValue", False, "And", "(ILLink.RoslynAnalyzer.DataFlow.FeatureChecksValue)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/Internal.TypeSystem.model.yml b/csharp/ql/lib/ext/generated/Internal.TypeSystem.model.yml index be631bb427c..e6b9fb39e71 100644 --- a/csharp/ql/lib/ext/generated/Internal.TypeSystem.model.yml +++ b/csharp/ql/lib/ext/generated/Internal.TypeSystem.model.yml @@ -91,7 +91,7 @@ extensions: - ["Internal.TypeSystem", "LockFreeReaderHashtable", False, "AddOrGetExisting", "(TValue)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["Internal.TypeSystem", "LockFreeReaderHashtable", False, "GetOrCreateValue", "(TKey)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["Internal.TypeSystem", "LockFreeReaderHashtable", False, "GetValueIfExists", "(TValue)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["Internal.TypeSystem", "LockFreeReaderHashtable", False, "TryGetValue", "(TKey,TValue)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["Internal.TypeSystem", "LockFreeReaderHashtable", False, "TryGetValue", "(TKey,TValue)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - ["Internal.TypeSystem", "MarshalAsDescriptor", False, "MarshalAsDescriptor", "(Internal.TypeSystem.NativeTypeKind,Internal.TypeSystem.NativeTypeKind,System.Nullable,System.Nullable,Internal.TypeSystem.TypeDesc,System.String)", "", "Argument[2]", "Argument[this].Property[Internal.TypeSystem.MarshalAsDescriptor.SizeParamIndex]", "value", "dfc-generated"] - ["Internal.TypeSystem", "MarshalAsDescriptor", False, "MarshalAsDescriptor", "(Internal.TypeSystem.NativeTypeKind,Internal.TypeSystem.NativeTypeKind,System.Nullable,System.Nullable,Internal.TypeSystem.TypeDesc,System.String)", "", "Argument[3]", "Argument[this].Property[Internal.TypeSystem.MarshalAsDescriptor.SizeConst]", "value", "dfc-generated"] - ["Internal.TypeSystem", "MarshalAsDescriptor", False, "MarshalAsDescriptor", "(Internal.TypeSystem.NativeTypeKind,Internal.TypeSystem.NativeTypeKind,System.Nullable,System.Nullable,Internal.TypeSystem.TypeDesc,System.String)", "", "Argument[4]", "Argument[this].SyntheticField[Internal.TypeSystem.MarshalAsDescriptor._marshallerType]", "value", "dfc-generated"] @@ -99,9 +99,6 @@ extensions: - ["Internal.TypeSystem", "MarshalAsDescriptor", False, "get_Cookie", "()", "", "Argument[this].SyntheticField[Internal.TypeSystem.MarshalAsDescriptor._cookie]", "ReturnValue", "value", "dfc-generated"] - ["Internal.TypeSystem", "MarshalAsDescriptor", False, "get_MarshallerType", "()", "", "Argument[this].SyntheticField[Internal.TypeSystem.MarshalAsDescriptor._marshallerType]", "ReturnValue", "value", "dfc-generated"] - ["Internal.TypeSystem", "MetadataFieldLayoutAlgorithm", False, "CalculateFieldBaseOffset", "(Internal.TypeSystem.MetadataType,System.Boolean,System.Boolean)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["Internal.TypeSystem", "MetadataFieldLayoutAlgorithm", True, "AlignBaseOffsetIfNecessary", "(Internal.TypeSystem.MetadataType,Internal.TypeSystem.LayoutInt,System.Boolean,System.Boolean)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["Internal.TypeSystem", "MetadataFieldLayoutAlgorithm", True, "FinalizeRuntimeSpecificStaticFieldLayout", "(Internal.TypeSystem.TypeSystemContext,Internal.TypeSystem.ComputedStaticFieldLayout)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["Internal.TypeSystem", "MetadataFieldLayoutAlgorithm", True, "PrepareRuntimeSpecificStaticFieldLayout", "(Internal.TypeSystem.TypeSystemContext,Internal.TypeSystem.ComputedStaticFieldLayout)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - ["Internal.TypeSystem", "MetadataType", False, "get_VirtualMethodImplsForType", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["Internal.TypeSystem", "MetadataType", True, "ComputeVirtualMethodImplsForType", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["Internal.TypeSystem", "MetadataType", True, "GetNestedTypes", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] @@ -111,8 +108,8 @@ extensions: - ["Internal.TypeSystem", "MetadataTypeSystemContext", True, "SetSystemModule", "(Internal.TypeSystem.ModuleDesc)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["Internal.TypeSystem", "MetadataVirtualMethodAlgorithm", False, "EnumAllVirtualSlots", "(Internal.TypeSystem.MetadataType)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["Internal.TypeSystem", "MetadataVirtualMethodAlgorithm", False, "FindSlotDefiningMethodForVirtualMethod", "(Internal.TypeSystem.MethodDesc)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["Internal.TypeSystem", "MetadataVirtualMethodAlgorithm", False, "ResolveVariantInterfaceMethodToDefaultImplementationOnType", "(Internal.TypeSystem.MethodDesc,Internal.TypeSystem.MetadataType,Internal.TypeSystem.MethodDesc)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["Internal.TypeSystem", "MetadataVirtualMethodAlgorithm", False, "ResolveVariantInterfaceMethodToDefaultImplementationOnType", "(Internal.TypeSystem.MethodDesc,Internal.TypeSystem.MetadataType,Internal.TypeSystem.MethodDesc)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"] + - ["Internal.TypeSystem", "MetadataVirtualMethodAlgorithm", False, "ResolveVariantInterfaceMethodToDefaultImplementationOnType", "(Internal.TypeSystem.MethodDesc,Internal.TypeSystem.MetadataType,Internal.TypeSystem.MethodDesc)", "", "Argument[0]", "Argument[2]", "taint", "df-generated"] + - ["Internal.TypeSystem", "MetadataVirtualMethodAlgorithm", False, "ResolveVariantInterfaceMethodToDefaultImplementationOnType", "(Internal.TypeSystem.MethodDesc,Internal.TypeSystem.MetadataType,Internal.TypeSystem.MethodDesc)", "", "Argument[1]", "Argument[2]", "taint", "df-generated"] - ["Internal.TypeSystem", "MetadataVirtualMethodAlgorithm", False, "ResolveVariantInterfaceMethodToVirtualMethodOnType", "(Internal.TypeSystem.MethodDesc,Internal.TypeSystem.MetadataType)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"] - ["Internal.TypeSystem", "MethodDelegator", False, "MethodDelegator", "(Internal.TypeSystem.MethodDesc)", "", "Argument[0]", "Argument[this].Field[Internal.TypeSystem.MethodDelegator._wrappedMethod]", "value", "dfc-generated"] - ["Internal.TypeSystem", "MethodDelegator", True, "get_Context", "()", "", "Argument[this].Field[Internal.TypeSystem.MethodDelegator._wrappedMethod].Property[Internal.TypeSystem.TypeSystemEntity.Context]", "ReturnValue", "value", "dfc-generated"] @@ -276,10 +273,10 @@ extensions: - ["Internal.TypeSystem", "TypeSystemHelpers", False, "InstantiateAsOpen", "(Internal.TypeSystem.TypeDesc)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["Internal.TypeSystem", "TypeSystemHelpers", False, "ResolveInterfaceMethodTarget", "(Internal.TypeSystem.TypeDesc,Internal.TypeSystem.MethodDesc)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["Internal.TypeSystem", "TypeSystemHelpers", False, "ResolveInterfaceMethodTargetWithVariance", "(Internal.TypeSystem.TypeDesc,Internal.TypeSystem.MethodDesc)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["Internal.TypeSystem", "TypeSystemHelpers", False, "ResolveInterfaceMethodToDefaultImplementationOnType", "(Internal.TypeSystem.TypeDesc,Internal.TypeSystem.MethodDesc,Internal.TypeSystem.MethodDesc)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] + - ["Internal.TypeSystem", "TypeSystemHelpers", False, "ResolveInterfaceMethodToDefaultImplementationOnType", "(Internal.TypeSystem.TypeDesc,Internal.TypeSystem.MethodDesc,Internal.TypeSystem.MethodDesc)", "", "Argument[1]", "Argument[2]", "value", "dfc-generated"] - ["Internal.TypeSystem", "TypeSystemHelpers", False, "ResolveInterfaceMethodToVirtualMethodOnType", "(Internal.TypeSystem.TypeDesc,Internal.TypeSystem.MethodDesc)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["Internal.TypeSystem", "TypeSystemHelpers", False, "ResolveVariantInterfaceMethodToDefaultImplementationOnType", "(Internal.TypeSystem.TypeDesc,Internal.TypeSystem.MethodDesc,Internal.TypeSystem.MethodDesc)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["Internal.TypeSystem", "TypeSystemHelpers", False, "ResolveVariantInterfaceMethodToDefaultImplementationOnType", "(Internal.TypeSystem.TypeDesc,Internal.TypeSystem.MethodDesc,Internal.TypeSystem.MethodDesc)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"] + - ["Internal.TypeSystem", "TypeSystemHelpers", False, "ResolveVariantInterfaceMethodToDefaultImplementationOnType", "(Internal.TypeSystem.TypeDesc,Internal.TypeSystem.MethodDesc,Internal.TypeSystem.MethodDesc)", "", "Argument[0]", "Argument[2]", "taint", "df-generated"] + - ["Internal.TypeSystem", "TypeSystemHelpers", False, "ResolveVariantInterfaceMethodToDefaultImplementationOnType", "(Internal.TypeSystem.TypeDesc,Internal.TypeSystem.MethodDesc,Internal.TypeSystem.MethodDesc)", "", "Argument[1]", "Argument[2]", "taint", "df-generated"] - ["Internal.TypeSystem", "TypeSystemHelpers", False, "ResolveVariantInterfaceMethodToVirtualMethodOnType", "(Internal.TypeSystem.TypeDesc,Internal.TypeSystem.MethodDesc)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["Internal.TypeSystem", "TypeWithRepeatedFields", False, "TypeWithRepeatedFields", "(Internal.TypeSystem.MetadataType)", "", "Argument[0]", "Argument[this].SyntheticField[Internal.TypeSystem.TypeWithRepeatedFields.MetadataType]", "value", "dfc-generated"] - ["Internal.TypeSystem", "TypeWithRepeatedFields", False, "get_ContainingType", "()", "", "Argument[this].SyntheticField[Internal.TypeSystem.TypeWithRepeatedFields.MetadataType].Property[Internal.TypeSystem.MetadataType.ContainingType]", "ReturnValue", "value", "dfc-generated"] @@ -290,10 +287,10 @@ extensions: - ["Internal.TypeSystem", "TypeWithRepeatedFieldsFieldLayoutAlgorithm", False, "TypeWithRepeatedFieldsFieldLayoutAlgorithm", "(Internal.TypeSystem.FieldLayoutAlgorithm)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["Internal.TypeSystem", "VirtualMethodAlgorithm", True, "ComputeAllVirtualSlots", "(Internal.TypeSystem.TypeDesc)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["Internal.TypeSystem", "VirtualMethodAlgorithm", True, "FindVirtualFunctionTargetMethodOnObjectType", "(Internal.TypeSystem.MethodDesc,Internal.TypeSystem.TypeDesc)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"] - - ["Internal.TypeSystem", "VirtualMethodAlgorithm", True, "ResolveInterfaceMethodToDefaultImplementationOnType", "(Internal.TypeSystem.MethodDesc,Internal.TypeSystem.TypeDesc,Internal.TypeSystem.MethodDesc)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] + - ["Internal.TypeSystem", "VirtualMethodAlgorithm", True, "ResolveInterfaceMethodToDefaultImplementationOnType", "(Internal.TypeSystem.MethodDesc,Internal.TypeSystem.TypeDesc,Internal.TypeSystem.MethodDesc)", "", "Argument[0]", "Argument[2]", "value", "dfc-generated"] - ["Internal.TypeSystem", "VirtualMethodAlgorithm", True, "ResolveInterfaceMethodToVirtualMethodOnType", "(Internal.TypeSystem.MethodDesc,Internal.TypeSystem.TypeDesc)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"] - - ["Internal.TypeSystem", "VirtualMethodAlgorithm", True, "ResolveVariantInterfaceMethodToDefaultImplementationOnType", "(Internal.TypeSystem.MethodDesc,Internal.TypeSystem.TypeDesc,Internal.TypeSystem.MethodDesc)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["Internal.TypeSystem", "VirtualMethodAlgorithm", True, "ResolveVariantInterfaceMethodToDefaultImplementationOnType", "(Internal.TypeSystem.MethodDesc,Internal.TypeSystem.TypeDesc,Internal.TypeSystem.MethodDesc)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"] + - ["Internal.TypeSystem", "VirtualMethodAlgorithm", True, "ResolveVariantInterfaceMethodToDefaultImplementationOnType", "(Internal.TypeSystem.MethodDesc,Internal.TypeSystem.TypeDesc,Internal.TypeSystem.MethodDesc)", "", "Argument[0]", "Argument[2]", "taint", "df-generated"] + - ["Internal.TypeSystem", "VirtualMethodAlgorithm", True, "ResolveVariantInterfaceMethodToDefaultImplementationOnType", "(Internal.TypeSystem.MethodDesc,Internal.TypeSystem.TypeDesc,Internal.TypeSystem.MethodDesc)", "", "Argument[1]", "Argument[2]", "taint", "df-generated"] - ["Internal.TypeSystem", "VirtualMethodAlgorithm", True, "ResolveVariantInterfaceMethodToVirtualMethodOnType", "(Internal.TypeSystem.MethodDesc,Internal.TypeSystem.TypeDesc)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"] - addsTo: pack: codeql/csharp-all @@ -575,6 +572,7 @@ extensions: - ["Internal.TypeSystem", "MarshalAsDescriptor", "get_SizeConst", "()", "summary", "df-generated"] - ["Internal.TypeSystem", "MarshalAsDescriptor", "get_SizeParamIndex", "()", "summary", "df-generated"] - ["Internal.TypeSystem", "MarshalAsDescriptor", "get_Type", "()", "summary", "df-generated"] + - ["Internal.TypeSystem", "MetadataFieldLayoutAlgorithm", "AlignBaseOffsetIfNecessary", "(Internal.TypeSystem.MetadataType,Internal.TypeSystem.LayoutInt,System.Boolean,System.Boolean)", "summary", "df-generated"] - ["Internal.TypeSystem", "MetadataFieldLayoutAlgorithm", "ComputeAutoFieldLayout", "(Internal.TypeSystem.MetadataType,System.Int32)", "summary", "df-generated"] - ["Internal.TypeSystem", "MetadataFieldLayoutAlgorithm", "ComputeContainsGCPointers", "(Internal.TypeSystem.DefType)", "summary", "df-generated"] - ["Internal.TypeSystem", "MetadataFieldLayoutAlgorithm", "ComputeExplicitFieldLayout", "(Internal.TypeSystem.MetadataType,System.Int32)", "summary", "df-generated"] @@ -583,6 +581,8 @@ extensions: - ["Internal.TypeSystem", "MetadataFieldLayoutAlgorithm", "ComputeSequentialFieldLayout", "(Internal.TypeSystem.MetadataType,System.Int32)", "summary", "df-generated"] - ["Internal.TypeSystem", "MetadataFieldLayoutAlgorithm", "ComputeStaticFieldLayout", "(Internal.TypeSystem.DefType,Internal.TypeSystem.StaticLayoutKind)", "summary", "df-generated"] - ["Internal.TypeSystem", "MetadataFieldLayoutAlgorithm", "ComputeValueTypeShapeCharacteristics", "(Internal.TypeSystem.DefType)", "summary", "df-generated"] + - ["Internal.TypeSystem", "MetadataFieldLayoutAlgorithm", "FinalizeRuntimeSpecificStaticFieldLayout", "(Internal.TypeSystem.TypeSystemContext,Internal.TypeSystem.ComputedStaticFieldLayout)", "summary", "df-generated"] + - ["Internal.TypeSystem", "MetadataFieldLayoutAlgorithm", "PrepareRuntimeSpecificStaticFieldLayout", "(Internal.TypeSystem.TypeSystemContext,Internal.TypeSystem.ComputedStaticFieldLayout)", "summary", "df-generated"] - ["Internal.TypeSystem", "MetadataType", "FindMethodsImplWithMatchingDeclName", "(System.String)", "summary", "df-generated"] - ["Internal.TypeSystem", "MetadataType", "GetClassLayout", "()", "summary", "df-generated"] - ["Internal.TypeSystem", "MetadataType", "GetInlineArrayLength", "()", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/Microsoft.Diagnostics.Tools.Pgo.model.yml b/csharp/ql/lib/ext/generated/Microsoft.Diagnostics.Tools.Pgo.model.yml index b80511d28af..0fd21717944 100644 --- a/csharp/ql/lib/ext/generated/Microsoft.Diagnostics.Tools.Pgo.model.yml +++ b/csharp/ql/lib/ext/generated/Microsoft.Diagnostics.Tools.Pgo.model.yml @@ -20,9 +20,7 @@ extensions: - ["Microsoft.Diagnostics.Tools.Pgo", "FlowSmoothing", False, "MapNodes", "(System.Func)", "", "Argument[0].ReturnValue", "ReturnValue.Element.Property[System.Collections.Generic.KeyValuePair`2.Value]", "value", "dfc-generated"] - ["Microsoft.Diagnostics.Tools.Pgo", "KeyValueMap", False, "KeyValueMap", "(TKey[],TValue[])", "", "Argument[1]", "Argument[this].SyntheticField[Microsoft.Diagnostics.Tools.Pgo.KeyValueMap`2._values]", "value", "dfc-generated"] - ["Microsoft.Diagnostics.Tools.Pgo", "KeyValueMap", False, "LookupRange", "(TKey,TKey)", "", "Argument[this].SyntheticField[Microsoft.Diagnostics.Tools.Pgo.KeyValueMap`2._values].Element", "ReturnValue.Element", "value", "dfc-generated"] - - ["Microsoft.Diagnostics.Tools.Pgo", "KeyValueMap", False, "TryLookup", "(TKey,TValue)", "", "Argument[this].SyntheticField[Microsoft.Diagnostics.Tools.Pgo.KeyValueMap`2._values].Element", "ReturnValue", "value", "dfc-generated"] - - ["Microsoft.Diagnostics.Tools.Pgo", "LbrTraceEventData32", False, "Entries", "(Microsoft.Diagnostics.Tools.Pgo.LbrTraceEventData32,System.Int32)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["Microsoft.Diagnostics.Tools.Pgo", "LbrTraceEventData64", False, "Entries", "(Microsoft.Diagnostics.Tools.Pgo.LbrTraceEventData64,System.Int32)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] + - ["Microsoft.Diagnostics.Tools.Pgo", "KeyValueMap", False, "TryLookup", "(TKey,TValue)", "", "Argument[this].SyntheticField[Microsoft.Diagnostics.Tools.Pgo.KeyValueMap`2._values].Element", "Argument[1]", "value", "dfc-generated"] - ["Microsoft.Diagnostics.Tools.Pgo", "MinimumCostCirculation", False, "FindBellmanFordCycle", "(Microsoft.Diagnostics.Tools.Pgo.Node)", "", "Argument[0].Field[Microsoft.Diagnostics.Tools.Pgo.Node.MetaData].Field[Microsoft.Diagnostics.Tools.Pgo.NodeMetaData.PredEdge]", "ReturnValue.Property[System.Tuple`2.Item1].Element", "value", "dfc-generated"] - ["Microsoft.Diagnostics.Tools.Pgo", "Node", False, "AddInEdge", "(Microsoft.Diagnostics.Tools.Pgo.Edge)", "", "Argument[0]", "Argument[this].Field[Microsoft.Diagnostics.Tools.Pgo.Node.InEdgeList].Element", "value", "dfc-generated"] - ["Microsoft.Diagnostics.Tools.Pgo", "Node", False, "AddOutEdge", "(Microsoft.Diagnostics.Tools.Pgo.Edge)", "", "Argument[0]", "Argument[this].Field[Microsoft.Diagnostics.Tools.Pgo.Node.OutEdgeList].Element", "value", "dfc-generated"] @@ -41,6 +39,8 @@ extensions: - ["Microsoft.Diagnostics.Tools.Pgo", "FlowSmoothing", "Perform", "(System.Int32)", "summary", "df-generated"] - ["Microsoft.Diagnostics.Tools.Pgo", "LbrEntry32", "ToString", "()", "summary", "df-generated"] - ["Microsoft.Diagnostics.Tools.Pgo", "LbrEntry64", "ToString", "()", "summary", "df-generated"] + - ["Microsoft.Diagnostics.Tools.Pgo", "LbrTraceEventData32", "Entries", "(Microsoft.Diagnostics.Tools.Pgo.LbrTraceEventData32,System.Int32)", "summary", "df-generated"] + - ["Microsoft.Diagnostics.Tools.Pgo", "LbrTraceEventData64", "Entries", "(Microsoft.Diagnostics.Tools.Pgo.LbrTraceEventData64,System.Int32)", "summary", "df-generated"] - ["Microsoft.Diagnostics.Tools.Pgo", "MinimumCostCirculation", "FindMinCostCirculation", "(Microsoft.Diagnostics.Tools.Pgo.CirculationGraph,System.Int32)", "summary", "df-generated"] - ["Microsoft.Diagnostics.Tools.Pgo", "MinimumCostCirculation", "FindNegativeCycle", "(Microsoft.Diagnostics.Tools.Pgo.CirculationGraph)", "summary", "df-generated"] - ["Microsoft.Diagnostics.Tools.Pgo", "Node", "NetInFlow", "()", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/Microsoft.Extensions.Configuration.Binder.SourceGeneration.model.yml b/csharp/ql/lib/ext/generated/Microsoft.Extensions.Configuration.Binder.SourceGeneration.model.yml index 3896f91e4b4..feff9830f60 100644 --- a/csharp/ql/lib/ext/generated/Microsoft.Extensions.Configuration.Binder.SourceGeneration.model.yml +++ b/csharp/ql/lib/ext/generated/Microsoft.Extensions.Configuration.Binder.SourceGeneration.model.yml @@ -6,14 +6,9 @@ extensions: data: - ["Microsoft.Extensions.Configuration.Binder.SourceGeneration", "BindingExtensions", False, "AsConfigWithChildren", "(Microsoft.Extensions.Configuration.IConfiguration)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["Microsoft.Extensions.Configuration.Binder.SourceGeneration", "BindingExtensions", False, "BindCore", "(Microsoft.Extensions.Configuration.IConfiguration,Microsoft.Extensions.Logging.Console.ConsoleFormatterOptions,System.Boolean,Microsoft.Extensions.Configuration.BinderOptions)", "", "Argument[0]", "Argument[1].Property[Microsoft.Extensions.Logging.Console.ConsoleFormatterOptions.TimestampFormat]", "taint", "dfc-generated"] - - ["Microsoft.Extensions.Configuration.Binder.SourceGeneration", "BindingExtensions", False, "BindCore", "(Microsoft.Extensions.Configuration.IConfiguration,Microsoft.Extensions.Logging.Console.ConsoleFormatterOptions,System.Boolean,Microsoft.Extensions.Configuration.BinderOptions)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["Microsoft.Extensions.Configuration.Binder.SourceGeneration", "BindingExtensions", False, "BindCore", "(Microsoft.Extensions.Configuration.IConfiguration,Microsoft.Extensions.Logging.Console.ConsoleLoggerOptions,System.Boolean,Microsoft.Extensions.Configuration.BinderOptions)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] + - ["Microsoft.Extensions.Configuration.Binder.SourceGeneration", "BindingExtensions", False, "BindCore", "(Microsoft.Extensions.Configuration.IConfiguration,Microsoft.Extensions.Logging.Console.ConsoleLoggerOptions,System.Boolean,Microsoft.Extensions.Configuration.BinderOptions)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] - ["Microsoft.Extensions.Configuration.Binder.SourceGeneration", "BindingExtensions", False, "BindCore", "(Microsoft.Extensions.Configuration.IConfiguration,Microsoft.Extensions.Logging.Console.JsonConsoleFormatterOptions,System.Boolean,Microsoft.Extensions.Configuration.BinderOptions)", "", "Argument[0]", "Argument[1].Property[Microsoft.Extensions.Logging.Console.ConsoleFormatterOptions.TimestampFormat]", "taint", "dfc-generated"] - - ["Microsoft.Extensions.Configuration.Binder.SourceGeneration", "BindingExtensions", False, "BindCore", "(Microsoft.Extensions.Configuration.IConfiguration,Microsoft.Extensions.Logging.Console.JsonConsoleFormatterOptions,System.Boolean,Microsoft.Extensions.Configuration.BinderOptions)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - ["Microsoft.Extensions.Configuration.Binder.SourceGeneration", "BindingExtensions", False, "BindCore", "(Microsoft.Extensions.Configuration.IConfiguration,Microsoft.Extensions.Logging.Console.SimpleConsoleFormatterOptions,System.Boolean,Microsoft.Extensions.Configuration.BinderOptions)", "", "Argument[0]", "Argument[1].Property[Microsoft.Extensions.Logging.Console.ConsoleFormatterOptions.TimestampFormat]", "taint", "dfc-generated"] - - ["Microsoft.Extensions.Configuration.Binder.SourceGeneration", "BindingExtensions", False, "BindCore", "(Microsoft.Extensions.Configuration.IConfiguration,Microsoft.Extensions.Logging.Console.SimpleConsoleFormatterOptions,System.Boolean,Microsoft.Extensions.Configuration.BinderOptions)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["Microsoft.Extensions.Configuration.Binder.SourceGeneration", "BindingExtensions", False, "BindCore", "(Microsoft.Extensions.Configuration.IConfiguration,System.Text.Encodings.Web.JavaScriptEncoder,System.Boolean,Microsoft.Extensions.Configuration.BinderOptions)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["Microsoft.Extensions.Configuration.Binder.SourceGeneration", "BindingExtensions", False, "BindCore", "(Microsoft.Extensions.Configuration.IConfiguration,System.Text.Json.JsonWriterOptions,System.Boolean,Microsoft.Extensions.Configuration.BinderOptions)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - ["Microsoft.Extensions.Configuration.Binder.SourceGeneration", "BindingExtensions", False, "Bind_ConsoleFormatterOptions", "(Microsoft.Extensions.Configuration.IConfiguration,System.Object)", "", "Argument[0]", "Argument[1].Property[Microsoft.Extensions.Logging.Console.ConsoleFormatterOptions.TimestampFormat]", "taint", "dfc-generated"] - ["Microsoft.Extensions.Configuration.Binder.SourceGeneration", "BindingExtensions", False, "Bind_ConsoleLoggerOptions", "(Microsoft.Extensions.Configuration.IConfiguration,System.Object)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] - ["Microsoft.Extensions.Configuration.Binder.SourceGeneration", "BindingExtensions", False, "Bind_JsonConsoleFormatterOptions", "(Microsoft.Extensions.Configuration.IConfiguration,System.Object)", "", "Argument[0]", "Argument[1].Property[Microsoft.Extensions.Logging.Console.ConsoleFormatterOptions.TimestampFormat]", "taint", "dfc-generated"] @@ -35,6 +30,8 @@ extensions: pack: codeql/csharp-all extensible: neutralModel data: + - ["Microsoft.Extensions.Configuration.Binder.SourceGeneration", "BindingExtensions", "BindCore", "(Microsoft.Extensions.Configuration.IConfiguration,System.Text.Encodings.Web.JavaScriptEncoder,System.Boolean,Microsoft.Extensions.Configuration.BinderOptions)", "summary", "df-generated"] + - ["Microsoft.Extensions.Configuration.Binder.SourceGeneration", "BindingExtensions", "BindCore", "(Microsoft.Extensions.Configuration.IConfiguration,System.Text.Json.JsonWriterOptions,System.Boolean,Microsoft.Extensions.Configuration.BinderOptions)", "summary", "df-generated"] - ["Microsoft.Extensions.Configuration.Binder.SourceGeneration", "BindingExtensions", "GetValueCore", "(Microsoft.Extensions.Configuration.IConfiguration,System.Type,System.String)", "summary", "df-generated"] - ["Microsoft.Extensions.Configuration.Binder.SourceGeneration", "BindingExtensions", "ParseBool", "(System.String,System.String)", "summary", "df-generated"] - ["Microsoft.Extensions.Configuration.Binder.SourceGeneration", "BindingExtensions", "ParseChar", "(System.String,System.String)", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/Microsoft.Extensions.Configuration.model.yml b/csharp/ql/lib/ext/generated/Microsoft.Extensions.Configuration.model.yml index abd92a302ae..0dddff60e78 100644 --- a/csharp/ql/lib/ext/generated/Microsoft.Extensions.Configuration.model.yml +++ b/csharp/ql/lib/ext/generated/Microsoft.Extensions.Configuration.model.yml @@ -7,7 +7,7 @@ extensions: - ["Microsoft.Extensions.Configuration", "ChainedBuilderExtensions", False, "AddConfiguration", "(Microsoft.Extensions.Configuration.IConfigurationBuilder,Microsoft.Extensions.Configuration.IConfiguration)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["Microsoft.Extensions.Configuration", "ChainedBuilderExtensions", False, "AddConfiguration", "(Microsoft.Extensions.Configuration.IConfigurationBuilder,Microsoft.Extensions.Configuration.IConfiguration,System.Boolean)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["Microsoft.Extensions.Configuration", "ChainedConfigurationProvider", False, "ChainedConfigurationProvider", "(Microsoft.Extensions.Configuration.ChainedConfigurationSource)", "", "Argument[0].Property[Microsoft.Extensions.Configuration.ChainedConfigurationSource.Configuration]", "Argument[this].SyntheticField[Microsoft.Extensions.Configuration.ChainedConfigurationProvider._config]", "value", "dfc-generated"] - - ["Microsoft.Extensions.Configuration", "ChainedConfigurationProvider", False, "TryGet", "(System.String,System.String)", "", "Argument[this].SyntheticField[Microsoft.Extensions.Configuration.ChainedConfigurationProvider._config]", "ReturnValue", "taint", "dfc-generated"] + - ["Microsoft.Extensions.Configuration", "ChainedConfigurationProvider", False, "TryGet", "(System.String,System.String)", "", "Argument[this].SyntheticField[Microsoft.Extensions.Configuration.ChainedConfigurationProvider._config]", "Argument[1]", "taint", "dfc-generated"] - ["Microsoft.Extensions.Configuration", "ChainedConfigurationProvider", False, "get_Configuration", "()", "", "Argument[this].SyntheticField[Microsoft.Extensions.Configuration.ChainedConfigurationProvider._config]", "ReturnValue", "value", "dfc-generated"] - ["Microsoft.Extensions.Configuration", "ConfigurationBinder", False, "Get", "(Microsoft.Extensions.Configuration.IConfiguration,System.Type)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["Microsoft.Extensions.Configuration", "ConfigurationBinder", False, "Get", "(Microsoft.Extensions.Configuration.IConfiguration)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/Microsoft.Extensions.Diagnostics.Metrics.model.yml b/csharp/ql/lib/ext/generated/Microsoft.Extensions.Diagnostics.Metrics.model.yml index 00fd3977b49..7d360bace1c 100644 --- a/csharp/ql/lib/ext/generated/Microsoft.Extensions.Diagnostics.Metrics.model.yml +++ b/csharp/ql/lib/ext/generated/Microsoft.Extensions.Diagnostics.Metrics.model.yml @@ -5,7 +5,7 @@ extensions: extensible: summaryModel data: - ["Microsoft.Extensions.Diagnostics.Metrics", "IMetricsListener", True, "Initialize", "(Microsoft.Extensions.Diagnostics.Metrics.IObservableInstrumentsSource)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["Microsoft.Extensions.Diagnostics.Metrics", "IMetricsListener", True, "InstrumentPublished", "(System.Diagnostics.Metrics.Instrument,System.Object)", "", "Argument[this]", "ReturnValue", "value", "dfc-generated"] + - ["Microsoft.Extensions.Diagnostics.Metrics", "IMetricsListener", True, "InstrumentPublished", "(System.Diagnostics.Metrics.Instrument,System.Object)", "", "Argument[this]", "Argument[1]", "value", "dfc-generated"] - ["Microsoft.Extensions.Diagnostics.Metrics", "MetricsBuilderConfigurationExtensions", False, "AddConfiguration", "(Microsoft.Extensions.Diagnostics.Metrics.IMetricsBuilder,Microsoft.Extensions.Configuration.IConfiguration)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["Microsoft.Extensions.Diagnostics.Metrics", "MetricsBuilderExtensions", False, "AddListener", "(Microsoft.Extensions.Diagnostics.Metrics.IMetricsBuilder,Microsoft.Extensions.Diagnostics.Metrics.IMetricsListener)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["Microsoft.Extensions.Diagnostics.Metrics", "MetricsBuilderExtensions", False, "AddListener", "(Microsoft.Extensions.Diagnostics.Metrics.IMetricsBuilder)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] diff --git a/csharp/ql/lib/ext/generated/Microsoft.Extensions.Primitives.model.yml b/csharp/ql/lib/ext/generated/Microsoft.Extensions.Primitives.model.yml index 001d2a74593..21b186db216 100644 --- a/csharp/ql/lib/ext/generated/Microsoft.Extensions.Primitives.model.yml +++ b/csharp/ql/lib/ext/generated/Microsoft.Extensions.Primitives.model.yml @@ -18,13 +18,12 @@ extensions: - ["Microsoft.Extensions.Primitives", "StringSegment", False, "ToString", "()", "", "Argument[this].Property[Microsoft.Extensions.Primitives.StringSegment.Buffer]", "ReturnValue", "taint", "dfc-generated"] - ["Microsoft.Extensions.Primitives", "StringSegment", False, "ToString", "()", "", "Argument[this].Property[Microsoft.Extensions.Primitives.StringSegment.Value]", "ReturnValue", "value", "dfc-generated"] - ["Microsoft.Extensions.Primitives", "StringSegment", False, "get_Value", "()", "", "Argument[this].Property[Microsoft.Extensions.Primitives.StringSegment.Buffer]", "ReturnValue", "taint", "dfc-generated"] - - ["Microsoft.Extensions.Primitives", "StringTokenizer+Enumerator", False, "Enumerator", "(Microsoft.Extensions.Primitives.StringTokenizer)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] + - ["Microsoft.Extensions.Primitives", "StringTokenizer+Enumerator", False, "Enumerator", "(Microsoft.Extensions.Primitives.StringTokenizer)", "", "Argument[0].Element", "Argument[this]", "taint", "df-generated"] - ["Microsoft.Extensions.Primitives", "StringTokenizer+Enumerator", False, "get_Current", "()", "", "Argument[this].Property[Microsoft.Extensions.Primitives.StringTokenizer+Enumerator.Current]", "ReturnValue", "value", "dfc-generated"] - ["Microsoft.Extensions.Primitives", "StringTokenizer", False, "GetEnumerator", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["Microsoft.Extensions.Primitives", "StringTokenizer", False, "StringTokenizer", "(Microsoft.Extensions.Primitives.StringSegment,System.Char[])", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["Microsoft.Extensions.Primitives", "StringTokenizer", False, "StringTokenizer", "(Microsoft.Extensions.Primitives.StringSegment,System.Char[])", "", "Argument[1].Element", "Argument[this]", "taint", "df-generated"] - ["Microsoft.Extensions.Primitives", "StringTokenizer", False, "StringTokenizer", "(System.String,System.Char[])", "", "Argument[1].Element", "Argument[this]", "taint", "df-generated"] - - ["Microsoft.Extensions.Primitives", "StringValues+Enumerator", False, "Enumerator", "(Microsoft.Extensions.Primitives.StringValues)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["Microsoft.Extensions.Primitives", "StringValues+Enumerator", False, "get_Current", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - addsTo: pack: codeql/csharp-all @@ -87,6 +86,7 @@ extensions: - ["Microsoft.Extensions.Primitives", "StringTokenizer+Enumerator", "MoveNext", "()", "summary", "df-generated"] - ["Microsoft.Extensions.Primitives", "StringTokenizer+Enumerator", "Reset", "()", "summary", "df-generated"] - ["Microsoft.Extensions.Primitives", "StringValues+Enumerator", "Dispose", "()", "summary", "df-generated"] + - ["Microsoft.Extensions.Primitives", "StringValues+Enumerator", "Enumerator", "(Microsoft.Extensions.Primitives.StringValues)", "summary", "df-generated"] - ["Microsoft.Extensions.Primitives", "StringValues+Enumerator", "MoveNext", "()", "summary", "df-generated"] - ["Microsoft.Extensions.Primitives", "StringValues+Enumerator", "Reset", "()", "summary", "df-generated"] - ["Microsoft.Extensions.Primitives", "StringValues", "op_Equality", "(Microsoft.Extensions.Primitives.StringValues,Microsoft.Extensions.Primitives.StringValues)", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/Microsoft.Interop.model.yml b/csharp/ql/lib/ext/generated/Microsoft.Interop.model.yml index 906a985116b..4981aa7e92b 100644 --- a/csharp/ql/lib/ext/generated/Microsoft.Interop.model.yml +++ b/csharp/ql/lib/ext/generated/Microsoft.Interop.model.yml @@ -19,11 +19,11 @@ extensions: - ["Microsoft.Interop", "ByValueMarshalKindSupportDescriptor", False, "ByValueMarshalKindSupportDescriptor", "(Microsoft.Interop.ByValueMarshalKindSupportInfo,Microsoft.Interop.ByValueMarshalKindSupportInfo,Microsoft.Interop.ByValueMarshalKindSupportInfo,Microsoft.Interop.ByValueMarshalKindSupportInfo)", "", "Argument[1]", "Argument[this].Property[Microsoft.Interop.ByValueMarshalKindSupportDescriptor.InSupport]", "value", "dfc-generated"] - ["Microsoft.Interop", "ByValueMarshalKindSupportDescriptor", False, "ByValueMarshalKindSupportDescriptor", "(Microsoft.Interop.ByValueMarshalKindSupportInfo,Microsoft.Interop.ByValueMarshalKindSupportInfo,Microsoft.Interop.ByValueMarshalKindSupportInfo,Microsoft.Interop.ByValueMarshalKindSupportInfo)", "", "Argument[2]", "Argument[this].Property[Microsoft.Interop.ByValueMarshalKindSupportDescriptor.OutSupport]", "value", "dfc-generated"] - ["Microsoft.Interop", "ByValueMarshalKindSupportDescriptor", False, "ByValueMarshalKindSupportDescriptor", "(Microsoft.Interop.ByValueMarshalKindSupportInfo,Microsoft.Interop.ByValueMarshalKindSupportInfo,Microsoft.Interop.ByValueMarshalKindSupportInfo,Microsoft.Interop.ByValueMarshalKindSupportInfo)", "", "Argument[3]", "Argument[this].Property[Microsoft.Interop.ByValueMarshalKindSupportDescriptor.InOutSupport]", "value", "dfc-generated"] - - ["Microsoft.Interop", "ByValueMarshalKindSupportDescriptor", False, "GetSupport", "(Microsoft.Interop.ByValueContentsMarshalKind,Microsoft.Interop.TypePositionInfo,Microsoft.Interop.GeneratorDiagnostic)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["Microsoft.Interop", "ByValueMarshalKindSupportDescriptor", False, "GetSupport", "(Microsoft.Interop.ByValueContentsMarshalKind,Microsoft.Interop.TypePositionInfo,Microsoft.Interop.GeneratorDiagnostic)", "", "Argument[this]", "Argument[2]", "taint", "df-generated"] - ["Microsoft.Interop", "ByValueMarshalKindSupportInfo", False, "ByValueMarshalKindSupportInfo", "(Microsoft.Interop.ByValueMarshalKindSupport,System.String)", "", "Argument[1]", "Argument[this].Property[Microsoft.Interop.ByValueMarshalKindSupportInfo.details]", "value", "dfc-generated"] - - ["Microsoft.Interop", "ByValueMarshalKindSupportInfo", False, "GetSupport", "(Microsoft.Interop.TypePositionInfo,Microsoft.Interop.GeneratorDiagnostic)", "", "Argument[this].Property[Microsoft.Interop.ByValueMarshalKindSupportInfo.details]", "ReturnValue.Property[Microsoft.Interop.GeneratorDiagnostic+NotRecommended.Details]", "value", "dfc-generated"] - - ["Microsoft.Interop", "ByValueMarshalKindSupportInfo", False, "GetSupport", "(Microsoft.Interop.TypePositionInfo,Microsoft.Interop.GeneratorDiagnostic)", "", "Argument[this].Property[Microsoft.Interop.ByValueMarshalKindSupportInfo.details]", "ReturnValue.Property[Microsoft.Interop.GeneratorDiagnostic+NotSupported.NotSupportedDetails]", "value", "dfc-generated"] - - ["Microsoft.Interop", "ByValueMarshalKindSupportInfo", False, "GetSupport", "(Microsoft.Interop.TypePositionInfo,Microsoft.Interop.GeneratorDiagnostic)", "", "Argument[this].Property[Microsoft.Interop.ByValueMarshalKindSupportInfo.details]", "ReturnValue.Property[Microsoft.Interop.GeneratorDiagnostic+UnnecessaryData.UnnecessaryDataDetails]", "value", "dfc-generated"] + - ["Microsoft.Interop", "ByValueMarshalKindSupportInfo", False, "GetSupport", "(Microsoft.Interop.TypePositionInfo,Microsoft.Interop.GeneratorDiagnostic)", "", "Argument[this].Property[Microsoft.Interop.ByValueMarshalKindSupportInfo.details]", "Argument[1].Property[Microsoft.Interop.GeneratorDiagnostic+NotRecommended.Details]", "value", "dfc-generated"] + - ["Microsoft.Interop", "ByValueMarshalKindSupportInfo", False, "GetSupport", "(Microsoft.Interop.TypePositionInfo,Microsoft.Interop.GeneratorDiagnostic)", "", "Argument[this].Property[Microsoft.Interop.ByValueMarshalKindSupportInfo.details]", "Argument[1].Property[Microsoft.Interop.GeneratorDiagnostic+NotSupported.NotSupportedDetails]", "value", "dfc-generated"] + - ["Microsoft.Interop", "ByValueMarshalKindSupportInfo", False, "GetSupport", "(Microsoft.Interop.TypePositionInfo,Microsoft.Interop.GeneratorDiagnostic)", "", "Argument[this].Property[Microsoft.Interop.ByValueMarshalKindSupportInfo.details]", "Argument[1].Property[Microsoft.Interop.GeneratorDiagnostic+UnnecessaryData.UnnecessaryDataDetails]", "value", "dfc-generated"] - ["Microsoft.Interop", "CharMarshallingGeneratorResolver", False, "CharMarshallingGeneratorResolver", "(System.Boolean,System.String)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - ["Microsoft.Interop", "CharMarshallingInfoProvider", False, "CharMarshallingInfoProvider", "(Microsoft.Interop.DefaultMarshallingInfo)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["Microsoft.Interop", "CollectionExtensions", False, "ToSequenceEqualImmutableArray", "(System.Collections.Generic.IEnumerable,System.Collections.Generic.IEqualityComparer)", "", "Argument[1]", "ReturnValue.Property[Microsoft.Interop.SequenceEqualImmutableArray`1.Comparer]", "value", "dfc-generated"] @@ -80,8 +80,8 @@ extensions: - ["Microsoft.Interop", "DiagnosticOr", False, "WithValue", "(T)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["Microsoft.Interop", "DiagnosticOr", True, "get_Diagnostics", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["Microsoft.Interop", "DiagnosticOr", True, "get_Value", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["Microsoft.Interop", "ElementInfoProviderExtensions", False, "TryGetInfoForElementName", "(Microsoft.Interop.IElementInfoProvider,Microsoft.CodeAnalysis.AttributeData,System.String,Microsoft.Interop.GetMarshallingInfoCallback,Microsoft.Interop.TypePositionInfo)", "", "Argument[3].ReturnValue", "ReturnValue.Property[Microsoft.Interop.TypePositionInfo.MarshallingAttributeInfo]", "value", "dfc-generated"] - - ["Microsoft.Interop", "ElementInfoProviderExtensions", False, "TryGetInfoForParamIndex", "(Microsoft.Interop.IElementInfoProvider,Microsoft.CodeAnalysis.AttributeData,System.Int32,Microsoft.Interop.GetMarshallingInfoCallback,Microsoft.Interop.TypePositionInfo)", "", "Argument[3].ReturnValue", "ReturnValue.Property[Microsoft.Interop.TypePositionInfo.MarshallingAttributeInfo]", "value", "dfc-generated"] + - ["Microsoft.Interop", "ElementInfoProviderExtensions", False, "TryGetInfoForElementName", "(Microsoft.Interop.IElementInfoProvider,Microsoft.CodeAnalysis.AttributeData,System.String,Microsoft.Interop.GetMarshallingInfoCallback,Microsoft.Interop.TypePositionInfo)", "", "Argument[3].ReturnValue", "Argument[4].Property[Microsoft.Interop.TypePositionInfo.MarshallingAttributeInfo]", "value", "dfc-generated"] + - ["Microsoft.Interop", "ElementInfoProviderExtensions", False, "TryGetInfoForParamIndex", "(Microsoft.Interop.IElementInfoProvider,Microsoft.CodeAnalysis.AttributeData,System.Int32,Microsoft.Interop.GetMarshallingInfoCallback,Microsoft.Interop.TypePositionInfo)", "", "Argument[3].ReturnValue", "Argument[4].Property[Microsoft.Interop.TypePositionInfo.MarshallingAttributeInfo]", "value", "dfc-generated"] - ["Microsoft.Interop", "Forwarder", False, "AsNativeType", "(Microsoft.Interop.TypePositionInfo)", "", "Argument[0].Property[Microsoft.Interop.TypePositionInfo.ManagedType]", "ReturnValue", "value", "dfc-generated"] - ["Microsoft.Interop", "GeneratorDiagnostic+NotRecommended", False, "ToDiagnosticInfo", "(Microsoft.CodeAnalysis.DiagnosticDescriptor,Microsoft.CodeAnalysis.Location,System.String)", "", "Argument[0]", "ReturnValue.Property[Microsoft.Interop.DiagnosticInfo.Descriptor]", "value", "dfc-generated"] - ["Microsoft.Interop", "GeneratorDiagnostic+NotRecommended", False, "ToDiagnosticInfo", "(Microsoft.CodeAnalysis.DiagnosticDescriptor,Microsoft.CodeAnalysis.Location,System.String)", "", "Argument[1]", "ReturnValue.Property[Microsoft.Interop.DiagnosticInfo.Location]", "value", "dfc-generated"] @@ -118,11 +118,11 @@ extensions: - ["Microsoft.Interop", "ManualTypeMarshallingHelper", False, "TryGetMarshallersFromEntryTypeIgnoringElements", "(Microsoft.CodeAnalysis.INamedTypeSymbol,Microsoft.CodeAnalysis.ITypeSymbol,Microsoft.CodeAnalysis.Compilation,System.Action,System.Nullable)", "", "Argument[0].Property[Microsoft.CodeAnalysis.INamedTypeSymbol.OriginalDefinition]", "Argument[3].Parameter[0]", "value", "dfc-generated"] - ["Microsoft.Interop", "ManualTypeMarshallingHelper", False, "TryGetValueMarshallersFromEntryType", "(Microsoft.CodeAnalysis.INamedTypeSymbol,Microsoft.CodeAnalysis.ITypeSymbol,Microsoft.CodeAnalysis.Compilation,System.Action,System.Nullable)", "", "Argument[0].Property[Microsoft.CodeAnalysis.INamedTypeSymbol.OriginalDefinition]", "Argument[3].Parameter[0]", "value", "dfc-generated"] - ["Microsoft.Interop", "ManualTypeMarshallingHelper", False, "TryResolveEntryPointType", "(Microsoft.CodeAnalysis.INamedTypeSymbol,Microsoft.CodeAnalysis.ITypeSymbol,System.Boolean,System.Action,Microsoft.CodeAnalysis.ITypeSymbol)", "", "Argument[0].Property[Microsoft.CodeAnalysis.INamedTypeSymbol.OriginalDefinition]", "Argument[3].Parameter[0]", "value", "dfc-generated"] - - ["Microsoft.Interop", "ManualTypeMarshallingHelper", False, "TryResolveEntryPointType", "(Microsoft.CodeAnalysis.INamedTypeSymbol,Microsoft.CodeAnalysis.ITypeSymbol,System.Boolean,System.Action,Microsoft.CodeAnalysis.ITypeSymbol)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] + - ["Microsoft.Interop", "ManualTypeMarshallingHelper", False, "TryResolveEntryPointType", "(Microsoft.CodeAnalysis.INamedTypeSymbol,Microsoft.CodeAnalysis.ITypeSymbol,System.Boolean,System.Action,Microsoft.CodeAnalysis.ITypeSymbol)", "", "Argument[1]", "Argument[4]", "value", "dfc-generated"] - ["Microsoft.Interop", "ManualTypeMarshallingHelper", False, "TryResolveManagedType", "(Microsoft.CodeAnalysis.INamedTypeSymbol,Microsoft.CodeAnalysis.ITypeSymbol,System.Boolean,System.Action,Microsoft.CodeAnalysis.ITypeSymbol)", "", "Argument[0].Property[Microsoft.CodeAnalysis.INamedTypeSymbol.OriginalDefinition]", "Argument[3].Parameter[0]", "value", "dfc-generated"] - - ["Microsoft.Interop", "ManualTypeMarshallingHelper", False, "TryResolveManagedType", "(Microsoft.CodeAnalysis.INamedTypeSymbol,Microsoft.CodeAnalysis.ITypeSymbol,System.Boolean,System.Action,Microsoft.CodeAnalysis.ITypeSymbol)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] + - ["Microsoft.Interop", "ManualTypeMarshallingHelper", False, "TryResolveManagedType", "(Microsoft.CodeAnalysis.INamedTypeSymbol,Microsoft.CodeAnalysis.ITypeSymbol,System.Boolean,System.Action,Microsoft.CodeAnalysis.ITypeSymbol)", "", "Argument[1]", "Argument[4]", "value", "dfc-generated"] - ["Microsoft.Interop", "ManualTypeMarshallingHelper", False, "TryResolveMarshallerType", "(Microsoft.CodeAnalysis.INamedTypeSymbol,Microsoft.CodeAnalysis.ITypeSymbol,System.Action,Microsoft.CodeAnalysis.ITypeSymbol)", "", "Argument[0].Property[Microsoft.CodeAnalysis.INamedTypeSymbol.OriginalDefinition]", "Argument[2].Parameter[0]", "value", "dfc-generated"] - - ["Microsoft.Interop", "ManualTypeMarshallingHelper", False, "TryResolveMarshallerType", "(Microsoft.CodeAnalysis.INamedTypeSymbol,Microsoft.CodeAnalysis.ITypeSymbol,System.Action,Microsoft.CodeAnalysis.ITypeSymbol)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] + - ["Microsoft.Interop", "ManualTypeMarshallingHelper", False, "TryResolveMarshallerType", "(Microsoft.CodeAnalysis.INamedTypeSymbol,Microsoft.CodeAnalysis.ITypeSymbol,System.Action,Microsoft.CodeAnalysis.ITypeSymbol)", "", "Argument[1]", "Argument[3]", "value", "dfc-generated"] - ["Microsoft.Interop", "MarshalAsArrayInfo", False, "MarshalAsArrayInfo", "(System.Runtime.InteropServices.UnmanagedType,Microsoft.Interop.CharEncoding,System.Runtime.InteropServices.UnmanagedType,Microsoft.Interop.CountInfo)", "", "Argument[3]", "Argument[this].Property[Microsoft.Interop.MarshalAsArrayInfo.CountInfo]", "value", "dfc-generated"] - ["Microsoft.Interop", "MarshalAsAttributeParser", False, "MarshalAsAttributeParser", "(Microsoft.Interop.GeneratorDiagnosticsBag,Microsoft.Interop.DefaultMarshallingInfo)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["Microsoft.Interop", "MarshalAsAttributeParser", False, "MarshalAsAttributeParser", "(Microsoft.Interop.GeneratorDiagnosticsBag,Microsoft.Interop.DefaultMarshallingInfo)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] @@ -156,9 +156,9 @@ extensions: - ["Microsoft.Interop", "MethodSignatureDiagnosticLocations", False, "MethodSignatureDiagnosticLocations", "(System.String,System.Collections.Immutable.ImmutableArray,Microsoft.CodeAnalysis.Location)", "", "Argument[1]", "Argument[this].Property[Microsoft.Interop.MethodSignatureDiagnosticLocations.ManagedParameterLocations]", "value", "dfc-generated"] - ["Microsoft.Interop", "MethodSignatureDiagnosticLocations", False, "MethodSignatureDiagnosticLocations", "(System.String,System.Collections.Immutable.ImmutableArray,Microsoft.CodeAnalysis.Location)", "", "Argument[2]", "Argument[this].Property[Microsoft.Interop.MethodSignatureDiagnosticLocations.FallbackLocation]", "value", "dfc-generated"] - ["Microsoft.Interop", "MethodSignatureElementInfoProvider", False, "MethodSignatureElementInfoProvider", "(Microsoft.CodeAnalysis.Compilation,Microsoft.Interop.GeneratorDiagnosticsBag,Microsoft.CodeAnalysis.IMethodSymbol,System.Collections.Immutable.ImmutableArray)", "", "Argument[2]", "Argument[this].SyntheticField[Microsoft.Interop.MethodSignatureElementInfoProvider._method]", "value", "dfc-generated"] - - ["Microsoft.Interop", "MethodSignatureElementInfoProvider", False, "TryGetInfoForElementName", "(Microsoft.CodeAnalysis.AttributeData,System.String,Microsoft.Interop.GetMarshallingInfoCallback,Microsoft.Interop.IElementInfoProvider,Microsoft.Interop.TypePositionInfo)", "", "Argument[2].ReturnValue", "ReturnValue.Property[Microsoft.Interop.TypePositionInfo.MarshallingAttributeInfo]", "value", "dfc-generated"] + - ["Microsoft.Interop", "MethodSignatureElementInfoProvider", False, "TryGetInfoForElementName", "(Microsoft.CodeAnalysis.AttributeData,System.String,Microsoft.Interop.GetMarshallingInfoCallback,Microsoft.Interop.IElementInfoProvider,Microsoft.Interop.TypePositionInfo)", "", "Argument[2].ReturnValue", "Argument[4].Property[Microsoft.Interop.TypePositionInfo.MarshallingAttributeInfo]", "value", "dfc-generated"] - ["Microsoft.Interop", "MethodSignatureElementInfoProvider", False, "TryGetInfoForElementName", "(Microsoft.CodeAnalysis.AttributeData,System.String,Microsoft.Interop.GetMarshallingInfoCallback,Microsoft.Interop.IElementInfoProvider,Microsoft.Interop.TypePositionInfo)", "", "Argument[this].SyntheticField[Microsoft.Interop.MethodSignatureElementInfoProvider._method].Property[Microsoft.CodeAnalysis.IMethodSymbol.ReturnType]", "Argument[2].Parameter[0]", "value", "dfc-generated"] - - ["Microsoft.Interop", "MethodSignatureElementInfoProvider", False, "TryGetInfoForParamIndex", "(Microsoft.CodeAnalysis.AttributeData,System.Int32,Microsoft.Interop.GetMarshallingInfoCallback,Microsoft.Interop.IElementInfoProvider,Microsoft.Interop.TypePositionInfo)", "", "Argument[2].ReturnValue", "ReturnValue.Property[Microsoft.Interop.TypePositionInfo.MarshallingAttributeInfo]", "value", "dfc-generated"] + - ["Microsoft.Interop", "MethodSignatureElementInfoProvider", False, "TryGetInfoForParamIndex", "(Microsoft.CodeAnalysis.AttributeData,System.Int32,Microsoft.Interop.GetMarshallingInfoCallback,Microsoft.Interop.IElementInfoProvider,Microsoft.Interop.TypePositionInfo)", "", "Argument[2].ReturnValue", "Argument[4].Property[Microsoft.Interop.TypePositionInfo.MarshallingAttributeInfo]", "value", "dfc-generated"] - ["Microsoft.Interop", "NativeLinearCollectionMarshallingInfo", False, "NativeLinearCollectionMarshallingInfo", "(Microsoft.Interop.ManagedTypeInfo,Microsoft.Interop.CustomTypeMarshallers,Microsoft.Interop.CountInfo,Microsoft.Interop.ManagedTypeInfo)", "", "Argument[2]", "Argument[this].Property[Microsoft.Interop.NativeLinearCollectionMarshallingInfo.ElementCountInfo]", "value", "dfc-generated"] - ["Microsoft.Interop", "NativeLinearCollectionMarshallingInfo", False, "NativeLinearCollectionMarshallingInfo", "(Microsoft.Interop.ManagedTypeInfo,Microsoft.Interop.CustomTypeMarshallers,Microsoft.Interop.CountInfo,Microsoft.Interop.ManagedTypeInfo)", "", "Argument[3]", "Argument[this].Property[Microsoft.Interop.NativeLinearCollectionMarshallingInfo.PlaceholderTypeParameter]", "value", "dfc-generated"] - ["Microsoft.Interop", "NativeMarshallingAttributeInfo", False, "NativeMarshallingAttributeInfo", "(Microsoft.Interop.ManagedTypeInfo,Microsoft.Interop.CustomTypeMarshallers)", "", "Argument[0]", "Argument[this].Property[Microsoft.Interop.NativeMarshallingAttributeInfo.EntryPointType]", "value", "dfc-generated"] @@ -191,8 +191,8 @@ extensions: - ["Microsoft.Interop", "StubIdentifierContext", True, "GetIdentifiers", "(Microsoft.Interop.TypePositionInfo)", "", "Argument[0].Property[Microsoft.Interop.TypePositionInfo.InstanceIdentifier]", "ReturnValue.Field[System.ValueTuple`2.Item2]", "taint", "dfc-generated"] - ["Microsoft.Interop", "SyntaxEquivalentNode", False, "SyntaxEquivalentNode", "(T)", "", "Argument[0]", "Argument[this].Property[Microsoft.Interop.SyntaxEquivalentNode`1.Node]", "value", "dfc-generated"] - ["Microsoft.Interop", "SyntaxExtensions", False, "AddToModifiers", "(Microsoft.CodeAnalysis.SyntaxTokenList,Microsoft.CodeAnalysis.CSharp.SyntaxKind)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["Microsoft.Interop", "SyntaxExtensions", False, "IsInPartialContext", "(Microsoft.CodeAnalysis.CSharp.Syntax.TypeDeclarationSyntax,System.Nullable)", "", "Argument[0].Property[Microsoft.CodeAnalysis.CSharp.Syntax.BaseTypeDeclarationSyntax.Identifier]", "ReturnValue", "value", "dfc-generated"] - - ["Microsoft.Interop", "SyntaxExtensions", False, "IsInPartialContext", "(Microsoft.CodeAnalysis.CSharp.Syntax.TypeDeclarationSyntax,System.Nullable)", "", "Argument[0].Property[Microsoft.CodeAnalysis.SyntaxNode.Parent].Property[Microsoft.CodeAnalysis.CSharp.Syntax.BaseTypeDeclarationSyntax.Identifier]", "ReturnValue", "value", "dfc-generated"] + - ["Microsoft.Interop", "SyntaxExtensions", False, "IsInPartialContext", "(Microsoft.CodeAnalysis.CSharp.Syntax.TypeDeclarationSyntax,System.Nullable)", "", "Argument[0].Property[Microsoft.CodeAnalysis.CSharp.Syntax.BaseTypeDeclarationSyntax.Identifier]", "Argument[1]", "value", "dfc-generated"] + - ["Microsoft.Interop", "SyntaxExtensions", False, "IsInPartialContext", "(Microsoft.CodeAnalysis.CSharp.Syntax.TypeDeclarationSyntax,System.Nullable)", "", "Argument[0].Property[Microsoft.CodeAnalysis.SyntaxNode.Parent].Property[Microsoft.CodeAnalysis.CSharp.Syntax.BaseTypeDeclarationSyntax.Identifier]", "Argument[1]", "value", "dfc-generated"] - ["Microsoft.Interop", "SyntaxExtensions", False, "NestFixedStatements", "(System.Collections.Immutable.ImmutableArray,Microsoft.CodeAnalysis.CSharp.Syntax.StatementSyntax)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - ["Microsoft.Interop", "SzArrayType", False, "SzArrayType", "(Microsoft.Interop.ManagedTypeInfo)", "", "Argument[0]", "Argument[this].Property[Microsoft.Interop.SzArrayType.ElementTypeInfo]", "value", "dfc-generated"] - ["Microsoft.Interop", "TypePositionInfo", False, "CreateForParameter", "(Microsoft.CodeAnalysis.IParameterSymbol,Microsoft.Interop.MarshallingInfo,Microsoft.CodeAnalysis.Compilation)", "", "Argument[0].Property[Microsoft.CodeAnalysis.ISymbol.Name]", "ReturnValue.Property[Microsoft.Interop.TypePositionInfo.InstanceIdentifier]", "value", "dfc-generated"] diff --git a/csharp/ql/lib/ext/generated/Microsoft.VisualBasic.CompilerServices.model.yml b/csharp/ql/lib/ext/generated/Microsoft.VisualBasic.CompilerServices.model.yml index 043830b1d67..5123bb49724 100644 --- a/csharp/ql/lib/ext/generated/Microsoft.VisualBasic.CompilerServices.model.yml +++ b/csharp/ql/lib/ext/generated/Microsoft.VisualBasic.CompilerServices.model.yml @@ -1,10 +1,5 @@ # THIS FILE IS AN AUTO-GENERATED MODELS AS DATA FILE. DO NOT EDIT. extensions: - - addsTo: - pack: codeql/csharp-all - extensible: summaryModel - data: - - ["Microsoft.VisualBasic.CompilerServices", "StringType", False, "MidStmtStr", "(System.String,System.Int32,System.Int32,System.String)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - addsTo: pack: codeql/csharp-all extensible: neutralModel @@ -197,6 +192,7 @@ extensions: - ["Microsoft.VisualBasic.CompilerServices", "StringType", "FromShort", "(System.Int16)", "summary", "df-generated"] - ["Microsoft.VisualBasic.CompilerServices", "StringType", "FromSingle", "(System.Single)", "summary", "df-generated"] - ["Microsoft.VisualBasic.CompilerServices", "StringType", "FromSingle", "(System.Single,System.Globalization.NumberFormatInfo)", "summary", "df-generated"] + - ["Microsoft.VisualBasic.CompilerServices", "StringType", "MidStmtStr", "(System.String,System.Int32,System.Int32,System.String)", "summary", "df-generated"] - ["Microsoft.VisualBasic.CompilerServices", "StringType", "StrCmp", "(System.String,System.String,System.Boolean)", "summary", "df-generated"] - ["Microsoft.VisualBasic.CompilerServices", "StringType", "StrLike", "(System.String,System.String,Microsoft.VisualBasic.CompareMethod)", "summary", "df-generated"] - ["Microsoft.VisualBasic.CompilerServices", "StringType", "StrLikeBinary", "(System.String,System.String)", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/Microsoft.VisualBasic.model.yml b/csharp/ql/lib/ext/generated/Microsoft.VisualBasic.model.yml index f471594f30f..4c9c289866a 100644 --- a/csharp/ql/lib/ext/generated/Microsoft.VisualBasic.model.yml +++ b/csharp/ql/lib/ext/generated/Microsoft.VisualBasic.model.yml @@ -4,12 +4,6 @@ extensions: pack: codeql/csharp-all extensible: summaryModel data: - - ["Microsoft.VisualBasic", "FileSystem", False, "FileGet", "(System.Int32,System.Array,System.Int64,System.Boolean,System.Boolean)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["Microsoft.VisualBasic", "FileSystem", False, "FileGet", "(System.Int32,System.String,System.Int64,System.Boolean)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["Microsoft.VisualBasic", "FileSystem", False, "FileGet", "(System.Int32,System.ValueType,System.Int64)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["Microsoft.VisualBasic", "FileSystem", False, "FileGetObject", "(System.Int32,System.Object,System.Int64)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["Microsoft.VisualBasic", "FileSystem", False, "Input", "(System.Int32,System.Object)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["Microsoft.VisualBasic", "FileSystem", False, "Input", "(System.Int32,System.String)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - ["Microsoft.VisualBasic", "VBCodeProvider", False, "VBCodeProvider", "(System.Collections.Generic.IDictionary)", "", "Argument[0].Element", "Argument[this]", "taint", "df-generated"] - addsTo: pack: codeql/csharp-all @@ -111,6 +105,7 @@ extensions: - ["Microsoft.VisualBasic", "FileSystem", "FileClose", "(System.Int32[])", "summary", "df-generated"] - ["Microsoft.VisualBasic", "FileSystem", "FileCopy", "(System.String,System.String)", "summary", "df-generated"] - ["Microsoft.VisualBasic", "FileSystem", "FileDateTime", "(System.String)", "summary", "df-generated"] + - ["Microsoft.VisualBasic", "FileSystem", "FileGet", "(System.Int32,System.Array,System.Int64,System.Boolean,System.Boolean)", "summary", "df-generated"] - ["Microsoft.VisualBasic", "FileSystem", "FileGet", "(System.Int32,System.Boolean,System.Int64)", "summary", "df-generated"] - ["Microsoft.VisualBasic", "FileSystem", "FileGet", "(System.Int32,System.Byte,System.Int64)", "summary", "df-generated"] - ["Microsoft.VisualBasic", "FileSystem", "FileGet", "(System.Int32,System.Char,System.Int64)", "summary", "df-generated"] @@ -121,6 +116,9 @@ extensions: - ["Microsoft.VisualBasic", "FileSystem", "FileGet", "(System.Int32,System.Int32,System.Int64)", "summary", "df-generated"] - ["Microsoft.VisualBasic", "FileSystem", "FileGet", "(System.Int32,System.Int64,System.Int64)", "summary", "df-generated"] - ["Microsoft.VisualBasic", "FileSystem", "FileGet", "(System.Int32,System.Single,System.Int64)", "summary", "df-generated"] + - ["Microsoft.VisualBasic", "FileSystem", "FileGet", "(System.Int32,System.String,System.Int64,System.Boolean)", "summary", "df-generated"] + - ["Microsoft.VisualBasic", "FileSystem", "FileGet", "(System.Int32,System.ValueType,System.Int64)", "summary", "df-generated"] + - ["Microsoft.VisualBasic", "FileSystem", "FileGetObject", "(System.Int32,System.Object,System.Int64)", "summary", "df-generated"] - ["Microsoft.VisualBasic", "FileSystem", "FileLen", "(System.String)", "summary", "df-generated"] - ["Microsoft.VisualBasic", "FileSystem", "FileOpen", "(System.Int32,System.String,Microsoft.VisualBasic.OpenMode,Microsoft.VisualBasic.OpenAccess,Microsoft.VisualBasic.OpenShare,System.Int32)", "summary", "df-generated"] - ["Microsoft.VisualBasic", "FileSystem", "FilePut", "(System.Int32,System.Array,System.Int64,System.Boolean,System.Boolean)", "summary", "df-generated"] @@ -150,7 +148,9 @@ extensions: - ["Microsoft.VisualBasic", "FileSystem", "Input", "(System.Int32,System.Int16)", "summary", "df-generated"] - ["Microsoft.VisualBasic", "FileSystem", "Input", "(System.Int32,System.Int32)", "summary", "df-generated"] - ["Microsoft.VisualBasic", "FileSystem", "Input", "(System.Int32,System.Int64)", "summary", "df-generated"] + - ["Microsoft.VisualBasic", "FileSystem", "Input", "(System.Int32,System.Object)", "summary", "df-generated"] - ["Microsoft.VisualBasic", "FileSystem", "Input", "(System.Int32,System.Single)", "summary", "df-generated"] + - ["Microsoft.VisualBasic", "FileSystem", "Input", "(System.Int32,System.String)", "summary", "df-generated"] - ["Microsoft.VisualBasic", "FileSystem", "InputString", "(System.Int32,System.Int32)", "summary", "df-generated"] - ["Microsoft.VisualBasic", "FileSystem", "Kill", "(System.String)", "summary", "df-generated"] - ["Microsoft.VisualBasic", "FileSystem", "LOF", "(System.Int32)", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/Mono.Linker.Steps.model.yml b/csharp/ql/lib/ext/generated/Mono.Linker.Steps.model.yml index f72895d03e2..0e6f2465ec0 100644 --- a/csharp/ql/lib/ext/generated/Mono.Linker.Steps.model.yml +++ b/csharp/ql/lib/ext/generated/Mono.Linker.Steps.model.yml @@ -51,9 +51,7 @@ extensions: - ["Mono.Linker.Steps", "MarkStep", False, "get_Tracer", "()", "", "Argument[this].SyntheticField[Mono.Linker.Steps.MarkStep._context].Property[Mono.Linker.LinkContext.Tracer]", "ReturnValue", "value", "dfc-generated"] - ["Mono.Linker.Steps", "MarkStep", True, "MarkAssembly", "(Mono.Cecil.AssemblyDefinition,Mono.Linker.DependencyInfo,Mono.Linker.MessageOrigin)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["Mono.Linker.Steps", "MarkStep", True, "MarkEvent", "(Mono.Cecil.EventDefinition,Mono.Linker.DependencyInfo,Mono.Linker.MessageOrigin)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["Mono.Linker.Steps", "MarkStep", True, "MarkInstruction", "(Mono.Cecil.Cil.Instruction,Mono.Cecil.MethodDefinition,System.Boolean,Mono.Linker.MessageOrigin)", "", "Argument[3].Property[Mono.Linker.MessageOrigin.FileName]", "ReturnValue.Property[Mono.Linker.MessageOrigin.FileName]", "value", "dfc-generated"] - - ["Mono.Linker.Steps", "MarkStep", True, "MarkInstruction", "(Mono.Cecil.Cil.Instruction,Mono.Cecil.MethodDefinition,System.Boolean,Mono.Linker.MessageOrigin)", "", "Argument[3].Property[Mono.Linker.MessageOrigin.Provider]", "ReturnValue.Property[Mono.Linker.MessageOrigin.Provider]", "value", "dfc-generated"] - - ["Mono.Linker.Steps", "MarkStep", True, "MarkInstruction", "(Mono.Cecil.Cil.Instruction,Mono.Cecil.MethodDefinition,System.Boolean,Mono.Linker.MessageOrigin)", "", "Argument[3]", "ReturnValue", "value", "dfc-generated"] + - ["Mono.Linker.Steps", "MarkStep", True, "MarkInstruction", "(Mono.Cecil.Cil.Instruction,Mono.Cecil.MethodDefinition,System.Boolean,Mono.Linker.MessageOrigin)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["Mono.Linker.Steps", "MarkStep", True, "MarkInterfaceImplementation", "(Mono.Cecil.InterfaceImplementation,Mono.Linker.MessageOrigin,System.Nullable)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["Mono.Linker.Steps", "MarkStep", True, "MarkMethod", "(Mono.Cecil.MethodReference,Mono.Linker.DependencyInfo,Mono.Linker.MessageOrigin)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["Mono.Linker.Steps", "MarkStep", True, "MarkMethod", "(Mono.Cecil.MethodReference,Mono.Linker.DependencyInfo,Mono.Linker.MessageOrigin)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] @@ -85,7 +83,7 @@ extensions: - ["Mono.Linker.Steps", "ProcessLinkerXmlBase", False, "ProcessLinkerXmlBase", "(Mono.Linker.LinkContext,System.IO.Stream,System.String)", "", "Argument[2]", "Argument[this].Field[Mono.Linker.Steps.ProcessLinkerXmlBase._xmlDocumentLocation]", "value", "dfc-generated"] - ["Mono.Linker.Steps", "ProcessLinkerXmlBase", False, "ProcessTypeChildren", "(Mono.Cecil.TypeDefinition,System.Xml.XPath.XPathNavigator,System.Object)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["Mono.Linker.Steps", "ProcessLinkerXmlBase", False, "ToString", "()", "", "Argument[this].Field[Mono.Linker.Steps.ProcessLinkerXmlBase._xmlDocumentLocation]", "ReturnValue", "taint", "dfc-generated"] - - ["Mono.Linker.Steps", "ProcessLinkerXmlBase", False, "TryConvertValue", "(System.String,Mono.Cecil.TypeReference,System.Object)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] + - ["Mono.Linker.Steps", "ProcessLinkerXmlBase", False, "TryConvertValue", "(System.String,Mono.Cecil.TypeReference,System.Object)", "", "Argument[0]", "Argument[2]", "value", "dfc-generated"] - ["Mono.Linker.Steps", "ProcessLinkerXmlBase", True, "ProcessEvent", "(Mono.Cecil.TypeDefinition,Mono.Cecil.EventDefinition,System.Xml.XPath.XPathNavigator,System.Object)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - ["Mono.Linker.Steps", "ProcessLinkerXmlBase", True, "ProcessEvent", "(Mono.Cecil.TypeDefinition,System.Xml.XPath.XPathNavigator,System.Object)", "", "Argument[0].Property[Mono.Cecil.TypeDefinition.Events].Element", "Argument[this].Field[Mono.Linker.Steps.DescriptorMarker._preservedMembers].Element", "value", "dfc-generated"] - ["Mono.Linker.Steps", "ProcessLinkerXmlBase", True, "ProcessField", "(Mono.Cecil.TypeDefinition,System.Xml.XPath.XPathNavigator)", "", "Argument[0].Property[Mono.Cecil.TypeDefinition.Fields].Element", "Argument[this].Field[Mono.Linker.Steps.DescriptorMarker._preservedMembers].Element", "value", "dfc-generated"] diff --git a/csharp/ql/lib/ext/generated/Mono.Linker.model.yml b/csharp/ql/lib/ext/generated/Mono.Linker.model.yml index 6519e273f0c..f48ad4aa411 100644 --- a/csharp/ql/lib/ext/generated/Mono.Linker.model.yml +++ b/csharp/ql/lib/ext/generated/Mono.Linker.model.yml @@ -96,7 +96,7 @@ extensions: - ["Mono.Linker", "MessageContainer", False, "CreateCustomWarningMessage", "(Mono.Linker.LinkContext,System.String,System.Int32,Mono.Linker.MessageOrigin,Mono.Linker.WarnVersion,System.String)", "", "Argument[5]", "ReturnValue.Property[Mono.Linker.MessageContainer.SubCategory]", "value", "dfc-generated"] - ["Mono.Linker", "MessageContainer", False, "CreateDiagnosticMessage", "(System.String)", "", "Argument[0]", "ReturnValue.Property[Mono.Linker.MessageContainer.Text]", "value", "dfc-generated"] - ["Mono.Linker", "MessageContainer", False, "CreateInfoMessage", "(System.String)", "", "Argument[0]", "ReturnValue.Property[Mono.Linker.MessageContainer.Text]", "value", "dfc-generated"] - - ["Mono.Linker", "MessageContainer", False, "IsWarningMessage", "(System.Nullable)", "", "Argument[this].Property[Mono.Linker.MessageContainer.Code]", "ReturnValue", "value", "dfc-generated"] + - ["Mono.Linker", "MessageContainer", False, "IsWarningMessage", "(System.Nullable)", "", "Argument[this].Property[Mono.Linker.MessageContainer.Code]", "Argument[0]", "value", "dfc-generated"] - ["Mono.Linker", "MessageContainer", False, "ToMSBuildString", "()", "", "Argument[this].Property[Mono.Linker.MessageContainer.Origin].Property[Mono.Linker.MessageOrigin.FileName]", "ReturnValue", "taint", "dfc-generated"] - ["Mono.Linker", "MessageContainer", False, "ToMSBuildString", "()", "", "Argument[this].Property[Mono.Linker.MessageContainer.SubCategory]", "ReturnValue", "taint", "dfc-generated"] - ["Mono.Linker", "MessageContainer", False, "ToMSBuildString", "()", "", "Argument[this].Property[Mono.Linker.MessageContainer.Text]", "ReturnValue", "taint", "dfc-generated"] @@ -113,8 +113,8 @@ extensions: - ["Mono.Linker", "MessageOrigin", False, "ToString", "()", "", "Argument[this].Property[Mono.Linker.MessageOrigin.FileName]", "ReturnValue", "taint", "dfc-generated"] - ["Mono.Linker", "MessageOrigin", False, "WithInstructionOffset", "(System.Int32)", "", "Argument[this].Property[Mono.Linker.MessageOrigin.FileName]", "ReturnValue.Property[Mono.Linker.MessageOrigin.FileName]", "value", "dfc-generated"] - ["Mono.Linker", "MessageOrigin", False, "WithInstructionOffset", "(System.Int32)", "", "Argument[this].Property[Mono.Linker.MessageOrigin.Provider]", "ReturnValue.Property[Mono.Linker.MessageOrigin.Provider]", "value", "dfc-generated"] - - ["Mono.Linker", "MethodDefinitionExtensions", False, "TryGetEvent", "(Mono.Cecil.MethodDefinition,Mono.Cecil.EventDefinition)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["Mono.Linker", "MethodDefinitionExtensions", False, "TryGetProperty", "(Mono.Cecil.MethodDefinition,Mono.Cecil.PropertyDefinition)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["Mono.Linker", "MethodDefinitionExtensions", False, "TryGetEvent", "(Mono.Cecil.MethodDefinition,Mono.Cecil.EventDefinition)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] + - ["Mono.Linker", "MethodDefinitionExtensions", False, "TryGetProperty", "(Mono.Cecil.MethodDefinition,Mono.Cecil.PropertyDefinition)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] - ["Mono.Linker", "MethodIL", False, "Create", "(Mono.Cecil.Cil.MethodBody)", "", "Argument[0]", "ReturnValue.Field[Mono.Linker.MethodIL.Body]", "value", "dfc-generated"] - ["Mono.Linker", "MethodIL", False, "get_ExceptionHandlers", "()", "", "Argument[this].Field[Mono.Linker.MethodIL.Body].Property[Mono.Cecil.Cil.MethodBody.ExceptionHandlers]", "ReturnValue", "value", "dfc-generated"] - ["Mono.Linker", "MethodIL", False, "get_Instructions", "()", "", "Argument[this].Field[Mono.Linker.MethodIL.Body].Property[Mono.Cecil.Cil.MethodBody.Instructions]", "ReturnValue", "value", "dfc-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Buffers.model.yml b/csharp/ql/lib/ext/generated/System.Buffers.model.yml index 0f351ff18d1..ff472f7b0cf 100644 --- a/csharp/ql/lib/ext/generated/System.Buffers.model.yml +++ b/csharp/ql/lib/ext/generated/System.Buffers.model.yml @@ -33,37 +33,30 @@ extensions: - ["System.Buffers", "ReadOnlySequence", False, "Slice", "(System.SequencePosition,System.Int64)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System.Buffers", "ReadOnlySequence", False, "Slice", "(System.SequencePosition,System.SequencePosition)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System.Buffers", "ReadOnlySequence", False, "Slice", "(System.SequencePosition,System.SequencePosition)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"] - - ["System.Buffers", "ReadOnlySequence", False, "TryGet", "(System.SequencePosition,System.ReadOnlyMemory,System.Boolean)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Buffers", "ReadOnlySequence", False, "get_FirstSpan", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Buffers", "SearchValues", False, "Create", "(System.ReadOnlySpan)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System.Buffers", "SearchValues", False, "Create", "(System.ReadOnlySpan,System.StringComparison)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System.Buffers", "SequenceReader", False, "SequenceReader", "(System.Buffers.ReadOnlySequence)", "", "Argument[0]", "Argument[this].Property[System.Buffers.SequenceReader`1.Sequence]", "value", "dfc-generated"] - ["System.Buffers", "SequenceReader", False, "TryCopyTo", "(System.Span)", "", "Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element", "Argument[0].Element", "value", "dfc-generated"] - ["System.Buffers", "SequenceReader", False, "TryCopyTo", "(System.Span)", "", "Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element", "Argument[0].Element", "value", "dfc-generated"] - - ["System.Buffers", "SequenceReader", False, "TryPeek", "(System.Int64,T)", "", "Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element", "ReturnValue", "value", "dfc-generated"] - - ["System.Buffers", "SequenceReader", False, "TryPeek", "(T)", "", "Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element", "ReturnValue", "value", "dfc-generated"] - - ["System.Buffers", "SequenceReader", False, "TryRead", "(T)", "", "Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element", "ReturnValue", "value", "dfc-generated"] - - ["System.Buffers", "SequenceReader", False, "TryReadExact", "(System.Int32,System.Buffers.ReadOnlySequence)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Buffers", "SequenceReader", False, "TryReadTo", "(System.Buffers.ReadOnlySequence,System.ReadOnlySpan,System.Boolean)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Buffers", "SequenceReader", False, "TryReadTo", "(System.Buffers.ReadOnlySequence,T,System.Boolean)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Buffers", "SequenceReader", False, "TryReadTo", "(System.Buffers.ReadOnlySequence,T,T,System.Boolean)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Buffers", "SequenceReader", False, "TryReadTo", "(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean)", "", "Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element", "ReturnValue.Element", "value", "dfc-generated"] - - ["System.Buffers", "SequenceReader", False, "TryReadTo", "(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean)", "", "Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element", "ReturnValue.Element", "value", "dfc-generated"] - - ["System.Buffers", "SequenceReader", False, "TryReadTo", "(System.ReadOnlySpan,T,System.Boolean)", "", "Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element", "ReturnValue.Element", "value", "dfc-generated"] - - ["System.Buffers", "SequenceReader", False, "TryReadTo", "(System.ReadOnlySpan,T,System.Boolean)", "", "Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element", "ReturnValue.Element", "value", "dfc-generated"] - - ["System.Buffers", "SequenceReader", False, "TryReadTo", "(System.ReadOnlySpan,T,T,System.Boolean)", "", "Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element", "ReturnValue.Element", "value", "dfc-generated"] - - ["System.Buffers", "SequenceReader", False, "TryReadTo", "(System.ReadOnlySpan,T,T,System.Boolean)", "", "Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element", "ReturnValue.Element", "value", "dfc-generated"] - - ["System.Buffers", "SequenceReader", False, "TryReadToAny", "(System.Buffers.ReadOnlySequence,System.ReadOnlySpan,System.Boolean)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Buffers", "SequenceReader", False, "TryReadToAny", "(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean)", "", "Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element", "ReturnValue.Element", "value", "dfc-generated"] - - ["System.Buffers", "SequenceReader", False, "TryReadToAny", "(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean)", "", "Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element", "ReturnValue.Element", "value", "dfc-generated"] + - ["System.Buffers", "SequenceReader", False, "TryPeek", "(System.Int64,T)", "", "Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element", "Argument[1]", "value", "dfc-generated"] + - ["System.Buffers", "SequenceReader", False, "TryPeek", "(T)", "", "Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element", "Argument[0]", "value", "dfc-generated"] + - ["System.Buffers", "SequenceReader", False, "TryRead", "(T)", "", "Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element", "Argument[0]", "value", "dfc-generated"] + - ["System.Buffers", "SequenceReader", False, "TryReadExact", "(System.Int32,System.Buffers.ReadOnlySequence)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] + - ["System.Buffers", "SequenceReader", False, "TryReadTo", "(System.Buffers.ReadOnlySequence,System.ReadOnlySpan,System.Boolean)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] + - ["System.Buffers", "SequenceReader", False, "TryReadTo", "(System.Buffers.ReadOnlySequence,T,System.Boolean)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] + - ["System.Buffers", "SequenceReader", False, "TryReadTo", "(System.Buffers.ReadOnlySequence,T,T,System.Boolean)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] + - ["System.Buffers", "SequenceReader", False, "TryReadTo", "(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean)", "", "Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element", "Argument[0].Element", "value", "dfc-generated"] + - ["System.Buffers", "SequenceReader", False, "TryReadTo", "(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean)", "", "Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element", "Argument[0].Element", "value", "dfc-generated"] + - ["System.Buffers", "SequenceReader", False, "TryReadTo", "(System.ReadOnlySpan,T,System.Boolean)", "", "Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element", "Argument[0].Element", "value", "dfc-generated"] + - ["System.Buffers", "SequenceReader", False, "TryReadTo", "(System.ReadOnlySpan,T,System.Boolean)", "", "Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element", "Argument[0].Element", "value", "dfc-generated"] + - ["System.Buffers", "SequenceReader", False, "TryReadTo", "(System.ReadOnlySpan,T,T,System.Boolean)", "", "Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element", "Argument[0].Element", "value", "dfc-generated"] + - ["System.Buffers", "SequenceReader", False, "TryReadTo", "(System.ReadOnlySpan,T,T,System.Boolean)", "", "Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element", "Argument[0].Element", "value", "dfc-generated"] + - ["System.Buffers", "SequenceReader", False, "TryReadToAny", "(System.Buffers.ReadOnlySequence,System.ReadOnlySpan,System.Boolean)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] + - ["System.Buffers", "SequenceReader", False, "TryReadToAny", "(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean)", "", "Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element", "Argument[0].Element", "value", "dfc-generated"] + - ["System.Buffers", "SequenceReader", False, "TryReadToAny", "(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean)", "", "Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element", "Argument[0].Element", "value", "dfc-generated"] - ["System.Buffers", "SequenceReader", False, "get_UnreadSequence", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Buffers", "SequenceReader", False, "get_UnreadSpan", "()", "", "Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element", "ReturnValue.Element", "value", "dfc-generated"] - - ["System.Buffers", "SequenceReaderExtensions", False, "TryReadBigEndian", "(System.Buffers.SequenceReader,System.Int16)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Buffers", "SequenceReaderExtensions", False, "TryReadBigEndian", "(System.Buffers.SequenceReader,System.Int32)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Buffers", "SequenceReaderExtensions", False, "TryReadBigEndian", "(System.Buffers.SequenceReader,System.Int64)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Buffers", "SequenceReaderExtensions", False, "TryReadLittleEndian", "(System.Buffers.SequenceReader,System.Int16)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Buffers", "SequenceReaderExtensions", False, "TryReadLittleEndian", "(System.Buffers.SequenceReader,System.Int32)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Buffers", "SequenceReaderExtensions", False, "TryReadLittleEndian", "(System.Buffers.SequenceReader,System.Int64)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - addsTo: pack: codeql/csharp-all extensible: neutralModel @@ -137,6 +130,7 @@ extensions: - ["System.Buffers", "ReadOnlySequence", "Slice", "(System.Int32,System.Int32)", "summary", "df-generated"] - ["System.Buffers", "ReadOnlySequence", "Slice", "(System.Int64,System.Int64)", "summary", "df-generated"] - ["System.Buffers", "ReadOnlySequence", "ToString", "()", "summary", "df-generated"] + - ["System.Buffers", "ReadOnlySequence", "TryGet", "(System.SequencePosition,System.ReadOnlyMemory,System.Boolean)", "summary", "df-generated"] - ["System.Buffers", "ReadOnlySequence", "get_End", "()", "summary", "df-generated"] - ["System.Buffers", "ReadOnlySequence", "get_First", "()", "summary", "df-generated"] - ["System.Buffers", "ReadOnlySequence", "get_IsEmpty", "()", "summary", "df-generated"] @@ -162,6 +156,12 @@ extensions: - ["System.Buffers", "SequenceReader", "get_Position", "()", "summary", "df-generated"] - ["System.Buffers", "SequenceReader", "get_Remaining", "()", "summary", "df-generated"] - ["System.Buffers", "SequenceReader", "get_Sequence", "()", "summary", "df-generated"] + - ["System.Buffers", "SequenceReaderExtensions", "TryReadBigEndian", "(System.Buffers.SequenceReader,System.Int16)", "summary", "df-generated"] + - ["System.Buffers", "SequenceReaderExtensions", "TryReadBigEndian", "(System.Buffers.SequenceReader,System.Int32)", "summary", "df-generated"] + - ["System.Buffers", "SequenceReaderExtensions", "TryReadBigEndian", "(System.Buffers.SequenceReader,System.Int64)", "summary", "df-generated"] + - ["System.Buffers", "SequenceReaderExtensions", "TryReadLittleEndian", "(System.Buffers.SequenceReader,System.Int16)", "summary", "df-generated"] + - ["System.Buffers", "SequenceReaderExtensions", "TryReadLittleEndian", "(System.Buffers.SequenceReader,System.Int32)", "summary", "df-generated"] + - ["System.Buffers", "SequenceReaderExtensions", "TryReadLittleEndian", "(System.Buffers.SequenceReader,System.Int64)", "summary", "df-generated"] - ["System.Buffers", "StandardFormat", "Equals", "(System.Buffers.StandardFormat)", "summary", "df-generated"] - ["System.Buffers", "StandardFormat", "Equals", "(System.Object)", "summary", "df-generated"] - ["System.Buffers", "StandardFormat", "GetHashCode", "()", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.CodeDom.Compiler.model.yml b/csharp/ql/lib/ext/generated/System.CodeDom.Compiler.model.yml index 91d655f6d3b..9a760ddfa43 100644 --- a/csharp/ql/lib/ext/generated/System.CodeDom.Compiler.model.yml +++ b/csharp/ql/lib/ext/generated/System.CodeDom.Compiler.model.yml @@ -126,14 +126,6 @@ extensions: - ["System.CodeDom.Compiler", "CompilerParameters", False, "CompilerParameters", "(System.String[],System.String,System.Boolean)", "", "Argument[0].Element", "Argument[this].Property[System.CodeDom.Compiler.CompilerParameters.ReferencedAssemblies].Element", "value", "dfc-generated"] - ["System.CodeDom.Compiler", "CompilerParameters", False, "CompilerParameters", "(System.String[],System.String,System.Boolean)", "", "Argument[1]", "Argument[this].Property[System.CodeDom.Compiler.CompilerParameters.OutputAssembly]", "value", "dfc-generated"] - ["System.CodeDom.Compiler", "CompilerResults", False, "CompilerResults", "(System.CodeDom.Compiler.TempFileCollection)", "", "Argument[0]", "Argument[this].Property[System.CodeDom.Compiler.CompilerResults.TempFiles]", "value", "dfc-generated"] - - ["System.CodeDom.Compiler", "Executor", False, "ExecWaitWithCapture", "(System.IntPtr,System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String)", "", "Argument[3]", "ReturnValue", "value", "dfc-generated"] - - ["System.CodeDom.Compiler", "Executor", False, "ExecWaitWithCapture", "(System.IntPtr,System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String)", "", "Argument[4]", "ReturnValue", "value", "dfc-generated"] - - ["System.CodeDom.Compiler", "Executor", False, "ExecWaitWithCapture", "(System.IntPtr,System.String,System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String)", "", "Argument[4]", "ReturnValue", "value", "dfc-generated"] - - ["System.CodeDom.Compiler", "Executor", False, "ExecWaitWithCapture", "(System.IntPtr,System.String,System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String)", "", "Argument[5]", "ReturnValue", "value", "dfc-generated"] - - ["System.CodeDom.Compiler", "Executor", False, "ExecWaitWithCapture", "(System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String)", "", "Argument[2]", "ReturnValue", "value", "dfc-generated"] - - ["System.CodeDom.Compiler", "Executor", False, "ExecWaitWithCapture", "(System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String)", "", "Argument[3]", "ReturnValue", "value", "dfc-generated"] - - ["System.CodeDom.Compiler", "Executor", False, "ExecWaitWithCapture", "(System.String,System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String)", "", "Argument[3]", "ReturnValue", "value", "dfc-generated"] - - ["System.CodeDom.Compiler", "Executor", False, "ExecWaitWithCapture", "(System.String,System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String)", "", "Argument[4]", "ReturnValue", "value", "dfc-generated"] - ["System.CodeDom.Compiler", "GeneratedCodeAttribute", False, "GeneratedCodeAttribute", "(System.String,System.String)", "", "Argument[0]", "Argument[this].SyntheticField[System.CodeDom.Compiler.GeneratedCodeAttribute._tool]", "value", "dfc-generated"] - ["System.CodeDom.Compiler", "GeneratedCodeAttribute", False, "GeneratedCodeAttribute", "(System.String,System.String)", "", "Argument[1]", "Argument[this].SyntheticField[System.CodeDom.Compiler.GeneratedCodeAttribute._version]", "value", "dfc-generated"] - ["System.CodeDom.Compiler", "GeneratedCodeAttribute", False, "get_Tool", "()", "", "Argument[this].SyntheticField[System.CodeDom.Compiler.GeneratedCodeAttribute._tool]", "ReturnValue", "value", "dfc-generated"] @@ -297,6 +289,10 @@ extensions: - ["System.CodeDom.Compiler", "CompilerResults", "get_Errors", "()", "summary", "df-generated"] - ["System.CodeDom.Compiler", "CompilerResults", "get_Output", "()", "summary", "df-generated"] - ["System.CodeDom.Compiler", "Executor", "ExecWait", "(System.String,System.CodeDom.Compiler.TempFileCollection)", "summary", "df-generated"] + - ["System.CodeDom.Compiler", "Executor", "ExecWaitWithCapture", "(System.IntPtr,System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String)", "summary", "df-generated"] + - ["System.CodeDom.Compiler", "Executor", "ExecWaitWithCapture", "(System.IntPtr,System.String,System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String)", "summary", "df-generated"] + - ["System.CodeDom.Compiler", "Executor", "ExecWaitWithCapture", "(System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String)", "summary", "df-generated"] + - ["System.CodeDom.Compiler", "Executor", "ExecWaitWithCapture", "(System.String,System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String)", "summary", "df-generated"] - ["System.CodeDom.Compiler", "ICodeCompiler", "CompileAssemblyFromFile", "(System.CodeDom.Compiler.CompilerParameters,System.String)", "summary", "df-generated"] - ["System.CodeDom.Compiler", "ICodeCompiler", "CompileAssemblyFromFileBatch", "(System.CodeDom.Compiler.CompilerParameters,System.String[])", "summary", "df-generated"] - ["System.CodeDom.Compiler", "ICodeCompiler", "CompileAssemblyFromSource", "(System.CodeDom.Compiler.CompilerParameters,System.String)", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Collections.Concurrent.model.yml b/csharp/ql/lib/ext/generated/System.Collections.Concurrent.model.yml index 9834bace34d..13228929231 100644 --- a/csharp/ql/lib/ext/generated/System.Collections.Concurrent.model.yml +++ b/csharp/ql/lib/ext/generated/System.Collections.Concurrent.model.yml @@ -13,8 +13,8 @@ extensions: - ["System.Collections.Concurrent", "BlockingCollection", False, "TryAdd", "(T,System.TimeSpan)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["System.Collections.Concurrent", "ConcurrentBag", False, "ToArray", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Concurrent", "ConcurrentBag", False, "TryAdd", "(T)", "", "Argument[0]", "Argument[this].Element", "value", "dfc-generated"] - - ["System.Collections.Concurrent", "ConcurrentBag", False, "TryPeek", "(T)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Collections.Concurrent", "ConcurrentBag", False, "TryTake", "(T)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Collections.Concurrent", "ConcurrentBag", False, "TryPeek", "(T)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] + - ["System.Collections.Concurrent", "ConcurrentBag", False, "TryTake", "(T)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - ["System.Collections.Concurrent", "ConcurrentDictionary", False, "AddOrUpdate", "(TKey,System.Func,System.Func)", "", "Argument[0]", "Argument[1].Parameter[0]", "value", "dfc-generated"] - ["System.Collections.Concurrent", "ConcurrentDictionary", False, "AddOrUpdate", "(TKey,System.Func,System.Func)", "", "Argument[0]", "Argument[2].Parameter[0]", "value", "dfc-generated"] - ["System.Collections.Concurrent", "ConcurrentDictionary", False, "AddOrUpdate", "(TKey,System.Func,System.Func)", "", "Argument[1].ReturnValue", "ReturnValue", "value", "dfc-generated"] @@ -35,14 +35,14 @@ extensions: - ["System.Collections.Concurrent", "ConcurrentDictionary", False, "GetOrAdd", "(TKey,System.Func,TArg)", "", "Argument[0]", "Argument[1].Parameter[0]", "value", "dfc-generated"] - ["System.Collections.Concurrent", "ConcurrentDictionary", False, "GetOrAdd", "(TKey,System.Func,TArg)", "", "Argument[1].ReturnValue", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Concurrent", "ConcurrentDictionary", False, "GetOrAdd", "(TKey,System.Func,TArg)", "", "Argument[2]", "Argument[1].Parameter[1]", "value", "dfc-generated"] - - ["System.Collections.Concurrent", "ConcurrentDictionary", False, "TryGetAlternateLookup", "(System.Collections.Concurrent.ConcurrentDictionary+AlternateLookup)", "", "Argument[this]", "ReturnValue.Property[System.Collections.Concurrent.ConcurrentDictionary`2+AlternateLookup`1.Dictionary]", "value", "dfc-generated"] + - ["System.Collections.Concurrent", "ConcurrentDictionary", False, "TryGetAlternateLookup", "(System.Collections.Concurrent.ConcurrentDictionary+AlternateLookup)", "", "Argument[this]", "Argument[0].Property[System.Collections.Concurrent.ConcurrentDictionary`2+AlternateLookup`1.Dictionary]", "value", "dfc-generated"] - ["System.Collections.Concurrent", "ConcurrentDictionary", False, "get_Comparer", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Concurrent", "ConcurrentStack", False, "ConcurrentStack", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value]", "value", "dfc-generated"] - - ["System.Collections.Concurrent", "ConcurrentStack", False, "TryPeek", "(T)", "", "Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Concurrent", "ConcurrentStack", False, "TryPop", "(T)", "", "Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value]", "ReturnValue", "value", "dfc-generated"] + - ["System.Collections.Concurrent", "ConcurrentStack", False, "TryPeek", "(T)", "", "Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value]", "Argument[0]", "value", "dfc-generated"] + - ["System.Collections.Concurrent", "ConcurrentStack", False, "TryPop", "(T)", "", "Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value]", "Argument[0]", "value", "dfc-generated"] - ["System.Collections.Concurrent", "ConcurrentStack", False, "TryPopRange", "(T[])", "", "Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value]", "Argument[0].Element", "value", "dfc-generated"] - ["System.Collections.Concurrent", "ConcurrentStack", False, "TryPopRange", "(T[],System.Int32,System.Int32)", "", "Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value]", "Argument[0].Element", "value", "dfc-generated"] - - ["System.Collections.Concurrent", "ConcurrentStack", False, "TryTake", "(T)", "", "Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value]", "ReturnValue", "value", "dfc-generated"] + - ["System.Collections.Concurrent", "ConcurrentStack", False, "TryTake", "(T)", "", "Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value]", "Argument[0]", "value", "dfc-generated"] - ["System.Collections.Concurrent", "OrderablePartitioner", True, "GetDynamicPartitions", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Concurrent", "Partitioner", False, "Create", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Concurrent", "Partitioner", False, "Create", "(System.Collections.Generic.IEnumerable,System.Collections.Concurrent.EnumerablePartitionerOptions)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Collections.Frozen.model.yml b/csharp/ql/lib/ext/generated/System.Collections.Frozen.model.yml index daea37e28ca..ae675a172a8 100644 --- a/csharp/ql/lib/ext/generated/System.Collections.Frozen.model.yml +++ b/csharp/ql/lib/ext/generated/System.Collections.Frozen.model.yml @@ -11,7 +11,7 @@ extensions: - ["System.Collections.Frozen", "FrozenDictionary+Enumerator", False, "get_Current", "()", "", "Argument[this].Property[System.Collections.Frozen.FrozenDictionary`2+Enumerator.Current]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Frozen", "FrozenDictionary+Enumerator", False, "get_Current", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Frozen", "FrozenDictionary", False, "GetAlternateLookup", "()", "", "Argument[this]", "ReturnValue.Property[System.Collections.Frozen.FrozenDictionary`2+AlternateLookup`1.Dictionary]", "value", "dfc-generated"] - - ["System.Collections.Frozen", "FrozenDictionary", False, "TryGetAlternateLookup", "(System.Collections.Frozen.FrozenDictionary+AlternateLookup)", "", "Argument[this]", "ReturnValue.Property[System.Collections.Frozen.FrozenDictionary`2+AlternateLookup`1.Dictionary]", "value", "dfc-generated"] + - ["System.Collections.Frozen", "FrozenDictionary", False, "TryGetAlternateLookup", "(System.Collections.Frozen.FrozenDictionary+AlternateLookup)", "", "Argument[this]", "Argument[0].Property[System.Collections.Frozen.FrozenDictionary`2+AlternateLookup`1.Dictionary]", "value", "dfc-generated"] - ["System.Collections.Frozen", "FrozenDictionary", False, "get_Keys", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Frozen", "FrozenDictionary", False, "get_Values", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Frozen", "FrozenSet", False, "Create", "(System.Collections.Generic.IEqualityComparer,System.ReadOnlySpan)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"] @@ -19,13 +19,13 @@ extensions: - ["System.Collections.Frozen", "FrozenSet", False, "ToFrozenSet", "(System.Collections.Generic.IEnumerable,System.Collections.Generic.IEqualityComparer)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Frozen", "FrozenSet+AlternateLookup", False, "Contains", "(TAlternate)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["System.Collections.Frozen", "FrozenSet+AlternateLookup", False, "TryGetValue", "(TAlternate,T)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["System.Collections.Frozen", "FrozenSet+AlternateLookup", False, "TryGetValue", "(TAlternate,T)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Collections.Frozen", "FrozenSet+AlternateLookup", False, "TryGetValue", "(TAlternate,T)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - ["System.Collections.Frozen", "FrozenSet+Enumerator", False, "get_Current", "()", "", "Argument[this].Property[System.Collections.Frozen.FrozenSet`1+Enumerator.Current]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Frozen", "FrozenSet+Enumerator", False, "get_Current", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Frozen", "FrozenSet", False, "CopyTo", "(System.Span)", "", "Argument[this].Property[System.Collections.Frozen.FrozenSet`1.Items].Element", "Argument[0].Element", "value", "dfc-generated"] - ["System.Collections.Frozen", "FrozenSet", False, "GetAlternateLookup", "()", "", "Argument[this]", "ReturnValue.Property[System.Collections.Frozen.FrozenSet`1+AlternateLookup`1.Set]", "value", "dfc-generated"] - - ["System.Collections.Frozen", "FrozenSet", False, "TryGetAlternateLookup", "(System.Collections.Frozen.FrozenSet+AlternateLookup)", "", "Argument[this]", "ReturnValue.Property[System.Collections.Frozen.FrozenSet`1+AlternateLookup`1.Set]", "value", "dfc-generated"] - - ["System.Collections.Frozen", "FrozenSet", False, "TryGetValue", "(T,T)", "", "Argument[this].Property[System.Collections.Frozen.FrozenSet`1.Items].Element", "ReturnValue", "value", "dfc-generated"] + - ["System.Collections.Frozen", "FrozenSet", False, "TryGetAlternateLookup", "(System.Collections.Frozen.FrozenSet+AlternateLookup)", "", "Argument[this]", "Argument[0].Property[System.Collections.Frozen.FrozenSet`1+AlternateLookup`1.Set]", "value", "dfc-generated"] + - ["System.Collections.Frozen", "FrozenSet", False, "TryGetValue", "(T,T)", "", "Argument[this].Property[System.Collections.Frozen.FrozenSet`1.Items].Element", "Argument[1]", "value", "dfc-generated"] - ["System.Collections.Frozen", "FrozenSet", False, "get_Items", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - addsTo: pack: codeql/csharp-all diff --git a/csharp/ql/lib/ext/generated/System.Collections.Generic.model.yml b/csharp/ql/lib/ext/generated/System.Collections.Generic.model.yml index ad2383f1d6b..325945f5904 100644 --- a/csharp/ql/lib/ext/generated/System.Collections.Generic.model.yml +++ b/csharp/ql/lib/ext/generated/System.Collections.Generic.model.yml @@ -16,7 +16,7 @@ extensions: - ["System.Collections.Generic", "CollectionExtensions", False, "GetRuntimeFileAssets", "(System.Collections.Generic.IEnumerable,System.String)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Generic", "CollectionExtensions", False, "GetRuntimeGroup", "(System.Collections.Generic.IEnumerable,System.String)", "", "Argument[0].Element", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Generic", "CollectionExtensions", False, "GetValueOrDefault", "(System.Collections.Generic.IReadOnlyDictionary,TKey,TValue)", "", "Argument[2]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Generic", "CollectionExtensions", False, "Remove", "(System.Collections.Generic.IDictionary,TKey,TValue)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"] + - ["System.Collections.Generic", "CollectionExtensions", False, "Remove", "(System.Collections.Generic.IDictionary,TKey,TValue)", "", "Argument[0].Element", "Argument[2]", "taint", "df-generated"] - ["System.Collections.Generic", "CollectionExtensions", False, "TryAdd", "(System.Collections.Generic.IDictionary,TKey,TValue)", "", "Argument[1]", "Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Key]", "value", "dfc-generated"] - ["System.Collections.Generic", "CollectionExtensions", False, "TryAdd", "(System.Collections.Generic.IDictionary,TKey,TValue)", "", "Argument[2]", "Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Value]", "value", "dfc-generated"] - ["System.Collections.Generic", "Dictionary+Enumerator", False, "get_Current", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] @@ -35,13 +35,14 @@ extensions: - ["System.Collections.Generic", "HashSet+Enumerator", False, "get_Current", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Generic", "HashSet", False, "HashSet", "(System.Collections.Generic.IEnumerable,System.Collections.Generic.IEqualityComparer)", "", "Argument[0].Element", "Argument[this]", "taint", "df-generated"] - ["System.Collections.Generic", "HashSet", False, "HashSet", "(System.Collections.Generic.IEqualityComparer)", "", "Argument[0]", "Argument[this].SyntheticField[System.Collections.Generic.HashSet`1._comparer]", "value", "dfc-generated"] - - ["System.Collections.Generic", "HashSet", False, "TryGetValue", "(T,T)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Collections.Generic", "HashSet", False, "TryGetValue", "(T,T)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - ["System.Collections.Generic", "HashSet", False, "get_Comparer", "()", "", "Argument[this].SyntheticField[System.Collections.Generic.HashSet`1._comparer]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Generic", "HashSet", True, "GetObjectData", "(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext)", "", "Argument[this].Property[System.Collections.Generic.HashSet`1.Comparer]", "Argument[0].SyntheticField[System.Runtime.Serialization.SerializationInfo._values].Element", "value", "dfc-generated"] - ["System.Collections.Generic", "HashSet", True, "GetObjectData", "(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext)", "", "Argument[this].SyntheticField[System.Collections.Generic.HashSet`1._comparer]", "Argument[0].SyntheticField[System.Runtime.Serialization.SerializationInfo._values].Element", "value", "dfc-generated"] - ["System.Collections.Generic", "KeyValuePair", False, "Create", "(TKey,TValue)", "", "Argument[0]", "ReturnValue.Property[System.Collections.Generic.KeyValuePair`2.Key]", "value", "dfc-generated"] - ["System.Collections.Generic", "KeyValuePair", False, "Create", "(TKey,TValue)", "", "Argument[1]", "ReturnValue.Property[System.Collections.Generic.KeyValuePair`2.Value]", "value", "dfc-generated"] - - ["System.Collections.Generic", "KeyValuePair", False, "Deconstruct", "(TKey,TValue)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Collections.Generic", "KeyValuePair", False, "Deconstruct", "(TKey,TValue)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] + - ["System.Collections.Generic", "KeyValuePair", False, "Deconstruct", "(TKey,TValue)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - ["System.Collections.Generic", "KeyValuePair", False, "get_Key", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Generic", "KeyValuePair", False, "get_Value", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Generic", "LinkedList+Enumerator", False, "get_Current", "()", "", "Argument[this].Property[System.Collections.Generic.LinkedList`1+Enumerator.Current]", "ReturnValue", "value", "dfc-generated"] @@ -91,9 +92,9 @@ extensions: - ["System.Collections.Generic", "OrderedDictionary", False, "OrderedDictionary", "(System.Collections.Generic.IEnumerable>,System.Collections.Generic.IEqualityComparer)", "", "Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Key]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key]", "value", "dfc-generated"] - ["System.Collections.Generic", "OrderedDictionary", False, "OrderedDictionary", "(System.Collections.Generic.IEnumerable>,System.Collections.Generic.IEqualityComparer)", "", "Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Value]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value]", "value", "dfc-generated"] - ["System.Collections.Generic", "OrderedDictionary", False, "OrderedDictionary", "(System.Int32,System.Collections.Generic.IEqualityComparer)", "", "Argument[1]", "Argument[this].SyntheticField[System.Collections.Generic.OrderedDictionary`2._comparer]", "value", "dfc-generated"] - - ["System.Collections.Generic", "OrderedDictionary", False, "Remove", "(TKey,TValue)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Collections.Generic", "OrderedDictionary", False, "TryGetValue", "(TKey,TValue)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Collections.Generic", "OrderedDictionary", False, "TryGetValue", "(TKey,TValue,System.Int32)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Collections.Generic", "OrderedDictionary", False, "Remove", "(TKey,TValue)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] + - ["System.Collections.Generic", "OrderedDictionary", False, "TryGetValue", "(TKey,TValue)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] + - ["System.Collections.Generic", "OrderedDictionary", False, "TryGetValue", "(TKey,TValue,System.Int32)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - ["System.Collections.Generic", "OrderedDictionary", False, "get_Comparer", "()", "", "Argument[this].SyntheticField[System.Collections.Generic.OrderedDictionary`2._comparer]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Generic", "OrderedDictionary", False, "get_Keys", "()", "", "Argument[this].Property[System.Collections.Generic.OrderedDictionary`2.Keys]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Generic", "OrderedDictionary", False, "get_Values", "()", "", "Argument[this].Property[System.Collections.Generic.OrderedDictionary`2.Values]", "ReturnValue", "value", "dfc-generated"] @@ -108,17 +109,20 @@ extensions: - ["System.Collections.Generic", "PriorityQueue", False, "PriorityQueue", "(System.Collections.Generic.IEnumerable>,System.Collections.Generic.IComparer)", "", "Argument[1]", "Argument[this].SyntheticField[System.Collections.Generic.PriorityQueue`2._comparer]", "value", "dfc-generated"] - ["System.Collections.Generic", "PriorityQueue", False, "PriorityQueue", "(System.Int32,System.Collections.Generic.IComparer)", "", "Argument[1]", "Argument[this].SyntheticField[System.Collections.Generic.PriorityQueue`2._comparer]", "value", "dfc-generated"] - ["System.Collections.Generic", "PriorityQueue", False, "Remove", "(TElement,TElement,TPriority,System.Collections.Generic.IEqualityComparer)", "", "Argument[0]", "Argument[3]", "taint", "df-generated"] - - ["System.Collections.Generic", "PriorityQueue", False, "Remove", "(TElement,TElement,TPriority,System.Collections.Generic.IEqualityComparer)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Collections.Generic", "PriorityQueue", False, "TryDequeue", "(TElement,TPriority)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Collections.Generic", "PriorityQueue", False, "TryPeek", "(TElement,TPriority)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Collections.Generic", "PriorityQueue", False, "Remove", "(TElement,TElement,TPriority,System.Collections.Generic.IEqualityComparer)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] + - ["System.Collections.Generic", "PriorityQueue", False, "Remove", "(TElement,TElement,TPriority,System.Collections.Generic.IEqualityComparer)", "", "Argument[this]", "Argument[2]", "taint", "df-generated"] + - ["System.Collections.Generic", "PriorityQueue", False, "TryDequeue", "(TElement,TPriority)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] + - ["System.Collections.Generic", "PriorityQueue", False, "TryDequeue", "(TElement,TPriority)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] + - ["System.Collections.Generic", "PriorityQueue", False, "TryPeek", "(TElement,TPriority)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] + - ["System.Collections.Generic", "PriorityQueue", False, "TryPeek", "(TElement,TPriority)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - ["System.Collections.Generic", "PriorityQueue", False, "get_Comparer", "()", "", "Argument[this].SyntheticField[System.Collections.Generic.PriorityQueue`2._comparer]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Generic", "Queue+Enumerator", False, "get_Current", "()", "", "Argument[this].Property[System.Collections.Generic.Queue`1+Enumerator.Current]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Generic", "Queue+Enumerator", False, "get_Current", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Generic", "Queue", False, "Dequeue", "()", "", "Argument[this].SyntheticField[System.Collections.Generic.Queue`1._array].Element", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Generic", "Queue", False, "Enqueue", "(T)", "", "Argument[0]", "Argument[this].SyntheticField[System.Collections.Generic.Queue`1._array].Element", "value", "dfc-generated"] - ["System.Collections.Generic", "Queue", False, "Queue", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "Argument[this].SyntheticField[System.Collections.Generic.Queue`1._array].Element", "value", "dfc-generated"] - - ["System.Collections.Generic", "Queue", False, "TryDequeue", "(T)", "", "Argument[this].SyntheticField[System.Collections.Generic.Queue`1._array].Element", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Generic", "Queue", False, "TryPeek", "(T)", "", "Argument[this].SyntheticField[System.Collections.Generic.Queue`1._array].Element", "ReturnValue", "value", "dfc-generated"] + - ["System.Collections.Generic", "Queue", False, "TryDequeue", "(T)", "", "Argument[this].SyntheticField[System.Collections.Generic.Queue`1._array].Element", "Argument[0]", "value", "dfc-generated"] + - ["System.Collections.Generic", "Queue", False, "TryPeek", "(T)", "", "Argument[this].SyntheticField[System.Collections.Generic.Queue`1._array].Element", "Argument[0]", "value", "dfc-generated"] - ["System.Collections.Generic", "SortedDictionary+Enumerator", False, "get_Current", "()", "", "Argument[this].Property[System.Collections.Generic.SortedDictionary`2+Enumerator.Current].Property[System.Collections.Generic.KeyValuePair`2.Key]", "ReturnValue.Property[System.Collections.Generic.KeyValuePair`2.Key]", "value", "dfc-generated"] - ["System.Collections.Generic", "SortedDictionary+Enumerator", False, "get_Current", "()", "", "Argument[this].Property[System.Collections.Generic.SortedDictionary`2+Enumerator.Current].Property[System.Collections.Generic.KeyValuePair`2.Value]", "ReturnValue.Property[System.Collections.Generic.KeyValuePair`2.Value]", "value", "dfc-generated"] - ["System.Collections.Generic", "SortedDictionary+Enumerator", False, "get_Current", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] @@ -135,7 +139,7 @@ extensions: - ["System.Collections.Generic", "SortedList", False, "GetValueAtIndex", "(System.Int32)", "", "Argument[this].SyntheticField[System.Collections.Generic.SortedList`2.values].Element", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Generic", "SortedList", False, "SetValueAtIndex", "(System.Int32,TValue)", "", "Argument[1]", "Argument[this].SyntheticField[System.Collections.Generic.SortedList`2.values].Element", "value", "dfc-generated"] - ["System.Collections.Generic", "SortedList", False, "SortedList", "(System.Collections.Generic.IComparer)", "", "Argument[0]", "Argument[this].SyntheticField[System.Collections.Generic.SortedList`2.comparer]", "value", "dfc-generated"] - - ["System.Collections.Generic", "SortedList", False, "TryGetValue", "(TKey,TValue)", "", "Argument[this].SyntheticField[System.Collections.Generic.SortedList`2.values].Element", "ReturnValue", "value", "dfc-generated"] + - ["System.Collections.Generic", "SortedList", False, "TryGetValue", "(TKey,TValue)", "", "Argument[this].SyntheticField[System.Collections.Generic.SortedList`2.values].Element", "Argument[1]", "value", "dfc-generated"] - ["System.Collections.Generic", "SortedList", False, "get_Comparer", "()", "", "Argument[this].SyntheticField[System.Collections.Generic.SortedList`2.comparer]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Generic", "SortedSet+Enumerator", False, "get_Current", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Generic", "SortedSet", False, "CopyTo", "(T[])", "", "Argument[this].SyntheticField[System.Collections.Generic.SortedSet`1.root].SyntheticField[System.Collections.Generic.SortedSet`1+Node.Item]", "Argument[0].Element", "value", "dfc-generated"] @@ -145,7 +149,7 @@ extensions: - ["System.Collections.Generic", "SortedSet", False, "SortedSet", "(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["System.Collections.Generic", "SortedSet", False, "SymmetricExceptWith", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "Argument[this].Element", "value", "dfc-generated"] - ["System.Collections.Generic", "SortedSet", False, "SymmetricExceptWith", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "Argument[this].SyntheticField[System.Collections.Generic.SortedSet`1.root].SyntheticField[System.Collections.Generic.SortedSet`1+Node.Item]", "value", "dfc-generated"] - - ["System.Collections.Generic", "SortedSet", False, "TryGetValue", "(T,T)", "", "Argument[this].SyntheticField[System.Collections.Generic.SortedSet`1.root].SyntheticField[System.Collections.Generic.SortedSet`1+Node.Item]", "ReturnValue", "value", "dfc-generated"] + - ["System.Collections.Generic", "SortedSet", False, "TryGetValue", "(T,T)", "", "Argument[this].SyntheticField[System.Collections.Generic.SortedSet`1.root].SyntheticField[System.Collections.Generic.SortedSet`1+Node.Item]", "Argument[1]", "value", "dfc-generated"] - ["System.Collections.Generic", "SortedSet", False, "UnionWith", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "Argument[this].Element", "value", "dfc-generated"] - ["System.Collections.Generic", "SortedSet", False, "UnionWith", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "Argument[this].SyntheticField[System.Collections.Generic.SortedSet`1.root].SyntheticField[System.Collections.Generic.SortedSet`1+Node.Item]", "value", "dfc-generated"] - ["System.Collections.Generic", "SortedSet", False, "UnionWith", "(System.Collections.Generic.IEnumerable)", "", "Argument[this].Element", "Argument[this].SyntheticField[System.Collections.Generic.SortedSet`1.root].SyntheticField[System.Collections.Generic.SortedSet`1+Node.Item]", "value", "dfc-generated"] @@ -162,8 +166,8 @@ extensions: - ["System.Collections.Generic", "Stack", False, "Push", "(T)", "", "Argument[0]", "Argument[this].SyntheticField[System.Collections.Generic.Stack`1._array].Element", "value", "dfc-generated"] - ["System.Collections.Generic", "Stack", False, "Stack", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "Argument[this].SyntheticField[System.Collections.Generic.Stack`1._array].Element", "value", "dfc-generated"] - ["System.Collections.Generic", "Stack", False, "ToArray", "()", "", "Argument[this].SyntheticField[System.Collections.Generic.Stack`1._array].Element", "ReturnValue.Element", "value", "dfc-generated"] - - ["System.Collections.Generic", "Stack", False, "TryPeek", "(T)", "", "Argument[this].SyntheticField[System.Collections.Generic.Stack`1._array].Element", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Generic", "Stack", False, "TryPop", "(T)", "", "Argument[this].SyntheticField[System.Collections.Generic.Stack`1._array].Element", "ReturnValue", "value", "dfc-generated"] + - ["System.Collections.Generic", "Stack", False, "TryPeek", "(T)", "", "Argument[this].SyntheticField[System.Collections.Generic.Stack`1._array].Element", "Argument[0]", "value", "dfc-generated"] + - ["System.Collections.Generic", "Stack", False, "TryPop", "(T)", "", "Argument[this].SyntheticField[System.Collections.Generic.Stack`1._array].Element", "Argument[0]", "value", "dfc-generated"] - addsTo: pack: codeql/csharp-all extensible: neutralModel diff --git a/csharp/ql/lib/ext/generated/System.Collections.Immutable.model.yml b/csharp/ql/lib/ext/generated/System.Collections.Immutable.model.yml index 66a9ffc7958..c2b0ddb02cd 100644 --- a/csharp/ql/lib/ext/generated/System.Collections.Immutable.model.yml +++ b/csharp/ql/lib/ext/generated/System.Collections.Immutable.model.yml @@ -142,8 +142,7 @@ extensions: - ["System.Collections.Immutable", "ImmutableDictionary", False, "ToImmutableDictionary", "(System.Collections.Generic.IEnumerable,System.Func,System.Collections.Generic.IEqualityComparer)", "", "Argument[0].Element", "Argument[1].Parameter[0]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableDictionary", False, "ToImmutableDictionary", "(System.Collections.Generic.IEnumerable,System.Func,System.Collections.Generic.IEqualityComparer)", "", "Argument[1].ReturnValue", "ReturnValue.Element.Property[System.Collections.Generic.KeyValuePair`2.Key]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableDictionary+Builder", False, "GetValueOrDefault", "(TKey,TValue)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableDictionary+Builder", False, "TryGetKey", "(TKey,TKey)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableDictionary+Builder", False, "TryGetValue", "(TKey,TValue)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] + - ["System.Collections.Immutable", "ImmutableDictionary+Builder", False, "TryGetKey", "(TKey,TKey)", "", "Argument[0]", "Argument[1]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableDictionary+Enumerator", False, "get_Current", "()", "", "Argument[this].Property[System.Collections.Immutable.ImmutableDictionary`2+Enumerator.Current]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableDictionary+Enumerator", False, "get_Current", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Immutable", "ImmutableDictionary", False, "Clear", "()", "", "Argument[this]", "ReturnValue", "value", "dfc-generated"] @@ -152,8 +151,7 @@ extensions: - ["System.Collections.Immutable", "ImmutableDictionary", False, "SetItem", "(TKey,TValue)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Immutable", "ImmutableDictionary", False, "SetItems", "(System.Collections.Generic.IEnumerable>)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Immutable", "ImmutableDictionary", False, "ToBuilder", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Collections.Immutable", "ImmutableDictionary", False, "TryGetKey", "(TKey,TKey)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableDictionary", False, "TryGetValue", "(TKey,TValue)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] + - ["System.Collections.Immutable", "ImmutableDictionary", False, "TryGetKey", "(TKey,TKey)", "", "Argument[0]", "Argument[1]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableDictionary", False, "WithComparers", "(System.Collections.Generic.IEqualityComparer)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableDictionary`2._comparers].SyntheticField[System.Collections.Immutable.ImmutableDictionary`2+Comparers._keyComparer]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableDictionary", False, "WithComparers", "(System.Collections.Generic.IEqualityComparer,System.Collections.Generic.IEqualityComparer)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableDictionary`2._comparers].SyntheticField[System.Collections.Immutable.ImmutableDictionary`2+Comparers._keyComparer]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableDictionary", False, "WithComparers", "(System.Collections.Generic.IEqualityComparer,System.Collections.Generic.IEqualityComparer)", "", "Argument[1]", "ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableDictionary`2._comparers].SyntheticField[System.Collections.Immutable.ImmutableDictionary`2+Comparers._valueComparer]", "value", "dfc-generated"] @@ -171,7 +169,7 @@ extensions: - ["System.Collections.Immutable", "ImmutableHashSet", False, "ToImmutableHashSet", "(System.Collections.Generic.IEnumerable)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableHashSet", False, "ToImmutableHashSet", "(System.Collections.Generic.IEnumerable,System.Collections.Generic.IEqualityComparer)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableHashSet+Builder", False, "SymmetricExceptWith", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "Argument[this]", "taint", "df-generated"] - - ["System.Collections.Immutable", "ImmutableHashSet+Builder", False, "TryGetValue", "(T,T)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] + - ["System.Collections.Immutable", "ImmutableHashSet+Builder", False, "TryGetValue", "(T,T)", "", "Argument[0]", "Argument[1]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableHashSet+Enumerator", False, "get_Current", "()", "", "Argument[this].Property[System.Collections.Immutable.ImmutableHashSet`1+Enumerator.Current]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableHashSet+Enumerator", False, "get_Current", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Immutable", "ImmutableHashSet", False, "Except", "(System.Collections.Generic.IEnumerable)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] @@ -179,45 +177,25 @@ extensions: - ["System.Collections.Immutable", "ImmutableHashSet", False, "Remove", "(T)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Immutable", "ImmutableHashSet", False, "SymmetricExcept", "(System.Collections.Generic.IEnumerable)", "", "Argument[this]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableHashSet", False, "ToBuilder", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Collections.Immutable", "ImmutableHashSet", False, "TryGetValue", "(T,T)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] + - ["System.Collections.Immutable", "ImmutableHashSet", False, "TryGetValue", "(T,T)", "", "Argument[0]", "Argument[1]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableHashSet", False, "Union", "(System.Collections.Generic.IEnumerable)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableHashSet", False, "WithComparer", "(System.Collections.Generic.IEqualityComparer)", "", "Argument[this]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableHashSet", False, "get_KeyComparer", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Collections.Immutable", "ImmutableInterlocked", False, "AddOrUpdate", "(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,System.Func)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableInterlocked", False, "AddOrUpdate", "(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,System.Func)", "", "Argument[1]", "Argument[2].Parameter[0]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableInterlocked", False, "AddOrUpdate", "(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,System.Func)", "", "Argument[1]", "Argument[3].Parameter[0]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableInterlocked", False, "AddOrUpdate", "(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,System.Func)", "", "Argument[2].ReturnValue", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableInterlocked", False, "AddOrUpdate", "(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,System.Func)", "", "Argument[3].ReturnValue", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableInterlocked", False, "AddOrUpdate", "(System.Collections.Immutable.ImmutableDictionary,TKey,TValue,System.Func)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableInterlocked", False, "AddOrUpdate", "(System.Collections.Immutable.ImmutableDictionary,TKey,TValue,System.Func)", "", "Argument[1]", "Argument[3].Parameter[0]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableInterlocked", False, "AddOrUpdate", "(System.Collections.Immutable.ImmutableDictionary,TKey,TValue,System.Func)", "", "Argument[2]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableInterlocked", False, "AddOrUpdate", "(System.Collections.Immutable.ImmutableDictionary,TKey,TValue,System.Func)", "", "Argument[3].ReturnValue", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableInterlocked", False, "Enqueue", "(System.Collections.Immutable.ImmutableQueue,T)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableInterlocked", False, "GetOrAdd", "(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,TArg)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableInterlocked", False, "GetOrAdd", "(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,TArg)", "", "Argument[1]", "Argument[2].Parameter[0]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableInterlocked", False, "GetOrAdd", "(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,TArg)", "", "Argument[2].ReturnValue", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableInterlocked", False, "GetOrAdd", "(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,TArg)", "", "Argument[3]", "Argument[2].Parameter[1]", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableInterlocked", False, "GetOrAdd", "(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableInterlocked", False, "GetOrAdd", "(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func)", "", "Argument[1]", "Argument[2].Parameter[0]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableInterlocked", False, "GetOrAdd", "(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func)", "", "Argument[2].ReturnValue", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableInterlocked", False, "GetOrAdd", "(System.Collections.Immutable.ImmutableDictionary,TKey,TValue)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableInterlocked", False, "GetOrAdd", "(System.Collections.Immutable.ImmutableDictionary,TKey,TValue)", "", "Argument[2]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableInterlocked", False, "InterlockedCompareExchange", "(System.Collections.Immutable.ImmutableArray,System.Collections.Immutable.ImmutableArray,System.Collections.Immutable.ImmutableArray)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableInterlocked", False, "InterlockedExchange", "(System.Collections.Immutable.ImmutableArray,System.Collections.Immutable.ImmutableArray)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableInterlocked", False, "InterlockedInitialize", "(System.Collections.Immutable.ImmutableArray,System.Collections.Immutable.ImmutableArray)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableInterlocked", False, "Push", "(System.Collections.Immutable.ImmutableStack,T)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableInterlocked", False, "TryAdd", "(System.Collections.Immutable.ImmutableDictionary,TKey,TValue)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableInterlocked", False, "TryDequeue", "(System.Collections.Immutable.ImmutableQueue,T)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableInterlocked", False, "TryPop", "(System.Collections.Immutable.ImmutableStack,T)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableInterlocked", False, "TryRemove", "(System.Collections.Immutable.ImmutableDictionary,TKey,TValue)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableInterlocked", False, "TryRemove", "(System.Collections.Immutable.ImmutableDictionary,TKey,TValue)", "", "Argument[2]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableInterlocked", False, "TryUpdate", "(System.Collections.Immutable.ImmutableDictionary,TKey,TValue,TValue)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableInterlocked", False, "Update", "(System.Collections.Immutable.ImmutableArray,System.Func,TArg,System.Collections.Immutable.ImmutableArray>,TArg)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableInterlocked", False, "Update", "(System.Collections.Immutable.ImmutableArray,System.Func,TArg,System.Collections.Immutable.ImmutableArray>,TArg)", "", "Argument[2]", "Argument[1].Parameter[1]", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableInterlocked", False, "Update", "(T,System.Func,TArg)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableInterlocked", False, "Update", "(T,System.Func,TArg)", "", "Argument[2]", "Argument[1].Parameter[1]", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableInterlocked", False, "Update", "(System.Collections.Immutable.ImmutableArray,System.Func,System.Collections.Immutable.ImmutableArray>)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableInterlocked", False, "Update", "(T,System.Func)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableList", False, "Create", "(System.ReadOnlySpan)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Immutable", "ImmutableList", False, "Create", "(T)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Immutable", "ImmutableList", False, "Create", "(T[])", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"] @@ -281,9 +259,11 @@ extensions: - ["System.Collections.Immutable", "ImmutableQueue", False, "Create", "(T)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Immutable", "ImmutableQueue", False, "Create", "(T[])", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Immutable", "ImmutableQueue", False, "CreateRange", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"] + - ["System.Collections.Immutable", "ImmutableQueue", False, "Dequeue", "(System.Collections.Immutable.IImmutableQueue,T)", "", "Argument[0].Element", "Argument[1]", "taint", "df-generated"] - ["System.Collections.Immutable", "ImmutableQueue", False, "Dequeue", "(System.Collections.Immutable.IImmutableQueue,T)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Immutable", "ImmutableQueue+Enumerator", False, "get_Current", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Immutable", "ImmutableQueue", False, "Dequeue", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Collections.Immutable", "ImmutableQueue", False, "Dequeue", "(T)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - ["System.Collections.Immutable", "ImmutableQueue", False, "Dequeue", "(T)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Immutable", "ImmutableQueue", False, "Enqueue", "(T)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableQueue`1._forwards].SyntheticField[System.Collections.Immutable.ImmutableStack`1._head]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableQueue", False, "Peek", "()", "", "Argument[this].SyntheticField[System.Collections.Immutable.ImmutableQueue`1._forwards].SyntheticField[System.Collections.Immutable.ImmutableStack`1._head]", "ReturnValue", "value", "dfc-generated"] @@ -318,8 +298,7 @@ extensions: - ["System.Collections.Immutable", "ImmutableSortedDictionary", False, "ToImmutableSortedDictionary", "(System.Collections.Generic.IEnumerable,System.Func,System.Func,System.Collections.Generic.IComparer,System.Collections.Generic.IEqualityComparer)", "", "Argument[1].ReturnValue", "ReturnValue.Element.Property[System.Collections.Generic.KeyValuePair`2.Key]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableSortedDictionary", False, "ToImmutableSortedDictionary", "(System.Collections.Generic.IEnumerable,System.Func,System.Func,System.Collections.Generic.IComparer,System.Collections.Generic.IEqualityComparer)", "", "Argument[2].ReturnValue", "ReturnValue.Element.Property[System.Collections.Generic.KeyValuePair`2.Value]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableSortedDictionary+Builder", False, "GetValueOrDefault", "(TKey,TValue)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableSortedDictionary+Builder", False, "TryGetKey", "(TKey,TKey)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableSortedDictionary+Builder", False, "TryGetValue", "(TKey,TValue)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] + - ["System.Collections.Immutable", "ImmutableSortedDictionary+Builder", False, "TryGetKey", "(TKey,TKey)", "", "Argument[0]", "Argument[1]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableSortedDictionary+Enumerator", False, "get_Current", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Immutable", "ImmutableSortedDictionary", False, "Clear", "()", "", "Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedDictionary`2._keyComparer]", "ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableSortedDictionary`2._keyComparer]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableSortedDictionary", False, "Clear", "()", "", "Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedDictionary`2._valueComparer]", "ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableSortedDictionary`2._valueComparer]", "value", "dfc-generated"] @@ -330,9 +309,8 @@ extensions: - ["System.Collections.Immutable", "ImmutableSortedDictionary", False, "SetItems", "(System.Collections.Generic.IEnumerable>)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Immutable", "ImmutableSortedDictionary", False, "SetItems", "(System.Collections.Generic.IEnumerable>)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Immutable", "ImmutableSortedDictionary", False, "ToBuilder", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Collections.Immutable", "ImmutableSortedDictionary", False, "TryGetKey", "(TKey,TKey)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableSortedDictionary", False, "TryGetKey", "(TKey,TKey)", "", "Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedDictionary`2._root].SyntheticField[System.Collections.Immutable.ImmutableSortedDictionary`2+Node._key]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableSortedDictionary", False, "TryGetValue", "(TKey,TValue)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] + - ["System.Collections.Immutable", "ImmutableSortedDictionary", False, "TryGetKey", "(TKey,TKey)", "", "Argument[0]", "Argument[1]", "value", "dfc-generated"] + - ["System.Collections.Immutable", "ImmutableSortedDictionary", False, "TryGetKey", "(TKey,TKey)", "", "Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedDictionary`2._root].SyntheticField[System.Collections.Immutable.ImmutableSortedDictionary`2+Node._key]", "Argument[1]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableSortedDictionary", False, "WithComparers", "(System.Collections.Generic.IComparer)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableSortedDictionary`2._keyComparer]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableSortedDictionary", False, "WithComparers", "(System.Collections.Generic.IComparer,System.Collections.Generic.IEqualityComparer)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableSortedDictionary`2._keyComparer]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableSortedDictionary", False, "WithComparers", "(System.Collections.Generic.IComparer,System.Collections.Generic.IEqualityComparer)", "", "Argument[1]", "ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableSortedDictionary`2._valueComparer]", "value", "dfc-generated"] @@ -357,8 +335,8 @@ extensions: - ["System.Collections.Immutable", "ImmutableSortedSet", False, "ToImmutableSortedSet", "(System.Collections.Generic.IEnumerable,System.Collections.Generic.IComparer)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Immutable", "ImmutableSortedSet+Builder", False, "IntersectWith", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Builder._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableSortedSet+Builder", False, "SymmetricExceptWith", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Builder._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key]", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableSortedSet+Builder", False, "TryGetValue", "(T,T)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableSortedSet+Builder", False, "TryGetValue", "(T,T)", "", "Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Builder._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key]", "ReturnValue", "value", "dfc-generated"] + - ["System.Collections.Immutable", "ImmutableSortedSet+Builder", False, "TryGetValue", "(T,T)", "", "Argument[0]", "Argument[1]", "value", "dfc-generated"] + - ["System.Collections.Immutable", "ImmutableSortedSet+Builder", False, "TryGetValue", "(T,T)", "", "Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Builder._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key]", "Argument[1]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableSortedSet+Builder", False, "UnionWith", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Builder._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableSortedSet+Builder", False, "get_Max", "()", "", "Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Builder._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableSortedSet+Builder", False, "get_Min", "()", "", "Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Builder._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key]", "ReturnValue", "value", "dfc-generated"] @@ -372,8 +350,8 @@ extensions: - ["System.Collections.Immutable", "ImmutableSortedSet", False, "SymmetricExcept", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "Argument[this].Element", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableSortedSet", False, "SymmetricExcept", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableSortedSet", False, "ToBuilder", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Collections.Immutable", "ImmutableSortedSet", False, "TryGetValue", "(T,T)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableSortedSet", False, "TryGetValue", "(T,T)", "", "Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key]", "ReturnValue", "value", "dfc-generated"] + - ["System.Collections.Immutable", "ImmutableSortedSet", False, "TryGetValue", "(T,T)", "", "Argument[0]", "Argument[1]", "value", "dfc-generated"] + - ["System.Collections.Immutable", "ImmutableSortedSet", False, "TryGetValue", "(T,T)", "", "Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key]", "Argument[1]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableSortedSet", False, "Union", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Immutable", "ImmutableSortedSet", False, "Union", "(System.Collections.Generic.IEnumerable)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Immutable", "ImmutableSortedSet", False, "Union", "(System.Collections.Generic.IEnumerable)", "", "Argument[this]", "ReturnValue", "value", "df-generated"] @@ -385,11 +363,12 @@ extensions: - ["System.Collections.Immutable", "ImmutableStack", False, "Create", "(T)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Immutable", "ImmutableStack", False, "Create", "(T[])", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Immutable", "ImmutableStack", False, "CreateRange", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"] + - ["System.Collections.Immutable", "ImmutableStack", False, "Pop", "(System.Collections.Immutable.IImmutableStack,T)", "", "Argument[0].Element", "Argument[1]", "taint", "df-generated"] - ["System.Collections.Immutable", "ImmutableStack", False, "Pop", "(System.Collections.Immutable.IImmutableStack,T)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Immutable", "ImmutableStack+Enumerator", False, "get_Current", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.Immutable", "ImmutableStack", False, "Peek", "()", "", "Argument[this].SyntheticField[System.Collections.Immutable.ImmutableStack`1._head]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableStack", False, "Pop", "()", "", "Argument[this].SyntheticField[System.Collections.Immutable.ImmutableStack`1._tail]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.Immutable", "ImmutableStack", False, "Pop", "(T)", "", "Argument[this].SyntheticField[System.Collections.Immutable.ImmutableStack`1._head]", "ReturnValue", "value", "dfc-generated"] + - ["System.Collections.Immutable", "ImmutableStack", False, "Pop", "(T)", "", "Argument[this].SyntheticField[System.Collections.Immutable.ImmutableStack`1._head]", "Argument[0]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableStack", False, "Pop", "(T)", "", "Argument[this].SyntheticField[System.Collections.Immutable.ImmutableStack`1._tail]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableStack", False, "Push", "(T)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableStack`1._head]", "value", "dfc-generated"] - ["System.Collections.Immutable", "ImmutableStack", False, "Push", "(T)", "", "Argument[this]", "ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableStack`1._tail]", "value", "dfc-generated"] @@ -525,6 +504,7 @@ extensions: - ["System.Collections.Immutable", "ImmutableDictionary+Builder", "Remove", "(TKey)", "summary", "df-generated"] - ["System.Collections.Immutable", "ImmutableDictionary+Builder", "RemoveRange", "(System.Collections.Generic.IEnumerable)", "summary", "df-generated"] - ["System.Collections.Immutable", "ImmutableDictionary+Builder", "ToImmutable", "()", "summary", "df-generated"] + - ["System.Collections.Immutable", "ImmutableDictionary+Builder", "TryGetValue", "(TKey,TValue)", "summary", "df-generated"] - ["System.Collections.Immutable", "ImmutableDictionary+Builder", "get_Count", "()", "summary", "df-generated"] - ["System.Collections.Immutable", "ImmutableDictionary+Builder", "get_IsFixedSize", "()", "summary", "df-generated"] - ["System.Collections.Immutable", "ImmutableDictionary+Builder", "get_IsReadOnly", "()", "summary", "df-generated"] @@ -539,6 +519,7 @@ extensions: - ["System.Collections.Immutable", "ImmutableDictionary", "Remove", "(System.Collections.Generic.KeyValuePair)", "summary", "df-generated"] - ["System.Collections.Immutable", "ImmutableDictionary", "Remove", "(System.Object)", "summary", "df-generated"] - ["System.Collections.Immutable", "ImmutableDictionary", "Remove", "(TKey)", "summary", "df-generated"] + - ["System.Collections.Immutable", "ImmutableDictionary", "TryGetValue", "(TKey,TValue)", "summary", "df-generated"] - ["System.Collections.Immutable", "ImmutableDictionary", "get_Count", "()", "summary", "df-generated"] - ["System.Collections.Immutable", "ImmutableDictionary", "get_IsEmpty", "()", "summary", "df-generated"] - ["System.Collections.Immutable", "ImmutableDictionary", "get_IsFixedSize", "()", "summary", "df-generated"] @@ -582,6 +563,18 @@ extensions: - ["System.Collections.Immutable", "ImmutableHashSet", "get_IsEmpty", "()", "summary", "df-generated"] - ["System.Collections.Immutable", "ImmutableHashSet", "get_IsReadOnly", "()", "summary", "df-generated"] - ["System.Collections.Immutable", "ImmutableHashSet", "get_IsSynchronized", "()", "summary", "df-generated"] + - ["System.Collections.Immutable", "ImmutableInterlocked", "Enqueue", "(System.Collections.Immutable.ImmutableQueue,T)", "summary", "df-generated"] + - ["System.Collections.Immutable", "ImmutableInterlocked", "InterlockedCompareExchange", "(System.Collections.Immutable.ImmutableArray,System.Collections.Immutable.ImmutableArray,System.Collections.Immutable.ImmutableArray)", "summary", "df-generated"] + - ["System.Collections.Immutable", "ImmutableInterlocked", "InterlockedExchange", "(System.Collections.Immutable.ImmutableArray,System.Collections.Immutable.ImmutableArray)", "summary", "df-generated"] + - ["System.Collections.Immutable", "ImmutableInterlocked", "InterlockedInitialize", "(System.Collections.Immutable.ImmutableArray,System.Collections.Immutable.ImmutableArray)", "summary", "df-generated"] + - ["System.Collections.Immutable", "ImmutableInterlocked", "Push", "(System.Collections.Immutable.ImmutableStack,T)", "summary", "df-generated"] + - ["System.Collections.Immutable", "ImmutableInterlocked", "TryAdd", "(System.Collections.Immutable.ImmutableDictionary,TKey,TValue)", "summary", "df-generated"] + - ["System.Collections.Immutable", "ImmutableInterlocked", "TryDequeue", "(System.Collections.Immutable.ImmutableQueue,T)", "summary", "df-generated"] + - ["System.Collections.Immutable", "ImmutableInterlocked", "TryPop", "(System.Collections.Immutable.ImmutableStack,T)", "summary", "df-generated"] + - ["System.Collections.Immutable", "ImmutableInterlocked", "TryRemove", "(System.Collections.Immutable.ImmutableDictionary,TKey,TValue)", "summary", "df-generated"] + - ["System.Collections.Immutable", "ImmutableInterlocked", "TryUpdate", "(System.Collections.Immutable.ImmutableDictionary,TKey,TValue,TValue)", "summary", "df-generated"] + - ["System.Collections.Immutable", "ImmutableInterlocked", "Update", "(System.Collections.Immutable.ImmutableArray,System.Func,System.Collections.Immutable.ImmutableArray>)", "summary", "df-generated"] + - ["System.Collections.Immutable", "ImmutableInterlocked", "Update", "(T,System.Func)", "summary", "df-generated"] - ["System.Collections.Immutable", "ImmutableList", "Create", "()", "summary", "df-generated"] - ["System.Collections.Immutable", "ImmutableList", "CreateBuilder", "()", "summary", "df-generated"] - ["System.Collections.Immutable", "ImmutableList", "IndexOf", "(System.Collections.Immutable.IImmutableList,T)", "summary", "df-generated"] @@ -679,6 +672,7 @@ extensions: - ["System.Collections.Immutable", "ImmutableSortedDictionary+Builder", "Remove", "(TKey)", "summary", "df-generated"] - ["System.Collections.Immutable", "ImmutableSortedDictionary+Builder", "RemoveRange", "(System.Collections.Generic.IEnumerable)", "summary", "df-generated"] - ["System.Collections.Immutable", "ImmutableSortedDictionary+Builder", "ToImmutable", "()", "summary", "df-generated"] + - ["System.Collections.Immutable", "ImmutableSortedDictionary+Builder", "TryGetValue", "(TKey,TValue)", "summary", "df-generated"] - ["System.Collections.Immutable", "ImmutableSortedDictionary+Builder", "ValueRef", "(TKey)", "summary", "df-generated"] - ["System.Collections.Immutable", "ImmutableSortedDictionary+Builder", "get_Count", "()", "summary", "df-generated"] - ["System.Collections.Immutable", "ImmutableSortedDictionary+Builder", "get_IsFixedSize", "()", "summary", "df-generated"] @@ -694,6 +688,7 @@ extensions: - ["System.Collections.Immutable", "ImmutableSortedDictionary", "Remove", "(System.Collections.Generic.KeyValuePair)", "summary", "df-generated"] - ["System.Collections.Immutable", "ImmutableSortedDictionary", "Remove", "(System.Object)", "summary", "df-generated"] - ["System.Collections.Immutable", "ImmutableSortedDictionary", "Remove", "(TKey)", "summary", "df-generated"] + - ["System.Collections.Immutable", "ImmutableSortedDictionary", "TryGetValue", "(TKey,TValue)", "summary", "df-generated"] - ["System.Collections.Immutable", "ImmutableSortedDictionary", "ValueRef", "(TKey)", "summary", "df-generated"] - ["System.Collections.Immutable", "ImmutableSortedDictionary", "get_Count", "()", "summary", "df-generated"] - ["System.Collections.Immutable", "ImmutableSortedDictionary", "get_IsEmpty", "()", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Collections.ObjectModel.model.yml b/csharp/ql/lib/ext/generated/System.Collections.ObjectModel.model.yml index f201af698cf..3929a6f55eb 100644 --- a/csharp/ql/lib/ext/generated/System.Collections.ObjectModel.model.yml +++ b/csharp/ql/lib/ext/generated/System.Collections.ObjectModel.model.yml @@ -11,8 +11,7 @@ extensions: - ["System.Collections.ObjectModel", "Collection", True, "InsertItem", "(System.Int32,T)", "", "Argument[1]", "Argument[this].SyntheticField[System.Collections.ObjectModel.Collection`1.items].Element", "value", "dfc-generated"] - ["System.Collections.ObjectModel", "Collection", True, "SetItem", "(System.Int32,T)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - ["System.Collections.ObjectModel", "KeyedCollection", False, "KeyedCollection", "(System.Collections.Generic.IEqualityComparer,System.Int32)", "", "Argument[0]", "Argument[this].SyntheticField[System.Collections.ObjectModel.KeyedCollection`2.comparer]", "value", "dfc-generated"] - - ["System.Collections.ObjectModel", "KeyedCollection", False, "TryGetValue", "(TKey,TItem)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.ObjectModel", "KeyedCollection", False, "TryGetValue", "(TKey,TItem)", "", "Argument[this].Property[System.Collections.ObjectModel.Collection`1.Items].Element", "ReturnValue", "value", "dfc-generated"] + - ["System.Collections.ObjectModel", "KeyedCollection", False, "TryGetValue", "(TKey,TItem)", "", "Argument[this].Property[System.Collections.ObjectModel.Collection`1.Items].Element", "Argument[1]", "value", "dfc-generated"] - ["System.Collections.ObjectModel", "KeyedCollection", False, "get_Comparer", "()", "", "Argument[this].SyntheticField[System.Collections.ObjectModel.KeyedCollection`2.comparer]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.ObjectModel", "KeyedCollection", False, "get_Dictionary", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.ObjectModel", "ReadOnlyCollection", False, "CreateCollection", "(System.ReadOnlySpan)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] @@ -20,7 +19,6 @@ extensions: - ["System.Collections.ObjectModel", "ReadOnlyCollection", False, "ReadOnlyCollection", "(System.Collections.Generic.IList)", "", "Argument[0]", "Argument[this].SyntheticField[System.Collections.ObjectModel.ReadOnlyCollection`1.list]", "value", "dfc-generated"] - ["System.Collections.ObjectModel", "ReadOnlyCollection", False, "get_Items", "()", "", "Argument[this].SyntheticField[System.Collections.ObjectModel.ReadOnlyCollection`1.list]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.ObjectModel", "ReadOnlyCollection", False, "get_SyncRoot", "()", "", "Argument[this].SyntheticField[System.Collections.ObjectModel.ReadOnlyCollection`1.list].Property[System.Collections.ICollection.SyncRoot]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections.ObjectModel", "ReadOnlyDictionary", False, "TryGetValue", "(TKey,TValue)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections.ObjectModel", "ReadOnlyDictionary", False, "get_Dictionary", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Collections.ObjectModel", "ReadOnlySet", False, "ReadOnlySet", "(System.Collections.Generic.ISet)", "", "Argument[0]", "Argument[this].SyntheticField[System.Collections.ObjectModel.ReadOnlySet`1._set]", "value", "dfc-generated"] - ["System.Collections.ObjectModel", "ReadOnlySet", False, "get_Set", "()", "", "Argument[this].SyntheticField[System.Collections.ObjectModel.ReadOnlySet`1._set]", "ReturnValue", "value", "dfc-generated"] @@ -95,6 +93,7 @@ extensions: - ["System.Collections.ObjectModel", "ReadOnlyDictionary", "Remove", "(System.Collections.Generic.KeyValuePair)", "summary", "df-generated"] - ["System.Collections.ObjectModel", "ReadOnlyDictionary", "Remove", "(System.Object)", "summary", "df-generated"] - ["System.Collections.ObjectModel", "ReadOnlyDictionary", "Remove", "(TKey)", "summary", "df-generated"] + - ["System.Collections.ObjectModel", "ReadOnlyDictionary", "TryGetValue", "(TKey,TValue)", "summary", "df-generated"] - ["System.Collections.ObjectModel", "ReadOnlyDictionary", "get_Count", "()", "summary", "df-generated"] - ["System.Collections.ObjectModel", "ReadOnlyDictionary", "get_Empty", "()", "summary", "df-generated"] - ["System.Collections.ObjectModel", "ReadOnlyDictionary", "get_IsFixedSize", "()", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Collections.model.yml b/csharp/ql/lib/ext/generated/System.Collections.model.yml index 1d91a7122d1..a8bb9e228d7 100644 --- a/csharp/ql/lib/ext/generated/System.Collections.model.yml +++ b/csharp/ql/lib/ext/generated/System.Collections.model.yml @@ -32,7 +32,8 @@ extensions: - ["System.Collections", "DictionaryBase", False, "get_Dictionary", "()", "", "Argument[this]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections", "DictionaryBase", False, "get_SyncRoot", "()", "", "Argument[this].Property[System.Collections.DictionaryBase.InnerHashtable].Property[System.Collections.Hashtable.SyncRoot]", "ReturnValue", "value", "dfc-generated"] - ["System.Collections", "DictionaryBase", True, "OnGet", "(System.Object,System.Object)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Collections", "DictionaryEntry", False, "Deconstruct", "(System.Object,System.Object)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Collections", "DictionaryEntry", False, "Deconstruct", "(System.Object,System.Object)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] + - ["System.Collections", "DictionaryEntry", False, "Deconstruct", "(System.Object,System.Object)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - ["System.Collections", "DictionaryEntry", False, "DictionaryEntry", "(System.Object,System.Object)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["System.Collections", "DictionaryEntry", False, "DictionaryEntry", "(System.Object,System.Object)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - ["System.Collections", "Hashtable", False, "Hashtable", "(System.Int32,System.Single,System.Collections.IEqualityComparer)", "", "Argument[2]", "Argument[this].SyntheticField[System.Collections.Hashtable._keycomparer]", "value", "dfc-generated"] diff --git a/csharp/ql/lib/ext/generated/System.ComponentModel.Composition.Hosting.model.yml b/csharp/ql/lib/ext/generated/System.ComponentModel.Composition.Hosting.model.yml index 696919b57fc..609d0a062b1 100644 --- a/csharp/ql/lib/ext/generated/System.ComponentModel.Composition.Hosting.model.yml +++ b/csharp/ql/lib/ext/generated/System.ComponentModel.Composition.Hosting.model.yml @@ -27,8 +27,8 @@ extensions: - ["System.ComponentModel.Composition.Hosting", "AssemblyCatalog", False, "get_DisplayName", "()", "", "Argument[this].Property[System.ComponentModel.Composition.Hosting.AssemblyCatalog.Assembly].Property[System.Reflection.Assembly.FullName]", "ReturnValue", "taint", "dfc-generated"] - ["System.ComponentModel.Composition.Hosting", "AssemblyCatalog", False, "get_DisplayName", "()", "", "Argument[this].SyntheticField[System.ComponentModel.Composition.Hosting.AssemblyCatalog._assembly].Property[System.Reflection.Assembly.FullName]", "ReturnValue", "taint", "dfc-generated"] - ["System.ComponentModel.Composition.Hosting", "AtomicComposition", False, "AtomicComposition", "(System.ComponentModel.Composition.Hosting.AtomicComposition)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["System.ComponentModel.Composition.Hosting", "AtomicComposition", False, "TryGetValue", "(System.Object,System.Boolean,T)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.ComponentModel.Composition.Hosting", "AtomicComposition", False, "TryGetValue", "(System.Object,T)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.ComponentModel.Composition.Hosting", "AtomicComposition", False, "TryGetValue", "(System.Object,System.Boolean,T)", "", "Argument[this]", "Argument[2]", "taint", "df-generated"] + - ["System.ComponentModel.Composition.Hosting", "AtomicComposition", False, "TryGetValue", "(System.Object,T)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - ["System.ComponentModel.Composition.Hosting", "CatalogExportProvider", False, "CatalogExportProvider", "(System.ComponentModel.Composition.Primitives.ComposablePartCatalog,System.ComponentModel.Composition.Hosting.CompositionOptions)", "", "Argument[0]", "Argument[this].SyntheticField[System.ComponentModel.Composition.Hosting.CatalogExportProvider._catalog]", "value", "dfc-generated"] - ["System.ComponentModel.Composition.Hosting", "CatalogExportProvider", False, "get_Catalog", "()", "", "Argument[this].SyntheticField[System.ComponentModel.Composition.Hosting.CatalogExportProvider._catalog]", "ReturnValue", "value", "dfc-generated"] - ["System.ComponentModel.Composition.Hosting", "CatalogExtensions", False, "CreateCompositionService", "(System.ComponentModel.Composition.Primitives.ComposablePartCatalog)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"] @@ -88,7 +88,7 @@ extensions: - ["System.ComponentModel.Composition.Hosting", "ExportProvider", False, "GetExports", "(System.ComponentModel.Composition.Primitives.ImportDefinition,System.ComponentModel.Composition.Hosting.AtomicComposition)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - ["System.ComponentModel.Composition.Hosting", "ExportProvider", False, "GetExports", "(System.ComponentModel.Composition.Primitives.ImportDefinition,System.ComponentModel.Composition.Hosting.AtomicComposition)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.ComponentModel.Composition.Hosting", "ExportProvider", False, "TryGetExports", "(System.ComponentModel.Composition.Primitives.ImportDefinition,System.ComponentModel.Composition.Hosting.AtomicComposition,System.Collections.Generic.IEnumerable)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - - ["System.ComponentModel.Composition.Hosting", "ExportProvider", False, "TryGetExports", "(System.ComponentModel.Composition.Primitives.ImportDefinition,System.ComponentModel.Composition.Hosting.AtomicComposition,System.Collections.Generic.IEnumerable)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.ComponentModel.Composition.Hosting", "ExportProvider", False, "TryGetExports", "(System.ComponentModel.Composition.Primitives.ImportDefinition,System.ComponentModel.Composition.Hosting.AtomicComposition,System.Collections.Generic.IEnumerable)", "", "Argument[this]", "Argument[2].Element", "taint", "df-generated"] - ["System.ComponentModel.Composition.Hosting", "ExportProvider", True, "GetExportsCore", "(System.ComponentModel.Composition.Primitives.ImportDefinition,System.ComponentModel.Composition.Hosting.AtomicComposition)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - ["System.ComponentModel.Composition.Hosting", "ExportProvider", True, "GetExportsCore", "(System.ComponentModel.Composition.Primitives.ImportDefinition,System.ComponentModel.Composition.Hosting.AtomicComposition)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.ComponentModel.Composition.Hosting", "ExportsChangeEventArgs", False, "ExportsChangeEventArgs", "(System.Collections.Generic.IEnumerable,System.Collections.Generic.IEnumerable,System.ComponentModel.Composition.Hosting.AtomicComposition)", "", "Argument[0].Element", "Argument[this].SyntheticField[System.ComponentModel.Composition.Hosting.ExportsChangeEventArgs._addedExports].Element", "value", "dfc-generated"] diff --git a/csharp/ql/lib/ext/generated/System.ComponentModel.Composition.ReflectionModel.model.yml b/csharp/ql/lib/ext/generated/System.ComponentModel.Composition.ReflectionModel.model.yml index 28167ef8f89..997e5b8d762 100644 --- a/csharp/ql/lib/ext/generated/System.ComponentModel.Composition.ReflectionModel.model.yml +++ b/csharp/ql/lib/ext/generated/System.ComponentModel.Composition.ReflectionModel.model.yml @@ -28,7 +28,7 @@ extensions: - ["System.ComponentModel.Composition.ReflectionModel", "ReflectionModelServices", False, "GetImportingMember", "(System.ComponentModel.Composition.Primitives.ImportDefinition)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System.ComponentModel.Composition.ReflectionModel", "ReflectionModelServices", False, "GetImportingParameter", "(System.ComponentModel.Composition.Primitives.ImportDefinition)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System.ComponentModel.Composition.ReflectionModel", "ReflectionModelServices", False, "GetPartType", "(System.ComponentModel.Composition.Primitives.ComposablePartDefinition)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["System.ComponentModel.Composition.ReflectionModel", "ReflectionModelServices", False, "TryMakeGenericPartDefinition", "(System.ComponentModel.Composition.Primitives.ComposablePartDefinition,System.Collections.Generic.IEnumerable,System.ComponentModel.Composition.Primitives.ComposablePartDefinition)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["System.ComponentModel.Composition.ReflectionModel", "ReflectionModelServices", False, "TryMakeGenericPartDefinition", "(System.ComponentModel.Composition.Primitives.ComposablePartDefinition,System.Collections.Generic.IEnumerable,System.ComponentModel.Composition.Primitives.ComposablePartDefinition)", "", "Argument[0]", "Argument[2]", "taint", "df-generated"] - addsTo: pack: codeql/csharp-all extensible: neutralModel diff --git a/csharp/ql/lib/ext/generated/System.Composition.Hosting.Core.model.yml b/csharp/ql/lib/ext/generated/System.Composition.Hosting.Core.model.yml index 31743004723..06563c58f57 100644 --- a/csharp/ql/lib/ext/generated/System.Composition.Hosting.Core.model.yml +++ b/csharp/ql/lib/ext/generated/System.Composition.Hosting.Core.model.yml @@ -9,7 +9,7 @@ extensions: - ["System.Composition.Hosting.Core", "CompositionContract", False, "CompositionContract", "(System.Type,System.String,System.Collections.Generic.IDictionary)", "", "Argument[1]", "Argument[this].SyntheticField[System.Composition.Hosting.Core.CompositionContract._contractName]", "value", "dfc-generated"] - ["System.Composition.Hosting.Core", "CompositionContract", False, "CompositionContract", "(System.Type,System.String,System.Collections.Generic.IDictionary)", "", "Argument[2]", "Argument[this].SyntheticField[System.Composition.Hosting.Core.CompositionContract._metadataConstraints]", "value", "dfc-generated"] - ["System.Composition.Hosting.Core", "CompositionContract", False, "ToString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Composition.Hosting.Core", "CompositionContract", False, "TryUnwrapMetadataConstraint", "(System.String,T,System.Composition.Hosting.Core.CompositionContract)", "", "Argument[this].SyntheticField[System.Composition.Hosting.Core.CompositionContract._contractName]", "ReturnValue.SyntheticField[System.Composition.Hosting.Core.CompositionContract._contractName]", "value", "dfc-generated"] + - ["System.Composition.Hosting.Core", "CompositionContract", False, "TryUnwrapMetadataConstraint", "(System.String,T,System.Composition.Hosting.Core.CompositionContract)", "", "Argument[this].SyntheticField[System.Composition.Hosting.Core.CompositionContract._contractName]", "Argument[2].SyntheticField[System.Composition.Hosting.Core.CompositionContract._contractName]", "value", "dfc-generated"] - ["System.Composition.Hosting.Core", "CompositionContract", False, "get_ContractName", "()", "", "Argument[this].SyntheticField[System.Composition.Hosting.Core.CompositionContract._contractName]", "ReturnValue", "value", "dfc-generated"] - ["System.Composition.Hosting.Core", "CompositionContract", False, "get_MetadataConstraints", "()", "", "Argument[this].SyntheticField[System.Composition.Hosting.Core.CompositionContract._metadataConstraints]", "ReturnValue", "value", "dfc-generated"] - ["System.Composition.Hosting.Core", "CompositionDependency", False, "Missing", "(System.Composition.Hosting.Core.CompositionContract,System.Object)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Composition.Hosting.Core.CompositionDependency._contract]", "value", "dfc-generated"] @@ -28,8 +28,8 @@ extensions: - ["System.Composition.Hosting.Core", "DependencyAccessor", False, "ResolveDependencies", "(System.Object,System.Composition.Hosting.Core.CompositionContract,System.Boolean)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"] - ["System.Composition.Hosting.Core", "DependencyAccessor", False, "ResolveRequiredDependency", "(System.Object,System.Composition.Hosting.Core.CompositionContract,System.Boolean)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Composition.Hosting.Core.CompositionDependency._site]", "value", "dfc-generated"] - ["System.Composition.Hosting.Core", "DependencyAccessor", False, "ResolveRequiredDependency", "(System.Object,System.Composition.Hosting.Core.CompositionContract,System.Boolean)", "", "Argument[1]", "ReturnValue.SyntheticField[System.Composition.Hosting.Core.CompositionDependency._contract]", "value", "dfc-generated"] - - ["System.Composition.Hosting.Core", "DependencyAccessor", False, "TryResolveOptionalDependency", "(System.Object,System.Composition.Hosting.Core.CompositionContract,System.Boolean,System.Composition.Hosting.Core.CompositionDependency)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Composition.Hosting.Core.CompositionDependency._site]", "value", "dfc-generated"] - - ["System.Composition.Hosting.Core", "DependencyAccessor", False, "TryResolveOptionalDependency", "(System.Object,System.Composition.Hosting.Core.CompositionContract,System.Boolean,System.Composition.Hosting.Core.CompositionDependency)", "", "Argument[1]", "ReturnValue.SyntheticField[System.Composition.Hosting.Core.CompositionDependency._contract]", "value", "dfc-generated"] + - ["System.Composition.Hosting.Core", "DependencyAccessor", False, "TryResolveOptionalDependency", "(System.Object,System.Composition.Hosting.Core.CompositionContract,System.Boolean,System.Composition.Hosting.Core.CompositionDependency)", "", "Argument[0]", "Argument[3].SyntheticField[System.Composition.Hosting.Core.CompositionDependency._site]", "value", "dfc-generated"] + - ["System.Composition.Hosting.Core", "DependencyAccessor", False, "TryResolveOptionalDependency", "(System.Object,System.Composition.Hosting.Core.CompositionContract,System.Boolean,System.Composition.Hosting.Core.CompositionDependency)", "", "Argument[1]", "Argument[3].SyntheticField[System.Composition.Hosting.Core.CompositionDependency._contract]", "value", "dfc-generated"] - ["System.Composition.Hosting.Core", "DependencyAccessor", True, "GetPromises", "(System.Composition.Hosting.Core.CompositionContract)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System.Composition.Hosting.Core", "ExportDescriptor", False, "Create", "(System.Composition.Hosting.Core.CompositeActivator,System.Collections.Generic.IDictionary)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Composition.Hosting.Core.DirectExportDescriptor._activator]", "value", "dfc-generated"] - ["System.Composition.Hosting.Core", "ExportDescriptor", False, "Create", "(System.Composition.Hosting.Core.CompositeActivator,System.Collections.Generic.IDictionary)", "", "Argument[1]", "ReturnValue.SyntheticField[System.Composition.Hosting.Core.DirectExportDescriptor._metadata]", "value", "dfc-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Composition.model.yml b/csharp/ql/lib/ext/generated/System.Composition.model.yml index 06147b3a3cd..a9f25ed2b81 100644 --- a/csharp/ql/lib/ext/generated/System.Composition.model.yml +++ b/csharp/ql/lib/ext/generated/System.Composition.model.yml @@ -13,11 +13,11 @@ extensions: - ["System.Composition", "CompositionContext", False, "GetExports", "(System.Type,System.String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Composition", "CompositionContext", False, "GetExports", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Composition", "CompositionContext", False, "GetExports", "(System.String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Composition", "CompositionContext", False, "TryGetExport", "(System.Type,System.Object)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Composition", "CompositionContext", False, "TryGetExport", "(System.Type,System.String,System.Object)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Composition", "CompositionContext", False, "TryGetExport", "(System.String,TExport)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Composition", "CompositionContext", False, "TryGetExport", "(TExport)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Composition", "CompositionContext", True, "TryGetExport", "(System.Composition.Hosting.Core.CompositionContract,System.Object)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Composition", "CompositionContext", False, "TryGetExport", "(System.Type,System.Object)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] + - ["System.Composition", "CompositionContext", False, "TryGetExport", "(System.Type,System.String,System.Object)", "", "Argument[this]", "Argument[2]", "taint", "df-generated"] + - ["System.Composition", "CompositionContext", False, "TryGetExport", "(System.String,TExport)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] + - ["System.Composition", "CompositionContext", False, "TryGetExport", "(TExport)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] + - ["System.Composition", "CompositionContext", True, "TryGetExport", "(System.Composition.Hosting.Core.CompositionContract,System.Object)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - ["System.Composition", "Export", False, "Export", "(T,System.Action)", "", "Argument[0]", "Argument[this].Property[System.Composition.Export`1.Value]", "value", "dfc-generated"] - ["System.Composition", "ExportAttribute", False, "ExportAttribute", "(System.String,System.Type)", "", "Argument[0]", "Argument[this].Property[System.Composition.ExportAttribute.ContractName]", "value", "dfc-generated"] - ["System.Composition", "ExportFactory", False, "ExportFactory", "(System.Func>,TMetadata)", "", "Argument[1]", "Argument[this].Property[System.Composition.ExportFactory`2.Metadata]", "value", "dfc-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Configuration.Internal.model.yml b/csharp/ql/lib/ext/generated/System.Configuration.Internal.model.yml index 6804ecaa514..3a1c350c831 100644 --- a/csharp/ql/lib/ext/generated/System.Configuration.Internal.model.yml +++ b/csharp/ql/lib/ext/generated/System.Configuration.Internal.model.yml @@ -15,12 +15,11 @@ extensions: - ["System.Configuration.Internal", "IInternalConfigHost", True, "GetStreamNameForConfigSource", "(System.String,System.String)", "", "Argument[0]", "ReturnValue", "taint", "dfc-generated"] - ["System.Configuration.Internal", "IInternalConfigHost", True, "GetStreamNameForConfigSource", "(System.String,System.String)", "", "Argument[1]", "ReturnValue", "taint", "dfc-generated"] - ["System.Configuration.Internal", "IInternalConfigHost", True, "Init", "(System.Configuration.Internal.IInternalConfigRoot,System.Object[])", "", "Argument[1].Element", "Argument[this]", "taint", "df-generated"] - - ["System.Configuration.Internal", "IInternalConfigHost", True, "InitForConfiguration", "(System.String,System.String,System.String,System.Configuration.Internal.IInternalConfigRoot,System.Object[])", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Configuration.Internal", "IInternalConfigHost", True, "InitForConfiguration", "(System.String,System.String,System.String,System.Configuration.Internal.IInternalConfigRoot,System.Object[])", "", "Argument[4].Element", "ReturnValue", "value", "dfc-generated"] + - ["System.Configuration.Internal", "IInternalConfigHost", True, "InitForConfiguration", "(System.String,System.String,System.String,System.Configuration.Internal.IInternalConfigRoot,System.Object[])", "", "Argument[4].Element", "Argument[1]", "value", "dfc-generated"] - ["System.Configuration.Internal", "IInternalConfigHost", True, "OpenStreamForRead", "(System.String)", "", "Argument[0]", "ReturnValue", "taint", "dfc-generated"] - ["System.Configuration.Internal", "IInternalConfigHost", True, "OpenStreamForRead", "(System.String,System.Boolean)", "", "Argument[0]", "ReturnValue", "taint", "dfc-generated"] - - ["System.Configuration.Internal", "IInternalConfigHost", True, "OpenStreamForWrite", "(System.String,System.String,System.Object)", "", "Argument[2]", "ReturnValue", "value", "dfc-generated"] - - ["System.Configuration.Internal", "IInternalConfigHost", True, "OpenStreamForWrite", "(System.String,System.String,System.Object,System.Boolean)", "", "Argument[2]", "ReturnValue", "value", "dfc-generated"] + - ["System.Configuration.Internal", "IInternalConfigHost", True, "OpenStreamForWrite", "(System.String,System.String,System.Object)", "", "Argument[1]", "Argument[2]", "taint", "df-generated"] + - ["System.Configuration.Internal", "IInternalConfigHost", True, "OpenStreamForWrite", "(System.String,System.String,System.Object,System.Boolean)", "", "Argument[1]", "Argument[2]", "taint", "df-generated"] - ["System.Configuration.Internal", "IInternalConfigRecord", True, "GetLkgSection", "(System.String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Configuration.Internal", "IInternalConfigRecord", True, "GetSection", "(System.String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Configuration.Internal", "IInternalConfigRecord", True, "get_ConfigPath", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Data.Common.model.yml b/csharp/ql/lib/ext/generated/System.Data.Common.model.yml index 3725f8b01f6..7afa26ad8ba 100644 --- a/csharp/ql/lib/ext/generated/System.Data.Common.model.yml +++ b/csharp/ql/lib/ext/generated/System.Data.Common.model.yml @@ -63,7 +63,7 @@ extensions: - ["System.Data.Common", "DbConnectionStringBuilder", False, "ToString", "()", "", "Argument[this].Property[System.Data.Common.DbConnectionStringBuilder.ConnectionString]", "ReturnValue", "value", "dfc-generated"] - ["System.Data.Common", "DbConnectionStringBuilder", False, "ToString", "()", "", "Argument[this].Property[System.Data.Common.DbConnectionStringBuilder.Keys].Element", "ReturnValue", "taint", "dfc-generated"] - ["System.Data.Common", "DbConnectionStringBuilder", True, "GetProperties", "(System.Collections.Hashtable)", "", "Argument[this].Property[System.Data.Common.DbConnectionStringBuilder.Keys].Element", "Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Key]", "value", "dfc-generated"] - - ["System.Data.Common", "DbConnectionStringBuilder", True, "TryGetValue", "(System.String,System.Object)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Data.Common", "DbConnectionStringBuilder", True, "TryGetValue", "(System.String,System.Object)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - ["System.Data.Common", "DbDataAdapter", False, "FillSchema", "(System.Data.DataSet,System.Data.SchemaType,System.String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System.Data.Common", "DbDataAdapter", False, "FillSchema", "(System.Data.DataSet,System.Data.SchemaType,System.String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Data.Common", "DbDataAdapter", False, "FillSchema", "(System.Data.DataTable,System.Data.SchemaType)", "", "Argument[0]", "ReturnValue.Element", "value", "dfc-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Diagnostics.Tracing.model.yml b/csharp/ql/lib/ext/generated/System.Diagnostics.Tracing.model.yml index c46a5557d93..163a1ecfaad 100644 --- a/csharp/ql/lib/ext/generated/System.Diagnostics.Tracing.model.yml +++ b/csharp/ql/lib/ext/generated/System.Diagnostics.Tracing.model.yml @@ -16,12 +16,6 @@ extensions: - ["System.Diagnostics.Tracing", "EventSource", False, "GetTrait", "(System.String)", "", "Argument[this].SyntheticField[System.Diagnostics.Tracing.EventSource.m_traits].Element", "ReturnValue", "value", "dfc-generated"] - ["System.Diagnostics.Tracing", "EventSource", False, "SendCommand", "(System.Diagnostics.Tracing.EventSource,System.Diagnostics.Tracing.EventCommand,System.Collections.Generic.IDictionary)", "", "Argument[2]", "Argument[0].SyntheticField[System.Diagnostics.Tracing.EventSource.m_deferredCommands].Property[System.Diagnostics.Tracing.EventCommandEventArgs.Arguments]", "value", "dfc-generated"] - ["System.Diagnostics.Tracing", "EventSource", False, "ToString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Diagnostics.Tracing", "EventSource", False, "Write", "(System.String,System.Diagnostics.Tracing.EventSourceOptions,System.Guid,System.Guid,T)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Diagnostics.Tracing", "EventSource", False, "Write", "(System.String,System.Diagnostics.Tracing.EventSourceOptions,System.Guid,System.Guid,T)", "", "Argument[2]", "ReturnValue", "value", "dfc-generated"] - - ["System.Diagnostics.Tracing", "EventSource", False, "Write", "(System.String,System.Diagnostics.Tracing.EventSourceOptions,System.Guid,System.Guid,T)", "", "Argument[3]", "ReturnValue", "value", "dfc-generated"] - - ["System.Diagnostics.Tracing", "EventSource", False, "Write", "(System.String,System.Diagnostics.Tracing.EventSourceOptions,System.Guid,System.Guid,T)", "", "Argument[4]", "ReturnValue", "value", "dfc-generated"] - - ["System.Diagnostics.Tracing", "EventSource", False, "Write", "(System.String,System.Diagnostics.Tracing.EventSourceOptions,T)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Diagnostics.Tracing", "EventSource", False, "Write", "(System.String,System.Diagnostics.Tracing.EventSourceOptions,T)", "", "Argument[2]", "ReturnValue", "value", "dfc-generated"] - ["System.Diagnostics.Tracing", "EventSource", False, "add_EventCommandExecuted", "(System.EventHandler)", "", "Argument[this].SyntheticField[System.Diagnostics.Tracing.EventSource.m_deferredCommands]", "Argument[0].Parameter[1]", "value", "dfc-generated"] - ["System.Diagnostics.Tracing", "EventSource", False, "add_EventCommandExecuted", "(System.EventHandler)", "", "Argument[this]", "Argument[0].Parameter[0]", "value", "dfc-generated"] - ["System.Diagnostics.Tracing", "EventSource", False, "get_ConstructionException", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] @@ -72,6 +66,7 @@ extensions: - ["System.Diagnostics.Tracing", "EventSource", "SetCurrentThreadActivityId", "(System.Guid,System.Guid)", "summary", "df-generated"] - ["System.Diagnostics.Tracing", "EventSource", "Write", "(System.String)", "summary", "df-generated"] - ["System.Diagnostics.Tracing", "EventSource", "Write", "(System.String,System.Diagnostics.Tracing.EventSourceOptions)", "summary", "df-generated"] + - ["System.Diagnostics.Tracing", "EventSource", "Write", "(System.String,System.Diagnostics.Tracing.EventSourceOptions,System.Guid,System.Guid,T)", "summary", "df-generated"] - ["System.Diagnostics.Tracing", "EventSource", "Write", "(System.String,System.Diagnostics.Tracing.EventSourceOptions,T)", "summary", "df-generated"] - ["System.Diagnostics.Tracing", "EventSource", "Write", "(System.String,T)", "summary", "df-generated"] - ["System.Diagnostics.Tracing", "EventSource", "WriteEvent", "(System.Int32)", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Diagnostics.model.yml b/csharp/ql/lib/ext/generated/System.Diagnostics.model.yml index 4247cfb9bd1..5b8633ea45d 100644 --- a/csharp/ql/lib/ext/generated/System.Diagnostics.model.yml +++ b/csharp/ql/lib/ext/generated/System.Diagnostics.model.yml @@ -63,18 +63,11 @@ extensions: - ["System.Diagnostics", "ActivitySpanId", False, "ToHexString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Diagnostics", "ActivitySpanId", False, "ToString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Diagnostics", "ActivityTagsCollection+Enumerator", False, "get_Current", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Diagnostics", "ActivityTagsCollection", False, "TryGetValue", "(System.String,System.Object)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Diagnostics", "ActivityTagsCollection", False, "TryGetValue", "(System.String,System.Object)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - ["System.Diagnostics", "ActivityTraceId", False, "ToHexString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Diagnostics", "ActivityTraceId", False, "ToString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Diagnostics", "CorrelationManager", False, "get_LogicalOperationStack", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Diagnostics", "DataReceivedEventArgs", False, "get_Data", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Diagnostics", "Debug", False, "Assert", "(System.Boolean,System.Diagnostics.Debug+AssertInterpolatedStringHandler)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Diagnostics", "Debug", False, "Assert", "(System.Boolean,System.Diagnostics.Debug+AssertInterpolatedStringHandler,System.Diagnostics.Debug+AssertInterpolatedStringHandler)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Diagnostics", "Debug", False, "Assert", "(System.Boolean,System.Diagnostics.Debug+AssertInterpolatedStringHandler,System.Diagnostics.Debug+AssertInterpolatedStringHandler)", "", "Argument[2]", "ReturnValue", "value", "dfc-generated"] - - ["System.Diagnostics", "Debug", False, "WriteIf", "(System.Boolean,System.Diagnostics.Debug+WriteIfInterpolatedStringHandler)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Diagnostics", "Debug", False, "WriteIf", "(System.Boolean,System.Diagnostics.Debug+WriteIfInterpolatedStringHandler,System.String)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Diagnostics", "Debug", False, "WriteLineIf", "(System.Boolean,System.Diagnostics.Debug+WriteIfInterpolatedStringHandler)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Diagnostics", "Debug", False, "WriteLineIf", "(System.Boolean,System.Diagnostics.Debug+WriteIfInterpolatedStringHandler,System.String)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - ["System.Diagnostics", "DiagnosticListener", False, "DiagnosticListener", "(System.String)", "", "Argument[0]", "Argument[this].Property[System.Diagnostics.DiagnosticListener.Name]", "value", "dfc-generated"] - ["System.Diagnostics", "DiagnosticListener", False, "ToString", "()", "", "Argument[this].Property[System.Diagnostics.DiagnosticListener.Name]", "ReturnValue", "value", "dfc-generated"] - ["System.Diagnostics", "DiagnosticListener", True, "Subscribe", "(System.IObserver>)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] @@ -325,6 +318,8 @@ extensions: - ["System.Diagnostics", "Debug+WriteIfInterpolatedStringHandler", "AppendLiteral", "(System.String)", "summary", "df-generated"] - ["System.Diagnostics", "Debug+WriteIfInterpolatedStringHandler", "WriteIfInterpolatedStringHandler", "(System.Int32,System.Int32,System.Boolean,System.Boolean)", "summary", "df-generated"] - ["System.Diagnostics", "Debug", "Assert", "(System.Boolean)", "summary", "df-generated"] + - ["System.Diagnostics", "Debug", "Assert", "(System.Boolean,System.Diagnostics.Debug+AssertInterpolatedStringHandler)", "summary", "df-generated"] + - ["System.Diagnostics", "Debug", "Assert", "(System.Boolean,System.Diagnostics.Debug+AssertInterpolatedStringHandler,System.Diagnostics.Debug+AssertInterpolatedStringHandler)", "summary", "df-generated"] - ["System.Diagnostics", "Debug", "Assert", "(System.Boolean,System.String)", "summary", "df-generated"] - ["System.Diagnostics", "Debug", "Assert", "(System.Boolean,System.String,System.String)", "summary", "df-generated"] - ["System.Diagnostics", "Debug", "Assert", "(System.Boolean,System.String,System.String,System.Object[])", "summary", "df-generated"] @@ -341,6 +336,8 @@ extensions: - ["System.Diagnostics", "Debug", "Write", "(System.Object,System.String)", "summary", "df-generated"] - ["System.Diagnostics", "Debug", "Write", "(System.String)", "summary", "df-generated"] - ["System.Diagnostics", "Debug", "Write", "(System.String,System.String)", "summary", "df-generated"] + - ["System.Diagnostics", "Debug", "WriteIf", "(System.Boolean,System.Diagnostics.Debug+WriteIfInterpolatedStringHandler)", "summary", "df-generated"] + - ["System.Diagnostics", "Debug", "WriteIf", "(System.Boolean,System.Diagnostics.Debug+WriteIfInterpolatedStringHandler,System.String)", "summary", "df-generated"] - ["System.Diagnostics", "Debug", "WriteIf", "(System.Boolean,System.Object)", "summary", "df-generated"] - ["System.Diagnostics", "Debug", "WriteIf", "(System.Boolean,System.Object,System.String)", "summary", "df-generated"] - ["System.Diagnostics", "Debug", "WriteIf", "(System.Boolean,System.String)", "summary", "df-generated"] @@ -350,6 +347,8 @@ extensions: - ["System.Diagnostics", "Debug", "WriteLine", "(System.String)", "summary", "df-generated"] - ["System.Diagnostics", "Debug", "WriteLine", "(System.String,System.Object[])", "summary", "df-generated"] - ["System.Diagnostics", "Debug", "WriteLine", "(System.String,System.String)", "summary", "df-generated"] + - ["System.Diagnostics", "Debug", "WriteLineIf", "(System.Boolean,System.Diagnostics.Debug+WriteIfInterpolatedStringHandler)", "summary", "df-generated"] + - ["System.Diagnostics", "Debug", "WriteLineIf", "(System.Boolean,System.Diagnostics.Debug+WriteIfInterpolatedStringHandler,System.String)", "summary", "df-generated"] - ["System.Diagnostics", "Debug", "WriteLineIf", "(System.Boolean,System.Object)", "summary", "df-generated"] - ["System.Diagnostics", "Debug", "WriteLineIf", "(System.Boolean,System.Object,System.String)", "summary", "df-generated"] - ["System.Diagnostics", "Debug", "WriteLineIf", "(System.Boolean,System.String)", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Dynamic.model.yml b/csharp/ql/lib/ext/generated/System.Dynamic.model.yml index f9445abc171..a501617834f 100644 --- a/csharp/ql/lib/ext/generated/System.Dynamic.model.yml +++ b/csharp/ql/lib/ext/generated/System.Dynamic.model.yml @@ -24,7 +24,7 @@ extensions: - ["System.Dynamic", "DynamicMetaObject", False, "get_Value", "()", "", "Argument[this].SyntheticField[System.Dynamic.DynamicMetaObject._value]", "ReturnValue", "value", "dfc-generated"] - ["System.Dynamic", "DynamicMetaObjectBinder", False, "Bind", "(System.Object[],System.Collections.ObjectModel.ReadOnlyCollection,System.Linq.Expressions.LabelTarget)", "", "Argument[2]", "ReturnValue.Property[System.Linq.Expressions.ConditionalExpression.IfTrue].Property[System.Linq.Expressions.GotoExpression.Target]", "value", "dfc-generated"] - ["System.Dynamic", "DynamicMetaObjectBinder", False, "Bind", "(System.Object[],System.Collections.ObjectModel.ReadOnlyCollection,System.Linq.Expressions.LabelTarget)", "", "Argument[2]", "ReturnValue.Property[System.Linq.Expressions.GotoExpression.Target]", "value", "dfc-generated"] - - ["System.Dynamic", "ExpandoObject", False, "TryGetValue", "(System.String,System.Object)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Dynamic", "ExpandoObject", False, "TryGetValue", "(System.String,System.Object)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - ["System.Dynamic", "GetIndexBinder", False, "GetIndexBinder", "(System.Dynamic.CallInfo)", "", "Argument[0]", "Argument[this].Property[System.Dynamic.GetIndexBinder.CallInfo]", "value", "dfc-generated"] - ["System.Dynamic", "GetIndexBinder", True, "FallbackGetIndex", "(System.Dynamic.DynamicMetaObject,System.Dynamic.DynamicMetaObject[],System.Dynamic.DynamicMetaObject)", "", "Argument[2]", "ReturnValue", "value", "dfc-generated"] - ["System.Dynamic", "GetMemberBinder", False, "GetMemberBinder", "(System.String,System.Boolean)", "", "Argument[0]", "Argument[this].Property[System.Dynamic.GetMemberBinder.Name]", "value", "dfc-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Formats.Asn1.model.yml b/csharp/ql/lib/ext/generated/System.Formats.Asn1.model.yml index 668e91308c0..1765a570280 100644 --- a/csharp/ql/lib/ext/generated/System.Formats.Asn1.model.yml +++ b/csharp/ql/lib/ext/generated/System.Formats.Asn1.model.yml @@ -11,9 +11,9 @@ extensions: - ["System.Formats.Asn1", "AsnDecoder", False, "TryReadBitString", "(System.ReadOnlySpan,System.Span,System.Formats.Asn1.AsnEncodingRules,System.Int32,System.Int32,System.Int32,System.Nullable)", "", "Argument[0].Element", "Argument[1].Element", "value", "dfc-generated"] - ["System.Formats.Asn1", "AsnDecoder", False, "TryReadCharacterStringBytes", "(System.ReadOnlySpan,System.Span,System.Formats.Asn1.AsnEncodingRules,System.Formats.Asn1.Asn1Tag,System.Int32,System.Int32)", "", "Argument[0].Element", "Argument[1].Element", "value", "dfc-generated"] - ["System.Formats.Asn1", "AsnDecoder", False, "TryReadOctetString", "(System.ReadOnlySpan,System.Span,System.Formats.Asn1.AsnEncodingRules,System.Int32,System.Int32,System.Nullable)", "", "Argument[0].Element", "Argument[1].Element", "value", "dfc-generated"] - - ["System.Formats.Asn1", "AsnDecoder", False, "TryReadPrimitiveBitString", "(System.ReadOnlySpan,System.Formats.Asn1.AsnEncodingRules,System.Int32,System.ReadOnlySpan,System.Int32,System.Nullable)", "", "Argument[0].Element", "ReturnValue.Element", "value", "dfc-generated"] - - ["System.Formats.Asn1", "AsnDecoder", False, "TryReadPrimitiveCharacterStringBytes", "(System.ReadOnlySpan,System.Formats.Asn1.AsnEncodingRules,System.Formats.Asn1.Asn1Tag,System.ReadOnlySpan,System.Int32)", "", "Argument[0].Element", "ReturnValue.Element", "value", "dfc-generated"] - - ["System.Formats.Asn1", "AsnDecoder", False, "TryReadPrimitiveOctetString", "(System.ReadOnlySpan,System.Formats.Asn1.AsnEncodingRules,System.ReadOnlySpan,System.Int32,System.Nullable)", "", "Argument[0].Element", "ReturnValue.Element", "value", "dfc-generated"] + - ["System.Formats.Asn1", "AsnDecoder", False, "TryReadPrimitiveBitString", "(System.ReadOnlySpan,System.Formats.Asn1.AsnEncodingRules,System.Int32,System.ReadOnlySpan,System.Int32,System.Nullable)", "", "Argument[0].Element", "Argument[3].Element", "value", "dfc-generated"] + - ["System.Formats.Asn1", "AsnDecoder", False, "TryReadPrimitiveCharacterStringBytes", "(System.ReadOnlySpan,System.Formats.Asn1.AsnEncodingRules,System.Formats.Asn1.Asn1Tag,System.ReadOnlySpan,System.Int32)", "", "Argument[0].Element", "Argument[3].Element", "value", "dfc-generated"] + - ["System.Formats.Asn1", "AsnDecoder", False, "TryReadPrimitiveOctetString", "(System.ReadOnlySpan,System.Formats.Asn1.AsnEncodingRules,System.ReadOnlySpan,System.Int32,System.Nullable)", "", "Argument[0].Element", "Argument[2].Element", "value", "dfc-generated"] - ["System.Formats.Asn1", "AsnReader", False, "AsnReader", "(System.ReadOnlyMemory,System.Formats.Asn1.AsnEncodingRules,System.Formats.Asn1.AsnReaderOptions)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["System.Formats.Asn1", "AsnReader", False, "AsnReader", "(System.ReadOnlyMemory,System.Formats.Asn1.AsnEncodingRules,System.Formats.Asn1.AsnReaderOptions)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] - ["System.Formats.Asn1", "AsnReader", False, "ReadBitString", "(System.Int32,System.Nullable)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.IO.Enumeration.model.yml b/csharp/ql/lib/ext/generated/System.IO.Enumeration.model.yml index d61db4da190..75c8fa28563 100644 --- a/csharp/ql/lib/ext/generated/System.IO.Enumeration.model.yml +++ b/csharp/ql/lib/ext/generated/System.IO.Enumeration.model.yml @@ -9,8 +9,6 @@ extensions: - ["System.IO.Enumeration", "FileSystemEntry", False, "get_FileName", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.IO.Enumeration", "FileSystemEnumerator", False, "get_Current", "()", "", "Argument[this].Property[System.IO.Enumeration.FileSystemEnumerator`1.Current]", "ReturnValue", "value", "dfc-generated"] - ["System.IO.Enumeration", "FileSystemEnumerator", False, "get_Current", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.IO.Enumeration", "FileSystemEnumerator", True, "ShouldIncludeEntry", "(System.IO.Enumeration.FileSystemEntry)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.IO.Enumeration", "FileSystemEnumerator", True, "ShouldRecurseIntoEntry", "(System.IO.Enumeration.FileSystemEntry)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.IO.Enumeration", "FileSystemName", False, "TranslateWin32Expression", "(System.String)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - addsTo: pack: codeql/csharp-all @@ -32,6 +30,8 @@ extensions: - ["System.IO.Enumeration", "FileSystemEnumerator", "MoveNext", "()", "summary", "df-generated"] - ["System.IO.Enumeration", "FileSystemEnumerator", "OnDirectoryFinished", "(System.ReadOnlySpan)", "summary", "df-generated"] - ["System.IO.Enumeration", "FileSystemEnumerator", "Reset", "()", "summary", "df-generated"] + - ["System.IO.Enumeration", "FileSystemEnumerator", "ShouldIncludeEntry", "(System.IO.Enumeration.FileSystemEntry)", "summary", "df-generated"] + - ["System.IO.Enumeration", "FileSystemEnumerator", "ShouldRecurseIntoEntry", "(System.IO.Enumeration.FileSystemEntry)", "summary", "df-generated"] - ["System.IO.Enumeration", "FileSystemEnumerator", "TransformEntry", "(System.IO.Enumeration.FileSystemEntry)", "summary", "df-generated"] - ["System.IO.Enumeration", "FileSystemName", "MatchesSimpleExpression", "(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean)", "summary", "df-generated"] - ["System.IO.Enumeration", "FileSystemName", "MatchesWin32Expression", "(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean)", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.IO.model.yml b/csharp/ql/lib/ext/generated/System.IO.model.yml index bebdbcfee06..b8ead94c65f 100644 --- a/csharp/ql/lib/ext/generated/System.IO.model.yml +++ b/csharp/ql/lib/ext/generated/System.IO.model.yml @@ -139,7 +139,7 @@ extensions: - ["System.IO", "FileSystemWatcher", False, "OnDeleted", "(System.IO.FileSystemEventArgs)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["System.IO", "FileSystemWatcher", False, "get_Filters", "()", "", "Argument[this].SyntheticField[System.IO.FileSystemWatcher._filters]", "ReturnValue", "value", "dfc-generated"] - ["System.IO", "MemoryStream", True, "GetBuffer", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.IO", "MemoryStream", True, "TryGetBuffer", "(System.ArraySegment)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.IO", "MemoryStream", True, "TryGetBuffer", "(System.ArraySegment)", "", "Argument[this]", "Argument[0].Element", "taint", "df-generated"] - ["System.IO", "MemoryStream", True, "WriteAsync", "(System.ReadOnlyMemory,System.Threading.CancellationToken)", "", "Argument[0].Property[System.ReadOnlyMemory`1.Span].Element", "Argument[this]", "taint", "dfc-generated"] - ["System.IO", "MemoryStream", True, "WriteTo", "(System.IO.Stream)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - ["System.IO", "Path", False, "ChangeExtension", "(System.String,System.String)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] @@ -272,7 +272,6 @@ extensions: - ["System.IO", "UnmanagedMemoryAccessor", False, "Initialize", "(System.Runtime.InteropServices.SafeBuffer,System.Int64,System.Int64,System.IO.FileAccess)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["System.IO", "UnmanagedMemoryAccessor", False, "UnmanagedMemoryAccessor", "(System.Runtime.InteropServices.SafeBuffer,System.Int64,System.Int64)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["System.IO", "UnmanagedMemoryAccessor", False, "UnmanagedMemoryAccessor", "(System.Runtime.InteropServices.SafeBuffer,System.Int64,System.Int64,System.IO.FileAccess)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["System.IO", "UnmanagedMemoryAccessor", False, "Write", "(System.Int64,T)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - ["System.IO", "UnmanagedMemoryStream", False, "Initialize", "(System.Byte*,System.Int64,System.Int64,System.IO.FileAccess)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["System.IO", "UnmanagedMemoryStream", False, "Initialize", "(System.Runtime.InteropServices.SafeBuffer,System.Int64,System.Int64,System.IO.FileAccess)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["System.IO", "UnmanagedMemoryStream", False, "UnmanagedMemoryStream", "(System.Byte*,System.Int64)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] @@ -751,6 +750,7 @@ extensions: - ["System.IO", "UnmanagedMemoryAccessor", "Write", "(System.Int64,System.UInt16)", "summary", "df-generated"] - ["System.IO", "UnmanagedMemoryAccessor", "Write", "(System.Int64,System.UInt32)", "summary", "df-generated"] - ["System.IO", "UnmanagedMemoryAccessor", "Write", "(System.Int64,System.UInt64)", "summary", "df-generated"] + - ["System.IO", "UnmanagedMemoryAccessor", "Write", "(System.Int64,T)", "summary", "df-generated"] - ["System.IO", "UnmanagedMemoryAccessor", "WriteArray", "(System.Int64,T[],System.Int32,System.Int32)", "summary", "df-generated"] - ["System.IO", "UnmanagedMemoryAccessor", "get_CanRead", "()", "summary", "df-generated"] - ["System.IO", "UnmanagedMemoryAccessor", "get_CanWrite", "()", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Net.Http.Headers.model.yml b/csharp/ql/lib/ext/generated/System.Net.Http.Headers.model.yml index 1e286f91b9b..b8f860c2f51 100644 --- a/csharp/ql/lib/ext/generated/System.Net.Http.Headers.model.yml +++ b/csharp/ql/lib/ext/generated/System.Net.Http.Headers.model.yml @@ -27,8 +27,8 @@ extensions: - ["System.Net.Http.Headers", "HttpHeaders", False, "get_NonValidated", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Net.Http.Headers", "HttpHeadersNonValidated+Enumerator", False, "get_Current", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Net.Http.Headers", "HttpHeadersNonValidated", False, "GetEnumerator", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Net.Http.Headers", "HttpHeadersNonValidated", False, "TryGetValue", "(System.String,System.Net.Http.Headers.HeaderStringValues)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["System.Net.Http.Headers", "HttpHeadersNonValidated", False, "TryGetValues", "(System.String,System.Net.Http.Headers.HeaderStringValues)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["System.Net.Http.Headers", "HttpHeadersNonValidated", False, "TryGetValue", "(System.String,System.Net.Http.Headers.HeaderStringValues)", "", "Argument[0]", "Argument[1].Element", "taint", "df-generated"] + - ["System.Net.Http.Headers", "HttpHeadersNonValidated", False, "TryGetValues", "(System.String,System.Net.Http.Headers.HeaderStringValues)", "", "Argument[0]", "Argument[1].Element", "taint", "df-generated"] - ["System.Net.Http.Headers", "HttpHeadersNonValidated", False, "get_Item", "(System.String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System.Net.Http.Headers", "HttpHeadersNonValidated", False, "get_Keys", "()", "", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key]", "ReturnValue.Element", "value", "dfc-generated"] - ["System.Net.Http.Headers", "HttpHeadersNonValidated", False, "get_Values", "()", "", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value]", "ReturnValue.Element", "value", "dfc-generated"] @@ -49,8 +49,8 @@ extensions: - ["System.Net.Http.Headers", "MediaTypeHeaderValue", False, "MediaTypeHeaderValue", "(System.Net.Http.Headers.MediaTypeHeaderValue)", "", "Argument[0].SyntheticField[System.Net.Http.Headers.MediaTypeHeaderValue._mediaType]", "Argument[this].SyntheticField[System.Net.Http.Headers.MediaTypeHeaderValue._mediaType]", "value", "dfc-generated"] - ["System.Net.Http.Headers", "MediaTypeHeaderValue", False, "MediaTypeHeaderValue", "(System.String,System.String)", "", "Argument[0]", "Argument[this].SyntheticField[System.Net.Http.Headers.MediaTypeHeaderValue._mediaType]", "value", "dfc-generated"] - ["System.Net.Http.Headers", "MediaTypeHeaderValue", False, "ToString", "()", "", "Argument[this].SyntheticField[System.Net.Http.Headers.MediaTypeHeaderValue._mediaType]", "ReturnValue", "value", "dfc-generated"] - - ["System.Net.Http.Headers", "MediaTypeHeaderValue", False, "TryParse", "(System.String,System.Net.Http.Headers.MediaTypeHeaderValue)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Net.Http.Headers.MediaTypeHeaderValue._mediaType]", "taint", "dfc-generated"] - - ["System.Net.Http.Headers", "MediaTypeWithQualityHeaderValue", False, "TryParse", "(System.String,System.Net.Http.Headers.MediaTypeWithQualityHeaderValue)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["System.Net.Http.Headers", "MediaTypeHeaderValue", False, "TryParse", "(System.String,System.Net.Http.Headers.MediaTypeHeaderValue)", "", "Argument[0]", "Argument[1].SyntheticField[System.Net.Http.Headers.MediaTypeHeaderValue._mediaType]", "taint", "dfc-generated"] + - ["System.Net.Http.Headers", "MediaTypeWithQualityHeaderValue", False, "TryParse", "(System.String,System.Net.Http.Headers.MediaTypeWithQualityHeaderValue)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] - ["System.Net.Http.Headers", "NameValueHeaderValue", False, "NameValueHeaderValue", "(System.Net.Http.Headers.NameValueHeaderValue)", "", "Argument[0].SyntheticField[System.Net.Http.Headers.NameValueHeaderValue._name]", "Argument[this].SyntheticField[System.Net.Http.Headers.NameValueHeaderValue._name]", "value", "dfc-generated"] - ["System.Net.Http.Headers", "NameValueHeaderValue", False, "NameValueHeaderValue", "(System.Net.Http.Headers.NameValueHeaderValue)", "", "Argument[0].SyntheticField[System.Net.Http.Headers.NameValueHeaderValue._value]", "Argument[this].SyntheticField[System.Net.Http.Headers.NameValueHeaderValue._value]", "value", "dfc-generated"] - ["System.Net.Http.Headers", "NameValueHeaderValue", False, "NameValueHeaderValue", "(System.String,System.String)", "", "Argument[0]", "Argument[this].SyntheticField[System.Net.Http.Headers.NameValueHeaderValue._name]", "value", "dfc-generated"] @@ -94,9 +94,9 @@ extensions: - ["System.Net.Http.Headers", "TransferCodingHeaderValue", False, "ToString", "()", "", "Argument[this].SyntheticField[System.Net.Http.Headers.TransferCodingHeaderValue._value]", "ReturnValue", "taint", "dfc-generated"] - ["System.Net.Http.Headers", "TransferCodingHeaderValue", False, "TransferCodingHeaderValue", "(System.Net.Http.Headers.TransferCodingHeaderValue)", "", "Argument[0].SyntheticField[System.Net.Http.Headers.TransferCodingHeaderValue._value]", "Argument[this].SyntheticField[System.Net.Http.Headers.TransferCodingHeaderValue._value]", "value", "dfc-generated"] - ["System.Net.Http.Headers", "TransferCodingHeaderValue", False, "TransferCodingHeaderValue", "(System.String)", "", "Argument[0]", "Argument[this].SyntheticField[System.Net.Http.Headers.TransferCodingHeaderValue._value]", "value", "dfc-generated"] - - ["System.Net.Http.Headers", "TransferCodingHeaderValue", False, "TryParse", "(System.String,System.Net.Http.Headers.TransferCodingHeaderValue)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Net.Http.Headers.TransferCodingHeaderValue._value]", "taint", "dfc-generated"] + - ["System.Net.Http.Headers", "TransferCodingHeaderValue", False, "TryParse", "(System.String,System.Net.Http.Headers.TransferCodingHeaderValue)", "", "Argument[0]", "Argument[1].SyntheticField[System.Net.Http.Headers.TransferCodingHeaderValue._value]", "taint", "dfc-generated"] - ["System.Net.Http.Headers", "TransferCodingHeaderValue", False, "get_Value", "()", "", "Argument[this].SyntheticField[System.Net.Http.Headers.TransferCodingHeaderValue._value]", "ReturnValue", "value", "dfc-generated"] - - ["System.Net.Http.Headers", "TransferCodingWithQualityHeaderValue", False, "TryParse", "(System.String,System.Net.Http.Headers.TransferCodingWithQualityHeaderValue)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["System.Net.Http.Headers", "TransferCodingWithQualityHeaderValue", False, "TryParse", "(System.String,System.Net.Http.Headers.TransferCodingWithQualityHeaderValue)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] - ["System.Net.Http.Headers", "ViaHeaderValue", False, "ViaHeaderValue", "(System.String,System.String,System.String,System.String)", "", "Argument[0]", "Argument[this].SyntheticField[System.Net.Http.Headers.ViaHeaderValue._protocolVersion]", "value", "dfc-generated"] - ["System.Net.Http.Headers", "ViaHeaderValue", False, "ViaHeaderValue", "(System.String,System.String,System.String,System.String)", "", "Argument[1]", "Argument[this].SyntheticField[System.Net.Http.Headers.ViaHeaderValue._receivedBy]", "value", "dfc-generated"] - ["System.Net.Http.Headers", "ViaHeaderValue", False, "ViaHeaderValue", "(System.String,System.String,System.String,System.String)", "", "Argument[2]", "Argument[this].SyntheticField[System.Net.Http.Headers.ViaHeaderValue._protocolName]", "value", "dfc-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Net.Mail.model.yml b/csharp/ql/lib/ext/generated/System.Net.Mail.model.yml index a3399405d7f..6266d2252d9 100644 --- a/csharp/ql/lib/ext/generated/System.Net.Mail.model.yml +++ b/csharp/ql/lib/ext/generated/System.Net.Mail.model.yml @@ -38,17 +38,17 @@ extensions: - ["System.Net.Mail", "MailAddress", False, "MailAddress", "(System.String,System.String,System.Text.Encoding)", "", "Argument[0]", "Argument[this].SyntheticField[System.Net.Mail.MailAddress._userName]", "taint", "dfc-generated"] - ["System.Net.Mail", "MailAddress", False, "MailAddress", "(System.String,System.String,System.Text.Encoding)", "", "Argument[1]", "Argument[this].SyntheticField[System.Net.Mail.MailAddress._displayName]", "value", "dfc-generated"] - ["System.Net.Mail", "MailAddress", False, "ToString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Net.Mail", "MailAddress", False, "TryCreate", "(System.String,System.Net.Mail.MailAddress)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Net.Mail.MailAddress._displayName]", "taint", "dfc-generated"] - - ["System.Net.Mail", "MailAddress", False, "TryCreate", "(System.String,System.Net.Mail.MailAddress)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Net.Mail.MailAddress._host]", "taint", "dfc-generated"] - - ["System.Net.Mail", "MailAddress", False, "TryCreate", "(System.String,System.Net.Mail.MailAddress)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Net.Mail.MailAddress._userName]", "taint", "dfc-generated"] - - ["System.Net.Mail", "MailAddress", False, "TryCreate", "(System.String,System.String,System.Net.Mail.MailAddress)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Net.Mail.MailAddress._displayName]", "taint", "dfc-generated"] - - ["System.Net.Mail", "MailAddress", False, "TryCreate", "(System.String,System.String,System.Net.Mail.MailAddress)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Net.Mail.MailAddress._host]", "taint", "dfc-generated"] - - ["System.Net.Mail", "MailAddress", False, "TryCreate", "(System.String,System.String,System.Net.Mail.MailAddress)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Net.Mail.MailAddress._userName]", "taint", "dfc-generated"] - - ["System.Net.Mail", "MailAddress", False, "TryCreate", "(System.String,System.String,System.Net.Mail.MailAddress)", "", "Argument[1]", "ReturnValue.SyntheticField[System.Net.Mail.MailAddress._displayName]", "value", "dfc-generated"] - - ["System.Net.Mail", "MailAddress", False, "TryCreate", "(System.String,System.String,System.Text.Encoding,System.Net.Mail.MailAddress)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Net.Mail.MailAddress._displayName]", "taint", "dfc-generated"] - - ["System.Net.Mail", "MailAddress", False, "TryCreate", "(System.String,System.String,System.Text.Encoding,System.Net.Mail.MailAddress)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Net.Mail.MailAddress._host]", "taint", "dfc-generated"] - - ["System.Net.Mail", "MailAddress", False, "TryCreate", "(System.String,System.String,System.Text.Encoding,System.Net.Mail.MailAddress)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Net.Mail.MailAddress._userName]", "taint", "dfc-generated"] - - ["System.Net.Mail", "MailAddress", False, "TryCreate", "(System.String,System.String,System.Text.Encoding,System.Net.Mail.MailAddress)", "", "Argument[1]", "ReturnValue.SyntheticField[System.Net.Mail.MailAddress._displayName]", "value", "dfc-generated"] + - ["System.Net.Mail", "MailAddress", False, "TryCreate", "(System.String,System.Net.Mail.MailAddress)", "", "Argument[0]", "Argument[1].SyntheticField[System.Net.Mail.MailAddress._displayName]", "taint", "dfc-generated"] + - ["System.Net.Mail", "MailAddress", False, "TryCreate", "(System.String,System.Net.Mail.MailAddress)", "", "Argument[0]", "Argument[1].SyntheticField[System.Net.Mail.MailAddress._host]", "taint", "dfc-generated"] + - ["System.Net.Mail", "MailAddress", False, "TryCreate", "(System.String,System.Net.Mail.MailAddress)", "", "Argument[0]", "Argument[1].SyntheticField[System.Net.Mail.MailAddress._userName]", "taint", "dfc-generated"] + - ["System.Net.Mail", "MailAddress", False, "TryCreate", "(System.String,System.String,System.Net.Mail.MailAddress)", "", "Argument[0]", "Argument[2].SyntheticField[System.Net.Mail.MailAddress._displayName]", "taint", "dfc-generated"] + - ["System.Net.Mail", "MailAddress", False, "TryCreate", "(System.String,System.String,System.Net.Mail.MailAddress)", "", "Argument[0]", "Argument[2].SyntheticField[System.Net.Mail.MailAddress._host]", "taint", "dfc-generated"] + - ["System.Net.Mail", "MailAddress", False, "TryCreate", "(System.String,System.String,System.Net.Mail.MailAddress)", "", "Argument[0]", "Argument[2].SyntheticField[System.Net.Mail.MailAddress._userName]", "taint", "dfc-generated"] + - ["System.Net.Mail", "MailAddress", False, "TryCreate", "(System.String,System.String,System.Net.Mail.MailAddress)", "", "Argument[1]", "Argument[2].SyntheticField[System.Net.Mail.MailAddress._displayName]", "value", "dfc-generated"] + - ["System.Net.Mail", "MailAddress", False, "TryCreate", "(System.String,System.String,System.Text.Encoding,System.Net.Mail.MailAddress)", "", "Argument[0]", "Argument[3].SyntheticField[System.Net.Mail.MailAddress._displayName]", "taint", "dfc-generated"] + - ["System.Net.Mail", "MailAddress", False, "TryCreate", "(System.String,System.String,System.Text.Encoding,System.Net.Mail.MailAddress)", "", "Argument[0]", "Argument[3].SyntheticField[System.Net.Mail.MailAddress._host]", "taint", "dfc-generated"] + - ["System.Net.Mail", "MailAddress", False, "TryCreate", "(System.String,System.String,System.Text.Encoding,System.Net.Mail.MailAddress)", "", "Argument[0]", "Argument[3].SyntheticField[System.Net.Mail.MailAddress._userName]", "taint", "dfc-generated"] + - ["System.Net.Mail", "MailAddress", False, "TryCreate", "(System.String,System.String,System.Text.Encoding,System.Net.Mail.MailAddress)", "", "Argument[1]", "Argument[3].SyntheticField[System.Net.Mail.MailAddress._displayName]", "value", "dfc-generated"] - ["System.Net.Mail", "MailAddress", False, "get_Address", "()", "", "Argument[this].SyntheticField[System.Net.Mail.MailAddress._host]", "ReturnValue", "taint", "dfc-generated"] - ["System.Net.Mail", "MailAddress", False, "get_Address", "()", "", "Argument[this].SyntheticField[System.Net.Mail.MailAddress._userName]", "ReturnValue", "taint", "dfc-generated"] - ["System.Net.Mail", "MailAddress", False, "get_DisplayName", "()", "", "Argument[this].SyntheticField[System.Net.Mail.MailAddress._displayName]", "ReturnValue", "value", "dfc-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Net.Sockets.model.yml b/csharp/ql/lib/ext/generated/System.Net.Sockets.model.yml index 0ea691ff704..11224be9f57 100644 --- a/csharp/ql/lib/ext/generated/System.Net.Sockets.model.yml +++ b/csharp/ql/lib/ext/generated/System.Net.Sockets.model.yml @@ -19,8 +19,6 @@ extensions: - ["System.Net.Sockets", "SendPacketsElement", False, "SendPacketsElement", "(System.String,System.Int64,System.Int32,System.Boolean)", "", "Argument[0]", "Argument[this].Property[System.Net.Sockets.SendPacketsElement.FilePath]", "value", "dfc-generated"] - ["System.Net.Sockets", "Socket", False, "Accept", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Net.Sockets", "Socket", False, "AcceptAsync", "(System.Net.Sockets.SocketAsyncEventArgs)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - - ["System.Net.Sockets", "Socket", False, "BeginReceiveFrom", "(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.AsyncCallback,System.Object)", "", "Argument[4]", "ReturnValue", "value", "dfc-generated"] - - ["System.Net.Sockets", "Socket", False, "BeginReceiveMessageFrom", "(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.AsyncCallback,System.Object)", "", "Argument[4]", "ReturnValue", "value", "dfc-generated"] - ["System.Net.Sockets", "Socket", False, "Bind", "(System.Net.EndPoint)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["System.Net.Sockets", "Socket", False, "Connect", "(System.Net.EndPoint)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["System.Net.Sockets", "Socket", False, "ConnectAsync", "(System.Net.EndPoint)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] @@ -28,18 +26,16 @@ extensions: - ["System.Net.Sockets", "Socket", False, "ConnectAsync", "(System.Net.Sockets.SocketAsyncEventArgs)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["System.Net.Sockets", "Socket", False, "ConnectAsync", "(System.Net.Sockets.SocketAsyncEventArgs)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - ["System.Net.Sockets", "Socket", False, "DisconnectAsync", "(System.Net.Sockets.SocketAsyncEventArgs)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - - ["System.Net.Sockets", "Socket", False, "EndReceiveFrom", "(System.IAsyncResult,System.Net.EndPoint)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Net.Sockets", "Socket", False, "EndReceiveMessageFrom", "(System.IAsyncResult,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.Net.Sockets.IPPacketInformation)", "", "Argument[2]", "ReturnValue", "value", "dfc-generated"] - ["System.Net.Sockets", "Socket", False, "ReceiveAsync", "(System.Net.Sockets.SocketAsyncEventArgs)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - - ["System.Net.Sockets", "Socket", False, "ReceiveFrom", "(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint)", "", "Argument[4]", "ReturnValue", "value", "dfc-generated"] - - ["System.Net.Sockets", "Socket", False, "ReceiveFrom", "(System.Byte[],System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint)", "", "Argument[3]", "ReturnValue", "value", "dfc-generated"] - - ["System.Net.Sockets", "Socket", False, "ReceiveFrom", "(System.Byte[],System.Net.EndPoint)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Net.Sockets", "Socket", False, "ReceiveFrom", "(System.Byte[],System.Net.Sockets.SocketFlags,System.Net.EndPoint)", "", "Argument[2]", "ReturnValue", "value", "dfc-generated"] - - ["System.Net.Sockets", "Socket", False, "ReceiveFrom", "(System.Span,System.Net.EndPoint)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Net.Sockets", "Socket", False, "ReceiveFrom", "(System.Span,System.Net.Sockets.SocketFlags,System.Net.EndPoint)", "", "Argument[2]", "ReturnValue", "value", "dfc-generated"] + - ["System.Net.Sockets", "Socket", False, "ReceiveFrom", "(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint)", "", "Argument[4]", "Argument[this]", "taint", "df-generated"] + - ["System.Net.Sockets", "Socket", False, "ReceiveFrom", "(System.Byte[],System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint)", "", "Argument[3]", "Argument[this]", "taint", "df-generated"] + - ["System.Net.Sockets", "Socket", False, "ReceiveFrom", "(System.Byte[],System.Net.EndPoint)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["System.Net.Sockets", "Socket", False, "ReceiveFrom", "(System.Byte[],System.Net.Sockets.SocketFlags,System.Net.EndPoint)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] + - ["System.Net.Sockets", "Socket", False, "ReceiveFrom", "(System.Span,System.Net.EndPoint)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["System.Net.Sockets", "Socket", False, "ReceiveFrom", "(System.Span,System.Net.Sockets.SocketFlags,System.Net.EndPoint)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] - ["System.Net.Sockets", "Socket", False, "ReceiveFromAsync", "(System.Net.Sockets.SocketAsyncEventArgs)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - - ["System.Net.Sockets", "Socket", False, "ReceiveMessageFrom", "(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.Net.Sockets.IPPacketInformation)", "", "Argument[4]", "ReturnValue", "value", "dfc-generated"] - - ["System.Net.Sockets", "Socket", False, "ReceiveMessageFrom", "(System.Span,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.Net.Sockets.IPPacketInformation)", "", "Argument[2]", "ReturnValue", "value", "dfc-generated"] + - ["System.Net.Sockets", "Socket", False, "ReceiveMessageFrom", "(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.Net.Sockets.IPPacketInformation)", "", "Argument[4]", "Argument[this]", "taint", "df-generated"] + - ["System.Net.Sockets", "Socket", False, "ReceiveMessageFrom", "(System.Span,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.Net.Sockets.IPPacketInformation)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] - ["System.Net.Sockets", "Socket", False, "ReceiveMessageFromAsync", "(System.Net.Sockets.SocketAsyncEventArgs)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - ["System.Net.Sockets", "Socket", False, "SendAsync", "(System.Net.Sockets.SocketAsyncEventArgs)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - ["System.Net.Sockets", "Socket", False, "SendPacketsAsync", "(System.Net.Sockets.SocketAsyncEventArgs)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] @@ -148,6 +144,8 @@ extensions: - ["System.Net.Sockets", "Socket", "BeginReceive", "(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.Sockets.SocketError,System.AsyncCallback,System.Object)", "summary", "df-generated"] - ["System.Net.Sockets", "Socket", "BeginReceive", "(System.Collections.Generic.IList>,System.Net.Sockets.SocketFlags,System.AsyncCallback,System.Object)", "summary", "df-generated"] - ["System.Net.Sockets", "Socket", "BeginReceive", "(System.Collections.Generic.IList>,System.Net.Sockets.SocketFlags,System.Net.Sockets.SocketError,System.AsyncCallback,System.Object)", "summary", "df-generated"] + - ["System.Net.Sockets", "Socket", "BeginReceiveFrom", "(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.AsyncCallback,System.Object)", "summary", "df-generated"] + - ["System.Net.Sockets", "Socket", "BeginReceiveMessageFrom", "(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.AsyncCallback,System.Object)", "summary", "df-generated"] - ["System.Net.Sockets", "Socket", "BeginSend", "(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.AsyncCallback,System.Object)", "summary", "df-generated"] - ["System.Net.Sockets", "Socket", "BeginSend", "(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.Sockets.SocketError,System.AsyncCallback,System.Object)", "summary", "df-generated"] - ["System.Net.Sockets", "Socket", "BeginSend", "(System.Collections.Generic.IList>,System.Net.Sockets.SocketFlags,System.AsyncCallback,System.Object)", "summary", "df-generated"] @@ -180,6 +178,8 @@ extensions: - ["System.Net.Sockets", "Socket", "EndDisconnect", "(System.IAsyncResult)", "summary", "df-generated"] - ["System.Net.Sockets", "Socket", "EndReceive", "(System.IAsyncResult)", "summary", "df-generated"] - ["System.Net.Sockets", "Socket", "EndReceive", "(System.IAsyncResult,System.Net.Sockets.SocketError)", "summary", "df-generated"] + - ["System.Net.Sockets", "Socket", "EndReceiveFrom", "(System.IAsyncResult,System.Net.EndPoint)", "summary", "df-generated"] + - ["System.Net.Sockets", "Socket", "EndReceiveMessageFrom", "(System.IAsyncResult,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.Net.Sockets.IPPacketInformation)", "summary", "df-generated"] - ["System.Net.Sockets", "Socket", "EndSend", "(System.IAsyncResult)", "summary", "df-generated"] - ["System.Net.Sockets", "Socket", "EndSend", "(System.IAsyncResult,System.Net.Sockets.SocketError)", "summary", "df-generated"] - ["System.Net.Sockets", "Socket", "EndSendFile", "(System.IAsyncResult)", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Numerics.model.yml b/csharp/ql/lib/ext/generated/System.Numerics.model.yml index 3d61627c65b..4e18690150d 100644 --- a/csharp/ql/lib/ext/generated/System.Numerics.model.yml +++ b/csharp/ql/lib/ext/generated/System.Numerics.model.yml @@ -13,7 +13,7 @@ extensions: - ["System.Numerics", "BigInteger", False, "CreateSaturating", "(TOther)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Numerics", "BigInteger", False, "CreateTruncating", "(TOther)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Numerics", "BigInteger", False, "DivRem", "(System.Numerics.BigInteger,System.Numerics.BigInteger)", "", "Argument[0]", "ReturnValue.Field[System.ValueTuple`2.Item2]", "value", "dfc-generated"] - - ["System.Numerics", "BigInteger", False, "DivRem", "(System.Numerics.BigInteger,System.Numerics.BigInteger,System.Numerics.BigInteger)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] + - ["System.Numerics", "BigInteger", False, "DivRem", "(System.Numerics.BigInteger,System.Numerics.BigInteger,System.Numerics.BigInteger)", "", "Argument[0]", "Argument[2]", "value", "dfc-generated"] - ["System.Numerics", "BigInteger", False, "Max", "(System.Numerics.BigInteger,System.Numerics.BigInteger)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Numerics", "BigInteger", False, "Max", "(System.Numerics.BigInteger,System.Numerics.BigInteger)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - ["System.Numerics", "BigInteger", False, "MaxMagnitude", "(System.Numerics.BigInteger,System.Numerics.BigInteger)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] @@ -90,7 +90,6 @@ extensions: - ["System.Numerics", "Vector", False, "Round", "(System.Numerics.Vector,System.MidpointRounding)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Numerics", "Vector", False, "Round", "(System.Numerics.Vector)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Numerics", "Vector", False, "Round", "(System.Numerics.Vector,System.MidpointRounding)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Numerics", "Vector", False, "StoreUnsafe", "(System.Numerics.Vector,T)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - ["System.Numerics", "Vector", False, "Truncate", "(System.Numerics.Vector)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Numerics", "Vector", False, "Truncate", "(System.Numerics.Vector)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Numerics", "Vector", False, "WithElement", "(System.Numerics.Vector,System.Int32,T)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] @@ -1401,6 +1400,7 @@ extensions: - ["System.Numerics", "Vector", "StoreUnsafe", "(System.Numerics.Vector3,System.Single,System.UIntPtr)", "summary", "df-generated"] - ["System.Numerics", "Vector", "StoreUnsafe", "(System.Numerics.Vector4,System.Single)", "summary", "df-generated"] - ["System.Numerics", "Vector", "StoreUnsafe", "(System.Numerics.Vector4,System.Single,System.UIntPtr)", "summary", "df-generated"] + - ["System.Numerics", "Vector", "StoreUnsafe", "(System.Numerics.Vector,T)", "summary", "df-generated"] - ["System.Numerics", "Vector", "StoreUnsafe", "(System.Numerics.Vector,T,System.UIntPtr)", "summary", "df-generated"] - ["System.Numerics", "Vector", "Subtract", "(System.Numerics.Vector,System.Numerics.Vector)", "summary", "df-generated"] - ["System.Numerics", "Vector", "Sum", "(System.Numerics.Vector)", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Reflection.Emit.model.yml b/csharp/ql/lib/ext/generated/System.Reflection.Emit.model.yml index 4f2071ef77c..de1bc797976 100644 --- a/csharp/ql/lib/ext/generated/System.Reflection.Emit.model.yml +++ b/csharp/ql/lib/ext/generated/System.Reflection.Emit.model.yml @@ -107,6 +107,7 @@ extensions: - ["System.Reflection.Emit", "ParameterBuilder", True, "get_Name", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Reflection.Emit", "PersistedAssemblyBuilder", False, "DefineDynamicModuleCore", "(System.String)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Reflection.Emit.ModuleBuilderImpl._name]", "value", "dfc-generated"] - ["System.Reflection.Emit", "PersistedAssemblyBuilder", False, "GenerateMetadata", "(System.Reflection.Metadata.BlobBuilder,System.Reflection.Metadata.BlobBuilder)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Reflection.Emit", "PersistedAssemblyBuilder", False, "GenerateMetadata", "(System.Reflection.Metadata.BlobBuilder,System.Reflection.Metadata.BlobBuilder,System.Reflection.Metadata.Ecma335.MetadataBuilder)", "", "Argument[this]", "Argument[2]", "taint", "df-generated"] - ["System.Reflection.Emit", "PersistedAssemblyBuilder", False, "GenerateMetadata", "(System.Reflection.Metadata.BlobBuilder,System.Reflection.Metadata.BlobBuilder,System.Reflection.Metadata.Ecma335.MetadataBuilder)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Reflection.Emit", "PersistedAssemblyBuilder", False, "PersistedAssemblyBuilder", "(System.Reflection.AssemblyName,System.Reflection.Assembly,System.Collections.Generic.IEnumerable)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - ["System.Reflection.Emit", "PropertyBuilder", False, "AddOtherMethodCore", "(System.Reflection.Emit.MethodBuilder)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Reflection.Metadata.Ecma335.model.yml b/csharp/ql/lib/ext/generated/System.Reflection.Metadata.Ecma335.model.yml index 4e738fbc341..4b3fa44e1fe 100644 --- a/csharp/ql/lib/ext/generated/System.Reflection.Metadata.Ecma335.model.yml +++ b/csharp/ql/lib/ext/generated/System.Reflection.Metadata.Ecma335.model.yml @@ -56,16 +56,13 @@ extensions: - ["System.Reflection.Metadata.Ecma335", "PortablePdbBuilder", False, "Serialize", "(System.Reflection.Metadata.BlobBuilder)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Reflection.Metadata.Ecma335", "ReturnTypeEncoder", False, "ReturnTypeEncoder", "(System.Reflection.Metadata.BlobBuilder)", "", "Argument[0]", "Argument[this].Property[System.Reflection.Metadata.Ecma335.ReturnTypeEncoder.Builder]", "value", "dfc-generated"] - ["System.Reflection.Metadata.Ecma335", "ScalarEncoder", False, "ScalarEncoder", "(System.Reflection.Metadata.BlobBuilder)", "", "Argument[0]", "Argument[this].Property[System.Reflection.Metadata.Ecma335.ScalarEncoder.Builder]", "value", "dfc-generated"] - - ["System.Reflection.Metadata.Ecma335", "SignatureDecoder", False, "DecodeFieldSignature", "(System.Reflection.Metadata.BlobReader)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Reflection.Metadata.Ecma335", "SignatureDecoder", False, "DecodeLocalSignature", "(System.Reflection.Metadata.BlobReader)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Reflection.Metadata.Ecma335", "SignatureDecoder", False, "DecodeMethodSignature", "(System.Reflection.Metadata.BlobReader)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Reflection.Metadata.Ecma335", "SignatureDecoder", False, "DecodeMethodSpecificationSignature", "(System.Reflection.Metadata.BlobReader)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Reflection.Metadata.Ecma335", "SignatureDecoder", False, "DecodeType", "(System.Reflection.Metadata.BlobReader,System.Boolean)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] + - ["System.Reflection.Metadata.Ecma335", "SignatureDecoder", False, "DecodeFieldSignature", "(System.Reflection.Metadata.BlobReader)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Reflection.Metadata.Ecma335", "SignatureDecoder", False, "DecodeType", "(System.Reflection.Metadata.BlobReader,System.Boolean)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Reflection.Metadata.Ecma335", "SignatureDecoder", False, "SignatureDecoder", "(System.Reflection.Metadata.ISignatureTypeProvider,System.Reflection.Metadata.MetadataReader,TGenericContext)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["System.Reflection.Metadata.Ecma335", "SignatureDecoder", False, "SignatureDecoder", "(System.Reflection.Metadata.ISignatureTypeProvider,System.Reflection.Metadata.MetadataReader,TGenericContext)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - ["System.Reflection.Metadata.Ecma335", "SignatureDecoder", False, "SignatureDecoder", "(System.Reflection.Metadata.ISignatureTypeProvider,System.Reflection.Metadata.MetadataReader,TGenericContext)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] - ["System.Reflection.Metadata.Ecma335", "SignatureTypeEncoder", False, "Array", "(System.Action,System.Action)", "", "Argument[this]", "Argument[0].Parameter[0]", "value", "dfc-generated"] - - ["System.Reflection.Metadata.Ecma335", "SignatureTypeEncoder", False, "Array", "(System.Reflection.Metadata.Ecma335.SignatureTypeEncoder,System.Reflection.Metadata.Ecma335.ArrayShapeEncoder)", "", "Argument[this]", "ReturnValue", "value", "dfc-generated"] + - ["System.Reflection.Metadata.Ecma335", "SignatureTypeEncoder", False, "Array", "(System.Reflection.Metadata.Ecma335.SignatureTypeEncoder,System.Reflection.Metadata.Ecma335.ArrayShapeEncoder)", "", "Argument[this]", "Argument[0]", "value", "dfc-generated"] - ["System.Reflection.Metadata.Ecma335", "SignatureTypeEncoder", False, "Pointer", "()", "", "Argument[this]", "ReturnValue", "value", "dfc-generated"] - ["System.Reflection.Metadata.Ecma335", "SignatureTypeEncoder", False, "SZArray", "()", "", "Argument[this]", "ReturnValue", "value", "dfc-generated"] - ["System.Reflection.Metadata.Ecma335", "SignatureTypeEncoder", False, "SignatureTypeEncoder", "(System.Reflection.Metadata.BlobBuilder)", "", "Argument[0]", "Argument[this].Property[System.Reflection.Metadata.Ecma335.SignatureTypeEncoder.Builder]", "value", "dfc-generated"] @@ -369,6 +366,9 @@ extensions: - ["System.Reflection.Metadata.Ecma335", "ScalarEncoder", "NullArray", "()", "summary", "df-generated"] - ["System.Reflection.Metadata.Ecma335", "ScalarEncoder", "SystemType", "(System.String)", "summary", "df-generated"] - ["System.Reflection.Metadata.Ecma335", "ScalarEncoder", "get_Builder", "()", "summary", "df-generated"] + - ["System.Reflection.Metadata.Ecma335", "SignatureDecoder", "DecodeLocalSignature", "(System.Reflection.Metadata.BlobReader)", "summary", "df-generated"] + - ["System.Reflection.Metadata.Ecma335", "SignatureDecoder", "DecodeMethodSignature", "(System.Reflection.Metadata.BlobReader)", "summary", "df-generated"] + - ["System.Reflection.Metadata.Ecma335", "SignatureDecoder", "DecodeMethodSpecificationSignature", "(System.Reflection.Metadata.BlobReader)", "summary", "df-generated"] - ["System.Reflection.Metadata.Ecma335", "SignatureTypeEncoder", "Boolean", "()", "summary", "df-generated"] - ["System.Reflection.Metadata.Ecma335", "SignatureTypeEncoder", "Byte", "()", "summary", "df-generated"] - ["System.Reflection.Metadata.Ecma335", "SignatureTypeEncoder", "Char", "()", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Reflection.Metadata.model.yml b/csharp/ql/lib/ext/generated/System.Reflection.Metadata.model.yml index 1b5c45664a8..c32cb72fd5b 100644 --- a/csharp/ql/lib/ext/generated/System.Reflection.Metadata.model.yml +++ b/csharp/ql/lib/ext/generated/System.Reflection.Metadata.model.yml @@ -25,7 +25,6 @@ extensions: - ["System.Reflection.Metadata", "BlobBuilder", False, "LinkSuffix", "(System.Reflection.Metadata.BlobBuilder)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - ["System.Reflection.Metadata", "BlobBuilder", False, "ReserveBytes", "(System.Int32)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Reflection.Metadata", "BlobBuilder", False, "TryWriteBytes", "(System.IO.Stream,System.Int32)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["System.Reflection.Metadata", "BlobBuilder", False, "WriteContentTo", "(System.Reflection.Metadata.BlobWriter)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Reflection.Metadata", "BlobContentId", False, "BlobContentId", "(System.Guid,System.UInt32)", "", "Argument[0]", "Argument[this].SyntheticField[System.Reflection.Metadata.BlobContentId._guid]", "value", "dfc-generated"] - ["System.Reflection.Metadata", "BlobContentId", False, "get_Guid", "()", "", "Argument[this].SyntheticField[System.Reflection.Metadata.BlobContentId._guid]", "ReturnValue", "value", "dfc-generated"] - ["System.Reflection.Metadata", "BlobReader", False, "ReadConstant", "(System.Reflection.Metadata.ConstantTypeCode)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] @@ -316,6 +315,7 @@ extensions: - ["System.Reflection.Metadata", "BlobBuilder", "WriteConstant", "(System.Object)", "summary", "df-generated"] - ["System.Reflection.Metadata", "BlobBuilder", "WriteContentTo", "(System.IO.Stream)", "summary", "df-generated"] - ["System.Reflection.Metadata", "BlobBuilder", "WriteContentTo", "(System.Reflection.Metadata.BlobBuilder)", "summary", "df-generated"] + - ["System.Reflection.Metadata", "BlobBuilder", "WriteContentTo", "(System.Reflection.Metadata.BlobWriter)", "summary", "df-generated"] - ["System.Reflection.Metadata", "BlobBuilder", "WriteDateTime", "(System.DateTime)", "summary", "df-generated"] - ["System.Reflection.Metadata", "BlobBuilder", "WriteDecimal", "(System.Decimal)", "summary", "df-generated"] - ["System.Reflection.Metadata", "BlobBuilder", "WriteDouble", "(System.Double)", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Reflection.PortableExecutable.model.yml b/csharp/ql/lib/ext/generated/System.Reflection.PortableExecutable.model.yml index 7852d88d8a9..169993932e2 100644 --- a/csharp/ql/lib/ext/generated/System.Reflection.PortableExecutable.model.yml +++ b/csharp/ql/lib/ext/generated/System.Reflection.PortableExecutable.model.yml @@ -26,7 +26,7 @@ extensions: - ["System.Reflection.PortableExecutable", "PEReader", False, "PEReader", "(System.Collections.Immutable.ImmutableArray)", "", "Argument[0].Element", "Argument[this]", "taint", "df-generated"] - ["System.Reflection.PortableExecutable", "PEReader", False, "PEReader", "(System.IO.Stream,System.Reflection.PortableExecutable.PEStreamOptions,System.Int32)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["System.Reflection.PortableExecutable", "PEReader", False, "TryOpenAssociatedPortablePdb", "(System.String,System.Func,System.Reflection.Metadata.MetadataReaderProvider,System.String)", "", "Argument[0]", "Argument[1].Parameter[0]", "taint", "dfc-generated"] - - ["System.Reflection.PortableExecutable", "PEReader", False, "TryOpenAssociatedPortablePdb", "(System.String,System.Func,System.Reflection.Metadata.MetadataReaderProvider,System.String)", "", "Argument[0]", "ReturnValue", "taint", "dfc-generated"] + - ["System.Reflection.PortableExecutable", "PEReader", False, "TryOpenAssociatedPortablePdb", "(System.String,System.Func,System.Reflection.Metadata.MetadataReaderProvider,System.String)", "", "Argument[0]", "Argument[3]", "taint", "dfc-generated"] - ["System.Reflection.PortableExecutable", "PEReader", False, "get_PEHeaders", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - addsTo: pack: codeql/csharp-all diff --git a/csharp/ql/lib/ext/generated/System.Reflection.model.yml b/csharp/ql/lib/ext/generated/System.Reflection.model.yml index 43ee41799ad..6758f9e29f0 100644 --- a/csharp/ql/lib/ext/generated/System.Reflection.model.yml +++ b/csharp/ql/lib/ext/generated/System.Reflection.model.yml @@ -36,11 +36,7 @@ extensions: - ["System.Reflection", "AssemblyName", False, "get_EscapedCodeBase", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Reflection", "Binder", True, "BindToField", "(System.Reflection.BindingFlags,System.Reflection.FieldInfo[],System.Object,System.Globalization.CultureInfo)", "", "Argument[1].Element", "ReturnValue", "value", "dfc-generated"] - ["System.Reflection", "Binder", True, "BindToMethod", "(System.Reflection.BindingFlags,System.Reflection.MethodBase[],System.Object[],System.Reflection.ParameterModifier[],System.Globalization.CultureInfo,System.String[],System.Object)", "", "Argument[1].Element", "ReturnValue", "value", "dfc-generated"] - - ["System.Reflection", "Binder", True, "BindToMethod", "(System.Reflection.BindingFlags,System.Reflection.MethodBase[],System.Object[],System.Reflection.ParameterModifier[],System.Globalization.CultureInfo,System.String[],System.Object)", "", "Argument[2].Element", "ReturnValue.Element", "value", "dfc-generated"] - - ["System.Reflection", "Binder", True, "BindToMethod", "(System.Reflection.BindingFlags,System.Reflection.MethodBase[],System.Object[],System.Reflection.ParameterModifier[],System.Globalization.CultureInfo,System.String[],System.Object)", "", "Argument[2]", "ReturnValue", "value", "dfc-generated"] - ["System.Reflection", "Binder", True, "ReorderArgumentArray", "(System.Object[],System.Object)", "", "Argument[0].Element.Element", "Argument[0].Element", "value", "dfc-generated"] - - ["System.Reflection", "Binder", True, "ReorderArgumentArray", "(System.Object[],System.Object)", "", "Argument[0].Element.Element", "ReturnValue.Element", "value", "dfc-generated"] - - ["System.Reflection", "Binder", True, "ReorderArgumentArray", "(System.Object[],System.Object)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Reflection", "Binder", True, "SelectMethod", "(System.Reflection.BindingFlags,System.Reflection.MethodBase[],System.Type[],System.Reflection.ParameterModifier[])", "", "Argument[1].Element", "ReturnValue", "value", "dfc-generated"] - ["System.Reflection", "Binder", True, "SelectProperty", "(System.Reflection.BindingFlags,System.Reflection.PropertyInfo[],System.Type,System.Type[],System.Reflection.ParameterModifier[])", "", "Argument[1].Element", "ReturnValue", "value", "dfc-generated"] - ["System.Reflection", "ConstructorInvoker", False, "Invoke", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Resources.model.yml b/csharp/ql/lib/ext/generated/System.Resources.model.yml index e342044dafa..ead0e6f41e2 100644 --- a/csharp/ql/lib/ext/generated/System.Resources.model.yml +++ b/csharp/ql/lib/ext/generated/System.Resources.model.yml @@ -18,7 +18,7 @@ extensions: - ["System.Resources", "ResourceManager", True, "GetResourceFileName", "(System.Globalization.CultureInfo)", "", "Argument[this].Field[System.Resources.ResourceManager.BaseNameField]", "ReturnValue", "taint", "dfc-generated"] - ["System.Resources", "ResourceManager", True, "GetString", "(System.String,System.Globalization.CultureInfo)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - ["System.Resources", "ResourceManager", True, "get_BaseName", "()", "", "Argument[this].Field[System.Resources.ResourceManager.BaseNameField]", "ReturnValue", "value", "dfc-generated"] - - ["System.Resources", "ResourceReader", False, "GetResourceData", "(System.String,System.String,System.Byte[])", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Resources", "ResourceReader", False, "GetResourceData", "(System.String,System.String,System.Byte[])", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - ["System.Resources", "ResourceReader", False, "ResourceReader", "(System.IO.Stream)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["System.Resources", "ResourceSet", False, "ResourceSet", "(System.IO.Stream)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["System.Resources", "ResourceSet", False, "ResourceSet", "(System.Resources.IResourceReader)", "", "Argument[0]", "Argument[this].Field[System.Resources.ResourceSet.Reader]", "value", "dfc-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Runtime.CompilerServices.model.yml b/csharp/ql/lib/ext/generated/System.Runtime.CompilerServices.model.yml index b707827561c..2134ee1b6c1 100644 --- a/csharp/ql/lib/ext/generated/System.Runtime.CompilerServices.model.yml +++ b/csharp/ql/lib/ext/generated/System.Runtime.CompilerServices.model.yml @@ -4,41 +4,21 @@ extensions: pack: codeql/csharp-all extensible: summaryModel data: - - ["System.Runtime.CompilerServices", "AsyncIteratorMethodBuilder", False, "AwaitOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncIteratorMethodBuilder", False, "AwaitOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncIteratorMethodBuilder", False, "AwaitUnsafeOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncIteratorMethodBuilder", False, "AwaitUnsafeOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncIteratorMethodBuilder", False, "MoveNext", "(TStateMachine)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncTaskMethodBuilder", False, "AwaitOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncTaskMethodBuilder", False, "AwaitOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncTaskMethodBuilder", False, "AwaitUnsafeOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncTaskMethodBuilder", False, "AwaitUnsafeOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncTaskMethodBuilder", False, "Start", "(TStateMachine)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] + - ["System.Runtime.CompilerServices", "AsyncIteratorMethodBuilder", False, "AwaitOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["System.Runtime.CompilerServices", "AsyncIteratorMethodBuilder", False, "AwaitUnsafeOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["System.Runtime.CompilerServices", "AsyncTaskMethodBuilder", False, "AwaitOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["System.Runtime.CompilerServices", "AsyncTaskMethodBuilder", False, "AwaitUnsafeOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - ["System.Runtime.CompilerServices", "AsyncTaskMethodBuilder", False, "get_Task", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Runtime.CompilerServices", "AsyncTaskMethodBuilder", False, "AwaitOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncTaskMethodBuilder", False, "AwaitOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncTaskMethodBuilder", False, "AwaitUnsafeOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncTaskMethodBuilder", False, "AwaitUnsafeOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] + - ["System.Runtime.CompilerServices", "AsyncTaskMethodBuilder", False, "AwaitOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["System.Runtime.CompilerServices", "AsyncTaskMethodBuilder", False, "AwaitUnsafeOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - ["System.Runtime.CompilerServices", "AsyncTaskMethodBuilder", False, "SetResult", "(TResult)", "", "Argument[0]", "Argument[this].SyntheticField[System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1.m_task].Property[System.Threading.Tasks.Task`1.Result]", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncTaskMethodBuilder", False, "Start", "(TStateMachine)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.CompilerServices", "AsyncTaskMethodBuilder", False, "get_Task", "()", "", "Argument[this].SyntheticField[System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1.m_task]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", False, "AwaitOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", False, "AwaitOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", False, "AwaitUnsafeOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", False, "AwaitUnsafeOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", False, "Start", "(TStateMachine)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", False, "AwaitOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", False, "AwaitOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", False, "AwaitUnsafeOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", False, "AwaitUnsafeOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] + - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", False, "AwaitOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", False, "AwaitUnsafeOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", False, "AwaitOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", False, "AwaitUnsafeOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", False, "SetResult", "(TResult)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", False, "Start", "(TStateMachine)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", False, "get_Task", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Runtime.CompilerServices", "AsyncVoidMethodBuilder", False, "AwaitOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncVoidMethodBuilder", False, "AwaitOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncVoidMethodBuilder", False, "AwaitUnsafeOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncVoidMethodBuilder", False, "AwaitUnsafeOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "AsyncVoidMethodBuilder", False, "Start", "(TStateMachine)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.CompilerServices", "CallSite", False, "get_Binder", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Runtime.CompilerServices", "CallSiteOps", False, "AddRule", "(System.Runtime.CompilerServices.CallSite,T)", "", "Argument[1]", "Argument[0]", "taint", "df-generated"] - ["System.Runtime.CompilerServices", "CallSiteOps", False, "GetCachedRules", "(System.Runtime.CompilerServices.RuleCache)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] @@ -72,24 +52,18 @@ extensions: - ["System.Runtime.CompilerServices", "IRuntimeVariables", True, "get_Item", "(System.Int32)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Runtime.CompilerServices", "ITuple", True, "get_Item", "(System.Int32)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Runtime.CompilerServices", "NullableAttribute", False, "NullableAttribute", "(System.Byte[])", "", "Argument[0]", "Argument[this].Field[System.Runtime.CompilerServices.NullableAttribute.NullableFlags]", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "PoolingAsyncValueTaskMethodBuilder", False, "AwaitOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "PoolingAsyncValueTaskMethodBuilder", False, "AwaitOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "PoolingAsyncValueTaskMethodBuilder", False, "AwaitUnsafeOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "PoolingAsyncValueTaskMethodBuilder", False, "AwaitUnsafeOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "PoolingAsyncValueTaskMethodBuilder", False, "Start", "(TStateMachine)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "PoolingAsyncValueTaskMethodBuilder", False, "AwaitOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "PoolingAsyncValueTaskMethodBuilder", False, "AwaitOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "PoolingAsyncValueTaskMethodBuilder", False, "AwaitUnsafeOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "PoolingAsyncValueTaskMethodBuilder", False, "AwaitUnsafeOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] + - ["System.Runtime.CompilerServices", "PoolingAsyncValueTaskMethodBuilder", False, "AwaitOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["System.Runtime.CompilerServices", "PoolingAsyncValueTaskMethodBuilder", False, "AwaitUnsafeOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["System.Runtime.CompilerServices", "PoolingAsyncValueTaskMethodBuilder", False, "AwaitOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] + - ["System.Runtime.CompilerServices", "PoolingAsyncValueTaskMethodBuilder", False, "AwaitUnsafeOnCompleted", "(TAwaiter,TStateMachine)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - ["System.Runtime.CompilerServices", "PoolingAsyncValueTaskMethodBuilder", False, "SetResult", "(TResult)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["System.Runtime.CompilerServices", "PoolingAsyncValueTaskMethodBuilder", False, "Start", "(TStateMachine)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.CompilerServices", "PoolingAsyncValueTaskMethodBuilder", False, "get_Task", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Runtime.CompilerServices", "ReadOnlyCollectionBuilder", False, "ReadOnlyCollectionBuilder", "(System.Collections.Generic.IEnumerable)", "", "Argument[0].Element", "Argument[this]", "taint", "df-generated"] - ["System.Runtime.CompilerServices", "RuntimeHelpers", False, "ExecuteCodeWithGuaranteedCleanup", "(System.Runtime.CompilerServices.RuntimeHelpers+TryCode,System.Runtime.CompilerServices.RuntimeHelpers+CleanupCode,System.Object)", "", "Argument[2]", "Argument[0].Parameter[0]", "value", "dfc-generated"] - ["System.Runtime.CompilerServices", "RuntimeHelpers", False, "ExecuteCodeWithGuaranteedCleanup", "(System.Runtime.CompilerServices.RuntimeHelpers+TryCode,System.Runtime.CompilerServices.RuntimeHelpers+CleanupCode,System.Object)", "", "Argument[2]", "Argument[1].Parameter[0]", "value", "dfc-generated"] - ["System.Runtime.CompilerServices", "RuntimeOps", False, "CreateRuntimeVariables", "(System.Object[],System.Int64[])", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"] - ["System.Runtime.CompilerServices", "RuntimeOps", False, "ExpandoPromoteClass", "(System.Dynamic.ExpandoObject,System.Object,System.Object)", "", "Argument[2]", "Argument[0].Element", "taint", "df-generated"] - - ["System.Runtime.CompilerServices", "RuntimeOps", False, "ExpandoTryGetValue", "(System.Dynamic.ExpandoObject,System.Object,System.Int32,System.String,System.Boolean,System.Object)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"] + - ["System.Runtime.CompilerServices", "RuntimeOps", False, "ExpandoTryGetValue", "(System.Dynamic.ExpandoObject,System.Object,System.Int32,System.String,System.Boolean,System.Object)", "", "Argument[0].Element", "Argument[5]", "taint", "df-generated"] - ["System.Runtime.CompilerServices", "RuntimeOps", False, "ExpandoTrySetValue", "(System.Dynamic.ExpandoObject,System.Object,System.Int32,System.Object,System.String,System.Boolean)", "", "Argument[3]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.CompilerServices", "RuntimeOps", False, "MergeRuntimeVariables", "(System.Runtime.CompilerServices.IRuntimeVariables,System.Runtime.CompilerServices.IRuntimeVariables,System.Int32[])", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System.Runtime.CompilerServices", "RuntimeOps", False, "MergeRuntimeVariables", "(System.Runtime.CompilerServices.IRuntimeVariables,System.Runtime.CompilerServices.IRuntimeVariables,System.Int32[])", "", "Argument[1]", "ReturnValue", "taint", "df-generated"] @@ -101,15 +75,6 @@ extensions: - ["System.Runtime.CompilerServices", "SwitchExpressionException", False, "get_Message", "()", "", "Argument[this].Property[System.Runtime.CompilerServices.SwitchExpressionException.UnmatchedValue]", "ReturnValue", "taint", "dfc-generated"] - ["System.Runtime.CompilerServices", "TupleElementNamesAttribute", False, "TupleElementNamesAttribute", "(System.String[])", "", "Argument[0]", "Argument[this].SyntheticField[System.Runtime.CompilerServices.TupleElementNamesAttribute._transformNames]", "value", "dfc-generated"] - ["System.Runtime.CompilerServices", "TupleElementNamesAttribute", False, "get_TransformNames", "()", "", "Argument[this].SyntheticField[System.Runtime.CompilerServices.TupleElementNamesAttribute._transformNames]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "Unsafe", False, "Add", "(T,System.Int32)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "Unsafe", False, "Add", "(T,System.IntPtr)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "Unsafe", False, "Add", "(T,System.UIntPtr)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "Unsafe", False, "AddByteOffset", "(T,System.UIntPtr)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "Unsafe", False, "Copy", "(T,System.Void*)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "Unsafe", False, "Subtract", "(T,System.Int32)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "Unsafe", False, "Subtract", "(T,System.IntPtr)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "Unsafe", False, "Subtract", "(T,System.UIntPtr)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.CompilerServices", "Unsafe", False, "SubtractByteOffset", "(T,System.UIntPtr)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.CompilerServices", "ValueTaskAwaiter", False, "GetResult", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - addsTo: pack: codeql/csharp-all @@ -119,6 +84,7 @@ extensions: - ["System.Runtime.CompilerServices", "AccessedThroughPropertyAttribute", "get_PropertyName", "()", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "AsyncIteratorMethodBuilder", "Complete", "()", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "AsyncIteratorMethodBuilder", "Create", "()", "summary", "df-generated"] + - ["System.Runtime.CompilerServices", "AsyncIteratorMethodBuilder", "MoveNext", "(TStateMachine)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "AsyncIteratorStateMachineAttribute", "AsyncIteratorStateMachineAttribute", "(System.Type)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "AsyncMethodBuilderAttribute", "AsyncMethodBuilderAttribute", "(System.Type)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "AsyncMethodBuilderAttribute", "get_BuilderType", "()", "summary", "df-generated"] @@ -127,21 +93,28 @@ extensions: - ["System.Runtime.CompilerServices", "AsyncTaskMethodBuilder", "SetException", "(System.Exception)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "AsyncTaskMethodBuilder", "SetResult", "()", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "AsyncTaskMethodBuilder", "SetStateMachine", "(System.Runtime.CompilerServices.IAsyncStateMachine)", "summary", "df-generated"] + - ["System.Runtime.CompilerServices", "AsyncTaskMethodBuilder", "Start", "(TStateMachine)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "AsyncTaskMethodBuilder", "Create", "()", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "AsyncTaskMethodBuilder", "SetException", "(System.Exception)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "AsyncTaskMethodBuilder", "SetStateMachine", "(System.Runtime.CompilerServices.IAsyncStateMachine)", "summary", "df-generated"] + - ["System.Runtime.CompilerServices", "AsyncTaskMethodBuilder", "Start", "(TStateMachine)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", "Create", "()", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", "SetException", "(System.Exception)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", "SetResult", "()", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", "SetStateMachine", "(System.Runtime.CompilerServices.IAsyncStateMachine)", "summary", "df-generated"] + - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", "Start", "(TStateMachine)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", "get_Task", "()", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", "Create", "()", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", "SetException", "(System.Exception)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", "SetStateMachine", "(System.Runtime.CompilerServices.IAsyncStateMachine)", "summary", "df-generated"] + - ["System.Runtime.CompilerServices", "AsyncValueTaskMethodBuilder", "Start", "(TStateMachine)", "summary", "df-generated"] + - ["System.Runtime.CompilerServices", "AsyncVoidMethodBuilder", "AwaitOnCompleted", "(TAwaiter,TStateMachine)", "summary", "df-generated"] + - ["System.Runtime.CompilerServices", "AsyncVoidMethodBuilder", "AwaitUnsafeOnCompleted", "(TAwaiter,TStateMachine)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "AsyncVoidMethodBuilder", "Create", "()", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "AsyncVoidMethodBuilder", "SetException", "(System.Exception)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "AsyncVoidMethodBuilder", "SetResult", "()", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "AsyncVoidMethodBuilder", "SetStateMachine", "(System.Runtime.CompilerServices.IAsyncStateMachine)", "summary", "df-generated"] + - ["System.Runtime.CompilerServices", "AsyncVoidMethodBuilder", "Start", "(TStateMachine)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "CallSite", "Create", "(System.Type,System.Runtime.CompilerServices.CallSiteBinder)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "CallSite", "Create", "(System.Runtime.CompilerServices.CallSiteBinder)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "CallSite", "get_Update", "()", "summary", "df-generated"] @@ -257,10 +230,12 @@ extensions: - ["System.Runtime.CompilerServices", "PoolingAsyncValueTaskMethodBuilder", "SetException", "(System.Exception)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "PoolingAsyncValueTaskMethodBuilder", "SetResult", "()", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "PoolingAsyncValueTaskMethodBuilder", "SetStateMachine", "(System.Runtime.CompilerServices.IAsyncStateMachine)", "summary", "df-generated"] + - ["System.Runtime.CompilerServices", "PoolingAsyncValueTaskMethodBuilder", "Start", "(TStateMachine)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "PoolingAsyncValueTaskMethodBuilder", "get_Task", "()", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "PoolingAsyncValueTaskMethodBuilder", "Create", "()", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "PoolingAsyncValueTaskMethodBuilder", "SetException", "(System.Exception)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "PoolingAsyncValueTaskMethodBuilder", "SetStateMachine", "(System.Runtime.CompilerServices.IAsyncStateMachine)", "summary", "df-generated"] + - ["System.Runtime.CompilerServices", "PoolingAsyncValueTaskMethodBuilder", "Start", "(TStateMachine)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "ReadOnlyCollectionBuilder", "Contains", "(System.Object)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "ReadOnlyCollectionBuilder", "Contains", "(T)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "ReadOnlyCollectionBuilder", "IndexOf", "(System.Object)", "summary", "df-generated"] @@ -331,7 +306,11 @@ extensions: - ["System.Runtime.CompilerServices", "TypeForwardedToAttribute", "TypeForwardedToAttribute", "(System.Type)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "TypeForwardedToAttribute", "get_Destination", "()", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "Unsafe", "Add", "(System.Void*,System.Int32)", "summary", "df-generated"] + - ["System.Runtime.CompilerServices", "Unsafe", "Add", "(T,System.Int32)", "summary", "df-generated"] + - ["System.Runtime.CompilerServices", "Unsafe", "Add", "(T,System.IntPtr)", "summary", "df-generated"] + - ["System.Runtime.CompilerServices", "Unsafe", "Add", "(T,System.UIntPtr)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "Unsafe", "AddByteOffset", "(T,System.IntPtr)", "summary", "df-generated"] + - ["System.Runtime.CompilerServices", "Unsafe", "AddByteOffset", "(T,System.UIntPtr)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "Unsafe", "AreSame", "(T,T)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "Unsafe", "As", "(System.Object)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "Unsafe", "As", "(TFrom)", "summary", "df-generated"] @@ -341,6 +320,7 @@ extensions: - ["System.Runtime.CompilerServices", "Unsafe", "BitCast", "(TFrom)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "Unsafe", "ByteOffset", "(T,T)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "Unsafe", "Copy", "(System.Void*,T)", "summary", "df-generated"] + - ["System.Runtime.CompilerServices", "Unsafe", "Copy", "(T,System.Void*)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "Unsafe", "CopyBlock", "(System.Byte,System.Byte,System.UInt32)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "Unsafe", "CopyBlock", "(System.Void*,System.Void*,System.UInt32)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "Unsafe", "CopyBlockUnaligned", "(System.Byte,System.Byte,System.UInt32)", "summary", "df-generated"] @@ -359,7 +339,11 @@ extensions: - ["System.Runtime.CompilerServices", "Unsafe", "SizeOf", "()", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "Unsafe", "SkipInit", "(T)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "Unsafe", "Subtract", "(System.Void*,System.Int32)", "summary", "df-generated"] + - ["System.Runtime.CompilerServices", "Unsafe", "Subtract", "(T,System.Int32)", "summary", "df-generated"] + - ["System.Runtime.CompilerServices", "Unsafe", "Subtract", "(T,System.IntPtr)", "summary", "df-generated"] + - ["System.Runtime.CompilerServices", "Unsafe", "Subtract", "(T,System.UIntPtr)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "Unsafe", "SubtractByteOffset", "(T,System.IntPtr)", "summary", "df-generated"] + - ["System.Runtime.CompilerServices", "Unsafe", "SubtractByteOffset", "(T,System.UIntPtr)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "Unsafe", "Unbox", "(System.Object)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "Unsafe", "Write", "(System.Void*,T)", "summary", "df-generated"] - ["System.Runtime.CompilerServices", "Unsafe", "WriteUnaligned", "(System.Byte,T)", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Runtime.InteropServices.Marshalling.model.yml b/csharp/ql/lib/ext/generated/System.Runtime.InteropServices.Marshalling.model.yml index ca567ebf807..a7e0837e1f5 100644 --- a/csharp/ql/lib/ext/generated/System.Runtime.InteropServices.Marshalling.model.yml +++ b/csharp/ql/lib/ext/generated/System.Runtime.InteropServices.Marshalling.model.yml @@ -42,8 +42,8 @@ extensions: - ["System.Runtime.InteropServices.Marshalling", "SpanMarshaller+ManagedToUnmanagedIn", False, "GetUnmanagedValuesDestination", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Runtime.InteropServices.Marshalling", "SpanMarshaller", False, "GetManagedValuesDestination", "(System.Span)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.InteropServices.Marshalling", "Utf8StringMarshaller+ManagedToUnmanagedIn", False, "ToUnmanaged", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Runtime.InteropServices.Marshalling", "VirtualMethodTableInfo", False, "Deconstruct", "(System.Void*,System.Void**)", "", "Argument[this].Property[System.Runtime.InteropServices.Marshalling.VirtualMethodTableInfo.ThisPointer]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.InteropServices.Marshalling", "VirtualMethodTableInfo", False, "Deconstruct", "(System.Void*,System.Void**)", "", "Argument[this].Property[System.Runtime.InteropServices.Marshalling.VirtualMethodTableInfo.VirtualMethodTable]", "ReturnValue", "value", "dfc-generated"] + - ["System.Runtime.InteropServices.Marshalling", "VirtualMethodTableInfo", False, "Deconstruct", "(System.Void*,System.Void**)", "", "Argument[this].Property[System.Runtime.InteropServices.Marshalling.VirtualMethodTableInfo.ThisPointer]", "Argument[0]", "value", "dfc-generated"] + - ["System.Runtime.InteropServices.Marshalling", "VirtualMethodTableInfo", False, "Deconstruct", "(System.Void*,System.Void**)", "", "Argument[this].Property[System.Runtime.InteropServices.Marshalling.VirtualMethodTableInfo.VirtualMethodTable]", "Argument[1]", "value", "dfc-generated"] - ["System.Runtime.InteropServices.Marshalling", "VirtualMethodTableInfo", False, "VirtualMethodTableInfo", "(System.Void*,System.Void**)", "", "Argument[0]", "Argument[this].Property[System.Runtime.InteropServices.Marshalling.VirtualMethodTableInfo.ThisPointer]", "value", "dfc-generated"] - ["System.Runtime.InteropServices.Marshalling", "VirtualMethodTableInfo", False, "VirtualMethodTableInfo", "(System.Void*,System.Void**)", "", "Argument[1]", "Argument[this].Property[System.Runtime.InteropServices.Marshalling.VirtualMethodTableInfo.VirtualMethodTable]", "value", "dfc-generated"] - addsTo: diff --git a/csharp/ql/lib/ext/generated/System.Runtime.InteropServices.model.yml b/csharp/ql/lib/ext/generated/System.Runtime.InteropServices.model.yml index 8c1b8232a5c..0e97a54b32b 100644 --- a/csharp/ql/lib/ext/generated/System.Runtime.InteropServices.model.yml +++ b/csharp/ql/lib/ext/generated/System.Runtime.InteropServices.model.yml @@ -29,11 +29,10 @@ extensions: - ["System.Runtime.InteropServices", "ManagedToNativeComInteropStubAttribute", False, "ManagedToNativeComInteropStubAttribute", "(System.Type,System.String)", "", "Argument[1]", "Argument[this].Property[System.Runtime.InteropServices.ManagedToNativeComInteropStubAttribute.MethodName]", "value", "dfc-generated"] - ["System.Runtime.InteropServices", "Marshal", False, "InitHandle", "(System.Runtime.InteropServices.SafeHandle,System.IntPtr)", "", "Argument[1]", "Argument[0].Field[System.Runtime.InteropServices.SafeHandle.handle]", "value", "dfc-generated"] - ["System.Runtime.InteropServices", "MemoryMarshal", False, "CreateFromPinnedArray", "(T[],System.Int32,System.Int32)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"] - - ["System.Runtime.InteropServices", "MemoryMarshal", False, "CreateSpan", "(T,System.Int32)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.InteropServices", "MemoryMarshal", False, "ToEnumerable", "(System.ReadOnlyMemory)", "", "Argument[0].Property[System.ReadOnlyMemory`1.Span].Element", "ReturnValue.Element", "value", "dfc-generated"] - - ["System.Runtime.InteropServices", "MemoryMarshal", False, "TryGetMemoryManager", "(System.ReadOnlyMemory,TManager)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["System.Runtime.InteropServices", "MemoryMarshal", False, "TryGetMemoryManager", "(System.ReadOnlyMemory,TManager,System.Int32,System.Int32)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["System.Runtime.InteropServices", "MemoryMarshal", False, "TryGetString", "(System.ReadOnlyMemory,System.String,System.Int32,System.Int32)", "", "Argument[0].SyntheticField[System.ReadOnlyMemory`1._object]", "ReturnValue", "value", "dfc-generated"] + - ["System.Runtime.InteropServices", "MemoryMarshal", False, "TryGetMemoryManager", "(System.ReadOnlyMemory,TManager)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] + - ["System.Runtime.InteropServices", "MemoryMarshal", False, "TryGetMemoryManager", "(System.ReadOnlyMemory,TManager,System.Int32,System.Int32)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] + - ["System.Runtime.InteropServices", "MemoryMarshal", False, "TryGetString", "(System.ReadOnlyMemory,System.String,System.Int32,System.Int32)", "", "Argument[0].SyntheticField[System.ReadOnlyMemory`1._object]", "Argument[1]", "value", "dfc-generated"] - ["System.Runtime.InteropServices", "NFloat", False, "ConvertToInteger", "(System.Runtime.InteropServices.NFloat)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.InteropServices", "NFloat", False, "ConvertToIntegerNative", "(System.Runtime.InteropServices.NFloat)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.InteropServices", "NFloat", False, "CreateChecked", "(TOther)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] @@ -43,13 +42,12 @@ extensions: - ["System.Runtime.InteropServices", "NFloat", False, "op_UnaryPlus", "(System.Runtime.InteropServices.NFloat)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.InteropServices", "OSPlatform", False, "Create", "(System.String)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Runtime.InteropServices.OSPlatform.Name]", "value", "dfc-generated"] - ["System.Runtime.InteropServices", "OSPlatform", False, "ToString", "()", "", "Argument[this].SyntheticField[System.Runtime.InteropServices.OSPlatform.Name]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.InteropServices", "SafeBuffer", False, "AcquirePointer", "(System.Byte*)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.InteropServices", "SafeHandle", False, "DangerousGetHandle", "()", "", "Argument[this].Field[System.Runtime.InteropServices.SafeHandle.handle]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.InteropServices", "SafeHandle", False, "SafeHandle", "(System.IntPtr,System.Boolean)", "", "Argument[0]", "Argument[this].Field[System.Runtime.InteropServices.SafeHandle.handle]", "value", "dfc-generated"] - ["System.Runtime.InteropServices", "SafeHandle", False, "SetHandle", "(System.IntPtr)", "", "Argument[0]", "Argument[this].Field[System.Runtime.InteropServices.SafeHandle.handle]", "value", "dfc-generated"] - - ["System.Runtime.InteropServices", "SequenceMarshal", False, "TryGetReadOnlyMemory", "(System.Buffers.ReadOnlySequence,System.ReadOnlyMemory)", "", "Argument[0].Property[System.Buffers.ReadOnlySequence`1.First]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.InteropServices", "SequenceMarshal", False, "TryGetReadOnlySequenceSegment", "(System.Buffers.ReadOnlySequence,System.Buffers.ReadOnlySequenceSegment,System.Int32,System.Buffers.ReadOnlySequenceSegment,System.Int32)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["System.Runtime.InteropServices", "SequenceMarshal", False, "TryRead", "(System.Buffers.SequenceReader,T)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] + - ["System.Runtime.InteropServices", "SequenceMarshal", False, "TryGetReadOnlyMemory", "(System.Buffers.ReadOnlySequence,System.ReadOnlyMemory)", "", "Argument[0].Property[System.Buffers.ReadOnlySequence`1.First]", "Argument[1]", "value", "dfc-generated"] + - ["System.Runtime.InteropServices", "SequenceMarshal", False, "TryGetReadOnlySequenceSegment", "(System.Buffers.ReadOnlySequence,System.Buffers.ReadOnlySequenceSegment,System.Int32,System.Buffers.ReadOnlySequenceSegment,System.Int32)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] + - ["System.Runtime.InteropServices", "SequenceMarshal", False, "TryGetReadOnlySequenceSegment", "(System.Buffers.ReadOnlySequence,System.Buffers.ReadOnlySequenceSegment,System.Int32,System.Buffers.ReadOnlySequenceSegment,System.Int32)", "", "Argument[0]", "Argument[3]", "taint", "df-generated"] - addsTo: pack: codeql/csharp-all extensible: neutralModel @@ -390,6 +388,7 @@ extensions: - ["System.Runtime.InteropServices", "MemoryMarshal", "CreateReadOnlySpan", "(T,System.Int32)", "summary", "df-generated"] - ["System.Runtime.InteropServices", "MemoryMarshal", "CreateReadOnlySpanFromNullTerminated", "(System.Byte*)", "summary", "df-generated"] - ["System.Runtime.InteropServices", "MemoryMarshal", "CreateReadOnlySpanFromNullTerminated", "(System.Char*)", "summary", "df-generated"] + - ["System.Runtime.InteropServices", "MemoryMarshal", "CreateSpan", "(T,System.Int32)", "summary", "df-generated"] - ["System.Runtime.InteropServices", "MemoryMarshal", "GetArrayDataReference", "(System.Array)", "summary", "df-generated"] - ["System.Runtime.InteropServices", "MemoryMarshal", "GetArrayDataReference", "(T[])", "summary", "df-generated"] - ["System.Runtime.InteropServices", "MemoryMarshal", "GetReference", "(System.ReadOnlySpan)", "summary", "df-generated"] @@ -637,6 +636,7 @@ extensions: - ["System.Runtime.InteropServices", "SafeArrayTypeMismatchException", "SafeArrayTypeMismatchException", "(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext)", "summary", "df-generated"] - ["System.Runtime.InteropServices", "SafeArrayTypeMismatchException", "SafeArrayTypeMismatchException", "(System.String)", "summary", "df-generated"] - ["System.Runtime.InteropServices", "SafeArrayTypeMismatchException", "SafeArrayTypeMismatchException", "(System.String,System.Exception)", "summary", "df-generated"] + - ["System.Runtime.InteropServices", "SafeBuffer", "AcquirePointer", "(System.Byte*)", "summary", "df-generated"] - ["System.Runtime.InteropServices", "SafeBuffer", "Initialize", "(System.UInt32,System.UInt32)", "summary", "df-generated"] - ["System.Runtime.InteropServices", "SafeBuffer", "Initialize", "(System.UInt64)", "summary", "df-generated"] - ["System.Runtime.InteropServices", "SafeBuffer", "Initialize", "(System.UInt32)", "summary", "df-generated"] @@ -659,6 +659,7 @@ extensions: - ["System.Runtime.InteropServices", "SafeHandle", "get_IsClosed", "()", "summary", "df-generated"] - ["System.Runtime.InteropServices", "SafeHandle", "get_IsInvalid", "()", "summary", "df-generated"] - ["System.Runtime.InteropServices", "SequenceMarshal", "TryGetArray", "(System.Buffers.ReadOnlySequence,System.ArraySegment)", "summary", "df-generated"] + - ["System.Runtime.InteropServices", "SequenceMarshal", "TryRead", "(System.Buffers.SequenceReader,T)", "summary", "df-generated"] - ["System.Runtime.InteropServices", "StructLayoutAttribute", "StructLayoutAttribute", "(System.Int16)", "summary", "df-generated"] - ["System.Runtime.InteropServices", "StructLayoutAttribute", "StructLayoutAttribute", "(System.Runtime.InteropServices.LayoutKind)", "summary", "df-generated"] - ["System.Runtime.InteropServices", "StructLayoutAttribute", "get_Value", "()", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Runtime.Intrinsics.model.yml b/csharp/ql/lib/ext/generated/System.Runtime.Intrinsics.model.yml index c5f3e8f56ed..fb03afbfe19 100644 --- a/csharp/ql/lib/ext/generated/System.Runtime.Intrinsics.model.yml +++ b/csharp/ql/lib/ext/generated/System.Runtime.Intrinsics.model.yml @@ -16,7 +16,6 @@ extensions: - ["System.Runtime.Intrinsics", "Vector128", False, "Round", "(System.Runtime.Intrinsics.Vector128,System.MidpointRounding)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.Intrinsics", "Vector128", False, "Round", "(System.Runtime.Intrinsics.Vector128)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.Intrinsics", "Vector128", False, "Round", "(System.Runtime.Intrinsics.Vector128,System.MidpointRounding)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.Intrinsics", "Vector128", False, "StoreUnsafe", "(System.Runtime.Intrinsics.Vector128,T)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.Intrinsics", "Vector128", False, "Truncate", "(System.Runtime.Intrinsics.Vector128)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.Intrinsics", "Vector128", False, "Truncate", "(System.Runtime.Intrinsics.Vector128)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.Intrinsics", "Vector128", False, "WithElement", "(System.Runtime.Intrinsics.Vector128,System.Int32,T)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] @@ -35,7 +34,6 @@ extensions: - ["System.Runtime.Intrinsics", "Vector256", False, "Round", "(System.Runtime.Intrinsics.Vector256,System.MidpointRounding)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.Intrinsics", "Vector256", False, "Round", "(System.Runtime.Intrinsics.Vector256)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.Intrinsics", "Vector256", False, "Round", "(System.Runtime.Intrinsics.Vector256,System.MidpointRounding)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.Intrinsics", "Vector256", False, "StoreUnsafe", "(System.Runtime.Intrinsics.Vector256,T)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.Intrinsics", "Vector256", False, "Truncate", "(System.Runtime.Intrinsics.Vector256)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.Intrinsics", "Vector256", False, "Truncate", "(System.Runtime.Intrinsics.Vector256)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.Intrinsics", "Vector256", False, "WithElement", "(System.Runtime.Intrinsics.Vector256,System.Int32,T)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] @@ -54,7 +52,6 @@ extensions: - ["System.Runtime.Intrinsics", "Vector512", False, "Round", "(System.Runtime.Intrinsics.Vector512,System.MidpointRounding)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.Intrinsics", "Vector512", False, "Round", "(System.Runtime.Intrinsics.Vector512)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.Intrinsics", "Vector512", False, "Round", "(System.Runtime.Intrinsics.Vector512,System.MidpointRounding)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.Intrinsics", "Vector512", False, "StoreUnsafe", "(System.Runtime.Intrinsics.Vector512,T)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.Intrinsics", "Vector512", False, "Truncate", "(System.Runtime.Intrinsics.Vector512)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.Intrinsics", "Vector512", False, "Truncate", "(System.Runtime.Intrinsics.Vector512)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.Intrinsics", "Vector512", False, "WithElement", "(System.Runtime.Intrinsics.Vector512,System.Int32,T)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] @@ -71,7 +68,6 @@ extensions: - ["System.Runtime.Intrinsics", "Vector64", False, "Round", "(System.Runtime.Intrinsics.Vector64,System.MidpointRounding)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.Intrinsics", "Vector64", False, "Round", "(System.Runtime.Intrinsics.Vector64)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.Intrinsics", "Vector64", False, "Round", "(System.Runtime.Intrinsics.Vector64,System.MidpointRounding)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.Intrinsics", "Vector64", False, "StoreUnsafe", "(System.Runtime.Intrinsics.Vector64,T)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.Intrinsics", "Vector64", False, "Truncate", "(System.Runtime.Intrinsics.Vector64)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.Intrinsics", "Vector64", False, "Truncate", "(System.Runtime.Intrinsics.Vector64)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.Intrinsics", "Vector64", False, "WithElement", "(System.Runtime.Intrinsics.Vector64,System.Int32,T)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] @@ -327,6 +323,7 @@ extensions: - ["System.Runtime.Intrinsics", "Vector128", "Store", "(System.Runtime.Intrinsics.Vector128,T*)", "summary", "df-generated"] - ["System.Runtime.Intrinsics", "Vector128", "StoreAligned", "(System.Runtime.Intrinsics.Vector128,T*)", "summary", "df-generated"] - ["System.Runtime.Intrinsics", "Vector128", "StoreAlignedNonTemporal", "(System.Runtime.Intrinsics.Vector128,T*)", "summary", "df-generated"] + - ["System.Runtime.Intrinsics", "Vector128", "StoreUnsafe", "(System.Runtime.Intrinsics.Vector128,T)", "summary", "df-generated"] - ["System.Runtime.Intrinsics", "Vector128", "StoreUnsafe", "(System.Runtime.Intrinsics.Vector128,T,System.UIntPtr)", "summary", "df-generated"] - ["System.Runtime.Intrinsics", "Vector128", "Subtract", "(System.Runtime.Intrinsics.Vector128,System.Runtime.Intrinsics.Vector128)", "summary", "df-generated"] - ["System.Runtime.Intrinsics", "Vector128", "Sum", "(System.Runtime.Intrinsics.Vector128)", "summary", "df-generated"] @@ -625,6 +622,7 @@ extensions: - ["System.Runtime.Intrinsics", "Vector256", "Store", "(System.Runtime.Intrinsics.Vector256,T*)", "summary", "df-generated"] - ["System.Runtime.Intrinsics", "Vector256", "StoreAligned", "(System.Runtime.Intrinsics.Vector256,T*)", "summary", "df-generated"] - ["System.Runtime.Intrinsics", "Vector256", "StoreAlignedNonTemporal", "(System.Runtime.Intrinsics.Vector256,T*)", "summary", "df-generated"] + - ["System.Runtime.Intrinsics", "Vector256", "StoreUnsafe", "(System.Runtime.Intrinsics.Vector256,T)", "summary", "df-generated"] - ["System.Runtime.Intrinsics", "Vector256", "StoreUnsafe", "(System.Runtime.Intrinsics.Vector256,T,System.UIntPtr)", "summary", "df-generated"] - ["System.Runtime.Intrinsics", "Vector256", "Subtract", "(System.Runtime.Intrinsics.Vector256,System.Runtime.Intrinsics.Vector256)", "summary", "df-generated"] - ["System.Runtime.Intrinsics", "Vector256", "Sum", "(System.Runtime.Intrinsics.Vector256)", "summary", "df-generated"] @@ -924,6 +922,7 @@ extensions: - ["System.Runtime.Intrinsics", "Vector512", "Store", "(System.Runtime.Intrinsics.Vector512,T*)", "summary", "df-generated"] - ["System.Runtime.Intrinsics", "Vector512", "StoreAligned", "(System.Runtime.Intrinsics.Vector512,T*)", "summary", "df-generated"] - ["System.Runtime.Intrinsics", "Vector512", "StoreAlignedNonTemporal", "(System.Runtime.Intrinsics.Vector512,T*)", "summary", "df-generated"] + - ["System.Runtime.Intrinsics", "Vector512", "StoreUnsafe", "(System.Runtime.Intrinsics.Vector512,T)", "summary", "df-generated"] - ["System.Runtime.Intrinsics", "Vector512", "StoreUnsafe", "(System.Runtime.Intrinsics.Vector512,T,System.UIntPtr)", "summary", "df-generated"] - ["System.Runtime.Intrinsics", "Vector512", "Subtract", "(System.Runtime.Intrinsics.Vector512,System.Runtime.Intrinsics.Vector512)", "summary", "df-generated"] - ["System.Runtime.Intrinsics", "Vector512", "Sum", "(System.Runtime.Intrinsics.Vector512)", "summary", "df-generated"] @@ -1197,6 +1196,7 @@ extensions: - ["System.Runtime.Intrinsics", "Vector64", "Store", "(System.Runtime.Intrinsics.Vector64,T*)", "summary", "df-generated"] - ["System.Runtime.Intrinsics", "Vector64", "StoreAligned", "(System.Runtime.Intrinsics.Vector64,T*)", "summary", "df-generated"] - ["System.Runtime.Intrinsics", "Vector64", "StoreAlignedNonTemporal", "(System.Runtime.Intrinsics.Vector64,T*)", "summary", "df-generated"] + - ["System.Runtime.Intrinsics", "Vector64", "StoreUnsafe", "(System.Runtime.Intrinsics.Vector64,T)", "summary", "df-generated"] - ["System.Runtime.Intrinsics", "Vector64", "StoreUnsafe", "(System.Runtime.Intrinsics.Vector64,T,System.UIntPtr)", "summary", "df-generated"] - ["System.Runtime.Intrinsics", "Vector64", "Subtract", "(System.Runtime.Intrinsics.Vector64,System.Runtime.Intrinsics.Vector64)", "summary", "df-generated"] - ["System.Runtime.Intrinsics", "Vector64", "Sum", "(System.Runtime.Intrinsics.Vector64)", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Runtime.Serialization.DataContracts.model.yml b/csharp/ql/lib/ext/generated/System.Runtime.Serialization.DataContracts.model.yml index 5acd6d53a1c..813f1750e84 100644 --- a/csharp/ql/lib/ext/generated/System.Runtime.Serialization.DataContracts.model.yml +++ b/csharp/ql/lib/ext/generated/System.Runtime.Serialization.DataContracts.model.yml @@ -4,7 +4,9 @@ extensions: pack: codeql/csharp-all extensible: summaryModel data: - - ["System.Runtime.Serialization.DataContracts", "DataContract", True, "IsDictionaryLike", "(System.String,System.String,System.String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Runtime.Serialization.DataContracts", "DataContract", True, "IsDictionaryLike", "(System.String,System.String,System.String)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] + - ["System.Runtime.Serialization.DataContracts", "DataContract", True, "IsDictionaryLike", "(System.String,System.String,System.String)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] + - ["System.Runtime.Serialization.DataContracts", "DataContract", True, "IsDictionaryLike", "(System.String,System.String,System.String)", "", "Argument[this]", "Argument[2]", "taint", "df-generated"] - ["System.Runtime.Serialization.DataContracts", "DataContract", True, "get_BaseContract", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Runtime.Serialization.DataContracts", "DataContract", True, "get_DataMembers", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Runtime.Serialization.DataContracts", "DataContractSet", False, "DataContractSet", "(System.Runtime.Serialization.DataContracts.DataContractSet)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Runtime.Serialization.model.yml b/csharp/ql/lib/ext/generated/System.Runtime.Serialization.model.yml index 9c4f73b489f..bc04cea71ec 100644 --- a/csharp/ql/lib/ext/generated/System.Runtime.Serialization.model.yml +++ b/csharp/ql/lib/ext/generated/System.Runtime.Serialization.model.yml @@ -22,7 +22,7 @@ extensions: - ["System.Runtime.Serialization", "IFormatterConverter", True, "ToString", "(System.Object)", "", "Argument[0]", "ReturnValue", "taint", "dfc-generated"] - ["System.Runtime.Serialization", "IObjectReference", True, "GetRealObject", "(System.Runtime.Serialization.StreamingContext)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Runtime.Serialization", "ISerializable", True, "GetObjectData", "(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - - ["System.Runtime.Serialization", "ISurrogateSelector", True, "GetSurrogate", "(System.Type,System.Runtime.Serialization.StreamingContext,System.Runtime.Serialization.ISurrogateSelector)", "", "Argument[this]", "ReturnValue", "value", "dfc-generated"] + - ["System.Runtime.Serialization", "ISurrogateSelector", True, "GetSurrogate", "(System.Type,System.Runtime.Serialization.StreamingContext,System.Runtime.Serialization.ISurrogateSelector)", "", "Argument[this]", "Argument[2]", "value", "dfc-generated"] - ["System.Runtime.Serialization", "KnownTypeAttribute", False, "KnownTypeAttribute", "(System.String)", "", "Argument[0]", "Argument[this].Property[System.Runtime.Serialization.KnownTypeAttribute.MethodName]", "value", "dfc-generated"] - ["System.Runtime.Serialization", "ObjectIDGenerator", True, "GetId", "(System.Object,System.Boolean)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["System.Runtime.Serialization", "ObjectManager", False, "ObjectManager", "(System.Runtime.Serialization.ISurrogateSelector,System.Runtime.Serialization.StreamingContext)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] @@ -63,7 +63,7 @@ extensions: - ["System.Runtime.Serialization", "StreamingContext", False, "get_Context", "()", "", "Argument[this].SyntheticField[System.Runtime.Serialization.StreamingContext._additionalContext]", "ReturnValue", "value", "dfc-generated"] - ["System.Runtime.Serialization", "SurrogateSelector", True, "ChainSelector", "(System.Runtime.Serialization.ISurrogateSelector)", "", "Argument[0]", "Argument[this].SyntheticField[System.Runtime.Serialization.SurrogateSelector._nextSelector]", "value", "dfc-generated"] - ["System.Runtime.Serialization", "SurrogateSelector", True, "GetNextSelector", "()", "", "Argument[this].SyntheticField[System.Runtime.Serialization.SurrogateSelector._nextSelector]", "ReturnValue", "value", "dfc-generated"] - - ["System.Runtime.Serialization", "SurrogateSelector", True, "GetSurrogate", "(System.Type,System.Runtime.Serialization.StreamingContext,System.Runtime.Serialization.ISurrogateSelector)", "", "Argument[this].SyntheticField[System.Runtime.Serialization.SurrogateSelector._nextSelector]", "ReturnValue", "value", "dfc-generated"] + - ["System.Runtime.Serialization", "SurrogateSelector", True, "GetSurrogate", "(System.Type,System.Runtime.Serialization.StreamingContext,System.Runtime.Serialization.ISurrogateSelector)", "", "Argument[this].SyntheticField[System.Runtime.Serialization.SurrogateSelector._nextSelector]", "Argument[2]", "value", "dfc-generated"] - ["System.Runtime.Serialization", "XPathQueryGenerator", False, "CreateFromDataContractSerializer", "(System.Type,System.Reflection.MemberInfo[],System.Text.StringBuilder,System.Xml.XmlNamespaceManager)", "", "Argument[2]", "ReturnValue", "taint", "dfc-generated"] - ["System.Runtime.Serialization", "XmlSerializableServices", False, "WriteNodes", "(System.Xml.XmlWriter,System.Xml.XmlNode[])", "", "Argument[1].Element", "Argument[0]", "taint", "df-generated"] - ["System.Runtime.Serialization", "XsdDataContractExporter", False, "XsdDataContractExporter", "(System.Xml.Schema.XmlSchemaSet)", "", "Argument[0]", "Argument[this].SyntheticField[System.Runtime.Serialization.XsdDataContractExporter._schemas]", "value", "dfc-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Security.Cryptography.Pkcs.model.yml b/csharp/ql/lib/ext/generated/System.Security.Cryptography.Pkcs.model.yml index 90f36107f3a..babfe0e5cf1 100644 --- a/csharp/ql/lib/ext/generated/System.Security.Cryptography.Pkcs.model.yml +++ b/csharp/ql/lib/ext/generated/System.Security.Cryptography.Pkcs.model.yml @@ -45,12 +45,12 @@ extensions: - ["System.Security.Cryptography.Pkcs", "Rfc3161TimestampRequest", False, "Encode", "()", "", "Argument[this].SyntheticField[System.Security.Cryptography.Pkcs.Rfc3161TimestampRequest._encodedBytes].Element", "ReturnValue.Element", "value", "dfc-generated"] - ["System.Security.Cryptography.Pkcs", "Rfc3161TimestampRequest", False, "Encode", "()", "", "Argument[this].SyntheticField[System.Security.Cryptography.Pkcs.Rfc3161TimestampRequest._encodedBytes]", "ReturnValue", "value", "dfc-generated"] - ["System.Security.Cryptography.Pkcs", "Rfc3161TimestampRequest", False, "GetNonce", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Security.Cryptography.Pkcs", "Rfc3161TimestampRequest", False, "TryDecode", "(System.ReadOnlyMemory,System.Security.Cryptography.Pkcs.Rfc3161TimestampRequest,System.Int32)", "", "Argument[0].Property[System.ReadOnlyMemory`1.Span].Element", "ReturnValue.SyntheticField[System.Security.Cryptography.Pkcs.Rfc3161TimestampRequest._encodedBytes].Element", "value", "dfc-generated"] + - ["System.Security.Cryptography.Pkcs", "Rfc3161TimestampRequest", False, "TryDecode", "(System.ReadOnlyMemory,System.Security.Cryptography.Pkcs.Rfc3161TimestampRequest,System.Int32)", "", "Argument[0].Property[System.ReadOnlyMemory`1.Span].Element", "Argument[1].SyntheticField[System.Security.Cryptography.Pkcs.Rfc3161TimestampRequest._encodedBytes].Element", "value", "dfc-generated"] - ["System.Security.Cryptography.Pkcs", "Rfc3161TimestampToken", False, "AsSignedCms", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Security.Cryptography.Pkcs", "Rfc3161TimestampToken", False, "VerifySignatureForData", "(System.ReadOnlySpan,System.Security.Cryptography.X509Certificates.X509Certificate2,System.Security.Cryptography.X509Certificates.X509Certificate2Collection)", "", "Argument[2].Element", "ReturnValue", "value", "dfc-generated"] - - ["System.Security.Cryptography.Pkcs", "Rfc3161TimestampToken", False, "VerifySignatureForHash", "(System.ReadOnlySpan,System.Security.Cryptography.HashAlgorithmName,System.Security.Cryptography.X509Certificates.X509Certificate2,System.Security.Cryptography.X509Certificates.X509Certificate2Collection)", "", "Argument[3].Element", "ReturnValue", "value", "dfc-generated"] - - ["System.Security.Cryptography.Pkcs", "Rfc3161TimestampToken", False, "VerifySignatureForHash", "(System.ReadOnlySpan,System.Security.Cryptography.Oid,System.Security.Cryptography.X509Certificates.X509Certificate2,System.Security.Cryptography.X509Certificates.X509Certificate2Collection)", "", "Argument[3].Element", "ReturnValue", "value", "dfc-generated"] - - ["System.Security.Cryptography.Pkcs", "Rfc3161TimestampToken", False, "VerifySignatureForSignerInfo", "(System.Security.Cryptography.Pkcs.SignerInfo,System.Security.Cryptography.X509Certificates.X509Certificate2,System.Security.Cryptography.X509Certificates.X509Certificate2Collection)", "", "Argument[2].Element", "ReturnValue", "value", "dfc-generated"] + - ["System.Security.Cryptography.Pkcs", "Rfc3161TimestampToken", False, "VerifySignatureForData", "(System.ReadOnlySpan,System.Security.Cryptography.X509Certificates.X509Certificate2,System.Security.Cryptography.X509Certificates.X509Certificate2Collection)", "", "Argument[2].Element", "Argument[1]", "value", "dfc-generated"] + - ["System.Security.Cryptography.Pkcs", "Rfc3161TimestampToken", False, "VerifySignatureForHash", "(System.ReadOnlySpan,System.Security.Cryptography.HashAlgorithmName,System.Security.Cryptography.X509Certificates.X509Certificate2,System.Security.Cryptography.X509Certificates.X509Certificate2Collection)", "", "Argument[3].Element", "Argument[2]", "value", "dfc-generated"] + - ["System.Security.Cryptography.Pkcs", "Rfc3161TimestampToken", False, "VerifySignatureForHash", "(System.ReadOnlySpan,System.Security.Cryptography.Oid,System.Security.Cryptography.X509Certificates.X509Certificate2,System.Security.Cryptography.X509Certificates.X509Certificate2Collection)", "", "Argument[3].Element", "Argument[2]", "value", "dfc-generated"] + - ["System.Security.Cryptography.Pkcs", "Rfc3161TimestampToken", False, "VerifySignatureForSignerInfo", "(System.Security.Cryptography.Pkcs.SignerInfo,System.Security.Cryptography.X509Certificates.X509Certificate2,System.Security.Cryptography.X509Certificates.X509Certificate2Collection)", "", "Argument[2].Element", "Argument[1]", "value", "dfc-generated"] - ["System.Security.Cryptography.Pkcs", "Rfc3161TimestampTokenInfo", False, "Encode", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Security.Cryptography.Pkcs", "Rfc3161TimestampTokenInfo", False, "GetNonce", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Security.Cryptography.Pkcs", "Rfc3161TimestampTokenInfo", False, "GetSerialNumber", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Security.Cryptography.Xml.model.yml b/csharp/ql/lib/ext/generated/System.Security.Cryptography.Xml.model.yml index eceeb0c2f5c..421f6fbc504 100644 --- a/csharp/ql/lib/ext/generated/System.Security.Cryptography.Xml.model.yml +++ b/csharp/ql/lib/ext/generated/System.Security.Cryptography.Xml.model.yml @@ -81,7 +81,7 @@ extensions: - ["System.Security.Cryptography.Xml", "SignedInfo", False, "get_CanonicalizationMethodObject", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Security.Cryptography.Xml", "SignedInfo", False, "get_References", "()", "", "Argument[this].SyntheticField[System.Security.Cryptography.Xml.SignedInfo._references]", "ReturnValue", "value", "dfc-generated"] - ["System.Security.Cryptography.Xml", "SignedXml", False, "CheckSignature", "(System.Security.Cryptography.KeyedHashAlgorithm)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["System.Security.Cryptography.Xml", "SignedXml", False, "CheckSignatureReturningKey", "(System.Security.Cryptography.AsymmetricAlgorithm)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Security.Cryptography.Xml", "SignedXml", False, "CheckSignatureReturningKey", "(System.Security.Cryptography.AsymmetricAlgorithm)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - ["System.Security.Cryptography.Xml", "SignedXml", False, "ComputeSignature", "(System.Security.Cryptography.KeyedHashAlgorithm)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["System.Security.Cryptography.Xml", "SignedXml", False, "LoadXml", "(System.Xml.XmlElement)", "", "Argument[0].Element", "Argument[this]", "taint", "df-generated"] - ["System.Security.Cryptography.Xml", "SignedXml", False, "SignedXml", "(System.Xml.XmlDocument)", "", "Argument[0].Element", "Argument[this]", "taint", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Text.Json.Nodes.model.yml b/csharp/ql/lib/ext/generated/System.Text.Json.Nodes.model.yml index 626445bb9f0..221e3d39d62 100644 --- a/csharp/ql/lib/ext/generated/System.Text.Json.Nodes.model.yml +++ b/csharp/ql/lib/ext/generated/System.Text.Json.Nodes.model.yml @@ -12,7 +12,6 @@ extensions: - ["System.Text.Json.Nodes", "JsonNode", False, "AsObject", "()", "", "Argument[this]", "ReturnValue", "value", "dfc-generated"] - ["System.Text.Json.Nodes", "JsonNode", False, "AsValue", "()", "", "Argument[this]", "ReturnValue", "value", "dfc-generated"] - ["System.Text.Json.Nodes", "JsonNode", False, "DeepClone", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Text.Json.Nodes", "JsonNode", False, "Parse", "(System.Text.Json.Utf8JsonReader,System.Nullable)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Text.Json.Nodes", "JsonNode", False, "ReplaceWith", "(T)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - ["System.Text.Json.Nodes", "JsonNode", False, "ToString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Text.Json.Nodes", "JsonNode", False, "get_Options", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] @@ -23,7 +22,7 @@ extensions: - ["System.Text.Json.Nodes", "JsonObject", False, "SetAt", "(System.Int32,System.String,System.Text.Json.Nodes.JsonNode)", "", "Argument[this]", "Argument[2]", "taint", "df-generated"] - ["System.Text.Json.Nodes", "JsonObject", False, "SetAt", "(System.Int32,System.Text.Json.Nodes.JsonNode)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - ["System.Text.Json.Nodes", "JsonValue", False, "Create", "(T,System.Text.Json.Serialization.Metadata.JsonTypeInfo,System.Nullable)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"] - - ["System.Text.Json.Nodes", "JsonValue", True, "TryGetValue", "(T)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Text.Json.Nodes", "JsonValue", True, "TryGetValue", "(T)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - addsTo: pack: codeql/csharp-all extensible: neutralModel @@ -50,6 +49,7 @@ extensions: - ["System.Text.Json.Nodes", "JsonNode", "Parse", "(System.IO.Stream,System.Nullable,System.Text.Json.JsonDocumentOptions)", "summary", "df-generated"] - ["System.Text.Json.Nodes", "JsonNode", "Parse", "(System.ReadOnlySpan,System.Nullable,System.Text.Json.JsonDocumentOptions)", "summary", "df-generated"] - ["System.Text.Json.Nodes", "JsonNode", "Parse", "(System.String,System.Nullable,System.Text.Json.JsonDocumentOptions)", "summary", "df-generated"] + - ["System.Text.Json.Nodes", "JsonNode", "Parse", "(System.Text.Json.Utf8JsonReader,System.Nullable)", "summary", "df-generated"] - ["System.Text.Json.Nodes", "JsonNode", "ParseAsync", "(System.IO.Stream,System.Nullable,System.Text.Json.JsonDocumentOptions,System.Threading.CancellationToken)", "summary", "df-generated"] - ["System.Text.Json.Nodes", "JsonNode", "ToJsonString", "(System.Text.Json.JsonSerializerOptions)", "summary", "df-generated"] - ["System.Text.Json.Nodes", "JsonNode", "WriteTo", "(System.Text.Json.Utf8JsonWriter,System.Text.Json.JsonSerializerOptions)", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Text.Json.Serialization.model.yml b/csharp/ql/lib/ext/generated/System.Text.Json.Serialization.model.yml index cacf9b8523e..c363d08b191 100644 --- a/csharp/ql/lib/ext/generated/System.Text.Json.Serialization.model.yml +++ b/csharp/ql/lib/ext/generated/System.Text.Json.Serialization.model.yml @@ -4,9 +4,7 @@ extensions: pack: codeql/csharp-all extensible: summaryModel data: - - ["System.Text.Json.Serialization", "BinaryDataJsonConverter", False, "Read", "(System.Text.Json.Utf8JsonReader,System.Type,System.Text.Json.JsonSerializerOptions)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Text.Json.Serialization", "JsonConverter", True, "ReadAsPropertyName", "(System.Text.Json.Utf8JsonReader,System.Type,System.Text.Json.JsonSerializerOptions)", "", "Argument[0].Property[System.Text.Json.Utf8JsonReader.ValueSpan].Element", "ReturnValue", "taint", "dfc-generated"] - - ["System.Text.Json.Serialization", "JsonConverter", True, "ReadAsPropertyName", "(System.Text.Json.Utf8JsonReader,System.Type,System.Text.Json.JsonSerializerOptions)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Text.Json.Serialization", "JsonConverterFactory", True, "CreateConverter", "(System.Type,System.Text.Json.JsonSerializerOptions)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Text.Json.Serialization", "JsonDerivedTypeAttribute", False, "JsonDerivedTypeAttribute", "(System.Type,System.String)", "", "Argument[1]", "Argument[this].Property[System.Text.Json.Serialization.JsonDerivedTypeAttribute.TypeDiscriminator]", "value", "dfc-generated"] - ["System.Text.Json.Serialization", "JsonPropertyNameAttribute", False, "JsonPropertyNameAttribute", "(System.String)", "", "Argument[0]", "Argument[this].Property[System.Text.Json.Serialization.JsonPropertyNameAttribute.Name]", "value", "dfc-generated"] @@ -19,6 +17,7 @@ extensions: pack: codeql/csharp-all extensible: neutralModel data: + - ["System.Text.Json.Serialization", "BinaryDataJsonConverter", "Read", "(System.Text.Json.Utf8JsonReader,System.Type,System.Text.Json.JsonSerializerOptions)", "summary", "df-generated"] - ["System.Text.Json.Serialization", "BinaryDataJsonConverter", "Write", "(System.Text.Json.Utf8JsonWriter,System.BinaryData,System.Text.Json.JsonSerializerOptions)", "summary", "df-generated"] - ["System.Text.Json.Serialization", "IJsonOnDeserialized", "OnDeserialized", "()", "summary", "df-generated"] - ["System.Text.Json.Serialization", "IJsonOnDeserializing", "OnDeserializing", "()", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Text.Json.model.yml b/csharp/ql/lib/ext/generated/System.Text.Json.model.yml index e5e1eb220f9..911f3eb7e97 100644 --- a/csharp/ql/lib/ext/generated/System.Text.Json.model.yml +++ b/csharp/ql/lib/ext/generated/System.Text.Json.model.yml @@ -6,8 +6,6 @@ extensions: data: - ["System.Text.Json", "JsonDocument", False, "Parse", "(System.Buffers.ReadOnlySequence,System.Text.Json.JsonDocumentOptions)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System.Text.Json", "JsonDocument", False, "Parse", "(System.ReadOnlyMemory,System.Text.Json.JsonDocumentOptions)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["System.Text.Json", "JsonDocument", False, "ParseValue", "(System.Text.Json.Utf8JsonReader)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Text.Json", "JsonDocument", False, "TryParseValue", "(System.Text.Json.Utf8JsonReader,System.Text.Json.JsonDocument)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Text.Json", "JsonDocument", False, "get_RootElement", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Text.Json", "JsonElement+ArrayEnumerator", False, "GetEnumerator", "()", "", "Argument[this]", "ReturnValue", "value", "dfc-generated"] - ["System.Text.Json", "JsonElement+ArrayEnumerator", False, "get_Current", "()", "", "Argument[this].Property[System.Text.Json.JsonElement+ArrayEnumerator.Current]", "ReturnValue", "value", "dfc-generated"] @@ -21,11 +19,9 @@ extensions: - ["System.Text.Json", "JsonElement", False, "GetProperty", "(System.ReadOnlySpan)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Text.Json", "JsonElement", False, "GetProperty", "(System.ReadOnlySpan)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Text.Json", "JsonElement", False, "GetProperty", "(System.String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Text.Json", "JsonElement", False, "ParseValue", "(System.Text.Json.Utf8JsonReader)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Text.Json", "JsonElement", False, "TryGetProperty", "(System.ReadOnlySpan,System.Text.Json.JsonElement)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Text.Json", "JsonElement", False, "TryGetProperty", "(System.ReadOnlySpan,System.Text.Json.JsonElement)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Text.Json", "JsonElement", False, "TryGetProperty", "(System.String,System.Text.Json.JsonElement)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Text.Json", "JsonElement", False, "TryParseValue", "(System.Text.Json.Utf8JsonReader,System.Nullable)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] + - ["System.Text.Json", "JsonElement", False, "TryGetProperty", "(System.ReadOnlySpan,System.Text.Json.JsonElement)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] + - ["System.Text.Json", "JsonElement", False, "TryGetProperty", "(System.ReadOnlySpan,System.Text.Json.JsonElement)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] + - ["System.Text.Json", "JsonElement", False, "TryGetProperty", "(System.String,System.Text.Json.JsonElement)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - ["System.Text.Json", "JsonElement", False, "get_Item", "(System.Int32)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Text.Json", "JsonEncodedText", False, "Encode", "(System.ReadOnlySpan,System.Text.Encodings.Web.JavaScriptEncoder)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System.Text.Json", "JsonEncodedText", False, "ToString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] @@ -46,11 +42,6 @@ extensions: - ["System.Text.Json", "JsonProperty", False, "get_Name", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Text.Json", "JsonReaderState", False, "JsonReaderState", "(System.Text.Json.JsonReaderOptions)", "", "Argument[0]", "Argument[this].SyntheticField[System.Text.Json.JsonReaderState._readerOptions]", "value", "dfc-generated"] - ["System.Text.Json", "JsonReaderState", False, "get_Options", "()", "", "Argument[this].SyntheticField[System.Text.Json.JsonReaderState._readerOptions]", "ReturnValue", "value", "dfc-generated"] - - ["System.Text.Json", "JsonSerializer", False, "Deserialize", "(System.Text.Json.Utf8JsonReader,System.Text.Json.Serialization.Metadata.JsonTypeInfo)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Text.Json", "JsonSerializer", False, "Deserialize", "(System.Text.Json.Utf8JsonReader,System.Type,System.Text.Json.JsonSerializerOptions)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Text.Json", "JsonSerializer", False, "Deserialize", "(System.Text.Json.Utf8JsonReader,System.Type,System.Text.Json.Serialization.JsonSerializerContext)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Text.Json", "JsonSerializer", False, "Deserialize", "(System.Text.Json.Utf8JsonReader,System.Text.Json.JsonSerializerOptions)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Text.Json", "JsonSerializer", False, "Deserialize", "(System.Text.Json.Utf8JsonReader,System.Text.Json.Serialization.Metadata.JsonTypeInfo)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Text.Json", "JsonSerializer", False, "Serialize", "(System.IO.Stream,System.Object,System.Text.Json.Serialization.Metadata.JsonTypeInfo)", "", "Argument[1]", "Argument[2]", "taint", "df-generated"] - ["System.Text.Json", "JsonSerializer", False, "Serialize", "(System.Object,System.Text.Json.Serialization.Metadata.JsonTypeInfo)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] - ["System.Text.Json", "JsonSerializer", False, "Serialize", "(System.Text.Json.Utf8JsonWriter,System.Object,System.Text.Json.Serialization.Metadata.JsonTypeInfo)", "", "Argument[0]", "Argument[2]", "taint", "df-generated"] @@ -74,7 +65,7 @@ extensions: - ["System.Text.Json", "JsonSerializerOptions", False, "GetConverter", "(System.Type)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Text.Json", "JsonSerializerOptions", False, "GetTypeInfo", "(System.Type)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Text.Json", "JsonSerializerOptions", False, "JsonSerializerOptions", "(System.Text.Json.JsonSerializerOptions)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - - ["System.Text.Json", "JsonSerializerOptions", False, "TryGetTypeInfo", "(System.Type,System.Text.Json.Serialization.Metadata.JsonTypeInfo)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Text.Json", "JsonSerializerOptions", False, "TryGetTypeInfo", "(System.Type,System.Text.Json.Serialization.Metadata.JsonTypeInfo)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - ["System.Text.Json", "Utf8JsonReader", False, "CopyString", "(System.Span)", "", "Argument[this].Property[System.Text.Json.Utf8JsonReader.ValueSpan].Element", "Argument[0].Element", "value", "dfc-generated"] - ["System.Text.Json", "Utf8JsonReader", False, "GetComment", "()", "", "Argument[this].Property[System.Text.Json.Utf8JsonReader.ValueSpan].Element", "ReturnValue", "taint", "dfc-generated"] - ["System.Text.Json", "Utf8JsonReader", False, "GetString", "()", "", "Argument[this].Property[System.Text.Json.Utf8JsonReader.ValueSpan].Element", "ReturnValue", "taint", "dfc-generated"] @@ -95,6 +86,8 @@ extensions: - ["System.Text.Json", "JsonDocument", "Parse", "(System.ReadOnlyMemory,System.Text.Json.JsonDocumentOptions)", "summary", "df-generated"] - ["System.Text.Json", "JsonDocument", "Parse", "(System.String,System.Text.Json.JsonDocumentOptions)", "summary", "df-generated"] - ["System.Text.Json", "JsonDocument", "ParseAsync", "(System.IO.Stream,System.Text.Json.JsonDocumentOptions,System.Threading.CancellationToken)", "summary", "df-generated"] + - ["System.Text.Json", "JsonDocument", "ParseValue", "(System.Text.Json.Utf8JsonReader)", "summary", "df-generated"] + - ["System.Text.Json", "JsonDocument", "TryParseValue", "(System.Text.Json.Utf8JsonReader,System.Text.Json.JsonDocument)", "summary", "df-generated"] - ["System.Text.Json", "JsonDocument", "WriteTo", "(System.Text.Json.Utf8JsonWriter)", "summary", "df-generated"] - ["System.Text.Json", "JsonElement+ArrayEnumerator", "Dispose", "()", "summary", "df-generated"] - ["System.Text.Json", "JsonElement+ArrayEnumerator", "MoveNext", "()", "summary", "df-generated"] @@ -123,6 +116,7 @@ extensions: - ["System.Text.Json", "JsonElement", "GetUInt16", "()", "summary", "df-generated"] - ["System.Text.Json", "JsonElement", "GetUInt32", "()", "summary", "df-generated"] - ["System.Text.Json", "JsonElement", "GetUInt64", "()", "summary", "df-generated"] + - ["System.Text.Json", "JsonElement", "ParseValue", "(System.Text.Json.Utf8JsonReader)", "summary", "df-generated"] - ["System.Text.Json", "JsonElement", "ToString", "()", "summary", "df-generated"] - ["System.Text.Json", "JsonElement", "TryGetByte", "(System.Byte)", "summary", "df-generated"] - ["System.Text.Json", "JsonElement", "TryGetBytesFromBase64", "(System.Byte[])", "summary", "df-generated"] @@ -139,6 +133,7 @@ extensions: - ["System.Text.Json", "JsonElement", "TryGetUInt16", "(System.UInt16)", "summary", "df-generated"] - ["System.Text.Json", "JsonElement", "TryGetUInt32", "(System.UInt32)", "summary", "df-generated"] - ["System.Text.Json", "JsonElement", "TryGetUInt64", "(System.UInt64)", "summary", "df-generated"] + - ["System.Text.Json", "JsonElement", "TryParseValue", "(System.Text.Json.Utf8JsonReader,System.Nullable)", "summary", "df-generated"] - ["System.Text.Json", "JsonElement", "ValueEquals", "(System.ReadOnlySpan)", "summary", "df-generated"] - ["System.Text.Json", "JsonElement", "ValueEquals", "(System.ReadOnlySpan)", "summary", "df-generated"] - ["System.Text.Json", "JsonElement", "ValueEquals", "(System.String)", "summary", "df-generated"] @@ -183,6 +178,9 @@ extensions: - ["System.Text.Json", "JsonSerializer", "Deserialize", "(System.Text.Json.Nodes.JsonNode,System.Text.Json.Serialization.Metadata.JsonTypeInfo)", "summary", "df-generated"] - ["System.Text.Json", "JsonSerializer", "Deserialize", "(System.Text.Json.Nodes.JsonNode,System.Type,System.Text.Json.JsonSerializerOptions)", "summary", "df-generated"] - ["System.Text.Json", "JsonSerializer", "Deserialize", "(System.Text.Json.Nodes.JsonNode,System.Type,System.Text.Json.Serialization.JsonSerializerContext)", "summary", "df-generated"] + - ["System.Text.Json", "JsonSerializer", "Deserialize", "(System.Text.Json.Utf8JsonReader,System.Text.Json.Serialization.Metadata.JsonTypeInfo)", "summary", "df-generated"] + - ["System.Text.Json", "JsonSerializer", "Deserialize", "(System.Text.Json.Utf8JsonReader,System.Type,System.Text.Json.JsonSerializerOptions)", "summary", "df-generated"] + - ["System.Text.Json", "JsonSerializer", "Deserialize", "(System.Text.Json.Utf8JsonReader,System.Type,System.Text.Json.Serialization.JsonSerializerContext)", "summary", "df-generated"] - ["System.Text.Json", "JsonSerializer", "Deserialize", "(System.IO.Stream,System.Text.Json.JsonSerializerOptions)", "summary", "df-generated"] - ["System.Text.Json", "JsonSerializer", "Deserialize", "(System.IO.Stream,System.Text.Json.Serialization.Metadata.JsonTypeInfo)", "summary", "df-generated"] - ["System.Text.Json", "JsonSerializer", "Deserialize", "(System.ReadOnlySpan,System.Text.Json.JsonSerializerOptions)", "summary", "df-generated"] @@ -197,6 +195,8 @@ extensions: - ["System.Text.Json", "JsonSerializer", "Deserialize", "(System.Text.Json.JsonElement,System.Text.Json.Serialization.Metadata.JsonTypeInfo)", "summary", "df-generated"] - ["System.Text.Json", "JsonSerializer", "Deserialize", "(System.Text.Json.Nodes.JsonNode,System.Text.Json.JsonSerializerOptions)", "summary", "df-generated"] - ["System.Text.Json", "JsonSerializer", "Deserialize", "(System.Text.Json.Nodes.JsonNode,System.Text.Json.Serialization.Metadata.JsonTypeInfo)", "summary", "df-generated"] + - ["System.Text.Json", "JsonSerializer", "Deserialize", "(System.Text.Json.Utf8JsonReader,System.Text.Json.JsonSerializerOptions)", "summary", "df-generated"] + - ["System.Text.Json", "JsonSerializer", "Deserialize", "(System.Text.Json.Utf8JsonReader,System.Text.Json.Serialization.Metadata.JsonTypeInfo)", "summary", "df-generated"] - ["System.Text.Json", "JsonSerializer", "DeserializeAsync", "(System.IO.Stream,System.Text.Json.Serialization.Metadata.JsonTypeInfo,System.Threading.CancellationToken)", "summary", "df-generated"] - ["System.Text.Json", "JsonSerializer", "DeserializeAsync", "(System.IO.Stream,System.Type,System.Text.Json.JsonSerializerOptions,System.Threading.CancellationToken)", "summary", "df-generated"] - ["System.Text.Json", "JsonSerializer", "DeserializeAsync", "(System.IO.Stream,System.Type,System.Text.Json.Serialization.JsonSerializerContext,System.Threading.CancellationToken)", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Text.RegularExpressions.model.yml b/csharp/ql/lib/ext/generated/System.Text.RegularExpressions.model.yml index b70d8da3c91..83ab228ce7c 100644 --- a/csharp/ql/lib/ext/generated/System.Text.RegularExpressions.model.yml +++ b/csharp/ql/lib/ext/generated/System.Text.RegularExpressions.model.yml @@ -9,7 +9,7 @@ extensions: - ["System.Text.RegularExpressions", "GeneratedRegexAttribute", False, "GeneratedRegexAttribute", "(System.String,System.Text.RegularExpressions.RegexOptions,System.Int32,System.String)", "", "Argument[0]", "Argument[this].Property[System.Text.RegularExpressions.GeneratedRegexAttribute.Pattern]", "value", "dfc-generated"] - ["System.Text.RegularExpressions", "GeneratedRegexAttribute", False, "GeneratedRegexAttribute", "(System.String,System.Text.RegularExpressions.RegexOptions,System.Int32,System.String)", "", "Argument[3]", "Argument[this].Property[System.Text.RegularExpressions.GeneratedRegexAttribute.CultureName]", "value", "dfc-generated"] - ["System.Text.RegularExpressions", "Group", False, "Synchronized", "(System.Text.RegularExpressions.Group)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Text.RegularExpressions", "GroupCollection", False, "TryGetValue", "(System.String,System.Text.RegularExpressions.Group)", "", "Argument[this].Element", "ReturnValue", "value", "dfc-generated"] + - ["System.Text.RegularExpressions", "GroupCollection", False, "TryGetValue", "(System.String,System.Text.RegularExpressions.Group)", "", "Argument[this].Element", "Argument[1]", "value", "dfc-generated"] - ["System.Text.RegularExpressions", "GroupCollection", False, "get_Keys", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Text.RegularExpressions", "GroupCollection", False, "get_Values", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Text.RegularExpressions", "Match", False, "NextMatch", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Text.Unicode.model.yml b/csharp/ql/lib/ext/generated/System.Text.Unicode.model.yml index 20d753a17d1..c4c2322beef 100644 --- a/csharp/ql/lib/ext/generated/System.Text.Unicode.model.yml +++ b/csharp/ql/lib/ext/generated/System.Text.Unicode.model.yml @@ -7,8 +7,6 @@ extensions: - ["System.Text.Unicode", "Utf8+TryWriteInterpolatedStringHandler", False, "TryWriteInterpolatedStringHandler", "(System.Int32,System.Int32,System.Span,System.Boolean)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] - ["System.Text.Unicode", "Utf8+TryWriteInterpolatedStringHandler", False, "TryWriteInterpolatedStringHandler", "(System.Int32,System.Int32,System.Span,System.IFormatProvider,System.Boolean)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] - ["System.Text.Unicode", "Utf8+TryWriteInterpolatedStringHandler", False, "TryWriteInterpolatedStringHandler", "(System.Int32,System.Int32,System.Span,System.IFormatProvider,System.Boolean)", "", "Argument[3]", "Argument[this]", "taint", "df-generated"] - - ["System.Text.Unicode", "Utf8", False, "TryWrite", "(System.Span,System.IFormatProvider,System.Text.Unicode.Utf8+TryWriteInterpolatedStringHandler,System.Int32)", "", "Argument[2]", "ReturnValue", "value", "dfc-generated"] - - ["System.Text.Unicode", "Utf8", False, "TryWrite", "(System.Span,System.Text.Unicode.Utf8+TryWriteInterpolatedStringHandler,System.Int32)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - addsTo: pack: codeql/csharp-all extensible: neutralModel @@ -194,3 +192,5 @@ extensions: - ["System.Text.Unicode", "Utf8", "FromUtf16", "(System.ReadOnlySpan,System.Span,System.Int32,System.Int32,System.Boolean,System.Boolean)", "summary", "df-generated"] - ["System.Text.Unicode", "Utf8", "IsValid", "(System.ReadOnlySpan)", "summary", "df-generated"] - ["System.Text.Unicode", "Utf8", "ToUtf16", "(System.ReadOnlySpan,System.Span,System.Int32,System.Int32,System.Boolean,System.Boolean)", "summary", "df-generated"] + - ["System.Text.Unicode", "Utf8", "TryWrite", "(System.Span,System.IFormatProvider,System.Text.Unicode.Utf8+TryWriteInterpolatedStringHandler,System.Int32)", "summary", "df-generated"] + - ["System.Text.Unicode", "Utf8", "TryWrite", "(System.Span,System.Text.Unicode.Utf8+TryWriteInterpolatedStringHandler,System.Int32)", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Threading.RateLimiting.model.yml b/csharp/ql/lib/ext/generated/System.Threading.RateLimiting.model.yml index ccfb12aa0e6..4a3d0c9a820 100644 --- a/csharp/ql/lib/ext/generated/System.Threading.RateLimiting.model.yml +++ b/csharp/ql/lib/ext/generated/System.Threading.RateLimiting.model.yml @@ -10,9 +10,9 @@ extensions: - ["System.Threading.RateLimiting", "MetadataName", False, "ToString", "()", "", "Argument[this].SyntheticField[System.Threading.RateLimiting.MetadataName`1._name]", "ReturnValue", "value", "dfc-generated"] - ["System.Threading.RateLimiting", "MetadataName", False, "get_Name", "()", "", "Argument[this].SyntheticField[System.Threading.RateLimiting.MetadataName`1._name]", "ReturnValue", "value", "dfc-generated"] - ["System.Threading.RateLimiting", "PartitionedRateLimiter", False, "CreateChained", "(System.Threading.RateLimiting.PartitionedRateLimiter[])", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"] - - ["System.Threading.RateLimiting", "RateLimitLease", False, "TryGetMetadata", "(System.Threading.RateLimiting.MetadataName,T)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Threading.RateLimiting", "RateLimitLease", False, "TryGetMetadata", "(System.Threading.RateLimiting.MetadataName,T)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - ["System.Threading.RateLimiting", "RateLimitLease", True, "GetAllMetadata", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Threading.RateLimiting", "RateLimitLease", True, "TryGetMetadata", "(System.String,System.Object)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Threading.RateLimiting", "RateLimitLease", True, "TryGetMetadata", "(System.String,System.Object)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - ["System.Threading.RateLimiting", "RateLimitLease", True, "get_MetadataNames", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Threading.RateLimiting", "RateLimitPartition", False, "RateLimitPartition", "(TKey,System.Func)", "", "Argument[0]", "Argument[this].Property[System.Threading.RateLimiting.RateLimitPartition`1.PartitionKey]", "value", "dfc-generated"] - ["System.Threading.RateLimiting", "RateLimitPartition", False, "RateLimitPartition", "(TKey,System.Func)", "", "Argument[1]", "Argument[this].Property[System.Threading.RateLimiting.RateLimitPartition`1.Factory]", "value", "dfc-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Threading.Tasks.Dataflow.model.yml b/csharp/ql/lib/ext/generated/System.Threading.Tasks.Dataflow.model.yml index d39b388a218..2c07b1a031b 100644 --- a/csharp/ql/lib/ext/generated/System.Threading.Tasks.Dataflow.model.yml +++ b/csharp/ql/lib/ext/generated/System.Threading.Tasks.Dataflow.model.yml @@ -25,7 +25,7 @@ extensions: - ["System.Threading.Tasks.Dataflow", "BroadcastBlock", False, "LinkTo", "(System.Threading.Tasks.Dataflow.ITargetBlock,System.Threading.Tasks.Dataflow.DataflowLinkOptions)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System.Threading.Tasks.Dataflow", "BroadcastBlock", False, "LinkTo", "(System.Threading.Tasks.Dataflow.ITargetBlock,System.Threading.Tasks.Dataflow.DataflowLinkOptions)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Threading.Tasks.Dataflow", "BroadcastBlock", False, "ReserveMessage", "(System.Threading.Tasks.Dataflow.DataflowMessageHeader,System.Threading.Tasks.Dataflow.ITargetBlock)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - - ["System.Threading.Tasks.Dataflow", "BroadcastBlock", False, "TryReceiveAll", "(System.Collections.Generic.IList)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Threading.Tasks.Dataflow", "BroadcastBlock", False, "TryReceiveAll", "(System.Collections.Generic.IList)", "", "Argument[this]", "Argument[0].Element", "taint", "df-generated"] - ["System.Threading.Tasks.Dataflow", "BufferBlock", False, "BufferBlock", "(System.Threading.Tasks.Dataflow.DataflowBlockOptions)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["System.Threading.Tasks.Dataflow", "BufferBlock", False, "LinkTo", "(System.Threading.Tasks.Dataflow.ITargetBlock,System.Threading.Tasks.Dataflow.DataflowLinkOptions)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System.Threading.Tasks.Dataflow", "BufferBlock", False, "LinkTo", "(System.Threading.Tasks.Dataflow.ITargetBlock,System.Threading.Tasks.Dataflow.DataflowLinkOptions)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] @@ -48,7 +48,7 @@ extensions: - ["System.Threading.Tasks.Dataflow", "DataflowBlock", False, "ReceiveAsync", "(System.Threading.Tasks.Dataflow.ISourceBlock,System.TimeSpan,System.Threading.CancellationToken)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System.Threading.Tasks.Dataflow", "DataflowBlock", False, "SendAsync", "(System.Threading.Tasks.Dataflow.ITargetBlock,TInput)", "", "Argument[1]", "Argument[0]", "taint", "df-generated"] - ["System.Threading.Tasks.Dataflow", "DataflowBlock", False, "SendAsync", "(System.Threading.Tasks.Dataflow.ITargetBlock,TInput,System.Threading.CancellationToken)", "", "Argument[1]", "Argument[0]", "taint", "df-generated"] - - ["System.Threading.Tasks.Dataflow", "DataflowBlock", False, "TryReceive", "(System.Threading.Tasks.Dataflow.IReceivableSourceBlock,TOutput)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] + - ["System.Threading.Tasks.Dataflow", "DataflowBlock", False, "TryReceive", "(System.Threading.Tasks.Dataflow.IReceivableSourceBlock,TOutput)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] - ["System.Threading.Tasks.Dataflow", "IDataflowBlock", True, "get_Completion", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Threading.Tasks.Dataflow", "JoinBlock", False, "JoinBlock", "(System.Threading.Tasks.Dataflow.GroupingDataflowBlockOptions)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["System.Threading.Tasks.Dataflow", "JoinBlock", False, "LinkTo", "(System.Threading.Tasks.Dataflow.ITargetBlock>,System.Threading.Tasks.Dataflow.DataflowLinkOptions)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] @@ -76,7 +76,7 @@ extensions: - ["System.Threading.Tasks.Dataflow", "WriteOnceBlock", False, "OfferMessage", "(System.Threading.Tasks.Dataflow.DataflowMessageHeader,T,System.Threading.Tasks.Dataflow.ISourceBlock,System.Boolean)", "", "Argument[1]", "Argument[this].SyntheticField[System.Threading.Tasks.Dataflow.WriteOnceBlock`1._value]", "value", "dfc-generated"] - ["System.Threading.Tasks.Dataflow", "WriteOnceBlock", False, "ReleaseReservation", "(System.Threading.Tasks.Dataflow.DataflowMessageHeader,System.Threading.Tasks.Dataflow.ITargetBlock)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - ["System.Threading.Tasks.Dataflow", "WriteOnceBlock", False, "ToString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Threading.Tasks.Dataflow", "WriteOnceBlock", False, "TryReceiveAll", "(System.Collections.Generic.IList)", "", "Argument[this].SyntheticField[System.Threading.Tasks.Dataflow.WriteOnceBlock`1._value]", "ReturnValue.Element", "value", "dfc-generated"] + - ["System.Threading.Tasks.Dataflow", "WriteOnceBlock", False, "TryReceiveAll", "(System.Collections.Generic.IList)", "", "Argument[this].SyntheticField[System.Threading.Tasks.Dataflow.WriteOnceBlock`1._value]", "Argument[0].Element", "value", "dfc-generated"] - ["System.Threading.Tasks.Dataflow", "WriteOnceBlock", False, "WriteOnceBlock", "(System.Func,System.Threading.Tasks.Dataflow.DataflowBlockOptions)", "", "Argument[0]", "Argument[this].SyntheticField[System.Threading.Tasks.Dataflow.WriteOnceBlock`1._cloningFunction]", "value", "dfc-generated"] - addsTo: pack: codeql/csharp-all diff --git a/csharp/ql/lib/ext/generated/System.Threading.model.yml b/csharp/ql/lib/ext/generated/System.Threading.model.yml index 3872a5ad238..f90d92d7c26 100644 --- a/csharp/ql/lib/ext/generated/System.Threading.model.yml +++ b/csharp/ql/lib/ext/generated/System.Threading.model.yml @@ -22,31 +22,20 @@ extensions: - ["System.Threading", "ExecutionContext", False, "CreateCopy", "()", "", "Argument[this]", "ReturnValue", "value", "dfc-generated"] - ["System.Threading", "ExecutionContext", False, "Run", "(System.Threading.ExecutionContext,System.Threading.ContextCallback,System.Object)", "", "Argument[2]", "Argument[1].Parameter[0]", "value", "dfc-generated"] - ["System.Threading", "HostExecutionContextManager", True, "SetHostExecutionContext", "(System.Threading.HostExecutionContext)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["System.Threading", "Interlocked", False, "CompareExchange", "(System.IntPtr,System.IntPtr,System.IntPtr)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Threading", "Interlocked", False, "CompareExchange", "(System.UIntPtr,System.UIntPtr,System.UIntPtr)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Threading", "Interlocked", False, "CompareExchange", "(T,T,T)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Threading", "Interlocked", False, "Exchange", "(System.IntPtr,System.IntPtr)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Threading", "Interlocked", False, "Exchange", "(System.UIntPtr,System.UIntPtr)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Threading", "Interlocked", False, "Exchange", "(T,T)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Threading", "LazyInitializer", False, "EnsureInitialized", "(T)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Threading", "LazyInitializer", False, "EnsureInitialized", "(T,System.Boolean,System.Object)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Threading", "LazyInitializer", False, "EnsureInitialized", "(T,System.Boolean,System.Object)", "", "Argument[2]", "ReturnValue", "value", "dfc-generated"] - ["System.Threading", "LazyInitializer", False, "EnsureInitialized", "(T,System.Boolean,System.Object,System.Func)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Threading", "LazyInitializer", False, "EnsureInitialized", "(T,System.Boolean,System.Object,System.Func)", "", "Argument[2]", "ReturnValue", "value", "dfc-generated"] + - ["System.Threading", "LazyInitializer", False, "EnsureInitialized", "(T,System.Boolean,System.Object,System.Func)", "", "Argument[3].ReturnValue", "Argument[0]", "value", "dfc-generated"] - ["System.Threading", "LazyInitializer", False, "EnsureInitialized", "(T,System.Boolean,System.Object,System.Func)", "", "Argument[3].ReturnValue", "ReturnValue", "value", "dfc-generated"] - ["System.Threading", "LazyInitializer", False, "EnsureInitialized", "(T,System.Func)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Threading", "LazyInitializer", False, "EnsureInitialized", "(T,System.Object,System.Func)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Threading", "LazyInitializer", False, "EnsureInitialized", "(T,System.Object,System.Func)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - ["System.Threading", "Lock", False, "EnterScope", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Threading", "ManualResetEventSlim", False, "get_WaitHandle", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Threading", "Mutex", False, "TryOpenExisting", "(System.String,System.Threading.Mutex)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - ["System.Threading", "Overlapped", False, "Overlapped", "(System.Int32,System.Int32,System.IntPtr,System.IAsyncResult)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] - ["System.Threading", "Overlapped", False, "Overlapped", "(System.Int32,System.Int32,System.IntPtr,System.IAsyncResult)", "", "Argument[3]", "Argument[this]", "taint", "df-generated"] - ["System.Threading", "PeriodicTimer", False, "PeriodicTimer", "(System.TimeSpan)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["System.Threading", "PeriodicTimer", False, "PeriodicTimer", "(System.TimeSpan,System.TimeProvider)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["System.Threading", "PeriodicTimer", False, "WaitForNextTickAsync", "(System.Threading.CancellationToken)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Threading", "ReaderWriterLock", False, "DowngradeFromWriterLock", "(System.Threading.LockCookie)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Threading", "ReaderWriterLock", False, "RestoreLock", "(System.Threading.LockCookie)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Threading", "RegisteredWaitHandle", False, "Unregister", "(System.Threading.WaitHandle)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["System.Threading", "SemaphoreSlim", False, "WaitAsync", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Threading", "SemaphoreSlim", False, "WaitAsync", "(System.Int32)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] @@ -58,20 +47,11 @@ extensions: - ["System.Threading", "SynchronizationContext", True, "Send", "(System.Threading.SendOrPostCallback,System.Object)", "", "Argument[1]", "Argument[0].Parameter[0]", "value", "dfc-generated"] - ["System.Threading", "Thread", False, "GetData", "(System.LocalDataStoreSlot)", "", "Argument[0].SyntheticField[System.LocalDataStoreSlot.Data].Property[System.Threading.ThreadLocal`1.Value]", "ReturnValue", "value", "dfc-generated"] - ["System.Threading", "Thread", False, "SetData", "(System.LocalDataStoreSlot,System.Object)", "", "Argument[1]", "Argument[0].SyntheticField[System.LocalDataStoreSlot.Data].Property[System.Threading.ThreadLocal`1.Value]", "value", "dfc-generated"] - - ["System.Threading", "Thread", False, "VolatileRead", "(System.IntPtr)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Threading", "Thread", False, "VolatileRead", "(System.Object)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Threading", "Thread", False, "VolatileRead", "(System.UIntPtr)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Threading", "Thread", False, "VolatileWrite", "(System.IntPtr,System.IntPtr)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Threading", "Thread", False, "VolatileWrite", "(System.Object,System.Object)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Threading", "Thread", False, "VolatileWrite", "(System.UIntPtr,System.UIntPtr)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Threading", "ThreadExceptionEventArgs", False, "ThreadExceptionEventArgs", "(System.Exception)", "", "Argument[0]", "Argument[this].SyntheticField[System.Threading.ThreadExceptionEventArgs.m_exception]", "value", "dfc-generated"] - ["System.Threading", "ThreadExceptionEventArgs", False, "get_Exception", "()", "", "Argument[this].SyntheticField[System.Threading.ThreadExceptionEventArgs.m_exception]", "ReturnValue", "value", "dfc-generated"] - ["System.Threading", "ThreadLocal", False, "ToString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Threading", "ThreadPoolBoundHandle", False, "AllocateNativeOverlapped", "(System.Threading.PreAllocatedOverlapped)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System.Threading", "ThreadPoolBoundHandle", False, "get_Handle", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Threading", "Volatile", False, "Write", "(System.IntPtr,System.IntPtr)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Threading", "Volatile", False, "Write", "(System.UIntPtr,System.UIntPtr)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - - ["System.Threading", "Volatile", False, "Write", "(T,T)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Threading", "WaitHandleExtensions", False, "GetSafeWaitHandle", "(System.Threading.WaitHandle)", "", "Argument[0].Property[System.Threading.WaitHandle.SafeWaitHandle]", "ReturnValue", "value", "dfc-generated"] - ["System.Threading", "WaitHandleExtensions", False, "SetSafeWaitHandle", "(System.Threading.WaitHandle,Microsoft.Win32.SafeHandles.SafeWaitHandle)", "", "Argument[1]", "Argument[0]", "taint", "df-generated"] - addsTo: @@ -208,12 +188,15 @@ extensions: - ["System.Threading", "Interlocked", "CompareExchange", "(System.Int16,System.Int16,System.Int16)", "summary", "df-generated"] - ["System.Threading", "Interlocked", "CompareExchange", "(System.Int32,System.Int32,System.Int32)", "summary", "df-generated"] - ["System.Threading", "Interlocked", "CompareExchange", "(System.Int64,System.Int64,System.Int64)", "summary", "df-generated"] + - ["System.Threading", "Interlocked", "CompareExchange", "(System.IntPtr,System.IntPtr,System.IntPtr)", "summary", "df-generated"] - ["System.Threading", "Interlocked", "CompareExchange", "(System.Object,System.Object,System.Object)", "summary", "df-generated"] - ["System.Threading", "Interlocked", "CompareExchange", "(System.SByte,System.SByte,System.SByte)", "summary", "df-generated"] - ["System.Threading", "Interlocked", "CompareExchange", "(System.Single,System.Single,System.Single)", "summary", "df-generated"] - ["System.Threading", "Interlocked", "CompareExchange", "(System.UInt16,System.UInt16,System.UInt16)", "summary", "df-generated"] - ["System.Threading", "Interlocked", "CompareExchange", "(System.UInt32,System.UInt32,System.UInt32)", "summary", "df-generated"] - ["System.Threading", "Interlocked", "CompareExchange", "(System.UInt64,System.UInt64,System.UInt64)", "summary", "df-generated"] + - ["System.Threading", "Interlocked", "CompareExchange", "(System.UIntPtr,System.UIntPtr,System.UIntPtr)", "summary", "df-generated"] + - ["System.Threading", "Interlocked", "CompareExchange", "(T,T,T)", "summary", "df-generated"] - ["System.Threading", "Interlocked", "Decrement", "(System.Int32)", "summary", "df-generated"] - ["System.Threading", "Interlocked", "Decrement", "(System.Int64)", "summary", "df-generated"] - ["System.Threading", "Interlocked", "Decrement", "(System.UInt32)", "summary", "df-generated"] @@ -223,12 +206,15 @@ extensions: - ["System.Threading", "Interlocked", "Exchange", "(System.Int16,System.Int16)", "summary", "df-generated"] - ["System.Threading", "Interlocked", "Exchange", "(System.Int32,System.Int32)", "summary", "df-generated"] - ["System.Threading", "Interlocked", "Exchange", "(System.Int64,System.Int64)", "summary", "df-generated"] + - ["System.Threading", "Interlocked", "Exchange", "(System.IntPtr,System.IntPtr)", "summary", "df-generated"] - ["System.Threading", "Interlocked", "Exchange", "(System.Object,System.Object)", "summary", "df-generated"] - ["System.Threading", "Interlocked", "Exchange", "(System.SByte,System.SByte)", "summary", "df-generated"] - ["System.Threading", "Interlocked", "Exchange", "(System.Single,System.Single)", "summary", "df-generated"] - ["System.Threading", "Interlocked", "Exchange", "(System.UInt16,System.UInt16)", "summary", "df-generated"] - ["System.Threading", "Interlocked", "Exchange", "(System.UInt32,System.UInt32)", "summary", "df-generated"] - ["System.Threading", "Interlocked", "Exchange", "(System.UInt64,System.UInt64)", "summary", "df-generated"] + - ["System.Threading", "Interlocked", "Exchange", "(System.UIntPtr,System.UIntPtr)", "summary", "df-generated"] + - ["System.Threading", "Interlocked", "Exchange", "(T,T)", "summary", "df-generated"] - ["System.Threading", "Interlocked", "Increment", "(System.Int32)", "summary", "df-generated"] - ["System.Threading", "Interlocked", "Increment", "(System.Int64)", "summary", "df-generated"] - ["System.Threading", "Interlocked", "Increment", "(System.UInt32)", "summary", "df-generated"] @@ -292,6 +278,7 @@ extensions: - ["System.Threading", "Mutex", "Mutex", "(System.Boolean,System.String,System.Boolean)", "summary", "df-generated"] - ["System.Threading", "Mutex", "OpenExisting", "(System.String)", "summary", "df-generated"] - ["System.Threading", "Mutex", "ReleaseMutex", "()", "summary", "df-generated"] + - ["System.Threading", "Mutex", "TryOpenExisting", "(System.String,System.Threading.Mutex)", "summary", "df-generated"] - ["System.Threading", "MutexAcl", "Create", "(System.Boolean,System.String,System.Boolean,System.Security.AccessControl.MutexSecurity)", "summary", "df-generated"] - ["System.Threading", "MutexAcl", "OpenExisting", "(System.String,System.Security.AccessControl.MutexRights)", "summary", "df-generated"] - ["System.Threading", "MutexAcl", "TryOpenExisting", "(System.String,System.Security.AccessControl.MutexRights,System.Threading.Mutex)", "summary", "df-generated"] @@ -311,9 +298,11 @@ extensions: - ["System.Threading", "ReaderWriterLock", "AcquireWriterLock", "(System.Int32)", "summary", "df-generated"] - ["System.Threading", "ReaderWriterLock", "AcquireWriterLock", "(System.TimeSpan)", "summary", "df-generated"] - ["System.Threading", "ReaderWriterLock", "AnyWritersSince", "(System.Int32)", "summary", "df-generated"] + - ["System.Threading", "ReaderWriterLock", "DowngradeFromWriterLock", "(System.Threading.LockCookie)", "summary", "df-generated"] - ["System.Threading", "ReaderWriterLock", "ReleaseLock", "()", "summary", "df-generated"] - ["System.Threading", "ReaderWriterLock", "ReleaseReaderLock", "()", "summary", "df-generated"] - ["System.Threading", "ReaderWriterLock", "ReleaseWriterLock", "()", "summary", "df-generated"] + - ["System.Threading", "ReaderWriterLock", "RestoreLock", "(System.Threading.LockCookie)", "summary", "df-generated"] - ["System.Threading", "ReaderWriterLock", "UpgradeToWriterLock", "(System.Int32)", "summary", "df-generated"] - ["System.Threading", "ReaderWriterLock", "UpgradeToWriterLock", "(System.TimeSpan)", "summary", "df-generated"] - ["System.Threading", "ReaderWriterLock", "get_IsReaderLockHeld", "()", "summary", "df-generated"] @@ -444,21 +433,27 @@ extensions: - ["System.Threading", "Thread", "VolatileRead", "(System.Int16)", "summary", "df-generated"] - ["System.Threading", "Thread", "VolatileRead", "(System.Int32)", "summary", "df-generated"] - ["System.Threading", "Thread", "VolatileRead", "(System.Int64)", "summary", "df-generated"] + - ["System.Threading", "Thread", "VolatileRead", "(System.IntPtr)", "summary", "df-generated"] + - ["System.Threading", "Thread", "VolatileRead", "(System.Object)", "summary", "df-generated"] - ["System.Threading", "Thread", "VolatileRead", "(System.SByte)", "summary", "df-generated"] - ["System.Threading", "Thread", "VolatileRead", "(System.Single)", "summary", "df-generated"] - ["System.Threading", "Thread", "VolatileRead", "(System.UInt16)", "summary", "df-generated"] - ["System.Threading", "Thread", "VolatileRead", "(System.UInt32)", "summary", "df-generated"] - ["System.Threading", "Thread", "VolatileRead", "(System.UInt64)", "summary", "df-generated"] + - ["System.Threading", "Thread", "VolatileRead", "(System.UIntPtr)", "summary", "df-generated"] - ["System.Threading", "Thread", "VolatileWrite", "(System.Byte,System.Byte)", "summary", "df-generated"] - ["System.Threading", "Thread", "VolatileWrite", "(System.Double,System.Double)", "summary", "df-generated"] - ["System.Threading", "Thread", "VolatileWrite", "(System.Int16,System.Int16)", "summary", "df-generated"] - ["System.Threading", "Thread", "VolatileWrite", "(System.Int32,System.Int32)", "summary", "df-generated"] - ["System.Threading", "Thread", "VolatileWrite", "(System.Int64,System.Int64)", "summary", "df-generated"] + - ["System.Threading", "Thread", "VolatileWrite", "(System.IntPtr,System.IntPtr)", "summary", "df-generated"] + - ["System.Threading", "Thread", "VolatileWrite", "(System.Object,System.Object)", "summary", "df-generated"] - ["System.Threading", "Thread", "VolatileWrite", "(System.SByte,System.SByte)", "summary", "df-generated"] - ["System.Threading", "Thread", "VolatileWrite", "(System.Single,System.Single)", "summary", "df-generated"] - ["System.Threading", "Thread", "VolatileWrite", "(System.UInt16,System.UInt16)", "summary", "df-generated"] - ["System.Threading", "Thread", "VolatileWrite", "(System.UInt32,System.UInt32)", "summary", "df-generated"] - ["System.Threading", "Thread", "VolatileWrite", "(System.UInt64,System.UInt64)", "summary", "df-generated"] + - ["System.Threading", "Thread", "VolatileWrite", "(System.UIntPtr,System.UIntPtr)", "summary", "df-generated"] - ["System.Threading", "Thread", "Yield", "()", "summary", "df-generated"] - ["System.Threading", "Thread", "get_CurrentThread", "()", "summary", "df-generated"] - ["System.Threading", "Thread", "get_ExecutionContext", "()", "summary", "df-generated"] @@ -549,11 +544,14 @@ extensions: - ["System.Threading", "Volatile", "Write", "(System.Int16,System.Int16)", "summary", "df-generated"] - ["System.Threading", "Volatile", "Write", "(System.Int32,System.Int32)", "summary", "df-generated"] - ["System.Threading", "Volatile", "Write", "(System.Int64,System.Int64)", "summary", "df-generated"] + - ["System.Threading", "Volatile", "Write", "(System.IntPtr,System.IntPtr)", "summary", "df-generated"] - ["System.Threading", "Volatile", "Write", "(System.SByte,System.SByte)", "summary", "df-generated"] - ["System.Threading", "Volatile", "Write", "(System.Single,System.Single)", "summary", "df-generated"] - ["System.Threading", "Volatile", "Write", "(System.UInt16,System.UInt16)", "summary", "df-generated"] - ["System.Threading", "Volatile", "Write", "(System.UInt32,System.UInt32)", "summary", "df-generated"] - ["System.Threading", "Volatile", "Write", "(System.UInt64,System.UInt64)", "summary", "df-generated"] + - ["System.Threading", "Volatile", "Write", "(System.UIntPtr,System.UIntPtr)", "summary", "df-generated"] + - ["System.Threading", "Volatile", "Write", "(T,T)", "summary", "df-generated"] - ["System.Threading", "Volatile", "WriteBarrier", "()", "summary", "df-generated"] - ["System.Threading", "WaitHandle", "Close", "()", "summary", "df-generated"] - ["System.Threading", "WaitHandle", "Dispose", "()", "summary", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Xml.Serialization.model.yml b/csharp/ql/lib/ext/generated/System.Xml.Serialization.model.yml index ce23169ea56..65818a7bfea 100644 --- a/csharp/ql/lib/ext/generated/System.Xml.Serialization.model.yml +++ b/csharp/ql/lib/ext/generated/System.Xml.Serialization.model.yml @@ -115,17 +115,20 @@ extensions: - ["System.Xml.Serialization", "XmlSerializationReader", False, "ReadElementQualifiedName", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Xml.Serialization", "XmlSerializationReader", False, "ReadNullableQualifiedName", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Xml.Serialization", "XmlSerializationReader", False, "ReadNullableString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Xml.Serialization", "XmlSerializationReader", False, "ReadReference", "(System.String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Xml.Serialization", "XmlSerializationReader", False, "ReadReference", "(System.String)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - ["System.Xml.Serialization", "XmlSerializationReader", False, "ReadReferencedElement", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Xml.Serialization", "XmlSerializationReader", False, "ReadReferencedElement", "(System.String,System.String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System.Xml.Serialization", "XmlSerializationReader", False, "ReadReferencedElement", "(System.String,System.String)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"] - ["System.Xml.Serialization", "XmlSerializationReader", False, "ReadReferencedElement", "(System.String,System.String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Xml.Serialization", "XmlSerializationReader", False, "ReadReferencingElement", "(System.String)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - ["System.Xml.Serialization", "XmlSerializationReader", False, "ReadReferencingElement", "(System.String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Xml.Serialization", "XmlSerializationReader", False, "ReadReferencingElement", "(System.String,System.String,System.Boolean,System.String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System.Xml.Serialization", "XmlSerializationReader", False, "ReadReferencingElement", "(System.String,System.String,System.Boolean,System.String)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"] + - ["System.Xml.Serialization", "XmlSerializationReader", False, "ReadReferencingElement", "(System.String,System.String,System.Boolean,System.String)", "", "Argument[this]", "Argument[3]", "taint", "df-generated"] - ["System.Xml.Serialization", "XmlSerializationReader", False, "ReadReferencingElement", "(System.String,System.String,System.Boolean,System.String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Xml.Serialization", "XmlSerializationReader", False, "ReadReferencingElement", "(System.String,System.String,System.String)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System.Xml.Serialization", "XmlSerializationReader", False, "ReadReferencingElement", "(System.String,System.String,System.String)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"] + - ["System.Xml.Serialization", "XmlSerializationReader", False, "ReadReferencingElement", "(System.String,System.String,System.String)", "", "Argument[this]", "Argument[2]", "taint", "df-generated"] - ["System.Xml.Serialization", "XmlSerializationReader", False, "ReadReferencingElement", "(System.String,System.String,System.String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Xml.Serialization", "XmlSerializationReader", False, "ReadSerializable", "(System.Xml.Serialization.IXmlSerializable)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Xml.Serialization", "XmlSerializationReader", False, "ReadSerializable", "(System.Xml.Serialization.IXmlSerializable,System.Boolean)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Xml.Xsl.Runtime.model.yml b/csharp/ql/lib/ext/generated/System.Xml.Xsl.Runtime.model.yml index 519dcb65574..b27cc848761 100644 --- a/csharp/ql/lib/ext/generated/System.Xml.Xsl.Runtime.model.yml +++ b/csharp/ql/lib/ext/generated/System.Xml.Xsl.Runtime.model.yml @@ -130,9 +130,10 @@ extensions: - ["System.Xml.Xsl.Runtime", "XmlQueryRuntime", False, "DebugGetXsltValue", "(System.Collections.IList)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"] - ["System.Xml.Xsl.Runtime", "XmlQueryRuntime", False, "DebugSetGlobalValue", "(System.String,System.Object)", "", "Argument[1]", "Argument[this].SyntheticField[System.Xml.Xsl.Runtime.XmlQueryRuntime._globalValues].Element", "value", "dfc-generated"] - ["System.Xml.Xsl.Runtime", "XmlQueryRuntime", False, "DocOrderDistinct", "(System.Collections.Generic.IList)", "", "Argument[0].Element", "ReturnValue", "taint", "df-generated"] + - ["System.Xml.Xsl.Runtime", "XmlQueryRuntime", False, "EndRtfConstruction", "(System.Xml.Xsl.Runtime.XmlQueryOutput)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - ["System.Xml.Xsl.Runtime", "XmlQueryRuntime", False, "EndRtfConstruction", "(System.Xml.Xsl.Runtime.XmlQueryOutput)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Xml.Xsl.Runtime", "XmlQueryRuntime", False, "EndSequenceConstruction", "(System.Xml.Xsl.Runtime.XmlQueryOutput)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Xml.Xsl.Runtime", "XmlQueryRuntime", False, "FindIndex", "(System.Xml.XPath.XPathNavigator,System.Int32,System.Xml.Xsl.Runtime.XmlILIndex)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Xml.Xsl.Runtime", "XmlQueryRuntime", False, "EndSequenceConstruction", "(System.Xml.Xsl.Runtime.XmlQueryOutput)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] + - ["System.Xml.Xsl.Runtime", "XmlQueryRuntime", False, "FindIndex", "(System.Xml.XPath.XPathNavigator,System.Int32,System.Xml.Xsl.Runtime.XmlILIndex)", "", "Argument[this]", "Argument[2]", "taint", "df-generated"] - ["System.Xml.Xsl.Runtime", "XmlQueryRuntime", False, "GetAtomizedName", "(System.Int32)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Xml.Xsl.Runtime", "XmlQueryRuntime", False, "GetCollation", "(System.Int32)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Xml.Xsl.Runtime", "XmlQueryRuntime", False, "GetEarlyBoundObject", "(System.Int32)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] @@ -141,9 +142,9 @@ extensions: - ["System.Xml.Xsl.Runtime", "XmlQueryRuntime", False, "ParseTagName", "(System.String,System.Int32)", "", "Argument[0]", "ReturnValue.Property[System.Xml.XmlQualifiedName.Name]", "value", "dfc-generated"] - ["System.Xml.Xsl.Runtime", "XmlQueryRuntime", False, "ParseTagName", "(System.String,System.String)", "", "Argument[0]", "ReturnValue.Property[System.Xml.XmlQualifiedName.Name]", "value", "dfc-generated"] - ["System.Xml.Xsl.Runtime", "XmlQueryRuntime", False, "ParseTagName", "(System.String,System.String)", "", "Argument[1]", "ReturnValue.Property[System.Xml.XmlQualifiedName.Namespace]", "value", "dfc-generated"] - - ["System.Xml.Xsl.Runtime", "XmlQueryRuntime", False, "StartRtfConstruction", "(System.String,System.Xml.Xsl.Runtime.XmlQueryOutput)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["System.Xml.Xsl.Runtime", "XmlQueryRuntime", False, "StartRtfConstruction", "(System.String,System.Xml.Xsl.Runtime.XmlQueryOutput)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Xml.Xsl.Runtime", "XmlQueryRuntime", False, "StartSequenceConstruction", "(System.Xml.Xsl.Runtime.XmlQueryOutput)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Xml.Xsl.Runtime", "XmlQueryRuntime", False, "StartRtfConstruction", "(System.String,System.Xml.Xsl.Runtime.XmlQueryOutput)", "", "Argument[0]", "Argument[1]", "taint", "df-generated"] + - ["System.Xml.Xsl.Runtime", "XmlQueryRuntime", False, "StartRtfConstruction", "(System.String,System.Xml.Xsl.Runtime.XmlQueryOutput)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] + - ["System.Xml.Xsl.Runtime", "XmlQueryRuntime", False, "StartSequenceConstruction", "(System.Xml.Xsl.Runtime.XmlQueryOutput)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - ["System.Xml.Xsl.Runtime", "XmlQueryRuntime", False, "TextRtfConstruction", "(System.String,System.String)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Xml.Xsl.Runtime.RtfTextNavigator._text]", "value", "dfc-generated"] - ["System.Xml.Xsl.Runtime", "XmlQueryRuntime", False, "TextRtfConstruction", "(System.String,System.String)", "", "Argument[1]", "ReturnValue.SyntheticField[System.Xml.Xsl.Runtime.RtfTextNavigator._baseUri]", "value", "dfc-generated"] - ["System.Xml.Xsl.Runtime", "XmlQueryRuntime", False, "get_ExternalContext", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.Xml.model.yml b/csharp/ql/lib/ext/generated/System.Xml.model.yml index db9752525d9..60dfe819232 100644 --- a/csharp/ql/lib/ext/generated/System.Xml.model.yml +++ b/csharp/ql/lib/ext/generated/System.Xml.model.yml @@ -10,9 +10,9 @@ extensions: - ["System.Xml", "IXmlBinaryWriterInitializer", True, "SetOutput", "(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlBinaryWriterSession,System.Boolean)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"] - ["System.Xml", "IXmlBinaryWriterInitializer", True, "SetOutput", "(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlBinaryWriterSession,System.Boolean)", "", "Argument[1]", "Argument[this]", "taint", "df-generated"] - ["System.Xml", "IXmlBinaryWriterInitializer", True, "SetOutput", "(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlBinaryWriterSession,System.Boolean)", "", "Argument[2]", "Argument[this]", "taint", "df-generated"] - - ["System.Xml", "IXmlDictionary", True, "TryLookup", "(System.Int32,System.Xml.XmlDictionaryString)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Xml", "IXmlDictionary", True, "TryLookup", "(System.String,System.Xml.XmlDictionaryString)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Xml", "IXmlDictionary", True, "TryLookup", "(System.Xml.XmlDictionaryString,System.Xml.XmlDictionaryString)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] + - ["System.Xml", "IXmlDictionary", True, "TryLookup", "(System.Int32,System.Xml.XmlDictionaryString)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] + - ["System.Xml", "IXmlDictionary", True, "TryLookup", "(System.String,System.Xml.XmlDictionaryString)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] + - ["System.Xml", "IXmlDictionary", True, "TryLookup", "(System.Xml.XmlDictionaryString,System.Xml.XmlDictionaryString)", "", "Argument[0]", "Argument[1]", "value", "dfc-generated"] - ["System.Xml", "IXmlNamespaceResolver", True, "GetNamespacesInScope", "(System.Xml.XmlNamespaceScope)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Xml", "IXmlNamespaceResolver", True, "LookupNamespace", "(System.String)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System.Xml", "IXmlNamespaceResolver", True, "LookupPrefix", "(System.String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] @@ -73,8 +73,10 @@ extensions: - ["System.Xml", "XmlDictionaryReader", False, "ReadContentAsString", "(System.Int32)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Xml", "XmlDictionaryReader", False, "ReadString", "(System.Int32)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System.Xml", "XmlDictionaryReader", True, "GetAttribute", "(System.Xml.XmlDictionaryString,System.Xml.XmlDictionaryString)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Xml", "XmlDictionaryReader", True, "GetNonAtomizedNames", "(System.String,System.String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System.Xml", "XmlDictionaryReader", True, "ReadContentAsQualifiedName", "(System.String,System.String)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System.Xml", "XmlDictionaryReader", True, "GetNonAtomizedNames", "(System.String,System.String)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] + - ["System.Xml", "XmlDictionaryReader", True, "GetNonAtomizedNames", "(System.String,System.String)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] + - ["System.Xml", "XmlDictionaryReader", True, "ReadContentAsQualifiedName", "(System.String,System.String)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] + - ["System.Xml", "XmlDictionaryReader", True, "ReadContentAsQualifiedName", "(System.String,System.String)", "", "Argument[this]", "Argument[1]", "taint", "df-generated"] - ["System.Xml", "XmlDictionaryReader", True, "ReadContentAsString", "(System.String[],System.Int32)", "", "Argument[0].Element", "ReturnValue", "value", "dfc-generated"] - ["System.Xml", "XmlDictionaryReader", True, "ReadContentAsString", "(System.Xml.XmlDictionaryString[],System.Int32)", "", "Argument[0].Element.Property[System.Xml.XmlDictionaryString.Value]", "ReturnValue", "value", "dfc-generated"] - ["System.Xml", "XmlDictionaryReader", True, "ReadContentAsUniqueId", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] diff --git a/csharp/ql/lib/ext/generated/System.model.yml b/csharp/ql/lib/ext/generated/System.model.yml index 03b23b02725..7265d33e299 100644 --- a/csharp/ql/lib/ext/generated/System.model.yml +++ b/csharp/ql/lib/ext/generated/System.model.yml @@ -34,7 +34,6 @@ extensions: - ["System", "Array", False, "FindLastIndex", "(T[],System.Int32,System.Predicate)", "", "Argument[0].Element", "Argument[2].Parameter[0]", "value", "dfc-generated"] - ["System", "Array", False, "FindLastIndex", "(T[],System.Predicate)", "", "Argument[0].Element", "Argument[1].Parameter[0]", "value", "dfc-generated"] - ["System", "Array", False, "ForEach", "(T[],System.Action)", "", "Argument[0].Element", "Argument[1].Parameter[0]", "value", "dfc-generated"] - - ["System", "Array", False, "Resize", "(T[],System.Int32)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System", "Array", False, "TrueForAll", "(T[],System.Predicate)", "", "Argument[0].Element", "Argument[1].Parameter[0]", "value", "dfc-generated"] - ["System", "ArraySegment+Enumerator", False, "get_Current", "()", "", "Argument[this].Property[System.ArraySegment`1+Enumerator.Current]", "ReturnValue", "value", "dfc-generated"] - ["System", "ArraySegment+Enumerator", False, "get_Current", "()", "", "Argument[this].SyntheticField[System.ArraySegment`1+Enumerator._array].Element", "ReturnValue", "value", "dfc-generated"] @@ -69,7 +68,7 @@ extensions: - ["System", "BinaryData", False, "WithMediaType", "(System.String)", "", "Argument[0]", "ReturnValue.Property[System.BinaryData.MediaType]", "value", "dfc-generated"] - ["System", "CultureAwareComparer", False, "GetObjectData", "(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext)", "", "Argument[this].SyntheticField[System.CultureAwareComparer._compareInfo]", "Argument[0].SyntheticField[System.Runtime.Serialization.SerializationInfo._values].Element", "value", "dfc-generated"] - ["System", "DateTime", False, "ToLocalTime", "()", "", "Argument[this]", "ReturnValue", "value", "df-generated"] - - ["System", "DateTimeOffset", False, "Deconstruct", "(System.DateOnly,System.TimeOnly,System.TimeSpan)", "", "Argument[this].Property[System.DateTimeOffset.Offset]", "ReturnValue", "value", "dfc-generated"] + - ["System", "DateTimeOffset", False, "Deconstruct", "(System.DateOnly,System.TimeOnly,System.TimeSpan)", "", "Argument[this].Property[System.DateTimeOffset.Offset]", "Argument[2]", "value", "dfc-generated"] - ["System", "Delegate+InvocationListEnumerator", False, "GetEnumerator", "()", "", "Argument[this]", "ReturnValue", "value", "dfc-generated"] - ["System", "Delegate+InvocationListEnumerator", False, "get_Current", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System", "Delegate", False, "Combine", "(System.Delegate,System.Delegate)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] @@ -416,8 +415,6 @@ extensions: - ["System", "MemoryExtensions", False, "TrimStart", "(System.Span,System.ReadOnlySpan)", "", "Argument[0].Element", "ReturnValue.Element", "value", "dfc-generated"] - ["System", "MemoryExtensions", False, "TrimStart", "(System.Span,System.ReadOnlySpan)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System", "MemoryExtensions", False, "TrimStart", "(System.Span,T)", "", "Argument[0].Element", "ReturnValue.Element", "value", "dfc-generated"] - - ["System", "MemoryExtensions", False, "TryWrite", "(System.Span,System.IFormatProvider,System.MemoryExtensions+TryWriteInterpolatedStringHandler,System.Int32)", "", "Argument[2]", "ReturnValue", "value", "dfc-generated"] - - ["System", "MemoryExtensions", False, "TryWrite", "(System.Span,System.MemoryExtensions+TryWriteInterpolatedStringHandler,System.Int32)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - ["System", "MissingFieldException", False, "MissingFieldException", "(System.String,System.String)", "", "Argument[0]", "Argument[this].Field[System.MissingMemberException.ClassName]", "value", "dfc-generated"] - ["System", "MissingFieldException", False, "MissingFieldException", "(System.String,System.String)", "", "Argument[1]", "Argument[this].Field[System.MissingMemberException.MemberName]", "value", "dfc-generated"] - ["System", "MissingMemberException", False, "MissingMemberException", "(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext)", "", "Argument[0].SyntheticField[System.Runtime.Serialization.SerializationInfo._values].Element", "Argument[this].Field[System.MissingMemberException.ClassName]", "value", "dfc-generated"] @@ -466,8 +463,6 @@ extensions: - ["System", "SequencePosition", False, "GetObject", "()", "", "Argument[this].SyntheticField[System.SequencePosition._object]", "ReturnValue", "value", "dfc-generated"] - ["System", "SequencePosition", False, "SequencePosition", "(System.Object,System.Int32)", "", "Argument[0]", "Argument[this].SyntheticField[System.SequencePosition._object]", "value", "dfc-generated"] - ["System", "Span", False, "GetEnumerator", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - - ["System", "String", False, "Create", "(System.IFormatProvider,System.Runtime.CompilerServices.DefaultInterpolatedStringHandler)", "", "Argument[1]", "ReturnValue", "value", "dfc-generated"] - - ["System", "String", False, "Create", "(System.IFormatProvider,System.Span,System.Runtime.CompilerServices.DefaultInterpolatedStringHandler)", "", "Argument[2]", "ReturnValue", "value", "dfc-generated"] - ["System", "String", False, "Create", "(System.Int32,TState,System.Buffers.SpanAction)", "", "Argument[1]", "Argument[2].Parameter[1]", "value", "dfc-generated"] - ["System", "String", False, "EnumerateRunes", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System", "String", False, "Format", "(System.IFormatProvider,System.Text.CompositeFormat,TArg0,TArg1,TArg2)", "", "Argument[1].Property[System.Text.CompositeFormat.Format]", "ReturnValue", "value", "dfc-generated"] @@ -482,7 +477,7 @@ extensions: - ["System", "String", False, "Trim", "(System.ReadOnlySpan)", "", "Argument[this]", "ReturnValue", "value", "dfc-generated"] - ["System", "String", False, "TrimEnd", "(System.ReadOnlySpan)", "", "Argument[this]", "ReturnValue", "value", "dfc-generated"] - ["System", "String", False, "TrimStart", "(System.ReadOnlySpan)", "", "Argument[this]", "ReturnValue", "value", "dfc-generated"] - - ["System", "String", False, "TryParse", "(System.String,System.IFormatProvider,System.String)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] + - ["System", "String", False, "TryParse", "(System.String,System.IFormatProvider,System.String)", "", "Argument[0]", "Argument[2]", "value", "dfc-generated"] - ["System", "StringNormalizationExtensions", False, "Normalize", "(System.String)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System", "StringNormalizationExtensions", False, "Normalize", "(System.String,System.Text.NormalizationForm)", "", "Argument[0]", "ReturnValue", "value", "dfc-generated"] - ["System", "StringNormalizationExtensions", False, "TryNormalize", "(System.ReadOnlySpan,System.Span,System.Int32,System.Text.NormalizationForm)", "", "Argument[0].Element", "Argument[1].Element", "value", "dfc-generated"] @@ -523,7 +518,7 @@ extensions: - ["System", "TimeZoneInfo", False, "GetUtcOffset", "(System.DateTimeOffset)", "", "Argument[this].SyntheticField[System.TimeZoneInfo._baseUtcOffset]", "ReturnValue", "value", "dfc-generated"] - ["System", "TimeZoneInfo", False, "ToString", "()", "", "Argument[this].Property[System.TimeZoneInfo.DisplayName]", "ReturnValue", "value", "dfc-generated"] - ["System", "TimeZoneInfo", False, "ToString", "()", "", "Argument[this].SyntheticField[System.TimeZoneInfo._displayName]", "ReturnValue", "value", "dfc-generated"] - - ["System", "TimeZoneInfo", False, "TryFindSystemTimeZoneById", "(System.String,System.TimeZoneInfo)", "", "Argument[0]", "ReturnValue.SyntheticField[System.TimeZoneInfo._id]", "value", "dfc-generated"] + - ["System", "TimeZoneInfo", False, "TryFindSystemTimeZoneById", "(System.String,System.TimeZoneInfo)", "", "Argument[0]", "Argument[1].SyntheticField[System.TimeZoneInfo._id]", "value", "dfc-generated"] - ["System", "TimeZoneInfo", False, "get_BaseUtcOffset", "()", "", "Argument[this].SyntheticField[System.TimeZoneInfo._baseUtcOffset]", "ReturnValue", "value", "dfc-generated"] - ["System", "TimeZoneInfo", False, "get_DaylightName", "()", "", "Argument[this].SyntheticField[System.TimeZoneInfo._daylightDisplayName]", "ReturnValue", "value", "dfc-generated"] - ["System", "TimeZoneInfo", False, "get_DisplayName", "()", "", "Argument[this].SyntheticField[System.TimeZoneInfo._displayName]", "ReturnValue", "value", "dfc-generated"] @@ -724,11 +719,11 @@ extensions: - ["System", "Uri", False, "MakeRelative", "(System.Uri)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System", "Uri", False, "MakeRelativeUri", "(System.Uri)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - ["System", "Uri", False, "ToString", "(System.String,System.IFormatProvider)", "", "Argument[this].SyntheticField[System.Uri._string]", "ReturnValue", "value", "dfc-generated"] - - ["System", "Uri", False, "TryCreate", "(System.String,System.UriCreationOptions,System.Uri)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Uri._string]", "value", "dfc-generated"] - - ["System", "Uri", False, "TryCreate", "(System.String,System.UriKind,System.Uri)", "", "Argument[0]", "ReturnValue.SyntheticField[System.Uri._string]", "value", "dfc-generated"] - - ["System", "Uri", False, "TryCreate", "(System.Uri,System.String,System.Uri)", "", "Argument[1]", "ReturnValue.SyntheticField[System.Uri._string]", "value", "dfc-generated"] - - ["System", "Uri", False, "TryCreate", "(System.Uri,System.Uri,System.Uri)", "", "Argument[0]", "ReturnValue", "taint", "df-generated"] - - ["System", "Uri", False, "TryCreate", "(System.Uri,System.Uri,System.Uri)", "", "Argument[1]", "ReturnValue", "taint", "df-generated"] + - ["System", "Uri", False, "TryCreate", "(System.String,System.UriCreationOptions,System.Uri)", "", "Argument[0]", "Argument[2].SyntheticField[System.Uri._string]", "value", "dfc-generated"] + - ["System", "Uri", False, "TryCreate", "(System.String,System.UriKind,System.Uri)", "", "Argument[0]", "Argument[2].SyntheticField[System.Uri._string]", "value", "dfc-generated"] + - ["System", "Uri", False, "TryCreate", "(System.Uri,System.String,System.Uri)", "", "Argument[1]", "Argument[2].SyntheticField[System.Uri._string]", "value", "dfc-generated"] + - ["System", "Uri", False, "TryCreate", "(System.Uri,System.Uri,System.Uri)", "", "Argument[0]", "Argument[2]", "taint", "df-generated"] + - ["System", "Uri", False, "TryCreate", "(System.Uri,System.Uri,System.Uri)", "", "Argument[1]", "Argument[2]", "taint", "df-generated"] - ["System", "Uri", False, "TryEscapeDataString", "(System.ReadOnlySpan,System.Span,System.Int32)", "", "Argument[0].Element", "Argument[1].Element", "value", "dfc-generated"] - ["System", "Uri", False, "TryUnescapeDataString", "(System.ReadOnlySpan,System.Span,System.Int32)", "", "Argument[0].Element", "Argument[1].Element", "value", "dfc-generated"] - ["System", "Uri", False, "UnescapeDataString", "(System.ReadOnlySpan)", "", "Argument[0].Element", "ReturnValue", "taint", "dfc-generated"] @@ -762,7 +757,7 @@ extensions: - ["System", "ValueTuple", False, "ToString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System", "ValueTuple", False, "ToString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] - ["System", "WeakReference", True, "GetObjectData", "(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext)", "", "Argument[this].Property[System.WeakReference.Target]", "Argument[0].SyntheticField[System.Runtime.Serialization.SerializationInfo._values].Element", "value", "dfc-generated"] - - ["System", "WeakReference", False, "TryGetTarget", "(T)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"] + - ["System", "WeakReference", False, "TryGetTarget", "(T)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"] - addsTo: pack: codeql/csharp-all extensible: sourceModel @@ -982,6 +977,7 @@ extensions: - ["System", "Array", "LastIndexOf", "(T[],T,System.Int32,System.Int32)", "summary", "df-generated"] - ["System", "Array", "Remove", "(System.Object)", "summary", "df-generated"] - ["System", "Array", "RemoveAt", "(System.Int32)", "summary", "df-generated"] + - ["System", "Array", "Resize", "(T[],System.Int32)", "summary", "df-generated"] - ["System", "Array", "SetValue", "(System.Object,System.Int32)", "summary", "df-generated"] - ["System", "Array", "SetValue", "(System.Object,System.Int32,System.Int32)", "summary", "df-generated"] - ["System", "Array", "SetValue", "(System.Object,System.Int32,System.Int32,System.Int32)", "summary", "df-generated"] @@ -3637,8 +3633,10 @@ extensions: - ["System", "MemoryExtensions", "ToLowerInvariant", "(System.ReadOnlySpan,System.Span)", "summary", "df-generated"] - ["System", "MemoryExtensions", "ToUpper", "(System.ReadOnlySpan,System.Span,System.Globalization.CultureInfo)", "summary", "df-generated"] - ["System", "MemoryExtensions", "ToUpperInvariant", "(System.ReadOnlySpan,System.Span)", "summary", "df-generated"] + - ["System", "MemoryExtensions", "TryWrite", "(System.Span,System.IFormatProvider,System.MemoryExtensions+TryWriteInterpolatedStringHandler,System.Int32)", "summary", "df-generated"] - ["System", "MemoryExtensions", "TryWrite", "(System.Span,System.IFormatProvider,System.Text.CompositeFormat,System.Int32,System.Object[])", "summary", "df-generated"] - ["System", "MemoryExtensions", "TryWrite", "(System.Span,System.IFormatProvider,System.Text.CompositeFormat,System.Int32,System.ReadOnlySpan)", "summary", "df-generated"] + - ["System", "MemoryExtensions", "TryWrite", "(System.Span,System.MemoryExtensions+TryWriteInterpolatedStringHandler,System.Int32)", "summary", "df-generated"] - ["System", "MemoryExtensions", "TryWrite", "(System.Span,System.IFormatProvider,System.Text.CompositeFormat,System.Int32,TArg0,TArg1,TArg2)", "summary", "df-generated"] - ["System", "MemoryExtensions", "TryWrite", "(System.Span,System.IFormatProvider,System.Text.CompositeFormat,System.Int32,TArg0,TArg1)", "summary", "df-generated"] - ["System", "MemoryExtensions", "TryWrite", "(System.Span,System.IFormatProvider,System.Text.CompositeFormat,System.Int32,TArg0)", "summary", "df-generated"] @@ -4181,6 +4179,8 @@ extensions: - ["System", "String", "Contains", "(System.String,System.StringComparison)", "summary", "df-generated"] - ["System", "String", "CopyTo", "(System.Int32,System.Char[],System.Int32,System.Int32)", "summary", "df-generated"] - ["System", "String", "CopyTo", "(System.Span)", "summary", "df-generated"] + - ["System", "String", "Create", "(System.IFormatProvider,System.Runtime.CompilerServices.DefaultInterpolatedStringHandler)", "summary", "df-generated"] + - ["System", "String", "Create", "(System.IFormatProvider,System.Span,System.Runtime.CompilerServices.DefaultInterpolatedStringHandler)", "summary", "df-generated"] - ["System", "String", "EndsWith", "(System.Char)", "summary", "df-generated"] - ["System", "String", "EndsWith", "(System.String)", "summary", "df-generated"] - ["System", "String", "EndsWith", "(System.String,System.Boolean,System.Globalization.CultureInfo)", "summary", "df-generated"] From 2f16e3a0c0d02cbd33ad8f4d9b20b5e75de927e4 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 26 Mar 2025 15:22:51 +0100 Subject: [PATCH 095/409] C#: Update flowsummaries test expected output. --- .../dataflow/library/FlowSummaries.expected | 628 ++++++++---------- .../library/FlowSummariesFiltered.expected | 494 +++++--------- 2 files changed, 457 insertions(+), 665 deletions(-) diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected index 4b7dc533819..21fcfa594e6 100644 --- a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected +++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected @@ -1869,7 +1869,7 @@ summary | Microsoft.Extensions.Configuration;ChainedConfigurationProvider;ChainedConfigurationProvider;(Microsoft.Extensions.Configuration.ChainedConfigurationSource);Argument[0].Property[Microsoft.Extensions.Configuration.ChainedConfigurationSource.Configuration];Argument[this].SyntheticField[Microsoft.Extensions.Configuration.ChainedConfigurationProvider._config];value;dfc-generated | | Microsoft.Extensions.Configuration;ChainedConfigurationProvider;GetChildKeys;(System.Collections.Generic.IEnumerable,System.String);Argument[0].Element;ReturnValue.Element;value;dfc-generated | | Microsoft.Extensions.Configuration;ChainedConfigurationProvider;GetReloadToken;();Argument[this];ReturnValue;taint;df-generated | -| Microsoft.Extensions.Configuration;ChainedConfigurationProvider;TryGet;(System.String,System.String);Argument[this].SyntheticField[Microsoft.Extensions.Configuration.ChainedConfigurationProvider._config];ReturnValue;taint;dfc-generated | +| Microsoft.Extensions.Configuration;ChainedConfigurationProvider;TryGet;(System.String,System.String);Argument[this].SyntheticField[Microsoft.Extensions.Configuration.ChainedConfigurationProvider._config];Argument[1];taint;dfc-generated | | Microsoft.Extensions.Configuration;ChainedConfigurationProvider;get_Configuration;();Argument[this].SyntheticField[Microsoft.Extensions.Configuration.ChainedConfigurationProvider._config];ReturnValue;value;dfc-generated | | Microsoft.Extensions.Configuration;ChainedConfigurationSource;Build;(Microsoft.Extensions.Configuration.IConfigurationBuilder);Argument[0];Argument[this];taint;df-generated | | Microsoft.Extensions.Configuration;CommandLineConfigurationExtensions;AddCommandLine;(Microsoft.Extensions.Configuration.IConfigurationBuilder,System.Action);Argument[1];Argument[0];taint;manual | @@ -2569,7 +2569,7 @@ summary | Microsoft.Extensions.Diagnostics.HealthChecks;HealthCheckRegistration;set_Factory;(System.Func);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | Microsoft.Extensions.Diagnostics.HealthChecks;HealthCheckService;CheckHealthAsync;(System.Func,System.Threading.CancellationToken);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | Microsoft.Extensions.Diagnostics.Metrics;IMetricsListener;Initialize;(Microsoft.Extensions.Diagnostics.Metrics.IObservableInstrumentsSource);Argument[0];Argument[this];taint;df-generated | -| Microsoft.Extensions.Diagnostics.Metrics;IMetricsListener;InstrumentPublished;(System.Diagnostics.Metrics.Instrument,System.Object);Argument[this];ReturnValue;value;dfc-generated | +| Microsoft.Extensions.Diagnostics.Metrics;IMetricsListener;InstrumentPublished;(System.Diagnostics.Metrics.Instrument,System.Object);Argument[this];Argument[1];value;dfc-generated | | Microsoft.Extensions.Diagnostics.Metrics;MeasurementHandlers;set_ByteHandler;(System.Diagnostics.Metrics.MeasurementCallback);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | Microsoft.Extensions.Diagnostics.Metrics;MeasurementHandlers;set_DecimalHandler;(System.Diagnostics.Metrics.MeasurementCallback);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | Microsoft.Extensions.Diagnostics.Metrics;MeasurementHandlers;set_DoubleHandler;(System.Diagnostics.Metrics.MeasurementCallback);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | @@ -3503,7 +3503,7 @@ summary | Microsoft.Extensions.Primitives;StringSegment;ToString;();Argument[this].Property[Microsoft.Extensions.Primitives.StringSegment.Buffer];ReturnValue;taint;dfc-generated | | Microsoft.Extensions.Primitives;StringSegment;ToString;();Argument[this].Property[Microsoft.Extensions.Primitives.StringSegment.Value];ReturnValue;value;dfc-generated | | Microsoft.Extensions.Primitives;StringSegment;get_Value;();Argument[this].Property[Microsoft.Extensions.Primitives.StringSegment.Buffer];ReturnValue;taint;dfc-generated | -| Microsoft.Extensions.Primitives;StringTokenizer+Enumerator;Enumerator;(Microsoft.Extensions.Primitives.StringTokenizer);Argument[0];ReturnValue;value;dfc-generated | +| Microsoft.Extensions.Primitives;StringTokenizer+Enumerator;Enumerator;(Microsoft.Extensions.Primitives.StringTokenizer);Argument[0].Element;Argument[this];taint;df-generated | | Microsoft.Extensions.Primitives;StringTokenizer+Enumerator;get_Current;();Argument[this].Property[Microsoft.Extensions.Primitives.StringTokenizer+Enumerator.Current];ReturnValue;value;df-generated | | Microsoft.Extensions.Primitives;StringTokenizer+Enumerator;get_Current;();Argument[this].Property[Microsoft.Extensions.Primitives.StringTokenizer+Enumerator.Current];ReturnValue;value;dfc-generated | | Microsoft.Extensions.Primitives;StringTokenizer+Enumerator;get_Current;();Argument[this];ReturnValue;taint;df-generated | @@ -3514,7 +3514,6 @@ summary | Microsoft.Extensions.Primitives;StringTokenizer;StringTokenizer;(Microsoft.Extensions.Primitives.StringSegment,System.Char[]);Argument[0];Argument[this];taint;df-generated | | Microsoft.Extensions.Primitives;StringTokenizer;StringTokenizer;(Microsoft.Extensions.Primitives.StringSegment,System.Char[]);Argument[1].Element;Argument[this];taint;df-generated | | Microsoft.Extensions.Primitives;StringTokenizer;StringTokenizer;(System.String,System.Char[]);Argument[1].Element;Argument[this];taint;df-generated | -| Microsoft.Extensions.Primitives;StringValues+Enumerator;Enumerator;(Microsoft.Extensions.Primitives.StringValues);Argument[0];ReturnValue;value;dfc-generated | | Microsoft.Extensions.Primitives;StringValues+Enumerator;get_Current;();Argument[this];ReturnValue;taint;df-generated | | Microsoft.Extensions.Primitives;StringValues;Add;(System.String);Argument[0];Argument[this].Element;value;manual | | Microsoft.Extensions.Primitives;StringValues;Add;(System.String);Argument[0];ReturnValue;taint;manual | @@ -3593,7 +3592,6 @@ summary | Microsoft.SqlServer.Server;SqlDataRecord;GetValues;(System.Object[]);Argument[this];Argument[0].Element;taint;manual | | Microsoft.SqlServer.Server;SqlDataRecord;get_Item;(System.Int32);Argument[this];ReturnValue;taint;manual | | Microsoft.SqlServer.Server;SqlDataRecord;get_Item;(System.String);Argument[this];ReturnValue;taint;manual | -| Microsoft.VisualBasic.CompilerServices;StringType;MidStmtStr;(System.String,System.Int32,System.Int32,System.String);Argument[0];ReturnValue;value;dfc-generated | | Microsoft.VisualBasic.FileIO;MalformedLineException;GetObjectData;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);Argument[this];Argument[0];taint;df-generated | | Microsoft.VisualBasic;Collection;Add;(System.Object);Argument[0];Argument[this].Element;value;manual | | Microsoft.VisualBasic;Collection;Clear;();Argument[this].WithoutElement;Argument[this];value;manual | @@ -3605,12 +3603,6 @@ summary | Microsoft.VisualBasic;Collection;get_Item;(System.String);Argument[this].Element;ReturnValue;value;manual | | Microsoft.VisualBasic;Collection;get_SyncRoot;();Argument[this];ReturnValue;value;dfc-generated | | Microsoft.VisualBasic;Collection;set_Item;(System.Int32,System.Object);Argument[1];Argument[this].Element;value;manual | -| Microsoft.VisualBasic;FileSystem;FileGet;(System.Int32,System.Array,System.Int64,System.Boolean,System.Boolean);Argument[1];ReturnValue;value;dfc-generated | -| Microsoft.VisualBasic;FileSystem;FileGet;(System.Int32,System.String,System.Int64,System.Boolean);Argument[1];ReturnValue;value;dfc-generated | -| Microsoft.VisualBasic;FileSystem;FileGet;(System.Int32,System.ValueType,System.Int64);Argument[1];ReturnValue;value;dfc-generated | -| Microsoft.VisualBasic;FileSystem;FileGetObject;(System.Int32,System.Object,System.Int64);Argument[1];ReturnValue;value;dfc-generated | -| Microsoft.VisualBasic;FileSystem;Input;(System.Int32,System.Object);Argument[1];ReturnValue;value;dfc-generated | -| Microsoft.VisualBasic;FileSystem;Input;(System.Int32,System.String);Argument[1];ReturnValue;value;dfc-generated | | Microsoft.VisualBasic;VBCodeProvider;CreateCompiler;();Argument[this];ReturnValue;taint;df-generated | | Microsoft.VisualBasic;VBCodeProvider;CreateGenerator;();Argument[this];ReturnValue;taint;df-generated | | Microsoft.VisualBasic;VBCodeProvider;GenerateCodeFromMember;(System.CodeDom.CodeTypeMember,System.IO.TextWriter,System.CodeDom.Compiler.CodeGeneratorOptions);Argument[0];Argument[this];taint;df-generated | @@ -5287,7 +5279,7 @@ summary | ServiceStack.Text;RecyclableMemoryStream;GetBuffer;();Argument[this];ReturnValue;taint;df-generated | | ServiceStack.Text;RecyclableMemoryStream;Read;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0].Element;taint;manual | | ServiceStack.Text;RecyclableMemoryStream;Read;(System.Span);Argument[this];Argument[0].Element;taint;manual | -| ServiceStack.Text;RecyclableMemoryStream;TryGetBuffer;(System.ArraySegment);Argument[this];ReturnValue;taint;df-generated | +| ServiceStack.Text;RecyclableMemoryStream;TryGetBuffer;(System.ArraySegment);Argument[this];Argument[0].Element;taint;df-generated | | ServiceStack.Text;RecyclableMemoryStream;Write;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;manual | | ServiceStack.Text;RecyclableMemoryStream;Write;(System.ReadOnlySpan);Argument[0].Element;Argument[this];taint;manual | | ServiceStack.Text;RecyclableMemoryStream;WriteTo;(System.IO.Stream);Argument[this];Argument[0];taint;df-generated | @@ -6018,7 +6010,6 @@ summary | System.Buffers;ReadOnlySequence;Slice;(System.SequencePosition,System.Int64);Argument[0];ReturnValue;taint;df-generated | | System.Buffers;ReadOnlySequence;Slice;(System.SequencePosition,System.SequencePosition);Argument[0];ReturnValue;taint;df-generated | | System.Buffers;ReadOnlySequence;Slice;(System.SequencePosition,System.SequencePosition);Argument[1];ReturnValue;taint;df-generated | -| System.Buffers;ReadOnlySequence;TryGet;(System.SequencePosition,System.ReadOnlyMemory,System.Boolean);Argument[0];ReturnValue;value;dfc-generated | | System.Buffers;ReadOnlySequence;get_FirstSpan;();Argument[this];ReturnValue;taint;df-generated | | System.Buffers;ReadOnlySpanAction;BeginInvoke;(System.ReadOnlySpan,TArg,System.AsyncCallback,System.Object);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | | System.Buffers;SearchValues;Create;(System.ReadOnlySpan);Argument[0];ReturnValue;taint;df-generated | @@ -6026,30 +6017,24 @@ summary | System.Buffers;SequenceReader;SequenceReader;(System.Buffers.ReadOnlySequence);Argument[0];Argument[this].Property[System.Buffers.SequenceReader`1.Sequence];value;dfc-generated | | System.Buffers;SequenceReader;TryCopyTo;(System.Span);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;Argument[0].Element;value;dfc-generated | | System.Buffers;SequenceReader;TryCopyTo;(System.Span);Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element;Argument[0].Element;value;dfc-generated | -| System.Buffers;SequenceReader;TryPeek;(System.Int64,T);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;ReturnValue;value;dfc-generated | -| System.Buffers;SequenceReader;TryPeek;(T);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;ReturnValue;value;dfc-generated | -| System.Buffers;SequenceReader;TryRead;(T);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;ReturnValue;value;dfc-generated | -| System.Buffers;SequenceReader;TryReadExact;(System.Int32,System.Buffers.ReadOnlySequence);Argument[this];ReturnValue;taint;df-generated | -| System.Buffers;SequenceReader;TryReadTo;(System.Buffers.ReadOnlySequence,System.ReadOnlySpan,System.Boolean);Argument[this];ReturnValue;taint;df-generated | -| System.Buffers;SequenceReader;TryReadTo;(System.Buffers.ReadOnlySequence,T,System.Boolean);Argument[this];ReturnValue;taint;df-generated | -| System.Buffers;SequenceReader;TryReadTo;(System.Buffers.ReadOnlySequence,T,T,System.Boolean);Argument[this];ReturnValue;taint;df-generated | -| System.Buffers;SequenceReader;TryReadTo;(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;ReturnValue.Element;value;dfc-generated | -| System.Buffers;SequenceReader;TryReadTo;(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element;ReturnValue.Element;value;dfc-generated | -| System.Buffers;SequenceReader;TryReadTo;(System.ReadOnlySpan,T,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;ReturnValue.Element;value;dfc-generated | -| System.Buffers;SequenceReader;TryReadTo;(System.ReadOnlySpan,T,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element;ReturnValue.Element;value;dfc-generated | -| System.Buffers;SequenceReader;TryReadTo;(System.ReadOnlySpan,T,T,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;ReturnValue.Element;value;dfc-generated | -| System.Buffers;SequenceReader;TryReadTo;(System.ReadOnlySpan,T,T,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element;ReturnValue.Element;value;dfc-generated | -| System.Buffers;SequenceReader;TryReadToAny;(System.Buffers.ReadOnlySequence,System.ReadOnlySpan,System.Boolean);Argument[this];ReturnValue;taint;df-generated | -| System.Buffers;SequenceReader;TryReadToAny;(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;ReturnValue.Element;value;dfc-generated | -| System.Buffers;SequenceReader;TryReadToAny;(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element;ReturnValue.Element;value;dfc-generated | +| System.Buffers;SequenceReader;TryPeek;(System.Int64,T);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;Argument[1];value;dfc-generated | +| System.Buffers;SequenceReader;TryPeek;(T);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;Argument[0];value;dfc-generated | +| System.Buffers;SequenceReader;TryRead;(T);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;Argument[0];value;dfc-generated | +| System.Buffers;SequenceReader;TryReadExact;(System.Int32,System.Buffers.ReadOnlySequence);Argument[this];Argument[1];taint;df-generated | +| System.Buffers;SequenceReader;TryReadTo;(System.Buffers.ReadOnlySequence,System.ReadOnlySpan,System.Boolean);Argument[this];Argument[0];taint;df-generated | +| System.Buffers;SequenceReader;TryReadTo;(System.Buffers.ReadOnlySequence,T,System.Boolean);Argument[this];Argument[0];taint;df-generated | +| System.Buffers;SequenceReader;TryReadTo;(System.Buffers.ReadOnlySequence,T,T,System.Boolean);Argument[this];Argument[0];taint;df-generated | +| System.Buffers;SequenceReader;TryReadTo;(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;Argument[0].Element;value;dfc-generated | +| System.Buffers;SequenceReader;TryReadTo;(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element;Argument[0].Element;value;dfc-generated | +| System.Buffers;SequenceReader;TryReadTo;(System.ReadOnlySpan,T,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;Argument[0].Element;value;dfc-generated | +| System.Buffers;SequenceReader;TryReadTo;(System.ReadOnlySpan,T,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element;Argument[0].Element;value;dfc-generated | +| System.Buffers;SequenceReader;TryReadTo;(System.ReadOnlySpan,T,T,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;Argument[0].Element;value;dfc-generated | +| System.Buffers;SequenceReader;TryReadTo;(System.ReadOnlySpan,T,T,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element;Argument[0].Element;value;dfc-generated | +| System.Buffers;SequenceReader;TryReadToAny;(System.Buffers.ReadOnlySequence,System.ReadOnlySpan,System.Boolean);Argument[this];Argument[0];taint;df-generated | +| System.Buffers;SequenceReader;TryReadToAny;(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;Argument[0].Element;value;dfc-generated | +| System.Buffers;SequenceReader;TryReadToAny;(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element;Argument[0].Element;value;dfc-generated | | System.Buffers;SequenceReader;get_UnreadSequence;();Argument[this];ReturnValue;taint;df-generated | | System.Buffers;SequenceReader;get_UnreadSpan;();Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;ReturnValue.Element;value;dfc-generated | -| System.Buffers;SequenceReaderExtensions;TryReadBigEndian;(System.Buffers.SequenceReader,System.Int16);Argument[0];ReturnValue;value;dfc-generated | -| System.Buffers;SequenceReaderExtensions;TryReadBigEndian;(System.Buffers.SequenceReader,System.Int32);Argument[0];ReturnValue;value;dfc-generated | -| System.Buffers;SequenceReaderExtensions;TryReadBigEndian;(System.Buffers.SequenceReader,System.Int64);Argument[0];ReturnValue;value;dfc-generated | -| System.Buffers;SequenceReaderExtensions;TryReadLittleEndian;(System.Buffers.SequenceReader,System.Int16);Argument[0];ReturnValue;value;dfc-generated | -| System.Buffers;SequenceReaderExtensions;TryReadLittleEndian;(System.Buffers.SequenceReader,System.Int32);Argument[0];ReturnValue;value;dfc-generated | -| System.Buffers;SequenceReaderExtensions;TryReadLittleEndian;(System.Buffers.SequenceReader,System.Int64);Argument[0];ReturnValue;value;dfc-generated | | System.Buffers;SpanAction;BeginInvoke;(System.Span,TArg,System.AsyncCallback,System.Object);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | | System.CodeDom.Compiler;CodeCompiler;CompileAssemblyFromDom;(System.CodeDom.Compiler.CompilerParameters,System.CodeDom.CodeCompileUnit);Argument[1];Argument[0];taint;df-generated | | System.CodeDom.Compiler;CodeCompiler;CompileAssemblyFromDom;(System.CodeDom.Compiler.CompilerParameters,System.CodeDom.CodeCompileUnit);Argument[1];Argument[this];taint;df-generated | @@ -6201,14 +6186,6 @@ summary | System.CodeDom.Compiler;CompilerParameters;CompilerParameters;(System.String[],System.String,System.Boolean);Argument[0].Element;Argument[this].Property[System.CodeDom.Compiler.CompilerParameters.ReferencedAssemblies].Element;value;dfc-generated | | System.CodeDom.Compiler;CompilerParameters;CompilerParameters;(System.String[],System.String,System.Boolean);Argument[1];Argument[this].Property[System.CodeDom.Compiler.CompilerParameters.OutputAssembly];value;dfc-generated | | System.CodeDom.Compiler;CompilerResults;CompilerResults;(System.CodeDom.Compiler.TempFileCollection);Argument[0];Argument[this].Property[System.CodeDom.Compiler.CompilerResults.TempFiles];value;dfc-generated | -| System.CodeDom.Compiler;Executor;ExecWaitWithCapture;(System.IntPtr,System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String);Argument[3];ReturnValue;value;dfc-generated | -| System.CodeDom.Compiler;Executor;ExecWaitWithCapture;(System.IntPtr,System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String);Argument[4];ReturnValue;value;dfc-generated | -| System.CodeDom.Compiler;Executor;ExecWaitWithCapture;(System.IntPtr,System.String,System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String);Argument[4];ReturnValue;value;dfc-generated | -| System.CodeDom.Compiler;Executor;ExecWaitWithCapture;(System.IntPtr,System.String,System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String);Argument[5];ReturnValue;value;dfc-generated | -| System.CodeDom.Compiler;Executor;ExecWaitWithCapture;(System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String);Argument[2];ReturnValue;value;dfc-generated | -| System.CodeDom.Compiler;Executor;ExecWaitWithCapture;(System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String);Argument[3];ReturnValue;value;dfc-generated | -| System.CodeDom.Compiler;Executor;ExecWaitWithCapture;(System.String,System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String);Argument[3];ReturnValue;value;dfc-generated | -| System.CodeDom.Compiler;Executor;ExecWaitWithCapture;(System.String,System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String);Argument[4];ReturnValue;value;dfc-generated | | System.CodeDom.Compiler;GeneratedCodeAttribute;GeneratedCodeAttribute;(System.String,System.String);Argument[0];Argument[this].SyntheticField[System.CodeDom.Compiler.GeneratedCodeAttribute._tool];value;dfc-generated | | System.CodeDom.Compiler;GeneratedCodeAttribute;GeneratedCodeAttribute;(System.String,System.String);Argument[1];Argument[this].SyntheticField[System.CodeDom.Compiler.GeneratedCodeAttribute._version];value;dfc-generated | | System.CodeDom.Compiler;GeneratedCodeAttribute;get_Tool;();Argument[this].SyntheticField[System.CodeDom.Compiler.GeneratedCodeAttribute._tool];ReturnValue;value;dfc-generated | @@ -6654,8 +6631,8 @@ summary | System.Collections.Concurrent;ConcurrentBag;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual | | System.Collections.Concurrent;ConcurrentBag;ToArray;();Argument[this];ReturnValue;taint;df-generated | | System.Collections.Concurrent;ConcurrentBag;TryAdd;(T);Argument[0];Argument[this].Element;value;dfc-generated | -| System.Collections.Concurrent;ConcurrentBag;TryPeek;(T);Argument[this];ReturnValue;taint;df-generated | -| System.Collections.Concurrent;ConcurrentBag;TryTake;(T);Argument[this];ReturnValue;taint;df-generated | +| System.Collections.Concurrent;ConcurrentBag;TryPeek;(T);Argument[this];Argument[0];taint;df-generated | +| System.Collections.Concurrent;ConcurrentBag;TryTake;(T);Argument[this];Argument[0];taint;df-generated | | System.Collections.Concurrent;ConcurrentBag;get_SyncRoot;();Argument[this];ReturnValue;value;dfc-generated | | System.Collections.Concurrent;ConcurrentDictionary;Add;(System.Collections.Generic.KeyValuePair);Argument[0].Property[System.Collections.Generic.KeyValuePair`2.Key];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];value;manual | | System.Collections.Concurrent;ConcurrentDictionary;Add;(System.Collections.Generic.KeyValuePair);Argument[0].Property[System.Collections.Generic.KeyValuePair`2.Value];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual | @@ -6728,7 +6705,7 @@ summary | System.Collections.Concurrent;ConcurrentDictionary;GetOrAdd;(TKey,System.Func,TArg);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Collections.Concurrent;ConcurrentDictionary;GetOrAdd;(TKey,System.Func,TArg);Argument[2];Argument[1].Parameter[1];value;dfc-generated | | System.Collections.Concurrent;ConcurrentDictionary;GetOrAdd;(TKey,System.Func,TArg);Argument[2];Argument[1].Parameter[1];value;hq-generated | -| System.Collections.Concurrent;ConcurrentDictionary;TryGetAlternateLookup;(System.Collections.Concurrent.ConcurrentDictionary+AlternateLookup);Argument[this];ReturnValue.Property[System.Collections.Concurrent.ConcurrentDictionary`2+AlternateLookup`1.Dictionary];value;dfc-generated | +| System.Collections.Concurrent;ConcurrentDictionary;TryGetAlternateLookup;(System.Collections.Concurrent.ConcurrentDictionary+AlternateLookup);Argument[this];Argument[0].Property[System.Collections.Concurrent.ConcurrentDictionary`2+AlternateLookup`1.Dictionary];value;dfc-generated | | System.Collections.Concurrent;ConcurrentDictionary;get_Comparer;();Argument[this];ReturnValue;taint;df-generated | | System.Collections.Concurrent;ConcurrentDictionary;get_Item;(System.Object);Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue;value;manual | | System.Collections.Concurrent;ConcurrentDictionary;get_Item;(TKey);Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue;value;manual | @@ -6751,11 +6728,11 @@ summary | System.Collections.Concurrent;ConcurrentStack;CopyTo;(T[],System.Int32);Argument[this].Element;Argument[0].Element;value;manual | | System.Collections.Concurrent;ConcurrentStack;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.Generic.IEnumerator`1.Current];value;manual | | System.Collections.Concurrent;ConcurrentStack;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual | -| System.Collections.Concurrent;ConcurrentStack;TryPeek;(T);Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value];ReturnValue;value;dfc-generated | -| System.Collections.Concurrent;ConcurrentStack;TryPop;(T);Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value];ReturnValue;value;dfc-generated | +| System.Collections.Concurrent;ConcurrentStack;TryPeek;(T);Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value];Argument[0];value;dfc-generated | +| System.Collections.Concurrent;ConcurrentStack;TryPop;(T);Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value];Argument[0];value;dfc-generated | | System.Collections.Concurrent;ConcurrentStack;TryPopRange;(T[]);Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value];Argument[0].Element;value;dfc-generated | | System.Collections.Concurrent;ConcurrentStack;TryPopRange;(T[],System.Int32,System.Int32);Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value];Argument[0].Element;value;dfc-generated | -| System.Collections.Concurrent;ConcurrentStack;TryTake;(T);Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value];ReturnValue;value;dfc-generated | +| System.Collections.Concurrent;ConcurrentStack;TryTake;(T);Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value];Argument[0];value;dfc-generated | | System.Collections.Concurrent;ConcurrentStack;get_SyncRoot;();Argument[this];ReturnValue;value;dfc-generated | | System.Collections.Concurrent;IProducerConsumerCollection;CopyTo;(T[],System.Int32);Argument[this].Element;Argument[0].Element;value;manual | | System.Collections.Concurrent;OrderablePartitioner;GetDynamicPartitions;();Argument[this];ReturnValue;taint;df-generated | @@ -6786,7 +6763,7 @@ summary | System.Collections.Frozen;FrozenDictionary;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.Generic.IEnumerator`1.Current];value;manual | | System.Collections.Frozen;FrozenDictionary;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual | | System.Collections.Frozen;FrozenDictionary;GetEnumerator;();Argument[this];ReturnValue;taint;df-generated | -| System.Collections.Frozen;FrozenDictionary;TryGetAlternateLookup;(System.Collections.Frozen.FrozenDictionary+AlternateLookup);Argument[this];ReturnValue.Property[System.Collections.Frozen.FrozenDictionary`2+AlternateLookup`1.Dictionary];value;dfc-generated | +| System.Collections.Frozen;FrozenDictionary;TryGetAlternateLookup;(System.Collections.Frozen.FrozenDictionary+AlternateLookup);Argument[this];Argument[0].Property[System.Collections.Frozen.FrozenDictionary`2+AlternateLookup`1.Dictionary];value;dfc-generated | | System.Collections.Frozen;FrozenDictionary;get_Item;(System.Object);Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue;value;manual | | System.Collections.Frozen;FrozenDictionary;get_Item;(TKey);Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue;value;manual | | System.Collections.Frozen;FrozenDictionary;get_Keys;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];ReturnValue.Element;value;manual | @@ -6803,7 +6780,7 @@ summary | System.Collections.Frozen;FrozenSet;ToFrozenSet;(System.Collections.Generic.IEnumerable,System.Collections.Generic.IEqualityComparer);Argument[0].Element;ReturnValue;taint;df-generated | | System.Collections.Frozen;FrozenSet+AlternateLookup;Contains;(TAlternate);Argument[0];Argument[this];taint;df-generated | | System.Collections.Frozen;FrozenSet+AlternateLookup;TryGetValue;(TAlternate,T);Argument[0];Argument[this];taint;df-generated | -| System.Collections.Frozen;FrozenSet+AlternateLookup;TryGetValue;(TAlternate,T);Argument[this];ReturnValue;taint;df-generated | +| System.Collections.Frozen;FrozenSet+AlternateLookup;TryGetValue;(TAlternate,T);Argument[this];Argument[1];taint;df-generated | | System.Collections.Frozen;FrozenSet+Enumerator;get_Current;();Argument[this].Property[System.Collections.Frozen.FrozenSet`1+Enumerator.Current];ReturnValue;value;df-generated | | System.Collections.Frozen;FrozenSet+Enumerator;get_Current;();Argument[this].Property[System.Collections.Frozen.FrozenSet`1+Enumerator.Current];ReturnValue;value;dfc-generated | | System.Collections.Frozen;FrozenSet+Enumerator;get_Current;();Argument[this];ReturnValue;taint;df-generated | @@ -6816,8 +6793,8 @@ summary | System.Collections.Frozen;FrozenSet;GetAlternateLookup;();Argument[this];ReturnValue.Property[System.Collections.Frozen.FrozenSet`1+AlternateLookup`1.Set];value;dfc-generated | | System.Collections.Frozen;FrozenSet;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.Generic.IEnumerator`1.Current];value;manual | | System.Collections.Frozen;FrozenSet;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual | -| System.Collections.Frozen;FrozenSet;TryGetAlternateLookup;(System.Collections.Frozen.FrozenSet+AlternateLookup);Argument[this];ReturnValue.Property[System.Collections.Frozen.FrozenSet`1+AlternateLookup`1.Set];value;dfc-generated | -| System.Collections.Frozen;FrozenSet;TryGetValue;(T,T);Argument[this].Property[System.Collections.Frozen.FrozenSet`1.Items].Element;ReturnValue;value;dfc-generated | +| System.Collections.Frozen;FrozenSet;TryGetAlternateLookup;(System.Collections.Frozen.FrozenSet+AlternateLookup);Argument[this];Argument[0].Property[System.Collections.Frozen.FrozenSet`1+AlternateLookup`1.Set];value;dfc-generated | +| System.Collections.Frozen;FrozenSet;TryGetValue;(T,T);Argument[this].Property[System.Collections.Frozen.FrozenSet`1.Items].Element;Argument[1];value;dfc-generated | | System.Collections.Frozen;FrozenSet;get_Items;();Argument[this];ReturnValue;taint;df-generated | | System.Collections.Frozen;FrozenSet;get_SyncRoot;();Argument[this];ReturnValue;value;dfc-generated | | System.Collections.Generic;CollectionExtensions;AsReadOnly;(System.Collections.Generic.IList);Argument[0].Element;ReturnValue;taint;df-generated | @@ -6825,7 +6802,7 @@ summary | System.Collections.Generic;CollectionExtensions;AsReadOnly;(System.Collections.Generic.IDictionary);Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue.Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;dfc-generated | | System.Collections.Generic;CollectionExtensions;CopyTo;(System.Collections.Generic.List,System.Span);Argument[0].Element;Argument[1];taint;df-generated | | System.Collections.Generic;CollectionExtensions;GetValueOrDefault;(System.Collections.Generic.IReadOnlyDictionary,TKey,TValue);Argument[2];ReturnValue;value;dfc-generated | -| System.Collections.Generic;CollectionExtensions;Remove;(System.Collections.Generic.IDictionary,TKey,TValue);Argument[0].Element;ReturnValue;taint;df-generated | +| System.Collections.Generic;CollectionExtensions;Remove;(System.Collections.Generic.IDictionary,TKey,TValue);Argument[0].Element;Argument[2];taint;df-generated | | System.Collections.Generic;CollectionExtensions;TryAdd;(System.Collections.Generic.IDictionary,TKey,TValue);Argument[1];Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];value;dfc-generated | | System.Collections.Generic;CollectionExtensions;TryAdd;(System.Collections.Generic.IDictionary,TKey,TValue);Argument[2];Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;dfc-generated | | System.Collections.Generic;Comparer;Compare;(System.Object,System.Object);Argument[0];Argument[this];taint;df-generated | @@ -6916,7 +6893,7 @@ summary | System.Collections.Generic;HashSet;HashSet;(System.Collections.Generic.IEnumerable,System.Collections.Generic.IEqualityComparer);Argument[0].Element;Argument[this];taint;df-generated | | System.Collections.Generic;HashSet;HashSet;(System.Collections.Generic.IEqualityComparer);Argument[0];Argument[this].SyntheticField[System.Collections.Generic.HashSet`1._comparer];value;dfc-generated | | System.Collections.Generic;HashSet;RemoveWhere;(System.Predicate);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | -| System.Collections.Generic;HashSet;TryGetValue;(T,T);Argument[this];ReturnValue;taint;df-generated | +| System.Collections.Generic;HashSet;TryGetValue;(T,T);Argument[this];Argument[1];taint;df-generated | | System.Collections.Generic;HashSet;get_Comparer;();Argument[this].SyntheticField[System.Collections.Generic.HashSet`1._comparer];ReturnValue;value;dfc-generated | | System.Collections.Generic;ICollection;Add;(T);Argument[0];Argument[this].Element;value;manual | | System.Collections.Generic;ICollection;Clear;();Argument[this].WithoutElement;Argument[this];value;manual | @@ -6935,7 +6912,8 @@ summary | System.Collections.Generic;ISet;Add;(T);Argument[0];Argument[this].Element;value;manual | | System.Collections.Generic;KeyValuePair;Create;(TKey,TValue);Argument[0];ReturnValue.Property[System.Collections.Generic.KeyValuePair`2.Key];value;dfc-generated | | System.Collections.Generic;KeyValuePair;Create;(TKey,TValue);Argument[1];ReturnValue.Property[System.Collections.Generic.KeyValuePair`2.Value];value;dfc-generated | -| System.Collections.Generic;KeyValuePair;Deconstruct;(TKey,TValue);Argument[this];ReturnValue;taint;df-generated | +| System.Collections.Generic;KeyValuePair;Deconstruct;(TKey,TValue);Argument[this];Argument[0];taint;df-generated | +| System.Collections.Generic;KeyValuePair;Deconstruct;(TKey,TValue);Argument[this];Argument[1];taint;df-generated | | System.Collections.Generic;KeyValuePair;KeyValuePair;(TKey,TValue);Argument[0];Argument[this].Property[System.Collections.Generic.KeyValuePair`2.Key];value;manual | | System.Collections.Generic;KeyValuePair;KeyValuePair;(TKey,TValue);Argument[1];Argument[this].Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual | | System.Collections.Generic;KeyValuePair;get_Key;();Argument[this];ReturnValue;taint;df-generated | @@ -7097,8 +7075,8 @@ summary | System.Collections.Generic;OrderedDictionary;OrderedDictionary;(System.Collections.Generic.IEnumerable>,System.Collections.Generic.IEqualityComparer);Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];value;dfc-generated | | System.Collections.Generic;OrderedDictionary;OrderedDictionary;(System.Collections.Generic.IEnumerable>,System.Collections.Generic.IEqualityComparer);Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;dfc-generated | | System.Collections.Generic;OrderedDictionary;OrderedDictionary;(System.Int32,System.Collections.Generic.IEqualityComparer);Argument[1];Argument[this].SyntheticField[System.Collections.Generic.OrderedDictionary`2._comparer];value;dfc-generated | -| System.Collections.Generic;OrderedDictionary;Remove;(TKey,TValue);Argument[this];ReturnValue;taint;df-generated | -| System.Collections.Generic;OrderedDictionary;TryGetValue;(TKey,TValue);Argument[this];ReturnValue;taint;df-generated | +| System.Collections.Generic;OrderedDictionary;Remove;(TKey,TValue);Argument[this];Argument[1];taint;df-generated | +| System.Collections.Generic;OrderedDictionary;TryGetValue;(TKey,TValue);Argument[this];Argument[1];taint;df-generated | | System.Collections.Generic;OrderedDictionary;get_Comparer;();Argument[this].SyntheticField[System.Collections.Generic.OrderedDictionary`2._comparer];ReturnValue;value;dfc-generated | | System.Collections.Generic;OrderedDictionary;get_Item;(System.Int32);Argument[this].Element;ReturnValue;value;manual | | System.Collections.Generic;OrderedDictionary;get_Item;(System.Object);Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue;value;manual | @@ -7129,9 +7107,12 @@ summary | System.Collections.Generic;PriorityQueue;PriorityQueue;(System.Collections.Generic.IEnumerable>,System.Collections.Generic.IComparer);Argument[1];Argument[this].SyntheticField[System.Collections.Generic.PriorityQueue`2._comparer];value;dfc-generated | | System.Collections.Generic;PriorityQueue;PriorityQueue;(System.Int32,System.Collections.Generic.IComparer);Argument[1];Argument[this].SyntheticField[System.Collections.Generic.PriorityQueue`2._comparer];value;dfc-generated | | System.Collections.Generic;PriorityQueue;Remove;(TElement,TElement,TPriority,System.Collections.Generic.IEqualityComparer);Argument[0];Argument[3];taint;df-generated | -| System.Collections.Generic;PriorityQueue;Remove;(TElement,TElement,TPriority,System.Collections.Generic.IEqualityComparer);Argument[this];ReturnValue;taint;df-generated | -| System.Collections.Generic;PriorityQueue;TryDequeue;(TElement,TPriority);Argument[this];ReturnValue;taint;df-generated | -| System.Collections.Generic;PriorityQueue;TryPeek;(TElement,TPriority);Argument[this];ReturnValue;taint;df-generated | +| System.Collections.Generic;PriorityQueue;Remove;(TElement,TElement,TPriority,System.Collections.Generic.IEqualityComparer);Argument[this];Argument[1];taint;df-generated | +| System.Collections.Generic;PriorityQueue;Remove;(TElement,TElement,TPriority,System.Collections.Generic.IEqualityComparer);Argument[this];Argument[2];taint;df-generated | +| System.Collections.Generic;PriorityQueue;TryDequeue;(TElement,TPriority);Argument[this];Argument[0];taint;df-generated | +| System.Collections.Generic;PriorityQueue;TryDequeue;(TElement,TPriority);Argument[this];Argument[1];taint;df-generated | +| System.Collections.Generic;PriorityQueue;TryPeek;(TElement,TPriority);Argument[this];Argument[0];taint;df-generated | +| System.Collections.Generic;PriorityQueue;TryPeek;(TElement,TPriority);Argument[this];Argument[1];taint;df-generated | | System.Collections.Generic;PriorityQueue;get_Comparer;();Argument[this].SyntheticField[System.Collections.Generic.PriorityQueue`2._comparer];ReturnValue;value;dfc-generated | | System.Collections.Generic;Queue+Enumerator;get_Current;();Argument[this].Property[System.Collections.Generic.Queue`1+Enumerator.Current];ReturnValue;value;df-generated | | System.Collections.Generic;Queue+Enumerator;get_Current;();Argument[this].Property[System.Collections.Generic.Queue`1+Enumerator.Current];ReturnValue;value;dfc-generated | @@ -7147,8 +7128,8 @@ summary | System.Collections.Generic;Queue;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual | | System.Collections.Generic;Queue;Peek;();Argument[this].Element;ReturnValue;value;manual | | System.Collections.Generic;Queue;Queue;(System.Collections.Generic.IEnumerable);Argument[0].Element;Argument[this].SyntheticField[System.Collections.Generic.Queue`1._array].Element;value;dfc-generated | -| System.Collections.Generic;Queue;TryDequeue;(T);Argument[this].SyntheticField[System.Collections.Generic.Queue`1._array].Element;ReturnValue;value;dfc-generated | -| System.Collections.Generic;Queue;TryPeek;(T);Argument[this].SyntheticField[System.Collections.Generic.Queue`1._array].Element;ReturnValue;value;dfc-generated | +| System.Collections.Generic;Queue;TryDequeue;(T);Argument[this].SyntheticField[System.Collections.Generic.Queue`1._array].Element;Argument[0];value;dfc-generated | +| System.Collections.Generic;Queue;TryPeek;(T);Argument[this].SyntheticField[System.Collections.Generic.Queue`1._array].Element;Argument[0];value;dfc-generated | | System.Collections.Generic;Queue;get_SyncRoot;();Argument[this];ReturnValue;value;dfc-generated | | System.Collections.Generic;ReferenceEqualityComparer;GetHashCode;(System.Object);Argument[0];Argument[this];taint;df-generated | | System.Collections.Generic;SortedDictionary+Enumerator;get_Current;();Argument[this].Property[System.Collections.Generic.SortedDictionary`2+Enumerator.Current].Property[System.Collections.Generic.KeyValuePair`2.Key];ReturnValue.Property[System.Collections.Generic.KeyValuePair`2.Key];value;df-generated | @@ -7240,7 +7221,7 @@ summary | System.Collections.Generic;SortedList;SortedList;(System.Collections.Generic.IDictionary);Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual | | System.Collections.Generic;SortedList;SortedList;(System.Collections.Generic.IDictionary,System.Collections.Generic.IComparer);Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];value;manual | | System.Collections.Generic;SortedList;SortedList;(System.Collections.Generic.IDictionary,System.Collections.Generic.IComparer);Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual | -| System.Collections.Generic;SortedList;TryGetValue;(TKey,TValue);Argument[this].SyntheticField[System.Collections.Generic.SortedList`2.values].Element;ReturnValue;value;dfc-generated | +| System.Collections.Generic;SortedList;TryGetValue;(TKey,TValue);Argument[this].SyntheticField[System.Collections.Generic.SortedList`2.values].Element;Argument[1];value;dfc-generated | | System.Collections.Generic;SortedList;get_Comparer;();Argument[this].SyntheticField[System.Collections.Generic.SortedList`2.comparer];ReturnValue;value;dfc-generated | | System.Collections.Generic;SortedList;get_Item;(System.Object);Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue;value;manual | | System.Collections.Generic;SortedList;get_Item;(TKey);Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue;value;manual | @@ -7275,7 +7256,7 @@ summary | System.Collections.Generic;SortedSet;SortedSet;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);Argument[0];Argument[this];taint;df-generated | | System.Collections.Generic;SortedSet;SymmetricExceptWith;(System.Collections.Generic.IEnumerable);Argument[0].Element;Argument[this].Element;value;dfc-generated | | System.Collections.Generic;SortedSet;SymmetricExceptWith;(System.Collections.Generic.IEnumerable);Argument[0].Element;Argument[this].SyntheticField[System.Collections.Generic.SortedSet`1.root].SyntheticField[System.Collections.Generic.SortedSet`1+Node.Item];value;dfc-generated | -| System.Collections.Generic;SortedSet;TryGetValue;(T,T);Argument[this].SyntheticField[System.Collections.Generic.SortedSet`1.root].SyntheticField[System.Collections.Generic.SortedSet`1+Node.Item];ReturnValue;value;dfc-generated | +| System.Collections.Generic;SortedSet;TryGetValue;(T,T);Argument[this].SyntheticField[System.Collections.Generic.SortedSet`1.root].SyntheticField[System.Collections.Generic.SortedSet`1+Node.Item];Argument[1];value;dfc-generated | | System.Collections.Generic;SortedSet;UnionWith;(System.Collections.Generic.IEnumerable);Argument[0].Element;Argument[this].Element;value;dfc-generated | | System.Collections.Generic;SortedSet;UnionWith;(System.Collections.Generic.IEnumerable);Argument[0].Element;Argument[this].SyntheticField[System.Collections.Generic.SortedSet`1.root].SyntheticField[System.Collections.Generic.SortedSet`1+Node.Item];value;dfc-generated | | System.Collections.Generic;SortedSet;UnionWith;(System.Collections.Generic.IEnumerable);Argument[this].Element;Argument[this].SyntheticField[System.Collections.Generic.SortedSet`1.root].SyntheticField[System.Collections.Generic.SortedSet`1+Node.Item];value;dfc-generated | @@ -7298,8 +7279,8 @@ summary | System.Collections.Generic;Stack;Push;(T);Argument[0];Argument[this].SyntheticField[System.Collections.Generic.Stack`1._array].Element;value;dfc-generated | | System.Collections.Generic;Stack;Stack;(System.Collections.Generic.IEnumerable);Argument[0].Element;Argument[this].SyntheticField[System.Collections.Generic.Stack`1._array].Element;value;dfc-generated | | System.Collections.Generic;Stack;ToArray;();Argument[this].SyntheticField[System.Collections.Generic.Stack`1._array].Element;ReturnValue.Element;value;dfc-generated | -| System.Collections.Generic;Stack;TryPeek;(T);Argument[this].SyntheticField[System.Collections.Generic.Stack`1._array].Element;ReturnValue;value;dfc-generated | -| System.Collections.Generic;Stack;TryPop;(T);Argument[this].SyntheticField[System.Collections.Generic.Stack`1._array].Element;ReturnValue;value;dfc-generated | +| System.Collections.Generic;Stack;TryPeek;(T);Argument[this].SyntheticField[System.Collections.Generic.Stack`1._array].Element;Argument[0];value;dfc-generated | +| System.Collections.Generic;Stack;TryPop;(T);Argument[this].SyntheticField[System.Collections.Generic.Stack`1._array].Element;Argument[0];value;dfc-generated | | System.Collections.Generic;Stack;get_SyncRoot;();Argument[this];ReturnValue;value;dfc-generated | | System.Collections.Immutable;IImmutableDictionary;AddRange;(System.Collections.Generic.IEnumerable>);Argument[0].Element;Argument[this].Element;value;manual | | System.Collections.Immutable;IImmutableDictionary;Clear;();Argument[this].WithoutElement;ReturnValue;value;manual | @@ -7554,8 +7535,7 @@ summary | System.Collections.Immutable;ImmutableDictionary+Builder;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual | | System.Collections.Immutable;ImmutableDictionary+Builder;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.Immutable.ImmutableDictionary`2+Enumerator.Current];value;manual | | System.Collections.Immutable;ImmutableDictionary+Builder;GetValueOrDefault;(TKey,TValue);Argument[1];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableDictionary+Builder;TryGetKey;(TKey,TKey);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableDictionary+Builder;TryGetValue;(TKey,TValue);Argument[1];ReturnValue;value;dfc-generated | +| System.Collections.Immutable;ImmutableDictionary+Builder;TryGetKey;(TKey,TKey);Argument[0];Argument[1];value;dfc-generated | | System.Collections.Immutable;ImmutableDictionary+Builder;get_Item;(System.Object);Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue;value;manual | | System.Collections.Immutable;ImmutableDictionary+Builder;get_Item;(TKey);Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue;value;manual | | System.Collections.Immutable;ImmutableDictionary+Builder;get_Keys;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];ReturnValue.Element;value;manual | @@ -7590,8 +7570,7 @@ summary | System.Collections.Immutable;ImmutableDictionary;SetItem;(TKey,TValue);Argument[this];ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableDictionary;SetItems;(System.Collections.Generic.IEnumerable>);Argument[this];ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableDictionary;ToBuilder;();Argument[this];ReturnValue;taint;df-generated | -| System.Collections.Immutable;ImmutableDictionary;TryGetKey;(TKey,TKey);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableDictionary;TryGetValue;(TKey,TValue);Argument[1];ReturnValue;value;dfc-generated | +| System.Collections.Immutable;ImmutableDictionary;TryGetKey;(TKey,TKey);Argument[0];Argument[1];value;dfc-generated | | System.Collections.Immutable;ImmutableDictionary;WithComparers;(System.Collections.Generic.IEqualityComparer);Argument[0];ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableDictionary`2._comparers].SyntheticField[System.Collections.Immutable.ImmutableDictionary`2+Comparers._keyComparer];value;dfc-generated | | System.Collections.Immutable;ImmutableDictionary;WithComparers;(System.Collections.Generic.IEqualityComparer,System.Collections.Generic.IEqualityComparer);Argument[0];ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableDictionary`2._comparers].SyntheticField[System.Collections.Immutable.ImmutableDictionary`2+Comparers._keyComparer];value;dfc-generated | | System.Collections.Immutable;ImmutableDictionary;WithComparers;(System.Collections.Generic.IEqualityComparer,System.Collections.Generic.IEqualityComparer);Argument[1];ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableDictionary`2._comparers].SyntheticField[System.Collections.Immutable.ImmutableDictionary`2+Comparers._valueComparer];value;dfc-generated | @@ -7624,7 +7603,7 @@ summary | System.Collections.Immutable;ImmutableHashSet+Builder;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual | | System.Collections.Immutable;ImmutableHashSet+Builder;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.Immutable.ImmutableHashSet`1+Enumerator.Current];value;manual | | System.Collections.Immutable;ImmutableHashSet+Builder;SymmetricExceptWith;(System.Collections.Generic.IEnumerable);Argument[0].Element;Argument[this];taint;df-generated | -| System.Collections.Immutable;ImmutableHashSet+Builder;TryGetValue;(T,T);Argument[0];ReturnValue;value;dfc-generated | +| System.Collections.Immutable;ImmutableHashSet+Builder;TryGetValue;(T,T);Argument[0];Argument[1];value;dfc-generated | | System.Collections.Immutable;ImmutableHashSet+Enumerator;get_Current;();Argument[this].Property[System.Collections.Immutable.ImmutableHashSet`1+Enumerator.Current];ReturnValue;value;df-generated | | System.Collections.Immutable;ImmutableHashSet+Enumerator;get_Current;();Argument[this].Property[System.Collections.Immutable.ImmutableHashSet`1+Enumerator.Current];ReturnValue;value;dfc-generated | | System.Collections.Immutable;ImmutableHashSet+Enumerator;get_Current;();Argument[this];ReturnValue;taint;df-generated | @@ -7642,13 +7621,11 @@ summary | System.Collections.Immutable;ImmutableHashSet;Remove;(T);Argument[this];ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableHashSet;SymmetricExcept;(System.Collections.Generic.IEnumerable);Argument[this];ReturnValue;value;dfc-generated | | System.Collections.Immutable;ImmutableHashSet;ToBuilder;();Argument[this];ReturnValue;taint;df-generated | -| System.Collections.Immutable;ImmutableHashSet;TryGetValue;(T,T);Argument[0];ReturnValue;value;dfc-generated | +| System.Collections.Immutable;ImmutableHashSet;TryGetValue;(T,T);Argument[0];Argument[1];value;dfc-generated | | System.Collections.Immutable;ImmutableHashSet;Union;(System.Collections.Generic.IEnumerable);Argument[0];ReturnValue;value;dfc-generated | | System.Collections.Immutable;ImmutableHashSet;WithComparer;(System.Collections.Generic.IEqualityComparer);Argument[this];ReturnValue;value;dfc-generated | | System.Collections.Immutable;ImmutableHashSet;get_KeyComparer;();Argument[this];ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableHashSet;get_SyncRoot;();Argument[this];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,System.Func);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,System.Func);Argument[0];ReturnValue;value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,System.Func);Argument[1];Argument[2].Parameter[0];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,System.Func);Argument[1];Argument[2].Parameter[0];value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,System.Func);Argument[1];Argument[3].Parameter[0];value;dfc-generated | @@ -7661,8 +7638,6 @@ summary | System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,System.Func);Argument[3].ReturnValue;ReturnValue;value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,System.Func);Argument[3];Argument[3].Parameter[delegate-self];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,System.Func);Argument[3];Argument[3].Parameter[delegate-self];value;hq-generated | -| System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue,System.Func);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue,System.Func);Argument[0];ReturnValue;value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue,System.Func);Argument[1];Argument[3].Parameter[0];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue,System.Func);Argument[1];Argument[3].Parameter[0];value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue,System.Func);Argument[2];ReturnValue;value;dfc-generated | @@ -7671,9 +7646,6 @@ summary | System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue,System.Func);Argument[3].ReturnValue;ReturnValue;value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue,System.Func);Argument[3];Argument[3].Parameter[delegate-self];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue,System.Func);Argument[3];Argument[3].Parameter[delegate-self];value;hq-generated | -| System.Collections.Immutable;ImmutableInterlocked;Enqueue;(System.Collections.Immutable.ImmutableQueue,T);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,TArg);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,TArg);Argument[0];ReturnValue;value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,TArg);Argument[1];Argument[2].Parameter[0];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,TArg);Argument[1];Argument[2].Parameter[0];value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,TArg);Argument[2].ReturnValue;ReturnValue;value;dfc-generated | @@ -7682,45 +7654,22 @@ summary | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,TArg);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,TArg);Argument[3];Argument[2].Parameter[1];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,TArg);Argument[3];Argument[2].Parameter[1];value;hq-generated | -| System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func);Argument[0];ReturnValue;value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func);Argument[1];Argument[2].Parameter[0];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func);Argument[1];Argument[2].Parameter[0];value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func);Argument[2].ReturnValue;ReturnValue;value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func);Argument[2].ReturnValue;ReturnValue;value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func);Argument[2];Argument[2].Parameter[delegate-self];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | -| System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue);Argument[0];ReturnValue;value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue);Argument[2];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;InterlockedCompareExchange;(System.Collections.Immutable.ImmutableArray,System.Collections.Immutable.ImmutableArray,System.Collections.Immutable.ImmutableArray);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;InterlockedExchange;(System.Collections.Immutable.ImmutableArray,System.Collections.Immutable.ImmutableArray);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;InterlockedInitialize;(System.Collections.Immutable.ImmutableArray,System.Collections.Immutable.ImmutableArray);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;Push;(System.Collections.Immutable.ImmutableStack,T);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;TryAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;TryDequeue;(System.Collections.Immutable.ImmutableQueue,T);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;TryPop;(System.Collections.Immutable.ImmutableStack,T);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;TryRemove;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;TryRemove;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue);Argument[2];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;TryUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue,TValue);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;Update;(System.Collections.Immutable.ImmutableArray,System.Func,TArg,System.Collections.Immutable.ImmutableArray>,TArg);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;Update;(System.Collections.Immutable.ImmutableArray,System.Func,TArg,System.Collections.Immutable.ImmutableArray>,TArg);Argument[0];ReturnValue;value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;Update;(System.Collections.Immutable.ImmutableArray,System.Func,TArg,System.Collections.Immutable.ImmutableArray>,TArg);Argument[1];Argument[1].Parameter[delegate-self];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;Update;(System.Collections.Immutable.ImmutableArray,System.Func,TArg,System.Collections.Immutable.ImmutableArray>,TArg);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;Update;(System.Collections.Immutable.ImmutableArray,System.Func,TArg,System.Collections.Immutable.ImmutableArray>,TArg);Argument[2];Argument[1].Parameter[1];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;Update;(System.Collections.Immutable.ImmutableArray,System.Func,TArg,System.Collections.Immutable.ImmutableArray>,TArg);Argument[2];Argument[1].Parameter[1];value;hq-generated | -| System.Collections.Immutable;ImmutableInterlocked;Update;(T,System.Func,TArg);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;Update;(T,System.Func,TArg);Argument[0];ReturnValue;value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;Update;(T,System.Func,TArg);Argument[1];Argument[1].Parameter[delegate-self];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;Update;(T,System.Func,TArg);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;Update;(T,System.Func,TArg);Argument[2];Argument[1].Parameter[1];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;Update;(T,System.Func,TArg);Argument[2];Argument[1].Parameter[1];value;hq-generated | -| System.Collections.Immutable;ImmutableInterlocked;Update;(System.Collections.Immutable.ImmutableArray,System.Func,System.Collections.Immutable.ImmutableArray>);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;Update;(System.Collections.Immutable.ImmutableArray,System.Func,System.Collections.Immutable.ImmutableArray>);Argument[0];ReturnValue;value;hq-generated | -| System.Collections.Immutable;ImmutableInterlocked;Update;(System.Collections.Immutable.ImmutableArray,System.Func,System.Collections.Immutable.ImmutableArray>);Argument[1];Argument[1].Parameter[delegate-self];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;Update;(System.Collections.Immutable.ImmutableArray,System.Func,System.Collections.Immutable.ImmutableArray>);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | -| System.Collections.Immutable;ImmutableInterlocked;Update;(T,System.Func);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;Update;(T,System.Func);Argument[0];ReturnValue;value;hq-generated | -| System.Collections.Immutable;ImmutableInterlocked;Update;(T,System.Func);Argument[1];Argument[1].Parameter[delegate-self];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;Update;(T,System.Func);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Collections.Immutable;ImmutableList;Create;(System.ReadOnlySpan);Argument[0];ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableList;Create;(T);Argument[0];ReturnValue;taint;df-generated | @@ -7872,10 +7821,12 @@ summary | System.Collections.Immutable;ImmutableQueue;Create;(T);Argument[0];ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableQueue;Create;(T[]);Argument[0].Element;ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableQueue;CreateRange;(System.Collections.Generic.IEnumerable);Argument[0].Element;ReturnValue;taint;df-generated | +| System.Collections.Immutable;ImmutableQueue;Dequeue;(System.Collections.Immutable.IImmutableQueue,T);Argument[0].Element;Argument[1];taint;df-generated | | System.Collections.Immutable;ImmutableQueue;Dequeue;(System.Collections.Immutable.IImmutableQueue,T);Argument[0].Element;ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableQueue+Enumerator;get_Current;();Argument[this];ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableQueue;Clear;();Argument[this].WithoutElement;ReturnValue;value;manual | | System.Collections.Immutable;ImmutableQueue;Dequeue;();Argument[this];ReturnValue;taint;df-generated | +| System.Collections.Immutable;ImmutableQueue;Dequeue;(T);Argument[this];Argument[0];taint;df-generated | | System.Collections.Immutable;ImmutableQueue;Dequeue;(T);Argument[this];ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableQueue;Enqueue;(T);Argument[0];ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableQueue`1._forwards].SyntheticField[System.Collections.Immutable.ImmutableStack`1._head];value;dfc-generated | | System.Collections.Immutable;ImmutableQueue;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.Generic.IEnumerator`1.Current];value;manual | @@ -7951,8 +7902,7 @@ summary | System.Collections.Immutable;ImmutableSortedDictionary+Builder;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual | | System.Collections.Immutable;ImmutableSortedDictionary+Builder;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.Immutable.ImmutableSortedDictionary`2+Enumerator.Current];value;manual | | System.Collections.Immutable;ImmutableSortedDictionary+Builder;GetValueOrDefault;(TKey,TValue);Argument[1];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableSortedDictionary+Builder;TryGetKey;(TKey,TKey);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableSortedDictionary+Builder;TryGetValue;(TKey,TValue);Argument[1];ReturnValue;value;dfc-generated | +| System.Collections.Immutable;ImmutableSortedDictionary+Builder;TryGetKey;(TKey,TKey);Argument[0];Argument[1];value;dfc-generated | | System.Collections.Immutable;ImmutableSortedDictionary+Builder;get_Item;(System.Object);Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue;value;manual | | System.Collections.Immutable;ImmutableSortedDictionary+Builder;get_Item;(TKey);Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue;value;manual | | System.Collections.Immutable;ImmutableSortedDictionary+Builder;get_Keys;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];ReturnValue.Element;value;manual | @@ -7987,9 +7937,8 @@ summary | System.Collections.Immutable;ImmutableSortedDictionary;SetItems;(System.Collections.Generic.IEnumerable>);Argument[0].Element;ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableSortedDictionary;SetItems;(System.Collections.Generic.IEnumerable>);Argument[this];ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableSortedDictionary;ToBuilder;();Argument[this];ReturnValue;taint;df-generated | -| System.Collections.Immutable;ImmutableSortedDictionary;TryGetKey;(TKey,TKey);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableSortedDictionary;TryGetKey;(TKey,TKey);Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedDictionary`2._root].SyntheticField[System.Collections.Immutable.ImmutableSortedDictionary`2+Node._key];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableSortedDictionary;TryGetValue;(TKey,TValue);Argument[1];ReturnValue;value;dfc-generated | +| System.Collections.Immutable;ImmutableSortedDictionary;TryGetKey;(TKey,TKey);Argument[0];Argument[1];value;dfc-generated | +| System.Collections.Immutable;ImmutableSortedDictionary;TryGetKey;(TKey,TKey);Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedDictionary`2._root].SyntheticField[System.Collections.Immutable.ImmutableSortedDictionary`2+Node._key];Argument[1];value;dfc-generated | | System.Collections.Immutable;ImmutableSortedDictionary;WithComparers;(System.Collections.Generic.IComparer);Argument[0];ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableSortedDictionary`2._keyComparer];value;dfc-generated | | System.Collections.Immutable;ImmutableSortedDictionary;WithComparers;(System.Collections.Generic.IComparer,System.Collections.Generic.IEqualityComparer);Argument[0];ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableSortedDictionary`2._keyComparer];value;dfc-generated | | System.Collections.Immutable;ImmutableSortedDictionary;WithComparers;(System.Collections.Generic.IComparer,System.Collections.Generic.IEqualityComparer);Argument[1];ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableSortedDictionary`2._valueComparer];value;dfc-generated | @@ -8031,8 +7980,8 @@ summary | System.Collections.Immutable;ImmutableSortedSet+Builder;IntersectWith;(System.Collections.Generic.IEnumerable);Argument[0].Element;Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Builder._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key];value;dfc-generated | | System.Collections.Immutable;ImmutableSortedSet+Builder;Reverse;();Argument[this].Element;ReturnValue.Element;value;manual | | System.Collections.Immutable;ImmutableSortedSet+Builder;SymmetricExceptWith;(System.Collections.Generic.IEnumerable);Argument[0].Element;Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Builder._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key];value;dfc-generated | -| System.Collections.Immutable;ImmutableSortedSet+Builder;TryGetValue;(T,T);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableSortedSet+Builder;TryGetValue;(T,T);Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Builder._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key];ReturnValue;value;dfc-generated | +| System.Collections.Immutable;ImmutableSortedSet+Builder;TryGetValue;(T,T);Argument[0];Argument[1];value;dfc-generated | +| System.Collections.Immutable;ImmutableSortedSet+Builder;TryGetValue;(T,T);Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Builder._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key];Argument[1];value;dfc-generated | | System.Collections.Immutable;ImmutableSortedSet+Builder;UnionWith;(System.Collections.Generic.IEnumerable);Argument[0].Element;Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Builder._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key];value;dfc-generated | | System.Collections.Immutable;ImmutableSortedSet+Builder;get_Max;();Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Builder._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key];ReturnValue;value;dfc-generated | | System.Collections.Immutable;ImmutableSortedSet+Builder;get_Min;();Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Builder._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key];ReturnValue;value;dfc-generated | @@ -8061,8 +8010,8 @@ summary | System.Collections.Immutable;ImmutableSortedSet;SymmetricExcept;(System.Collections.Generic.IEnumerable);Argument[0].Element;Argument[this].Element;value;dfc-generated | | System.Collections.Immutable;ImmutableSortedSet;SymmetricExcept;(System.Collections.Generic.IEnumerable);Argument[0].Element;ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key];value;dfc-generated | | System.Collections.Immutable;ImmutableSortedSet;ToBuilder;();Argument[this];ReturnValue;taint;df-generated | -| System.Collections.Immutable;ImmutableSortedSet;TryGetValue;(T,T);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableSortedSet;TryGetValue;(T,T);Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key];ReturnValue;value;dfc-generated | +| System.Collections.Immutable;ImmutableSortedSet;TryGetValue;(T,T);Argument[0];Argument[1];value;dfc-generated | +| System.Collections.Immutable;ImmutableSortedSet;TryGetValue;(T,T);Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key];Argument[1];value;dfc-generated | | System.Collections.Immutable;ImmutableSortedSet;Union;(System.Collections.Generic.IEnumerable);Argument[0].Element;ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableSortedSet;Union;(System.Collections.Generic.IEnumerable);Argument[this];ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableSortedSet;Union;(System.Collections.Generic.IEnumerable);Argument[this];ReturnValue;value;df-generated | @@ -8078,6 +8027,7 @@ summary | System.Collections.Immutable;ImmutableStack;Create;(T);Argument[0];ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableStack;Create;(T[]);Argument[0].Element;ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableStack;CreateRange;(System.Collections.Generic.IEnumerable);Argument[0].Element;ReturnValue;taint;df-generated | +| System.Collections.Immutable;ImmutableStack;Pop;(System.Collections.Immutable.IImmutableStack,T);Argument[0].Element;Argument[1];taint;df-generated | | System.Collections.Immutable;ImmutableStack;Pop;(System.Collections.Immutable.IImmutableStack,T);Argument[0].Element;ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableStack+Enumerator;get_Current;();Argument[this];ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableStack;Clear;();Argument[this].WithoutElement;ReturnValue;value;manual | @@ -8086,7 +8036,7 @@ summary | System.Collections.Immutable;ImmutableStack;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.Immutable.ImmutableStack`1+Enumerator.Current];value;manual | | System.Collections.Immutable;ImmutableStack;Peek;();Argument[this].SyntheticField[System.Collections.Immutable.ImmutableStack`1._head];ReturnValue;value;dfc-generated | | System.Collections.Immutable;ImmutableStack;Pop;();Argument[this].SyntheticField[System.Collections.Immutable.ImmutableStack`1._tail];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableStack;Pop;(T);Argument[this].SyntheticField[System.Collections.Immutable.ImmutableStack`1._head];ReturnValue;value;dfc-generated | +| System.Collections.Immutable;ImmutableStack;Pop;(T);Argument[this].SyntheticField[System.Collections.Immutable.ImmutableStack`1._head];Argument[0];value;dfc-generated | | System.Collections.Immutable;ImmutableStack;Pop;(T);Argument[this].SyntheticField[System.Collections.Immutable.ImmutableStack`1._tail];ReturnValue;value;dfc-generated | | System.Collections.Immutable;ImmutableStack;Push;(T);Argument[0];ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableStack`1._head];value;dfc-generated | | System.Collections.Immutable;ImmutableStack;Push;(T);Argument[this];ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableStack`1._tail];value;dfc-generated | @@ -8112,8 +8062,7 @@ summary | System.Collections.ObjectModel;KeyedCollection;InsertItem;(System.Int32,TItem);Argument[1];Argument[this].SyntheticField[System.Collections.ObjectModel.Collection`1.items].Element;value;dfc-generated | | System.Collections.ObjectModel;KeyedCollection;KeyedCollection;(System.Collections.Generic.IEqualityComparer,System.Int32);Argument[0];Argument[this].SyntheticField[System.Collections.ObjectModel.KeyedCollection`2.comparer];value;dfc-generated | | System.Collections.ObjectModel;KeyedCollection;SetItem;(System.Int32,TItem);Argument[1];Argument[this];taint;df-generated | -| System.Collections.ObjectModel;KeyedCollection;TryGetValue;(TKey,TItem);Argument[1];ReturnValue;value;dfc-generated | -| System.Collections.ObjectModel;KeyedCollection;TryGetValue;(TKey,TItem);Argument[this].Property[System.Collections.ObjectModel.Collection`1.Items].Element;ReturnValue;value;dfc-generated | +| System.Collections.ObjectModel;KeyedCollection;TryGetValue;(TKey,TItem);Argument[this].Property[System.Collections.ObjectModel.Collection`1.Items].Element;Argument[1];value;dfc-generated | | System.Collections.ObjectModel;KeyedCollection;get_Comparer;();Argument[this].SyntheticField[System.Collections.ObjectModel.KeyedCollection`2.comparer];ReturnValue;value;dfc-generated | | System.Collections.ObjectModel;KeyedCollection;get_Dictionary;();Argument[this];ReturnValue;taint;df-generated | | System.Collections.ObjectModel;KeyedCollection;get_Item;(TKey);Argument[this].Element;ReturnValue;value;manual | @@ -8168,7 +8117,6 @@ summary | System.Collections.ObjectModel;ReadOnlyDictionary;GetEnumerator;();Argument[this];ReturnValue;taint;df-generated | | System.Collections.ObjectModel;ReadOnlyDictionary;ReadOnlyDictionary;(System.Collections.Generic.IDictionary);Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];value;manual | | System.Collections.ObjectModel;ReadOnlyDictionary;ReadOnlyDictionary;(System.Collections.Generic.IDictionary);Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual | -| System.Collections.ObjectModel;ReadOnlyDictionary;TryGetValue;(TKey,TValue);Argument[1];ReturnValue;value;dfc-generated | | System.Collections.ObjectModel;ReadOnlyDictionary;get_Dictionary;();Argument[this];ReturnValue;taint;df-generated | | System.Collections.ObjectModel;ReadOnlyDictionary;get_Item;(System.Object);Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue;value;manual | | System.Collections.ObjectModel;ReadOnlyDictionary;get_Item;(TKey);Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue;value;manual | @@ -8387,7 +8335,8 @@ summary | System.Collections;DictionaryBase;get_Values;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue.Element;value;manual | | System.Collections;DictionaryBase;set_Item;(System.Object,System.Object);Argument[0];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];value;manual | | System.Collections;DictionaryBase;set_Item;(System.Object,System.Object);Argument[1];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual | -| System.Collections;DictionaryEntry;Deconstruct;(System.Object,System.Object);Argument[this];ReturnValue;taint;df-generated | +| System.Collections;DictionaryEntry;Deconstruct;(System.Object,System.Object);Argument[this];Argument[0];taint;df-generated | +| System.Collections;DictionaryEntry;Deconstruct;(System.Object,System.Object);Argument[this];Argument[1];taint;df-generated | | System.Collections;DictionaryEntry;DictionaryEntry;(System.Object,System.Object);Argument[0];Argument[this];taint;df-generated | | System.Collections;DictionaryEntry;DictionaryEntry;(System.Object,System.Object);Argument[1];Argument[this];taint;df-generated | | System.Collections;Hashtable;Add;(System.Object,System.Object);Argument[0];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];value;manual | @@ -9201,12 +9150,11 @@ summary | System.Configuration.Internal;DelegatingConfigHost;GetStreamNameForConfigSource;(System.String,System.String);Argument[0];ReturnValue;taint;dfc-generated | | System.Configuration.Internal;DelegatingConfigHost;GetStreamNameForConfigSource;(System.String,System.String);Argument[1];ReturnValue;taint;dfc-generated | | System.Configuration.Internal;DelegatingConfigHost;Init;(System.Configuration.Internal.IInternalConfigRoot,System.Object[]);Argument[1].Element;Argument[this];taint;df-generated | -| System.Configuration.Internal;DelegatingConfigHost;InitForConfiguration;(System.String,System.String,System.String,System.Configuration.Internal.IInternalConfigRoot,System.Object[]);Argument[0];ReturnValue;value;dfc-generated | -| System.Configuration.Internal;DelegatingConfigHost;InitForConfiguration;(System.String,System.String,System.String,System.Configuration.Internal.IInternalConfigRoot,System.Object[]);Argument[4].Element;ReturnValue;value;dfc-generated | +| System.Configuration.Internal;DelegatingConfigHost;InitForConfiguration;(System.String,System.String,System.String,System.Configuration.Internal.IInternalConfigRoot,System.Object[]);Argument[4].Element;Argument[1];value;dfc-generated | | System.Configuration.Internal;DelegatingConfigHost;OpenStreamForRead;(System.String);Argument[0];ReturnValue;taint;dfc-generated | | System.Configuration.Internal;DelegatingConfigHost;OpenStreamForRead;(System.String,System.Boolean);Argument[0];ReturnValue;taint;dfc-generated | -| System.Configuration.Internal;DelegatingConfigHost;OpenStreamForWrite;(System.String,System.String,System.Object);Argument[2];ReturnValue;value;dfc-generated | -| System.Configuration.Internal;DelegatingConfigHost;OpenStreamForWrite;(System.String,System.String,System.Object,System.Boolean);Argument[2];ReturnValue;value;dfc-generated | +| System.Configuration.Internal;DelegatingConfigHost;OpenStreamForWrite;(System.String,System.String,System.Object);Argument[1];Argument[2];taint;df-generated | +| System.Configuration.Internal;DelegatingConfigHost;OpenStreamForWrite;(System.String,System.String,System.Object,System.Boolean);Argument[1];Argument[2];taint;df-generated | | System.Configuration.Internal;DelegatingConfigHost;StartMonitoringStreamForChanges;(System.String,System.Configuration.Internal.StreamChangeCallback);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Configuration.Internal;DelegatingConfigHost;StopMonitoringStreamForChanges;(System.String,System.Configuration.Internal.StreamChangeCallback);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Configuration.Internal;IConfigErrorInfo;get_Filename;();Argument[this];ReturnValue;taint;df-generated | @@ -9220,12 +9168,11 @@ summary | System.Configuration.Internal;IInternalConfigHost;GetStreamNameForConfigSource;(System.String,System.String);Argument[0];ReturnValue;taint;dfc-generated | | System.Configuration.Internal;IInternalConfigHost;GetStreamNameForConfigSource;(System.String,System.String);Argument[1];ReturnValue;taint;dfc-generated | | System.Configuration.Internal;IInternalConfigHost;Init;(System.Configuration.Internal.IInternalConfigRoot,System.Object[]);Argument[1].Element;Argument[this];taint;df-generated | -| System.Configuration.Internal;IInternalConfigHost;InitForConfiguration;(System.String,System.String,System.String,System.Configuration.Internal.IInternalConfigRoot,System.Object[]);Argument[0];ReturnValue;value;dfc-generated | -| System.Configuration.Internal;IInternalConfigHost;InitForConfiguration;(System.String,System.String,System.String,System.Configuration.Internal.IInternalConfigRoot,System.Object[]);Argument[4].Element;ReturnValue;value;dfc-generated | +| System.Configuration.Internal;IInternalConfigHost;InitForConfiguration;(System.String,System.String,System.String,System.Configuration.Internal.IInternalConfigRoot,System.Object[]);Argument[4].Element;Argument[1];value;dfc-generated | | System.Configuration.Internal;IInternalConfigHost;OpenStreamForRead;(System.String);Argument[0];ReturnValue;taint;dfc-generated | | System.Configuration.Internal;IInternalConfigHost;OpenStreamForRead;(System.String,System.Boolean);Argument[0];ReturnValue;taint;dfc-generated | -| System.Configuration.Internal;IInternalConfigHost;OpenStreamForWrite;(System.String,System.String,System.Object);Argument[2];ReturnValue;value;dfc-generated | -| System.Configuration.Internal;IInternalConfigHost;OpenStreamForWrite;(System.String,System.String,System.Object,System.Boolean);Argument[2];ReturnValue;value;dfc-generated | +| System.Configuration.Internal;IInternalConfigHost;OpenStreamForWrite;(System.String,System.String,System.Object);Argument[1];Argument[2];taint;df-generated | +| System.Configuration.Internal;IInternalConfigHost;OpenStreamForWrite;(System.String,System.String,System.Object,System.Boolean);Argument[1];Argument[2];taint;df-generated | | System.Configuration.Internal;IInternalConfigHost;StartMonitoringStreamForChanges;(System.String,System.Configuration.Internal.StreamChangeCallback);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Configuration.Internal;IInternalConfigHost;StopMonitoringStreamForChanges;(System.String,System.Configuration.Internal.StreamChangeCallback);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Configuration.Internal;IInternalConfigRecord;GetLkgSection;(System.String);Argument[this];ReturnValue;taint;df-generated | @@ -9838,7 +9785,7 @@ summary | System.Data.Common;DbConnectionStringBuilder;GetPropertyOwner;(System.ComponentModel.PropertyDescriptor);Argument[this];ReturnValue;value;dfc-generated | | System.Data.Common;DbConnectionStringBuilder;ToString;();Argument[this].Property[System.Data.Common.DbConnectionStringBuilder.ConnectionString];ReturnValue;value;dfc-generated | | System.Data.Common;DbConnectionStringBuilder;ToString;();Argument[this].Property[System.Data.Common.DbConnectionStringBuilder.Keys].Element;ReturnValue;taint;dfc-generated | -| System.Data.Common;DbConnectionStringBuilder;TryGetValue;(System.String,System.Object);Argument[this];ReturnValue;taint;df-generated | +| System.Data.Common;DbConnectionStringBuilder;TryGetValue;(System.String,System.Object);Argument[this];Argument[1];taint;df-generated | | System.Data.Common;DbConnectionStringBuilder;get_Item;(System.Object);Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue;value;manual | | System.Data.Common;DbConnectionStringBuilder;get_Item;(System.String);Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue;value;manual | | System.Data.Common;DbConnectionStringBuilder;get_Keys;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];ReturnValue.Element;value;manual | @@ -9970,7 +9917,7 @@ summary | System.Data.Entity.Core.EntityClient;EntityConnection;BeginDbTransaction;(System.Data.IsolationLevel);Argument[this];ReturnValue;taint;df-generated | | System.Data.Entity.Core.EntityClient;EntityConnection;get_ServerVersion;();Argument[this];ReturnValue;taint;df-generated | | System.Data.Entity.Core.EntityClient;EntityConnectionStringBuilder;Clear;();Argument[this].WithoutElement;Argument[this];value;manual | -| System.Data.Entity.Core.EntityClient;EntityConnectionStringBuilder;TryGetValue;(System.String,System.Object);Argument[this];ReturnValue;taint;df-generated | +| System.Data.Entity.Core.EntityClient;EntityConnectionStringBuilder;TryGetValue;(System.String,System.Object);Argument[this];Argument[1];taint;df-generated | | System.Data.Entity.Core.EntityClient;EntityConnectionStringBuilder;get_Keys;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];ReturnValue.Element;value;manual | | System.Data.Entity.Core.EntityClient;EntityDataReader;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual | | System.Data.Entity.Core.EntityClient;EntityDataReader;GetProviderSpecificValue;(System.Int32);Argument[this];ReturnValue;taint;dfc-generated | @@ -10462,7 +10409,7 @@ summary | System.Data.SqlClient;SqlConnection;get_ServerVersion;();Argument[this];ReturnValue;taint;df-generated | | System.Data.SqlClient;SqlConnection;remove_InfoMessage;(System.Data.SqlClient.SqlInfoMessageEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Data.SqlClient;SqlConnectionStringBuilder;Clear;();Argument[this].WithoutElement;Argument[this];value;manual | -| System.Data.SqlClient;SqlConnectionStringBuilder;TryGetValue;(System.String,System.Object);Argument[this];ReturnValue;taint;df-generated | +| System.Data.SqlClient;SqlConnectionStringBuilder;TryGetValue;(System.String,System.Object);Argument[this];Argument[1];taint;df-generated | | System.Data.SqlClient;SqlConnectionStringBuilder;get_Keys;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];ReturnValue.Element;value;manual | | System.Data.SqlClient;SqlConnectionStringBuilder;get_Values;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue.Element;value;manual | | System.Data.SqlClient;SqlDataAdapter;Clone;();Argument[this];ReturnValue;value;dfc-generated | @@ -11111,12 +11058,6 @@ summary | System.Diagnostics.Tracing;EventSource;GetTrait;(System.String);Argument[this].SyntheticField[System.Diagnostics.Tracing.EventSource.m_traits].Element;ReturnValue;value;dfc-generated | | System.Diagnostics.Tracing;EventSource;SendCommand;(System.Diagnostics.Tracing.EventSource,System.Diagnostics.Tracing.EventCommand,System.Collections.Generic.IDictionary);Argument[2];Argument[0].SyntheticField[System.Diagnostics.Tracing.EventSource.m_deferredCommands].Property[System.Diagnostics.Tracing.EventCommandEventArgs.Arguments];value;dfc-generated | | System.Diagnostics.Tracing;EventSource;ToString;();Argument[this];ReturnValue;taint;df-generated | -| System.Diagnostics.Tracing;EventSource;Write;(System.String,System.Diagnostics.Tracing.EventSourceOptions,System.Guid,System.Guid,T);Argument[1];ReturnValue;value;dfc-generated | -| System.Diagnostics.Tracing;EventSource;Write;(System.String,System.Diagnostics.Tracing.EventSourceOptions,System.Guid,System.Guid,T);Argument[2];ReturnValue;value;dfc-generated | -| System.Diagnostics.Tracing;EventSource;Write;(System.String,System.Diagnostics.Tracing.EventSourceOptions,System.Guid,System.Guid,T);Argument[3];ReturnValue;value;dfc-generated | -| System.Diagnostics.Tracing;EventSource;Write;(System.String,System.Diagnostics.Tracing.EventSourceOptions,System.Guid,System.Guid,T);Argument[4];ReturnValue;value;dfc-generated | -| System.Diagnostics.Tracing;EventSource;Write;(System.String,System.Diagnostics.Tracing.EventSourceOptions,T);Argument[1];ReturnValue;value;dfc-generated | -| System.Diagnostics.Tracing;EventSource;Write;(System.String,System.Diagnostics.Tracing.EventSourceOptions,T);Argument[2];ReturnValue;value;dfc-generated | | System.Diagnostics.Tracing;EventSource;add_EventCommandExecuted;(System.EventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;dfc-generated | | System.Diagnostics.Tracing;EventSource;add_EventCommandExecuted;(System.EventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Diagnostics.Tracing;EventSource;add_EventCommandExecuted;(System.EventHandler);Argument[this].SyntheticField[System.Diagnostics.Tracing.EventSource.m_deferredCommands];Argument[0].Parameter[1];value;dfc-generated | @@ -11214,7 +11155,7 @@ summary | System.Diagnostics;ActivityTagsCollection;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.Generic.IEnumerator`1.Current];value;manual | | System.Diagnostics;ActivityTagsCollection;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual | | System.Diagnostics;ActivityTagsCollection;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Diagnostics.ActivityTagsCollection+Enumerator.Current];value;manual | -| System.Diagnostics;ActivityTagsCollection;TryGetValue;(System.String,System.Object);Argument[this];ReturnValue;taint;df-generated | +| System.Diagnostics;ActivityTagsCollection;TryGetValue;(System.String,System.Object);Argument[this];Argument[1];taint;df-generated | | System.Diagnostics;ActivityTagsCollection;get_Item;(System.String);Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue;value;manual | | System.Diagnostics;ActivityTagsCollection;get_Keys;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];ReturnValue.Element;value;manual | | System.Diagnostics;ActivityTagsCollection;get_Values;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue.Element;value;manual | @@ -11225,13 +11166,6 @@ summary | System.Diagnostics;CorrelationManager;get_LogicalOperationStack;();Argument[this];ReturnValue;taint;df-generated | | System.Diagnostics;DataReceivedEventArgs;get_Data;();Argument[this];ReturnValue;taint;df-generated | | System.Diagnostics;DataReceivedEventHandler;BeginInvoke;(System.Object,System.Diagnostics.DataReceivedEventArgs,System.AsyncCallback,System.Object);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | -| System.Diagnostics;Debug;Assert;(System.Boolean,System.Diagnostics.Debug+AssertInterpolatedStringHandler);Argument[1];ReturnValue;value;dfc-generated | -| System.Diagnostics;Debug;Assert;(System.Boolean,System.Diagnostics.Debug+AssertInterpolatedStringHandler,System.Diagnostics.Debug+AssertInterpolatedStringHandler);Argument[1];ReturnValue;value;dfc-generated | -| System.Diagnostics;Debug;Assert;(System.Boolean,System.Diagnostics.Debug+AssertInterpolatedStringHandler,System.Diagnostics.Debug+AssertInterpolatedStringHandler);Argument[2];ReturnValue;value;dfc-generated | -| System.Diagnostics;Debug;WriteIf;(System.Boolean,System.Diagnostics.Debug+WriteIfInterpolatedStringHandler);Argument[1];ReturnValue;value;dfc-generated | -| System.Diagnostics;Debug;WriteIf;(System.Boolean,System.Diagnostics.Debug+WriteIfInterpolatedStringHandler,System.String);Argument[1];ReturnValue;value;dfc-generated | -| System.Diagnostics;Debug;WriteLineIf;(System.Boolean,System.Diagnostics.Debug+WriteIfInterpolatedStringHandler);Argument[1];ReturnValue;value;dfc-generated | -| System.Diagnostics;Debug;WriteLineIf;(System.Boolean,System.Diagnostics.Debug+WriteIfInterpolatedStringHandler,System.String);Argument[1];ReturnValue;value;dfc-generated | | System.Diagnostics;DefaultTraceListener;Write;(System.String);Argument[0];Argument[this];taint;df-generated | | System.Diagnostics;DelimitedListTraceListener;TraceData;(System.Diagnostics.TraceEventCache,System.String,System.Diagnostics.TraceEventType,System.Int32,System.Object);Argument[0];Argument[this];taint;df-generated | | System.Diagnostics;DelimitedListTraceListener;TraceData;(System.Diagnostics.TraceEventCache,System.String,System.Diagnostics.TraceEventType,System.Int32,System.Object);Argument[1];Argument[this];taint;df-generated | @@ -11655,7 +11589,7 @@ summary | System.Dynamic;ExpandoObject;CopyTo;(System.Collections.Generic.KeyValuePair[],System.Int32);Argument[this].Element;Argument[0].Element;value;manual | | System.Dynamic;ExpandoObject;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.Generic.IEnumerator`1.Current];value;manual | | System.Dynamic;ExpandoObject;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual | -| System.Dynamic;ExpandoObject;TryGetValue;(System.String,System.Object);Argument[this];ReturnValue;taint;df-generated | +| System.Dynamic;ExpandoObject;TryGetValue;(System.String,System.Object);Argument[this];Argument[1];taint;df-generated | | System.Dynamic;ExpandoObject;add_PropertyChanged;(System.ComponentModel.PropertyChangedEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Dynamic;ExpandoObject;get_Item;(System.String);Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue;value;manual | | System.Dynamic;ExpandoObject;get_Keys;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];ReturnValue.Element;value;manual | @@ -11684,9 +11618,9 @@ summary | System.Formats.Asn1;AsnDecoder;TryReadBitString;(System.ReadOnlySpan,System.Span,System.Formats.Asn1.AsnEncodingRules,System.Int32,System.Int32,System.Int32,System.Nullable);Argument[0].Element;Argument[1].Element;value;dfc-generated | | System.Formats.Asn1;AsnDecoder;TryReadCharacterStringBytes;(System.ReadOnlySpan,System.Span,System.Formats.Asn1.AsnEncodingRules,System.Formats.Asn1.Asn1Tag,System.Int32,System.Int32);Argument[0].Element;Argument[1].Element;value;dfc-generated | | System.Formats.Asn1;AsnDecoder;TryReadOctetString;(System.ReadOnlySpan,System.Span,System.Formats.Asn1.AsnEncodingRules,System.Int32,System.Int32,System.Nullable);Argument[0].Element;Argument[1].Element;value;dfc-generated | -| System.Formats.Asn1;AsnDecoder;TryReadPrimitiveBitString;(System.ReadOnlySpan,System.Formats.Asn1.AsnEncodingRules,System.Int32,System.ReadOnlySpan,System.Int32,System.Nullable);Argument[0].Element;ReturnValue.Element;value;dfc-generated | -| System.Formats.Asn1;AsnDecoder;TryReadPrimitiveCharacterStringBytes;(System.ReadOnlySpan,System.Formats.Asn1.AsnEncodingRules,System.Formats.Asn1.Asn1Tag,System.ReadOnlySpan,System.Int32);Argument[0].Element;ReturnValue.Element;value;dfc-generated | -| System.Formats.Asn1;AsnDecoder;TryReadPrimitiveOctetString;(System.ReadOnlySpan,System.Formats.Asn1.AsnEncodingRules,System.ReadOnlySpan,System.Int32,System.Nullable);Argument[0].Element;ReturnValue.Element;value;dfc-generated | +| System.Formats.Asn1;AsnDecoder;TryReadPrimitiveBitString;(System.ReadOnlySpan,System.Formats.Asn1.AsnEncodingRules,System.Int32,System.ReadOnlySpan,System.Int32,System.Nullable);Argument[0].Element;Argument[3].Element;value;dfc-generated | +| System.Formats.Asn1;AsnDecoder;TryReadPrimitiveCharacterStringBytes;(System.ReadOnlySpan,System.Formats.Asn1.AsnEncodingRules,System.Formats.Asn1.Asn1Tag,System.ReadOnlySpan,System.Int32);Argument[0].Element;Argument[3].Element;value;dfc-generated | +| System.Formats.Asn1;AsnDecoder;TryReadPrimitiveOctetString;(System.ReadOnlySpan,System.Formats.Asn1.AsnEncodingRules,System.ReadOnlySpan,System.Int32,System.Nullable);Argument[0].Element;Argument[2].Element;value;dfc-generated | | System.Formats.Asn1;AsnReader;AsnReader;(System.ReadOnlyMemory,System.Formats.Asn1.AsnEncodingRules,System.Formats.Asn1.AsnReaderOptions);Argument[0];Argument[this];taint;df-generated | | System.Formats.Asn1;AsnReader;AsnReader;(System.ReadOnlyMemory,System.Formats.Asn1.AsnEncodingRules,System.Formats.Asn1.AsnReaderOptions);Argument[2];Argument[this];taint;df-generated | | System.Formats.Asn1;AsnReader;ReadBitString;(System.Int32,System.Nullable);Argument[this];ReturnValue;taint;df-generated | @@ -11928,8 +11862,6 @@ summary | System.IO.Enumeration;FileSystemEnumerable;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual | | System.IO.Enumeration;FileSystemEnumerable;set_ShouldIncludePredicate;(System.IO.Enumeration.FileSystemEnumerable+FindPredicate);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.IO.Enumeration;FileSystemEnumerable;set_ShouldRecursePredicate;(System.IO.Enumeration.FileSystemEnumerable+FindPredicate);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | -| System.IO.Enumeration;FileSystemEnumerator;ShouldIncludeEntry;(System.IO.Enumeration.FileSystemEntry);Argument[0];ReturnValue;value;dfc-generated | -| System.IO.Enumeration;FileSystemEnumerator;ShouldRecurseIntoEntry;(System.IO.Enumeration.FileSystemEntry);Argument[0];ReturnValue;value;dfc-generated | | System.IO.Enumeration;FileSystemEnumerator;get_Current;();Argument[this].Property[System.IO.Enumeration.FileSystemEnumerator`1.Current];ReturnValue;value;df-generated | | System.IO.Enumeration;FileSystemEnumerator;get_Current;();Argument[this].Property[System.IO.Enumeration.FileSystemEnumerator`1.Current];ReturnValue;value;dfc-generated | | System.IO.Enumeration;FileSystemEnumerator;get_Current;();Argument[this];ReturnValue;taint;df-generated | @@ -12230,7 +12162,7 @@ summary | System.IO;MemoryStream;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual | | System.IO;MemoryStream;ReadAsync;(System.Memory,System.Threading.CancellationToken);Argument[this];Argument[0].Element;taint;manual | | System.IO;MemoryStream;ToArray;();Argument[this];ReturnValue;taint;manual | -| System.IO;MemoryStream;TryGetBuffer;(System.ArraySegment);Argument[this];ReturnValue;taint;df-generated | +| System.IO;MemoryStream;TryGetBuffer;(System.ArraySegment);Argument[this];Argument[0].Element;taint;df-generated | | System.IO;MemoryStream;Write;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;manual | | System.IO;MemoryStream;Write;(System.ReadOnlySpan);Argument[0].Element;Argument[this];taint;manual | | System.IO;MemoryStream;WriteAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);Argument[0].Element;Argument[this];taint;manual | @@ -12553,7 +12485,6 @@ summary | System.IO;UnmanagedMemoryAccessor;Initialize;(System.Runtime.InteropServices.SafeBuffer,System.Int64,System.Int64,System.IO.FileAccess);Argument[0];Argument[this];taint;df-generated | | System.IO;UnmanagedMemoryAccessor;UnmanagedMemoryAccessor;(System.Runtime.InteropServices.SafeBuffer,System.Int64,System.Int64);Argument[0];Argument[this];taint;df-generated | | System.IO;UnmanagedMemoryAccessor;UnmanagedMemoryAccessor;(System.Runtime.InteropServices.SafeBuffer,System.Int64,System.Int64,System.IO.FileAccess);Argument[0];Argument[this];taint;df-generated | -| System.IO;UnmanagedMemoryAccessor;Write;(System.Int64,T);Argument[1];ReturnValue;value;dfc-generated | | System.IO;UnmanagedMemoryStream;FlushAsync;(System.Threading.CancellationToken);Argument[this];ReturnValue.SyntheticField[System.Threading.Tasks.Task.m_stateObject];value;dfc-generated | | System.IO;UnmanagedMemoryStream;Initialize;(System.Byte*,System.Int64,System.Int64,System.IO.FileAccess);Argument[0];Argument[this];taint;df-generated | | System.IO;UnmanagedMemoryStream;Initialize;(System.Runtime.InteropServices.SafeBuffer,System.Int64,System.Int64,System.IO.FileAccess);Argument[0];Argument[this];taint;df-generated | @@ -14517,8 +14448,8 @@ summary | System.Net.Http.Headers;HttpHeadersNonValidated;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.Generic.IEnumerator`1.Current];value;manual | | System.Net.Http.Headers;HttpHeadersNonValidated;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual | | System.Net.Http.Headers;HttpHeadersNonValidated;GetEnumerator;();Argument[this];ReturnValue;taint;df-generated | -| System.Net.Http.Headers;HttpHeadersNonValidated;TryGetValue;(System.String,System.Net.Http.Headers.HeaderStringValues);Argument[0];ReturnValue;taint;df-generated | -| System.Net.Http.Headers;HttpHeadersNonValidated;TryGetValues;(System.String,System.Net.Http.Headers.HeaderStringValues);Argument[0];ReturnValue;taint;df-generated | +| System.Net.Http.Headers;HttpHeadersNonValidated;TryGetValue;(System.String,System.Net.Http.Headers.HeaderStringValues);Argument[0];Argument[1].Element;taint;df-generated | +| System.Net.Http.Headers;HttpHeadersNonValidated;TryGetValues;(System.String,System.Net.Http.Headers.HeaderStringValues);Argument[0];Argument[1].Element;taint;df-generated | | System.Net.Http.Headers;HttpHeadersNonValidated;get_Item;(System.String);Argument[0];ReturnValue;taint;df-generated | | System.Net.Http.Headers;HttpHeadersNonValidated;get_Keys;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];ReturnValue.Element;value;dfc-generated | | System.Net.Http.Headers;HttpHeadersNonValidated;get_Values;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue.Element;value;dfc-generated | @@ -14540,9 +14471,9 @@ summary | System.Net.Http.Headers;MediaTypeHeaderValue;MediaTypeHeaderValue;(System.Net.Http.Headers.MediaTypeHeaderValue);Argument[0].SyntheticField[System.Net.Http.Headers.MediaTypeHeaderValue._mediaType];Argument[this].SyntheticField[System.Net.Http.Headers.MediaTypeHeaderValue._mediaType];value;dfc-generated | | System.Net.Http.Headers;MediaTypeHeaderValue;MediaTypeHeaderValue;(System.String,System.String);Argument[0];Argument[this].SyntheticField[System.Net.Http.Headers.MediaTypeHeaderValue._mediaType];value;dfc-generated | | System.Net.Http.Headers;MediaTypeHeaderValue;ToString;();Argument[this].SyntheticField[System.Net.Http.Headers.MediaTypeHeaderValue._mediaType];ReturnValue;value;dfc-generated | -| System.Net.Http.Headers;MediaTypeHeaderValue;TryParse;(System.String,System.Net.Http.Headers.MediaTypeHeaderValue);Argument[0];ReturnValue.SyntheticField[System.Net.Http.Headers.MediaTypeHeaderValue._mediaType];taint;dfc-generated | +| System.Net.Http.Headers;MediaTypeHeaderValue;TryParse;(System.String,System.Net.Http.Headers.MediaTypeHeaderValue);Argument[0];Argument[1].SyntheticField[System.Net.Http.Headers.MediaTypeHeaderValue._mediaType];taint;dfc-generated | | System.Net.Http.Headers;MediaTypeWithQualityHeaderValue;Clone;();Argument[this];ReturnValue;value;dfc-generated | -| System.Net.Http.Headers;MediaTypeWithQualityHeaderValue;TryParse;(System.String,System.Net.Http.Headers.MediaTypeWithQualityHeaderValue);Argument[0];ReturnValue;taint;df-generated | +| System.Net.Http.Headers;MediaTypeWithQualityHeaderValue;TryParse;(System.String,System.Net.Http.Headers.MediaTypeWithQualityHeaderValue);Argument[0];Argument[1];taint;df-generated | | System.Net.Http.Headers;NameValueHeaderValue;Clone;();Argument[this];ReturnValue;value;dfc-generated | | System.Net.Http.Headers;NameValueHeaderValue;NameValueHeaderValue;(System.Net.Http.Headers.NameValueHeaderValue);Argument[0].SyntheticField[System.Net.Http.Headers.NameValueHeaderValue._name];Argument[this].SyntheticField[System.Net.Http.Headers.NameValueHeaderValue._name];value;dfc-generated | | System.Net.Http.Headers;NameValueHeaderValue;NameValueHeaderValue;(System.Net.Http.Headers.NameValueHeaderValue);Argument[0].SyntheticField[System.Net.Http.Headers.NameValueHeaderValue._value];Argument[this].SyntheticField[System.Net.Http.Headers.NameValueHeaderValue._value];value;dfc-generated | @@ -14596,10 +14527,10 @@ summary | System.Net.Http.Headers;TransferCodingHeaderValue;ToString;();Argument[this].SyntheticField[System.Net.Http.Headers.TransferCodingHeaderValue._value];ReturnValue;taint;dfc-generated | | System.Net.Http.Headers;TransferCodingHeaderValue;TransferCodingHeaderValue;(System.Net.Http.Headers.TransferCodingHeaderValue);Argument[0].SyntheticField[System.Net.Http.Headers.TransferCodingHeaderValue._value];Argument[this].SyntheticField[System.Net.Http.Headers.TransferCodingHeaderValue._value];value;dfc-generated | | System.Net.Http.Headers;TransferCodingHeaderValue;TransferCodingHeaderValue;(System.String);Argument[0];Argument[this].SyntheticField[System.Net.Http.Headers.TransferCodingHeaderValue._value];value;dfc-generated | -| System.Net.Http.Headers;TransferCodingHeaderValue;TryParse;(System.String,System.Net.Http.Headers.TransferCodingHeaderValue);Argument[0];ReturnValue.SyntheticField[System.Net.Http.Headers.TransferCodingHeaderValue._value];taint;dfc-generated | +| System.Net.Http.Headers;TransferCodingHeaderValue;TryParse;(System.String,System.Net.Http.Headers.TransferCodingHeaderValue);Argument[0];Argument[1].SyntheticField[System.Net.Http.Headers.TransferCodingHeaderValue._value];taint;dfc-generated | | System.Net.Http.Headers;TransferCodingHeaderValue;get_Value;();Argument[this].SyntheticField[System.Net.Http.Headers.TransferCodingHeaderValue._value];ReturnValue;value;dfc-generated | | System.Net.Http.Headers;TransferCodingWithQualityHeaderValue;Clone;();Argument[this];ReturnValue;value;dfc-generated | -| System.Net.Http.Headers;TransferCodingWithQualityHeaderValue;TryParse;(System.String,System.Net.Http.Headers.TransferCodingWithQualityHeaderValue);Argument[0];ReturnValue;taint;df-generated | +| System.Net.Http.Headers;TransferCodingWithQualityHeaderValue;TryParse;(System.String,System.Net.Http.Headers.TransferCodingWithQualityHeaderValue);Argument[0];Argument[1];taint;df-generated | | System.Net.Http.Headers;ViaHeaderValue;Clone;();Argument[this];ReturnValue;value;dfc-generated | | System.Net.Http.Headers;ViaHeaderValue;ViaHeaderValue;(System.String,System.String,System.String,System.String);Argument[0];Argument[this].SyntheticField[System.Net.Http.Headers.ViaHeaderValue._protocolVersion];value;dfc-generated | | System.Net.Http.Headers;ViaHeaderValue;ViaHeaderValue;(System.String,System.String,System.String,System.String);Argument[1];Argument[this].SyntheticField[System.Net.Http.Headers.ViaHeaderValue._receivedBy];value;dfc-generated | @@ -14704,8 +14635,7 @@ summary | System.Net.Http;HttpRequestMessage;HttpRequestMessage;(System.Net.Http.HttpMethod,System.String);Argument[1];Argument[this];taint;manual | | System.Net.Http;HttpRequestMessage;HttpRequestMessage;(System.Net.Http.HttpMethod,System.Uri);Argument[0];Argument[this];taint;manual | | System.Net.Http;HttpRequestMessage;HttpRequestMessage;(System.Net.Http.HttpMethod,System.Uri);Argument[1];Argument[this];taint;manual | -| System.Net.Http;HttpRequestMessage;ToString;();Argument[this].SyntheticField[System.Net.Http.HttpRequestMessage._method];ReturnValue;taint;dfc-generated | -| System.Net.Http;HttpRequestMessage;ToString;();Argument[this].SyntheticField[System.Net.Http.HttpRequestMessage._requestUri];ReturnValue;taint;dfc-generated | +| System.Net.Http;HttpRequestMessage;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.Net.Http;HttpRequestMessage;get_Properties;();Argument[this].Property[System.Net.Http.HttpRequestMessage.Options];ReturnValue;value;dfc-generated | | System.Net.Http;HttpRequestOptions;Add;(System.Collections.Generic.KeyValuePair);Argument[0].Property[System.Collections.Generic.KeyValuePair`2.Key];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];value;manual | | System.Net.Http;HttpRequestOptions;Add;(System.Collections.Generic.KeyValuePair);Argument[0].Property[System.Collections.Generic.KeyValuePair`2.Value];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual | @@ -14828,17 +14758,17 @@ summary | System.Net.Mail;MailAddress;MailAddress;(System.String,System.String,System.Text.Encoding);Argument[0];Argument[this].SyntheticField[System.Net.Mail.MailAddress._userName];taint;dfc-generated | | System.Net.Mail;MailAddress;MailAddress;(System.String,System.String,System.Text.Encoding);Argument[1];Argument[this].SyntheticField[System.Net.Mail.MailAddress._displayName];value;dfc-generated | | System.Net.Mail;MailAddress;ToString;();Argument[this];ReturnValue;taint;df-generated | -| System.Net.Mail;MailAddress;TryCreate;(System.String,System.Net.Mail.MailAddress);Argument[0];ReturnValue.SyntheticField[System.Net.Mail.MailAddress._displayName];taint;dfc-generated | -| System.Net.Mail;MailAddress;TryCreate;(System.String,System.Net.Mail.MailAddress);Argument[0];ReturnValue.SyntheticField[System.Net.Mail.MailAddress._host];taint;dfc-generated | -| System.Net.Mail;MailAddress;TryCreate;(System.String,System.Net.Mail.MailAddress);Argument[0];ReturnValue.SyntheticField[System.Net.Mail.MailAddress._userName];taint;dfc-generated | -| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Net.Mail.MailAddress);Argument[0];ReturnValue.SyntheticField[System.Net.Mail.MailAddress._displayName];taint;dfc-generated | -| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Net.Mail.MailAddress);Argument[0];ReturnValue.SyntheticField[System.Net.Mail.MailAddress._host];taint;dfc-generated | -| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Net.Mail.MailAddress);Argument[0];ReturnValue.SyntheticField[System.Net.Mail.MailAddress._userName];taint;dfc-generated | -| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Net.Mail.MailAddress);Argument[1];ReturnValue.SyntheticField[System.Net.Mail.MailAddress._displayName];value;dfc-generated | -| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Text.Encoding,System.Net.Mail.MailAddress);Argument[0];ReturnValue.SyntheticField[System.Net.Mail.MailAddress._displayName];taint;dfc-generated | -| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Text.Encoding,System.Net.Mail.MailAddress);Argument[0];ReturnValue.SyntheticField[System.Net.Mail.MailAddress._host];taint;dfc-generated | -| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Text.Encoding,System.Net.Mail.MailAddress);Argument[0];ReturnValue.SyntheticField[System.Net.Mail.MailAddress._userName];taint;dfc-generated | -| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Text.Encoding,System.Net.Mail.MailAddress);Argument[1];ReturnValue.SyntheticField[System.Net.Mail.MailAddress._displayName];value;dfc-generated | +| System.Net.Mail;MailAddress;TryCreate;(System.String,System.Net.Mail.MailAddress);Argument[0];Argument[1].SyntheticField[System.Net.Mail.MailAddress._displayName];taint;dfc-generated | +| System.Net.Mail;MailAddress;TryCreate;(System.String,System.Net.Mail.MailAddress);Argument[0];Argument[1].SyntheticField[System.Net.Mail.MailAddress._host];taint;dfc-generated | +| System.Net.Mail;MailAddress;TryCreate;(System.String,System.Net.Mail.MailAddress);Argument[0];Argument[1].SyntheticField[System.Net.Mail.MailAddress._userName];taint;dfc-generated | +| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Net.Mail.MailAddress);Argument[0];Argument[2].SyntheticField[System.Net.Mail.MailAddress._displayName];taint;dfc-generated | +| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Net.Mail.MailAddress);Argument[0];Argument[2].SyntheticField[System.Net.Mail.MailAddress._host];taint;dfc-generated | +| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Net.Mail.MailAddress);Argument[0];Argument[2].SyntheticField[System.Net.Mail.MailAddress._userName];taint;dfc-generated | +| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Net.Mail.MailAddress);Argument[1];Argument[2].SyntheticField[System.Net.Mail.MailAddress._displayName];value;dfc-generated | +| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Text.Encoding,System.Net.Mail.MailAddress);Argument[0];Argument[3].SyntheticField[System.Net.Mail.MailAddress._displayName];taint;dfc-generated | +| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Text.Encoding,System.Net.Mail.MailAddress);Argument[0];Argument[3].SyntheticField[System.Net.Mail.MailAddress._host];taint;dfc-generated | +| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Text.Encoding,System.Net.Mail.MailAddress);Argument[0];Argument[3].SyntheticField[System.Net.Mail.MailAddress._userName];taint;dfc-generated | +| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Text.Encoding,System.Net.Mail.MailAddress);Argument[1];Argument[3].SyntheticField[System.Net.Mail.MailAddress._displayName];value;dfc-generated | | System.Net.Mail;MailAddress;get_Address;();Argument[this].SyntheticField[System.Net.Mail.MailAddress._host];ReturnValue;taint;dfc-generated | | System.Net.Mail;MailAddress;get_Address;();Argument[this].SyntheticField[System.Net.Mail.MailAddress._userName];ReturnValue;taint;dfc-generated | | System.Net.Mail;MailAddress;get_DisplayName;();Argument[this].SyntheticField[System.Net.Mail.MailAddress._displayName];ReturnValue;value;dfc-generated | @@ -15133,13 +15063,7 @@ summary | System.Net.Sockets;Socket;BeginReceive;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.Sockets.SocketError,System.AsyncCallback,System.Object);Argument[5];Argument[5].Parameter[delegate-self];value;hq-generated | | System.Net.Sockets;Socket;BeginReceive;(System.Collections.Generic.IList>,System.Net.Sockets.SocketFlags,System.AsyncCallback,System.Object);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | | System.Net.Sockets;Socket;BeginReceive;(System.Collections.Generic.IList>,System.Net.Sockets.SocketFlags,System.Net.Sockets.SocketError,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;hq-generated | -| System.Net.Sockets;Socket;BeginReceiveFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.AsyncCallback,System.Object);Argument[4];ReturnValue;value;dfc-generated | -| System.Net.Sockets;Socket;BeginReceiveFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.AsyncCallback,System.Object);Argument[4];ReturnValue;value;hq-generated | -| System.Net.Sockets;Socket;BeginReceiveFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.AsyncCallback,System.Object);Argument[5];Argument[5].Parameter[delegate-self];value;dfc-generated | | System.Net.Sockets;Socket;BeginReceiveFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.AsyncCallback,System.Object);Argument[5];Argument[5].Parameter[delegate-self];value;hq-generated | -| System.Net.Sockets;Socket;BeginReceiveMessageFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.AsyncCallback,System.Object);Argument[4];ReturnValue;value;dfc-generated | -| System.Net.Sockets;Socket;BeginReceiveMessageFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.AsyncCallback,System.Object);Argument[4];ReturnValue;value;hq-generated | -| System.Net.Sockets;Socket;BeginReceiveMessageFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.AsyncCallback,System.Object);Argument[5];Argument[5].Parameter[delegate-self];value;dfc-generated | | System.Net.Sockets;Socket;BeginReceiveMessageFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.AsyncCallback,System.Object);Argument[5];Argument[5].Parameter[delegate-self];value;hq-generated | | System.Net.Sockets;Socket;BeginSend;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.AsyncCallback,System.Object);Argument[4];Argument[4].Parameter[delegate-self];value;hq-generated | | System.Net.Sockets;Socket;BeginSend;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.Sockets.SocketError,System.AsyncCallback,System.Object);Argument[5];Argument[5].Parameter[delegate-self];value;hq-generated | @@ -15155,18 +15079,16 @@ summary | System.Net.Sockets;Socket;ConnectAsync;(System.Net.Sockets.SocketAsyncEventArgs);Argument[0];Argument[this];taint;df-generated | | System.Net.Sockets;Socket;ConnectAsync;(System.Net.Sockets.SocketAsyncEventArgs);Argument[this];Argument[0];taint;df-generated | | System.Net.Sockets;Socket;DisconnectAsync;(System.Net.Sockets.SocketAsyncEventArgs);Argument[this];Argument[0];taint;df-generated | -| System.Net.Sockets;Socket;EndReceiveFrom;(System.IAsyncResult,System.Net.EndPoint);Argument[1];ReturnValue;value;dfc-generated | -| System.Net.Sockets;Socket;EndReceiveMessageFrom;(System.IAsyncResult,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.Net.Sockets.IPPacketInformation);Argument[2];ReturnValue;value;dfc-generated | | System.Net.Sockets;Socket;ReceiveAsync;(System.Net.Sockets.SocketAsyncEventArgs);Argument[this];Argument[0];taint;df-generated | -| System.Net.Sockets;Socket;ReceiveFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint);Argument[4];ReturnValue;value;dfc-generated | -| System.Net.Sockets;Socket;ReceiveFrom;(System.Byte[],System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint);Argument[3];ReturnValue;value;dfc-generated | -| System.Net.Sockets;Socket;ReceiveFrom;(System.Byte[],System.Net.EndPoint);Argument[1];ReturnValue;value;dfc-generated | -| System.Net.Sockets;Socket;ReceiveFrom;(System.Byte[],System.Net.Sockets.SocketFlags,System.Net.EndPoint);Argument[2];ReturnValue;value;dfc-generated | -| System.Net.Sockets;Socket;ReceiveFrom;(System.Span,System.Net.EndPoint);Argument[1];ReturnValue;value;dfc-generated | -| System.Net.Sockets;Socket;ReceiveFrom;(System.Span,System.Net.Sockets.SocketFlags,System.Net.EndPoint);Argument[2];ReturnValue;value;dfc-generated | +| System.Net.Sockets;Socket;ReceiveFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint);Argument[4];Argument[this];taint;df-generated | +| System.Net.Sockets;Socket;ReceiveFrom;(System.Byte[],System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint);Argument[3];Argument[this];taint;df-generated | +| System.Net.Sockets;Socket;ReceiveFrom;(System.Byte[],System.Net.EndPoint);Argument[1];Argument[this];taint;df-generated | +| System.Net.Sockets;Socket;ReceiveFrom;(System.Byte[],System.Net.Sockets.SocketFlags,System.Net.EndPoint);Argument[2];Argument[this];taint;df-generated | +| System.Net.Sockets;Socket;ReceiveFrom;(System.Span,System.Net.EndPoint);Argument[1];Argument[this];taint;df-generated | +| System.Net.Sockets;Socket;ReceiveFrom;(System.Span,System.Net.Sockets.SocketFlags,System.Net.EndPoint);Argument[2];Argument[this];taint;df-generated | | System.Net.Sockets;Socket;ReceiveFromAsync;(System.Net.Sockets.SocketAsyncEventArgs);Argument[this];Argument[0];taint;df-generated | -| System.Net.Sockets;Socket;ReceiveMessageFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.Net.Sockets.IPPacketInformation);Argument[4];ReturnValue;value;dfc-generated | -| System.Net.Sockets;Socket;ReceiveMessageFrom;(System.Span,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.Net.Sockets.IPPacketInformation);Argument[2];ReturnValue;value;dfc-generated | +| System.Net.Sockets;Socket;ReceiveMessageFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.Net.Sockets.IPPacketInformation);Argument[4];Argument[this];taint;df-generated | +| System.Net.Sockets;Socket;ReceiveMessageFrom;(System.Span,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.Net.Sockets.IPPacketInformation);Argument[2];Argument[this];taint;df-generated | | System.Net.Sockets;Socket;ReceiveMessageFromAsync;(System.Net.Sockets.SocketAsyncEventArgs);Argument[this];Argument[0];taint;df-generated | | System.Net.Sockets;Socket;SendAsync;(System.Net.Sockets.SocketAsyncEventArgs);Argument[this];Argument[0];taint;df-generated | | System.Net.Sockets;Socket;SendPacketsAsync;(System.Net.Sockets.SocketAsyncEventArgs);Argument[this];Argument[0];taint;df-generated | @@ -15554,7 +15476,7 @@ summary | System.Numerics;BigInteger;CreateSaturating;(TOther);Argument[0];ReturnValue;value;dfc-generated | | System.Numerics;BigInteger;CreateTruncating;(TOther);Argument[0];ReturnValue;value;dfc-generated | | System.Numerics;BigInteger;DivRem;(System.Numerics.BigInteger,System.Numerics.BigInteger);Argument[0];ReturnValue.Field[System.ValueTuple`2.Item2];value;dfc-generated | -| System.Numerics;BigInteger;DivRem;(System.Numerics.BigInteger,System.Numerics.BigInteger,System.Numerics.BigInteger);Argument[0];ReturnValue;value;dfc-generated | +| System.Numerics;BigInteger;DivRem;(System.Numerics.BigInteger,System.Numerics.BigInteger,System.Numerics.BigInteger);Argument[0];Argument[2];value;dfc-generated | | System.Numerics;BigInteger;Max;(System.Numerics.BigInteger,System.Numerics.BigInteger);Argument[0];ReturnValue;value;dfc-generated | | System.Numerics;BigInteger;Max;(System.Numerics.BigInteger,System.Numerics.BigInteger);Argument[1];ReturnValue;value;dfc-generated | | System.Numerics;BigInteger;MaxMagnitude;(System.Numerics.BigInteger,System.Numerics.BigInteger);Argument[0];ReturnValue;value;dfc-generated | @@ -15620,7 +15542,6 @@ summary | System.Numerics;Vector;Round;(System.Numerics.Vector,System.MidpointRounding);Argument[0];ReturnValue;value;dfc-generated | | System.Numerics;Vector;Round;(System.Numerics.Vector);Argument[0];ReturnValue;value;dfc-generated | | System.Numerics;Vector;Round;(System.Numerics.Vector,System.MidpointRounding);Argument[0];ReturnValue;value;dfc-generated | -| System.Numerics;Vector;StoreUnsafe;(System.Numerics.Vector,T);Argument[1];ReturnValue;value;dfc-generated | | System.Numerics;Vector;Truncate;(System.Numerics.Vector);Argument[0];ReturnValue;value;dfc-generated | | System.Numerics;Vector;Truncate;(System.Numerics.Vector);Argument[0];ReturnValue;value;dfc-generated | | System.Numerics;Vector;WithElement;(System.Numerics.Vector,System.Int32,T);Argument[0];ReturnValue;value;dfc-generated | @@ -15867,6 +15788,7 @@ summary | System.Reflection.Emit;ParameterBuilder;get_Name;();Argument[this];ReturnValue;taint;df-generated | | System.Reflection.Emit;PersistedAssemblyBuilder;DefineDynamicModuleCore;(System.String);Argument[0];ReturnValue.SyntheticField[System.Reflection.Emit.ModuleBuilderImpl._name];value;dfc-generated | | System.Reflection.Emit;PersistedAssemblyBuilder;GenerateMetadata;(System.Reflection.Metadata.BlobBuilder,System.Reflection.Metadata.BlobBuilder);Argument[this];ReturnValue;taint;df-generated | +| System.Reflection.Emit;PersistedAssemblyBuilder;GenerateMetadata;(System.Reflection.Metadata.BlobBuilder,System.Reflection.Metadata.BlobBuilder,System.Reflection.Metadata.Ecma335.MetadataBuilder);Argument[this];Argument[2];taint;df-generated | | System.Reflection.Emit;PersistedAssemblyBuilder;GenerateMetadata;(System.Reflection.Metadata.BlobBuilder,System.Reflection.Metadata.BlobBuilder,System.Reflection.Metadata.Ecma335.MetadataBuilder);Argument[this];ReturnValue;taint;df-generated | | System.Reflection.Emit;PersistedAssemblyBuilder;PersistedAssemblyBuilder;(System.Reflection.AssemblyName,System.Reflection.Assembly,System.Collections.Generic.IEnumerable);Argument[1];Argument[this];taint;df-generated | | System.Reflection.Emit;PersistedAssemblyBuilder;get_FullName;();Argument[this];ReturnValue;taint;df-generated | @@ -16027,11 +15949,8 @@ summary | System.Reflection.Metadata.Ecma335;PortablePdbBuilder;Serialize;(System.Reflection.Metadata.BlobBuilder);Argument[this];ReturnValue;taint;df-generated | | System.Reflection.Metadata.Ecma335;ReturnTypeEncoder;ReturnTypeEncoder;(System.Reflection.Metadata.BlobBuilder);Argument[0];Argument[this].Property[System.Reflection.Metadata.Ecma335.ReturnTypeEncoder.Builder];value;dfc-generated | | System.Reflection.Metadata.Ecma335;ScalarEncoder;ScalarEncoder;(System.Reflection.Metadata.BlobBuilder);Argument[0];Argument[this].Property[System.Reflection.Metadata.Ecma335.ScalarEncoder.Builder];value;dfc-generated | -| System.Reflection.Metadata.Ecma335;SignatureDecoder;DecodeFieldSignature;(System.Reflection.Metadata.BlobReader);Argument[0];ReturnValue;value;dfc-generated | -| System.Reflection.Metadata.Ecma335;SignatureDecoder;DecodeLocalSignature;(System.Reflection.Metadata.BlobReader);Argument[0];ReturnValue;value;dfc-generated | -| System.Reflection.Metadata.Ecma335;SignatureDecoder;DecodeMethodSignature;(System.Reflection.Metadata.BlobReader);Argument[0];ReturnValue;value;dfc-generated | -| System.Reflection.Metadata.Ecma335;SignatureDecoder;DecodeMethodSpecificationSignature;(System.Reflection.Metadata.BlobReader);Argument[0];ReturnValue;value;dfc-generated | -| System.Reflection.Metadata.Ecma335;SignatureDecoder;DecodeType;(System.Reflection.Metadata.BlobReader,System.Boolean);Argument[0];ReturnValue;value;dfc-generated | +| System.Reflection.Metadata.Ecma335;SignatureDecoder;DecodeFieldSignature;(System.Reflection.Metadata.BlobReader);Argument[this];ReturnValue;taint;df-generated | +| System.Reflection.Metadata.Ecma335;SignatureDecoder;DecodeType;(System.Reflection.Metadata.BlobReader,System.Boolean);Argument[this];ReturnValue;taint;df-generated | | System.Reflection.Metadata.Ecma335;SignatureDecoder;SignatureDecoder;(System.Reflection.Metadata.ISignatureTypeProvider,System.Reflection.Metadata.MetadataReader,TGenericContext);Argument[0];Argument[this];taint;df-generated | | System.Reflection.Metadata.Ecma335;SignatureDecoder;SignatureDecoder;(System.Reflection.Metadata.ISignatureTypeProvider,System.Reflection.Metadata.MetadataReader,TGenericContext);Argument[1];Argument[this];taint;df-generated | | System.Reflection.Metadata.Ecma335;SignatureDecoder;SignatureDecoder;(System.Reflection.Metadata.ISignatureTypeProvider,System.Reflection.Metadata.MetadataReader,TGenericContext);Argument[2];Argument[this];taint;df-generated | @@ -16041,7 +15960,7 @@ summary | System.Reflection.Metadata.Ecma335;SignatureTypeEncoder;Array;(System.Action,System.Action);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Reflection.Metadata.Ecma335;SignatureTypeEncoder;Array;(System.Action,System.Action);Argument[this];Argument[0].Parameter[0];value;dfc-generated | | System.Reflection.Metadata.Ecma335;SignatureTypeEncoder;Array;(System.Action,System.Action);Argument[this];Argument[0].Parameter[0];value;hq-generated | -| System.Reflection.Metadata.Ecma335;SignatureTypeEncoder;Array;(System.Reflection.Metadata.Ecma335.SignatureTypeEncoder,System.Reflection.Metadata.Ecma335.ArrayShapeEncoder);Argument[this];ReturnValue;value;dfc-generated | +| System.Reflection.Metadata.Ecma335;SignatureTypeEncoder;Array;(System.Reflection.Metadata.Ecma335.SignatureTypeEncoder,System.Reflection.Metadata.Ecma335.ArrayShapeEncoder);Argument[this];Argument[0];value;dfc-generated | | System.Reflection.Metadata.Ecma335;SignatureTypeEncoder;Pointer;();Argument[this];ReturnValue;value;dfc-generated | | System.Reflection.Metadata.Ecma335;SignatureTypeEncoder;SZArray;();Argument[this];ReturnValue;value;dfc-generated | | System.Reflection.Metadata.Ecma335;SignatureTypeEncoder;SignatureTypeEncoder;(System.Reflection.Metadata.BlobBuilder);Argument[0];Argument[this].Property[System.Reflection.Metadata.Ecma335.SignatureTypeEncoder.Builder];value;dfc-generated | @@ -16082,7 +16001,6 @@ summary | System.Reflection.Metadata;BlobBuilder;LinkSuffix;(System.Reflection.Metadata.BlobBuilder);Argument[this];Argument[0];taint;df-generated | | System.Reflection.Metadata;BlobBuilder;ReserveBytes;(System.Int32);Argument[this];ReturnValue;taint;df-generated | | System.Reflection.Metadata;BlobBuilder;TryWriteBytes;(System.IO.Stream,System.Int32);Argument[0];Argument[this];taint;df-generated | -| System.Reflection.Metadata;BlobBuilder;WriteContentTo;(System.Reflection.Metadata.BlobWriter);Argument[0];ReturnValue;value;dfc-generated | | System.Reflection.Metadata;BlobContentId;BlobContentId;(System.Guid,System.UInt32);Argument[0];Argument[this].SyntheticField[System.Reflection.Metadata.BlobContentId._guid];value;dfc-generated | | System.Reflection.Metadata;BlobContentId;get_Guid;();Argument[this].SyntheticField[System.Reflection.Metadata.BlobContentId._guid];ReturnValue;value;dfc-generated | | System.Reflection.Metadata;BlobReader;ReadConstant;(System.Reflection.Metadata.ConstantTypeCode);Argument[this];ReturnValue;taint;df-generated | @@ -16434,8 +16352,8 @@ summary | System.Reflection.PortableExecutable;PEReader;PEReader;(System.IO.Stream,System.Reflection.PortableExecutable.PEStreamOptions,System.Int32);Argument[0];Argument[this];taint;df-generated | | System.Reflection.PortableExecutable;PEReader;TryOpenAssociatedPortablePdb;(System.String,System.Func,System.Reflection.Metadata.MetadataReaderProvider,System.String);Argument[0];Argument[1].Parameter[0];taint;dfc-generated | | System.Reflection.PortableExecutable;PEReader;TryOpenAssociatedPortablePdb;(System.String,System.Func,System.Reflection.Metadata.MetadataReaderProvider,System.String);Argument[0];Argument[1].Parameter[0];taint;hq-generated | -| System.Reflection.PortableExecutable;PEReader;TryOpenAssociatedPortablePdb;(System.String,System.Func,System.Reflection.Metadata.MetadataReaderProvider,System.String);Argument[0];ReturnValue;taint;dfc-generated | -| System.Reflection.PortableExecutable;PEReader;TryOpenAssociatedPortablePdb;(System.String,System.Func,System.Reflection.Metadata.MetadataReaderProvider,System.String);Argument[0];ReturnValue;taint;hq-generated | +| System.Reflection.PortableExecutable;PEReader;TryOpenAssociatedPortablePdb;(System.String,System.Func,System.Reflection.Metadata.MetadataReaderProvider,System.String);Argument[0];Argument[3];taint;dfc-generated | +| System.Reflection.PortableExecutable;PEReader;TryOpenAssociatedPortablePdb;(System.String,System.Func,System.Reflection.Metadata.MetadataReaderProvider,System.String);Argument[0];Argument[3];taint;hq-generated | | System.Reflection.PortableExecutable;PEReader;TryOpenAssociatedPortablePdb;(System.String,System.Func,System.Reflection.Metadata.MetadataReaderProvider,System.String);Argument[1];Argument[1].Parameter[delegate-self];value;dfc-generated | | System.Reflection.PortableExecutable;PEReader;TryOpenAssociatedPortablePdb;(System.String,System.Func,System.Reflection.Metadata.MetadataReaderProvider,System.String);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Reflection.PortableExecutable;PEReader;get_PEHeaders;();Argument[this];ReturnValue;taint;df-generated | @@ -16476,11 +16394,7 @@ summary | System.Reflection;AssemblyName;get_EscapedCodeBase;();Argument[this];ReturnValue;taint;df-generated | | System.Reflection;Binder;BindToField;(System.Reflection.BindingFlags,System.Reflection.FieldInfo[],System.Object,System.Globalization.CultureInfo);Argument[1].Element;ReturnValue;value;dfc-generated | | System.Reflection;Binder;BindToMethod;(System.Reflection.BindingFlags,System.Reflection.MethodBase[],System.Object[],System.Reflection.ParameterModifier[],System.Globalization.CultureInfo,System.String[],System.Object);Argument[1].Element;ReturnValue;value;dfc-generated | -| System.Reflection;Binder;BindToMethod;(System.Reflection.BindingFlags,System.Reflection.MethodBase[],System.Object[],System.Reflection.ParameterModifier[],System.Globalization.CultureInfo,System.String[],System.Object);Argument[2].Element;ReturnValue.Element;value;dfc-generated | -| System.Reflection;Binder;BindToMethod;(System.Reflection.BindingFlags,System.Reflection.MethodBase[],System.Object[],System.Reflection.ParameterModifier[],System.Globalization.CultureInfo,System.String[],System.Object);Argument[2];ReturnValue;value;dfc-generated | | System.Reflection;Binder;ReorderArgumentArray;(System.Object[],System.Object);Argument[0].Element.Element;Argument[0].Element;value;dfc-generated | -| System.Reflection;Binder;ReorderArgumentArray;(System.Object[],System.Object);Argument[0].Element.Element;ReturnValue.Element;value;dfc-generated | -| System.Reflection;Binder;ReorderArgumentArray;(System.Object[],System.Object);Argument[0];ReturnValue;value;dfc-generated | | System.Reflection;Binder;SelectMethod;(System.Reflection.BindingFlags,System.Reflection.MethodBase[],System.Type[],System.Reflection.ParameterModifier[]);Argument[1].Element;ReturnValue;value;dfc-generated | | System.Reflection;Binder;SelectProperty;(System.Reflection.BindingFlags,System.Reflection.PropertyInfo[],System.Type,System.Type[],System.Reflection.ParameterModifier[]);Argument[1].Element;ReturnValue;value;dfc-generated | | System.Reflection;ConstructorInvoker;Invoke;();Argument[this];ReturnValue;taint;df-generated | @@ -16700,7 +16614,7 @@ summary | System.Resources;ResourceManager;ResourceManager;(System.String,System.Reflection.Assembly,System.Type);Argument[1];Argument[this].Field[System.Resources.ResourceManager.MainAssembly];value;dfc-generated | | System.Resources;ResourceReader;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual | | System.Resources;ResourceReader;GetEnumerator;();Argument[this];ReturnValue;taint;df-generated | -| System.Resources;ResourceReader;GetResourceData;(System.String,System.String,System.Byte[]);Argument[this];ReturnValue;taint;df-generated | +| System.Resources;ResourceReader;GetResourceData;(System.String,System.String,System.Byte[]);Argument[this];Argument[1];taint;df-generated | | System.Resources;ResourceReader;ResourceReader;(System.IO.Stream);Argument[0];Argument[this];taint;df-generated | | System.Resources;ResourceSet;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual | | System.Resources;ResourceSet;GetEnumerator;();Argument[this];ReturnValue;taint;df-generated | @@ -16710,41 +16624,21 @@ summary | System.Resources;ResourceWriter;ResourceWriter;(System.IO.Stream);Argument[0];Argument[this];taint;df-generated | | System.Resources;ResourceWriter;ResourceWriter;(System.String);Argument[0];Argument[this];taint;df-generated | | System.Resources;ResourceWriter;set_TypeNameConverter;(System.Func);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | -| System.Runtime.CompilerServices;AsyncIteratorMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncIteratorMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncIteratorMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncIteratorMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncIteratorMethodBuilder;MoveNext;(TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;Start;(TStateMachine);Argument[0];ReturnValue;value;dfc-generated | +| System.Runtime.CompilerServices;AsyncIteratorMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | +| System.Runtime.CompilerServices;AsyncIteratorMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | +| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | +| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | | System.Runtime.CompilerServices;AsyncTaskMethodBuilder;get_Task;();Argument[this];ReturnValue;taint;df-generated | -| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | +| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | +| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | | System.Runtime.CompilerServices;AsyncTaskMethodBuilder;SetResult;(TResult);Argument[0];Argument[this].SyntheticField[System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1.m_task].Property[System.Threading.Tasks.Task`1.Result];value;dfc-generated | -| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;Start;(TStateMachine);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.CompilerServices;AsyncTaskMethodBuilder;get_Task;();Argument[this].SyntheticField[System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1.m_task];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;Start;(TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | +| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | +| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | +| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | +| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | | System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;SetResult;(TResult);Argument[0];Argument[this];taint;df-generated | -| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;Start;(TStateMachine);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;get_Task;();Argument[this];ReturnValue;taint;df-generated | -| System.Runtime.CompilerServices;AsyncVoidMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncVoidMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncVoidMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncVoidMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncVoidMethodBuilder;Start;(TStateMachine);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.CompilerServices;CallSite;get_Binder;();Argument[this];ReturnValue;taint;df-generated | | System.Runtime.CompilerServices;ConditionalWeakTable+CreateValueCallback;BeginInvoke;(TKey,System.AsyncCallback,System.Object);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Runtime.CompilerServices;ConditionalWeakTable;Clear;();Argument[this].WithoutElement;Argument[this];value;manual | @@ -16787,17 +16681,11 @@ summary | System.Runtime.CompilerServices;IRuntimeVariables;get_Item;(System.Int32);Argument[this];ReturnValue;taint;df-generated | | System.Runtime.CompilerServices;ITuple;get_Item;(System.Int32);Argument[this];ReturnValue;taint;df-generated | | System.Runtime.CompilerServices;NullableAttribute;NullableAttribute;(System.Byte[]);Argument[0];Argument[this].Field[System.Runtime.CompilerServices.NullableAttribute.NullableFlags];value;dfc-generated | -| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;Start;(TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | +| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | +| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | +| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | +| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | | System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;SetResult;(TResult);Argument[0];Argument[this];taint;df-generated | -| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;Start;(TStateMachine);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;get_Task;();Argument[this];ReturnValue;taint;df-generated | | System.Runtime.CompilerServices;ReadOnlyCollectionBuilder;Add;(System.Object);Argument[0];Argument[this].Element;value;manual | | System.Runtime.CompilerServices;ReadOnlyCollectionBuilder;Add;(T);Argument[0];Argument[this].Element;value;manual | @@ -16838,15 +16726,6 @@ summary | System.Runtime.CompilerServices;TaskAwaiter;UnsafeOnCompleted;(System.Action);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Runtime.CompilerServices;TupleElementNamesAttribute;TupleElementNamesAttribute;(System.String[]);Argument[0];Argument[this].SyntheticField[System.Runtime.CompilerServices.TupleElementNamesAttribute._transformNames];value;dfc-generated | | System.Runtime.CompilerServices;TupleElementNamesAttribute;get_TransformNames;();Argument[this].SyntheticField[System.Runtime.CompilerServices.TupleElementNamesAttribute._transformNames];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;Unsafe;Add;(T,System.Int32);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;Unsafe;Add;(T,System.IntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;Unsafe;Add;(T,System.UIntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;Unsafe;AddByteOffset;(T,System.UIntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;Unsafe;Copy;(T,System.Void*);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;Unsafe;Subtract;(T,System.Int32);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;Unsafe;Subtract;(T,System.IntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;Unsafe;Subtract;(T,System.UIntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;Unsafe;SubtractByteOffset;(T,System.UIntPtr);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.CompilerServices;ValueTaskAwaiter;OnCompleted;(System.Action);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Runtime.CompilerServices;ValueTaskAwaiter;UnsafeOnCompleted;(System.Action);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Runtime.CompilerServices;ValueTaskAwaiter;GetResult;();Argument[this];ReturnValue;taint;df-generated | @@ -16951,8 +16830,8 @@ summary | System.Runtime.InteropServices.Marshalling;SpanMarshaller;GetManagedValuesDestination;(System.Span);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.InteropServices.Marshalling;StrategyBasedComWrappers;CreateObject;(System.IntPtr,System.Runtime.InteropServices.CreateObjectFlags);Argument[0];ReturnValue;taint;df-generated | | System.Runtime.InteropServices.Marshalling;Utf8StringMarshaller+ManagedToUnmanagedIn;ToUnmanaged;();Argument[this];ReturnValue;taint;df-generated | -| System.Runtime.InteropServices.Marshalling;VirtualMethodTableInfo;Deconstruct;(System.Void*,System.Void**);Argument[this].Property[System.Runtime.InteropServices.Marshalling.VirtualMethodTableInfo.ThisPointer];ReturnValue;value;dfc-generated | -| System.Runtime.InteropServices.Marshalling;VirtualMethodTableInfo;Deconstruct;(System.Void*,System.Void**);Argument[this].Property[System.Runtime.InteropServices.Marshalling.VirtualMethodTableInfo.VirtualMethodTable];ReturnValue;value;dfc-generated | +| System.Runtime.InteropServices.Marshalling;VirtualMethodTableInfo;Deconstruct;(System.Void*,System.Void**);Argument[this].Property[System.Runtime.InteropServices.Marshalling.VirtualMethodTableInfo.ThisPointer];Argument[0];value;dfc-generated | +| System.Runtime.InteropServices.Marshalling;VirtualMethodTableInfo;Deconstruct;(System.Void*,System.Void**);Argument[this].Property[System.Runtime.InteropServices.Marshalling.VirtualMethodTableInfo.VirtualMethodTable];Argument[1];value;dfc-generated | | System.Runtime.InteropServices.Marshalling;VirtualMethodTableInfo;VirtualMethodTableInfo;(System.Void*,System.Void**);Argument[0];Argument[this].Property[System.Runtime.InteropServices.Marshalling.VirtualMethodTableInfo.ThisPointer];value;dfc-generated | | System.Runtime.InteropServices.Marshalling;VirtualMethodTableInfo;VirtualMethodTableInfo;(System.Void*,System.Void**);Argument[1];Argument[this].Property[System.Runtime.InteropServices.Marshalling.VirtualMethodTableInfo.VirtualMethodTable];value;dfc-generated | | System.Runtime.InteropServices.ObjectiveC;ObjectiveCMarshal+UnhandledExceptionPropagationHandler;BeginInvoke;(System.Exception,System.RuntimeMethodHandle,System.IntPtr,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;hq-generated | @@ -16989,11 +16868,10 @@ summary | System.Runtime.InteropServices;ManagedToNativeComInteropStubAttribute;ManagedToNativeComInteropStubAttribute;(System.Type,System.String);Argument[1];Argument[this].Property[System.Runtime.InteropServices.ManagedToNativeComInteropStubAttribute.MethodName];value;dfc-generated | | System.Runtime.InteropServices;Marshal;InitHandle;(System.Runtime.InteropServices.SafeHandle,System.IntPtr);Argument[1];Argument[0].Field[System.Runtime.InteropServices.SafeHandle.handle];value;dfc-generated | | System.Runtime.InteropServices;MemoryMarshal;CreateFromPinnedArray;(T[],System.Int32,System.Int32);Argument[0].Element;ReturnValue;taint;df-generated | -| System.Runtime.InteropServices;MemoryMarshal;CreateSpan;(T,System.Int32);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.InteropServices;MemoryMarshal;ToEnumerable;(System.ReadOnlyMemory);Argument[0].Property[System.ReadOnlyMemory`1.Span].Element;ReturnValue.Element;value;dfc-generated | -| System.Runtime.InteropServices;MemoryMarshal;TryGetMemoryManager;(System.ReadOnlyMemory,TManager);Argument[0];ReturnValue;taint;df-generated | -| System.Runtime.InteropServices;MemoryMarshal;TryGetMemoryManager;(System.ReadOnlyMemory,TManager,System.Int32,System.Int32);Argument[0];ReturnValue;taint;df-generated | -| System.Runtime.InteropServices;MemoryMarshal;TryGetString;(System.ReadOnlyMemory,System.String,System.Int32,System.Int32);Argument[0].SyntheticField[System.ReadOnlyMemory`1._object];ReturnValue;value;dfc-generated | +| System.Runtime.InteropServices;MemoryMarshal;TryGetMemoryManager;(System.ReadOnlyMemory,TManager);Argument[0];Argument[1];taint;df-generated | +| System.Runtime.InteropServices;MemoryMarshal;TryGetMemoryManager;(System.ReadOnlyMemory,TManager,System.Int32,System.Int32);Argument[0];Argument[1];taint;df-generated | +| System.Runtime.InteropServices;MemoryMarshal;TryGetString;(System.ReadOnlyMemory,System.String,System.Int32,System.Int32);Argument[0].SyntheticField[System.ReadOnlyMemory`1._object];Argument[1];value;dfc-generated | | System.Runtime.InteropServices;NFloat;Clamp;(System.Runtime.InteropServices.NFloat,System.Runtime.InteropServices.NFloat,System.Runtime.InteropServices.NFloat);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.InteropServices;NFloat;Clamp;(System.Runtime.InteropServices.NFloat,System.Runtime.InteropServices.NFloat,System.Runtime.InteropServices.NFloat);Argument[1];ReturnValue;value;dfc-generated | | System.Runtime.InteropServices;NFloat;Clamp;(System.Runtime.InteropServices.NFloat,System.Runtime.InteropServices.NFloat,System.Runtime.InteropServices.NFloat);Argument[2];ReturnValue;value;dfc-generated | @@ -17020,13 +16898,12 @@ summary | System.Runtime.InteropServices;OSPlatform;Create;(System.String);Argument[0];ReturnValue.SyntheticField[System.Runtime.InteropServices.OSPlatform.Name];value;dfc-generated | | System.Runtime.InteropServices;OSPlatform;ToString;();Argument[this].SyntheticField[System.Runtime.InteropServices.OSPlatform.Name];ReturnValue;value;dfc-generated | | System.Runtime.InteropServices;PosixSignalRegistration;Create;(System.Runtime.InteropServices.PosixSignal,System.Action);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | -| System.Runtime.InteropServices;SafeBuffer;AcquirePointer;(System.Byte*);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.InteropServices;SafeHandle;DangerousGetHandle;();Argument[this].Field[System.Runtime.InteropServices.SafeHandle.handle];ReturnValue;value;dfc-generated | | System.Runtime.InteropServices;SafeHandle;SafeHandle;(System.IntPtr,System.Boolean);Argument[0];Argument[this].Field[System.Runtime.InteropServices.SafeHandle.handle];value;dfc-generated | | System.Runtime.InteropServices;SafeHandle;SetHandle;(System.IntPtr);Argument[0];Argument[this].Field[System.Runtime.InteropServices.SafeHandle.handle];value;dfc-generated | -| System.Runtime.InteropServices;SequenceMarshal;TryGetReadOnlyMemory;(System.Buffers.ReadOnlySequence,System.ReadOnlyMemory);Argument[0].Property[System.Buffers.ReadOnlySequence`1.First];ReturnValue;value;dfc-generated | -| System.Runtime.InteropServices;SequenceMarshal;TryGetReadOnlySequenceSegment;(System.Buffers.ReadOnlySequence,System.Buffers.ReadOnlySequenceSegment,System.Int32,System.Buffers.ReadOnlySequenceSegment,System.Int32);Argument[0];ReturnValue;taint;df-generated | -| System.Runtime.InteropServices;SequenceMarshal;TryRead;(System.Buffers.SequenceReader,T);Argument[0];ReturnValue;value;dfc-generated | +| System.Runtime.InteropServices;SequenceMarshal;TryGetReadOnlyMemory;(System.Buffers.ReadOnlySequence,System.ReadOnlyMemory);Argument[0].Property[System.Buffers.ReadOnlySequence`1.First];Argument[1];value;dfc-generated | +| System.Runtime.InteropServices;SequenceMarshal;TryGetReadOnlySequenceSegment;(System.Buffers.ReadOnlySequence,System.Buffers.ReadOnlySequenceSegment,System.Int32,System.Buffers.ReadOnlySequenceSegment,System.Int32);Argument[0];Argument[1];taint;df-generated | +| System.Runtime.InteropServices;SequenceMarshal;TryGetReadOnlySequenceSegment;(System.Buffers.ReadOnlySequence,System.Buffers.ReadOnlySequenceSegment,System.Int32,System.Buffers.ReadOnlySequenceSegment,System.Int32);Argument[0];Argument[3];taint;df-generated | | System.Runtime.Intrinsics;Vector64;Abs;(System.Runtime.Intrinsics.Vector64);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector64;Ceiling;(System.Runtime.Intrinsics.Vector64);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector64;Ceiling;(System.Runtime.Intrinsics.Vector64);Argument[0];ReturnValue;value;dfc-generated | @@ -17037,7 +16914,6 @@ summary | System.Runtime.Intrinsics;Vector64;Round;(System.Runtime.Intrinsics.Vector64,System.MidpointRounding);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector64;Round;(System.Runtime.Intrinsics.Vector64);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector64;Round;(System.Runtime.Intrinsics.Vector64,System.MidpointRounding);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.Intrinsics;Vector64;StoreUnsafe;(System.Runtime.Intrinsics.Vector64,T);Argument[1];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector64;Truncate;(System.Runtime.Intrinsics.Vector64);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector64;Truncate;(System.Runtime.Intrinsics.Vector64);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector64;WithElement;(System.Runtime.Intrinsics.Vector64,System.Int32,T);Argument[0];ReturnValue;value;dfc-generated | @@ -17054,7 +16930,6 @@ summary | System.Runtime.Intrinsics;Vector128;Round;(System.Runtime.Intrinsics.Vector128,System.MidpointRounding);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector128;Round;(System.Runtime.Intrinsics.Vector128);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector128;Round;(System.Runtime.Intrinsics.Vector128,System.MidpointRounding);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.Intrinsics;Vector128;StoreUnsafe;(System.Runtime.Intrinsics.Vector128,T);Argument[1];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector128;Truncate;(System.Runtime.Intrinsics.Vector128);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector128;Truncate;(System.Runtime.Intrinsics.Vector128);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector128;WithElement;(System.Runtime.Intrinsics.Vector128,System.Int32,T);Argument[0];ReturnValue;value;dfc-generated | @@ -17073,7 +16948,6 @@ summary | System.Runtime.Intrinsics;Vector256;Round;(System.Runtime.Intrinsics.Vector256,System.MidpointRounding);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector256;Round;(System.Runtime.Intrinsics.Vector256);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector256;Round;(System.Runtime.Intrinsics.Vector256,System.MidpointRounding);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.Intrinsics;Vector256;StoreUnsafe;(System.Runtime.Intrinsics.Vector256,T);Argument[1];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector256;Truncate;(System.Runtime.Intrinsics.Vector256);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector256;Truncate;(System.Runtime.Intrinsics.Vector256);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector256;WithElement;(System.Runtime.Intrinsics.Vector256,System.Int32,T);Argument[0];ReturnValue;value;dfc-generated | @@ -17092,7 +16966,6 @@ summary | System.Runtime.Intrinsics;Vector512;Round;(System.Runtime.Intrinsics.Vector512,System.MidpointRounding);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector512;Round;(System.Runtime.Intrinsics.Vector512);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector512;Round;(System.Runtime.Intrinsics.Vector512,System.MidpointRounding);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.Intrinsics;Vector512;StoreUnsafe;(System.Runtime.Intrinsics.Vector512,T);Argument[1];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector512;Truncate;(System.Runtime.Intrinsics.Vector512);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector512;Truncate;(System.Runtime.Intrinsics.Vector512);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector512;WithElement;(System.Runtime.Intrinsics.Vector512,System.Int32,T);Argument[0];ReturnValue;value;dfc-generated | @@ -17115,7 +16988,9 @@ summary | System.Runtime.Loader;AssemblyLoadContext;remove_Unloading;(System.Action);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Runtime.Remoting;ObjectHandle;ObjectHandle;(System.Object);Argument[0];Argument[this].SyntheticField[System.Runtime.Remoting.ObjectHandle._wrappedObject];value;dfc-generated | | System.Runtime.Remoting;ObjectHandle;Unwrap;();Argument[this].SyntheticField[System.Runtime.Remoting.ObjectHandle._wrappedObject];ReturnValue;value;dfc-generated | -| System.Runtime.Serialization.DataContracts;DataContract;IsDictionaryLike;(System.String,System.String,System.String);Argument[this];ReturnValue;taint;df-generated | +| System.Runtime.Serialization.DataContracts;DataContract;IsDictionaryLike;(System.String,System.String,System.String);Argument[this];Argument[0];taint;df-generated | +| System.Runtime.Serialization.DataContracts;DataContract;IsDictionaryLike;(System.String,System.String,System.String);Argument[this];Argument[1];taint;df-generated | +| System.Runtime.Serialization.DataContracts;DataContract;IsDictionaryLike;(System.String,System.String,System.String);Argument[this];Argument[2];taint;df-generated | | System.Runtime.Serialization.DataContracts;DataContract;get_BaseContract;();Argument[this];ReturnValue;taint;df-generated | | System.Runtime.Serialization.DataContracts;DataContract;get_DataMembers;();Argument[this];ReturnValue;taint;df-generated | | System.Runtime.Serialization.DataContracts;DataContractSet;DataContractSet;(System.Runtime.Serialization.DataContracts.DataContractSet);Argument[0];Argument[this];taint;df-generated | @@ -17165,7 +17040,7 @@ summary | System.Runtime.Serialization;IFormatterConverter;ToString;(System.Object);Argument[0];ReturnValue;taint;dfc-generated | | System.Runtime.Serialization;IObjectReference;GetRealObject;(System.Runtime.Serialization.StreamingContext);Argument[this];ReturnValue;taint;df-generated | | System.Runtime.Serialization;ISerializable;GetObjectData;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);Argument[this];Argument[0];taint;df-generated | -| System.Runtime.Serialization;ISurrogateSelector;GetSurrogate;(System.Type,System.Runtime.Serialization.StreamingContext,System.Runtime.Serialization.ISurrogateSelector);Argument[this];ReturnValue;value;dfc-generated | +| System.Runtime.Serialization;ISurrogateSelector;GetSurrogate;(System.Type,System.Runtime.Serialization.StreamingContext,System.Runtime.Serialization.ISurrogateSelector);Argument[this];Argument[2];value;dfc-generated | | System.Runtime.Serialization;KnownTypeAttribute;KnownTypeAttribute;(System.String);Argument[0];Argument[this].Property[System.Runtime.Serialization.KnownTypeAttribute.MethodName];value;dfc-generated | | System.Runtime.Serialization;ObjectIDGenerator;GetId;(System.Object,System.Boolean);Argument[0];Argument[this];taint;df-generated | | System.Runtime.Serialization;ObjectManager;GetObject;(System.Int64);Argument[this];ReturnValue;taint;df-generated | @@ -17211,8 +17086,8 @@ summary | System.Runtime.Serialization;StreamingContext;get_Context;();Argument[this].SyntheticField[System.Runtime.Serialization.StreamingContext._additionalContext];ReturnValue;value;dfc-generated | | System.Runtime.Serialization;SurrogateSelector;ChainSelector;(System.Runtime.Serialization.ISurrogateSelector);Argument[0];Argument[this].SyntheticField[System.Runtime.Serialization.SurrogateSelector._nextSelector];value;dfc-generated | | System.Runtime.Serialization;SurrogateSelector;GetNextSelector;();Argument[this].SyntheticField[System.Runtime.Serialization.SurrogateSelector._nextSelector];ReturnValue;value;dfc-generated | -| System.Runtime.Serialization;SurrogateSelector;GetSurrogate;(System.Type,System.Runtime.Serialization.StreamingContext,System.Runtime.Serialization.ISurrogateSelector);Argument[this].SyntheticField[System.Runtime.Serialization.SurrogateSelector._nextSelector];ReturnValue;value;dfc-generated | -| System.Runtime.Serialization;SurrogateSelector;GetSurrogate;(System.Type,System.Runtime.Serialization.StreamingContext,System.Runtime.Serialization.ISurrogateSelector);Argument[this];ReturnValue;value;dfc-generated | +| System.Runtime.Serialization;SurrogateSelector;GetSurrogate;(System.Type,System.Runtime.Serialization.StreamingContext,System.Runtime.Serialization.ISurrogateSelector);Argument[this].SyntheticField[System.Runtime.Serialization.SurrogateSelector._nextSelector];Argument[2];value;dfc-generated | +| System.Runtime.Serialization;SurrogateSelector;GetSurrogate;(System.Type,System.Runtime.Serialization.StreamingContext,System.Runtime.Serialization.ISurrogateSelector);Argument[this];Argument[2];value;dfc-generated | | System.Runtime.Serialization;XPathQueryGenerator;CreateFromDataContractSerializer;(System.Type,System.Reflection.MemberInfo[],System.Text.StringBuilder,System.Xml.XmlNamespaceManager);Argument[2];ReturnValue;taint;dfc-generated | | System.Runtime.Serialization;XmlSerializableServices;WriteNodes;(System.Xml.XmlWriter,System.Xml.XmlNode[]);Argument[1].Element;Argument[0];taint;df-generated | | System.Runtime.Serialization;XsdDataContractExporter;XsdDataContractExporter;(System.Xml.Schema.XmlSchemaSet);Argument[0];Argument[this].SyntheticField[System.Runtime.Serialization.XsdDataContractExporter._schemas];value;dfc-generated | @@ -17531,7 +17406,7 @@ summary | System.Security.Cryptography.Xml;SignedInfo;get_References;();Argument[this].SyntheticField[System.Security.Cryptography.Xml.SignedInfo._references];ReturnValue;value;dfc-generated | | System.Security.Cryptography.Xml;SignedInfo;get_SyncRoot;();Argument[this];ReturnValue;value;dfc-generated | | System.Security.Cryptography.Xml;SignedXml;CheckSignature;(System.Security.Cryptography.KeyedHashAlgorithm);Argument[0];Argument[this];taint;df-generated | -| System.Security.Cryptography.Xml;SignedXml;CheckSignatureReturningKey;(System.Security.Cryptography.AsymmetricAlgorithm);Argument[this];ReturnValue;taint;df-generated | +| System.Security.Cryptography.Xml;SignedXml;CheckSignatureReturningKey;(System.Security.Cryptography.AsymmetricAlgorithm);Argument[this];Argument[0];taint;df-generated | | System.Security.Cryptography.Xml;SignedXml;ComputeSignature;(System.Security.Cryptography.KeyedHashAlgorithm);Argument[0];Argument[this];taint;df-generated | | System.Security.Cryptography.Xml;SignedXml;GetIdElement;(System.Xml.XmlDocument,System.String);Argument[0].Element;ReturnValue;taint;df-generated | | System.Security.Cryptography.Xml;SignedXml;GetPublicKey;();Argument[this];ReturnValue;taint;df-generated | @@ -18013,7 +17888,6 @@ summary | System.Text.Json.Nodes;JsonNode;AsValue;();Argument[this];ReturnValue;value;dfc-generated | | System.Text.Json.Nodes;JsonNode;DeepClone;();Argument[this];ReturnValue;taint;df-generated | | System.Text.Json.Nodes;JsonNode;GetValue;();Argument[this];ReturnValue;taint;df-generated | -| System.Text.Json.Nodes;JsonNode;Parse;(System.Text.Json.Utf8JsonReader,System.Nullable);Argument[0];ReturnValue;value;dfc-generated | | System.Text.Json.Nodes;JsonNode;ReplaceWith;(T);Argument[this];Argument[0];taint;df-generated | | System.Text.Json.Nodes;JsonNode;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.Text.Json.Nodes;JsonNode;get_Item;(System.Int32);Argument[this].Element;ReturnValue;value;manual | @@ -18040,7 +17914,7 @@ summary | System.Text.Json.Nodes;JsonObject;get_Values;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue.Element;value;manual | | System.Text.Json.Nodes;JsonObject;set_Item;(System.Int32,System.Collections.Generic.KeyValuePair);Argument[1];Argument[this].Element;value;manual | | System.Text.Json.Nodes;JsonValue;Create;(T,System.Text.Json.Serialization.Metadata.JsonTypeInfo,System.Nullable);Argument[1];ReturnValue;taint;df-generated | -| System.Text.Json.Nodes;JsonValue;TryGetValue;(T);Argument[this];ReturnValue;taint;df-generated | +| System.Text.Json.Nodes;JsonValue;TryGetValue;(T);Argument[this];Argument[0];taint;df-generated | | System.Text.Json.Schema;JsonSchemaExporterOptions;set_TransformSchemaNode;(System.Func);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Text.Json.Serialization.Metadata;DefaultJsonTypeInfoResolver;GetTypeInfo;(System.Type,System.Text.Json.JsonSerializerOptions);Argument[1];ReturnValue;taint;df-generated | | System.Text.Json.Serialization.Metadata;DefaultJsonTypeInfoResolver;GetTypeInfo;(System.Type,System.Text.Json.JsonSerializerOptions);Argument[this];ReturnValue;taint;df-generated | @@ -18103,7 +17977,6 @@ summary | System.Text.Json.Serialization.Metadata;JsonTypeInfoResolver;Combine;(System.Text.Json.Serialization.Metadata.IJsonTypeInfoResolver[]);Argument[0].Element;ReturnValue;taint;df-generated | | System.Text.Json.Serialization.Metadata;JsonTypeInfoResolver;WithAddedModifier;(System.Text.Json.Serialization.Metadata.IJsonTypeInfoResolver,System.Action);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Text.Json.Serialization;JsonConverter;ReadAsPropertyName;(System.Text.Json.Utf8JsonReader,System.Type,System.Text.Json.JsonSerializerOptions);Argument[0].Property[System.Text.Json.Utf8JsonReader.ValueSpan].Element;ReturnValue;taint;dfc-generated | -| System.Text.Json.Serialization;JsonConverter;ReadAsPropertyName;(System.Text.Json.Utf8JsonReader,System.Type,System.Text.Json.JsonSerializerOptions);Argument[0];ReturnValue;value;dfc-generated | | System.Text.Json.Serialization;JsonConverterFactory;CreateConverter;(System.Type,System.Text.Json.JsonSerializerOptions);Argument[this];ReturnValue;taint;df-generated | | System.Text.Json.Serialization;JsonDerivedTypeAttribute;JsonDerivedTypeAttribute;(System.Type,System.String);Argument[1];Argument[this].Property[System.Text.Json.Serialization.JsonDerivedTypeAttribute.TypeDiscriminator];value;dfc-generated | | System.Text.Json.Serialization;JsonNumberEnumConverter;CreateConverter;(System.Type,System.Text.Json.JsonSerializerOptions);Argument[this];ReturnValue;taint;df-generated | @@ -18119,8 +17992,6 @@ summary | System.Text.Json.Serialization;JsonStringEnumMemberNameAttribute;JsonStringEnumMemberNameAttribute;(System.String);Argument[0];Argument[this].Property[System.Text.Json.Serialization.JsonStringEnumMemberNameAttribute.Name];value;dfc-generated | | System.Text.Json;JsonDocument;Parse;(System.Buffers.ReadOnlySequence,System.Text.Json.JsonDocumentOptions);Argument[0];ReturnValue;taint;df-generated | | System.Text.Json;JsonDocument;Parse;(System.ReadOnlyMemory,System.Text.Json.JsonDocumentOptions);Argument[0];ReturnValue;taint;df-generated | -| System.Text.Json;JsonDocument;ParseValue;(System.Text.Json.Utf8JsonReader);Argument[0];ReturnValue;value;dfc-generated | -| System.Text.Json;JsonDocument;TryParseValue;(System.Text.Json.Utf8JsonReader,System.Text.Json.JsonDocument);Argument[0];ReturnValue;value;dfc-generated | | System.Text.Json;JsonDocument;get_RootElement;();Argument[this];ReturnValue;taint;df-generated | | System.Text.Json;JsonElement+ArrayEnumerator;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.Generic.IEnumerator`1.Current];value;manual | | System.Text.Json;JsonElement+ArrayEnumerator;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual | @@ -18142,11 +18013,9 @@ summary | System.Text.Json;JsonElement;GetProperty;(System.ReadOnlySpan);Argument[this];ReturnValue;taint;df-generated | | System.Text.Json;JsonElement;GetProperty;(System.ReadOnlySpan);Argument[this];ReturnValue;taint;df-generated | | System.Text.Json;JsonElement;GetProperty;(System.String);Argument[this];ReturnValue;taint;df-generated | -| System.Text.Json;JsonElement;ParseValue;(System.Text.Json.Utf8JsonReader);Argument[0];ReturnValue;value;dfc-generated | -| System.Text.Json;JsonElement;TryGetProperty;(System.ReadOnlySpan,System.Text.Json.JsonElement);Argument[this];ReturnValue;taint;df-generated | -| System.Text.Json;JsonElement;TryGetProperty;(System.ReadOnlySpan,System.Text.Json.JsonElement);Argument[this];ReturnValue;taint;df-generated | -| System.Text.Json;JsonElement;TryGetProperty;(System.String,System.Text.Json.JsonElement);Argument[this];ReturnValue;taint;df-generated | -| System.Text.Json;JsonElement;TryParseValue;(System.Text.Json.Utf8JsonReader,System.Nullable);Argument[0];ReturnValue;value;dfc-generated | +| System.Text.Json;JsonElement;TryGetProperty;(System.ReadOnlySpan,System.Text.Json.JsonElement);Argument[this];Argument[1];taint;df-generated | +| System.Text.Json;JsonElement;TryGetProperty;(System.ReadOnlySpan,System.Text.Json.JsonElement);Argument[this];Argument[1];taint;df-generated | +| System.Text.Json;JsonElement;TryGetProperty;(System.String,System.Text.Json.JsonElement);Argument[this];Argument[1];taint;df-generated | | System.Text.Json;JsonElement;get_Item;(System.Int32);Argument[this];ReturnValue;taint;df-generated | | System.Text.Json;JsonEncodedText;Encode;(System.ReadOnlySpan,System.Text.Encodings.Web.JavaScriptEncoder);Argument[0];ReturnValue;taint;df-generated | | System.Text.Json;JsonEncodedText;ToString;();Argument[this];ReturnValue;taint;df-generated | @@ -18169,11 +18038,6 @@ summary | System.Text.Json;JsonProperty;get_Name;();Argument[this];ReturnValue;taint;df-generated | | System.Text.Json;JsonReaderState;JsonReaderState;(System.Text.Json.JsonReaderOptions);Argument[0];Argument[this].SyntheticField[System.Text.Json.JsonReaderState._readerOptions];value;dfc-generated | | System.Text.Json;JsonReaderState;get_Options;();Argument[this].SyntheticField[System.Text.Json.JsonReaderState._readerOptions];ReturnValue;value;dfc-generated | -| System.Text.Json;JsonSerializer;Deserialize;(System.Text.Json.Utf8JsonReader,System.Text.Json.Serialization.Metadata.JsonTypeInfo);Argument[0];ReturnValue;value;dfc-generated | -| System.Text.Json;JsonSerializer;Deserialize;(System.Text.Json.Utf8JsonReader,System.Type,System.Text.Json.JsonSerializerOptions);Argument[0];ReturnValue;value;dfc-generated | -| System.Text.Json;JsonSerializer;Deserialize;(System.Text.Json.Utf8JsonReader,System.Type,System.Text.Json.Serialization.JsonSerializerContext);Argument[0];ReturnValue;value;dfc-generated | -| System.Text.Json;JsonSerializer;Deserialize;(System.Text.Json.Utf8JsonReader,System.Text.Json.JsonSerializerOptions);Argument[0];ReturnValue;value;dfc-generated | -| System.Text.Json;JsonSerializer;Deserialize;(System.Text.Json.Utf8JsonReader,System.Text.Json.Serialization.Metadata.JsonTypeInfo);Argument[0];ReturnValue;value;dfc-generated | | System.Text.Json;JsonSerializer;Serialize;(System.IO.Stream,System.Object,System.Text.Json.Serialization.Metadata.JsonTypeInfo);Argument[1];Argument[2];taint;df-generated | | System.Text.Json;JsonSerializer;Serialize;(System.Object,System.Text.Json.Serialization.Metadata.JsonTypeInfo);Argument[0];Argument[1];taint;df-generated | | System.Text.Json;JsonSerializer;Serialize;(System.Text.Json.Utf8JsonWriter,System.Object,System.Text.Json.Serialization.Metadata.JsonTypeInfo);Argument[0];Argument[2];taint;df-generated | @@ -18197,7 +18061,7 @@ summary | System.Text.Json;JsonSerializerOptions;GetConverter;(System.Type);Argument[this];ReturnValue;taint;df-generated | | System.Text.Json;JsonSerializerOptions;GetTypeInfo;(System.Type);Argument[this];ReturnValue;taint;df-generated | | System.Text.Json;JsonSerializerOptions;JsonSerializerOptions;(System.Text.Json.JsonSerializerOptions);Argument[0];Argument[this];taint;df-generated | -| System.Text.Json;JsonSerializerOptions;TryGetTypeInfo;(System.Type,System.Text.Json.Serialization.Metadata.JsonTypeInfo);Argument[this];ReturnValue;taint;df-generated | +| System.Text.Json;JsonSerializerOptions;TryGetTypeInfo;(System.Type,System.Text.Json.Serialization.Metadata.JsonTypeInfo);Argument[this];Argument[1];taint;df-generated | | System.Text.Json;Utf8JsonReader;CopyString;(System.Span);Argument[this].Property[System.Text.Json.Utf8JsonReader.ValueSpan].Element;Argument[0].Element;value;dfc-generated | | System.Text.Json;Utf8JsonReader;GetComment;();Argument[this].Property[System.Text.Json.Utf8JsonReader.ValueSpan].Element;ReturnValue;taint;dfc-generated | | System.Text.Json;Utf8JsonReader;GetString;();Argument[this].Property[System.Text.Json.Utf8JsonReader.ValueSpan].Element;ReturnValue;taint;dfc-generated | @@ -18237,7 +18101,7 @@ summary | System.Text.RegularExpressions;GroupCollection;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual | | System.Text.RegularExpressions;GroupCollection;Insert;(System.Int32,System.Object);Argument[1];Argument[this].Element;value;manual | | System.Text.RegularExpressions;GroupCollection;Insert;(System.Int32,System.Text.RegularExpressions.Group);Argument[1];Argument[this].Element;value;manual | -| System.Text.RegularExpressions;GroupCollection;TryGetValue;(System.String,System.Text.RegularExpressions.Group);Argument[this].Element;ReturnValue;value;dfc-generated | +| System.Text.RegularExpressions;GroupCollection;TryGetValue;(System.String,System.Text.RegularExpressions.Group);Argument[this].Element;Argument[1];value;dfc-generated | | System.Text.RegularExpressions;GroupCollection;get_Item;(System.Int32);Argument[this].Element;ReturnValue;value;manual | | System.Text.RegularExpressions;GroupCollection;get_Item;(System.String);Argument[this].Element;ReturnValue;value;manual | | System.Text.RegularExpressions;GroupCollection;get_Keys;();Argument[this];ReturnValue;taint;df-generated | @@ -18379,8 +18243,6 @@ summary | System.Text.Unicode;Utf8+TryWriteInterpolatedStringHandler;TryWriteInterpolatedStringHandler;(System.Int32,System.Int32,System.Span,System.Boolean);Argument[2];Argument[this];taint;df-generated | | System.Text.Unicode;Utf8+TryWriteInterpolatedStringHandler;TryWriteInterpolatedStringHandler;(System.Int32,System.Int32,System.Span,System.IFormatProvider,System.Boolean);Argument[2];Argument[this];taint;df-generated | | System.Text.Unicode;Utf8+TryWriteInterpolatedStringHandler;TryWriteInterpolatedStringHandler;(System.Int32,System.Int32,System.Span,System.IFormatProvider,System.Boolean);Argument[3];Argument[this];taint;df-generated | -| System.Text.Unicode;Utf8;TryWrite;(System.Span,System.IFormatProvider,System.Text.Unicode.Utf8+TryWriteInterpolatedStringHandler,System.Int32);Argument[2];ReturnValue;value;dfc-generated | -| System.Text.Unicode;Utf8;TryWrite;(System.Span,System.Text.Unicode.Utf8+TryWriteInterpolatedStringHandler,System.Int32);Argument[1];ReturnValue;value;dfc-generated | | System.Text;ASCIIEncoding;GetBytes;(System.Char*,System.Int32,System.Byte*,System.Int32);Argument[0];ReturnValue;taint;manual | | System.Text;ASCIIEncoding;GetBytes;(System.Char[],System.Int32,System.Int32,System.Byte[],System.Int32);Argument[0].Element;ReturnValue;taint;manual | | System.Text;ASCIIEncoding;GetBytes;(System.ReadOnlySpan,System.Span);Argument[0];ReturnValue;taint;manual | @@ -18667,8 +18529,8 @@ summary | System.Threading.RateLimiting;PartitionedRateLimiter;DisposeAsync;();Argument[this];ReturnValue;taint;df-generated | | System.Threading.RateLimiting;PartitionedRateLimiter;WithTranslatedKey;(System.Func,System.Boolean);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Threading.RateLimiting;RateLimitLease;GetAllMetadata;();Argument[this];ReturnValue;taint;df-generated | -| System.Threading.RateLimiting;RateLimitLease;TryGetMetadata;(System.String,System.Object);Argument[this];ReturnValue;taint;df-generated | -| System.Threading.RateLimiting;RateLimitLease;TryGetMetadata;(System.Threading.RateLimiting.MetadataName,T);Argument[this];ReturnValue;taint;df-generated | +| System.Threading.RateLimiting;RateLimitLease;TryGetMetadata;(System.String,System.Object);Argument[this];Argument[1];taint;df-generated | +| System.Threading.RateLimiting;RateLimitLease;TryGetMetadata;(System.Threading.RateLimiting.MetadataName,T);Argument[this];Argument[1];taint;df-generated | | System.Threading.RateLimiting;RateLimitLease;get_MetadataNames;();Argument[this];ReturnValue;taint;df-generated | | System.Threading.RateLimiting;RateLimitPartition;Get;(TKey,System.Func);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Threading.RateLimiting;RateLimitPartition;GetConcurrencyLimiter;(TKey,System.Func);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | @@ -18729,7 +18591,7 @@ summary | System.Threading.Tasks.Dataflow;BroadcastBlock;LinkTo;(System.Threading.Tasks.Dataflow.ITargetBlock,System.Threading.Tasks.Dataflow.DataflowLinkOptions);Argument[this];ReturnValue;taint;df-generated | | System.Threading.Tasks.Dataflow;BroadcastBlock;ReserveMessage;(System.Threading.Tasks.Dataflow.DataflowMessageHeader,System.Threading.Tasks.Dataflow.ITargetBlock);Argument[1];Argument[this];taint;df-generated | | System.Threading.Tasks.Dataflow;BroadcastBlock;TryReceive;(System.Predicate,T);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | -| System.Threading.Tasks.Dataflow;BroadcastBlock;TryReceiveAll;(System.Collections.Generic.IList);Argument[this];ReturnValue;taint;df-generated | +| System.Threading.Tasks.Dataflow;BroadcastBlock;TryReceiveAll;(System.Collections.Generic.IList);Argument[this];Argument[0].Element;taint;df-generated | | System.Threading.Tasks.Dataflow;BroadcastBlock;get_Completion;();Argument[this];ReturnValue;taint;df-generated | | System.Threading.Tasks.Dataflow;BufferBlock;BufferBlock;(System.Threading.Tasks.Dataflow.DataflowBlockOptions);Argument[0];Argument[this];taint;df-generated | | System.Threading.Tasks.Dataflow;BufferBlock;LinkTo;(System.Threading.Tasks.Dataflow.ITargetBlock,System.Threading.Tasks.Dataflow.DataflowLinkOptions);Argument[0];ReturnValue;taint;df-generated | @@ -18767,7 +18629,7 @@ summary | System.Threading.Tasks.Dataflow;DataflowBlock;ReceiveAsync;(System.Threading.Tasks.Dataflow.ISourceBlock,System.TimeSpan,System.Threading.CancellationToken);Argument[0];ReturnValue;taint;df-generated | | System.Threading.Tasks.Dataflow;DataflowBlock;SendAsync;(System.Threading.Tasks.Dataflow.ITargetBlock,TInput);Argument[1];Argument[0];taint;df-generated | | System.Threading.Tasks.Dataflow;DataflowBlock;SendAsync;(System.Threading.Tasks.Dataflow.ITargetBlock,TInput,System.Threading.CancellationToken);Argument[1];Argument[0];taint;df-generated | -| System.Threading.Tasks.Dataflow;DataflowBlock;TryReceive;(System.Threading.Tasks.Dataflow.IReceivableSourceBlock,TOutput);Argument[0];ReturnValue;taint;df-generated | +| System.Threading.Tasks.Dataflow;DataflowBlock;TryReceive;(System.Threading.Tasks.Dataflow.IReceivableSourceBlock,TOutput);Argument[0];Argument[1];taint;df-generated | | System.Threading.Tasks.Dataflow;IDataflowBlock;get_Completion;();Argument[this];ReturnValue;taint;df-generated | | System.Threading.Tasks.Dataflow;IReceivableSourceBlock;TryReceive;(System.Predicate,TOutput);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Threading.Tasks.Dataflow;JoinBlock;JoinBlock;(System.Threading.Tasks.Dataflow.GroupingDataflowBlockOptions);Argument[0];Argument[this];taint;df-generated | @@ -18815,7 +18677,7 @@ summary | System.Threading.Tasks.Dataflow;WriteOnceBlock;ReleaseReservation;(System.Threading.Tasks.Dataflow.DataflowMessageHeader,System.Threading.Tasks.Dataflow.ITargetBlock);Argument[this];Argument[1];taint;df-generated | | System.Threading.Tasks.Dataflow;WriteOnceBlock;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.Threading.Tasks.Dataflow;WriteOnceBlock;TryReceive;(System.Predicate,T);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | -| System.Threading.Tasks.Dataflow;WriteOnceBlock;TryReceiveAll;(System.Collections.Generic.IList);Argument[this].SyntheticField[System.Threading.Tasks.Dataflow.WriteOnceBlock`1._value];ReturnValue.Element;value;dfc-generated | +| System.Threading.Tasks.Dataflow;WriteOnceBlock;TryReceiveAll;(System.Collections.Generic.IList);Argument[this].SyntheticField[System.Threading.Tasks.Dataflow.WriteOnceBlock`1._value];Argument[0].Element;value;dfc-generated | | System.Threading.Tasks.Dataflow;WriteOnceBlock;WriteOnceBlock;(System.Func);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Threading.Tasks.Dataflow;WriteOnceBlock;WriteOnceBlock;(System.Func,System.Threading.Tasks.Dataflow.DataflowBlockOptions);Argument[0];Argument[0].Parameter[delegate-self];value;dfc-generated | | System.Threading.Tasks.Dataflow;WriteOnceBlock;WriteOnceBlock;(System.Func,System.Threading.Tasks.Dataflow.DataflowBlockOptions);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | @@ -19619,19 +19481,12 @@ summary | System.Threading;ExecutionContext;Run;(System.Threading.ExecutionContext,System.Threading.ContextCallback,System.Object);Argument[2];Argument[1].Parameter[0];value;hq-generated | | System.Threading;HostExecutionContextManager;SetHostExecutionContext;(System.Threading.HostExecutionContext);Argument[0];ReturnValue;taint;df-generated | | System.Threading;IOCompletionCallback;BeginInvoke;(System.UInt32,System.UInt32,System.Threading.NativeOverlapped*,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;hq-generated | -| System.Threading;Interlocked;CompareExchange;(System.IntPtr,System.IntPtr,System.IntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;Interlocked;CompareExchange;(System.UIntPtr,System.UIntPtr,System.UIntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;Interlocked;CompareExchange;(T,T,T);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;Interlocked;Exchange;(System.IntPtr,System.IntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;Interlocked;Exchange;(System.UIntPtr,System.UIntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;Interlocked;Exchange;(T,T);Argument[0];ReturnValue;value;dfc-generated | | System.Threading;LazyInitializer;EnsureInitialized;(T);Argument[0];ReturnValue;value;dfc-generated | | System.Threading;LazyInitializer;EnsureInitialized;(T,System.Boolean,System.Object);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;LazyInitializer;EnsureInitialized;(T,System.Boolean,System.Object);Argument[2];ReturnValue;value;dfc-generated | | System.Threading;LazyInitializer;EnsureInitialized;(T,System.Boolean,System.Object,System.Func);Argument[0];ReturnValue;value;dfc-generated | | System.Threading;LazyInitializer;EnsureInitialized;(T,System.Boolean,System.Object,System.Func);Argument[0];ReturnValue;value;hq-generated | -| System.Threading;LazyInitializer;EnsureInitialized;(T,System.Boolean,System.Object,System.Func);Argument[2];ReturnValue;value;dfc-generated | -| System.Threading;LazyInitializer;EnsureInitialized;(T,System.Boolean,System.Object,System.Func);Argument[2];ReturnValue;value;hq-generated | +| System.Threading;LazyInitializer;EnsureInitialized;(T,System.Boolean,System.Object,System.Func);Argument[3].ReturnValue;Argument[0];value;dfc-generated | +| System.Threading;LazyInitializer;EnsureInitialized;(T,System.Boolean,System.Object,System.Func);Argument[3].ReturnValue;Argument[0];value;hq-generated | | System.Threading;LazyInitializer;EnsureInitialized;(T,System.Boolean,System.Object,System.Func);Argument[3].ReturnValue;ReturnValue;value;dfc-generated | | System.Threading;LazyInitializer;EnsureInitialized;(T,System.Boolean,System.Object,System.Func);Argument[3].ReturnValue;ReturnValue;value;hq-generated | | System.Threading;LazyInitializer;EnsureInitialized;(T,System.Boolean,System.Object,System.Func);Argument[3];Argument[3].Parameter[delegate-self];value;dfc-generated | @@ -19642,13 +19497,10 @@ summary | System.Threading;LazyInitializer;EnsureInitialized;(T,System.Func);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Threading;LazyInitializer;EnsureInitialized;(T,System.Object,System.Func);Argument[0];ReturnValue;value;dfc-generated | | System.Threading;LazyInitializer;EnsureInitialized;(T,System.Object,System.Func);Argument[0];ReturnValue;value;hq-generated | -| System.Threading;LazyInitializer;EnsureInitialized;(T,System.Object,System.Func);Argument[1];ReturnValue;value;dfc-generated | -| System.Threading;LazyInitializer;EnsureInitialized;(T,System.Object,System.Func);Argument[1];ReturnValue;value;hq-generated | | System.Threading;LazyInitializer;EnsureInitialized;(T,System.Object,System.Func);Argument[2];Argument[2].Parameter[delegate-self];value;dfc-generated | | System.Threading;LazyInitializer;EnsureInitialized;(T,System.Object,System.Func);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | | System.Threading;Lock;EnterScope;();Argument[this];ReturnValue;taint;df-generated | | System.Threading;ManualResetEventSlim;get_WaitHandle;();Argument[this];ReturnValue;taint;df-generated | -| System.Threading;Mutex;TryOpenExisting;(System.String,System.Threading.Mutex);Argument[1];ReturnValue;value;dfc-generated | | System.Threading;Overlapped;Overlapped;(System.Int32,System.Int32,System.IntPtr,System.IAsyncResult);Argument[2];Argument[this];taint;df-generated | | System.Threading;Overlapped;Overlapped;(System.Int32,System.Int32,System.IntPtr,System.IAsyncResult);Argument[3];Argument[this];taint;df-generated | | System.Threading;Overlapped;Pack;(System.Threading.IOCompletionCallback);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | @@ -19661,8 +19513,6 @@ summary | System.Threading;PeriodicTimer;WaitForNextTickAsync;(System.Threading.CancellationToken);Argument[this];ReturnValue;taint;df-generated | | System.Threading;PreAllocatedOverlapped;PreAllocatedOverlapped;(System.Threading.IOCompletionCallback,System.Object,System.Object);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Threading;PreAllocatedOverlapped;UnsafeCreate;(System.Threading.IOCompletionCallback,System.Object,System.Object);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | -| System.Threading;ReaderWriterLock;DowngradeFromWriterLock;(System.Threading.LockCookie);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;ReaderWriterLock;RestoreLock;(System.Threading.LockCookie);Argument[0];ReturnValue;value;dfc-generated | | System.Threading;RegisteredWaitHandle;Unregister;(System.Threading.WaitHandle);Argument[0];Argument[this];taint;df-generated | | System.Threading;SemaphoreSlim;WaitAsync;();Argument[this];ReturnValue;taint;df-generated | | System.Threading;SemaphoreSlim;WaitAsync;(System.Int32);Argument[this];ReturnValue;taint;df-generated | @@ -19686,12 +19536,6 @@ summary | System.Threading;Thread;Thread;(System.Threading.ParameterizedThreadStart,System.Int32);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Threading;Thread;Thread;(System.Threading.ThreadStart);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Threading;Thread;Thread;(System.Threading.ThreadStart,System.Int32);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | -| System.Threading;Thread;VolatileRead;(System.IntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;Thread;VolatileRead;(System.Object);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;Thread;VolatileRead;(System.UIntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;Thread;VolatileWrite;(System.IntPtr,System.IntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;Thread;VolatileWrite;(System.Object,System.Object);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;Thread;VolatileWrite;(System.UIntPtr,System.UIntPtr);Argument[0];ReturnValue;value;dfc-generated | | System.Threading;ThreadExceptionEventArgs;ThreadExceptionEventArgs;(System.Exception);Argument[0];Argument[this].SyntheticField[System.Threading.ThreadExceptionEventArgs.m_exception];value;dfc-generated | | System.Threading;ThreadExceptionEventArgs;get_Exception;();Argument[this].SyntheticField[System.Threading.ThreadExceptionEventArgs.m_exception];ReturnValue;value;dfc-generated | | System.Threading;ThreadExceptionEventHandler;BeginInvoke;(System.Object,System.Threading.ThreadExceptionEventArgs,System.AsyncCallback,System.Object);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | @@ -19723,9 +19567,6 @@ summary | System.Threading;Timer;Timer;(System.Threading.TimerCallback,System.Object,System.TimeSpan,System.TimeSpan);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Threading;Timer;Timer;(System.Threading.TimerCallback,System.Object,System.UInt32,System.UInt32);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Threading;TimerCallback;BeginInvoke;(System.Object,System.AsyncCallback,System.Object);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | -| System.Threading;Volatile;Write;(System.IntPtr,System.IntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;Volatile;Write;(System.UIntPtr,System.UIntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;Volatile;Write;(T,T);Argument[0];ReturnValue;value;dfc-generated | | System.Threading;WaitCallback;BeginInvoke;(System.Object,System.AsyncCallback,System.Object);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Threading;WaitHandleExtensions;GetSafeWaitHandle;(System.Threading.WaitHandle);Argument[0].Property[System.Threading.WaitHandle.SafeWaitHandle];ReturnValue;value;dfc-generated | | System.Threading;WaitHandleExtensions;SetSafeWaitHandle;(System.Threading.WaitHandle,Microsoft.Win32.SafeHandles.SafeWaitHandle);Argument[1];Argument[0];taint;df-generated | @@ -20342,17 +20183,20 @@ summary | System.Xml.Serialization;XmlSerializationReader;ReadElementQualifiedName;();Argument[this];ReturnValue;taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadNullableQualifiedName;();Argument[this];ReturnValue;taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadNullableString;();Argument[this];ReturnValue;taint;df-generated | -| System.Xml.Serialization;XmlSerializationReader;ReadReference;(System.String);Argument[this];ReturnValue;taint;df-generated | +| System.Xml.Serialization;XmlSerializationReader;ReadReference;(System.String);Argument[this];Argument[0];taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadReferencedElement;();Argument[this];ReturnValue;taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadReferencedElement;(System.String,System.String);Argument[0];ReturnValue;taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadReferencedElement;(System.String,System.String);Argument[1];ReturnValue;taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadReferencedElement;(System.String,System.String);Argument[this];ReturnValue;taint;df-generated | +| System.Xml.Serialization;XmlSerializationReader;ReadReferencingElement;(System.String);Argument[this];Argument[0];taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadReferencingElement;(System.String);Argument[this];ReturnValue;taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadReferencingElement;(System.String,System.String,System.Boolean,System.String);Argument[0];ReturnValue;taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadReferencingElement;(System.String,System.String,System.Boolean,System.String);Argument[1];ReturnValue;taint;df-generated | +| System.Xml.Serialization;XmlSerializationReader;ReadReferencingElement;(System.String,System.String,System.Boolean,System.String);Argument[this];Argument[3];taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadReferencingElement;(System.String,System.String,System.Boolean,System.String);Argument[this];ReturnValue;taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadReferencingElement;(System.String,System.String,System.String);Argument[0];ReturnValue;taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadReferencingElement;(System.String,System.String,System.String);Argument[1];ReturnValue;taint;df-generated | +| System.Xml.Serialization;XmlSerializationReader;ReadReferencingElement;(System.String,System.String,System.String);Argument[this];Argument[2];taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadReferencingElement;(System.String,System.String,System.String);Argument[this];ReturnValue;taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadSerializable;(System.Xml.Serialization.IXmlSerializable);Argument[0];ReturnValue;value;dfc-generated | | System.Xml.Serialization;XmlSerializationReader;ReadSerializable;(System.Xml.Serialization.IXmlSerializable,System.Boolean);Argument[0];ReturnValue;value;dfc-generated | @@ -20647,9 +20491,9 @@ summary | System.Xml;IXmlBinaryWriterInitializer;SetOutput;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlBinaryWriterSession,System.Boolean);Argument[0];Argument[this];taint;df-generated | | System.Xml;IXmlBinaryWriterInitializer;SetOutput;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlBinaryWriterSession,System.Boolean);Argument[1];Argument[this];taint;df-generated | | System.Xml;IXmlBinaryWriterInitializer;SetOutput;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlBinaryWriterSession,System.Boolean);Argument[2];Argument[this];taint;df-generated | -| System.Xml;IXmlDictionary;TryLookup;(System.Int32,System.Xml.XmlDictionaryString);Argument[this];ReturnValue;taint;df-generated | -| System.Xml;IXmlDictionary;TryLookup;(System.String,System.Xml.XmlDictionaryString);Argument[this];ReturnValue;taint;df-generated | -| System.Xml;IXmlDictionary;TryLookup;(System.Xml.XmlDictionaryString,System.Xml.XmlDictionaryString);Argument[0];ReturnValue;value;dfc-generated | +| System.Xml;IXmlDictionary;TryLookup;(System.Int32,System.Xml.XmlDictionaryString);Argument[this];Argument[1];taint;df-generated | +| System.Xml;IXmlDictionary;TryLookup;(System.String,System.Xml.XmlDictionaryString);Argument[this];Argument[1];taint;df-generated | +| System.Xml;IXmlDictionary;TryLookup;(System.Xml.XmlDictionaryString,System.Xml.XmlDictionaryString);Argument[0];Argument[1];value;dfc-generated | | System.Xml;IXmlNamespaceResolver;GetNamespacesInScope;(System.Xml.XmlNamespaceScope);Argument[this];ReturnValue;taint;df-generated | | System.Xml;IXmlNamespaceResolver;LookupNamespace;(System.String);Argument[0];ReturnValue;value;dfc-generated | | System.Xml;IXmlNamespaceResolver;LookupPrefix;(System.String);Argument[this];ReturnValue;taint;df-generated | @@ -20723,9 +20567,9 @@ summary | System.Xml;XmlAttributeCollection;get_SyncRoot;();Argument[this];ReturnValue;value;dfc-generated | | System.Xml;XmlBinaryReaderSession;Add;(System.Int32,System.String);Argument[1];ReturnValue.SyntheticField[System.Xml.XmlDictionaryString._value];value;dfc-generated | | System.Xml;XmlBinaryReaderSession;Add;(System.Int32,System.String);Argument[this];ReturnValue.SyntheticField[System.Xml.XmlDictionaryString._dictionary];value;dfc-generated | -| System.Xml;XmlBinaryReaderSession;TryLookup;(System.Int32,System.Xml.XmlDictionaryString);Argument[this];ReturnValue;taint;df-generated | -| System.Xml;XmlBinaryReaderSession;TryLookup;(System.String,System.Xml.XmlDictionaryString);Argument[this];ReturnValue;taint;df-generated | -| System.Xml;XmlBinaryReaderSession;TryLookup;(System.Xml.XmlDictionaryString,System.Xml.XmlDictionaryString);Argument[0];ReturnValue;value;dfc-generated | +| System.Xml;XmlBinaryReaderSession;TryLookup;(System.Int32,System.Xml.XmlDictionaryString);Argument[this];Argument[1];taint;df-generated | +| System.Xml;XmlBinaryReaderSession;TryLookup;(System.String,System.Xml.XmlDictionaryString);Argument[this];Argument[1];taint;df-generated | +| System.Xml;XmlBinaryReaderSession;TryLookup;(System.Xml.XmlDictionaryString,System.Xml.XmlDictionaryString);Argument[0];Argument[1];value;dfc-generated | | System.Xml;XmlCDataSection;CloneNode;(System.Boolean);Argument[this];ReturnValue;taint;df-generated | | System.Xml;XmlCDataSection;WriteContentTo;(System.Xml.XmlWriter);Argument[this];Argument[0];taint;df-generated | | System.Xml;XmlCDataSection;WriteTo;(System.Xml.XmlWriter);Argument[this];Argument[0];taint;df-generated | @@ -20782,9 +20626,9 @@ summary | System.Xml;XmlDeclaration;get_Value;();Argument[this];ReturnValue;taint;manual | | System.Xml;XmlDictionary;Add;(System.String);Argument[0];ReturnValue.SyntheticField[System.Xml.XmlDictionaryString._value];value;dfc-generated | | System.Xml;XmlDictionary;Add;(System.String);Argument[this];ReturnValue.SyntheticField[System.Xml.XmlDictionaryString._dictionary];value;dfc-generated | -| System.Xml;XmlDictionary;TryLookup;(System.Int32,System.Xml.XmlDictionaryString);Argument[this];ReturnValue;taint;df-generated | -| System.Xml;XmlDictionary;TryLookup;(System.String,System.Xml.XmlDictionaryString);Argument[this];ReturnValue;taint;df-generated | -| System.Xml;XmlDictionary;TryLookup;(System.Xml.XmlDictionaryString,System.Xml.XmlDictionaryString);Argument[0];ReturnValue;value;dfc-generated | +| System.Xml;XmlDictionary;TryLookup;(System.Int32,System.Xml.XmlDictionaryString);Argument[this];Argument[1];taint;df-generated | +| System.Xml;XmlDictionary;TryLookup;(System.String,System.Xml.XmlDictionaryString);Argument[this];Argument[1];taint;df-generated | +| System.Xml;XmlDictionary;TryLookup;(System.Xml.XmlDictionaryString,System.Xml.XmlDictionaryString);Argument[0];Argument[1];value;dfc-generated | | System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas);Argument[0].Element;ReturnValue;taint;df-generated | | System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas);Argument[3];ReturnValue;taint;df-generated | | System.Xml;XmlDictionaryReader;CreateBinaryReader;(System.Byte[],System.Int32,System.Int32,System.Xml.IXmlDictionary,System.Xml.XmlDictionaryReaderQuotas,System.Xml.XmlBinaryReaderSession);Argument[0].Element;ReturnValue;taint;df-generated | @@ -20806,11 +20650,13 @@ summary | System.Xml;XmlDictionaryReader;CreateTextReader;(System.Byte[],System.Int32,System.Int32,System.Text.Encoding,System.Xml.XmlDictionaryReaderQuotas,System.Xml.OnXmlDictionaryReaderClose);Argument[5];Argument[5].Parameter[delegate-self];value;hq-generated | | System.Xml;XmlDictionaryReader;CreateTextReader;(System.IO.Stream,System.Text.Encoding,System.Xml.XmlDictionaryReaderQuotas,System.Xml.OnXmlDictionaryReaderClose);Argument[3];Argument[3].Parameter[delegate-self];value;hq-generated | | System.Xml;XmlDictionaryReader;GetAttribute;(System.Xml.XmlDictionaryString,System.Xml.XmlDictionaryString);Argument[this];ReturnValue;taint;df-generated | -| System.Xml;XmlDictionaryReader;GetNonAtomizedNames;(System.String,System.String);Argument[this];ReturnValue;taint;df-generated | +| System.Xml;XmlDictionaryReader;GetNonAtomizedNames;(System.String,System.String);Argument[this];Argument[0];taint;df-generated | +| System.Xml;XmlDictionaryReader;GetNonAtomizedNames;(System.String,System.String);Argument[this];Argument[1];taint;df-generated | | System.Xml;XmlDictionaryReader;ReadContentAs;(System.Type,System.Xml.IXmlNamespaceResolver);Argument[1];ReturnValue;taint;df-generated | | System.Xml;XmlDictionaryReader;ReadContentAs;(System.Type,System.Xml.IXmlNamespaceResolver);Argument[this];Argument[1];taint;df-generated | | System.Xml;XmlDictionaryReader;ReadContentAs;(System.Type,System.Xml.IXmlNamespaceResolver);Argument[this];ReturnValue;taint;df-generated | -| System.Xml;XmlDictionaryReader;ReadContentAsQualifiedName;(System.String,System.String);Argument[this];ReturnValue;taint;df-generated | +| System.Xml;XmlDictionaryReader;ReadContentAsQualifiedName;(System.String,System.String);Argument[this];Argument[0];taint;df-generated | +| System.Xml;XmlDictionaryReader;ReadContentAsQualifiedName;(System.String,System.String);Argument[this];Argument[1];taint;df-generated | | System.Xml;XmlDictionaryReader;ReadContentAsString;();Argument[this];ReturnValue;taint;df-generated | | System.Xml;XmlDictionaryReader;ReadContentAsString;(System.Int32);Argument[this];ReturnValue;taint;df-generated | | System.Xml;XmlDictionaryReader;ReadContentAsString;(System.String[],System.Int32);Argument[0].Element;ReturnValue;value;dfc-generated | @@ -21707,7 +21553,6 @@ summary | System;Array;ForEach;(T[],System.Action);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System;Array;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual | | System;Array;Insert;(System.Int32,System.Object);Argument[1];Argument[this].Element;value;manual | -| System;Array;Resize;(T[],System.Int32);Argument[0];ReturnValue;value;dfc-generated | | System;Array;Reverse;(System.Array);Argument[0].Element;ReturnValue.Element;value;manual | | System;Array;Reverse;(System.Array,System.Int32,System.Int32);Argument[0].Element;ReturnValue.Element;value;manual | | System;Array;Reverse;(T[]);Argument[0].Element;ReturnValue.Element;value;manual | @@ -22140,7 +21985,7 @@ summary | System;DateTime;ToString;(System.IFormatProvider);Argument[this];ReturnValue;value;dfc-generated | | System;DateTime;ToString;(System.String,System.IFormatProvider);Argument[this];ReturnValue;taint;dfc-generated | | System;DateTime;ToType;(System.Type,System.IFormatProvider);Argument[this];ReturnValue;value;dfc-generated | -| System;DateTimeOffset;Deconstruct;(System.DateOnly,System.TimeOnly,System.TimeSpan);Argument[this].Property[System.DateTimeOffset.Offset];ReturnValue;value;dfc-generated | +| System;DateTimeOffset;Deconstruct;(System.DateOnly,System.TimeOnly,System.TimeSpan);Argument[this].Property[System.DateTimeOffset.Offset];Argument[2];value;dfc-generated | | System;DateTimeOffset;GetObjectData;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);Argument[this];Argument[0];taint;df-generated | | System;DateTimeOffset;ToString;(System.String,System.IFormatProvider);Argument[this];ReturnValue;taint;dfc-generated | | System;Decimal;Clamp;(System.Decimal,System.Decimal,System.Decimal);Argument[0];ReturnValue;value;dfc-generated | @@ -22590,8 +22435,6 @@ summary | System;MemoryExtensions;TrimStart;(System.Span,System.ReadOnlySpan);Argument[0].Element;ReturnValue.Element;value;dfc-generated | | System;MemoryExtensions;TrimStart;(System.Span,System.ReadOnlySpan);Argument[0];ReturnValue;value;dfc-generated | | System;MemoryExtensions;TrimStart;(System.Span,T);Argument[0].Element;ReturnValue.Element;value;dfc-generated | -| System;MemoryExtensions;TryWrite;(System.Span,System.IFormatProvider,System.MemoryExtensions+TryWriteInterpolatedStringHandler,System.Int32);Argument[2];ReturnValue;value;dfc-generated | -| System;MemoryExtensions;TryWrite;(System.Span,System.MemoryExtensions+TryWriteInterpolatedStringHandler,System.Int32);Argument[1];ReturnValue;value;dfc-generated | | System;MissingFieldException;MissingFieldException;(System.String,System.String);Argument[0];Argument[this].Field[System.MissingMemberException.ClassName];value;dfc-generated | | System;MissingFieldException;MissingFieldException;(System.String,System.String);Argument[1];Argument[this].Field[System.MissingMemberException.MemberName];value;dfc-generated | | System;MissingFieldException;get_Message;();Argument[this].SyntheticField[System.Exception._message];ReturnValue;value;dfc-generated | @@ -22768,8 +22611,6 @@ summary | System;String;Concat;(System.String[]);Argument[0].Element;ReturnValue;taint;manual | | System;String;Concat;(System.Collections.Generic.IEnumerable);Argument[0].Element;ReturnValue;taint;manual | | System;String;Copy;(System.String);Argument[0];ReturnValue;value;manual | -| System;String;Create;(System.IFormatProvider,System.Runtime.CompilerServices.DefaultInterpolatedStringHandler);Argument[1];ReturnValue;value;dfc-generated | -| System;String;Create;(System.IFormatProvider,System.Span,System.Runtime.CompilerServices.DefaultInterpolatedStringHandler);Argument[2];ReturnValue;value;dfc-generated | | System;String;Create;(System.Int32,TState,System.Buffers.SpanAction);Argument[1];Argument[2].Parameter[1];value;dfc-generated | | System;String;Create;(System.Int32,TState,System.Buffers.SpanAction);Argument[1];Argument[2].Parameter[1];value;hq-generated | | System;String;Create;(System.Int32,TState,System.Buffers.SpanAction);Argument[2];Argument[2].Parameter[delegate-self];value;dfc-generated | @@ -22892,7 +22733,7 @@ summary | System;String;TrimStart;();Argument[this];ReturnValue;taint;manual | | System;String;TrimStart;(System.Char);Argument[this];ReturnValue;taint;manual | | System;String;TrimStart;(System.Char[]);Argument[this];ReturnValue;taint;manual | -| System;String;TryParse;(System.String,System.IFormatProvider,System.String);Argument[0];ReturnValue;value;dfc-generated | +| System;String;TryParse;(System.String,System.IFormatProvider,System.String);Argument[0];Argument[2];value;dfc-generated | | System;StringComparer;Compare;(System.Object,System.Object);Argument[0];Argument[this];taint;df-generated | | System;StringComparer;Compare;(System.Object,System.Object);Argument[1];Argument[this];taint;df-generated | | System;StringComparer;GetHashCode;(System.Object);Argument[0];Argument[this];taint;df-generated | @@ -22941,7 +22782,7 @@ summary | System;TimeZoneInfo;GetUtcOffset;(System.DateTimeOffset);Argument[this].SyntheticField[System.TimeZoneInfo._baseUtcOffset];ReturnValue;value;dfc-generated | | System;TimeZoneInfo;ToString;();Argument[this].Property[System.TimeZoneInfo.DisplayName];ReturnValue;value;dfc-generated | | System;TimeZoneInfo;ToString;();Argument[this].SyntheticField[System.TimeZoneInfo._displayName];ReturnValue;value;dfc-generated | -| System;TimeZoneInfo;TryFindSystemTimeZoneById;(System.String,System.TimeZoneInfo);Argument[0];ReturnValue.SyntheticField[System.TimeZoneInfo._id];value;dfc-generated | +| System;TimeZoneInfo;TryFindSystemTimeZoneById;(System.String,System.TimeZoneInfo);Argument[0];Argument[1].SyntheticField[System.TimeZoneInfo._id];value;dfc-generated | | System;TimeZoneInfo;get_BaseUtcOffset;();Argument[this].SyntheticField[System.TimeZoneInfo._baseUtcOffset];ReturnValue;value;dfc-generated | | System;TimeZoneInfo;get_DaylightName;();Argument[this].SyntheticField[System.TimeZoneInfo._daylightDisplayName];ReturnValue;value;dfc-generated | | System;TimeZoneInfo;get_DisplayName;();Argument[this].SyntheticField[System.TimeZoneInfo._displayName];ReturnValue;value;dfc-generated | @@ -23675,7 +23516,7 @@ summary | System;WeakReference;GetObjectData;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);Argument[this];Argument[0];taint;df-generated | | System;WeakReference;GetObjectData;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);Argument[this];Argument[0];taint;dfc-generated | | System;WeakReference;GetObjectData;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);Argument[this];Argument[0];taint;df-generated | -| System;WeakReference;TryGetTarget;(T);Argument[this];ReturnValue;taint;df-generated | +| System;WeakReference;TryGetTarget;(T);Argument[this];Argument[0];taint;df-generated | neutral | Dapper;SqlMapper+GridReader;Dispose;();summary;df-generated | | Dapper;SqlMapper+Identity;Equals;(Dapper.SqlMapper+Identity);summary;df-generated | @@ -24804,6 +24645,7 @@ neutral | Microsoft.Extensions.Primitives;StringTokenizer+Enumerator;Reset;();summary;df-generated | | Microsoft.Extensions.Primitives;StringTokenizer+Enumerator;get_Current;();summary;df-generated | | Microsoft.Extensions.Primitives;StringValues+Enumerator;Dispose;();summary;df-generated | +| Microsoft.Extensions.Primitives;StringValues+Enumerator;Enumerator;(Microsoft.Extensions.Primitives.StringValues);summary;df-generated | | Microsoft.Extensions.Primitives;StringValues+Enumerator;MoveNext;();summary;df-generated | | Microsoft.Extensions.Primitives;StringValues+Enumerator;Reset;();summary;df-generated | | Microsoft.Extensions.Primitives;StringValues+Enumerator;get_Current;();summary;df-generated | @@ -25057,6 +24899,7 @@ neutral | Microsoft.VisualBasic.CompilerServices;StringType;FromShort;(System.Int16);summary;df-generated | | Microsoft.VisualBasic.CompilerServices;StringType;FromSingle;(System.Single);summary;df-generated | | Microsoft.VisualBasic.CompilerServices;StringType;FromSingle;(System.Single,System.Globalization.NumberFormatInfo);summary;df-generated | +| Microsoft.VisualBasic.CompilerServices;StringType;MidStmtStr;(System.String,System.Int32,System.Int32,System.String);summary;df-generated | | Microsoft.VisualBasic.CompilerServices;StringType;StrCmp;(System.String,System.String,System.Boolean);summary;df-generated | | Microsoft.VisualBasic.CompilerServices;StringType;StrLike;(System.String,System.String,Microsoft.VisualBasic.CompareMethod);summary;df-generated | | Microsoft.VisualBasic.CompilerServices;StringType;StrLikeBinary;(System.String,System.String);summary;df-generated | @@ -25253,6 +25096,7 @@ neutral | Microsoft.VisualBasic;FileSystem;FileClose;(System.Int32[]);summary;df-generated | | Microsoft.VisualBasic;FileSystem;FileCopy;(System.String,System.String);summary;df-generated | | Microsoft.VisualBasic;FileSystem;FileDateTime;(System.String);summary;df-generated | +| Microsoft.VisualBasic;FileSystem;FileGet;(System.Int32,System.Array,System.Int64,System.Boolean,System.Boolean);summary;df-generated | | Microsoft.VisualBasic;FileSystem;FileGet;(System.Int32,System.Boolean,System.Int64);summary;df-generated | | Microsoft.VisualBasic;FileSystem;FileGet;(System.Int32,System.Byte,System.Int64);summary;df-generated | | Microsoft.VisualBasic;FileSystem;FileGet;(System.Int32,System.Char,System.Int64);summary;df-generated | @@ -25263,6 +25107,9 @@ neutral | Microsoft.VisualBasic;FileSystem;FileGet;(System.Int32,System.Int32,System.Int64);summary;df-generated | | Microsoft.VisualBasic;FileSystem;FileGet;(System.Int32,System.Int64,System.Int64);summary;df-generated | | Microsoft.VisualBasic;FileSystem;FileGet;(System.Int32,System.Single,System.Int64);summary;df-generated | +| Microsoft.VisualBasic;FileSystem;FileGet;(System.Int32,System.String,System.Int64,System.Boolean);summary;df-generated | +| Microsoft.VisualBasic;FileSystem;FileGet;(System.Int32,System.ValueType,System.Int64);summary;df-generated | +| Microsoft.VisualBasic;FileSystem;FileGetObject;(System.Int32,System.Object,System.Int64);summary;df-generated | | Microsoft.VisualBasic;FileSystem;FileLen;(System.String);summary;df-generated | | Microsoft.VisualBasic;FileSystem;FileOpen;(System.Int32,System.String,Microsoft.VisualBasic.OpenMode,Microsoft.VisualBasic.OpenAccess,Microsoft.VisualBasic.OpenShare,System.Int32);summary;df-generated | | Microsoft.VisualBasic;FileSystem;FilePut;(System.Int32,System.Array,System.Int64,System.Boolean,System.Boolean);summary;df-generated | @@ -25292,7 +25139,9 @@ neutral | Microsoft.VisualBasic;FileSystem;Input;(System.Int32,System.Int16);summary;df-generated | | Microsoft.VisualBasic;FileSystem;Input;(System.Int32,System.Int32);summary;df-generated | | Microsoft.VisualBasic;FileSystem;Input;(System.Int32,System.Int64);summary;df-generated | +| Microsoft.VisualBasic;FileSystem;Input;(System.Int32,System.Object);summary;df-generated | | Microsoft.VisualBasic;FileSystem;Input;(System.Int32,System.Single);summary;df-generated | +| Microsoft.VisualBasic;FileSystem;Input;(System.Int32,System.String);summary;df-generated | | Microsoft.VisualBasic;FileSystem;InputString;(System.Int32,System.Int32);summary;df-generated | | Microsoft.VisualBasic;FileSystem;Kill;(System.String);summary;df-generated | | Microsoft.VisualBasic;FileSystem;LOF;(System.Int32);summary;df-generated | @@ -26065,6 +25914,7 @@ neutral | System.Buffers;ReadOnlySequence;Slice;(System.Int32,System.Int32);summary;df-generated | | System.Buffers;ReadOnlySequence;Slice;(System.Int64,System.Int64);summary;df-generated | | System.Buffers;ReadOnlySequence;ToString;();summary;df-generated | +| System.Buffers;ReadOnlySequence;TryGet;(System.SequencePosition,System.ReadOnlyMemory,System.Boolean);summary;df-generated | | System.Buffers;ReadOnlySequence;get_End;();summary;df-generated | | System.Buffers;ReadOnlySequence;get_First;();summary;df-generated | | System.Buffers;ReadOnlySequence;get_IsEmpty;();summary;df-generated | @@ -26090,6 +25940,12 @@ neutral | System.Buffers;SequenceReader;get_Position;();summary;df-generated | | System.Buffers;SequenceReader;get_Remaining;();summary;df-generated | | System.Buffers;SequenceReader;get_Sequence;();summary;df-generated | +| System.Buffers;SequenceReaderExtensions;TryReadBigEndian;(System.Buffers.SequenceReader,System.Int16);summary;df-generated | +| System.Buffers;SequenceReaderExtensions;TryReadBigEndian;(System.Buffers.SequenceReader,System.Int32);summary;df-generated | +| System.Buffers;SequenceReaderExtensions;TryReadBigEndian;(System.Buffers.SequenceReader,System.Int64);summary;df-generated | +| System.Buffers;SequenceReaderExtensions;TryReadLittleEndian;(System.Buffers.SequenceReader,System.Int16);summary;df-generated | +| System.Buffers;SequenceReaderExtensions;TryReadLittleEndian;(System.Buffers.SequenceReader,System.Int32);summary;df-generated | +| System.Buffers;SequenceReaderExtensions;TryReadLittleEndian;(System.Buffers.SequenceReader,System.Int64);summary;df-generated | | System.Buffers;StandardFormat;Equals;(System.Buffers.StandardFormat);summary;df-generated | | System.Buffers;StandardFormat;Equals;(System.Object);summary;df-generated | | System.Buffers;StandardFormat;GetHashCode;();summary;df-generated | @@ -26198,6 +26054,10 @@ neutral | System.CodeDom.Compiler;CompilerResults;get_Errors;();summary;df-generated | | System.CodeDom.Compiler;CompilerResults;get_Output;();summary;df-generated | | System.CodeDom.Compiler;Executor;ExecWait;(System.String,System.CodeDom.Compiler.TempFileCollection);summary;df-generated | +| System.CodeDom.Compiler;Executor;ExecWaitWithCapture;(System.IntPtr,System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String);summary;df-generated | +| System.CodeDom.Compiler;Executor;ExecWaitWithCapture;(System.IntPtr,System.String,System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String);summary;df-generated | +| System.CodeDom.Compiler;Executor;ExecWaitWithCapture;(System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String);summary;df-generated | +| System.CodeDom.Compiler;Executor;ExecWaitWithCapture;(System.String,System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String);summary;df-generated | | System.CodeDom.Compiler;ICodeCompiler;CompileAssemblyFromFile;(System.CodeDom.Compiler.CompilerParameters,System.String);summary;df-generated | | System.CodeDom.Compiler;ICodeCompiler;CompileAssemblyFromFileBatch;(System.CodeDom.Compiler.CompilerParameters,System.String[]);summary;df-generated | | System.CodeDom.Compiler;ICodeCompiler;CompileAssemblyFromSource;(System.CodeDom.Compiler.CompilerParameters,System.String);summary;df-generated | @@ -27143,6 +27003,18 @@ neutral | System.Collections.Immutable;ImmutableHashSet;get_IsEmpty;();summary;df-generated | | System.Collections.Immutable;ImmutableHashSet;get_IsReadOnly;();summary;df-generated | | System.Collections.Immutable;ImmutableHashSet;get_IsSynchronized;();summary;df-generated | +| System.Collections.Immutable;ImmutableInterlocked;Enqueue;(System.Collections.Immutable.ImmutableQueue,T);summary;df-generated | +| System.Collections.Immutable;ImmutableInterlocked;InterlockedCompareExchange;(System.Collections.Immutable.ImmutableArray,System.Collections.Immutable.ImmutableArray,System.Collections.Immutable.ImmutableArray);summary;df-generated | +| System.Collections.Immutable;ImmutableInterlocked;InterlockedExchange;(System.Collections.Immutable.ImmutableArray,System.Collections.Immutable.ImmutableArray);summary;df-generated | +| System.Collections.Immutable;ImmutableInterlocked;InterlockedInitialize;(System.Collections.Immutable.ImmutableArray,System.Collections.Immutable.ImmutableArray);summary;df-generated | +| System.Collections.Immutable;ImmutableInterlocked;Push;(System.Collections.Immutable.ImmutableStack,T);summary;df-generated | +| System.Collections.Immutable;ImmutableInterlocked;TryAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue);summary;df-generated | +| System.Collections.Immutable;ImmutableInterlocked;TryDequeue;(System.Collections.Immutable.ImmutableQueue,T);summary;df-generated | +| System.Collections.Immutable;ImmutableInterlocked;TryPop;(System.Collections.Immutable.ImmutableStack,T);summary;df-generated | +| System.Collections.Immutable;ImmutableInterlocked;TryRemove;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue);summary;df-generated | +| System.Collections.Immutable;ImmutableInterlocked;TryUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue,TValue);summary;df-generated | +| System.Collections.Immutable;ImmutableInterlocked;Update;(System.Collections.Immutable.ImmutableArray,System.Func,System.Collections.Immutable.ImmutableArray>);summary;df-generated | +| System.Collections.Immutable;ImmutableInterlocked;Update;(T,System.Func);summary;df-generated | | System.Collections.Immutable;ImmutableList;Create;();summary;df-generated | | System.Collections.Immutable;ImmutableList;CreateBuilder;();summary;df-generated | | System.Collections.Immutable;ImmutableList;IndexOf;(System.Collections.Immutable.IImmutableList,T);summary;df-generated | @@ -31670,6 +31542,7 @@ neutral | System.Diagnostics.Tracing;EventSource;SetCurrentThreadActivityId;(System.Guid,System.Guid);summary;df-generated | | System.Diagnostics.Tracing;EventSource;Write;(System.String);summary;df-generated | | System.Diagnostics.Tracing;EventSource;Write;(System.String,System.Diagnostics.Tracing.EventSourceOptions);summary;df-generated | +| System.Diagnostics.Tracing;EventSource;Write;(System.String,System.Diagnostics.Tracing.EventSourceOptions,System.Guid,System.Guid,T);summary;df-generated | | System.Diagnostics.Tracing;EventSource;Write;(System.String,System.Diagnostics.Tracing.EventSourceOptions,T);summary;df-generated | | System.Diagnostics.Tracing;EventSource;Write;(System.String,T);summary;df-generated | | System.Diagnostics.Tracing;EventSource;WriteEvent;(System.Int32);summary;df-generated | @@ -31827,6 +31700,8 @@ neutral | System.Diagnostics;Debug+WriteIfInterpolatedStringHandler;AppendLiteral;(System.String);summary;df-generated | | System.Diagnostics;Debug+WriteIfInterpolatedStringHandler;WriteIfInterpolatedStringHandler;(System.Int32,System.Int32,System.Boolean,System.Boolean);summary;df-generated | | System.Diagnostics;Debug;Assert;(System.Boolean);summary;df-generated | +| System.Diagnostics;Debug;Assert;(System.Boolean,System.Diagnostics.Debug+AssertInterpolatedStringHandler);summary;df-generated | +| System.Diagnostics;Debug;Assert;(System.Boolean,System.Diagnostics.Debug+AssertInterpolatedStringHandler,System.Diagnostics.Debug+AssertInterpolatedStringHandler);summary;df-generated | | System.Diagnostics;Debug;Assert;(System.Boolean,System.String);summary;df-generated | | System.Diagnostics;Debug;Assert;(System.Boolean,System.String,System.String);summary;df-generated | | System.Diagnostics;Debug;Assert;(System.Boolean,System.String,System.String,System.Object[]);summary;df-generated | @@ -31842,6 +31717,8 @@ neutral | System.Diagnostics;Debug;Write;(System.Object,System.String);summary;df-generated | | System.Diagnostics;Debug;Write;(System.String);summary;df-generated | | System.Diagnostics;Debug;Write;(System.String,System.String);summary;df-generated | +| System.Diagnostics;Debug;WriteIf;(System.Boolean,System.Diagnostics.Debug+WriteIfInterpolatedStringHandler);summary;df-generated | +| System.Diagnostics;Debug;WriteIf;(System.Boolean,System.Diagnostics.Debug+WriteIfInterpolatedStringHandler,System.String);summary;df-generated | | System.Diagnostics;Debug;WriteIf;(System.Boolean,System.Object);summary;df-generated | | System.Diagnostics;Debug;WriteIf;(System.Boolean,System.Object,System.String);summary;df-generated | | System.Diagnostics;Debug;WriteIf;(System.Boolean,System.String);summary;df-generated | @@ -31851,6 +31728,8 @@ neutral | System.Diagnostics;Debug;WriteLine;(System.String);summary;df-generated | | System.Diagnostics;Debug;WriteLine;(System.String,System.Object[]);summary;df-generated | | System.Diagnostics;Debug;WriteLine;(System.String,System.String);summary;df-generated | +| System.Diagnostics;Debug;WriteLineIf;(System.Boolean,System.Diagnostics.Debug+WriteIfInterpolatedStringHandler);summary;df-generated | +| System.Diagnostics;Debug;WriteLineIf;(System.Boolean,System.Diagnostics.Debug+WriteIfInterpolatedStringHandler,System.String);summary;df-generated | | System.Diagnostics;Debug;WriteLineIf;(System.Boolean,System.Object);summary;df-generated | | System.Diagnostics;Debug;WriteLineIf;(System.Boolean,System.Object,System.String);summary;df-generated | | System.Diagnostics;Debug;WriteLineIf;(System.Boolean,System.String);summary;df-generated | @@ -33602,6 +33481,8 @@ neutral | System.IO.Enumeration;FileSystemEnumerator;MoveNext;();summary;df-generated | | System.IO.Enumeration;FileSystemEnumerator;OnDirectoryFinished;(System.ReadOnlySpan);summary;df-generated | | System.IO.Enumeration;FileSystemEnumerator;Reset;();summary;df-generated | +| System.IO.Enumeration;FileSystemEnumerator;ShouldIncludeEntry;(System.IO.Enumeration.FileSystemEntry);summary;df-generated | +| System.IO.Enumeration;FileSystemEnumerator;ShouldRecurseIntoEntry;(System.IO.Enumeration.FileSystemEntry);summary;df-generated | | System.IO.Enumeration;FileSystemEnumerator;TransformEntry;(System.IO.Enumeration.FileSystemEntry);summary;df-generated | | System.IO.Enumeration;FileSystemEnumerator;get_Current;();summary;df-generated | | System.IO.Enumeration;FileSystemName;MatchesSimpleExpression;(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean);summary;df-generated | @@ -34316,6 +34197,7 @@ neutral | System.IO;UnmanagedMemoryAccessor;Write;(System.Int64,System.UInt16);summary;df-generated | | System.IO;UnmanagedMemoryAccessor;Write;(System.Int64,System.UInt32);summary;df-generated | | System.IO;UnmanagedMemoryAccessor;Write;(System.Int64,System.UInt64);summary;df-generated | +| System.IO;UnmanagedMemoryAccessor;Write;(System.Int64,T);summary;df-generated | | System.IO;UnmanagedMemoryAccessor;WriteArray;(System.Int64,T[],System.Int32,System.Int32);summary;df-generated | | System.IO;UnmanagedMemoryAccessor;get_CanRead;();summary;df-generated | | System.IO;UnmanagedMemoryAccessor;get_CanWrite;();summary;df-generated | @@ -35763,6 +35645,8 @@ neutral | System.Net.Sockets;Socket;BeginReceive;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.Sockets.SocketError,System.AsyncCallback,System.Object);summary;df-generated | | System.Net.Sockets;Socket;BeginReceive;(System.Collections.Generic.IList>,System.Net.Sockets.SocketFlags,System.AsyncCallback,System.Object);summary;df-generated | | System.Net.Sockets;Socket;BeginReceive;(System.Collections.Generic.IList>,System.Net.Sockets.SocketFlags,System.Net.Sockets.SocketError,System.AsyncCallback,System.Object);summary;df-generated | +| System.Net.Sockets;Socket;BeginReceiveFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.AsyncCallback,System.Object);summary;df-generated | +| System.Net.Sockets;Socket;BeginReceiveMessageFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.AsyncCallback,System.Object);summary;df-generated | | System.Net.Sockets;Socket;BeginSend;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.AsyncCallback,System.Object);summary;df-generated | | System.Net.Sockets;Socket;BeginSend;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.Sockets.SocketError,System.AsyncCallback,System.Object);summary;df-generated | | System.Net.Sockets;Socket;BeginSend;(System.Collections.Generic.IList>,System.Net.Sockets.SocketFlags,System.AsyncCallback,System.Object);summary;df-generated | @@ -35795,6 +35679,8 @@ neutral | System.Net.Sockets;Socket;EndDisconnect;(System.IAsyncResult);summary;df-generated | | System.Net.Sockets;Socket;EndReceive;(System.IAsyncResult);summary;df-generated | | System.Net.Sockets;Socket;EndReceive;(System.IAsyncResult,System.Net.Sockets.SocketError);summary;df-generated | +| System.Net.Sockets;Socket;EndReceiveFrom;(System.IAsyncResult,System.Net.EndPoint);summary;df-generated | +| System.Net.Sockets;Socket;EndReceiveMessageFrom;(System.IAsyncResult,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.Net.Sockets.IPPacketInformation);summary;df-generated | | System.Net.Sockets;Socket;EndSend;(System.IAsyncResult);summary;df-generated | | System.Net.Sockets;Socket;EndSend;(System.IAsyncResult,System.Net.Sockets.SocketError);summary;df-generated | | System.Net.Sockets;Socket;EndSendFile;(System.IAsyncResult);summary;df-generated | @@ -37613,6 +37499,7 @@ neutral | System.Numerics;Vector;Store;(System.Numerics.Vector,T*);summary;df-generated | | System.Numerics;Vector;StoreAligned;(System.Numerics.Vector,T*);summary;df-generated | | System.Numerics;Vector;StoreAlignedNonTemporal;(System.Numerics.Vector,T*);summary;df-generated | +| System.Numerics;Vector;StoreUnsafe;(System.Numerics.Vector,T);summary;df-generated | | System.Numerics;Vector;StoreUnsafe;(System.Numerics.Vector,T,System.UIntPtr);summary;df-generated | | System.Numerics;Vector;Subtract;(System.Numerics.Vector,System.Numerics.Vector);summary;df-generated | | System.Numerics;Vector;Sum;(System.Numerics.Vector);summary;df-generated | @@ -38390,6 +38277,9 @@ neutral | System.Reflection.Metadata.Ecma335;ScalarEncoder;NullArray;();summary;df-generated | | System.Reflection.Metadata.Ecma335;ScalarEncoder;SystemType;(System.String);summary;df-generated | | System.Reflection.Metadata.Ecma335;ScalarEncoder;get_Builder;();summary;df-generated | +| System.Reflection.Metadata.Ecma335;SignatureDecoder;DecodeLocalSignature;(System.Reflection.Metadata.BlobReader);summary;df-generated | +| System.Reflection.Metadata.Ecma335;SignatureDecoder;DecodeMethodSignature;(System.Reflection.Metadata.BlobReader);summary;df-generated | +| System.Reflection.Metadata.Ecma335;SignatureDecoder;DecodeMethodSpecificationSignature;(System.Reflection.Metadata.BlobReader);summary;df-generated | | System.Reflection.Metadata.Ecma335;SignatureTypeEncoder;Boolean;();summary;df-generated | | System.Reflection.Metadata.Ecma335;SignatureTypeEncoder;Byte;();summary;df-generated | | System.Reflection.Metadata.Ecma335;SignatureTypeEncoder;Char;();summary;df-generated | @@ -38510,6 +38400,7 @@ neutral | System.Reflection.Metadata;BlobBuilder;WriteConstant;(System.Object);summary;df-generated | | System.Reflection.Metadata;BlobBuilder;WriteContentTo;(System.IO.Stream);summary;df-generated | | System.Reflection.Metadata;BlobBuilder;WriteContentTo;(System.Reflection.Metadata.BlobBuilder);summary;df-generated | +| System.Reflection.Metadata;BlobBuilder;WriteContentTo;(System.Reflection.Metadata.BlobWriter);summary;df-generated | | System.Reflection.Metadata;BlobBuilder;WriteDateTime;(System.DateTime);summary;df-generated | | System.Reflection.Metadata;BlobBuilder;WriteDecimal;(System.Decimal);summary;df-generated | | System.Reflection.Metadata;BlobBuilder;WriteDouble;(System.Double);summary;df-generated | @@ -39969,6 +39860,7 @@ neutral | System.Runtime.CompilerServices;AccessedThroughPropertyAttribute;get_PropertyName;();summary;df-generated | | System.Runtime.CompilerServices;AsyncIteratorMethodBuilder;Complete;();summary;df-generated | | System.Runtime.CompilerServices;AsyncIteratorMethodBuilder;Create;();summary;df-generated | +| System.Runtime.CompilerServices;AsyncIteratorMethodBuilder;MoveNext;(TStateMachine);summary;df-generated | | System.Runtime.CompilerServices;AsyncIteratorStateMachineAttribute;AsyncIteratorStateMachineAttribute;(System.Type);summary;df-generated | | System.Runtime.CompilerServices;AsyncMethodBuilderAttribute;AsyncMethodBuilderAttribute;(System.Type);summary;df-generated | | System.Runtime.CompilerServices;AsyncMethodBuilderAttribute;get_BuilderType;();summary;df-generated | @@ -39977,21 +39869,28 @@ neutral | System.Runtime.CompilerServices;AsyncTaskMethodBuilder;SetException;(System.Exception);summary;df-generated | | System.Runtime.CompilerServices;AsyncTaskMethodBuilder;SetResult;();summary;df-generated | | System.Runtime.CompilerServices;AsyncTaskMethodBuilder;SetStateMachine;(System.Runtime.CompilerServices.IAsyncStateMachine);summary;df-generated | +| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;Start;(TStateMachine);summary;df-generated | | System.Runtime.CompilerServices;AsyncTaskMethodBuilder;Create;();summary;df-generated | | System.Runtime.CompilerServices;AsyncTaskMethodBuilder;SetException;(System.Exception);summary;df-generated | | System.Runtime.CompilerServices;AsyncTaskMethodBuilder;SetStateMachine;(System.Runtime.CompilerServices.IAsyncStateMachine);summary;df-generated | +| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;Start;(TStateMachine);summary;df-generated | | System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;Create;();summary;df-generated | | System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;SetException;(System.Exception);summary;df-generated | | System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;SetResult;();summary;df-generated | | System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;SetStateMachine;(System.Runtime.CompilerServices.IAsyncStateMachine);summary;df-generated | +| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;Start;(TStateMachine);summary;df-generated | | System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;get_Task;();summary;df-generated | | System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;Create;();summary;df-generated | | System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;SetException;(System.Exception);summary;df-generated | | System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;SetStateMachine;(System.Runtime.CompilerServices.IAsyncStateMachine);summary;df-generated | +| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;Start;(TStateMachine);summary;df-generated | +| System.Runtime.CompilerServices;AsyncVoidMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);summary;df-generated | +| System.Runtime.CompilerServices;AsyncVoidMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);summary;df-generated | | System.Runtime.CompilerServices;AsyncVoidMethodBuilder;Create;();summary;df-generated | | System.Runtime.CompilerServices;AsyncVoidMethodBuilder;SetException;(System.Exception);summary;df-generated | | System.Runtime.CompilerServices;AsyncVoidMethodBuilder;SetResult;();summary;df-generated | | System.Runtime.CompilerServices;AsyncVoidMethodBuilder;SetStateMachine;(System.Runtime.CompilerServices.IAsyncStateMachine);summary;df-generated | +| System.Runtime.CompilerServices;AsyncVoidMethodBuilder;Start;(TStateMachine);summary;df-generated | | System.Runtime.CompilerServices;CallSite;Create;(System.Type,System.Runtime.CompilerServices.CallSiteBinder);summary;df-generated | | System.Runtime.CompilerServices;CallSite;Create;(System.Runtime.CompilerServices.CallSiteBinder);summary;df-generated | | System.Runtime.CompilerServices;CallSite;get_Update;();summary;df-generated | @@ -40098,10 +39997,12 @@ neutral | System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;SetException;(System.Exception);summary;df-generated | | System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;SetResult;();summary;df-generated | | System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;SetStateMachine;(System.Runtime.CompilerServices.IAsyncStateMachine);summary;df-generated | +| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;Start;(TStateMachine);summary;df-generated | | System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;get_Task;();summary;df-generated | | System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;Create;();summary;df-generated | | System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;SetException;(System.Exception);summary;df-generated | | System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;SetStateMachine;(System.Runtime.CompilerServices.IAsyncStateMachine);summary;df-generated | +| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;Start;(TStateMachine);summary;df-generated | | System.Runtime.CompilerServices;ReadOnlyCollectionBuilder;Contains;(System.Object);summary;df-generated | | System.Runtime.CompilerServices;ReadOnlyCollectionBuilder;Contains;(T);summary;df-generated | | System.Runtime.CompilerServices;ReadOnlyCollectionBuilder;IndexOf;(System.Object);summary;df-generated | @@ -40169,7 +40070,11 @@ neutral | System.Runtime.CompilerServices;TypeForwardedToAttribute;TypeForwardedToAttribute;(System.Type);summary;df-generated | | System.Runtime.CompilerServices;TypeForwardedToAttribute;get_Destination;();summary;df-generated | | System.Runtime.CompilerServices;Unsafe;Add;(System.Void*,System.Int32);summary;df-generated | +| System.Runtime.CompilerServices;Unsafe;Add;(T,System.Int32);summary;df-generated | +| System.Runtime.CompilerServices;Unsafe;Add;(T,System.IntPtr);summary;df-generated | +| System.Runtime.CompilerServices;Unsafe;Add;(T,System.UIntPtr);summary;df-generated | | System.Runtime.CompilerServices;Unsafe;AddByteOffset;(T,System.IntPtr);summary;df-generated | +| System.Runtime.CompilerServices;Unsafe;AddByteOffset;(T,System.UIntPtr);summary;df-generated | | System.Runtime.CompilerServices;Unsafe;AreSame;(T,T);summary;df-generated | | System.Runtime.CompilerServices;Unsafe;As;(System.Object);summary;df-generated | | System.Runtime.CompilerServices;Unsafe;As;(TFrom);summary;df-generated | @@ -40179,6 +40084,7 @@ neutral | System.Runtime.CompilerServices;Unsafe;BitCast;(TFrom);summary;df-generated | | System.Runtime.CompilerServices;Unsafe;ByteOffset;(T,T);summary;df-generated | | System.Runtime.CompilerServices;Unsafe;Copy;(System.Void*,T);summary;df-generated | +| System.Runtime.CompilerServices;Unsafe;Copy;(T,System.Void*);summary;df-generated | | System.Runtime.CompilerServices;Unsafe;CopyBlock;(System.Byte,System.Byte,System.UInt32);summary;df-generated | | System.Runtime.CompilerServices;Unsafe;CopyBlock;(System.Void*,System.Void*,System.UInt32);summary;df-generated | | System.Runtime.CompilerServices;Unsafe;CopyBlockUnaligned;(System.Byte,System.Byte,System.UInt32);summary;df-generated | @@ -40197,7 +40103,11 @@ neutral | System.Runtime.CompilerServices;Unsafe;SizeOf;();summary;df-generated | | System.Runtime.CompilerServices;Unsafe;SkipInit;(T);summary;df-generated | | System.Runtime.CompilerServices;Unsafe;Subtract;(System.Void*,System.Int32);summary;df-generated | +| System.Runtime.CompilerServices;Unsafe;Subtract;(T,System.Int32);summary;df-generated | +| System.Runtime.CompilerServices;Unsafe;Subtract;(T,System.IntPtr);summary;df-generated | +| System.Runtime.CompilerServices;Unsafe;Subtract;(T,System.UIntPtr);summary;df-generated | | System.Runtime.CompilerServices;Unsafe;SubtractByteOffset;(T,System.IntPtr);summary;df-generated | +| System.Runtime.CompilerServices;Unsafe;SubtractByteOffset;(T,System.UIntPtr);summary;df-generated | | System.Runtime.CompilerServices;Unsafe;Unbox;(System.Object);summary;df-generated | | System.Runtime.CompilerServices;Unsafe;Write;(System.Void*,T);summary;df-generated | | System.Runtime.CompilerServices;Unsafe;WriteUnaligned;(System.Byte,T);summary;df-generated | @@ -41048,6 +40958,7 @@ neutral | System.Runtime.InteropServices;MemoryMarshal;CreateReadOnlySpan;(T,System.Int32);summary;df-generated | | System.Runtime.InteropServices;MemoryMarshal;CreateReadOnlySpanFromNullTerminated;(System.Byte*);summary;df-generated | | System.Runtime.InteropServices;MemoryMarshal;CreateReadOnlySpanFromNullTerminated;(System.Char*);summary;df-generated | +| System.Runtime.InteropServices;MemoryMarshal;CreateSpan;(T,System.Int32);summary;df-generated | | System.Runtime.InteropServices;MemoryMarshal;GetArrayDataReference;(System.Array);summary;df-generated | | System.Runtime.InteropServices;MemoryMarshal;GetArrayDataReference;(T[]);summary;df-generated | | System.Runtime.InteropServices;MemoryMarshal;GetReference;(System.ReadOnlySpan);summary;df-generated | @@ -41293,6 +41204,7 @@ neutral | System.Runtime.InteropServices;SafeArrayTypeMismatchException;SafeArrayTypeMismatchException;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);summary;df-generated | | System.Runtime.InteropServices;SafeArrayTypeMismatchException;SafeArrayTypeMismatchException;(System.String);summary;df-generated | | System.Runtime.InteropServices;SafeArrayTypeMismatchException;SafeArrayTypeMismatchException;(System.String,System.Exception);summary;df-generated | +| System.Runtime.InteropServices;SafeBuffer;AcquirePointer;(System.Byte*);summary;df-generated | | System.Runtime.InteropServices;SafeBuffer;Initialize;(System.UInt32,System.UInt32);summary;df-generated | | System.Runtime.InteropServices;SafeBuffer;Initialize;(System.UInt64);summary;df-generated | | System.Runtime.InteropServices;SafeBuffer;Initialize;(System.UInt32);summary;df-generated | @@ -41315,6 +41227,7 @@ neutral | System.Runtime.InteropServices;SafeHandle;get_IsClosed;();summary;df-generated | | System.Runtime.InteropServices;SafeHandle;get_IsInvalid;();summary;df-generated | | System.Runtime.InteropServices;SequenceMarshal;TryGetArray;(System.Buffers.ReadOnlySequence,System.ArraySegment);summary;df-generated | +| System.Runtime.InteropServices;SequenceMarshal;TryRead;(System.Buffers.SequenceReader,T);summary;df-generated | | System.Runtime.InteropServices;StructLayoutAttribute;StructLayoutAttribute;(System.Int16);summary;df-generated | | System.Runtime.InteropServices;StructLayoutAttribute;StructLayoutAttribute;(System.Runtime.InteropServices.LayoutKind);summary;df-generated | | System.Runtime.InteropServices;StructLayoutAttribute;get_Value;();summary;df-generated | @@ -49201,6 +49114,7 @@ neutral | System.Runtime.Intrinsics;Vector64;Store;(System.Runtime.Intrinsics.Vector64,T*);summary;df-generated | | System.Runtime.Intrinsics;Vector64;StoreAligned;(System.Runtime.Intrinsics.Vector64,T*);summary;df-generated | | System.Runtime.Intrinsics;Vector64;StoreAlignedNonTemporal;(System.Runtime.Intrinsics.Vector64,T*);summary;df-generated | +| System.Runtime.Intrinsics;Vector64;StoreUnsafe;(System.Runtime.Intrinsics.Vector64,T);summary;df-generated | | System.Runtime.Intrinsics;Vector64;StoreUnsafe;(System.Runtime.Intrinsics.Vector64,T,System.UIntPtr);summary;df-generated | | System.Runtime.Intrinsics;Vector64;Subtract;(System.Runtime.Intrinsics.Vector64,System.Runtime.Intrinsics.Vector64);summary;df-generated | | System.Runtime.Intrinsics;Vector64;Sum;(System.Runtime.Intrinsics.Vector64);summary;df-generated | @@ -49486,6 +49400,7 @@ neutral | System.Runtime.Intrinsics;Vector128;Store;(System.Runtime.Intrinsics.Vector128,T*);summary;df-generated | | System.Runtime.Intrinsics;Vector128;StoreAligned;(System.Runtime.Intrinsics.Vector128,T*);summary;df-generated | | System.Runtime.Intrinsics;Vector128;StoreAlignedNonTemporal;(System.Runtime.Intrinsics.Vector128,T*);summary;df-generated | +| System.Runtime.Intrinsics;Vector128;StoreUnsafe;(System.Runtime.Intrinsics.Vector128,T);summary;df-generated | | System.Runtime.Intrinsics;Vector128;StoreUnsafe;(System.Runtime.Intrinsics.Vector128,T,System.UIntPtr);summary;df-generated | | System.Runtime.Intrinsics;Vector128;Subtract;(System.Runtime.Intrinsics.Vector128,System.Runtime.Intrinsics.Vector128);summary;df-generated | | System.Runtime.Intrinsics;Vector128;Sum;(System.Runtime.Intrinsics.Vector128);summary;df-generated | @@ -49764,6 +49679,7 @@ neutral | System.Runtime.Intrinsics;Vector256;Store;(System.Runtime.Intrinsics.Vector256,T*);summary;df-generated | | System.Runtime.Intrinsics;Vector256;StoreAligned;(System.Runtime.Intrinsics.Vector256,T*);summary;df-generated | | System.Runtime.Intrinsics;Vector256;StoreAlignedNonTemporal;(System.Runtime.Intrinsics.Vector256,T*);summary;df-generated | +| System.Runtime.Intrinsics;Vector256;StoreUnsafe;(System.Runtime.Intrinsics.Vector256,T);summary;df-generated | | System.Runtime.Intrinsics;Vector256;StoreUnsafe;(System.Runtime.Intrinsics.Vector256,T,System.UIntPtr);summary;df-generated | | System.Runtime.Intrinsics;Vector256;Subtract;(System.Runtime.Intrinsics.Vector256,System.Runtime.Intrinsics.Vector256);summary;df-generated | | System.Runtime.Intrinsics;Vector256;Sum;(System.Runtime.Intrinsics.Vector256);summary;df-generated | @@ -50043,6 +49959,7 @@ neutral | System.Runtime.Intrinsics;Vector512;Store;(System.Runtime.Intrinsics.Vector512,T*);summary;df-generated | | System.Runtime.Intrinsics;Vector512;StoreAligned;(System.Runtime.Intrinsics.Vector512,T*);summary;df-generated | | System.Runtime.Intrinsics;Vector512;StoreAlignedNonTemporal;(System.Runtime.Intrinsics.Vector512,T*);summary;df-generated | +| System.Runtime.Intrinsics;Vector512;StoreUnsafe;(System.Runtime.Intrinsics.Vector512,T);summary;df-generated | | System.Runtime.Intrinsics;Vector512;StoreUnsafe;(System.Runtime.Intrinsics.Vector512,T,System.UIntPtr);summary;df-generated | | System.Runtime.Intrinsics;Vector512;Subtract;(System.Runtime.Intrinsics.Vector512,System.Runtime.Intrinsics.Vector512);summary;df-generated | | System.Runtime.Intrinsics;Vector512;Sum;(System.Runtime.Intrinsics.Vector512);summary;df-generated | @@ -53450,6 +53367,7 @@ neutral | System.Text.Json.Nodes;JsonNode;Parse;(System.IO.Stream,System.Nullable,System.Text.Json.JsonDocumentOptions);summary;df-generated | | System.Text.Json.Nodes;JsonNode;Parse;(System.ReadOnlySpan,System.Nullable,System.Text.Json.JsonDocumentOptions);summary;df-generated | | System.Text.Json.Nodes;JsonNode;Parse;(System.String,System.Nullable,System.Text.Json.JsonDocumentOptions);summary;df-generated | +| System.Text.Json.Nodes;JsonNode;Parse;(System.Text.Json.Utf8JsonReader,System.Nullable);summary;df-generated | | System.Text.Json.Nodes;JsonNode;ParseAsync;(System.IO.Stream,System.Nullable,System.Text.Json.JsonDocumentOptions,System.Threading.CancellationToken);summary;df-generated | | System.Text.Json.Nodes;JsonNode;ToJsonString;(System.Text.Json.JsonSerializerOptions);summary;df-generated | | System.Text.Json.Nodes;JsonNode;WriteTo;(System.Text.Json.Utf8JsonWriter,System.Text.Json.JsonSerializerOptions);summary;df-generated | @@ -53627,6 +53545,8 @@ neutral | System.Text.Json;JsonDocument;Parse;(System.ReadOnlyMemory,System.Text.Json.JsonDocumentOptions);summary;df-generated | | System.Text.Json;JsonDocument;Parse;(System.String,System.Text.Json.JsonDocumentOptions);summary;df-generated | | System.Text.Json;JsonDocument;ParseAsync;(System.IO.Stream,System.Text.Json.JsonDocumentOptions,System.Threading.CancellationToken);summary;df-generated | +| System.Text.Json;JsonDocument;ParseValue;(System.Text.Json.Utf8JsonReader);summary;df-generated | +| System.Text.Json;JsonDocument;TryParseValue;(System.Text.Json.Utf8JsonReader,System.Text.Json.JsonDocument);summary;df-generated | | System.Text.Json;JsonDocument;WriteTo;(System.Text.Json.Utf8JsonWriter);summary;df-generated | | System.Text.Json;JsonElement+ArrayEnumerator;Dispose;();summary;df-generated | | System.Text.Json;JsonElement+ArrayEnumerator;MoveNext;();summary;df-generated | @@ -53657,6 +53577,7 @@ neutral | System.Text.Json;JsonElement;GetUInt16;();summary;df-generated | | System.Text.Json;JsonElement;GetUInt32;();summary;df-generated | | System.Text.Json;JsonElement;GetUInt64;();summary;df-generated | +| System.Text.Json;JsonElement;ParseValue;(System.Text.Json.Utf8JsonReader);summary;df-generated | | System.Text.Json;JsonElement;ToString;();summary;df-generated | | System.Text.Json;JsonElement;TryGetByte;(System.Byte);summary;df-generated | | System.Text.Json;JsonElement;TryGetBytesFromBase64;(System.Byte[]);summary;df-generated | @@ -53673,6 +53594,7 @@ neutral | System.Text.Json;JsonElement;TryGetUInt16;(System.UInt16);summary;df-generated | | System.Text.Json;JsonElement;TryGetUInt32;(System.UInt32);summary;df-generated | | System.Text.Json;JsonElement;TryGetUInt64;(System.UInt64);summary;df-generated | +| System.Text.Json;JsonElement;TryParseValue;(System.Text.Json.Utf8JsonReader,System.Nullable);summary;df-generated | | System.Text.Json;JsonElement;ValueEquals;(System.ReadOnlySpan);summary;df-generated | | System.Text.Json;JsonElement;ValueEquals;(System.ReadOnlySpan);summary;df-generated | | System.Text.Json;JsonElement;ValueEquals;(System.String);summary;df-generated | @@ -53717,6 +53639,9 @@ neutral | System.Text.Json;JsonSerializer;Deserialize;(System.Text.Json.Nodes.JsonNode,System.Text.Json.Serialization.Metadata.JsonTypeInfo);summary;df-generated | | System.Text.Json;JsonSerializer;Deserialize;(System.Text.Json.Nodes.JsonNode,System.Type,System.Text.Json.JsonSerializerOptions);summary;df-generated | | System.Text.Json;JsonSerializer;Deserialize;(System.Text.Json.Nodes.JsonNode,System.Type,System.Text.Json.Serialization.JsonSerializerContext);summary;df-generated | +| System.Text.Json;JsonSerializer;Deserialize;(System.Text.Json.Utf8JsonReader,System.Text.Json.Serialization.Metadata.JsonTypeInfo);summary;df-generated | +| System.Text.Json;JsonSerializer;Deserialize;(System.Text.Json.Utf8JsonReader,System.Type,System.Text.Json.JsonSerializerOptions);summary;df-generated | +| System.Text.Json;JsonSerializer;Deserialize;(System.Text.Json.Utf8JsonReader,System.Type,System.Text.Json.Serialization.JsonSerializerContext);summary;df-generated | | System.Text.Json;JsonSerializer;Deserialize;(System.IO.Stream,System.Text.Json.JsonSerializerOptions);summary;df-generated | | System.Text.Json;JsonSerializer;Deserialize;(System.IO.Stream,System.Text.Json.Serialization.Metadata.JsonTypeInfo);summary;df-generated | | System.Text.Json;JsonSerializer;Deserialize;(System.ReadOnlySpan,System.Text.Json.JsonSerializerOptions);summary;df-generated | @@ -53731,6 +53656,8 @@ neutral | System.Text.Json;JsonSerializer;Deserialize;(System.Text.Json.JsonElement,System.Text.Json.Serialization.Metadata.JsonTypeInfo);summary;df-generated | | System.Text.Json;JsonSerializer;Deserialize;(System.Text.Json.Nodes.JsonNode,System.Text.Json.JsonSerializerOptions);summary;df-generated | | System.Text.Json;JsonSerializer;Deserialize;(System.Text.Json.Nodes.JsonNode,System.Text.Json.Serialization.Metadata.JsonTypeInfo);summary;df-generated | +| System.Text.Json;JsonSerializer;Deserialize;(System.Text.Json.Utf8JsonReader,System.Text.Json.JsonSerializerOptions);summary;df-generated | +| System.Text.Json;JsonSerializer;Deserialize;(System.Text.Json.Utf8JsonReader,System.Text.Json.Serialization.Metadata.JsonTypeInfo);summary;df-generated | | System.Text.Json;JsonSerializer;DeserializeAsync;(System.IO.Stream,System.Text.Json.Serialization.Metadata.JsonTypeInfo,System.Threading.CancellationToken);summary;df-generated | | System.Text.Json;JsonSerializer;DeserializeAsync;(System.IO.Stream,System.Type,System.Text.Json.JsonSerializerOptions,System.Threading.CancellationToken);summary;df-generated | | System.Text.Json;JsonSerializer;DeserializeAsync;(System.IO.Stream,System.Type,System.Text.Json.Serialization.JsonSerializerContext,System.Threading.CancellationToken);summary;df-generated | @@ -54238,6 +54165,8 @@ neutral | System.Text.Unicode;Utf8;FromUtf16;(System.ReadOnlySpan,System.Span,System.Int32,System.Int32,System.Boolean,System.Boolean);summary;df-generated | | System.Text.Unicode;Utf8;IsValid;(System.ReadOnlySpan);summary;df-generated | | System.Text.Unicode;Utf8;ToUtf16;(System.ReadOnlySpan,System.Span,System.Int32,System.Int32,System.Boolean,System.Boolean);summary;df-generated | +| System.Text.Unicode;Utf8;TryWrite;(System.Span,System.IFormatProvider,System.Text.Unicode.Utf8+TryWriteInterpolatedStringHandler,System.Int32);summary;df-generated | +| System.Text.Unicode;Utf8;TryWrite;(System.Span,System.Text.Unicode.Utf8+TryWriteInterpolatedStringHandler,System.Int32);summary;df-generated | | System.Text;ASCIIEncoding;GetByteCount;(System.Char*,System.Int32);summary;df-generated | | System.Text;ASCIIEncoding;GetByteCount;(System.Char[],System.Int32,System.Int32);summary;df-generated | | System.Text;ASCIIEncoding;GetByteCount;(System.ReadOnlySpan);summary;df-generated | @@ -55170,12 +55099,15 @@ neutral | System.Threading;Interlocked;CompareExchange;(System.Int16,System.Int16,System.Int16);summary;df-generated | | System.Threading;Interlocked;CompareExchange;(System.Int32,System.Int32,System.Int32);summary;df-generated | | System.Threading;Interlocked;CompareExchange;(System.Int64,System.Int64,System.Int64);summary;df-generated | +| System.Threading;Interlocked;CompareExchange;(System.IntPtr,System.IntPtr,System.IntPtr);summary;df-generated | | System.Threading;Interlocked;CompareExchange;(System.Object,System.Object,System.Object);summary;df-generated | | System.Threading;Interlocked;CompareExchange;(System.SByte,System.SByte,System.SByte);summary;df-generated | | System.Threading;Interlocked;CompareExchange;(System.Single,System.Single,System.Single);summary;df-generated | | System.Threading;Interlocked;CompareExchange;(System.UInt16,System.UInt16,System.UInt16);summary;df-generated | | System.Threading;Interlocked;CompareExchange;(System.UInt32,System.UInt32,System.UInt32);summary;df-generated | | System.Threading;Interlocked;CompareExchange;(System.UInt64,System.UInt64,System.UInt64);summary;df-generated | +| System.Threading;Interlocked;CompareExchange;(System.UIntPtr,System.UIntPtr,System.UIntPtr);summary;df-generated | +| System.Threading;Interlocked;CompareExchange;(T,T,T);summary;df-generated | | System.Threading;Interlocked;Decrement;(System.Int32);summary;df-generated | | System.Threading;Interlocked;Decrement;(System.Int64);summary;df-generated | | System.Threading;Interlocked;Decrement;(System.UInt32);summary;df-generated | @@ -55185,12 +55117,15 @@ neutral | System.Threading;Interlocked;Exchange;(System.Int16,System.Int16);summary;df-generated | | System.Threading;Interlocked;Exchange;(System.Int32,System.Int32);summary;df-generated | | System.Threading;Interlocked;Exchange;(System.Int64,System.Int64);summary;df-generated | +| System.Threading;Interlocked;Exchange;(System.IntPtr,System.IntPtr);summary;df-generated | | System.Threading;Interlocked;Exchange;(System.Object,System.Object);summary;df-generated | | System.Threading;Interlocked;Exchange;(System.SByte,System.SByte);summary;df-generated | | System.Threading;Interlocked;Exchange;(System.Single,System.Single);summary;df-generated | | System.Threading;Interlocked;Exchange;(System.UInt16,System.UInt16);summary;df-generated | | System.Threading;Interlocked;Exchange;(System.UInt32,System.UInt32);summary;df-generated | | System.Threading;Interlocked;Exchange;(System.UInt64,System.UInt64);summary;df-generated | +| System.Threading;Interlocked;Exchange;(System.UIntPtr,System.UIntPtr);summary;df-generated | +| System.Threading;Interlocked;Exchange;(T,T);summary;df-generated | | System.Threading;Interlocked;Increment;(System.Int32);summary;df-generated | | System.Threading;Interlocked;Increment;(System.Int64);summary;df-generated | | System.Threading;Interlocked;Increment;(System.UInt32);summary;df-generated | @@ -55254,6 +55189,7 @@ neutral | System.Threading;Mutex;Mutex;(System.Boolean,System.String,System.Boolean);summary;df-generated | | System.Threading;Mutex;OpenExisting;(System.String);summary;df-generated | | System.Threading;Mutex;ReleaseMutex;();summary;df-generated | +| System.Threading;Mutex;TryOpenExisting;(System.String,System.Threading.Mutex);summary;df-generated | | System.Threading;Overlapped;Free;(System.Threading.NativeOverlapped*);summary;df-generated | | System.Threading;Overlapped;Overlapped;(System.Int32,System.Int32,System.Int32,System.IAsyncResult);summary;df-generated | | System.Threading;Overlapped;Pack;(System.Threading.IOCompletionCallback);summary;df-generated | @@ -55270,9 +55206,11 @@ neutral | System.Threading;ReaderWriterLock;AcquireWriterLock;(System.Int32);summary;df-generated | | System.Threading;ReaderWriterLock;AcquireWriterLock;(System.TimeSpan);summary;df-generated | | System.Threading;ReaderWriterLock;AnyWritersSince;(System.Int32);summary;df-generated | +| System.Threading;ReaderWriterLock;DowngradeFromWriterLock;(System.Threading.LockCookie);summary;df-generated | | System.Threading;ReaderWriterLock;ReleaseLock;();summary;df-generated | | System.Threading;ReaderWriterLock;ReleaseReaderLock;();summary;df-generated | | System.Threading;ReaderWriterLock;ReleaseWriterLock;();summary;df-generated | +| System.Threading;ReaderWriterLock;RestoreLock;(System.Threading.LockCookie);summary;df-generated | | System.Threading;ReaderWriterLock;UpgradeToWriterLock;(System.Int32);summary;df-generated | | System.Threading;ReaderWriterLock;UpgradeToWriterLock;(System.TimeSpan);summary;df-generated | | System.Threading;ReaderWriterLock;get_IsReaderLockHeld;();summary;df-generated | @@ -55400,21 +55338,27 @@ neutral | System.Threading;Thread;VolatileRead;(System.Int16);summary;df-generated | | System.Threading;Thread;VolatileRead;(System.Int32);summary;df-generated | | System.Threading;Thread;VolatileRead;(System.Int64);summary;df-generated | +| System.Threading;Thread;VolatileRead;(System.IntPtr);summary;df-generated | +| System.Threading;Thread;VolatileRead;(System.Object);summary;df-generated | | System.Threading;Thread;VolatileRead;(System.SByte);summary;df-generated | | System.Threading;Thread;VolatileRead;(System.Single);summary;df-generated | | System.Threading;Thread;VolatileRead;(System.UInt16);summary;df-generated | | System.Threading;Thread;VolatileRead;(System.UInt32);summary;df-generated | | System.Threading;Thread;VolatileRead;(System.UInt64);summary;df-generated | +| System.Threading;Thread;VolatileRead;(System.UIntPtr);summary;df-generated | | System.Threading;Thread;VolatileWrite;(System.Byte,System.Byte);summary;df-generated | | System.Threading;Thread;VolatileWrite;(System.Double,System.Double);summary;df-generated | | System.Threading;Thread;VolatileWrite;(System.Int16,System.Int16);summary;df-generated | | System.Threading;Thread;VolatileWrite;(System.Int32,System.Int32);summary;df-generated | | System.Threading;Thread;VolatileWrite;(System.Int64,System.Int64);summary;df-generated | +| System.Threading;Thread;VolatileWrite;(System.IntPtr,System.IntPtr);summary;df-generated | +| System.Threading;Thread;VolatileWrite;(System.Object,System.Object);summary;df-generated | | System.Threading;Thread;VolatileWrite;(System.SByte,System.SByte);summary;df-generated | | System.Threading;Thread;VolatileWrite;(System.Single,System.Single);summary;df-generated | | System.Threading;Thread;VolatileWrite;(System.UInt16,System.UInt16);summary;df-generated | | System.Threading;Thread;VolatileWrite;(System.UInt32,System.UInt32);summary;df-generated | | System.Threading;Thread;VolatileWrite;(System.UInt64,System.UInt64);summary;df-generated | +| System.Threading;Thread;VolatileWrite;(System.UIntPtr,System.UIntPtr);summary;df-generated | | System.Threading;Thread;Yield;();summary;df-generated | | System.Threading;Thread;get_CurrentThread;();summary;df-generated | | System.Threading;Thread;get_ExecutionContext;();summary;df-generated | @@ -55498,11 +55442,14 @@ neutral | System.Threading;Volatile;Write;(System.Int16,System.Int16);summary;df-generated | | System.Threading;Volatile;Write;(System.Int32,System.Int32);summary;df-generated | | System.Threading;Volatile;Write;(System.Int64,System.Int64);summary;df-generated | +| System.Threading;Volatile;Write;(System.IntPtr,System.IntPtr);summary;df-generated | | System.Threading;Volatile;Write;(System.SByte,System.SByte);summary;df-generated | | System.Threading;Volatile;Write;(System.Single,System.Single);summary;df-generated | | System.Threading;Volatile;Write;(System.UInt16,System.UInt16);summary;df-generated | | System.Threading;Volatile;Write;(System.UInt32,System.UInt32);summary;df-generated | | System.Threading;Volatile;Write;(System.UInt64,System.UInt64);summary;df-generated | +| System.Threading;Volatile;Write;(System.UIntPtr,System.UIntPtr);summary;df-generated | +| System.Threading;Volatile;Write;(T,T);summary;df-generated | | System.Threading;WaitHandle;Close;();summary;df-generated | | System.Threading;WaitHandle;Dispose;();summary;df-generated | | System.Threading;WaitHandle;Dispose;(System.Boolean);summary;df-generated | @@ -57011,6 +56958,7 @@ neutral | System;Array;LastIndexOf;(T[],T,System.Int32,System.Int32);summary;df-generated | | System;Array;Remove;(System.Object);summary;df-generated | | System;Array;RemoveAt;(System.Int32);summary;df-generated | +| System;Array;Resize;(T[],System.Int32);summary;df-generated | | System;Array;SetValue;(System.Object,System.Int32);summary;df-generated | | System;Array;SetValue;(System.Object,System.Int32,System.Int32);summary;df-generated | | System;Array;SetValue;(System.Object,System.Int32,System.Int32,System.Int32);summary;df-generated | @@ -59655,8 +59603,10 @@ neutral | System;MemoryExtensions;ToLowerInvariant;(System.ReadOnlySpan,System.Span);summary;df-generated | | System;MemoryExtensions;ToUpper;(System.ReadOnlySpan,System.Span,System.Globalization.CultureInfo);summary;df-generated | | System;MemoryExtensions;ToUpperInvariant;(System.ReadOnlySpan,System.Span);summary;df-generated | +| System;MemoryExtensions;TryWrite;(System.Span,System.IFormatProvider,System.MemoryExtensions+TryWriteInterpolatedStringHandler,System.Int32);summary;df-generated | | System;MemoryExtensions;TryWrite;(System.Span,System.IFormatProvider,System.Text.CompositeFormat,System.Int32,System.Object[]);summary;df-generated | | System;MemoryExtensions;TryWrite;(System.Span,System.IFormatProvider,System.Text.CompositeFormat,System.Int32,System.ReadOnlySpan);summary;df-generated | +| System;MemoryExtensions;TryWrite;(System.Span,System.MemoryExtensions+TryWriteInterpolatedStringHandler,System.Int32);summary;df-generated | | System;MemoryExtensions;TryWrite;(System.Span,System.IFormatProvider,System.Text.CompositeFormat,System.Int32,TArg0,TArg1,TArg2);summary;df-generated | | System;MemoryExtensions;TryWrite;(System.Span,System.IFormatProvider,System.Text.CompositeFormat,System.Int32,TArg0,TArg1);summary;df-generated | | System;MemoryExtensions;TryWrite;(System.Span,System.IFormatProvider,System.Text.CompositeFormat,System.Int32,TArg0);summary;df-generated | @@ -60188,6 +60138,8 @@ neutral | System;String;Contains;(System.String,System.StringComparison);summary;df-generated | | System;String;CopyTo;(System.Int32,System.Char[],System.Int32,System.Int32);summary;df-generated | | System;String;CopyTo;(System.Span);summary;df-generated | +| System;String;Create;(System.IFormatProvider,System.Runtime.CompilerServices.DefaultInterpolatedStringHandler);summary;df-generated | +| System;String;Create;(System.IFormatProvider,System.Span,System.Runtime.CompilerServices.DefaultInterpolatedStringHandler);summary;df-generated | | System;String;EndsWith;(System.Char);summary;df-generated | | System;String;EndsWith;(System.String);summary;df-generated | | System;String;EndsWith;(System.String,System.Boolean,System.Globalization.CultureInfo);summary;df-generated | @@ -61408,8 +61360,6 @@ neutral | System;Uri;op_Inequality;(System.Uri,System.Uri);summary;df-generated | | System;UriBuilder;Equals;(System.Object);summary;df-generated | | System;UriBuilder;GetHashCode;();summary;df-generated | -| System;UriBuilder;ToString;();summary;df-generated | -| System;UriBuilder;UriBuilder;(System.String,System.String,System.Int32);summary;df-generated | | System;UriFormatException;UriFormatException;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);summary;df-generated | | System;UriFormatException;UriFormatException;(System.String);summary;df-generated | | System;UriFormatException;UriFormatException;(System.String,System.Exception);summary;df-generated | diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected b/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected index f5b48a00292..08b3588b494 100644 --- a/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected +++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected @@ -777,7 +777,7 @@ | Microsoft.Extensions.Configuration;ChainedBuilderExtensions;AddConfiguration;(Microsoft.Extensions.Configuration.IConfigurationBuilder,Microsoft.Extensions.Configuration.IConfiguration);Argument[0];ReturnValue;value;dfc-generated | | Microsoft.Extensions.Configuration;ChainedBuilderExtensions;AddConfiguration;(Microsoft.Extensions.Configuration.IConfigurationBuilder,Microsoft.Extensions.Configuration.IConfiguration,System.Boolean);Argument[0];ReturnValue;value;dfc-generated | | Microsoft.Extensions.Configuration;ChainedConfigurationProvider;ChainedConfigurationProvider;(Microsoft.Extensions.Configuration.ChainedConfigurationSource);Argument[0].Property[Microsoft.Extensions.Configuration.ChainedConfigurationSource.Configuration];Argument[this].SyntheticField[Microsoft.Extensions.Configuration.ChainedConfigurationProvider._config];value;dfc-generated | -| Microsoft.Extensions.Configuration;ChainedConfigurationProvider;TryGet;(System.String,System.String);Argument[this].SyntheticField[Microsoft.Extensions.Configuration.ChainedConfigurationProvider._config];ReturnValue;taint;dfc-generated | +| Microsoft.Extensions.Configuration;ChainedConfigurationProvider;TryGet;(System.String,System.String);Argument[this].SyntheticField[Microsoft.Extensions.Configuration.ChainedConfigurationProvider._config];Argument[1];taint;dfc-generated | | Microsoft.Extensions.Configuration;ChainedConfigurationProvider;get_Configuration;();Argument[this].SyntheticField[Microsoft.Extensions.Configuration.ChainedConfigurationProvider._config];ReturnValue;value;dfc-generated | | Microsoft.Extensions.Configuration;CommandLineConfigurationExtensions;AddCommandLine;(Microsoft.Extensions.Configuration.IConfigurationBuilder,System.Action);Argument[1];Argument[0];taint;manual | | Microsoft.Extensions.Configuration;CommandLineConfigurationExtensions;AddCommandLine;(Microsoft.Extensions.Configuration.IConfigurationBuilder,System.Action);Argument[1];Argument[1].Parameter[delegate-self];value;manual | @@ -1441,7 +1441,7 @@ | Microsoft.Extensions.Diagnostics.HealthChecks;HealthCheckRegistration;set_Factory;(System.Func);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | Microsoft.Extensions.Diagnostics.HealthChecks;HealthCheckService;CheckHealthAsync;(System.Func,System.Threading.CancellationToken);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | Microsoft.Extensions.Diagnostics.Metrics;IMetricsListener;Initialize;(Microsoft.Extensions.Diagnostics.Metrics.IObservableInstrumentsSource);Argument[0];Argument[this];taint;df-generated | -| Microsoft.Extensions.Diagnostics.Metrics;IMetricsListener;InstrumentPublished;(System.Diagnostics.Metrics.Instrument,System.Object);Argument[this];ReturnValue;value;dfc-generated | +| Microsoft.Extensions.Diagnostics.Metrics;IMetricsListener;InstrumentPublished;(System.Diagnostics.Metrics.Instrument,System.Object);Argument[this];Argument[1];value;dfc-generated | | Microsoft.Extensions.Diagnostics.Metrics;MeasurementHandlers;set_ByteHandler;(System.Diagnostics.Metrics.MeasurementCallback);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | Microsoft.Extensions.Diagnostics.Metrics;MeasurementHandlers;set_DecimalHandler;(System.Diagnostics.Metrics.MeasurementCallback);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | Microsoft.Extensions.Diagnostics.Metrics;MeasurementHandlers;set_DoubleHandler;(System.Diagnostics.Metrics.MeasurementCallback);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | @@ -2238,14 +2238,13 @@ | Microsoft.Extensions.Primitives;StringSegment;ToString;();Argument[this].Property[Microsoft.Extensions.Primitives.StringSegment.Buffer];ReturnValue;taint;dfc-generated | | Microsoft.Extensions.Primitives;StringSegment;ToString;();Argument[this].Property[Microsoft.Extensions.Primitives.StringSegment.Value];ReturnValue;value;dfc-generated | | Microsoft.Extensions.Primitives;StringSegment;get_Value;();Argument[this].Property[Microsoft.Extensions.Primitives.StringSegment.Buffer];ReturnValue;taint;dfc-generated | -| Microsoft.Extensions.Primitives;StringTokenizer+Enumerator;Enumerator;(Microsoft.Extensions.Primitives.StringTokenizer);Argument[0];ReturnValue;value;dfc-generated | +| Microsoft.Extensions.Primitives;StringTokenizer+Enumerator;Enumerator;(Microsoft.Extensions.Primitives.StringTokenizer);Argument[0].Element;Argument[this];taint;df-generated | | Microsoft.Extensions.Primitives;StringTokenizer+Enumerator;get_Current;();Argument[this].Property[Microsoft.Extensions.Primitives.StringTokenizer+Enumerator.Current];ReturnValue;value;df-generated | | Microsoft.Extensions.Primitives;StringTokenizer+Enumerator;get_Current;();Argument[this].Property[Microsoft.Extensions.Primitives.StringTokenizer+Enumerator.Current];ReturnValue;value;dfc-generated | | Microsoft.Extensions.Primitives;StringTokenizer;GetEnumerator;();Argument[this];ReturnValue;taint;df-generated | | Microsoft.Extensions.Primitives;StringTokenizer;StringTokenizer;(Microsoft.Extensions.Primitives.StringSegment,System.Char[]);Argument[0];Argument[this];taint;df-generated | | Microsoft.Extensions.Primitives;StringTokenizer;StringTokenizer;(Microsoft.Extensions.Primitives.StringSegment,System.Char[]);Argument[1].Element;Argument[this];taint;df-generated | | Microsoft.Extensions.Primitives;StringTokenizer;StringTokenizer;(System.String,System.Char[]);Argument[1].Element;Argument[this];taint;df-generated | -| Microsoft.Extensions.Primitives;StringValues+Enumerator;Enumerator;(Microsoft.Extensions.Primitives.StringValues);Argument[0];ReturnValue;value;dfc-generated | | Microsoft.Extensions.Primitives;StringValues+Enumerator;get_Current;();Argument[this];ReturnValue;taint;df-generated | | Microsoft.Extensions.Primitives;StringValues;Add;(System.String);Argument[0];ReturnValue;taint;manual | | Microsoft.Extensions.Primitives;StringValues;Add;(System.String);Argument[this];ReturnValue;taint;manual | @@ -2301,18 +2300,11 @@ | Microsoft.Extensions.Primitives;StringValues;set_Item;(System.Int32,System.String);Argument[0];ReturnValue;taint;manual | | Microsoft.Extensions.Primitives;StringValues;set_Item;(System.Int32,System.String);Argument[1];ReturnValue;taint;manual | | Microsoft.Extensions.Primitives;StringValues;set_Item;(System.Int32,System.String);Argument[this];ReturnValue;taint;manual | -| Microsoft.VisualBasic.CompilerServices;StringType;MidStmtStr;(System.String,System.Int32,System.Int32,System.String);Argument[0];ReturnValue;value;dfc-generated | | Microsoft.VisualBasic;Collection;Clear;();Argument[this].WithoutElement;Argument[this];value;manual | | Microsoft.VisualBasic;Collection;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual | | Microsoft.VisualBasic;Collection;get_Item;(System.Int32);Argument[this].Element;ReturnValue;value;manual | | Microsoft.VisualBasic;Collection;get_Item;(System.Object);Argument[this].Element;ReturnValue;value;manual | | Microsoft.VisualBasic;Collection;get_Item;(System.String);Argument[this].Element;ReturnValue;value;manual | -| Microsoft.VisualBasic;FileSystem;FileGet;(System.Int32,System.Array,System.Int64,System.Boolean,System.Boolean);Argument[1];ReturnValue;value;dfc-generated | -| Microsoft.VisualBasic;FileSystem;FileGet;(System.Int32,System.String,System.Int64,System.Boolean);Argument[1];ReturnValue;value;dfc-generated | -| Microsoft.VisualBasic;FileSystem;FileGet;(System.Int32,System.ValueType,System.Int64);Argument[1];ReturnValue;value;dfc-generated | -| Microsoft.VisualBasic;FileSystem;FileGetObject;(System.Int32,System.Object,System.Int64);Argument[1];ReturnValue;value;dfc-generated | -| Microsoft.VisualBasic;FileSystem;Input;(System.Int32,System.Object);Argument[1];ReturnValue;value;dfc-generated | -| Microsoft.VisualBasic;FileSystem;Input;(System.Int32,System.String);Argument[1];ReturnValue;value;dfc-generated | | Microsoft.VisualBasic;VBCodeProvider;VBCodeProvider;(System.Collections.Generic.IDictionary);Argument[0].Element;Argument[this];taint;df-generated | | Microsoft.Win32.SafeHandles;SafeFileHandle;SafeFileHandle;(System.IntPtr,System.Boolean);Argument[0];Argument[this].Field[System.Runtime.InteropServices.SafeHandle.handle];value;dfc-generated | | Microsoft.Win32.SafeHandles;SafeWaitHandle;SafeWaitHandle;(System.IntPtr,System.Boolean);Argument[0];Argument[this].Field[System.Runtime.InteropServices.SafeHandle.handle];value;dfc-generated | @@ -3783,7 +3775,7 @@ | ServiceStack.Text;MemoryProvider;Deserialize;(System.IO.Stream,System.Type,ServiceStack.Text.Common.DeserializeStringSpanDelegate);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | | ServiceStack.Text;MemoryProvider;DeserializeAsync;(System.IO.Stream,System.Type,ServiceStack.Text.Common.DeserializeStringSpanDelegate);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | | ServiceStack.Text;RecyclableMemoryStream;GetBuffer;();Argument[this];ReturnValue;taint;df-generated | -| ServiceStack.Text;RecyclableMemoryStream;TryGetBuffer;(System.ArraySegment);Argument[this];ReturnValue;taint;df-generated | +| ServiceStack.Text;RecyclableMemoryStream;TryGetBuffer;(System.ArraySegment);Argument[this];Argument[0].Element;taint;df-generated | | ServiceStack.Text;RecyclableMemoryStream;WriteTo;(System.IO.Stream);Argument[this];Argument[0];taint;df-generated | | ServiceStack.Text;RecyclableMemoryStreamManager+EventHandler;BeginInvoke;(System.AsyncCallback,System.Object);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | ServiceStack.Text;RecyclableMemoryStreamManager+LargeBufferDiscardedEventHandler;BeginInvoke;(ServiceStack.Text.RecyclableMemoryStreamManager+Events+MemoryStreamDiscardReason,System.AsyncCallback,System.Object);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | @@ -4484,7 +4476,6 @@ | System.Buffers;ReadOnlySequence;Slice;(System.SequencePosition,System.Int64);Argument[0];ReturnValue;taint;df-generated | | System.Buffers;ReadOnlySequence;Slice;(System.SequencePosition,System.SequencePosition);Argument[0];ReturnValue;taint;df-generated | | System.Buffers;ReadOnlySequence;Slice;(System.SequencePosition,System.SequencePosition);Argument[1];ReturnValue;taint;df-generated | -| System.Buffers;ReadOnlySequence;TryGet;(System.SequencePosition,System.ReadOnlyMemory,System.Boolean);Argument[0];ReturnValue;value;dfc-generated | | System.Buffers;ReadOnlySequence;get_FirstSpan;();Argument[this];ReturnValue;taint;df-generated | | System.Buffers;ReadOnlySpanAction;BeginInvoke;(System.ReadOnlySpan,TArg,System.AsyncCallback,System.Object);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | | System.Buffers;SearchValues;Create;(System.ReadOnlySpan);Argument[0];ReturnValue;taint;df-generated | @@ -4492,30 +4483,24 @@ | System.Buffers;SequenceReader;SequenceReader;(System.Buffers.ReadOnlySequence);Argument[0];Argument[this].Property[System.Buffers.SequenceReader`1.Sequence];value;dfc-generated | | System.Buffers;SequenceReader;TryCopyTo;(System.Span);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;Argument[0].Element;value;dfc-generated | | System.Buffers;SequenceReader;TryCopyTo;(System.Span);Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element;Argument[0].Element;value;dfc-generated | -| System.Buffers;SequenceReader;TryPeek;(System.Int64,T);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;ReturnValue;value;dfc-generated | -| System.Buffers;SequenceReader;TryPeek;(T);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;ReturnValue;value;dfc-generated | -| System.Buffers;SequenceReader;TryRead;(T);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;ReturnValue;value;dfc-generated | -| System.Buffers;SequenceReader;TryReadExact;(System.Int32,System.Buffers.ReadOnlySequence);Argument[this];ReturnValue;taint;df-generated | -| System.Buffers;SequenceReader;TryReadTo;(System.Buffers.ReadOnlySequence,System.ReadOnlySpan,System.Boolean);Argument[this];ReturnValue;taint;df-generated | -| System.Buffers;SequenceReader;TryReadTo;(System.Buffers.ReadOnlySequence,T,System.Boolean);Argument[this];ReturnValue;taint;df-generated | -| System.Buffers;SequenceReader;TryReadTo;(System.Buffers.ReadOnlySequence,T,T,System.Boolean);Argument[this];ReturnValue;taint;df-generated | -| System.Buffers;SequenceReader;TryReadTo;(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;ReturnValue.Element;value;dfc-generated | -| System.Buffers;SequenceReader;TryReadTo;(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element;ReturnValue.Element;value;dfc-generated | -| System.Buffers;SequenceReader;TryReadTo;(System.ReadOnlySpan,T,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;ReturnValue.Element;value;dfc-generated | -| System.Buffers;SequenceReader;TryReadTo;(System.ReadOnlySpan,T,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element;ReturnValue.Element;value;dfc-generated | -| System.Buffers;SequenceReader;TryReadTo;(System.ReadOnlySpan,T,T,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;ReturnValue.Element;value;dfc-generated | -| System.Buffers;SequenceReader;TryReadTo;(System.ReadOnlySpan,T,T,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element;ReturnValue.Element;value;dfc-generated | -| System.Buffers;SequenceReader;TryReadToAny;(System.Buffers.ReadOnlySequence,System.ReadOnlySpan,System.Boolean);Argument[this];ReturnValue;taint;df-generated | -| System.Buffers;SequenceReader;TryReadToAny;(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;ReturnValue.Element;value;dfc-generated | -| System.Buffers;SequenceReader;TryReadToAny;(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element;ReturnValue.Element;value;dfc-generated | +| System.Buffers;SequenceReader;TryPeek;(System.Int64,T);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;Argument[1];value;dfc-generated | +| System.Buffers;SequenceReader;TryPeek;(T);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;Argument[0];value;dfc-generated | +| System.Buffers;SequenceReader;TryRead;(T);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;Argument[0];value;dfc-generated | +| System.Buffers;SequenceReader;TryReadExact;(System.Int32,System.Buffers.ReadOnlySequence);Argument[this];Argument[1];taint;df-generated | +| System.Buffers;SequenceReader;TryReadTo;(System.Buffers.ReadOnlySequence,System.ReadOnlySpan,System.Boolean);Argument[this];Argument[0];taint;df-generated | +| System.Buffers;SequenceReader;TryReadTo;(System.Buffers.ReadOnlySequence,T,System.Boolean);Argument[this];Argument[0];taint;df-generated | +| System.Buffers;SequenceReader;TryReadTo;(System.Buffers.ReadOnlySequence,T,T,System.Boolean);Argument[this];Argument[0];taint;df-generated | +| System.Buffers;SequenceReader;TryReadTo;(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;Argument[0].Element;value;dfc-generated | +| System.Buffers;SequenceReader;TryReadTo;(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element;Argument[0].Element;value;dfc-generated | +| System.Buffers;SequenceReader;TryReadTo;(System.ReadOnlySpan,T,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;Argument[0].Element;value;dfc-generated | +| System.Buffers;SequenceReader;TryReadTo;(System.ReadOnlySpan,T,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element;Argument[0].Element;value;dfc-generated | +| System.Buffers;SequenceReader;TryReadTo;(System.ReadOnlySpan,T,T,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;Argument[0].Element;value;dfc-generated | +| System.Buffers;SequenceReader;TryReadTo;(System.ReadOnlySpan,T,T,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element;Argument[0].Element;value;dfc-generated | +| System.Buffers;SequenceReader;TryReadToAny;(System.Buffers.ReadOnlySequence,System.ReadOnlySpan,System.Boolean);Argument[this];Argument[0];taint;df-generated | +| System.Buffers;SequenceReader;TryReadToAny;(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;Argument[0].Element;value;dfc-generated | +| System.Buffers;SequenceReader;TryReadToAny;(System.ReadOnlySpan,System.ReadOnlySpan,System.Boolean);Argument[this].Property[System.Buffers.SequenceReader`1.UnreadSpan].Element;Argument[0].Element;value;dfc-generated | | System.Buffers;SequenceReader;get_UnreadSequence;();Argument[this];ReturnValue;taint;df-generated | | System.Buffers;SequenceReader;get_UnreadSpan;();Argument[this].Property[System.Buffers.SequenceReader`1.CurrentSpan].Element;ReturnValue.Element;value;dfc-generated | -| System.Buffers;SequenceReaderExtensions;TryReadBigEndian;(System.Buffers.SequenceReader,System.Int16);Argument[0];ReturnValue;value;dfc-generated | -| System.Buffers;SequenceReaderExtensions;TryReadBigEndian;(System.Buffers.SequenceReader,System.Int32);Argument[0];ReturnValue;value;dfc-generated | -| System.Buffers;SequenceReaderExtensions;TryReadBigEndian;(System.Buffers.SequenceReader,System.Int64);Argument[0];ReturnValue;value;dfc-generated | -| System.Buffers;SequenceReaderExtensions;TryReadLittleEndian;(System.Buffers.SequenceReader,System.Int16);Argument[0];ReturnValue;value;dfc-generated | -| System.Buffers;SequenceReaderExtensions;TryReadLittleEndian;(System.Buffers.SequenceReader,System.Int32);Argument[0];ReturnValue;value;dfc-generated | -| System.Buffers;SequenceReaderExtensions;TryReadLittleEndian;(System.Buffers.SequenceReader,System.Int64);Argument[0];ReturnValue;value;dfc-generated | | System.Buffers;SpanAction;BeginInvoke;(System.Span,TArg,System.AsyncCallback,System.Object);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | | System.CodeDom.Compiler;CodeCompiler;FromDom;(System.CodeDom.Compiler.CompilerParameters,System.CodeDom.CodeCompileUnit);Argument[1];Argument[0];taint;df-generated | | System.CodeDom.Compiler;CodeCompiler;FromDom;(System.CodeDom.Compiler.CompilerParameters,System.CodeDom.CodeCompileUnit);Argument[1];Argument[this];taint;df-generated | @@ -4647,14 +4632,6 @@ | System.CodeDom.Compiler;CompilerParameters;CompilerParameters;(System.String[],System.String,System.Boolean);Argument[0].Element;Argument[this].Property[System.CodeDom.Compiler.CompilerParameters.ReferencedAssemblies].Element;value;dfc-generated | | System.CodeDom.Compiler;CompilerParameters;CompilerParameters;(System.String[],System.String,System.Boolean);Argument[1];Argument[this].Property[System.CodeDom.Compiler.CompilerParameters.OutputAssembly];value;dfc-generated | | System.CodeDom.Compiler;CompilerResults;CompilerResults;(System.CodeDom.Compiler.TempFileCollection);Argument[0];Argument[this].Property[System.CodeDom.Compiler.CompilerResults.TempFiles];value;dfc-generated | -| System.CodeDom.Compiler;Executor;ExecWaitWithCapture;(System.IntPtr,System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String);Argument[3];ReturnValue;value;dfc-generated | -| System.CodeDom.Compiler;Executor;ExecWaitWithCapture;(System.IntPtr,System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String);Argument[4];ReturnValue;value;dfc-generated | -| System.CodeDom.Compiler;Executor;ExecWaitWithCapture;(System.IntPtr,System.String,System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String);Argument[4];ReturnValue;value;dfc-generated | -| System.CodeDom.Compiler;Executor;ExecWaitWithCapture;(System.IntPtr,System.String,System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String);Argument[5];ReturnValue;value;dfc-generated | -| System.CodeDom.Compiler;Executor;ExecWaitWithCapture;(System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String);Argument[2];ReturnValue;value;dfc-generated | -| System.CodeDom.Compiler;Executor;ExecWaitWithCapture;(System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String);Argument[3];ReturnValue;value;dfc-generated | -| System.CodeDom.Compiler;Executor;ExecWaitWithCapture;(System.String,System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String);Argument[3];ReturnValue;value;dfc-generated | -| System.CodeDom.Compiler;Executor;ExecWaitWithCapture;(System.String,System.String,System.CodeDom.Compiler.TempFileCollection,System.String,System.String);Argument[4];ReturnValue;value;dfc-generated | | System.CodeDom.Compiler;GeneratedCodeAttribute;GeneratedCodeAttribute;(System.String,System.String);Argument[0];Argument[this].SyntheticField[System.CodeDom.Compiler.GeneratedCodeAttribute._tool];value;dfc-generated | | System.CodeDom.Compiler;GeneratedCodeAttribute;GeneratedCodeAttribute;(System.String,System.String);Argument[1];Argument[this].SyntheticField[System.CodeDom.Compiler.GeneratedCodeAttribute._version];value;dfc-generated | | System.CodeDom.Compiler;GeneratedCodeAttribute;get_Tool;();Argument[this].SyntheticField[System.CodeDom.Compiler.GeneratedCodeAttribute._tool];ReturnValue;value;dfc-generated | @@ -5001,8 +4978,8 @@ | System.Collections.Concurrent;ConcurrentBag;Clear;();Argument[this].WithoutElement;Argument[this];value;manual | | System.Collections.Concurrent;ConcurrentBag;ToArray;();Argument[this];ReturnValue;taint;df-generated | | System.Collections.Concurrent;ConcurrentBag;TryAdd;(T);Argument[0];Argument[this].Element;value;dfc-generated | -| System.Collections.Concurrent;ConcurrentBag;TryPeek;(T);Argument[this];ReturnValue;taint;df-generated | -| System.Collections.Concurrent;ConcurrentBag;TryTake;(T);Argument[this];ReturnValue;taint;df-generated | +| System.Collections.Concurrent;ConcurrentBag;TryPeek;(T);Argument[this];Argument[0];taint;df-generated | +| System.Collections.Concurrent;ConcurrentBag;TryTake;(T);Argument[this];Argument[0];taint;df-generated | | System.Collections.Concurrent;ConcurrentDictionary;Add;(System.Collections.Generic.KeyValuePair);Argument[0].Property[System.Collections.Generic.KeyValuePair`2.Key];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];value;manual | | System.Collections.Concurrent;ConcurrentDictionary;Add;(System.Collections.Generic.KeyValuePair);Argument[0].Property[System.Collections.Generic.KeyValuePair`2.Value];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual | | System.Collections.Concurrent;ConcurrentDictionary;AddOrUpdate;(TKey,System.Func,System.Func);Argument[0];Argument[1].Parameter[0];value;dfc-generated | @@ -5063,18 +5040,18 @@ | System.Collections.Concurrent;ConcurrentDictionary;GetOrAdd;(TKey,System.Func,TArg);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Collections.Concurrent;ConcurrentDictionary;GetOrAdd;(TKey,System.Func,TArg);Argument[2];Argument[1].Parameter[1];value;dfc-generated | | System.Collections.Concurrent;ConcurrentDictionary;GetOrAdd;(TKey,System.Func,TArg);Argument[2];Argument[1].Parameter[1];value;hq-generated | -| System.Collections.Concurrent;ConcurrentDictionary;TryGetAlternateLookup;(System.Collections.Concurrent.ConcurrentDictionary+AlternateLookup);Argument[this];ReturnValue.Property[System.Collections.Concurrent.ConcurrentDictionary`2+AlternateLookup`1.Dictionary];value;dfc-generated | +| System.Collections.Concurrent;ConcurrentDictionary;TryGetAlternateLookup;(System.Collections.Concurrent.ConcurrentDictionary+AlternateLookup);Argument[this];Argument[0].Property[System.Collections.Concurrent.ConcurrentDictionary`2+AlternateLookup`1.Dictionary];value;dfc-generated | | System.Collections.Concurrent;ConcurrentDictionary;get_Comparer;();Argument[this];ReturnValue;taint;df-generated | | System.Collections.Concurrent;ConcurrentDictionary;get_Keys;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];ReturnValue.Element;value;manual | | System.Collections.Concurrent;ConcurrentDictionary;get_Values;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue.Element;value;manual | | System.Collections.Concurrent;ConcurrentQueue;Clear;();Argument[this].WithoutElement;Argument[this];value;manual | | System.Collections.Concurrent;ConcurrentStack;Clear;();Argument[this].WithoutElement;Argument[this];value;manual | | System.Collections.Concurrent;ConcurrentStack;ConcurrentStack;(System.Collections.Generic.IEnumerable);Argument[0].Element;Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value];value;dfc-generated | -| System.Collections.Concurrent;ConcurrentStack;TryPeek;(T);Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value];ReturnValue;value;dfc-generated | -| System.Collections.Concurrent;ConcurrentStack;TryPop;(T);Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value];ReturnValue;value;dfc-generated | +| System.Collections.Concurrent;ConcurrentStack;TryPeek;(T);Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value];Argument[0];value;dfc-generated | +| System.Collections.Concurrent;ConcurrentStack;TryPop;(T);Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value];Argument[0];value;dfc-generated | | System.Collections.Concurrent;ConcurrentStack;TryPopRange;(T[]);Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value];Argument[0].Element;value;dfc-generated | | System.Collections.Concurrent;ConcurrentStack;TryPopRange;(T[],System.Int32,System.Int32);Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value];Argument[0].Element;value;dfc-generated | -| System.Collections.Concurrent;ConcurrentStack;TryTake;(T);Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value];ReturnValue;value;dfc-generated | +| System.Collections.Concurrent;ConcurrentStack;TryTake;(T);Argument[this].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1._head].SyntheticField[System.Collections.Concurrent.ConcurrentStack`1+Node._value];Argument[0];value;dfc-generated | | System.Collections.Concurrent;IProducerConsumerCollection;CopyTo;(T[],System.Int32);Argument[this].Element;Argument[0].Element;value;manual | | System.Collections.Concurrent;OrderablePartitioner;GetDynamicPartitions;();Argument[this];ReturnValue;taint;df-generated | | System.Collections.Concurrent;Partitioner;Create;(System.Collections.Generic.IEnumerable);Argument[0].Element;ReturnValue;taint;df-generated | @@ -5093,7 +5070,7 @@ | System.Collections.Frozen;FrozenDictionary+Enumerator;get_Current;();Argument[this];ReturnValue;taint;df-generated | | System.Collections.Frozen;FrozenDictionary+Enumerator;get_Current;();Argument[this];ReturnValue;taint;dfc-generated | | System.Collections.Frozen;FrozenDictionary;GetAlternateLookup;();Argument[this];ReturnValue.Property[System.Collections.Frozen.FrozenDictionary`2+AlternateLookup`1.Dictionary];value;dfc-generated | -| System.Collections.Frozen;FrozenDictionary;TryGetAlternateLookup;(System.Collections.Frozen.FrozenDictionary+AlternateLookup);Argument[this];ReturnValue.Property[System.Collections.Frozen.FrozenDictionary`2+AlternateLookup`1.Dictionary];value;dfc-generated | +| System.Collections.Frozen;FrozenDictionary;TryGetAlternateLookup;(System.Collections.Frozen.FrozenDictionary+AlternateLookup);Argument[this];Argument[0].Property[System.Collections.Frozen.FrozenDictionary`2+AlternateLookup`1.Dictionary];value;dfc-generated | | System.Collections.Frozen;FrozenDictionary;get_Keys;();Argument[this];ReturnValue;taint;df-generated | | System.Collections.Frozen;FrozenDictionary;get_Values;();Argument[this];ReturnValue;taint;df-generated | | System.Collections.Frozen;FrozenSet;Create;(System.Collections.Generic.IEqualityComparer,System.ReadOnlySpan);Argument[1];ReturnValue;taint;df-generated | @@ -5101,22 +5078,22 @@ | System.Collections.Frozen;FrozenSet;ToFrozenSet;(System.Collections.Generic.IEnumerable,System.Collections.Generic.IEqualityComparer);Argument[0].Element;ReturnValue;taint;df-generated | | System.Collections.Frozen;FrozenSet+AlternateLookup;Contains;(TAlternate);Argument[0];Argument[this];taint;df-generated | | System.Collections.Frozen;FrozenSet+AlternateLookup;TryGetValue;(TAlternate,T);Argument[0];Argument[this];taint;df-generated | -| System.Collections.Frozen;FrozenSet+AlternateLookup;TryGetValue;(TAlternate,T);Argument[this];ReturnValue;taint;df-generated | +| System.Collections.Frozen;FrozenSet+AlternateLookup;TryGetValue;(TAlternate,T);Argument[this];Argument[1];taint;df-generated | | System.Collections.Frozen;FrozenSet+Enumerator;get_Current;();Argument[this].Property[System.Collections.Frozen.FrozenSet`1+Enumerator.Current];ReturnValue;value;df-generated | | System.Collections.Frozen;FrozenSet+Enumerator;get_Current;();Argument[this].Property[System.Collections.Frozen.FrozenSet`1+Enumerator.Current];ReturnValue;value;dfc-generated | | System.Collections.Frozen;FrozenSet+Enumerator;get_Current;();Argument[this];ReturnValue;taint;df-generated | | System.Collections.Frozen;FrozenSet+Enumerator;get_Current;();Argument[this];ReturnValue;taint;dfc-generated | | System.Collections.Frozen;FrozenSet;CopyTo;(System.Span);Argument[this].Property[System.Collections.Frozen.FrozenSet`1.Items].Element;Argument[0].Element;value;dfc-generated | | System.Collections.Frozen;FrozenSet;GetAlternateLookup;();Argument[this];ReturnValue.Property[System.Collections.Frozen.FrozenSet`1+AlternateLookup`1.Set];value;dfc-generated | -| System.Collections.Frozen;FrozenSet;TryGetAlternateLookup;(System.Collections.Frozen.FrozenSet+AlternateLookup);Argument[this];ReturnValue.Property[System.Collections.Frozen.FrozenSet`1+AlternateLookup`1.Set];value;dfc-generated | -| System.Collections.Frozen;FrozenSet;TryGetValue;(T,T);Argument[this].Property[System.Collections.Frozen.FrozenSet`1.Items].Element;ReturnValue;value;dfc-generated | +| System.Collections.Frozen;FrozenSet;TryGetAlternateLookup;(System.Collections.Frozen.FrozenSet+AlternateLookup);Argument[this];Argument[0].Property[System.Collections.Frozen.FrozenSet`1+AlternateLookup`1.Set];value;dfc-generated | +| System.Collections.Frozen;FrozenSet;TryGetValue;(T,T);Argument[this].Property[System.Collections.Frozen.FrozenSet`1.Items].Element;Argument[1];value;dfc-generated | | System.Collections.Frozen;FrozenSet;get_Items;();Argument[this];ReturnValue;taint;df-generated | | System.Collections.Generic;CollectionExtensions;AsReadOnly;(System.Collections.Generic.IList);Argument[0].Element;ReturnValue;taint;df-generated | | System.Collections.Generic;CollectionExtensions;AsReadOnly;(System.Collections.Generic.IDictionary);Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];ReturnValue.Element.Property[System.Collections.Generic.KeyValuePair`2.Key];value;dfc-generated | | System.Collections.Generic;CollectionExtensions;AsReadOnly;(System.Collections.Generic.IDictionary);Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue.Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;dfc-generated | | System.Collections.Generic;CollectionExtensions;CopyTo;(System.Collections.Generic.List,System.Span);Argument[0].Element;Argument[1];taint;df-generated | | System.Collections.Generic;CollectionExtensions;GetValueOrDefault;(System.Collections.Generic.IReadOnlyDictionary,TKey,TValue);Argument[2];ReturnValue;value;dfc-generated | -| System.Collections.Generic;CollectionExtensions;Remove;(System.Collections.Generic.IDictionary,TKey,TValue);Argument[0].Element;ReturnValue;taint;df-generated | +| System.Collections.Generic;CollectionExtensions;Remove;(System.Collections.Generic.IDictionary,TKey,TValue);Argument[0].Element;Argument[2];taint;df-generated | | System.Collections.Generic;CollectionExtensions;TryAdd;(System.Collections.Generic.IDictionary,TKey,TValue);Argument[1];Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];value;dfc-generated | | System.Collections.Generic;CollectionExtensions;TryAdd;(System.Collections.Generic.IDictionary,TKey,TValue);Argument[2];Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;dfc-generated | | System.Collections.Generic;Comparer;Create;(System.Comparison);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | @@ -5161,7 +5138,7 @@ | System.Collections.Generic;HashSet;HashSet;(System.Collections.Generic.IEnumerable,System.Collections.Generic.IEqualityComparer);Argument[0].Element;Argument[this];taint;df-generated | | System.Collections.Generic;HashSet;HashSet;(System.Collections.Generic.IEqualityComparer);Argument[0];Argument[this].SyntheticField[System.Collections.Generic.HashSet`1._comparer];value;dfc-generated | | System.Collections.Generic;HashSet;RemoveWhere;(System.Predicate);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | -| System.Collections.Generic;HashSet;TryGetValue;(T,T);Argument[this];ReturnValue;taint;df-generated | +| System.Collections.Generic;HashSet;TryGetValue;(T,T);Argument[this];Argument[1];taint;df-generated | | System.Collections.Generic;HashSet;get_Comparer;();Argument[this].SyntheticField[System.Collections.Generic.HashSet`1._comparer];ReturnValue;value;dfc-generated | | System.Collections.Generic;ICollection;Add;(T);Argument[0];Argument[this].Element;value;manual | | System.Collections.Generic;ICollection;Clear;();Argument[this].WithoutElement;Argument[this];value;manual | @@ -5180,7 +5157,8 @@ | System.Collections.Generic;ISet;Add;(T);Argument[0];Argument[this].Element;value;manual | | System.Collections.Generic;KeyValuePair;Create;(TKey,TValue);Argument[0];ReturnValue.Property[System.Collections.Generic.KeyValuePair`2.Key];value;dfc-generated | | System.Collections.Generic;KeyValuePair;Create;(TKey,TValue);Argument[1];ReturnValue.Property[System.Collections.Generic.KeyValuePair`2.Value];value;dfc-generated | -| System.Collections.Generic;KeyValuePair;Deconstruct;(TKey,TValue);Argument[this];ReturnValue;taint;df-generated | +| System.Collections.Generic;KeyValuePair;Deconstruct;(TKey,TValue);Argument[this];Argument[0];taint;df-generated | +| System.Collections.Generic;KeyValuePair;Deconstruct;(TKey,TValue);Argument[this];Argument[1];taint;df-generated | | System.Collections.Generic;KeyValuePair;KeyValuePair;(TKey,TValue);Argument[0];Argument[this].Property[System.Collections.Generic.KeyValuePair`2.Key];value;manual | | System.Collections.Generic;KeyValuePair;KeyValuePair;(TKey,TValue);Argument[1];Argument[this].Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual | | System.Collections.Generic;KeyValuePair;get_Key;();Argument[this];ReturnValue;taint;df-generated | @@ -5270,8 +5248,8 @@ | System.Collections.Generic;OrderedDictionary;OrderedDictionary;(System.Collections.Generic.IEnumerable>,System.Collections.Generic.IEqualityComparer);Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];value;dfc-generated | | System.Collections.Generic;OrderedDictionary;OrderedDictionary;(System.Collections.Generic.IEnumerable>,System.Collections.Generic.IEqualityComparer);Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;dfc-generated | | System.Collections.Generic;OrderedDictionary;OrderedDictionary;(System.Int32,System.Collections.Generic.IEqualityComparer);Argument[1];Argument[this].SyntheticField[System.Collections.Generic.OrderedDictionary`2._comparer];value;dfc-generated | -| System.Collections.Generic;OrderedDictionary;Remove;(TKey,TValue);Argument[this];ReturnValue;taint;df-generated | -| System.Collections.Generic;OrderedDictionary;TryGetValue;(TKey,TValue);Argument[this];ReturnValue;taint;df-generated | +| System.Collections.Generic;OrderedDictionary;Remove;(TKey,TValue);Argument[this];Argument[1];taint;df-generated | +| System.Collections.Generic;OrderedDictionary;TryGetValue;(TKey,TValue);Argument[this];Argument[1];taint;df-generated | | System.Collections.Generic;OrderedDictionary;get_Comparer;();Argument[this].SyntheticField[System.Collections.Generic.OrderedDictionary`2._comparer];ReturnValue;value;dfc-generated | | System.Collections.Generic;OrderedDictionary;get_Keys;();Argument[this].Property[System.Collections.Generic.OrderedDictionary`2.Keys];ReturnValue;value;dfc-generated | | System.Collections.Generic;OrderedDictionary;get_Values;();Argument[this].Property[System.Collections.Generic.OrderedDictionary`2.Values];ReturnValue;value;dfc-generated | @@ -5286,9 +5264,12 @@ | System.Collections.Generic;PriorityQueue;PriorityQueue;(System.Collections.Generic.IEnumerable>,System.Collections.Generic.IComparer);Argument[1];Argument[this].SyntheticField[System.Collections.Generic.PriorityQueue`2._comparer];value;dfc-generated | | System.Collections.Generic;PriorityQueue;PriorityQueue;(System.Int32,System.Collections.Generic.IComparer);Argument[1];Argument[this].SyntheticField[System.Collections.Generic.PriorityQueue`2._comparer];value;dfc-generated | | System.Collections.Generic;PriorityQueue;Remove;(TElement,TElement,TPriority,System.Collections.Generic.IEqualityComparer);Argument[0];Argument[3];taint;df-generated | -| System.Collections.Generic;PriorityQueue;Remove;(TElement,TElement,TPriority,System.Collections.Generic.IEqualityComparer);Argument[this];ReturnValue;taint;df-generated | -| System.Collections.Generic;PriorityQueue;TryDequeue;(TElement,TPriority);Argument[this];ReturnValue;taint;df-generated | -| System.Collections.Generic;PriorityQueue;TryPeek;(TElement,TPriority);Argument[this];ReturnValue;taint;df-generated | +| System.Collections.Generic;PriorityQueue;Remove;(TElement,TElement,TPriority,System.Collections.Generic.IEqualityComparer);Argument[this];Argument[1];taint;df-generated | +| System.Collections.Generic;PriorityQueue;Remove;(TElement,TElement,TPriority,System.Collections.Generic.IEqualityComparer);Argument[this];Argument[2];taint;df-generated | +| System.Collections.Generic;PriorityQueue;TryDequeue;(TElement,TPriority);Argument[this];Argument[0];taint;df-generated | +| System.Collections.Generic;PriorityQueue;TryDequeue;(TElement,TPriority);Argument[this];Argument[1];taint;df-generated | +| System.Collections.Generic;PriorityQueue;TryPeek;(TElement,TPriority);Argument[this];Argument[0];taint;df-generated | +| System.Collections.Generic;PriorityQueue;TryPeek;(TElement,TPriority);Argument[this];Argument[1];taint;df-generated | | System.Collections.Generic;PriorityQueue;get_Comparer;();Argument[this].SyntheticField[System.Collections.Generic.PriorityQueue`2._comparer];ReturnValue;value;dfc-generated | | System.Collections.Generic;Queue+Enumerator;get_Current;();Argument[this].Property[System.Collections.Generic.Queue`1+Enumerator.Current];ReturnValue;value;df-generated | | System.Collections.Generic;Queue+Enumerator;get_Current;();Argument[this].Property[System.Collections.Generic.Queue`1+Enumerator.Current];ReturnValue;value;dfc-generated | @@ -5301,8 +5282,8 @@ | System.Collections.Generic;Queue;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.Generic.Queue`1+Enumerator.Current];value;manual | | System.Collections.Generic;Queue;Peek;();Argument[this].Element;ReturnValue;value;manual | | System.Collections.Generic;Queue;Queue;(System.Collections.Generic.IEnumerable);Argument[0].Element;Argument[this].SyntheticField[System.Collections.Generic.Queue`1._array].Element;value;dfc-generated | -| System.Collections.Generic;Queue;TryDequeue;(T);Argument[this].SyntheticField[System.Collections.Generic.Queue`1._array].Element;ReturnValue;value;dfc-generated | -| System.Collections.Generic;Queue;TryPeek;(T);Argument[this].SyntheticField[System.Collections.Generic.Queue`1._array].Element;ReturnValue;value;dfc-generated | +| System.Collections.Generic;Queue;TryDequeue;(T);Argument[this].SyntheticField[System.Collections.Generic.Queue`1._array].Element;Argument[0];value;dfc-generated | +| System.Collections.Generic;Queue;TryPeek;(T);Argument[this].SyntheticField[System.Collections.Generic.Queue`1._array].Element;Argument[0];value;dfc-generated | | System.Collections.Generic;SortedDictionary+Enumerator;get_Current;();Argument[this].Property[System.Collections.Generic.SortedDictionary`2+Enumerator.Current].Property[System.Collections.Generic.KeyValuePair`2.Key];ReturnValue.Property[System.Collections.Generic.KeyValuePair`2.Key];value;df-generated | | System.Collections.Generic;SortedDictionary+Enumerator;get_Current;();Argument[this].Property[System.Collections.Generic.SortedDictionary`2+Enumerator.Current].Property[System.Collections.Generic.KeyValuePair`2.Key];ReturnValue.Property[System.Collections.Generic.KeyValuePair`2.Key];value;dfc-generated | | System.Collections.Generic;SortedDictionary+Enumerator;get_Current;();Argument[this].Property[System.Collections.Generic.SortedDictionary`2+Enumerator.Current].Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue.Property[System.Collections.Generic.KeyValuePair`2.Value];value;df-generated | @@ -5343,7 +5324,7 @@ | System.Collections.Generic;SortedList;SortedList;(System.Collections.Generic.IDictionary);Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual | | System.Collections.Generic;SortedList;SortedList;(System.Collections.Generic.IDictionary,System.Collections.Generic.IComparer);Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];value;manual | | System.Collections.Generic;SortedList;SortedList;(System.Collections.Generic.IDictionary,System.Collections.Generic.IComparer);Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual | -| System.Collections.Generic;SortedList;TryGetValue;(TKey,TValue);Argument[this].SyntheticField[System.Collections.Generic.SortedList`2.values].Element;ReturnValue;value;dfc-generated | +| System.Collections.Generic;SortedList;TryGetValue;(TKey,TValue);Argument[this].SyntheticField[System.Collections.Generic.SortedList`2.values].Element;Argument[1];value;dfc-generated | | System.Collections.Generic;SortedList;get_Comparer;();Argument[this].SyntheticField[System.Collections.Generic.SortedList`2.comparer];ReturnValue;value;dfc-generated | | System.Collections.Generic;SortedList;get_Keys;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];ReturnValue.Element;value;manual | | System.Collections.Generic;SortedList;get_Values;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue.Element;value;manual | @@ -5363,7 +5344,7 @@ | System.Collections.Generic;SortedSet;SortedSet;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);Argument[0];Argument[this];taint;df-generated | | System.Collections.Generic;SortedSet;SymmetricExceptWith;(System.Collections.Generic.IEnumerable);Argument[0].Element;Argument[this].Element;value;dfc-generated | | System.Collections.Generic;SortedSet;SymmetricExceptWith;(System.Collections.Generic.IEnumerable);Argument[0].Element;Argument[this].SyntheticField[System.Collections.Generic.SortedSet`1.root].SyntheticField[System.Collections.Generic.SortedSet`1+Node.Item];value;dfc-generated | -| System.Collections.Generic;SortedSet;TryGetValue;(T,T);Argument[this].SyntheticField[System.Collections.Generic.SortedSet`1.root].SyntheticField[System.Collections.Generic.SortedSet`1+Node.Item];ReturnValue;value;dfc-generated | +| System.Collections.Generic;SortedSet;TryGetValue;(T,T);Argument[this].SyntheticField[System.Collections.Generic.SortedSet`1.root].SyntheticField[System.Collections.Generic.SortedSet`1+Node.Item];Argument[1];value;dfc-generated | | System.Collections.Generic;SortedSet;UnionWith;(System.Collections.Generic.IEnumerable);Argument[0].Element;Argument[this].Element;value;dfc-generated | | System.Collections.Generic;SortedSet;UnionWith;(System.Collections.Generic.IEnumerable);Argument[0].Element;Argument[this].SyntheticField[System.Collections.Generic.SortedSet`1.root].SyntheticField[System.Collections.Generic.SortedSet`1+Node.Item];value;dfc-generated | | System.Collections.Generic;SortedSet;UnionWith;(System.Collections.Generic.IEnumerable);Argument[this].Element;Argument[this].SyntheticField[System.Collections.Generic.SortedSet`1.root].SyntheticField[System.Collections.Generic.SortedSet`1+Node.Item];value;dfc-generated | @@ -5382,8 +5363,8 @@ | System.Collections.Generic;Stack;Push;(T);Argument[0];Argument[this].SyntheticField[System.Collections.Generic.Stack`1._array].Element;value;dfc-generated | | System.Collections.Generic;Stack;Stack;(System.Collections.Generic.IEnumerable);Argument[0].Element;Argument[this].SyntheticField[System.Collections.Generic.Stack`1._array].Element;value;dfc-generated | | System.Collections.Generic;Stack;ToArray;();Argument[this].SyntheticField[System.Collections.Generic.Stack`1._array].Element;ReturnValue.Element;value;dfc-generated | -| System.Collections.Generic;Stack;TryPeek;(T);Argument[this].SyntheticField[System.Collections.Generic.Stack`1._array].Element;ReturnValue;value;dfc-generated | -| System.Collections.Generic;Stack;TryPop;(T);Argument[this].SyntheticField[System.Collections.Generic.Stack`1._array].Element;ReturnValue;value;dfc-generated | +| System.Collections.Generic;Stack;TryPeek;(T);Argument[this].SyntheticField[System.Collections.Generic.Stack`1._array].Element;Argument[0];value;dfc-generated | +| System.Collections.Generic;Stack;TryPop;(T);Argument[this].SyntheticField[System.Collections.Generic.Stack`1._array].Element;Argument[0];value;dfc-generated | | System.Collections.Immutable;IImmutableDictionary;AddRange;(System.Collections.Generic.IEnumerable>);Argument[0].Element;Argument[this].Element;value;manual | | System.Collections.Immutable;IImmutableDictionary;Clear;();Argument[this].WithoutElement;ReturnValue;value;manual | | System.Collections.Immutable;IImmutableList;Add;(T);Argument[0];Argument[this].Element;value;manual | @@ -5605,8 +5586,7 @@ | System.Collections.Immutable;ImmutableDictionary+Builder;AddRange;(System.Collections.Generic.IEnumerable>);Argument[0].Element;Argument[this].Element;value;manual | | System.Collections.Immutable;ImmutableDictionary+Builder;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.Immutable.ImmutableDictionary`2+Enumerator.Current];value;manual | | System.Collections.Immutable;ImmutableDictionary+Builder;GetValueOrDefault;(TKey,TValue);Argument[1];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableDictionary+Builder;TryGetKey;(TKey,TKey);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableDictionary+Builder;TryGetValue;(TKey,TValue);Argument[1];ReturnValue;value;dfc-generated | +| System.Collections.Immutable;ImmutableDictionary+Builder;TryGetKey;(TKey,TKey);Argument[0];Argument[1];value;dfc-generated | | System.Collections.Immutable;ImmutableDictionary+Builder;get_Keys;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];ReturnValue.Element;value;manual | | System.Collections.Immutable;ImmutableDictionary+Builder;get_Values;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue.Element;value;manual | | System.Collections.Immutable;ImmutableDictionary+Enumerator;get_Current;();Argument[this].Property[System.Collections.Immutable.ImmutableDictionary`2+Enumerator.Current];ReturnValue;value;df-generated | @@ -5625,8 +5605,7 @@ | System.Collections.Immutable;ImmutableDictionary;SetItem;(TKey,TValue);Argument[this];ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableDictionary;SetItems;(System.Collections.Generic.IEnumerable>);Argument[this];ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableDictionary;ToBuilder;();Argument[this];ReturnValue;taint;df-generated | -| System.Collections.Immutable;ImmutableDictionary;TryGetKey;(TKey,TKey);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableDictionary;TryGetValue;(TKey,TValue);Argument[1];ReturnValue;value;dfc-generated | +| System.Collections.Immutable;ImmutableDictionary;TryGetKey;(TKey,TKey);Argument[0];Argument[1];value;dfc-generated | | System.Collections.Immutable;ImmutableDictionary;WithComparers;(System.Collections.Generic.IEqualityComparer);Argument[0];ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableDictionary`2._comparers].SyntheticField[System.Collections.Immutable.ImmutableDictionary`2+Comparers._keyComparer];value;dfc-generated | | System.Collections.Immutable;ImmutableDictionary;WithComparers;(System.Collections.Generic.IEqualityComparer,System.Collections.Generic.IEqualityComparer);Argument[0];ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableDictionary`2._comparers].SyntheticField[System.Collections.Immutable.ImmutableDictionary`2+Comparers._keyComparer];value;dfc-generated | | System.Collections.Immutable;ImmutableDictionary;WithComparers;(System.Collections.Generic.IEqualityComparer,System.Collections.Generic.IEqualityComparer);Argument[1];ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableDictionary`2._comparers].SyntheticField[System.Collections.Immutable.ImmutableDictionary`2+Comparers._valueComparer];value;dfc-generated | @@ -5648,7 +5627,7 @@ | System.Collections.Immutable;ImmutableHashSet;ToImmutableHashSet;(System.Collections.Generic.IEnumerable,System.Collections.Generic.IEqualityComparer);Argument[0];ReturnValue;value;dfc-generated | | System.Collections.Immutable;ImmutableHashSet+Builder;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.Immutable.ImmutableHashSet`1+Enumerator.Current];value;manual | | System.Collections.Immutable;ImmutableHashSet+Builder;SymmetricExceptWith;(System.Collections.Generic.IEnumerable);Argument[0].Element;Argument[this];taint;df-generated | -| System.Collections.Immutable;ImmutableHashSet+Builder;TryGetValue;(T,T);Argument[0];ReturnValue;value;dfc-generated | +| System.Collections.Immutable;ImmutableHashSet+Builder;TryGetValue;(T,T);Argument[0];Argument[1];value;dfc-generated | | System.Collections.Immutable;ImmutableHashSet+Enumerator;get_Current;();Argument[this].Property[System.Collections.Immutable.ImmutableHashSet`1+Enumerator.Current];ReturnValue;value;df-generated | | System.Collections.Immutable;ImmutableHashSet+Enumerator;get_Current;();Argument[this].Property[System.Collections.Immutable.ImmutableHashSet`1+Enumerator.Current];ReturnValue;value;dfc-generated | | System.Collections.Immutable;ImmutableHashSet+Enumerator;get_Current;();Argument[this];ReturnValue;taint;df-generated | @@ -5661,12 +5640,10 @@ | System.Collections.Immutable;ImmutableHashSet;Remove;(T);Argument[this];ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableHashSet;SymmetricExcept;(System.Collections.Generic.IEnumerable);Argument[this];ReturnValue;value;dfc-generated | | System.Collections.Immutable;ImmutableHashSet;ToBuilder;();Argument[this];ReturnValue;taint;df-generated | -| System.Collections.Immutable;ImmutableHashSet;TryGetValue;(T,T);Argument[0];ReturnValue;value;dfc-generated | +| System.Collections.Immutable;ImmutableHashSet;TryGetValue;(T,T);Argument[0];Argument[1];value;dfc-generated | | System.Collections.Immutable;ImmutableHashSet;Union;(System.Collections.Generic.IEnumerable);Argument[0];ReturnValue;value;dfc-generated | | System.Collections.Immutable;ImmutableHashSet;WithComparer;(System.Collections.Generic.IEqualityComparer);Argument[this];ReturnValue;value;dfc-generated | | System.Collections.Immutable;ImmutableHashSet;get_KeyComparer;();Argument[this];ReturnValue;taint;df-generated | -| System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,System.Func);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,System.Func);Argument[0];ReturnValue;value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,System.Func);Argument[1];Argument[2].Parameter[0];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,System.Func);Argument[1];Argument[2].Parameter[0];value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,System.Func);Argument[1];Argument[3].Parameter[0];value;dfc-generated | @@ -5679,8 +5656,6 @@ | System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,System.Func);Argument[3].ReturnValue;ReturnValue;value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,System.Func);Argument[3];Argument[3].Parameter[delegate-self];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,System.Func);Argument[3];Argument[3].Parameter[delegate-self];value;hq-generated | -| System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue,System.Func);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue,System.Func);Argument[0];ReturnValue;value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue,System.Func);Argument[1];Argument[3].Parameter[0];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue,System.Func);Argument[1];Argument[3].Parameter[0];value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue,System.Func);Argument[2];ReturnValue;value;dfc-generated | @@ -5689,9 +5664,6 @@ | System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue,System.Func);Argument[3].ReturnValue;ReturnValue;value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue,System.Func);Argument[3];Argument[3].Parameter[delegate-self];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;AddOrUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue,System.Func);Argument[3];Argument[3].Parameter[delegate-self];value;hq-generated | -| System.Collections.Immutable;ImmutableInterlocked;Enqueue;(System.Collections.Immutable.ImmutableQueue,T);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,TArg);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,TArg);Argument[0];ReturnValue;value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,TArg);Argument[1];Argument[2].Parameter[0];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,TArg);Argument[1];Argument[2].Parameter[0];value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,TArg);Argument[2].ReturnValue;ReturnValue;value;dfc-generated | @@ -5700,45 +5672,22 @@ | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,TArg);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,TArg);Argument[3];Argument[2].Parameter[1];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func,TArg);Argument[3];Argument[2].Parameter[1];value;hq-generated | -| System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func);Argument[0];ReturnValue;value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func);Argument[1];Argument[2].Parameter[0];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func);Argument[1];Argument[2].Parameter[0];value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func);Argument[2].ReturnValue;ReturnValue;value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func);Argument[2].ReturnValue;ReturnValue;value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func);Argument[2];Argument[2].Parameter[delegate-self];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,System.Func);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | -| System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue);Argument[0];ReturnValue;value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;GetOrAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue);Argument[2];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;InterlockedCompareExchange;(System.Collections.Immutable.ImmutableArray,System.Collections.Immutable.ImmutableArray,System.Collections.Immutable.ImmutableArray);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;InterlockedExchange;(System.Collections.Immutable.ImmutableArray,System.Collections.Immutable.ImmutableArray);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;InterlockedInitialize;(System.Collections.Immutable.ImmutableArray,System.Collections.Immutable.ImmutableArray);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;Push;(System.Collections.Immutable.ImmutableStack,T);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;TryAdd;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;TryDequeue;(System.Collections.Immutable.ImmutableQueue,T);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;TryPop;(System.Collections.Immutable.ImmutableStack,T);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;TryRemove;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;TryRemove;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue);Argument[2];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;TryUpdate;(System.Collections.Immutable.ImmutableDictionary,TKey,TValue,TValue);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;Update;(System.Collections.Immutable.ImmutableArray,System.Func,TArg,System.Collections.Immutable.ImmutableArray>,TArg);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;Update;(System.Collections.Immutable.ImmutableArray,System.Func,TArg,System.Collections.Immutable.ImmutableArray>,TArg);Argument[0];ReturnValue;value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;Update;(System.Collections.Immutable.ImmutableArray,System.Func,TArg,System.Collections.Immutable.ImmutableArray>,TArg);Argument[1];Argument[1].Parameter[delegate-self];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;Update;(System.Collections.Immutable.ImmutableArray,System.Func,TArg,System.Collections.Immutable.ImmutableArray>,TArg);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;Update;(System.Collections.Immutable.ImmutableArray,System.Func,TArg,System.Collections.Immutable.ImmutableArray>,TArg);Argument[2];Argument[1].Parameter[1];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;Update;(System.Collections.Immutable.ImmutableArray,System.Func,TArg,System.Collections.Immutable.ImmutableArray>,TArg);Argument[2];Argument[1].Parameter[1];value;hq-generated | -| System.Collections.Immutable;ImmutableInterlocked;Update;(T,System.Func,TArg);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;Update;(T,System.Func,TArg);Argument[0];ReturnValue;value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;Update;(T,System.Func,TArg);Argument[1];Argument[1].Parameter[delegate-self];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;Update;(T,System.Func,TArg);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Collections.Immutable;ImmutableInterlocked;Update;(T,System.Func,TArg);Argument[2];Argument[1].Parameter[1];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;Update;(T,System.Func,TArg);Argument[2];Argument[1].Parameter[1];value;hq-generated | -| System.Collections.Immutable;ImmutableInterlocked;Update;(System.Collections.Immutable.ImmutableArray,System.Func,System.Collections.Immutable.ImmutableArray>);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;Update;(System.Collections.Immutable.ImmutableArray,System.Func,System.Collections.Immutable.ImmutableArray>);Argument[0];ReturnValue;value;hq-generated | -| System.Collections.Immutable;ImmutableInterlocked;Update;(System.Collections.Immutable.ImmutableArray,System.Func,System.Collections.Immutable.ImmutableArray>);Argument[1];Argument[1].Parameter[delegate-self];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;Update;(System.Collections.Immutable.ImmutableArray,System.Func,System.Collections.Immutable.ImmutableArray>);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | -| System.Collections.Immutable;ImmutableInterlocked;Update;(T,System.Func);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableInterlocked;Update;(T,System.Func);Argument[0];ReturnValue;value;hq-generated | -| System.Collections.Immutable;ImmutableInterlocked;Update;(T,System.Func);Argument[1];Argument[1].Parameter[delegate-self];value;dfc-generated | | System.Collections.Immutable;ImmutableInterlocked;Update;(T,System.Func);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Collections.Immutable;ImmutableList;Create;(System.ReadOnlySpan);Argument[0];ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableList;Create;(T);Argument[0];ReturnValue;taint;df-generated | @@ -5866,9 +5815,11 @@ | System.Collections.Immutable;ImmutableQueue;Create;(T);Argument[0];ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableQueue;Create;(T[]);Argument[0].Element;ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableQueue;CreateRange;(System.Collections.Generic.IEnumerable);Argument[0].Element;ReturnValue;taint;df-generated | +| System.Collections.Immutable;ImmutableQueue;Dequeue;(System.Collections.Immutable.IImmutableQueue,T);Argument[0].Element;Argument[1];taint;df-generated | | System.Collections.Immutable;ImmutableQueue;Dequeue;(System.Collections.Immutable.IImmutableQueue,T);Argument[0].Element;ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableQueue+Enumerator;get_Current;();Argument[this];ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableQueue;Dequeue;();Argument[this];ReturnValue;taint;df-generated | +| System.Collections.Immutable;ImmutableQueue;Dequeue;(T);Argument[this];Argument[0];taint;df-generated | | System.Collections.Immutable;ImmutableQueue;Dequeue;(T);Argument[this];ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableQueue;Enqueue;(T);Argument[0];ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableQueue`1._forwards].SyntheticField[System.Collections.Immutable.ImmutableStack`1._head];value;dfc-generated | | System.Collections.Immutable;ImmutableQueue;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.Immutable.ImmutableQueue`1+Enumerator.Current];value;manual | @@ -5932,8 +5883,7 @@ | System.Collections.Immutable;ImmutableSortedDictionary+Builder;AddRange;(System.Collections.Generic.IEnumerable>);Argument[0].Element;Argument[this].Element;value;manual | | System.Collections.Immutable;ImmutableSortedDictionary+Builder;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.Immutable.ImmutableSortedDictionary`2+Enumerator.Current];value;manual | | System.Collections.Immutable;ImmutableSortedDictionary+Builder;GetValueOrDefault;(TKey,TValue);Argument[1];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableSortedDictionary+Builder;TryGetKey;(TKey,TKey);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableSortedDictionary+Builder;TryGetValue;(TKey,TValue);Argument[1];ReturnValue;value;dfc-generated | +| System.Collections.Immutable;ImmutableSortedDictionary+Builder;TryGetKey;(TKey,TKey);Argument[0];Argument[1];value;dfc-generated | | System.Collections.Immutable;ImmutableSortedDictionary+Builder;get_Keys;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];ReturnValue.Element;value;manual | | System.Collections.Immutable;ImmutableSortedDictionary+Builder;get_Values;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue.Element;value;manual | | System.Collections.Immutable;ImmutableSortedDictionary+Enumerator;get_Current;();Argument[this];ReturnValue;taint;df-generated | @@ -5952,9 +5902,8 @@ | System.Collections.Immutable;ImmutableSortedDictionary;SetItems;(System.Collections.Generic.IEnumerable>);Argument[0].Element;ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableSortedDictionary;SetItems;(System.Collections.Generic.IEnumerable>);Argument[this];ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableSortedDictionary;ToBuilder;();Argument[this];ReturnValue;taint;df-generated | -| System.Collections.Immutable;ImmutableSortedDictionary;TryGetKey;(TKey,TKey);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableSortedDictionary;TryGetKey;(TKey,TKey);Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedDictionary`2._root].SyntheticField[System.Collections.Immutable.ImmutableSortedDictionary`2+Node._key];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableSortedDictionary;TryGetValue;(TKey,TValue);Argument[1];ReturnValue;value;dfc-generated | +| System.Collections.Immutable;ImmutableSortedDictionary;TryGetKey;(TKey,TKey);Argument[0];Argument[1];value;dfc-generated | +| System.Collections.Immutable;ImmutableSortedDictionary;TryGetKey;(TKey,TKey);Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedDictionary`2._root].SyntheticField[System.Collections.Immutable.ImmutableSortedDictionary`2+Node._key];Argument[1];value;dfc-generated | | System.Collections.Immutable;ImmutableSortedDictionary;WithComparers;(System.Collections.Generic.IComparer);Argument[0];ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableSortedDictionary`2._keyComparer];value;dfc-generated | | System.Collections.Immutable;ImmutableSortedDictionary;WithComparers;(System.Collections.Generic.IComparer,System.Collections.Generic.IEqualityComparer);Argument[0];ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableSortedDictionary`2._keyComparer];value;dfc-generated | | System.Collections.Immutable;ImmutableSortedDictionary;WithComparers;(System.Collections.Generic.IComparer,System.Collections.Generic.IEqualityComparer);Argument[1];ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableSortedDictionary`2._valueComparer];value;dfc-generated | @@ -5984,8 +5933,8 @@ | System.Collections.Immutable;ImmutableSortedSet+Builder;IntersectWith;(System.Collections.Generic.IEnumerable);Argument[0].Element;Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Builder._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key];value;dfc-generated | | System.Collections.Immutable;ImmutableSortedSet+Builder;Reverse;();Argument[this].Element;ReturnValue.Element;value;manual | | System.Collections.Immutable;ImmutableSortedSet+Builder;SymmetricExceptWith;(System.Collections.Generic.IEnumerable);Argument[0].Element;Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Builder._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key];value;dfc-generated | -| System.Collections.Immutable;ImmutableSortedSet+Builder;TryGetValue;(T,T);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableSortedSet+Builder;TryGetValue;(T,T);Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Builder._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key];ReturnValue;value;dfc-generated | +| System.Collections.Immutable;ImmutableSortedSet+Builder;TryGetValue;(T,T);Argument[0];Argument[1];value;dfc-generated | +| System.Collections.Immutable;ImmutableSortedSet+Builder;TryGetValue;(T,T);Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Builder._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key];Argument[1];value;dfc-generated | | System.Collections.Immutable;ImmutableSortedSet+Builder;UnionWith;(System.Collections.Generic.IEnumerable);Argument[0].Element;Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Builder._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key];value;dfc-generated | | System.Collections.Immutable;ImmutableSortedSet+Builder;get_Max;();Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Builder._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key];ReturnValue;value;dfc-generated | | System.Collections.Immutable;ImmutableSortedSet+Builder;get_Min;();Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Builder._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key];ReturnValue;value;dfc-generated | @@ -6004,8 +5953,8 @@ | System.Collections.Immutable;ImmutableSortedSet;SymmetricExcept;(System.Collections.Generic.IEnumerable);Argument[0].Element;Argument[this].Element;value;dfc-generated | | System.Collections.Immutable;ImmutableSortedSet;SymmetricExcept;(System.Collections.Generic.IEnumerable);Argument[0].Element;ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key];value;dfc-generated | | System.Collections.Immutable;ImmutableSortedSet;ToBuilder;();Argument[this];ReturnValue;taint;df-generated | -| System.Collections.Immutable;ImmutableSortedSet;TryGetValue;(T,T);Argument[0];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableSortedSet;TryGetValue;(T,T);Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key];ReturnValue;value;dfc-generated | +| System.Collections.Immutable;ImmutableSortedSet;TryGetValue;(T,T);Argument[0];Argument[1];value;dfc-generated | +| System.Collections.Immutable;ImmutableSortedSet;TryGetValue;(T,T);Argument[this].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1._root].SyntheticField[System.Collections.Immutable.ImmutableSortedSet`1+Node._key];Argument[1];value;dfc-generated | | System.Collections.Immutable;ImmutableSortedSet;Union;(System.Collections.Generic.IEnumerable);Argument[0].Element;ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableSortedSet;Union;(System.Collections.Generic.IEnumerable);Argument[this];ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableSortedSet;Union;(System.Collections.Generic.IEnumerable);Argument[this];ReturnValue;value;df-generated | @@ -6018,12 +5967,13 @@ | System.Collections.Immutable;ImmutableStack;Create;(T);Argument[0];ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableStack;Create;(T[]);Argument[0].Element;ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableStack;CreateRange;(System.Collections.Generic.IEnumerable);Argument[0].Element;ReturnValue;taint;df-generated | +| System.Collections.Immutable;ImmutableStack;Pop;(System.Collections.Immutable.IImmutableStack,T);Argument[0].Element;Argument[1];taint;df-generated | | System.Collections.Immutable;ImmutableStack;Pop;(System.Collections.Immutable.IImmutableStack,T);Argument[0].Element;ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableStack+Enumerator;get_Current;();Argument[this];ReturnValue;taint;df-generated | | System.Collections.Immutable;ImmutableStack;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.Immutable.ImmutableStack`1+Enumerator.Current];value;manual | | System.Collections.Immutable;ImmutableStack;Peek;();Argument[this].SyntheticField[System.Collections.Immutable.ImmutableStack`1._head];ReturnValue;value;dfc-generated | | System.Collections.Immutable;ImmutableStack;Pop;();Argument[this].SyntheticField[System.Collections.Immutable.ImmutableStack`1._tail];ReturnValue;value;dfc-generated | -| System.Collections.Immutable;ImmutableStack;Pop;(T);Argument[this].SyntheticField[System.Collections.Immutable.ImmutableStack`1._head];ReturnValue;value;dfc-generated | +| System.Collections.Immutable;ImmutableStack;Pop;(T);Argument[this].SyntheticField[System.Collections.Immutable.ImmutableStack`1._head];Argument[0];value;dfc-generated | | System.Collections.Immutable;ImmutableStack;Pop;(T);Argument[this].SyntheticField[System.Collections.Immutable.ImmutableStack`1._tail];ReturnValue;value;dfc-generated | | System.Collections.Immutable;ImmutableStack;Push;(T);Argument[0];ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableStack`1._head];value;dfc-generated | | System.Collections.Immutable;ImmutableStack;Push;(T);Argument[this];ReturnValue.SyntheticField[System.Collections.Immutable.ImmutableStack`1._tail];value;dfc-generated | @@ -6036,8 +5986,7 @@ | System.Collections.ObjectModel;KeyedCollection;InsertItem;(System.Int32,TItem);Argument[1];Argument[this].SyntheticField[System.Collections.ObjectModel.Collection`1.items].Element;value;dfc-generated | | System.Collections.ObjectModel;KeyedCollection;KeyedCollection;(System.Collections.Generic.IEqualityComparer,System.Int32);Argument[0];Argument[this].SyntheticField[System.Collections.ObjectModel.KeyedCollection`2.comparer];value;dfc-generated | | System.Collections.ObjectModel;KeyedCollection;SetItem;(System.Int32,TItem);Argument[1];Argument[this];taint;df-generated | -| System.Collections.ObjectModel;KeyedCollection;TryGetValue;(TKey,TItem);Argument[1];ReturnValue;value;dfc-generated | -| System.Collections.ObjectModel;KeyedCollection;TryGetValue;(TKey,TItem);Argument[this].Property[System.Collections.ObjectModel.Collection`1.Items].Element;ReturnValue;value;dfc-generated | +| System.Collections.ObjectModel;KeyedCollection;TryGetValue;(TKey,TItem);Argument[this].Property[System.Collections.ObjectModel.Collection`1.Items].Element;Argument[1];value;dfc-generated | | System.Collections.ObjectModel;KeyedCollection;get_Comparer;();Argument[this].SyntheticField[System.Collections.ObjectModel.KeyedCollection`2.comparer];ReturnValue;value;dfc-generated | | System.Collections.ObjectModel;KeyedCollection;get_Dictionary;();Argument[this];ReturnValue;taint;df-generated | | System.Collections.ObjectModel;KeyedCollection;get_Item;(TKey);Argument[this].Element;ReturnValue;value;manual | @@ -6053,7 +6002,6 @@ | System.Collections.ObjectModel;ReadOnlyDictionary;Add;(System.Collections.Generic.KeyValuePair);Argument[0].Property[System.Collections.Generic.KeyValuePair`2.Value];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual | | System.Collections.ObjectModel;ReadOnlyDictionary;ReadOnlyDictionary;(System.Collections.Generic.IDictionary);Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];value;manual | | System.Collections.ObjectModel;ReadOnlyDictionary;ReadOnlyDictionary;(System.Collections.Generic.IDictionary);Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual | -| System.Collections.ObjectModel;ReadOnlyDictionary;TryGetValue;(TKey,TValue);Argument[1];ReturnValue;value;dfc-generated | | System.Collections.ObjectModel;ReadOnlyDictionary;get_Dictionary;();Argument[this];ReturnValue;taint;df-generated | | System.Collections.ObjectModel;ReadOnlyDictionary;get_Item;(TKey);Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue;value;manual | | System.Collections.ObjectModel;ReadOnlyDictionary;get_Keys;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];ReturnValue.Element;value;manual | @@ -6167,7 +6115,8 @@ | System.Collections;DictionaryBase;OnGet;(System.Object,System.Object);Argument[1];ReturnValue;value;dfc-generated | | System.Collections;DictionaryBase;get_Dictionary;();Argument[this];ReturnValue;value;dfc-generated | | System.Collections;DictionaryBase;get_SyncRoot;();Argument[this].Property[System.Collections.DictionaryBase.InnerHashtable].Property[System.Collections.Hashtable.SyncRoot];ReturnValue;value;dfc-generated | -| System.Collections;DictionaryEntry;Deconstruct;(System.Object,System.Object);Argument[this];ReturnValue;taint;df-generated | +| System.Collections;DictionaryEntry;Deconstruct;(System.Object,System.Object);Argument[this];Argument[0];taint;df-generated | +| System.Collections;DictionaryEntry;Deconstruct;(System.Object,System.Object);Argument[this];Argument[1];taint;df-generated | | System.Collections;DictionaryEntry;DictionaryEntry;(System.Object,System.Object);Argument[0];Argument[this];taint;df-generated | | System.Collections;DictionaryEntry;DictionaryEntry;(System.Object,System.Object);Argument[1];Argument[this];taint;df-generated | | System.Collections;Hashtable;Clone;();Argument[this].Element;ReturnValue.Element;value;manual | @@ -6849,12 +6798,11 @@ | System.Configuration.Internal;IInternalConfigHost;GetStreamNameForConfigSource;(System.String,System.String);Argument[0];ReturnValue;taint;dfc-generated | | System.Configuration.Internal;IInternalConfigHost;GetStreamNameForConfigSource;(System.String,System.String);Argument[1];ReturnValue;taint;dfc-generated | | System.Configuration.Internal;IInternalConfigHost;Init;(System.Configuration.Internal.IInternalConfigRoot,System.Object[]);Argument[1].Element;Argument[this];taint;df-generated | -| System.Configuration.Internal;IInternalConfigHost;InitForConfiguration;(System.String,System.String,System.String,System.Configuration.Internal.IInternalConfigRoot,System.Object[]);Argument[0];ReturnValue;value;dfc-generated | -| System.Configuration.Internal;IInternalConfigHost;InitForConfiguration;(System.String,System.String,System.String,System.Configuration.Internal.IInternalConfigRoot,System.Object[]);Argument[4].Element;ReturnValue;value;dfc-generated | +| System.Configuration.Internal;IInternalConfigHost;InitForConfiguration;(System.String,System.String,System.String,System.Configuration.Internal.IInternalConfigRoot,System.Object[]);Argument[4].Element;Argument[1];value;dfc-generated | | System.Configuration.Internal;IInternalConfigHost;OpenStreamForRead;(System.String);Argument[0];ReturnValue;taint;dfc-generated | | System.Configuration.Internal;IInternalConfigHost;OpenStreamForRead;(System.String,System.Boolean);Argument[0];ReturnValue;taint;dfc-generated | -| System.Configuration.Internal;IInternalConfigHost;OpenStreamForWrite;(System.String,System.String,System.Object);Argument[2];ReturnValue;value;dfc-generated | -| System.Configuration.Internal;IInternalConfigHost;OpenStreamForWrite;(System.String,System.String,System.Object,System.Boolean);Argument[2];ReturnValue;value;dfc-generated | +| System.Configuration.Internal;IInternalConfigHost;OpenStreamForWrite;(System.String,System.String,System.Object);Argument[1];Argument[2];taint;df-generated | +| System.Configuration.Internal;IInternalConfigHost;OpenStreamForWrite;(System.String,System.String,System.Object,System.Boolean);Argument[1];Argument[2];taint;df-generated | | System.Configuration.Internal;IInternalConfigHost;StartMonitoringStreamForChanges;(System.String,System.Configuration.Internal.StreamChangeCallback);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Configuration.Internal;IInternalConfigHost;StopMonitoringStreamForChanges;(System.String,System.Configuration.Internal.StreamChangeCallback);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Configuration.Internal;IInternalConfigRecord;GetLkgSection;(System.String);Argument[this];ReturnValue;taint;df-generated | @@ -7311,7 +7259,7 @@ | System.Data.Common;DbConnectionStringBuilder;GetProperties;(System.Collections.Hashtable);Argument[this].Property[System.Data.Common.DbConnectionStringBuilder.Keys].Element;Argument[0].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];value;dfc-generated | | System.Data.Common;DbConnectionStringBuilder;ToString;();Argument[this].Property[System.Data.Common.DbConnectionStringBuilder.ConnectionString];ReturnValue;value;dfc-generated | | System.Data.Common;DbConnectionStringBuilder;ToString;();Argument[this].Property[System.Data.Common.DbConnectionStringBuilder.Keys].Element;ReturnValue;taint;dfc-generated | -| System.Data.Common;DbConnectionStringBuilder;TryGetValue;(System.String,System.Object);Argument[this];ReturnValue;taint;df-generated | +| System.Data.Common;DbConnectionStringBuilder;TryGetValue;(System.String,System.Object);Argument[this];Argument[1];taint;df-generated | | System.Data.Common;DbConnectionStringBuilder;get_Item;(System.String);Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue;value;manual | | System.Data.Common;DbConnectionStringBuilder;set_Item;(System.String,System.Object);Argument[0];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];value;manual | | System.Data.Common;DbConnectionStringBuilder;set_Item;(System.String,System.Object);Argument[1];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual | @@ -7402,7 +7350,7 @@ | System.Data.Entity.Core.Common.CommandTrees;DbLambda;Create;(System.Data.Entity.Core.Metadata.Edm.TypeUsage,System.Func);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Data.Entity.Core.Common;DbCommandDefinition;DbCommandDefinition;(System.Data.Common.DbCommand,System.Func);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Data.Entity.Core.Common;DbProviderServices;RegisterInfoMessageHandler;(System.Data.Common.DbConnection,System.Action);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | -| System.Data.Entity.Core.EntityClient;EntityConnectionStringBuilder;TryGetValue;(System.String,System.Object);Argument[this];ReturnValue;taint;df-generated | +| System.Data.Entity.Core.EntityClient;EntityConnectionStringBuilder;TryGetValue;(System.String,System.Object);Argument[this];Argument[1];taint;df-generated | | System.Data.Entity.Core.Metadata.Edm;CsdlSerializer;add_OnError;(System.EventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Data.Entity.Core.Metadata.Edm;CsdlSerializer;remove_OnError;(System.EventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Data.Entity.Core.Metadata.Edm;MetadataWorkspace;LoadFromAssembly;(System.Reflection.Assembly,System.Action);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | @@ -7771,7 +7719,7 @@ | System.Data.SqlClient;SqlCommand;remove_StatementCompleted;(System.Data.StatementCompletedEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Data.SqlClient;SqlConnection;add_InfoMessage;(System.Data.SqlClient.SqlInfoMessageEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Data.SqlClient;SqlConnection;remove_InfoMessage;(System.Data.SqlClient.SqlInfoMessageEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | -| System.Data.SqlClient;SqlConnectionStringBuilder;TryGetValue;(System.String,System.Object);Argument[this];ReturnValue;taint;df-generated | +| System.Data.SqlClient;SqlConnectionStringBuilder;TryGetValue;(System.String,System.Object);Argument[this];Argument[1];taint;df-generated | | System.Data.SqlClient;SqlDataAdapter;add_RowUpdated;(System.Data.SqlClient.SqlRowUpdatedEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Data.SqlClient;SqlDataAdapter;add_RowUpdating;(System.Data.SqlClient.SqlRowUpdatingEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Data.SqlClient;SqlDataAdapter;remove_RowUpdated;(System.Data.SqlClient.SqlRowUpdatedEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | @@ -8274,12 +8222,6 @@ | System.Diagnostics.Tracing;EventSource;GetTrait;(System.String);Argument[this].SyntheticField[System.Diagnostics.Tracing.EventSource.m_traits].Element;ReturnValue;value;dfc-generated | | System.Diagnostics.Tracing;EventSource;SendCommand;(System.Diagnostics.Tracing.EventSource,System.Diagnostics.Tracing.EventCommand,System.Collections.Generic.IDictionary);Argument[2];Argument[0].SyntheticField[System.Diagnostics.Tracing.EventSource.m_deferredCommands].Property[System.Diagnostics.Tracing.EventCommandEventArgs.Arguments];value;dfc-generated | | System.Diagnostics.Tracing;EventSource;ToString;();Argument[this];ReturnValue;taint;df-generated | -| System.Diagnostics.Tracing;EventSource;Write;(System.String,System.Diagnostics.Tracing.EventSourceOptions,System.Guid,System.Guid,T);Argument[1];ReturnValue;value;dfc-generated | -| System.Diagnostics.Tracing;EventSource;Write;(System.String,System.Diagnostics.Tracing.EventSourceOptions,System.Guid,System.Guid,T);Argument[2];ReturnValue;value;dfc-generated | -| System.Diagnostics.Tracing;EventSource;Write;(System.String,System.Diagnostics.Tracing.EventSourceOptions,System.Guid,System.Guid,T);Argument[3];ReturnValue;value;dfc-generated | -| System.Diagnostics.Tracing;EventSource;Write;(System.String,System.Diagnostics.Tracing.EventSourceOptions,System.Guid,System.Guid,T);Argument[4];ReturnValue;value;dfc-generated | -| System.Diagnostics.Tracing;EventSource;Write;(System.String,System.Diagnostics.Tracing.EventSourceOptions,T);Argument[1];ReturnValue;value;dfc-generated | -| System.Diagnostics.Tracing;EventSource;Write;(System.String,System.Diagnostics.Tracing.EventSourceOptions,T);Argument[2];ReturnValue;value;dfc-generated | | System.Diagnostics.Tracing;EventSource;add_EventCommandExecuted;(System.EventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;dfc-generated | | System.Diagnostics.Tracing;EventSource;add_EventCommandExecuted;(System.EventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Diagnostics.Tracing;EventSource;add_EventCommandExecuted;(System.EventHandler);Argument[this].SyntheticField[System.Diagnostics.Tracing.EventSource.m_deferredCommands];Argument[0].Parameter[1];value;dfc-generated | @@ -8370,19 +8312,12 @@ | System.Diagnostics;ActivityTagsCollection;Add;(System.Collections.Generic.KeyValuePair);Argument[0].Property[System.Collections.Generic.KeyValuePair`2.Key];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];value;manual | | System.Diagnostics;ActivityTagsCollection;Add;(System.Collections.Generic.KeyValuePair);Argument[0].Property[System.Collections.Generic.KeyValuePair`2.Value];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual | | System.Diagnostics;ActivityTagsCollection;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Diagnostics.ActivityTagsCollection+Enumerator.Current];value;manual | -| System.Diagnostics;ActivityTagsCollection;TryGetValue;(System.String,System.Object);Argument[this];ReturnValue;taint;df-generated | +| System.Diagnostics;ActivityTagsCollection;TryGetValue;(System.String,System.Object);Argument[this];Argument[1];taint;df-generated | | System.Diagnostics;ActivityTraceId;ToHexString;();Argument[this];ReturnValue;taint;df-generated | | System.Diagnostics;ActivityTraceId;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.Diagnostics;CorrelationManager;get_LogicalOperationStack;();Argument[this];ReturnValue;taint;df-generated | | System.Diagnostics;DataReceivedEventArgs;get_Data;();Argument[this];ReturnValue;taint;df-generated | | System.Diagnostics;DataReceivedEventHandler;BeginInvoke;(System.Object,System.Diagnostics.DataReceivedEventArgs,System.AsyncCallback,System.Object);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | -| System.Diagnostics;Debug;Assert;(System.Boolean,System.Diagnostics.Debug+AssertInterpolatedStringHandler);Argument[1];ReturnValue;value;dfc-generated | -| System.Diagnostics;Debug;Assert;(System.Boolean,System.Diagnostics.Debug+AssertInterpolatedStringHandler,System.Diagnostics.Debug+AssertInterpolatedStringHandler);Argument[1];ReturnValue;value;dfc-generated | -| System.Diagnostics;Debug;Assert;(System.Boolean,System.Diagnostics.Debug+AssertInterpolatedStringHandler,System.Diagnostics.Debug+AssertInterpolatedStringHandler);Argument[2];ReturnValue;value;dfc-generated | -| System.Diagnostics;Debug;WriteIf;(System.Boolean,System.Diagnostics.Debug+WriteIfInterpolatedStringHandler);Argument[1];ReturnValue;value;dfc-generated | -| System.Diagnostics;Debug;WriteIf;(System.Boolean,System.Diagnostics.Debug+WriteIfInterpolatedStringHandler,System.String);Argument[1];ReturnValue;value;dfc-generated | -| System.Diagnostics;Debug;WriteLineIf;(System.Boolean,System.Diagnostics.Debug+WriteIfInterpolatedStringHandler);Argument[1];ReturnValue;value;dfc-generated | -| System.Diagnostics;Debug;WriteLineIf;(System.Boolean,System.Diagnostics.Debug+WriteIfInterpolatedStringHandler,System.String);Argument[1];ReturnValue;value;dfc-generated | | System.Diagnostics;DiagnosticListener;DiagnosticListener;(System.String);Argument[0];Argument[this].Property[System.Diagnostics.DiagnosticListener.Name];value;dfc-generated | | System.Diagnostics;DiagnosticListener;Subscribe;(System.IObserver>);Argument[0];ReturnValue;taint;df-generated | | System.Diagnostics;DiagnosticListener;Subscribe;(System.IObserver>);Argument[this];ReturnValue;taint;df-generated | @@ -8693,7 +8628,7 @@ | System.Dynamic;DynamicMetaObjectBinder;Bind;(System.Object[],System.Collections.ObjectModel.ReadOnlyCollection,System.Linq.Expressions.LabelTarget);Argument[2];ReturnValue.Property[System.Linq.Expressions.GotoExpression.Target];value;dfc-generated | | System.Dynamic;ExpandoObject;Add;(System.Collections.Generic.KeyValuePair);Argument[0].Property[System.Collections.Generic.KeyValuePair`2.Key];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];value;manual | | System.Dynamic;ExpandoObject;Add;(System.Collections.Generic.KeyValuePair);Argument[0].Property[System.Collections.Generic.KeyValuePair`2.Value];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual | -| System.Dynamic;ExpandoObject;TryGetValue;(System.String,System.Object);Argument[this];ReturnValue;taint;df-generated | +| System.Dynamic;ExpandoObject;TryGetValue;(System.String,System.Object);Argument[this];Argument[1];taint;df-generated | | System.Dynamic;GetIndexBinder;FallbackGetIndex;(System.Dynamic.DynamicMetaObject,System.Dynamic.DynamicMetaObject[],System.Dynamic.DynamicMetaObject);Argument[2];ReturnValue;value;dfc-generated | | System.Dynamic;GetIndexBinder;GetIndexBinder;(System.Dynamic.CallInfo);Argument[0];Argument[this].Property[System.Dynamic.GetIndexBinder.CallInfo];value;dfc-generated | | System.Dynamic;GetMemberBinder;FallbackGetMember;(System.Dynamic.DynamicMetaObject,System.Dynamic.DynamicMetaObject);Argument[1];ReturnValue;value;dfc-generated | @@ -8715,9 +8650,9 @@ | System.Formats.Asn1;AsnDecoder;TryReadBitString;(System.ReadOnlySpan,System.Span,System.Formats.Asn1.AsnEncodingRules,System.Int32,System.Int32,System.Int32,System.Nullable);Argument[0].Element;Argument[1].Element;value;dfc-generated | | System.Formats.Asn1;AsnDecoder;TryReadCharacterStringBytes;(System.ReadOnlySpan,System.Span,System.Formats.Asn1.AsnEncodingRules,System.Formats.Asn1.Asn1Tag,System.Int32,System.Int32);Argument[0].Element;Argument[1].Element;value;dfc-generated | | System.Formats.Asn1;AsnDecoder;TryReadOctetString;(System.ReadOnlySpan,System.Span,System.Formats.Asn1.AsnEncodingRules,System.Int32,System.Int32,System.Nullable);Argument[0].Element;Argument[1].Element;value;dfc-generated | -| System.Formats.Asn1;AsnDecoder;TryReadPrimitiveBitString;(System.ReadOnlySpan,System.Formats.Asn1.AsnEncodingRules,System.Int32,System.ReadOnlySpan,System.Int32,System.Nullable);Argument[0].Element;ReturnValue.Element;value;dfc-generated | -| System.Formats.Asn1;AsnDecoder;TryReadPrimitiveCharacterStringBytes;(System.ReadOnlySpan,System.Formats.Asn1.AsnEncodingRules,System.Formats.Asn1.Asn1Tag,System.ReadOnlySpan,System.Int32);Argument[0].Element;ReturnValue.Element;value;dfc-generated | -| System.Formats.Asn1;AsnDecoder;TryReadPrimitiveOctetString;(System.ReadOnlySpan,System.Formats.Asn1.AsnEncodingRules,System.ReadOnlySpan,System.Int32,System.Nullable);Argument[0].Element;ReturnValue.Element;value;dfc-generated | +| System.Formats.Asn1;AsnDecoder;TryReadPrimitiveBitString;(System.ReadOnlySpan,System.Formats.Asn1.AsnEncodingRules,System.Int32,System.ReadOnlySpan,System.Int32,System.Nullable);Argument[0].Element;Argument[3].Element;value;dfc-generated | +| System.Formats.Asn1;AsnDecoder;TryReadPrimitiveCharacterStringBytes;(System.ReadOnlySpan,System.Formats.Asn1.AsnEncodingRules,System.Formats.Asn1.Asn1Tag,System.ReadOnlySpan,System.Int32);Argument[0].Element;Argument[3].Element;value;dfc-generated | +| System.Formats.Asn1;AsnDecoder;TryReadPrimitiveOctetString;(System.ReadOnlySpan,System.Formats.Asn1.AsnEncodingRules,System.ReadOnlySpan,System.Int32,System.Nullable);Argument[0].Element;Argument[2].Element;value;dfc-generated | | System.Formats.Asn1;AsnReader;AsnReader;(System.ReadOnlyMemory,System.Formats.Asn1.AsnEncodingRules,System.Formats.Asn1.AsnReaderOptions);Argument[0];Argument[this];taint;df-generated | | System.Formats.Asn1;AsnReader;AsnReader;(System.ReadOnlyMemory,System.Formats.Asn1.AsnEncodingRules,System.Formats.Asn1.AsnReaderOptions);Argument[2];Argument[this];taint;df-generated | | System.Formats.Asn1;AsnReader;ReadBitString;(System.Int32,System.Nullable);Argument[this];ReturnValue;taint;df-generated | @@ -8870,8 +8805,6 @@ | System.IO.Enumeration;FileSystemEnumerable;FileSystemEnumerable;(System.String,System.IO.Enumeration.FileSystemEnumerable+FindTransform,System.IO.EnumerationOptions);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.IO.Enumeration;FileSystemEnumerable;set_ShouldIncludePredicate;(System.IO.Enumeration.FileSystemEnumerable+FindPredicate);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.IO.Enumeration;FileSystemEnumerable;set_ShouldRecursePredicate;(System.IO.Enumeration.FileSystemEnumerable+FindPredicate);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | -| System.IO.Enumeration;FileSystemEnumerator;ShouldIncludeEntry;(System.IO.Enumeration.FileSystemEntry);Argument[0];ReturnValue;value;dfc-generated | -| System.IO.Enumeration;FileSystemEnumerator;ShouldRecurseIntoEntry;(System.IO.Enumeration.FileSystemEntry);Argument[0];ReturnValue;value;dfc-generated | | System.IO.Enumeration;FileSystemEnumerator;get_Current;();Argument[this].Property[System.IO.Enumeration.FileSystemEnumerator`1.Current];ReturnValue;value;df-generated | | System.IO.Enumeration;FileSystemEnumerator;get_Current;();Argument[this].Property[System.IO.Enumeration.FileSystemEnumerator`1.Current];ReturnValue;value;dfc-generated | | System.IO.Enumeration;FileSystemEnumerator;get_Current;();Argument[this];ReturnValue;taint;df-generated | @@ -9083,7 +9016,7 @@ | System.IO;MemoryStream;MemoryStream;(System.Byte[],System.Int32,System.Int32,System.Boolean);Argument[0].Element;Argument[this];taint;manual | | System.IO;MemoryStream;MemoryStream;(System.Byte[],System.Int32,System.Int32,System.Boolean,System.Boolean);Argument[0].Element;Argument[this];taint;manual | | System.IO;MemoryStream;ToArray;();Argument[this];ReturnValue;taint;manual | -| System.IO;MemoryStream;TryGetBuffer;(System.ArraySegment);Argument[this];ReturnValue;taint;df-generated | +| System.IO;MemoryStream;TryGetBuffer;(System.ArraySegment);Argument[this];Argument[0].Element;taint;df-generated | | System.IO;MemoryStream;WriteAsync;(System.ReadOnlyMemory,System.Threading.CancellationToken);Argument[0].Property[System.ReadOnlyMemory`1.Span].Element;Argument[this];taint;df-generated | | System.IO;MemoryStream;WriteAsync;(System.ReadOnlyMemory,System.Threading.CancellationToken);Argument[0].Property[System.ReadOnlyMemory`1.Span].Element;Argument[this];taint;dfc-generated | | System.IO;MemoryStream;WriteTo;(System.IO.Stream);Argument[this];Argument[0];taint;df-generated | @@ -9293,7 +9226,6 @@ | System.IO;UnmanagedMemoryAccessor;Initialize;(System.Runtime.InteropServices.SafeBuffer,System.Int64,System.Int64,System.IO.FileAccess);Argument[0];Argument[this];taint;df-generated | | System.IO;UnmanagedMemoryAccessor;UnmanagedMemoryAccessor;(System.Runtime.InteropServices.SafeBuffer,System.Int64,System.Int64);Argument[0];Argument[this];taint;df-generated | | System.IO;UnmanagedMemoryAccessor;UnmanagedMemoryAccessor;(System.Runtime.InteropServices.SafeBuffer,System.Int64,System.Int64,System.IO.FileAccess);Argument[0];Argument[this];taint;df-generated | -| System.IO;UnmanagedMemoryAccessor;Write;(System.Int64,T);Argument[1];ReturnValue;value;dfc-generated | | System.IO;UnmanagedMemoryStream;Initialize;(System.Byte*,System.Int64,System.Int64,System.IO.FileAccess);Argument[0];Argument[this];taint;df-generated | | System.IO;UnmanagedMemoryStream;Initialize;(System.Runtime.InteropServices.SafeBuffer,System.Int64,System.Int64,System.IO.FileAccess);Argument[0];Argument[this];taint;df-generated | | System.IO;UnmanagedMemoryStream;UnmanagedMemoryStream;(System.Byte*,System.Int64);Argument[0];Argument[this];taint;df-generated | @@ -11183,8 +11115,8 @@ | System.Net.Http.Headers;HttpHeaders;get_NonValidated;();Argument[this];ReturnValue;taint;df-generated | | System.Net.Http.Headers;HttpHeadersNonValidated+Enumerator;get_Current;();Argument[this];ReturnValue;taint;df-generated | | System.Net.Http.Headers;HttpHeadersNonValidated;GetEnumerator;();Argument[this];ReturnValue;taint;df-generated | -| System.Net.Http.Headers;HttpHeadersNonValidated;TryGetValue;(System.String,System.Net.Http.Headers.HeaderStringValues);Argument[0];ReturnValue;taint;df-generated | -| System.Net.Http.Headers;HttpHeadersNonValidated;TryGetValues;(System.String,System.Net.Http.Headers.HeaderStringValues);Argument[0];ReturnValue;taint;df-generated | +| System.Net.Http.Headers;HttpHeadersNonValidated;TryGetValue;(System.String,System.Net.Http.Headers.HeaderStringValues);Argument[0];Argument[1].Element;taint;df-generated | +| System.Net.Http.Headers;HttpHeadersNonValidated;TryGetValues;(System.String,System.Net.Http.Headers.HeaderStringValues);Argument[0];Argument[1].Element;taint;df-generated | | System.Net.Http.Headers;HttpHeadersNonValidated;get_Item;(System.String);Argument[0];ReturnValue;taint;df-generated | | System.Net.Http.Headers;HttpHeadersNonValidated;get_Keys;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];ReturnValue.Element;value;dfc-generated | | System.Net.Http.Headers;HttpHeadersNonValidated;get_Values;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue.Element;value;dfc-generated | @@ -11205,8 +11137,8 @@ | System.Net.Http.Headers;MediaTypeHeaderValue;MediaTypeHeaderValue;(System.Net.Http.Headers.MediaTypeHeaderValue);Argument[0].SyntheticField[System.Net.Http.Headers.MediaTypeHeaderValue._mediaType];Argument[this].SyntheticField[System.Net.Http.Headers.MediaTypeHeaderValue._mediaType];value;dfc-generated | | System.Net.Http.Headers;MediaTypeHeaderValue;MediaTypeHeaderValue;(System.String,System.String);Argument[0];Argument[this].SyntheticField[System.Net.Http.Headers.MediaTypeHeaderValue._mediaType];value;dfc-generated | | System.Net.Http.Headers;MediaTypeHeaderValue;ToString;();Argument[this].SyntheticField[System.Net.Http.Headers.MediaTypeHeaderValue._mediaType];ReturnValue;value;dfc-generated | -| System.Net.Http.Headers;MediaTypeHeaderValue;TryParse;(System.String,System.Net.Http.Headers.MediaTypeHeaderValue);Argument[0];ReturnValue.SyntheticField[System.Net.Http.Headers.MediaTypeHeaderValue._mediaType];taint;dfc-generated | -| System.Net.Http.Headers;MediaTypeWithQualityHeaderValue;TryParse;(System.String,System.Net.Http.Headers.MediaTypeWithQualityHeaderValue);Argument[0];ReturnValue;taint;df-generated | +| System.Net.Http.Headers;MediaTypeHeaderValue;TryParse;(System.String,System.Net.Http.Headers.MediaTypeHeaderValue);Argument[0];Argument[1].SyntheticField[System.Net.Http.Headers.MediaTypeHeaderValue._mediaType];taint;dfc-generated | +| System.Net.Http.Headers;MediaTypeWithQualityHeaderValue;TryParse;(System.String,System.Net.Http.Headers.MediaTypeWithQualityHeaderValue);Argument[0];Argument[1];taint;df-generated | | System.Net.Http.Headers;NameValueHeaderValue;NameValueHeaderValue;(System.Net.Http.Headers.NameValueHeaderValue);Argument[0].SyntheticField[System.Net.Http.Headers.NameValueHeaderValue._name];Argument[this].SyntheticField[System.Net.Http.Headers.NameValueHeaderValue._name];value;dfc-generated | | System.Net.Http.Headers;NameValueHeaderValue;NameValueHeaderValue;(System.Net.Http.Headers.NameValueHeaderValue);Argument[0].SyntheticField[System.Net.Http.Headers.NameValueHeaderValue._value];Argument[this].SyntheticField[System.Net.Http.Headers.NameValueHeaderValue._value];value;dfc-generated | | System.Net.Http.Headers;NameValueHeaderValue;NameValueHeaderValue;(System.String,System.String);Argument[0];Argument[this].SyntheticField[System.Net.Http.Headers.NameValueHeaderValue._name];value;dfc-generated | @@ -11250,9 +11182,9 @@ | System.Net.Http.Headers;TransferCodingHeaderValue;ToString;();Argument[this].SyntheticField[System.Net.Http.Headers.TransferCodingHeaderValue._value];ReturnValue;taint;dfc-generated | | System.Net.Http.Headers;TransferCodingHeaderValue;TransferCodingHeaderValue;(System.Net.Http.Headers.TransferCodingHeaderValue);Argument[0].SyntheticField[System.Net.Http.Headers.TransferCodingHeaderValue._value];Argument[this].SyntheticField[System.Net.Http.Headers.TransferCodingHeaderValue._value];value;dfc-generated | | System.Net.Http.Headers;TransferCodingHeaderValue;TransferCodingHeaderValue;(System.String);Argument[0];Argument[this].SyntheticField[System.Net.Http.Headers.TransferCodingHeaderValue._value];value;dfc-generated | -| System.Net.Http.Headers;TransferCodingHeaderValue;TryParse;(System.String,System.Net.Http.Headers.TransferCodingHeaderValue);Argument[0];ReturnValue.SyntheticField[System.Net.Http.Headers.TransferCodingHeaderValue._value];taint;dfc-generated | +| System.Net.Http.Headers;TransferCodingHeaderValue;TryParse;(System.String,System.Net.Http.Headers.TransferCodingHeaderValue);Argument[0];Argument[1].SyntheticField[System.Net.Http.Headers.TransferCodingHeaderValue._value];taint;dfc-generated | | System.Net.Http.Headers;TransferCodingHeaderValue;get_Value;();Argument[this].SyntheticField[System.Net.Http.Headers.TransferCodingHeaderValue._value];ReturnValue;value;dfc-generated | -| System.Net.Http.Headers;TransferCodingWithQualityHeaderValue;TryParse;(System.String,System.Net.Http.Headers.TransferCodingWithQualityHeaderValue);Argument[0];ReturnValue;taint;df-generated | +| System.Net.Http.Headers;TransferCodingWithQualityHeaderValue;TryParse;(System.String,System.Net.Http.Headers.TransferCodingWithQualityHeaderValue);Argument[0];Argument[1];taint;df-generated | | System.Net.Http.Headers;ViaHeaderValue;ViaHeaderValue;(System.String,System.String,System.String,System.String);Argument[0];Argument[this].SyntheticField[System.Net.Http.Headers.ViaHeaderValue._protocolVersion];value;dfc-generated | | System.Net.Http.Headers;ViaHeaderValue;ViaHeaderValue;(System.String,System.String,System.String,System.String);Argument[1];Argument[this].SyntheticField[System.Net.Http.Headers.ViaHeaderValue._receivedBy];value;dfc-generated | | System.Net.Http.Headers;ViaHeaderValue;ViaHeaderValue;(System.String,System.String,System.String,System.String);Argument[2];Argument[this].SyntheticField[System.Net.Http.Headers.ViaHeaderValue._protocolName];value;dfc-generated | @@ -11331,8 +11263,7 @@ | System.Net.Http;HttpRequestMessage;HttpRequestMessage;(System.Net.Http.HttpMethod,System.String);Argument[1];Argument[this];taint;manual | | System.Net.Http;HttpRequestMessage;HttpRequestMessage;(System.Net.Http.HttpMethod,System.Uri);Argument[0];Argument[this];taint;manual | | System.Net.Http;HttpRequestMessage;HttpRequestMessage;(System.Net.Http.HttpMethod,System.Uri);Argument[1];Argument[this];taint;manual | -| System.Net.Http;HttpRequestMessage;ToString;();Argument[this].SyntheticField[System.Net.Http.HttpRequestMessage._method];ReturnValue;taint;dfc-generated | -| System.Net.Http;HttpRequestMessage;ToString;();Argument[this].SyntheticField[System.Net.Http.HttpRequestMessage._requestUri];ReturnValue;taint;dfc-generated | +| System.Net.Http;HttpRequestMessage;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.Net.Http;HttpRequestMessage;get_Properties;();Argument[this].Property[System.Net.Http.HttpRequestMessage.Options];ReturnValue;value;dfc-generated | | System.Net.Http;HttpRequestOptions;Add;(System.Collections.Generic.KeyValuePair);Argument[0].Property[System.Collections.Generic.KeyValuePair`2.Key];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];value;manual | | System.Net.Http;HttpRequestOptions;Add;(System.Collections.Generic.KeyValuePair);Argument[0].Property[System.Collections.Generic.KeyValuePair`2.Value];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual | @@ -11401,17 +11332,17 @@ | System.Net.Mail;MailAddress;MailAddress;(System.String,System.String,System.Text.Encoding);Argument[0];Argument[this].SyntheticField[System.Net.Mail.MailAddress._userName];taint;dfc-generated | | System.Net.Mail;MailAddress;MailAddress;(System.String,System.String,System.Text.Encoding);Argument[1];Argument[this].SyntheticField[System.Net.Mail.MailAddress._displayName];value;dfc-generated | | System.Net.Mail;MailAddress;ToString;();Argument[this];ReturnValue;taint;df-generated | -| System.Net.Mail;MailAddress;TryCreate;(System.String,System.Net.Mail.MailAddress);Argument[0];ReturnValue.SyntheticField[System.Net.Mail.MailAddress._displayName];taint;dfc-generated | -| System.Net.Mail;MailAddress;TryCreate;(System.String,System.Net.Mail.MailAddress);Argument[0];ReturnValue.SyntheticField[System.Net.Mail.MailAddress._host];taint;dfc-generated | -| System.Net.Mail;MailAddress;TryCreate;(System.String,System.Net.Mail.MailAddress);Argument[0];ReturnValue.SyntheticField[System.Net.Mail.MailAddress._userName];taint;dfc-generated | -| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Net.Mail.MailAddress);Argument[0];ReturnValue.SyntheticField[System.Net.Mail.MailAddress._displayName];taint;dfc-generated | -| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Net.Mail.MailAddress);Argument[0];ReturnValue.SyntheticField[System.Net.Mail.MailAddress._host];taint;dfc-generated | -| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Net.Mail.MailAddress);Argument[0];ReturnValue.SyntheticField[System.Net.Mail.MailAddress._userName];taint;dfc-generated | -| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Net.Mail.MailAddress);Argument[1];ReturnValue.SyntheticField[System.Net.Mail.MailAddress._displayName];value;dfc-generated | -| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Text.Encoding,System.Net.Mail.MailAddress);Argument[0];ReturnValue.SyntheticField[System.Net.Mail.MailAddress._displayName];taint;dfc-generated | -| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Text.Encoding,System.Net.Mail.MailAddress);Argument[0];ReturnValue.SyntheticField[System.Net.Mail.MailAddress._host];taint;dfc-generated | -| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Text.Encoding,System.Net.Mail.MailAddress);Argument[0];ReturnValue.SyntheticField[System.Net.Mail.MailAddress._userName];taint;dfc-generated | -| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Text.Encoding,System.Net.Mail.MailAddress);Argument[1];ReturnValue.SyntheticField[System.Net.Mail.MailAddress._displayName];value;dfc-generated | +| System.Net.Mail;MailAddress;TryCreate;(System.String,System.Net.Mail.MailAddress);Argument[0];Argument[1].SyntheticField[System.Net.Mail.MailAddress._displayName];taint;dfc-generated | +| System.Net.Mail;MailAddress;TryCreate;(System.String,System.Net.Mail.MailAddress);Argument[0];Argument[1].SyntheticField[System.Net.Mail.MailAddress._host];taint;dfc-generated | +| System.Net.Mail;MailAddress;TryCreate;(System.String,System.Net.Mail.MailAddress);Argument[0];Argument[1].SyntheticField[System.Net.Mail.MailAddress._userName];taint;dfc-generated | +| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Net.Mail.MailAddress);Argument[0];Argument[2].SyntheticField[System.Net.Mail.MailAddress._displayName];taint;dfc-generated | +| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Net.Mail.MailAddress);Argument[0];Argument[2].SyntheticField[System.Net.Mail.MailAddress._host];taint;dfc-generated | +| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Net.Mail.MailAddress);Argument[0];Argument[2].SyntheticField[System.Net.Mail.MailAddress._userName];taint;dfc-generated | +| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Net.Mail.MailAddress);Argument[1];Argument[2].SyntheticField[System.Net.Mail.MailAddress._displayName];value;dfc-generated | +| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Text.Encoding,System.Net.Mail.MailAddress);Argument[0];Argument[3].SyntheticField[System.Net.Mail.MailAddress._displayName];taint;dfc-generated | +| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Text.Encoding,System.Net.Mail.MailAddress);Argument[0];Argument[3].SyntheticField[System.Net.Mail.MailAddress._host];taint;dfc-generated | +| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Text.Encoding,System.Net.Mail.MailAddress);Argument[0];Argument[3].SyntheticField[System.Net.Mail.MailAddress._userName];taint;dfc-generated | +| System.Net.Mail;MailAddress;TryCreate;(System.String,System.String,System.Text.Encoding,System.Net.Mail.MailAddress);Argument[1];Argument[3].SyntheticField[System.Net.Mail.MailAddress._displayName];value;dfc-generated | | System.Net.Mail;MailAddress;get_Address;();Argument[this].SyntheticField[System.Net.Mail.MailAddress._host];ReturnValue;taint;dfc-generated | | System.Net.Mail;MailAddress;get_Address;();Argument[this].SyntheticField[System.Net.Mail.MailAddress._userName];ReturnValue;taint;dfc-generated | | System.Net.Mail;MailAddress;get_DisplayName;();Argument[this].SyntheticField[System.Net.Mail.MailAddress._displayName];ReturnValue;value;dfc-generated | @@ -11600,13 +11531,7 @@ | System.Net.Sockets;Socket;BeginReceive;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.Sockets.SocketError,System.AsyncCallback,System.Object);Argument[5];Argument[5].Parameter[delegate-self];value;hq-generated | | System.Net.Sockets;Socket;BeginReceive;(System.Collections.Generic.IList>,System.Net.Sockets.SocketFlags,System.AsyncCallback,System.Object);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | | System.Net.Sockets;Socket;BeginReceive;(System.Collections.Generic.IList>,System.Net.Sockets.SocketFlags,System.Net.Sockets.SocketError,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;hq-generated | -| System.Net.Sockets;Socket;BeginReceiveFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.AsyncCallback,System.Object);Argument[4];ReturnValue;value;dfc-generated | -| System.Net.Sockets;Socket;BeginReceiveFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.AsyncCallback,System.Object);Argument[4];ReturnValue;value;hq-generated | -| System.Net.Sockets;Socket;BeginReceiveFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.AsyncCallback,System.Object);Argument[5];Argument[5].Parameter[delegate-self];value;dfc-generated | | System.Net.Sockets;Socket;BeginReceiveFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.AsyncCallback,System.Object);Argument[5];Argument[5].Parameter[delegate-self];value;hq-generated | -| System.Net.Sockets;Socket;BeginReceiveMessageFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.AsyncCallback,System.Object);Argument[4];ReturnValue;value;dfc-generated | -| System.Net.Sockets;Socket;BeginReceiveMessageFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.AsyncCallback,System.Object);Argument[4];ReturnValue;value;hq-generated | -| System.Net.Sockets;Socket;BeginReceiveMessageFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.AsyncCallback,System.Object);Argument[5];Argument[5].Parameter[delegate-self];value;dfc-generated | | System.Net.Sockets;Socket;BeginReceiveMessageFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.AsyncCallback,System.Object);Argument[5];Argument[5].Parameter[delegate-self];value;hq-generated | | System.Net.Sockets;Socket;BeginSend;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.AsyncCallback,System.Object);Argument[4];Argument[4].Parameter[delegate-self];value;hq-generated | | System.Net.Sockets;Socket;BeginSend;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.Sockets.SocketError,System.AsyncCallback,System.Object);Argument[5];Argument[5].Parameter[delegate-self];value;hq-generated | @@ -11622,18 +11547,16 @@ | System.Net.Sockets;Socket;ConnectAsync;(System.Net.Sockets.SocketAsyncEventArgs);Argument[0];Argument[this];taint;df-generated | | System.Net.Sockets;Socket;ConnectAsync;(System.Net.Sockets.SocketAsyncEventArgs);Argument[this];Argument[0];taint;df-generated | | System.Net.Sockets;Socket;DisconnectAsync;(System.Net.Sockets.SocketAsyncEventArgs);Argument[this];Argument[0];taint;df-generated | -| System.Net.Sockets;Socket;EndReceiveFrom;(System.IAsyncResult,System.Net.EndPoint);Argument[1];ReturnValue;value;dfc-generated | -| System.Net.Sockets;Socket;EndReceiveMessageFrom;(System.IAsyncResult,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.Net.Sockets.IPPacketInformation);Argument[2];ReturnValue;value;dfc-generated | | System.Net.Sockets;Socket;ReceiveAsync;(System.Net.Sockets.SocketAsyncEventArgs);Argument[this];Argument[0];taint;df-generated | -| System.Net.Sockets;Socket;ReceiveFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint);Argument[4];ReturnValue;value;dfc-generated | -| System.Net.Sockets;Socket;ReceiveFrom;(System.Byte[],System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint);Argument[3];ReturnValue;value;dfc-generated | -| System.Net.Sockets;Socket;ReceiveFrom;(System.Byte[],System.Net.EndPoint);Argument[1];ReturnValue;value;dfc-generated | -| System.Net.Sockets;Socket;ReceiveFrom;(System.Byte[],System.Net.Sockets.SocketFlags,System.Net.EndPoint);Argument[2];ReturnValue;value;dfc-generated | -| System.Net.Sockets;Socket;ReceiveFrom;(System.Span,System.Net.EndPoint);Argument[1];ReturnValue;value;dfc-generated | -| System.Net.Sockets;Socket;ReceiveFrom;(System.Span,System.Net.Sockets.SocketFlags,System.Net.EndPoint);Argument[2];ReturnValue;value;dfc-generated | +| System.Net.Sockets;Socket;ReceiveFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint);Argument[4];Argument[this];taint;df-generated | +| System.Net.Sockets;Socket;ReceiveFrom;(System.Byte[],System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint);Argument[3];Argument[this];taint;df-generated | +| System.Net.Sockets;Socket;ReceiveFrom;(System.Byte[],System.Net.EndPoint);Argument[1];Argument[this];taint;df-generated | +| System.Net.Sockets;Socket;ReceiveFrom;(System.Byte[],System.Net.Sockets.SocketFlags,System.Net.EndPoint);Argument[2];Argument[this];taint;df-generated | +| System.Net.Sockets;Socket;ReceiveFrom;(System.Span,System.Net.EndPoint);Argument[1];Argument[this];taint;df-generated | +| System.Net.Sockets;Socket;ReceiveFrom;(System.Span,System.Net.Sockets.SocketFlags,System.Net.EndPoint);Argument[2];Argument[this];taint;df-generated | | System.Net.Sockets;Socket;ReceiveFromAsync;(System.Net.Sockets.SocketAsyncEventArgs);Argument[this];Argument[0];taint;df-generated | -| System.Net.Sockets;Socket;ReceiveMessageFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.Net.Sockets.IPPacketInformation);Argument[4];ReturnValue;value;dfc-generated | -| System.Net.Sockets;Socket;ReceiveMessageFrom;(System.Span,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.Net.Sockets.IPPacketInformation);Argument[2];ReturnValue;value;dfc-generated | +| System.Net.Sockets;Socket;ReceiveMessageFrom;(System.Byte[],System.Int32,System.Int32,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.Net.Sockets.IPPacketInformation);Argument[4];Argument[this];taint;df-generated | +| System.Net.Sockets;Socket;ReceiveMessageFrom;(System.Span,System.Net.Sockets.SocketFlags,System.Net.EndPoint,System.Net.Sockets.IPPacketInformation);Argument[2];Argument[this];taint;df-generated | | System.Net.Sockets;Socket;ReceiveMessageFromAsync;(System.Net.Sockets.SocketAsyncEventArgs);Argument[this];Argument[0];taint;df-generated | | System.Net.Sockets;Socket;SendAsync;(System.Net.Sockets.SocketAsyncEventArgs);Argument[this];Argument[0];taint;df-generated | | System.Net.Sockets;Socket;SendPacketsAsync;(System.Net.Sockets.SocketAsyncEventArgs);Argument[this];Argument[0];taint;df-generated | @@ -11929,7 +11852,7 @@ | System.Net;WriteStreamClosedEventHandler;BeginInvoke;(System.Object,System.Net.WriteStreamClosedEventArgs,System.AsyncCallback,System.Object);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | | System.Numerics;BigInteger;Abs;(System.Numerics.BigInteger);Argument[0];ReturnValue;value;dfc-generated | | System.Numerics;BigInteger;DivRem;(System.Numerics.BigInteger,System.Numerics.BigInteger);Argument[0];ReturnValue.Field[System.ValueTuple`2.Item2];value;dfc-generated | -| System.Numerics;BigInteger;DivRem;(System.Numerics.BigInteger,System.Numerics.BigInteger,System.Numerics.BigInteger);Argument[0];ReturnValue;value;dfc-generated | +| System.Numerics;BigInteger;DivRem;(System.Numerics.BigInteger,System.Numerics.BigInteger,System.Numerics.BigInteger);Argument[0];Argument[2];value;dfc-generated | | System.Numerics;BigInteger;MaxMagnitude;(System.Numerics.BigInteger,System.Numerics.BigInteger);Argument[0];ReturnValue;value;dfc-generated | | System.Numerics;BigInteger;MaxMagnitude;(System.Numerics.BigInteger,System.Numerics.BigInteger);Argument[1];ReturnValue;value;dfc-generated | | System.Numerics;BigInteger;MaxMagnitudeNumber;(System.Numerics.BigInteger,System.Numerics.BigInteger);Argument[0];ReturnValue;value;dfc-generated | @@ -11977,7 +11900,6 @@ | System.Numerics;Vector;Round;(System.Numerics.Vector,System.MidpointRounding);Argument[0];ReturnValue;value;dfc-generated | | System.Numerics;Vector;Round;(System.Numerics.Vector);Argument[0];ReturnValue;value;dfc-generated | | System.Numerics;Vector;Round;(System.Numerics.Vector,System.MidpointRounding);Argument[0];ReturnValue;value;dfc-generated | -| System.Numerics;Vector;StoreUnsafe;(System.Numerics.Vector,T);Argument[1];ReturnValue;value;dfc-generated | | System.Numerics;Vector;Truncate;(System.Numerics.Vector);Argument[0];ReturnValue;value;dfc-generated | | System.Numerics;Vector;Truncate;(System.Numerics.Vector);Argument[0];ReturnValue;value;dfc-generated | | System.Numerics;Vector;WithElement;(System.Numerics.Vector,System.Int32,T);Argument[0];ReturnValue;value;dfc-generated | @@ -12090,6 +12012,7 @@ | System.Reflection.Emit;ParameterBuilder;get_Name;();Argument[this];ReturnValue;taint;df-generated | | System.Reflection.Emit;PersistedAssemblyBuilder;DefineDynamicModuleCore;(System.String);Argument[0];ReturnValue.SyntheticField[System.Reflection.Emit.ModuleBuilderImpl._name];value;dfc-generated | | System.Reflection.Emit;PersistedAssemblyBuilder;GenerateMetadata;(System.Reflection.Metadata.BlobBuilder,System.Reflection.Metadata.BlobBuilder);Argument[this];ReturnValue;taint;df-generated | +| System.Reflection.Emit;PersistedAssemblyBuilder;GenerateMetadata;(System.Reflection.Metadata.BlobBuilder,System.Reflection.Metadata.BlobBuilder,System.Reflection.Metadata.Ecma335.MetadataBuilder);Argument[this];Argument[2];taint;df-generated | | System.Reflection.Emit;PersistedAssemblyBuilder;GenerateMetadata;(System.Reflection.Metadata.BlobBuilder,System.Reflection.Metadata.BlobBuilder,System.Reflection.Metadata.Ecma335.MetadataBuilder);Argument[this];ReturnValue;taint;df-generated | | System.Reflection.Emit;PersistedAssemblyBuilder;PersistedAssemblyBuilder;(System.Reflection.AssemblyName,System.Reflection.Assembly,System.Collections.Generic.IEnumerable);Argument[1];Argument[this];taint;df-generated | | System.Reflection.Emit;PropertyBuilder;AddOtherMethodCore;(System.Reflection.Emit.MethodBuilder);Argument[0];Argument[this];taint;df-generated | @@ -12207,11 +12130,8 @@ | System.Reflection.Metadata.Ecma335;PortablePdbBuilder;Serialize;(System.Reflection.Metadata.BlobBuilder);Argument[this];ReturnValue;taint;df-generated | | System.Reflection.Metadata.Ecma335;ReturnTypeEncoder;ReturnTypeEncoder;(System.Reflection.Metadata.BlobBuilder);Argument[0];Argument[this].Property[System.Reflection.Metadata.Ecma335.ReturnTypeEncoder.Builder];value;dfc-generated | | System.Reflection.Metadata.Ecma335;ScalarEncoder;ScalarEncoder;(System.Reflection.Metadata.BlobBuilder);Argument[0];Argument[this].Property[System.Reflection.Metadata.Ecma335.ScalarEncoder.Builder];value;dfc-generated | -| System.Reflection.Metadata.Ecma335;SignatureDecoder;DecodeFieldSignature;(System.Reflection.Metadata.BlobReader);Argument[0];ReturnValue;value;dfc-generated | -| System.Reflection.Metadata.Ecma335;SignatureDecoder;DecodeLocalSignature;(System.Reflection.Metadata.BlobReader);Argument[0];ReturnValue;value;dfc-generated | -| System.Reflection.Metadata.Ecma335;SignatureDecoder;DecodeMethodSignature;(System.Reflection.Metadata.BlobReader);Argument[0];ReturnValue;value;dfc-generated | -| System.Reflection.Metadata.Ecma335;SignatureDecoder;DecodeMethodSpecificationSignature;(System.Reflection.Metadata.BlobReader);Argument[0];ReturnValue;value;dfc-generated | -| System.Reflection.Metadata.Ecma335;SignatureDecoder;DecodeType;(System.Reflection.Metadata.BlobReader,System.Boolean);Argument[0];ReturnValue;value;dfc-generated | +| System.Reflection.Metadata.Ecma335;SignatureDecoder;DecodeFieldSignature;(System.Reflection.Metadata.BlobReader);Argument[this];ReturnValue;taint;df-generated | +| System.Reflection.Metadata.Ecma335;SignatureDecoder;DecodeType;(System.Reflection.Metadata.BlobReader,System.Boolean);Argument[this];ReturnValue;taint;df-generated | | System.Reflection.Metadata.Ecma335;SignatureDecoder;SignatureDecoder;(System.Reflection.Metadata.ISignatureTypeProvider,System.Reflection.Metadata.MetadataReader,TGenericContext);Argument[0];Argument[this];taint;df-generated | | System.Reflection.Metadata.Ecma335;SignatureDecoder;SignatureDecoder;(System.Reflection.Metadata.ISignatureTypeProvider,System.Reflection.Metadata.MetadataReader,TGenericContext);Argument[1];Argument[this];taint;df-generated | | System.Reflection.Metadata.Ecma335;SignatureDecoder;SignatureDecoder;(System.Reflection.Metadata.ISignatureTypeProvider,System.Reflection.Metadata.MetadataReader,TGenericContext);Argument[2];Argument[this];taint;df-generated | @@ -12221,7 +12141,7 @@ | System.Reflection.Metadata.Ecma335;SignatureTypeEncoder;Array;(System.Action,System.Action);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Reflection.Metadata.Ecma335;SignatureTypeEncoder;Array;(System.Action,System.Action);Argument[this];Argument[0].Parameter[0];value;dfc-generated | | System.Reflection.Metadata.Ecma335;SignatureTypeEncoder;Array;(System.Action,System.Action);Argument[this];Argument[0].Parameter[0];value;hq-generated | -| System.Reflection.Metadata.Ecma335;SignatureTypeEncoder;Array;(System.Reflection.Metadata.Ecma335.SignatureTypeEncoder,System.Reflection.Metadata.Ecma335.ArrayShapeEncoder);Argument[this];ReturnValue;value;dfc-generated | +| System.Reflection.Metadata.Ecma335;SignatureTypeEncoder;Array;(System.Reflection.Metadata.Ecma335.SignatureTypeEncoder,System.Reflection.Metadata.Ecma335.ArrayShapeEncoder);Argument[this];Argument[0];value;dfc-generated | | System.Reflection.Metadata.Ecma335;SignatureTypeEncoder;Pointer;();Argument[this];ReturnValue;value;dfc-generated | | System.Reflection.Metadata.Ecma335;SignatureTypeEncoder;SZArray;();Argument[this];ReturnValue;value;dfc-generated | | System.Reflection.Metadata.Ecma335;SignatureTypeEncoder;SignatureTypeEncoder;(System.Reflection.Metadata.BlobBuilder);Argument[0];Argument[this].Property[System.Reflection.Metadata.Ecma335.SignatureTypeEncoder.Builder];value;dfc-generated | @@ -12250,7 +12170,6 @@ | System.Reflection.Metadata;BlobBuilder;LinkSuffix;(System.Reflection.Metadata.BlobBuilder);Argument[this];Argument[0];taint;df-generated | | System.Reflection.Metadata;BlobBuilder;ReserveBytes;(System.Int32);Argument[this];ReturnValue;taint;df-generated | | System.Reflection.Metadata;BlobBuilder;TryWriteBytes;(System.IO.Stream,System.Int32);Argument[0];Argument[this];taint;df-generated | -| System.Reflection.Metadata;BlobBuilder;WriteContentTo;(System.Reflection.Metadata.BlobWriter);Argument[0];ReturnValue;value;dfc-generated | | System.Reflection.Metadata;BlobContentId;BlobContentId;(System.Guid,System.UInt32);Argument[0];Argument[this].SyntheticField[System.Reflection.Metadata.BlobContentId._guid];value;dfc-generated | | System.Reflection.Metadata;BlobContentId;get_Guid;();Argument[this].SyntheticField[System.Reflection.Metadata.BlobContentId._guid];ReturnValue;value;dfc-generated | | System.Reflection.Metadata;BlobReader;ReadConstant;(System.Reflection.Metadata.ConstantTypeCode);Argument[this];ReturnValue;taint;df-generated | @@ -12502,8 +12421,8 @@ | System.Reflection.PortableExecutable;PEReader;PEReader;(System.IO.Stream,System.Reflection.PortableExecutable.PEStreamOptions,System.Int32);Argument[0];Argument[this];taint;df-generated | | System.Reflection.PortableExecutable;PEReader;TryOpenAssociatedPortablePdb;(System.String,System.Func,System.Reflection.Metadata.MetadataReaderProvider,System.String);Argument[0];Argument[1].Parameter[0];taint;dfc-generated | | System.Reflection.PortableExecutable;PEReader;TryOpenAssociatedPortablePdb;(System.String,System.Func,System.Reflection.Metadata.MetadataReaderProvider,System.String);Argument[0];Argument[1].Parameter[0];taint;hq-generated | -| System.Reflection.PortableExecutable;PEReader;TryOpenAssociatedPortablePdb;(System.String,System.Func,System.Reflection.Metadata.MetadataReaderProvider,System.String);Argument[0];ReturnValue;taint;dfc-generated | -| System.Reflection.PortableExecutable;PEReader;TryOpenAssociatedPortablePdb;(System.String,System.Func,System.Reflection.Metadata.MetadataReaderProvider,System.String);Argument[0];ReturnValue;taint;hq-generated | +| System.Reflection.PortableExecutable;PEReader;TryOpenAssociatedPortablePdb;(System.String,System.Func,System.Reflection.Metadata.MetadataReaderProvider,System.String);Argument[0];Argument[3];taint;dfc-generated | +| System.Reflection.PortableExecutable;PEReader;TryOpenAssociatedPortablePdb;(System.String,System.Func,System.Reflection.Metadata.MetadataReaderProvider,System.String);Argument[0];Argument[3];taint;hq-generated | | System.Reflection.PortableExecutable;PEReader;TryOpenAssociatedPortablePdb;(System.String,System.Func,System.Reflection.Metadata.MetadataReaderProvider,System.String);Argument[1];Argument[1].Parameter[delegate-self];value;dfc-generated | | System.Reflection.PortableExecutable;PEReader;TryOpenAssociatedPortablePdb;(System.String,System.Func,System.Reflection.Metadata.MetadataReaderProvider,System.String);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Reflection.PortableExecutable;PEReader;get_PEHeaders;();Argument[this];ReturnValue;taint;df-generated | @@ -12541,11 +12460,7 @@ | System.Reflection;AssemblyName;get_EscapedCodeBase;();Argument[this];ReturnValue;taint;df-generated | | System.Reflection;Binder;BindToField;(System.Reflection.BindingFlags,System.Reflection.FieldInfo[],System.Object,System.Globalization.CultureInfo);Argument[1].Element;ReturnValue;value;dfc-generated | | System.Reflection;Binder;BindToMethod;(System.Reflection.BindingFlags,System.Reflection.MethodBase[],System.Object[],System.Reflection.ParameterModifier[],System.Globalization.CultureInfo,System.String[],System.Object);Argument[1].Element;ReturnValue;value;dfc-generated | -| System.Reflection;Binder;BindToMethod;(System.Reflection.BindingFlags,System.Reflection.MethodBase[],System.Object[],System.Reflection.ParameterModifier[],System.Globalization.CultureInfo,System.String[],System.Object);Argument[2].Element;ReturnValue.Element;value;dfc-generated | -| System.Reflection;Binder;BindToMethod;(System.Reflection.BindingFlags,System.Reflection.MethodBase[],System.Object[],System.Reflection.ParameterModifier[],System.Globalization.CultureInfo,System.String[],System.Object);Argument[2];ReturnValue;value;dfc-generated | | System.Reflection;Binder;ReorderArgumentArray;(System.Object[],System.Object);Argument[0].Element.Element;Argument[0].Element;value;dfc-generated | -| System.Reflection;Binder;ReorderArgumentArray;(System.Object[],System.Object);Argument[0].Element.Element;ReturnValue.Element;value;dfc-generated | -| System.Reflection;Binder;ReorderArgumentArray;(System.Object[],System.Object);Argument[0];ReturnValue;value;dfc-generated | | System.Reflection;Binder;SelectMethod;(System.Reflection.BindingFlags,System.Reflection.MethodBase[],System.Type[],System.Reflection.ParameterModifier[]);Argument[1].Element;ReturnValue;value;dfc-generated | | System.Reflection;Binder;SelectProperty;(System.Reflection.BindingFlags,System.Reflection.PropertyInfo[],System.Type,System.Type[],System.Reflection.ParameterModifier[]);Argument[1].Element;ReturnValue;value;dfc-generated | | System.Reflection;ConstructorInvoker;Invoke;();Argument[this];ReturnValue;taint;df-generated | @@ -12733,7 +12648,7 @@ | System.Resources;ResourceManager;GetString;(System.String,System.Globalization.CultureInfo);Argument[1];Argument[this];taint;df-generated | | System.Resources;ResourceManager;ResourceManager;(System.String,System.Reflection.Assembly);Argument[1];Argument[this].Field[System.Resources.ResourceManager.MainAssembly];value;dfc-generated | | System.Resources;ResourceManager;ResourceManager;(System.String,System.Reflection.Assembly,System.Type);Argument[1];Argument[this].Field[System.Resources.ResourceManager.MainAssembly];value;dfc-generated | -| System.Resources;ResourceReader;GetResourceData;(System.String,System.String,System.Byte[]);Argument[this];ReturnValue;taint;df-generated | +| System.Resources;ResourceReader;GetResourceData;(System.String,System.String,System.Byte[]);Argument[this];Argument[1];taint;df-generated | | System.Resources;ResourceReader;ResourceReader;(System.IO.Stream);Argument[0];Argument[this];taint;df-generated | | System.Resources;ResourceSet;GetEnumerator;();Argument[this];ReturnValue;taint;df-generated | | System.Resources;ResourceSet;GetObject;(System.String);Argument[this];ReturnValue;taint;df-generated | @@ -12742,41 +12657,21 @@ | System.Resources;ResourceWriter;ResourceWriter;(System.IO.Stream);Argument[0];Argument[this];taint;df-generated | | System.Resources;ResourceWriter;ResourceWriter;(System.String);Argument[0];Argument[this];taint;df-generated | | System.Resources;ResourceWriter;set_TypeNameConverter;(System.Func);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | -| System.Runtime.CompilerServices;AsyncIteratorMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncIteratorMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncIteratorMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncIteratorMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncIteratorMethodBuilder;MoveNext;(TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;Start;(TStateMachine);Argument[0];ReturnValue;value;dfc-generated | +| System.Runtime.CompilerServices;AsyncIteratorMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | +| System.Runtime.CompilerServices;AsyncIteratorMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | +| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | +| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | | System.Runtime.CompilerServices;AsyncTaskMethodBuilder;get_Task;();Argument[this];ReturnValue;taint;df-generated | -| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | +| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | +| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | | System.Runtime.CompilerServices;AsyncTaskMethodBuilder;SetResult;(TResult);Argument[0];Argument[this].SyntheticField[System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1.m_task].Property[System.Threading.Tasks.Task`1.Result];value;dfc-generated | -| System.Runtime.CompilerServices;AsyncTaskMethodBuilder;Start;(TStateMachine);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.CompilerServices;AsyncTaskMethodBuilder;get_Task;();Argument[this].SyntheticField[System.Runtime.CompilerServices.AsyncTaskMethodBuilder`1.m_task];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;Start;(TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | +| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | +| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | +| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | +| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | | System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;SetResult;(TResult);Argument[0];Argument[this];taint;df-generated | -| System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;Start;(TStateMachine);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.CompilerServices;AsyncValueTaskMethodBuilder;get_Task;();Argument[this];ReturnValue;taint;df-generated | -| System.Runtime.CompilerServices;AsyncVoidMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncVoidMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncVoidMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncVoidMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;AsyncVoidMethodBuilder;Start;(TStateMachine);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.CompilerServices;CallSite;get_Binder;();Argument[this];ReturnValue;taint;df-generated | | System.Runtime.CompilerServices;ConditionalWeakTable+CreateValueCallback;BeginInvoke;(TKey,System.AsyncCallback,System.Object);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Runtime.CompilerServices;ConditionalWeakTable;Clear;();Argument[this].WithoutElement;Argument[this];value;manual | @@ -12809,17 +12704,11 @@ | System.Runtime.CompilerServices;IRuntimeVariables;get_Item;(System.Int32);Argument[this];ReturnValue;taint;df-generated | | System.Runtime.CompilerServices;ITuple;get_Item;(System.Int32);Argument[this];ReturnValue;taint;df-generated | | System.Runtime.CompilerServices;NullableAttribute;NullableAttribute;(System.Byte[]);Argument[0];Argument[this].Field[System.Runtime.CompilerServices.NullableAttribute.NullableFlags];value;dfc-generated | -| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;Start;(TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];ReturnValue;value;dfc-generated | +| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | +| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | +| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;AwaitOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | +| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;AwaitUnsafeOnCompleted;(TAwaiter,TStateMachine);Argument[1];Argument[this];taint;df-generated | | System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;SetResult;(TResult);Argument[0];Argument[this];taint;df-generated | -| System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;Start;(TStateMachine);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.CompilerServices;PoolingAsyncValueTaskMethodBuilder;get_Task;();Argument[this];ReturnValue;taint;df-generated | | System.Runtime.CompilerServices;ReadOnlyCollectionBuilder;ReadOnlyCollectionBuilder;(System.Collections.Generic.IEnumerable);Argument[0].Element;Argument[this];taint;df-generated | | System.Runtime.CompilerServices;RuntimeHelpers+CleanupCode;BeginInvoke;(System.Object,System.Boolean,System.AsyncCallback,System.Object);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | @@ -12841,15 +12730,6 @@ | System.Runtime.CompilerServices;TaskAwaiter;GetResult;();Argument[this].SyntheticField[m_task_task_awaiter].Property[System.Threading.Tasks.Task`1.Result];ReturnValue;value;manual | | System.Runtime.CompilerServices;TupleElementNamesAttribute;TupleElementNamesAttribute;(System.String[]);Argument[0];Argument[this].SyntheticField[System.Runtime.CompilerServices.TupleElementNamesAttribute._transformNames];value;dfc-generated | | System.Runtime.CompilerServices;TupleElementNamesAttribute;get_TransformNames;();Argument[this].SyntheticField[System.Runtime.CompilerServices.TupleElementNamesAttribute._transformNames];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;Unsafe;Add;(T,System.Int32);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;Unsafe;Add;(T,System.IntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;Unsafe;Add;(T,System.UIntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;Unsafe;AddByteOffset;(T,System.UIntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;Unsafe;Copy;(T,System.Void*);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;Unsafe;Subtract;(T,System.Int32);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;Unsafe;Subtract;(T,System.IntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;Unsafe;Subtract;(T,System.UIntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.CompilerServices;Unsafe;SubtractByteOffset;(T,System.UIntPtr);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.CompilerServices;ValueTaskAwaiter;GetResult;();Argument[this];ReturnValue;taint;df-generated | | System.Runtime.ExceptionServices;ExceptionDispatchInfo;Capture;(System.Exception);Argument[0];ReturnValue.SyntheticField[System.Runtime.ExceptionServices.ExceptionDispatchInfo._exception];value;dfc-generated | | System.Runtime.ExceptionServices;ExceptionDispatchInfo;SetCurrentStackTrace;(System.Exception);Argument[0];ReturnValue;value;dfc-generated | @@ -12947,8 +12827,8 @@ | System.Runtime.InteropServices.Marshalling;SpanMarshaller+ManagedToUnmanagedIn;GetUnmanagedValuesDestination;();Argument[this];ReturnValue;taint;df-generated | | System.Runtime.InteropServices.Marshalling;SpanMarshaller;GetManagedValuesDestination;(System.Span);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.InteropServices.Marshalling;Utf8StringMarshaller+ManagedToUnmanagedIn;ToUnmanaged;();Argument[this];ReturnValue;taint;df-generated | -| System.Runtime.InteropServices.Marshalling;VirtualMethodTableInfo;Deconstruct;(System.Void*,System.Void**);Argument[this].Property[System.Runtime.InteropServices.Marshalling.VirtualMethodTableInfo.ThisPointer];ReturnValue;value;dfc-generated | -| System.Runtime.InteropServices.Marshalling;VirtualMethodTableInfo;Deconstruct;(System.Void*,System.Void**);Argument[this].Property[System.Runtime.InteropServices.Marshalling.VirtualMethodTableInfo.VirtualMethodTable];ReturnValue;value;dfc-generated | +| System.Runtime.InteropServices.Marshalling;VirtualMethodTableInfo;Deconstruct;(System.Void*,System.Void**);Argument[this].Property[System.Runtime.InteropServices.Marshalling.VirtualMethodTableInfo.ThisPointer];Argument[0];value;dfc-generated | +| System.Runtime.InteropServices.Marshalling;VirtualMethodTableInfo;Deconstruct;(System.Void*,System.Void**);Argument[this].Property[System.Runtime.InteropServices.Marshalling.VirtualMethodTableInfo.VirtualMethodTable];Argument[1];value;dfc-generated | | System.Runtime.InteropServices.Marshalling;VirtualMethodTableInfo;VirtualMethodTableInfo;(System.Void*,System.Void**);Argument[0];Argument[this].Property[System.Runtime.InteropServices.Marshalling.VirtualMethodTableInfo.ThisPointer];value;dfc-generated | | System.Runtime.InteropServices.Marshalling;VirtualMethodTableInfo;VirtualMethodTableInfo;(System.Void*,System.Void**);Argument[1];Argument[this].Property[System.Runtime.InteropServices.Marshalling.VirtualMethodTableInfo.VirtualMethodTable];value;dfc-generated | | System.Runtime.InteropServices.ObjectiveC;ObjectiveCMarshal+UnhandledExceptionPropagationHandler;BeginInvoke;(System.Exception,System.RuntimeMethodHandle,System.IntPtr,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;hq-generated | @@ -12978,23 +12858,21 @@ | System.Runtime.InteropServices;ManagedToNativeComInteropStubAttribute;ManagedToNativeComInteropStubAttribute;(System.Type,System.String);Argument[1];Argument[this].Property[System.Runtime.InteropServices.ManagedToNativeComInteropStubAttribute.MethodName];value;dfc-generated | | System.Runtime.InteropServices;Marshal;InitHandle;(System.Runtime.InteropServices.SafeHandle,System.IntPtr);Argument[1];Argument[0].Field[System.Runtime.InteropServices.SafeHandle.handle];value;dfc-generated | | System.Runtime.InteropServices;MemoryMarshal;CreateFromPinnedArray;(T[],System.Int32,System.Int32);Argument[0].Element;ReturnValue;taint;df-generated | -| System.Runtime.InteropServices;MemoryMarshal;CreateSpan;(T,System.Int32);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.InteropServices;MemoryMarshal;ToEnumerable;(System.ReadOnlyMemory);Argument[0].Property[System.ReadOnlyMemory`1.Span].Element;ReturnValue.Element;value;dfc-generated | -| System.Runtime.InteropServices;MemoryMarshal;TryGetMemoryManager;(System.ReadOnlyMemory,TManager);Argument[0];ReturnValue;taint;df-generated | -| System.Runtime.InteropServices;MemoryMarshal;TryGetMemoryManager;(System.ReadOnlyMemory,TManager,System.Int32,System.Int32);Argument[0];ReturnValue;taint;df-generated | -| System.Runtime.InteropServices;MemoryMarshal;TryGetString;(System.ReadOnlyMemory,System.String,System.Int32,System.Int32);Argument[0].SyntheticField[System.ReadOnlyMemory`1._object];ReturnValue;value;dfc-generated | +| System.Runtime.InteropServices;MemoryMarshal;TryGetMemoryManager;(System.ReadOnlyMemory,TManager);Argument[0];Argument[1];taint;df-generated | +| System.Runtime.InteropServices;MemoryMarshal;TryGetMemoryManager;(System.ReadOnlyMemory,TManager,System.Int32,System.Int32);Argument[0];Argument[1];taint;df-generated | +| System.Runtime.InteropServices;MemoryMarshal;TryGetString;(System.ReadOnlyMemory,System.String,System.Int32,System.Int32);Argument[0].SyntheticField[System.ReadOnlyMemory`1._object];Argument[1];value;dfc-generated | | System.Runtime.InteropServices;NFloat;ToString;(System.IFormatProvider);Argument[0];ReturnValue;taint;df-generated | | System.Runtime.InteropServices;NativeLibrary;SetDllImportResolver;(System.Reflection.Assembly,System.Runtime.InteropServices.DllImportResolver);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Runtime.InteropServices;OSPlatform;Create;(System.String);Argument[0];ReturnValue.SyntheticField[System.Runtime.InteropServices.OSPlatform.Name];value;dfc-generated | | System.Runtime.InteropServices;OSPlatform;ToString;();Argument[this].SyntheticField[System.Runtime.InteropServices.OSPlatform.Name];ReturnValue;value;dfc-generated | | System.Runtime.InteropServices;PosixSignalRegistration;Create;(System.Runtime.InteropServices.PosixSignal,System.Action);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | -| System.Runtime.InteropServices;SafeBuffer;AcquirePointer;(System.Byte*);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.InteropServices;SafeHandle;DangerousGetHandle;();Argument[this].Field[System.Runtime.InteropServices.SafeHandle.handle];ReturnValue;value;dfc-generated | | System.Runtime.InteropServices;SafeHandle;SafeHandle;(System.IntPtr,System.Boolean);Argument[0];Argument[this].Field[System.Runtime.InteropServices.SafeHandle.handle];value;dfc-generated | | System.Runtime.InteropServices;SafeHandle;SetHandle;(System.IntPtr);Argument[0];Argument[this].Field[System.Runtime.InteropServices.SafeHandle.handle];value;dfc-generated | -| System.Runtime.InteropServices;SequenceMarshal;TryGetReadOnlyMemory;(System.Buffers.ReadOnlySequence,System.ReadOnlyMemory);Argument[0].Property[System.Buffers.ReadOnlySequence`1.First];ReturnValue;value;dfc-generated | -| System.Runtime.InteropServices;SequenceMarshal;TryGetReadOnlySequenceSegment;(System.Buffers.ReadOnlySequence,System.Buffers.ReadOnlySequenceSegment,System.Int32,System.Buffers.ReadOnlySequenceSegment,System.Int32);Argument[0];ReturnValue;taint;df-generated | -| System.Runtime.InteropServices;SequenceMarshal;TryRead;(System.Buffers.SequenceReader,T);Argument[0];ReturnValue;value;dfc-generated | +| System.Runtime.InteropServices;SequenceMarshal;TryGetReadOnlyMemory;(System.Buffers.ReadOnlySequence,System.ReadOnlyMemory);Argument[0].Property[System.Buffers.ReadOnlySequence`1.First];Argument[1];value;dfc-generated | +| System.Runtime.InteropServices;SequenceMarshal;TryGetReadOnlySequenceSegment;(System.Buffers.ReadOnlySequence,System.Buffers.ReadOnlySequenceSegment,System.Int32,System.Buffers.ReadOnlySequenceSegment,System.Int32);Argument[0];Argument[1];taint;df-generated | +| System.Runtime.InteropServices;SequenceMarshal;TryGetReadOnlySequenceSegment;(System.Buffers.ReadOnlySequence,System.Buffers.ReadOnlySequenceSegment,System.Int32,System.Buffers.ReadOnlySequenceSegment,System.Int32);Argument[0];Argument[3];taint;df-generated | | System.Runtime.Intrinsics;Vector64;Abs;(System.Runtime.Intrinsics.Vector64);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector64;Ceiling;(System.Runtime.Intrinsics.Vector64);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector64;Ceiling;(System.Runtime.Intrinsics.Vector64);Argument[0];ReturnValue;value;dfc-generated | @@ -13005,7 +12883,6 @@ | System.Runtime.Intrinsics;Vector64;Round;(System.Runtime.Intrinsics.Vector64,System.MidpointRounding);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector64;Round;(System.Runtime.Intrinsics.Vector64);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector64;Round;(System.Runtime.Intrinsics.Vector64,System.MidpointRounding);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.Intrinsics;Vector64;StoreUnsafe;(System.Runtime.Intrinsics.Vector64,T);Argument[1];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector64;Truncate;(System.Runtime.Intrinsics.Vector64);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector64;Truncate;(System.Runtime.Intrinsics.Vector64);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector64;WithElement;(System.Runtime.Intrinsics.Vector64,System.Int32,T);Argument[0];ReturnValue;value;dfc-generated | @@ -13022,7 +12899,6 @@ | System.Runtime.Intrinsics;Vector128;Round;(System.Runtime.Intrinsics.Vector128,System.MidpointRounding);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector128;Round;(System.Runtime.Intrinsics.Vector128);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector128;Round;(System.Runtime.Intrinsics.Vector128,System.MidpointRounding);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.Intrinsics;Vector128;StoreUnsafe;(System.Runtime.Intrinsics.Vector128,T);Argument[1];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector128;Truncate;(System.Runtime.Intrinsics.Vector128);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector128;Truncate;(System.Runtime.Intrinsics.Vector128);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector128;WithElement;(System.Runtime.Intrinsics.Vector128,System.Int32,T);Argument[0];ReturnValue;value;dfc-generated | @@ -13041,7 +12917,6 @@ | System.Runtime.Intrinsics;Vector256;Round;(System.Runtime.Intrinsics.Vector256,System.MidpointRounding);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector256;Round;(System.Runtime.Intrinsics.Vector256);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector256;Round;(System.Runtime.Intrinsics.Vector256,System.MidpointRounding);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.Intrinsics;Vector256;StoreUnsafe;(System.Runtime.Intrinsics.Vector256,T);Argument[1];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector256;Truncate;(System.Runtime.Intrinsics.Vector256);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector256;Truncate;(System.Runtime.Intrinsics.Vector256);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector256;WithElement;(System.Runtime.Intrinsics.Vector256,System.Int32,T);Argument[0];ReturnValue;value;dfc-generated | @@ -13060,7 +12935,6 @@ | System.Runtime.Intrinsics;Vector512;Round;(System.Runtime.Intrinsics.Vector512,System.MidpointRounding);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector512;Round;(System.Runtime.Intrinsics.Vector512);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector512;Round;(System.Runtime.Intrinsics.Vector512,System.MidpointRounding);Argument[0];ReturnValue;value;dfc-generated | -| System.Runtime.Intrinsics;Vector512;StoreUnsafe;(System.Runtime.Intrinsics.Vector512,T);Argument[1];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector512;Truncate;(System.Runtime.Intrinsics.Vector512);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector512;Truncate;(System.Runtime.Intrinsics.Vector512);Argument[0];ReturnValue;value;dfc-generated | | System.Runtime.Intrinsics;Vector512;WithElement;(System.Runtime.Intrinsics.Vector512,System.Int32,T);Argument[0];ReturnValue;value;dfc-generated | @@ -13083,7 +12957,9 @@ | System.Runtime.Loader;AssemblyLoadContext;remove_Unloading;(System.Action);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Runtime.Remoting;ObjectHandle;ObjectHandle;(System.Object);Argument[0];Argument[this].SyntheticField[System.Runtime.Remoting.ObjectHandle._wrappedObject];value;dfc-generated | | System.Runtime.Remoting;ObjectHandle;Unwrap;();Argument[this].SyntheticField[System.Runtime.Remoting.ObjectHandle._wrappedObject];ReturnValue;value;dfc-generated | -| System.Runtime.Serialization.DataContracts;DataContract;IsDictionaryLike;(System.String,System.String,System.String);Argument[this];ReturnValue;taint;df-generated | +| System.Runtime.Serialization.DataContracts;DataContract;IsDictionaryLike;(System.String,System.String,System.String);Argument[this];Argument[0];taint;df-generated | +| System.Runtime.Serialization.DataContracts;DataContract;IsDictionaryLike;(System.String,System.String,System.String);Argument[this];Argument[1];taint;df-generated | +| System.Runtime.Serialization.DataContracts;DataContract;IsDictionaryLike;(System.String,System.String,System.String);Argument[this];Argument[2];taint;df-generated | | System.Runtime.Serialization.DataContracts;DataContract;get_BaseContract;();Argument[this];ReturnValue;taint;df-generated | | System.Runtime.Serialization.DataContracts;DataContract;get_DataMembers;();Argument[this];ReturnValue;taint;df-generated | | System.Runtime.Serialization.DataContracts;DataContractSet;DataContractSet;(System.Runtime.Serialization.DataContracts.DataContractSet);Argument[0];Argument[this];taint;df-generated | @@ -13130,7 +13006,7 @@ | System.Runtime.Serialization;IFormatterConverter;ToString;(System.Object);Argument[0];ReturnValue;taint;dfc-generated | | System.Runtime.Serialization;IObjectReference;GetRealObject;(System.Runtime.Serialization.StreamingContext);Argument[this];ReturnValue;taint;df-generated | | System.Runtime.Serialization;ISerializable;GetObjectData;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);Argument[this];Argument[0];taint;df-generated | -| System.Runtime.Serialization;ISurrogateSelector;GetSurrogate;(System.Type,System.Runtime.Serialization.StreamingContext,System.Runtime.Serialization.ISurrogateSelector);Argument[this];ReturnValue;value;dfc-generated | +| System.Runtime.Serialization;ISurrogateSelector;GetSurrogate;(System.Type,System.Runtime.Serialization.StreamingContext,System.Runtime.Serialization.ISurrogateSelector);Argument[this];Argument[2];value;dfc-generated | | System.Runtime.Serialization;KnownTypeAttribute;KnownTypeAttribute;(System.String);Argument[0];Argument[this].Property[System.Runtime.Serialization.KnownTypeAttribute.MethodName];value;dfc-generated | | System.Runtime.Serialization;ObjectIDGenerator;GetId;(System.Object,System.Boolean);Argument[0];Argument[this];taint;df-generated | | System.Runtime.Serialization;ObjectManager;GetObject;(System.Int64);Argument[this];ReturnValue;taint;df-generated | @@ -13174,7 +13050,7 @@ | System.Runtime.Serialization;StreamingContext;get_Context;();Argument[this].SyntheticField[System.Runtime.Serialization.StreamingContext._additionalContext];ReturnValue;value;dfc-generated | | System.Runtime.Serialization;SurrogateSelector;ChainSelector;(System.Runtime.Serialization.ISurrogateSelector);Argument[0];Argument[this].SyntheticField[System.Runtime.Serialization.SurrogateSelector._nextSelector];value;dfc-generated | | System.Runtime.Serialization;SurrogateSelector;GetNextSelector;();Argument[this].SyntheticField[System.Runtime.Serialization.SurrogateSelector._nextSelector];ReturnValue;value;dfc-generated | -| System.Runtime.Serialization;SurrogateSelector;GetSurrogate;(System.Type,System.Runtime.Serialization.StreamingContext,System.Runtime.Serialization.ISurrogateSelector);Argument[this].SyntheticField[System.Runtime.Serialization.SurrogateSelector._nextSelector];ReturnValue;value;dfc-generated | +| System.Runtime.Serialization;SurrogateSelector;GetSurrogate;(System.Type,System.Runtime.Serialization.StreamingContext,System.Runtime.Serialization.ISurrogateSelector);Argument[this].SyntheticField[System.Runtime.Serialization.SurrogateSelector._nextSelector];Argument[2];value;dfc-generated | | System.Runtime.Serialization;XPathQueryGenerator;CreateFromDataContractSerializer;(System.Type,System.Reflection.MemberInfo[],System.Text.StringBuilder,System.Xml.XmlNamespaceManager);Argument[2];ReturnValue;taint;dfc-generated | | System.Runtime.Serialization;XmlSerializableServices;WriteNodes;(System.Xml.XmlWriter,System.Xml.XmlNode[]);Argument[1].Element;Argument[0];taint;df-generated | | System.Runtime.Serialization;XsdDataContractExporter;XsdDataContractExporter;(System.Xml.Schema.XmlSchemaSet);Argument[0];Argument[this].SyntheticField[System.Runtime.Serialization.XsdDataContractExporter._schemas];value;dfc-generated | @@ -13442,7 +13318,7 @@ | System.Security.Cryptography.Xml;SignedInfo;get_CanonicalizationMethodObject;();Argument[this];ReturnValue;taint;df-generated | | System.Security.Cryptography.Xml;SignedInfo;get_References;();Argument[this].SyntheticField[System.Security.Cryptography.Xml.SignedInfo._references];ReturnValue;value;dfc-generated | | System.Security.Cryptography.Xml;SignedXml;CheckSignature;(System.Security.Cryptography.KeyedHashAlgorithm);Argument[0];Argument[this];taint;df-generated | -| System.Security.Cryptography.Xml;SignedXml;CheckSignatureReturningKey;(System.Security.Cryptography.AsymmetricAlgorithm);Argument[this];ReturnValue;taint;df-generated | +| System.Security.Cryptography.Xml;SignedXml;CheckSignatureReturningKey;(System.Security.Cryptography.AsymmetricAlgorithm);Argument[this];Argument[0];taint;df-generated | | System.Security.Cryptography.Xml;SignedXml;ComputeSignature;(System.Security.Cryptography.KeyedHashAlgorithm);Argument[0];Argument[this];taint;df-generated | | System.Security.Cryptography.Xml;SignedXml;GetIdElement;(System.Xml.XmlDocument,System.String);Argument[0].Element;ReturnValue;taint;df-generated | | System.Security.Cryptography.Xml;SignedXml;GetPublicKey;();Argument[this];ReturnValue;taint;df-generated | @@ -13690,7 +13566,6 @@ | System.Text.Json.Nodes;JsonNode;AsValue;();Argument[this];ReturnValue;value;dfc-generated | | System.Text.Json.Nodes;JsonNode;DeepClone;();Argument[this];ReturnValue;taint;df-generated | | System.Text.Json.Nodes;JsonNode;GetValue;();Argument[this];ReturnValue;taint;df-generated | -| System.Text.Json.Nodes;JsonNode;Parse;(System.Text.Json.Utf8JsonReader,System.Nullable);Argument[0];ReturnValue;value;dfc-generated | | System.Text.Json.Nodes;JsonNode;ReplaceWith;(T);Argument[this];Argument[0];taint;df-generated | | System.Text.Json.Nodes;JsonNode;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.Text.Json.Nodes;JsonNode;get_Options;();Argument[this];ReturnValue;taint;df-generated | @@ -13700,7 +13575,7 @@ | System.Text.Json.Nodes;JsonObject;SetAt;(System.Int32,System.String,System.Text.Json.Nodes.JsonNode);Argument[this];Argument[2];taint;df-generated | | System.Text.Json.Nodes;JsonObject;SetAt;(System.Int32,System.Text.Json.Nodes.JsonNode);Argument[this];Argument[1];taint;df-generated | | System.Text.Json.Nodes;JsonValue;Create;(T,System.Text.Json.Serialization.Metadata.JsonTypeInfo,System.Nullable);Argument[1];ReturnValue;taint;df-generated | -| System.Text.Json.Nodes;JsonValue;TryGetValue;(T);Argument[this];ReturnValue;taint;df-generated | +| System.Text.Json.Nodes;JsonValue;TryGetValue;(T);Argument[this];Argument[0];taint;df-generated | | System.Text.Json.Schema;JsonSchemaExporterOptions;set_TransformSchemaNode;(System.Func);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Text.Json.Serialization.Metadata;IJsonTypeInfoResolver;GetTypeInfo;(System.Type,System.Text.Json.JsonSerializerOptions);Argument[1];ReturnValue;taint;df-generated | | System.Text.Json.Serialization.Metadata;IJsonTypeInfoResolver;GetTypeInfo;(System.Type,System.Text.Json.JsonSerializerOptions);Argument[this];ReturnValue;taint;df-generated | @@ -13761,7 +13636,6 @@ | System.Text.Json.Serialization.Metadata;JsonTypeInfoResolver;Combine;(System.Text.Json.Serialization.Metadata.IJsonTypeInfoResolver[]);Argument[0].Element;ReturnValue;taint;df-generated | | System.Text.Json.Serialization.Metadata;JsonTypeInfoResolver;WithAddedModifier;(System.Text.Json.Serialization.Metadata.IJsonTypeInfoResolver,System.Action);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Text.Json.Serialization;JsonConverter;ReadAsPropertyName;(System.Text.Json.Utf8JsonReader,System.Type,System.Text.Json.JsonSerializerOptions);Argument[0].Property[System.Text.Json.Utf8JsonReader.ValueSpan].Element;ReturnValue;taint;dfc-generated | -| System.Text.Json.Serialization;JsonConverter;ReadAsPropertyName;(System.Text.Json.Utf8JsonReader,System.Type,System.Text.Json.JsonSerializerOptions);Argument[0];ReturnValue;value;dfc-generated | | System.Text.Json.Serialization;JsonConverterFactory;CreateConverter;(System.Type,System.Text.Json.JsonSerializerOptions);Argument[this];ReturnValue;taint;df-generated | | System.Text.Json.Serialization;JsonDerivedTypeAttribute;JsonDerivedTypeAttribute;(System.Type,System.String);Argument[1];Argument[this].Property[System.Text.Json.Serialization.JsonDerivedTypeAttribute.TypeDiscriminator];value;dfc-generated | | System.Text.Json.Serialization;JsonPropertyNameAttribute;JsonPropertyNameAttribute;(System.String);Argument[0];Argument[this].Property[System.Text.Json.Serialization.JsonPropertyNameAttribute.Name];value;dfc-generated | @@ -13772,8 +13646,6 @@ | System.Text.Json.Serialization;JsonStringEnumMemberNameAttribute;JsonStringEnumMemberNameAttribute;(System.String);Argument[0];Argument[this].Property[System.Text.Json.Serialization.JsonStringEnumMemberNameAttribute.Name];value;dfc-generated | | System.Text.Json;JsonDocument;Parse;(System.Buffers.ReadOnlySequence,System.Text.Json.JsonDocumentOptions);Argument[0];ReturnValue;taint;df-generated | | System.Text.Json;JsonDocument;Parse;(System.ReadOnlyMemory,System.Text.Json.JsonDocumentOptions);Argument[0];ReturnValue;taint;df-generated | -| System.Text.Json;JsonDocument;ParseValue;(System.Text.Json.Utf8JsonReader);Argument[0];ReturnValue;value;dfc-generated | -| System.Text.Json;JsonDocument;TryParseValue;(System.Text.Json.Utf8JsonReader,System.Text.Json.JsonDocument);Argument[0];ReturnValue;value;dfc-generated | | System.Text.Json;JsonDocument;get_RootElement;();Argument[this];ReturnValue;taint;df-generated | | System.Text.Json;JsonElement+ArrayEnumerator;GetEnumerator;();Argument[this];ReturnValue;value;dfc-generated | | System.Text.Json;JsonElement+ArrayEnumerator;get_Current;();Argument[this].Property[System.Text.Json.JsonElement+ArrayEnumerator.Current];ReturnValue;value;df-generated | @@ -13791,11 +13663,9 @@ | System.Text.Json;JsonElement;GetProperty;(System.ReadOnlySpan);Argument[this];ReturnValue;taint;df-generated | | System.Text.Json;JsonElement;GetProperty;(System.ReadOnlySpan);Argument[this];ReturnValue;taint;df-generated | | System.Text.Json;JsonElement;GetProperty;(System.String);Argument[this];ReturnValue;taint;df-generated | -| System.Text.Json;JsonElement;ParseValue;(System.Text.Json.Utf8JsonReader);Argument[0];ReturnValue;value;dfc-generated | -| System.Text.Json;JsonElement;TryGetProperty;(System.ReadOnlySpan,System.Text.Json.JsonElement);Argument[this];ReturnValue;taint;df-generated | -| System.Text.Json;JsonElement;TryGetProperty;(System.ReadOnlySpan,System.Text.Json.JsonElement);Argument[this];ReturnValue;taint;df-generated | -| System.Text.Json;JsonElement;TryGetProperty;(System.String,System.Text.Json.JsonElement);Argument[this];ReturnValue;taint;df-generated | -| System.Text.Json;JsonElement;TryParseValue;(System.Text.Json.Utf8JsonReader,System.Nullable);Argument[0];ReturnValue;value;dfc-generated | +| System.Text.Json;JsonElement;TryGetProperty;(System.ReadOnlySpan,System.Text.Json.JsonElement);Argument[this];Argument[1];taint;df-generated | +| System.Text.Json;JsonElement;TryGetProperty;(System.ReadOnlySpan,System.Text.Json.JsonElement);Argument[this];Argument[1];taint;df-generated | +| System.Text.Json;JsonElement;TryGetProperty;(System.String,System.Text.Json.JsonElement);Argument[this];Argument[1];taint;df-generated | | System.Text.Json;JsonElement;get_Item;(System.Int32);Argument[this];ReturnValue;taint;df-generated | | System.Text.Json;JsonEncodedText;Encode;(System.ReadOnlySpan,System.Text.Encodings.Web.JavaScriptEncoder);Argument[0];ReturnValue;taint;df-generated | | System.Text.Json;JsonEncodedText;ToString;();Argument[this];ReturnValue;taint;df-generated | @@ -13817,11 +13687,6 @@ | System.Text.Json;JsonProperty;get_Name;();Argument[this];ReturnValue;taint;df-generated | | System.Text.Json;JsonReaderState;JsonReaderState;(System.Text.Json.JsonReaderOptions);Argument[0];Argument[this].SyntheticField[System.Text.Json.JsonReaderState._readerOptions];value;dfc-generated | | System.Text.Json;JsonReaderState;get_Options;();Argument[this].SyntheticField[System.Text.Json.JsonReaderState._readerOptions];ReturnValue;value;dfc-generated | -| System.Text.Json;JsonSerializer;Deserialize;(System.Text.Json.Utf8JsonReader,System.Text.Json.Serialization.Metadata.JsonTypeInfo);Argument[0];ReturnValue;value;dfc-generated | -| System.Text.Json;JsonSerializer;Deserialize;(System.Text.Json.Utf8JsonReader,System.Type,System.Text.Json.JsonSerializerOptions);Argument[0];ReturnValue;value;dfc-generated | -| System.Text.Json;JsonSerializer;Deserialize;(System.Text.Json.Utf8JsonReader,System.Type,System.Text.Json.Serialization.JsonSerializerContext);Argument[0];ReturnValue;value;dfc-generated | -| System.Text.Json;JsonSerializer;Deserialize;(System.Text.Json.Utf8JsonReader,System.Text.Json.JsonSerializerOptions);Argument[0];ReturnValue;value;dfc-generated | -| System.Text.Json;JsonSerializer;Deserialize;(System.Text.Json.Utf8JsonReader,System.Text.Json.Serialization.Metadata.JsonTypeInfo);Argument[0];ReturnValue;value;dfc-generated | | System.Text.Json;JsonSerializer;Serialize;(System.IO.Stream,System.Object,System.Text.Json.Serialization.Metadata.JsonTypeInfo);Argument[1];Argument[2];taint;df-generated | | System.Text.Json;JsonSerializer;Serialize;(System.Object,System.Text.Json.Serialization.Metadata.JsonTypeInfo);Argument[0];Argument[1];taint;df-generated | | System.Text.Json;JsonSerializer;Serialize;(System.Text.Json.Utf8JsonWriter,System.Object,System.Text.Json.Serialization.Metadata.JsonTypeInfo);Argument[0];Argument[2];taint;df-generated | @@ -13845,7 +13710,7 @@ | System.Text.Json;JsonSerializerOptions;GetConverter;(System.Type);Argument[this];ReturnValue;taint;df-generated | | System.Text.Json;JsonSerializerOptions;GetTypeInfo;(System.Type);Argument[this];ReturnValue;taint;df-generated | | System.Text.Json;JsonSerializerOptions;JsonSerializerOptions;(System.Text.Json.JsonSerializerOptions);Argument[0];Argument[this];taint;df-generated | -| System.Text.Json;JsonSerializerOptions;TryGetTypeInfo;(System.Type,System.Text.Json.Serialization.Metadata.JsonTypeInfo);Argument[this];ReturnValue;taint;df-generated | +| System.Text.Json;JsonSerializerOptions;TryGetTypeInfo;(System.Type,System.Text.Json.Serialization.Metadata.JsonTypeInfo);Argument[this];Argument[1];taint;df-generated | | System.Text.Json;Utf8JsonReader;CopyString;(System.Span);Argument[this].Property[System.Text.Json.Utf8JsonReader.ValueSpan].Element;Argument[0].Element;value;dfc-generated | | System.Text.Json;Utf8JsonReader;GetComment;();Argument[this].Property[System.Text.Json.Utf8JsonReader.ValueSpan].Element;ReturnValue;taint;dfc-generated | | System.Text.Json;Utf8JsonReader;GetString;();Argument[this].Property[System.Text.Json.Utf8JsonReader.ValueSpan].Element;ReturnValue;taint;dfc-generated | @@ -13863,7 +13728,7 @@ | System.Text.RegularExpressions;GeneratedRegexAttribute;GeneratedRegexAttribute;(System.String,System.Text.RegularExpressions.RegexOptions,System.Int32,System.String);Argument[0];Argument[this].Property[System.Text.RegularExpressions.GeneratedRegexAttribute.Pattern];value;dfc-generated | | System.Text.RegularExpressions;GeneratedRegexAttribute;GeneratedRegexAttribute;(System.String,System.Text.RegularExpressions.RegexOptions,System.Int32,System.String);Argument[3];Argument[this].Property[System.Text.RegularExpressions.GeneratedRegexAttribute.CultureName];value;dfc-generated | | System.Text.RegularExpressions;Group;Synchronized;(System.Text.RegularExpressions.Group);Argument[0];ReturnValue;value;dfc-generated | -| System.Text.RegularExpressions;GroupCollection;TryGetValue;(System.String,System.Text.RegularExpressions.Group);Argument[this].Element;ReturnValue;value;dfc-generated | +| System.Text.RegularExpressions;GroupCollection;TryGetValue;(System.String,System.Text.RegularExpressions.Group);Argument[this].Element;Argument[1];value;dfc-generated | | System.Text.RegularExpressions;GroupCollection;get_Item;(System.Int32);Argument[this].Element;ReturnValue;value;manual | | System.Text.RegularExpressions;GroupCollection;get_Item;(System.String);Argument[this].Element;ReturnValue;value;manual | | System.Text.RegularExpressions;GroupCollection;get_Keys;();Argument[this];ReturnValue;taint;df-generated | @@ -13987,8 +13852,6 @@ | System.Text.Unicode;Utf8+TryWriteInterpolatedStringHandler;TryWriteInterpolatedStringHandler;(System.Int32,System.Int32,System.Span,System.Boolean);Argument[2];Argument[this];taint;df-generated | | System.Text.Unicode;Utf8+TryWriteInterpolatedStringHandler;TryWriteInterpolatedStringHandler;(System.Int32,System.Int32,System.Span,System.IFormatProvider,System.Boolean);Argument[2];Argument[this];taint;df-generated | | System.Text.Unicode;Utf8+TryWriteInterpolatedStringHandler;TryWriteInterpolatedStringHandler;(System.Int32,System.Int32,System.Span,System.IFormatProvider,System.Boolean);Argument[3];Argument[this];taint;df-generated | -| System.Text.Unicode;Utf8;TryWrite;(System.Span,System.IFormatProvider,System.Text.Unicode.Utf8+TryWriteInterpolatedStringHandler,System.Int32);Argument[2];ReturnValue;value;dfc-generated | -| System.Text.Unicode;Utf8;TryWrite;(System.Span,System.Text.Unicode.Utf8+TryWriteInterpolatedStringHandler,System.Int32);Argument[1];ReturnValue;value;dfc-generated | | System.Text;Decoder;get_FallbackBuffer;();Argument[this];ReturnValue;taint;df-generated | | System.Text;DecoderFallback;CreateFallbackBuffer;();Argument[this];ReturnValue;taint;df-generated | | System.Text;DecoderFallbackException;DecoderFallbackException;(System.String,System.Byte[],System.Int32);Argument[1];Argument[this].SyntheticField[System.Text.DecoderFallbackException._bytesUnknown];value;dfc-generated | @@ -14216,8 +14079,8 @@ | System.Threading.RateLimiting;PartitionedRateLimiter;CreateChained;(System.Threading.RateLimiting.PartitionedRateLimiter[]);Argument[0].Element;ReturnValue;taint;df-generated | | System.Threading.RateLimiting;PartitionedRateLimiter;WithTranslatedKey;(System.Func,System.Boolean);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Threading.RateLimiting;RateLimitLease;GetAllMetadata;();Argument[this];ReturnValue;taint;df-generated | -| System.Threading.RateLimiting;RateLimitLease;TryGetMetadata;(System.String,System.Object);Argument[this];ReturnValue;taint;df-generated | -| System.Threading.RateLimiting;RateLimitLease;TryGetMetadata;(System.Threading.RateLimiting.MetadataName,T);Argument[this];ReturnValue;taint;df-generated | +| System.Threading.RateLimiting;RateLimitLease;TryGetMetadata;(System.String,System.Object);Argument[this];Argument[1];taint;df-generated | +| System.Threading.RateLimiting;RateLimitLease;TryGetMetadata;(System.Threading.RateLimiting.MetadataName,T);Argument[this];Argument[1];taint;df-generated | | System.Threading.RateLimiting;RateLimitLease;get_MetadataNames;();Argument[this];ReturnValue;taint;df-generated | | System.Threading.RateLimiting;RateLimitPartition;Get;(TKey,System.Func);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Threading.RateLimiting;RateLimitPartition;GetConcurrencyLimiter;(TKey,System.Func);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | @@ -14264,7 +14127,7 @@ | System.Threading.Tasks.Dataflow;BroadcastBlock;LinkTo;(System.Threading.Tasks.Dataflow.ITargetBlock,System.Threading.Tasks.Dataflow.DataflowLinkOptions);Argument[0];ReturnValue;taint;df-generated | | System.Threading.Tasks.Dataflow;BroadcastBlock;LinkTo;(System.Threading.Tasks.Dataflow.ITargetBlock,System.Threading.Tasks.Dataflow.DataflowLinkOptions);Argument[this];ReturnValue;taint;df-generated | | System.Threading.Tasks.Dataflow;BroadcastBlock;ReserveMessage;(System.Threading.Tasks.Dataflow.DataflowMessageHeader,System.Threading.Tasks.Dataflow.ITargetBlock);Argument[1];Argument[this];taint;df-generated | -| System.Threading.Tasks.Dataflow;BroadcastBlock;TryReceiveAll;(System.Collections.Generic.IList);Argument[this];ReturnValue;taint;df-generated | +| System.Threading.Tasks.Dataflow;BroadcastBlock;TryReceiveAll;(System.Collections.Generic.IList);Argument[this];Argument[0].Element;taint;df-generated | | System.Threading.Tasks.Dataflow;BufferBlock;BufferBlock;(System.Threading.Tasks.Dataflow.DataflowBlockOptions);Argument[0];Argument[this];taint;df-generated | | System.Threading.Tasks.Dataflow;BufferBlock;LinkTo;(System.Threading.Tasks.Dataflow.ITargetBlock,System.Threading.Tasks.Dataflow.DataflowLinkOptions);Argument[0];ReturnValue;taint;df-generated | | System.Threading.Tasks.Dataflow;BufferBlock;LinkTo;(System.Threading.Tasks.Dataflow.ITargetBlock,System.Threading.Tasks.Dataflow.DataflowLinkOptions);Argument[this];ReturnValue;taint;df-generated | @@ -14299,7 +14162,7 @@ | System.Threading.Tasks.Dataflow;DataflowBlock;ReceiveAsync;(System.Threading.Tasks.Dataflow.ISourceBlock,System.TimeSpan,System.Threading.CancellationToken);Argument[0];ReturnValue;taint;df-generated | | System.Threading.Tasks.Dataflow;DataflowBlock;SendAsync;(System.Threading.Tasks.Dataflow.ITargetBlock,TInput);Argument[1];Argument[0];taint;df-generated | | System.Threading.Tasks.Dataflow;DataflowBlock;SendAsync;(System.Threading.Tasks.Dataflow.ITargetBlock,TInput,System.Threading.CancellationToken);Argument[1];Argument[0];taint;df-generated | -| System.Threading.Tasks.Dataflow;DataflowBlock;TryReceive;(System.Threading.Tasks.Dataflow.IReceivableSourceBlock,TOutput);Argument[0];ReturnValue;taint;df-generated | +| System.Threading.Tasks.Dataflow;DataflowBlock;TryReceive;(System.Threading.Tasks.Dataflow.IReceivableSourceBlock,TOutput);Argument[0];Argument[1];taint;df-generated | | System.Threading.Tasks.Dataflow;IDataflowBlock;get_Completion;();Argument[this];ReturnValue;taint;df-generated | | System.Threading.Tasks.Dataflow;IReceivableSourceBlock;TryReceive;(System.Predicate,TOutput);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Threading.Tasks.Dataflow;JoinBlock;JoinBlock;(System.Threading.Tasks.Dataflow.GroupingDataflowBlockOptions);Argument[0];Argument[this];taint;df-generated | @@ -14338,7 +14201,7 @@ | System.Threading.Tasks.Dataflow;WriteOnceBlock;OfferMessage;(System.Threading.Tasks.Dataflow.DataflowMessageHeader,T,System.Threading.Tasks.Dataflow.ISourceBlock,System.Boolean);Argument[1];Argument[this].SyntheticField[System.Threading.Tasks.Dataflow.WriteOnceBlock`1._value];value;dfc-generated | | System.Threading.Tasks.Dataflow;WriteOnceBlock;ReleaseReservation;(System.Threading.Tasks.Dataflow.DataflowMessageHeader,System.Threading.Tasks.Dataflow.ITargetBlock);Argument[this];Argument[1];taint;df-generated | | System.Threading.Tasks.Dataflow;WriteOnceBlock;ToString;();Argument[this];ReturnValue;taint;df-generated | -| System.Threading.Tasks.Dataflow;WriteOnceBlock;TryReceiveAll;(System.Collections.Generic.IList);Argument[this].SyntheticField[System.Threading.Tasks.Dataflow.WriteOnceBlock`1._value];ReturnValue.Element;value;dfc-generated | +| System.Threading.Tasks.Dataflow;WriteOnceBlock;TryReceiveAll;(System.Collections.Generic.IList);Argument[this].SyntheticField[System.Threading.Tasks.Dataflow.WriteOnceBlock`1._value];Argument[0].Element;value;dfc-generated | | System.Threading.Tasks.Dataflow;WriteOnceBlock;WriteOnceBlock;(System.Func);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Threading.Tasks.Dataflow;WriteOnceBlock;WriteOnceBlock;(System.Func,System.Threading.Tasks.Dataflow.DataflowBlockOptions);Argument[0];Argument[0].Parameter[delegate-self];value;dfc-generated | | System.Threading.Tasks.Dataflow;WriteOnceBlock;WriteOnceBlock;(System.Func,System.Threading.Tasks.Dataflow.DataflowBlockOptions);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | @@ -15135,19 +14998,12 @@ | System.Threading;ExecutionContext;Run;(System.Threading.ExecutionContext,System.Threading.ContextCallback,System.Object);Argument[2];Argument[1].Parameter[0];value;hq-generated | | System.Threading;HostExecutionContextManager;SetHostExecutionContext;(System.Threading.HostExecutionContext);Argument[0];ReturnValue;taint;df-generated | | System.Threading;IOCompletionCallback;BeginInvoke;(System.UInt32,System.UInt32,System.Threading.NativeOverlapped*,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;hq-generated | -| System.Threading;Interlocked;CompareExchange;(System.IntPtr,System.IntPtr,System.IntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;Interlocked;CompareExchange;(System.UIntPtr,System.UIntPtr,System.UIntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;Interlocked;CompareExchange;(T,T,T);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;Interlocked;Exchange;(System.IntPtr,System.IntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;Interlocked;Exchange;(System.UIntPtr,System.UIntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;Interlocked;Exchange;(T,T);Argument[0];ReturnValue;value;dfc-generated | | System.Threading;LazyInitializer;EnsureInitialized;(T);Argument[0];ReturnValue;value;dfc-generated | | System.Threading;LazyInitializer;EnsureInitialized;(T,System.Boolean,System.Object);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;LazyInitializer;EnsureInitialized;(T,System.Boolean,System.Object);Argument[2];ReturnValue;value;dfc-generated | | System.Threading;LazyInitializer;EnsureInitialized;(T,System.Boolean,System.Object,System.Func);Argument[0];ReturnValue;value;dfc-generated | | System.Threading;LazyInitializer;EnsureInitialized;(T,System.Boolean,System.Object,System.Func);Argument[0];ReturnValue;value;hq-generated | -| System.Threading;LazyInitializer;EnsureInitialized;(T,System.Boolean,System.Object,System.Func);Argument[2];ReturnValue;value;dfc-generated | -| System.Threading;LazyInitializer;EnsureInitialized;(T,System.Boolean,System.Object,System.Func);Argument[2];ReturnValue;value;hq-generated | +| System.Threading;LazyInitializer;EnsureInitialized;(T,System.Boolean,System.Object,System.Func);Argument[3].ReturnValue;Argument[0];value;dfc-generated | +| System.Threading;LazyInitializer;EnsureInitialized;(T,System.Boolean,System.Object,System.Func);Argument[3].ReturnValue;Argument[0];value;hq-generated | | System.Threading;LazyInitializer;EnsureInitialized;(T,System.Boolean,System.Object,System.Func);Argument[3].ReturnValue;ReturnValue;value;dfc-generated | | System.Threading;LazyInitializer;EnsureInitialized;(T,System.Boolean,System.Object,System.Func);Argument[3].ReturnValue;ReturnValue;value;hq-generated | | System.Threading;LazyInitializer;EnsureInitialized;(T,System.Boolean,System.Object,System.Func);Argument[3];Argument[3].Parameter[delegate-self];value;dfc-generated | @@ -15158,13 +15014,10 @@ | System.Threading;LazyInitializer;EnsureInitialized;(T,System.Func);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Threading;LazyInitializer;EnsureInitialized;(T,System.Object,System.Func);Argument[0];ReturnValue;value;dfc-generated | | System.Threading;LazyInitializer;EnsureInitialized;(T,System.Object,System.Func);Argument[0];ReturnValue;value;hq-generated | -| System.Threading;LazyInitializer;EnsureInitialized;(T,System.Object,System.Func);Argument[1];ReturnValue;value;dfc-generated | -| System.Threading;LazyInitializer;EnsureInitialized;(T,System.Object,System.Func);Argument[1];ReturnValue;value;hq-generated | | System.Threading;LazyInitializer;EnsureInitialized;(T,System.Object,System.Func);Argument[2];Argument[2].Parameter[delegate-self];value;dfc-generated | | System.Threading;LazyInitializer;EnsureInitialized;(T,System.Object,System.Func);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | | System.Threading;Lock;EnterScope;();Argument[this];ReturnValue;taint;df-generated | | System.Threading;ManualResetEventSlim;get_WaitHandle;();Argument[this];ReturnValue;taint;df-generated | -| System.Threading;Mutex;TryOpenExisting;(System.String,System.Threading.Mutex);Argument[1];ReturnValue;value;dfc-generated | | System.Threading;Overlapped;Overlapped;(System.Int32,System.Int32,System.IntPtr,System.IAsyncResult);Argument[2];Argument[this];taint;df-generated | | System.Threading;Overlapped;Overlapped;(System.Int32,System.Int32,System.IntPtr,System.IAsyncResult);Argument[3];Argument[this];taint;df-generated | | System.Threading;Overlapped;Pack;(System.Threading.IOCompletionCallback);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | @@ -15177,8 +15030,6 @@ | System.Threading;PeriodicTimer;WaitForNextTickAsync;(System.Threading.CancellationToken);Argument[this];ReturnValue;taint;df-generated | | System.Threading;PreAllocatedOverlapped;PreAllocatedOverlapped;(System.Threading.IOCompletionCallback,System.Object,System.Object);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Threading;PreAllocatedOverlapped;UnsafeCreate;(System.Threading.IOCompletionCallback,System.Object,System.Object);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | -| System.Threading;ReaderWriterLock;DowngradeFromWriterLock;(System.Threading.LockCookie);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;ReaderWriterLock;RestoreLock;(System.Threading.LockCookie);Argument[0];ReturnValue;value;dfc-generated | | System.Threading;RegisteredWaitHandle;Unregister;(System.Threading.WaitHandle);Argument[0];Argument[this];taint;df-generated | | System.Threading;SemaphoreSlim;WaitAsync;();Argument[this];ReturnValue;taint;df-generated | | System.Threading;SemaphoreSlim;WaitAsync;(System.Int32);Argument[this];ReturnValue;taint;df-generated | @@ -15202,12 +15053,6 @@ | System.Threading;Thread;Thread;(System.Threading.ParameterizedThreadStart,System.Int32);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Threading;Thread;Thread;(System.Threading.ThreadStart);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Threading;Thread;Thread;(System.Threading.ThreadStart,System.Int32);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | -| System.Threading;Thread;VolatileRead;(System.IntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;Thread;VolatileRead;(System.Object);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;Thread;VolatileRead;(System.UIntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;Thread;VolatileWrite;(System.IntPtr,System.IntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;Thread;VolatileWrite;(System.Object,System.Object);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;Thread;VolatileWrite;(System.UIntPtr,System.UIntPtr);Argument[0];ReturnValue;value;dfc-generated | | System.Threading;ThreadExceptionEventArgs;ThreadExceptionEventArgs;(System.Exception);Argument[0];Argument[this].SyntheticField[System.Threading.ThreadExceptionEventArgs.m_exception];value;dfc-generated | | System.Threading;ThreadExceptionEventArgs;get_Exception;();Argument[this].SyntheticField[System.Threading.ThreadExceptionEventArgs.m_exception];ReturnValue;value;dfc-generated | | System.Threading;ThreadExceptionEventHandler;BeginInvoke;(System.Object,System.Threading.ThreadExceptionEventArgs,System.AsyncCallback,System.Object);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | @@ -15238,9 +15083,6 @@ | System.Threading;Timer;Timer;(System.Threading.TimerCallback,System.Object,System.TimeSpan,System.TimeSpan);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Threading;Timer;Timer;(System.Threading.TimerCallback,System.Object,System.UInt32,System.UInt32);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Threading;TimerCallback;BeginInvoke;(System.Object,System.AsyncCallback,System.Object);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | -| System.Threading;Volatile;Write;(System.IntPtr,System.IntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;Volatile;Write;(System.UIntPtr,System.UIntPtr);Argument[0];ReturnValue;value;dfc-generated | -| System.Threading;Volatile;Write;(T,T);Argument[0];ReturnValue;value;dfc-generated | | System.Threading;WaitCallback;BeginInvoke;(System.Object,System.AsyncCallback,System.Object);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Threading;WaitHandleExtensions;GetSafeWaitHandle;(System.Threading.WaitHandle);Argument[0].Property[System.Threading.WaitHandle.SafeWaitHandle];ReturnValue;value;dfc-generated | | System.Threading;WaitHandleExtensions;SetSafeWaitHandle;(System.Threading.WaitHandle,Microsoft.Win32.SafeHandles.SafeWaitHandle);Argument[1];Argument[0];taint;df-generated | @@ -15788,17 +15630,20 @@ | System.Xml.Serialization;XmlSerializationReader;ReadElementQualifiedName;();Argument[this];ReturnValue;taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadNullableQualifiedName;();Argument[this];ReturnValue;taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadNullableString;();Argument[this];ReturnValue;taint;df-generated | -| System.Xml.Serialization;XmlSerializationReader;ReadReference;(System.String);Argument[this];ReturnValue;taint;df-generated | +| System.Xml.Serialization;XmlSerializationReader;ReadReference;(System.String);Argument[this];Argument[0];taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadReferencedElement;();Argument[this];ReturnValue;taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadReferencedElement;(System.String,System.String);Argument[0];ReturnValue;taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadReferencedElement;(System.String,System.String);Argument[1];ReturnValue;taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadReferencedElement;(System.String,System.String);Argument[this];ReturnValue;taint;df-generated | +| System.Xml.Serialization;XmlSerializationReader;ReadReferencingElement;(System.String);Argument[this];Argument[0];taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadReferencingElement;(System.String);Argument[this];ReturnValue;taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadReferencingElement;(System.String,System.String,System.Boolean,System.String);Argument[0];ReturnValue;taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadReferencingElement;(System.String,System.String,System.Boolean,System.String);Argument[1];ReturnValue;taint;df-generated | +| System.Xml.Serialization;XmlSerializationReader;ReadReferencingElement;(System.String,System.String,System.Boolean,System.String);Argument[this];Argument[3];taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadReferencingElement;(System.String,System.String,System.Boolean,System.String);Argument[this];ReturnValue;taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadReferencingElement;(System.String,System.String,System.String);Argument[0];ReturnValue;taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadReferencingElement;(System.String,System.String,System.String);Argument[1];ReturnValue;taint;df-generated | +| System.Xml.Serialization;XmlSerializationReader;ReadReferencingElement;(System.String,System.String,System.String);Argument[this];Argument[2];taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadReferencingElement;(System.String,System.String,System.String);Argument[this];ReturnValue;taint;df-generated | | System.Xml.Serialization;XmlSerializationReader;ReadSerializable;(System.Xml.Serialization.IXmlSerializable);Argument[0];ReturnValue;value;dfc-generated | | System.Xml.Serialization;XmlSerializationReader;ReadSerializable;(System.Xml.Serialization.IXmlSerializable,System.Boolean);Argument[0];ReturnValue;value;dfc-generated | @@ -16077,9 +15922,9 @@ | System.Xml;IXmlBinaryWriterInitializer;SetOutput;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlBinaryWriterSession,System.Boolean);Argument[0];Argument[this];taint;df-generated | | System.Xml;IXmlBinaryWriterInitializer;SetOutput;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlBinaryWriterSession,System.Boolean);Argument[1];Argument[this];taint;df-generated | | System.Xml;IXmlBinaryWriterInitializer;SetOutput;(System.IO.Stream,System.Xml.IXmlDictionary,System.Xml.XmlBinaryWriterSession,System.Boolean);Argument[2];Argument[this];taint;df-generated | -| System.Xml;IXmlDictionary;TryLookup;(System.Int32,System.Xml.XmlDictionaryString);Argument[this];ReturnValue;taint;df-generated | -| System.Xml;IXmlDictionary;TryLookup;(System.String,System.Xml.XmlDictionaryString);Argument[this];ReturnValue;taint;df-generated | -| System.Xml;IXmlDictionary;TryLookup;(System.Xml.XmlDictionaryString,System.Xml.XmlDictionaryString);Argument[0];ReturnValue;value;dfc-generated | +| System.Xml;IXmlDictionary;TryLookup;(System.Int32,System.Xml.XmlDictionaryString);Argument[this];Argument[1];taint;df-generated | +| System.Xml;IXmlDictionary;TryLookup;(System.String,System.Xml.XmlDictionaryString);Argument[this];Argument[1];taint;df-generated | +| System.Xml;IXmlDictionary;TryLookup;(System.Xml.XmlDictionaryString,System.Xml.XmlDictionaryString);Argument[0];Argument[1];value;dfc-generated | | System.Xml;IXmlNamespaceResolver;GetNamespacesInScope;(System.Xml.XmlNamespaceScope);Argument[this];ReturnValue;taint;df-generated | | System.Xml;IXmlNamespaceResolver;LookupNamespace;(System.String);Argument[0];ReturnValue;value;dfc-generated | | System.Xml;IXmlNamespaceResolver;LookupPrefix;(System.String);Argument[this];ReturnValue;taint;df-generated | @@ -16156,8 +16001,10 @@ | System.Xml;XmlDictionaryReader;CreateTextReader;(System.Byte[],System.Int32,System.Int32,System.Text.Encoding,System.Xml.XmlDictionaryReaderQuotas,System.Xml.OnXmlDictionaryReaderClose);Argument[5];Argument[5].Parameter[delegate-self];value;hq-generated | | System.Xml;XmlDictionaryReader;CreateTextReader;(System.IO.Stream,System.Text.Encoding,System.Xml.XmlDictionaryReaderQuotas,System.Xml.OnXmlDictionaryReaderClose);Argument[3];Argument[3].Parameter[delegate-self];value;hq-generated | | System.Xml;XmlDictionaryReader;GetAttribute;(System.Xml.XmlDictionaryString,System.Xml.XmlDictionaryString);Argument[this];ReturnValue;taint;df-generated | -| System.Xml;XmlDictionaryReader;GetNonAtomizedNames;(System.String,System.String);Argument[this];ReturnValue;taint;df-generated | -| System.Xml;XmlDictionaryReader;ReadContentAsQualifiedName;(System.String,System.String);Argument[this];ReturnValue;taint;df-generated | +| System.Xml;XmlDictionaryReader;GetNonAtomizedNames;(System.String,System.String);Argument[this];Argument[0];taint;df-generated | +| System.Xml;XmlDictionaryReader;GetNonAtomizedNames;(System.String,System.String);Argument[this];Argument[1];taint;df-generated | +| System.Xml;XmlDictionaryReader;ReadContentAsQualifiedName;(System.String,System.String);Argument[this];Argument[0];taint;df-generated | +| System.Xml;XmlDictionaryReader;ReadContentAsQualifiedName;(System.String,System.String);Argument[this];Argument[1];taint;df-generated | | System.Xml;XmlDictionaryReader;ReadContentAsString;(System.Int32);Argument[this];ReturnValue;taint;df-generated | | System.Xml;XmlDictionaryReader;ReadContentAsString;(System.String[],System.Int32);Argument[0].Element;ReturnValue;value;dfc-generated | | System.Xml;XmlDictionaryReader;ReadContentAsString;(System.Xml.XmlDictionaryString[],System.Int32);Argument[0].Element.Property[System.Xml.XmlDictionaryString.Value];ReturnValue;value;dfc-generated | @@ -16801,7 +16648,6 @@ | System;Array;ForEach;(T[],System.Action);Argument[0].Element;Argument[1].Parameter[0];value;hq-generated | | System;Array;ForEach;(T[],System.Action);Argument[1];Argument[1].Parameter[delegate-self];value;dfc-generated | | System;Array;ForEach;(T[],System.Action);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | -| System;Array;Resize;(T[],System.Int32);Argument[0];ReturnValue;value;dfc-generated | | System;Array;Reverse;(System.Array);Argument[0].Element;ReturnValue.Element;value;manual | | System;Array;Reverse;(System.Array,System.Int32,System.Int32);Argument[0].Element;ReturnValue.Element;value;manual | | System;Array;Reverse;(T[]);Argument[0].Element;ReturnValue.Element;value;manual | @@ -17171,7 +17017,7 @@ | System;Convert;TryToBase64Chars;(System.ReadOnlySpan,System.Span,System.Int32,System.Base64FormattingOptions);Argument[0].Element;ReturnValue;taint;manual | | System;Converter;BeginInvoke;(TInput,System.AsyncCallback,System.Object);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System;DateTime;ToLocalTime;();Argument[this];ReturnValue;value;df-generated | -| System;DateTimeOffset;Deconstruct;(System.DateOnly,System.TimeOnly,System.TimeSpan);Argument[this].Property[System.DateTimeOffset.Offset];ReturnValue;value;dfc-generated | +| System;DateTimeOffset;Deconstruct;(System.DateOnly,System.TimeOnly,System.TimeSpan);Argument[this].Property[System.DateTimeOffset.Offset];Argument[2];value;dfc-generated | | System;Delegate+InvocationListEnumerator;GetEnumerator;();Argument[this];ReturnValue;value;dfc-generated | | System;Delegate+InvocationListEnumerator;get_Current;();Argument[this];ReturnValue;taint;df-generated | | System;Delegate;Combine;(System.Delegate,System.Delegate);Argument[1];ReturnValue;value;dfc-generated | @@ -17435,8 +17281,6 @@ | System;MemoryExtensions;TrimStart;(System.Span,System.ReadOnlySpan);Argument[0].Element;ReturnValue.Element;value;dfc-generated | | System;MemoryExtensions;TrimStart;(System.Span,System.ReadOnlySpan);Argument[0];ReturnValue;value;dfc-generated | | System;MemoryExtensions;TrimStart;(System.Span,T);Argument[0].Element;ReturnValue.Element;value;dfc-generated | -| System;MemoryExtensions;TryWrite;(System.Span,System.IFormatProvider,System.MemoryExtensions+TryWriteInterpolatedStringHandler,System.Int32);Argument[2];ReturnValue;value;dfc-generated | -| System;MemoryExtensions;TryWrite;(System.Span,System.MemoryExtensions+TryWriteInterpolatedStringHandler,System.Int32);Argument[1];ReturnValue;value;dfc-generated | | System;MissingFieldException;MissingFieldException;(System.String,System.String);Argument[0];Argument[this].Field[System.MissingMemberException.ClassName];value;dfc-generated | | System;MissingFieldException;MissingFieldException;(System.String,System.String);Argument[1];Argument[this].Field[System.MissingMemberException.MemberName];value;dfc-generated | | System;MissingFieldException;get_Message;();Argument[this].SyntheticField[System.Exception._message];ReturnValue;value;dfc-generated | @@ -17553,8 +17397,6 @@ | System;String;Concat;(System.String[]);Argument[0].Element;ReturnValue;taint;manual | | System;String;Concat;(System.Collections.Generic.IEnumerable);Argument[0].Element;ReturnValue;taint;manual | | System;String;Copy;(System.String);Argument[0];ReturnValue;value;manual | -| System;String;Create;(System.IFormatProvider,System.Runtime.CompilerServices.DefaultInterpolatedStringHandler);Argument[1];ReturnValue;value;dfc-generated | -| System;String;Create;(System.IFormatProvider,System.Span,System.Runtime.CompilerServices.DefaultInterpolatedStringHandler);Argument[2];ReturnValue;value;dfc-generated | | System;String;Create;(System.Int32,TState,System.Buffers.SpanAction);Argument[1];Argument[2].Parameter[1];value;dfc-generated | | System;String;Create;(System.Int32,TState,System.Buffers.SpanAction);Argument[1];Argument[2].Parameter[1];value;hq-generated | | System;String;Create;(System.Int32,TState,System.Buffers.SpanAction);Argument[2];Argument[2].Parameter[delegate-self];value;dfc-generated | @@ -17672,7 +17514,7 @@ | System;String;TrimStart;();Argument[this];ReturnValue;taint;manual | | System;String;TrimStart;(System.Char);Argument[this];ReturnValue;taint;manual | | System;String;TrimStart;(System.Char[]);Argument[this];ReturnValue;taint;manual | -| System;String;TryParse;(System.String,System.IFormatProvider,System.String);Argument[0];ReturnValue;value;dfc-generated | +| System;String;TryParse;(System.String,System.IFormatProvider,System.String);Argument[0];Argument[2];value;dfc-generated | | System;StringNormalizationExtensions;Normalize;(System.String);Argument[0];ReturnValue;value;dfc-generated | | System;StringNormalizationExtensions;Normalize;(System.String,System.Text.NormalizationForm);Argument[0];ReturnValue;value;dfc-generated | | System;TimeProvider;CreateTimer;(System.Threading.TimerCallback,System.Object,System.TimeSpan,System.TimeSpan);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | @@ -17713,7 +17555,7 @@ | System;TimeZoneInfo;GetUtcOffset;(System.DateTimeOffset);Argument[this].SyntheticField[System.TimeZoneInfo._baseUtcOffset];ReturnValue;value;dfc-generated | | System;TimeZoneInfo;ToString;();Argument[this].Property[System.TimeZoneInfo.DisplayName];ReturnValue;value;dfc-generated | | System;TimeZoneInfo;ToString;();Argument[this].SyntheticField[System.TimeZoneInfo._displayName];ReturnValue;value;dfc-generated | -| System;TimeZoneInfo;TryFindSystemTimeZoneById;(System.String,System.TimeZoneInfo);Argument[0];ReturnValue.SyntheticField[System.TimeZoneInfo._id];value;dfc-generated | +| System;TimeZoneInfo;TryFindSystemTimeZoneById;(System.String,System.TimeZoneInfo);Argument[0];Argument[1].SyntheticField[System.TimeZoneInfo._id];value;dfc-generated | | System;TimeZoneInfo;get_BaseUtcOffset;();Argument[this].SyntheticField[System.TimeZoneInfo._baseUtcOffset];ReturnValue;value;dfc-generated | | System;TimeZoneInfo;get_DaylightName;();Argument[this].SyntheticField[System.TimeZoneInfo._daylightDisplayName];ReturnValue;value;dfc-generated | | System;TimeZoneInfo;get_DisplayName;();Argument[this].SyntheticField[System.TimeZoneInfo._displayName];ReturnValue;value;dfc-generated | @@ -18324,4 +18166,4 @@ | System;ValueTuple;get_Item;(System.Int32);Argument[this].Field[System.ValueTuple`1.Item1];ReturnValue;value;manual | | System;WeakReference;GetObjectData;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);Argument[this].Property[System.WeakReference.Target];Argument[0].SyntheticField[System.Runtime.Serialization.SerializationInfo._values].Element;value;df-generated | | System;WeakReference;GetObjectData;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);Argument[this].Property[System.WeakReference.Target];Argument[0].SyntheticField[System.Runtime.Serialization.SerializationInfo._values].Element;value;dfc-generated | -| System;WeakReference;TryGetTarget;(T);Argument[this];ReturnValue;taint;df-generated | +| System;WeakReference;TryGetTarget;(T);Argument[this];Argument[0];taint;df-generated | From de6e3eafb908337ff2008b922e4e06fc7e47eeb7 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 26 Mar 2025 15:26:50 +0100 Subject: [PATCH 096/409] C#: Add change note. --- csharp/ql/src/change-notes/2025-03-26-dotnet-models.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 csharp/ql/src/change-notes/2025-03-26-dotnet-models.md diff --git a/csharp/ql/src/change-notes/2025-03-26-dotnet-models.md b/csharp/ql/src/change-notes/2025-03-26-dotnet-models.md new file mode 100644 index 00000000000..3986145c5af --- /dev/null +++ b/csharp/ql/src/change-notes/2025-03-26-dotnet-models.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* The MaD models for the .NET 9 Runtime have been re-generated after a fix related to `out`/`ref` parameters. From 4fb138a1a3c899e5083648b81800c423f311cbce Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Mon, 31 Mar 2025 14:37:02 +0200 Subject: [PATCH 097/409] Rust: Make `Element.toString` non-recursive --- misc/codegen/templates/ql_class.mustache | 6 +++++- rust/ql/.generated.list | 2 +- .../rust/elements/internal/ElementImpl.qll | 1 + .../rust/elements/internal/ModuleImpl.qll | 2 +- .../codeql/rust/elements/internal/UseImpl.qll | 2 +- .../rust/elements/internal/UseTreeImpl.qll | 20 ++++++++++++++++--- .../elements/internal/generated/Element.qll | 6 +++++- 7 files changed, 31 insertions(+), 8 deletions(-) diff --git a/misc/codegen/templates/ql_class.mustache b/misc/codegen/templates/ql_class.mustache index 39aba2b1ef4..e80e0b0eebd 100644 --- a/misc/codegen/templates/ql_class.mustache +++ b/misc/codegen/templates/ql_class.mustache @@ -30,7 +30,11 @@ module Generated { * Gets the string representation of this element. */ cached - final string toString() { result = this.toStringImpl() } + final string toString() { + result = this.toStringImpl() and + // recursion guard to prevent `toString` from being defined recursively + (exists(any(Element e).toStringImpl()) implies any()) + } /** * INTERNAL: Do not use. diff --git a/rust/ql/.generated.list b/rust/ql/.generated.list index 61529b8b6cc..0bd2931256e 100644 --- a/rust/ql/.generated.list +++ b/rust/ql/.generated.list @@ -506,7 +506,7 @@ lib/codeql/rust/elements/internal/generated/ConstParam.qll 310342603959a4d521418 lib/codeql/rust/elements/internal/generated/ContinueExpr.qll e2010feb14fb6edeb83a991d9357e50edb770172ddfde2e8670b0d3e68169f28 48d09d661e1443002f6d22b8710e22c9c36d9daa9cde09c6366a61e960d717cb lib/codeql/rust/elements/internal/generated/Crate.qll d245f24e9da4f180c526a6d092f554a9577bae7225c81c36a391947c0865eeb3 c95dbb32b2ce4d9664be56c95b19fcd01c2d3244385e55151f9b06b07f04ce9b lib/codeql/rust/elements/internal/generated/DynTraitTypeRepr.qll a9d540717af1f00dbea1c683fd6b846cddfb2968c7f3e021863276f123337787 1972efb9bca7aae9a9708ca6dcf398e5e8c6d2416a07d525dba1649b80fbe4d1 -lib/codeql/rust/elements/internal/generated/Element.qll 69ce882811f2bef7e0a93c0a24494dd16120a108ba4180d455344e29144a98c4 7781bc5c69b5b08775902fcb97cb23f85359ef2303545afe9d44301b19024b3a +lib/codeql/rust/elements/internal/generated/Element.qll d56d22c060fa929464f837b1e16475a4a2a2e42d68235a014f7369bcb48431db 0e48426ca72179f675ac29aa49bbaadb8b1d27b08ad5cbc72ec5a005c291848e lib/codeql/rust/elements/internal/generated/Enum.qll 4f4cbc9cd758c20d476bc767b916c62ba434d1750067d0ffb63e0821bb95ec86 3da735d54022add50cec0217bbf8ec4cf29b47f4851ee327628bcdd6454989d0 lib/codeql/rust/elements/internal/generated/Expr.qll 5fa34f2ed21829a1509417440dae42d416234ff43433002974328e7aabb8f30f 46f3972c7413b7db28a3ea8acb5a50a74b6dd9b658e8725f6953a8829ac912f8 lib/codeql/rust/elements/internal/generated/ExprStmt.qll d1112230015fbeb216b43407a268dc2ccd0f9e0836ab2dca4800c51b38fa1d7d 4a80562dcc55efa5e72c6c3b1d6747ab44fe494e76faff2b8f6e9f10a4b08b5b diff --git a/rust/ql/lib/codeql/rust/elements/internal/ElementImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/ElementImpl.qll index 75de7703df0..7a464a378d1 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/ElementImpl.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/ElementImpl.qll @@ -20,6 +20,7 @@ module Impl { * Returns a string suitable to be inserted into the name of the parent. Typically `"..."`, * but may be overridden by subclasses. */ + pragma[nomagic] string toAbbreviatedString() { result = "..." } predicate isUnknown() { none() } // compatibility with test generation, to be fixed diff --git a/rust/ql/lib/codeql/rust/elements/internal/ModuleImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/ModuleImpl.qll index 0fb9690d2d1..19f63f0790f 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/ModuleImpl.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/ModuleImpl.qll @@ -24,6 +24,6 @@ module Impl { * ``` */ class Module extends Generated::Module { - override string toStringImpl() { result = "mod " + this.getName() } + override string toStringImpl() { result = "mod " + this.getName().getText() } } } diff --git a/rust/ql/lib/codeql/rust/elements/internal/UseImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/UseImpl.qll index 5c2567fc3d7..7b99c609a46 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/UseImpl.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/UseImpl.qll @@ -19,6 +19,6 @@ module Impl { * ``` */ class Use extends Generated::Use { - override string toStringImpl() { result = "use " + this.getUseTree() } + override string toStringImpl() { result = "use " + this.getUseTree().toAbbreviatedString() } } } diff --git a/rust/ql/lib/codeql/rust/elements/internal/UseTreeImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/UseTreeImpl.qll index ef1be77ef78..7e917268a72 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/UseTreeImpl.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/UseTreeImpl.qll @@ -26,14 +26,28 @@ module Impl { result = strictconcat(int i | | this.toStringPart(i) order by i) } - private string toStringPart(int index) { - result = this.getPath().toStringImpl() and index = 0 - or + private string toStringPartCommon(int index) { result = "::{...}" and this.hasUseTreeList() and index = 1 or result = "::*" and this.isGlob() and index = 2 or result = " as " + this.getRename().getName().getText() and index = 3 } + + private string toStringPart(int index) { + result = this.getPath().toStringImpl() and index = 0 + or + result = this.toStringPartCommon(index) + } + + override string toAbbreviatedString() { + result = strictconcat(int i | | this.toAbbreviatedStringPart(i) order by i) + } + + private string toAbbreviatedStringPart(int index) { + result = this.getPath().toAbbreviatedString() and index = 0 + or + result = this.toStringPartCommon(index) + } } } diff --git a/rust/ql/lib/codeql/rust/elements/internal/generated/Element.qll b/rust/ql/lib/codeql/rust/elements/internal/generated/Element.qll index f8a5f4b24b2..9e3db0fe8b6 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/generated/Element.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/generated/Element.qll @@ -24,7 +24,11 @@ module Generated { * Gets the string representation of this element. */ cached - final string toString() { result = this.toStringImpl() } + final string toString() { + result = this.toStringImpl() and + // recursion guard to prevent `toString` from being defined recursively + (exists(any(Element e).toStringImpl()) implies any()) + } /** * INTERNAL: Do not use. From c14a2375c39aff1690971eb6d8b3e3ba212d5ce1 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Mon, 31 Mar 2025 15:10:03 +0200 Subject: [PATCH 098/409] Swift: Run codegen --- swift/ql/.generated.list | 2 +- swift/ql/lib/codeql/swift/generated/Element.qll | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/swift/ql/.generated.list b/swift/ql/.generated.list index 900d0381032..32734851515 100644 --- a/swift/ql/.generated.list +++ b/swift/ql/.generated.list @@ -701,7 +701,7 @@ lib/codeql/swift/generated/Comment.qll 64625f47ebddb1ec7e1c81790dd8120087a76958c lib/codeql/swift/generated/DbFile.qll cc0d2b9efbee36080bde2e26e424a40efb763eaee55874fb6c4a5db36938f3df 33e215d838cfa36e3dd0e62879e896d988430d1470a87ce1bb45aad70886212b lib/codeql/swift/generated/DbLocation.qll e2c7cc975b53cfb0061e055da082fbe57c0aef388e5ee874f0ff22c388a81ce1 1939414bc5d574796e83ab916408c3183210ead04957b50493610529700e0427 lib/codeql/swift/generated/Diagnostics.qll 03ea201db80d33b18f7f6c71267044c695c2572e5783ab754fa7c7ac27e16ee3 8aa78be37a8f23e4b899b910508fd5966ebc98fade6c284d59d59e246de18288 -lib/codeql/swift/generated/Element.qll ee383d0b3be3ae1f58142980011476ce6f317550f96548403f9ecd352ee72cd9 ef4a8e175d327b44b147814ad9630ca54c53f21fc2bab7d8a88d1e220060c0a7 +lib/codeql/swift/generated/Element.qll bf8f688e05f44f18384067c3cab7f05796764e2b4cce7ff24da419c3dae26194 820390ffbb1012f73267668626f7d0ccd368500331c91bbc276fcb1c25037e41 lib/codeql/swift/generated/ErrorElement.qll b39bd7c8b4e2011f4a6889e073ebf5b628db32f36f50b067250ae730d9f26561 fd859ec969ba434049e7ba4e78271cc8cebc8b058d2e96e4d47a22064cbb5a21 lib/codeql/swift/generated/File.qll 476ac95566ef0080e0ad8c3da144b1be1d945d2f33a24f0864d85ff7c56a09b1 3134018bb50166cbf2690f64bba551cace350e4a7e6e25bcded18f997ad1835b lib/codeql/swift/generated/KeyPathComponent.qll 5276acdc9a4ff0ec0cc8af615c04043391fb99613731ddcc86db4e47b37c8c5a ccc0931bbd6cc2cfae5037c2ee17bbdcbd87536f5fed90d07e73065c016c4382 diff --git a/swift/ql/lib/codeql/swift/generated/Element.qll b/swift/ql/lib/codeql/swift/generated/Element.qll index cfb8fbc3208..c22970fb510 100644 --- a/swift/ql/lib/codeql/swift/generated/Element.qll +++ b/swift/ql/lib/codeql/swift/generated/Element.qll @@ -24,7 +24,11 @@ module Generated { * Gets the string representation of this element. */ cached - final string toString() { result = this.toStringImpl() } + final string toString() { + result = this.toStringImpl() and + // recursion guard to prevent `toString` from being defined recursively + (exists(any(Element e).toStringImpl()) implies any()) + } /** * INTERNAL: Do not use. From 56f4694b38944ffb85372be4d9422a34e0bbdbe0 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Mon, 31 Mar 2025 19:58:48 +0200 Subject: [PATCH 099/409] Swift: Avoid calling `Element.toString` recursively --- .../ql/lib/codeql/swift/elements/expr/InitializerLookupExpr.qll | 2 +- .../lib/codeql/swift/elements/expr/internal/ApplyExprImpl.qll | 2 +- .../swift/elements/expr/internal/ExplicitCastExprImpl.qll | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/swift/ql/lib/codeql/swift/elements/expr/InitializerLookupExpr.qll b/swift/ql/lib/codeql/swift/elements/expr/InitializerLookupExpr.qll index 54958639b80..35061146acf 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/InitializerLookupExpr.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/InitializerLookupExpr.qll @@ -5,7 +5,7 @@ private import codeql.swift.elements.decl.Initializer final private class InitializerLookupExprImpl extends Impl::MethodLookupExpr { InitializerLookupExprImpl() { super.getMethod() instanceof Initializer } - override string toStringImpl() { result = this.getMember().toString() } + override string toStringImpl() { result = this.getMember().toStringImpl() } } final class InitializerLookupExpr extends MethodLookupExpr, InitializerLookupExprImpl { diff --git a/swift/ql/lib/codeql/swift/elements/expr/internal/ApplyExprImpl.qll b/swift/ql/lib/codeql/swift/elements/expr/internal/ApplyExprImpl.qll index 87a2f9481c8..ebc9e591b52 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/internal/ApplyExprImpl.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/internal/ApplyExprImpl.qll @@ -48,7 +48,7 @@ module Impl { override Expr getQualifier() { result = expr.getQualifier() } - override string toStringImpl() { result = "call to " + expr } + override string toStringImpl() { result = "call to " + expr.toStringImpl() } } private class FullDotSyntaxBaseIgnoredApplyExpr extends ApplyExpr { diff --git a/swift/ql/lib/codeql/swift/elements/expr/internal/ExplicitCastExprImpl.qll b/swift/ql/lib/codeql/swift/elements/expr/internal/ExplicitCastExprImpl.qll index 76814e7c70a..e18a3ec9e23 100644 --- a/swift/ql/lib/codeql/swift/elements/expr/internal/ExplicitCastExprImpl.qll +++ b/swift/ql/lib/codeql/swift/elements/expr/internal/ExplicitCastExprImpl.qll @@ -4,6 +4,6 @@ module Impl { class ExplicitCastExpr extends Generated::ExplicitCastExpr { override predicate convertsFrom(Expr e) { e = this.getImmediateSubExpr() } - override string toStringImpl() { result = "(" + this.getType() + ") ..." } + override string toStringImpl() { result = "(" + this.getType().toStringImpl() + ") ..." } } } From d61d9730c8a304170baf9e52c84d03b08d1bf5c3 Mon Sep 17 00:00:00 2001 From: idrissrio Date: Mon, 31 Mar 2025 11:58:45 +0200 Subject: [PATCH 100/409] C++: add change note for calling conventions --- cpp/ql/lib/change-notes/2025-03-31-calling-convention.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 cpp/ql/lib/change-notes/2025-03-31-calling-convention.md diff --git a/cpp/ql/lib/change-notes/2025-03-31-calling-convention.md b/cpp/ql/lib/change-notes/2025-03-31-calling-convention.md new file mode 100644 index 00000000000..12d9547eb03 --- /dev/null +++ b/cpp/ql/lib/change-notes/2025-03-31-calling-convention.md @@ -0,0 +1,5 @@ +--- +category: feature +--- +* Calling conventions explicitly specified on function declarations (`__cdecl`, `__stdcall`, `__fastcall`, etc.) are now represented as specifiers of those declarations. +* A new class `CallingConventionSpecifier` extending the `Specifier` class was introduced, which represents explicitly specified calling conventions. From dbd99df85b743491a0db88f89e64f89e5c9c8c6a Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Tue, 1 Apr 2025 10:03:20 +0200 Subject: [PATCH 101/409] C#: Update PreSSA to reference the new use-use predicates. --- .../semmle/code/csharp/controlflow/internal/PreSsa.qll | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/csharp/ql/lib/semmle/code/csharp/controlflow/internal/PreSsa.qll b/csharp/ql/lib/semmle/code/csharp/controlflow/internal/PreSsa.qll index 184317b07bd..6507bbbe04b 100644 --- a/csharp/ql/lib/semmle/code/csharp/controlflow/internal/PreSsa.qll +++ b/csharp/ql/lib/semmle/code/csharp/controlflow/internal/PreSsa.qll @@ -175,10 +175,9 @@ module PreSsa { } final AssignableRead getAFirstRead() { - exists(SsaInput::BasicBlock bb1, int i1, SsaInput::BasicBlock bb2, int i2 | - this.definesAt(_, bb1, i1) and - SsaImpl::adjacentDefRead(this, bb1, i1, bb2, i2) and - result = bb2.getElement(i2) + exists(SsaInput::BasicBlock bb, int i | + SsaImpl::firstUse(this, bb, i, true) and + result = bb.getElement(i) ) } @@ -216,8 +215,7 @@ module PreSsa { predicate adjacentReadPairSameVar(AssignableRead read1, AssignableRead read2) { exists(SsaInput::BasicBlock bb1, int i1, SsaInput::BasicBlock bb2, int i2 | read1 = bb1.getElement(i1) and - SsaInput::variableRead(bb1, i1, _, true) and - SsaImpl::adjacentDefRead(_, bb1, i1, bb2, i2) and + SsaImpl::adjacentUseUse(bb1, i1, bb2, i2, _, true) and read2 = bb2.getElement(i2) ) } From 887452d2027ad5d97f69edf911232d5ec6b32096 Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Tue, 1 Apr 2025 10:05:02 +0200 Subject: [PATCH 102/409] Swift: Update SSA to reference the new use-use predicates. --- swift/ql/lib/codeql/swift/dataflow/Ssa.qll | 12 +++++------- .../swift/dataflow/internal/DataFlowPrivate.qll | 6 ++---- 2 files changed, 7 insertions(+), 11 deletions(-) diff --git a/swift/ql/lib/codeql/swift/dataflow/Ssa.qll b/swift/ql/lib/codeql/swift/dataflow/Ssa.qll index 94ba657e94d..f052ed8b314 100644 --- a/swift/ql/lib/codeql/swift/dataflow/Ssa.qll +++ b/swift/ql/lib/codeql/swift/dataflow/Ssa.qll @@ -151,10 +151,9 @@ module Ssa { cached ControlFlowNode getAFirstRead() { - exists(SsaInput::BasicBlock bb1, int i1, SsaInput::BasicBlock bb2, int i2 | - this.definesAt(_, bb1, i1) and - SsaImpl::adjacentDefRead(this, bb1, i1, bb2, i2) and - result = bb2.getNode(i2) + exists(SsaInput::BasicBlock bb, int i | + SsaImpl::firstUse(this, bb, i, true) and + result = bb.getNode(i) ) } @@ -162,14 +161,13 @@ module Ssa { predicate adjacentReadPair(ControlFlowNode read1, ControlFlowNode read2) { exists(SsaInput::BasicBlock bb1, int i1, SsaInput::BasicBlock bb2, int i2 | read1 = bb1.getNode(i1) and - SsaInput::variableRead(bb1, i1, _, true) and - SsaImpl::adjacentDefRead(this, bb1, i1, bb2, i2) and + SsaImpl::adjacentUseUse(bb1, i1, bb2, i2, _, true) and read2 = bb2.getNode(i2) ) } cached - predicate lastRefRedef(SsaInput::BasicBlock bb, int i, Definition next) { + deprecated predicate lastRefRedef(SsaInput::BasicBlock bb, int i, Definition next) { SsaImpl::lastRefRedef(this, bb, i, next) } } diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll index c84298771fb..4849c5ac235 100644 --- a/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll +++ b/swift/ql/lib/codeql/swift/dataflow/internal/DataFlowPrivate.qll @@ -111,10 +111,8 @@ private class CaptureNodeImpl extends CaptureNode, NodeImpl { } private predicate localFlowSsaInput(Node nodeFrom, Ssa::Definition def, Ssa::Definition next) { - exists(BasicBlock bb, int i | def.lastRefRedef(bb, i, next) | - def.definesAt(_, bb, i) and - def = nodeFrom.asDefinition() - ) + next.(Ssa::PhiDefinition).getAPhiInput() = def and + def = nodeFrom.asDefinition() } /** A collection of cached types and predicates to be evaluated in the same stage. */ From 398f0414642e54ff69de04cac9aab10960daae71 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tam=C3=A1s=20Vajk?= Date: Tue, 1 Apr 2025 10:18:09 +0200 Subject: [PATCH 103/409] Update csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/aspnetcore/Components.qll Co-authored-by: Michael Nebel --- .../frameworks/microsoft/aspnetcore/Components.qll | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/aspnetcore/Components.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/aspnetcore/Components.qll index 8cf5ce659e4..3c0a0940e06 100644 --- a/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/aspnetcore/Components.qll +++ b/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/aspnetcore/Components.qll @@ -197,15 +197,11 @@ private predicate matchingOpenCloseComponentCalls( closeCall.getEnclosingCallable() = enclosing and closeCall.getParent().getParent() = openCall.getParent().getParent() and openCall.getParent().getIndex() = openCallIndex and - closeCall.getParent().getIndex() = closeCallIndex and - closeCallIndex > openCallIndex and - not exists(int k, MethodCall otherCloseCall | - k in [openCallIndex + 1 .. closeCallIndex - 1] and - otherCloseCall.getTarget() instanceof MicrosoftAspNetCoreComponentsCloseComponentMethod and - otherCloseCall.getEnclosingCallable() = enclosing and - otherCloseCall.getParent().getParent() = openCall.getParent().getParent() and - otherCloseCall.getParent().getIndex() = k - ) + closeCallIndex = + min(int closeCallIndex0 | + closeCall.getParent().getIndex() = closeCallIndex0 and + closeCallIndex0 > openCallIndex + ) } private module JumpNodes { From a570a728bdf7c65749582d1489d0a5708b37763f Mon Sep 17 00:00:00 2001 From: Tamas Vajk Date: Tue, 1 Apr 2025 10:29:55 +0200 Subject: [PATCH 104/409] Fix code quality --- .../microsoft/aspnetcore/Components.qll | 28 +++++++++++-------- 1 file changed, 17 insertions(+), 11 deletions(-) diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/aspnetcore/Components.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/aspnetcore/Components.qll index 3c0a0940e06..1fa427f4d19 100644 --- a/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/aspnetcore/Components.qll +++ b/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/aspnetcore/Components.qll @@ -195,13 +195,16 @@ private predicate matchingOpenCloseComponentCalls( openCall.getEnclosingCallable() = enclosing and closeCall.getTarget() instanceof MicrosoftAspNetCoreComponentsCloseComponentMethod and closeCall.getEnclosingCallable() = enclosing and - closeCall.getParent().getParent() = openCall.getParent().getParent() and - openCall.getParent().getIndex() = openCallIndex and - closeCallIndex = - min(int closeCallIndex0 | - closeCall.getParent().getIndex() = closeCallIndex0 and - closeCallIndex0 > openCallIndex - ) + exists(BlockStmt block | + block = closeCall.getParent().getParent() and + block = openCall.getParent().getParent() and + block.getChildStmt(openCallIndex) = openCall.getParent() and + closeCallIndex = + min(int closeCallIndex0 | + block.getChildStmt(closeCallIndex0) = closeCall.getParent() and + closeCallIndex0 > openCallIndex + ) + ) } private module JumpNodes { @@ -223,14 +226,17 @@ private module JumpNodes { exists(NameOfExpr ne | ne = this.getArgument(1) | result.getAnAccess() = ne.getAccess()) or exists( - string propertyName, MethodCall openComponent, int i, MethodCall closeComponent, int j + string propertyName, MethodCall openComponent, BlockStmt block, int openIdx, int closeIdx, + int thisIdx | propertyName = this.getArgument(1).(StringLiteral).getValue() and result.hasName(propertyName) and - matchingOpenCloseComponentCalls(openComponent, i, closeComponent, j, + matchingOpenCloseComponentCalls(openComponent, openIdx, _, closeIdx, this.getEnclosingCallable(), result.getDeclaringType()) and - this.getParent().getParent() = openComponent.getParent().getParent() and - this.getParent().getIndex() in [i + 1 .. j - 1] + block = this.getParent().getParent() and + block = openComponent.getParent().getParent() and + block.getChildStmt(thisIdx) = this.getParent() and + thisIdx in [openIdx + 1 .. closeIdx - 1] ) ) } From 32e2c1912c85fd787a4aa8358f20da8740ccb2e3 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 11 Mar 2025 17:37:48 +0000 Subject: [PATCH 105/409] Rust: Move all summary stats logic into Stats.qll. --- rust/ql/src/queries/summary/Stats.qll | 92 +++++++++++++++++++++ rust/ql/src/queries/summary/SummaryStats.ql | 81 ------------------ 2 files changed, 92 insertions(+), 81 deletions(-) diff --git a/rust/ql/src/queries/summary/Stats.qll b/rust/ql/src/queries/summary/Stats.qll index a2220398b41..a24a4eac9c9 100644 --- a/rust/ql/src/queries/summary/Stats.qll +++ b/rust/ql/src/queries/summary/Stats.qll @@ -11,6 +11,9 @@ private import codeql.rust.internal.PathResolutionConsistency as PathResolutionC private import codeql.rust.controlflow.internal.CfgConsistency as CfgConsistency private import codeql.rust.dataflow.internal.DataFlowConsistency as DataFlowConsistency private import codeql.rust.Concepts +private import codeql.rust.Diagnostics +private import codeql.rust.security.SensitiveData +private import TaintReach // import all query extensions files, so that all extensions of `QuerySink` are found private import codeql.rust.security.CleartextLoggingExtensions private import codeql.rust.security.SqlInjectionExtensions @@ -72,3 +75,92 @@ int getTaintEdgesCount() { * Gets a count of the total number of query sinks in the database. */ int getQuerySinksCount() { result = count(QuerySink s) } + +class CrateElement extends Element { + CrateElement() { + this instanceof Crate or + this instanceof NamedCrate or + this.(AstNode).getParentNode*() = any(Crate c).getModule() + } +} + +/** + * Gets summary statistics about individual elements in the database. + */ +predicate elementStats(string key, int value) { + key = "Elements extracted" and + value = count(Element e | not e instanceof Unextracted and not e instanceof CrateElement) + or + key = "Elements unextracted" and value = count(Unextracted e) +} + +/** + * Gets summary statistics about extraction. + */ +predicate extractionStats(string key, int value) { + key = "Extraction errors" and value = count(ExtractionError e) + or + key = "Extraction warnings" and value = count(ExtractionWarning w) + or + key = "Files extracted - total" and value = count(ExtractedFile f | exists(f.getRelativePath())) + or + key = "Files extracted - with errors" and + value = + count(ExtractedFile f | + exists(f.getRelativePath()) and not f instanceof SuccessfullyExtractedFile + ) + or + key = "Files extracted - without errors" and + value = count(SuccessfullyExtractedFile f | exists(f.getRelativePath())) + or + key = "Files extracted - without errors %" and + value = + (count(SuccessfullyExtractedFile f | exists(f.getRelativePath())) * 100) / + count(ExtractedFile f | exists(f.getRelativePath())) + or + key = "Lines of code extracted" and value = getLinesOfCode() + or + key = "Lines of user code extracted" and value = getLinesOfUserCode() + or + key = "Macro calls - total" and value = count(MacroCall mc) + or + key = "Macro calls - resolved" and value = count(MacroCall mc | mc.hasExpanded()) + or + key = "Macro calls - unresolved" and value = count(MacroCall mc | not mc.hasExpanded()) +} + +/** + * Gets summary statistics about inconsistencies. + */ +predicate inconsistencyStats(string key, int value) { + key = "Inconsistencies - AST" and value = getTotalAstInconsistencies() + or + key = "Inconsistencies - Path resolution" and value = getTotalPathResolutionInconsistencies() + or + key = "Inconsistencies - CFG" and value = getTotalCfgInconsistencies() + or + key = "Inconsistencies - data flow" and value = getTotalDataFlowInconsistencies() +} + +/** + * Gets summary statistics about taint. + */ +predicate taintStats(string key, int value) { + key = "Taint sources - active" and value = count(ActiveThreatModelSource s) + or + key = "Taint sources - disabled" and + value = count(ThreatModelSource s | not s instanceof ActiveThreatModelSource) + or + key = "Taint sources - sensitive data" and value = count(SensitiveData d) + or + key = "Taint edges - number of edges" and value = getTaintEdgesCount() + or + key = "Taint reach - nodes tainted" and value = getTaintedNodesCount() + or + key = "Taint reach - per million nodes" and value = getTaintReach().floor() + or + key = "Taint sinks - query sinks" and value = getQuerySinksCount() + or + key = "Taint sinks - cryptographic operations" and + value = count(Cryptography::CryptographicOperation o) +} diff --git a/rust/ql/src/queries/summary/SummaryStats.ql b/rust/ql/src/queries/summary/SummaryStats.ql index d9c88a7c56e..57ac5b4004e 100644 --- a/rust/ql/src/queries/summary/SummaryStats.ql +++ b/rust/ql/src/queries/summary/SummaryStats.ql @@ -7,88 +7,7 @@ */ import rust -import codeql.rust.Concepts -import codeql.rust.security.SensitiveData -import codeql.rust.Diagnostics import Stats -import TaintReach - -class CrateElement extends Element { - CrateElement() { - this instanceof Crate or - this instanceof NamedCrate or - this.(AstNode).getParentNode*() = any(Crate c).getModule() - } -} - -predicate elementStats(string key, int value) { - key = "Elements extracted" and - value = count(Element e | not e instanceof Unextracted and not e instanceof CrateElement) - or - key = "Elements unextracted" and value = count(Unextracted e) -} - -predicate extractionStats(string key, int value) { - key = "Extraction errors" and value = count(ExtractionError e) - or - key = "Extraction warnings" and value = count(ExtractionWarning w) - or - key = "Files extracted - total" and value = count(ExtractedFile f | exists(f.getRelativePath())) - or - key = "Files extracted - with errors" and - value = - count(ExtractedFile f | - exists(f.getRelativePath()) and not f instanceof SuccessfullyExtractedFile - ) - or - key = "Files extracted - without errors" and - value = count(SuccessfullyExtractedFile f | exists(f.getRelativePath())) - or - key = "Files extracted - without errors %" and - value = - (count(SuccessfullyExtractedFile f | exists(f.getRelativePath())) * 100) / - count(ExtractedFile f | exists(f.getRelativePath())) - or - key = "Lines of code extracted" and value = getLinesOfCode() - or - key = "Lines of user code extracted" and value = getLinesOfUserCode() - or - key = "Macro calls - total" and value = count(MacroCall mc) - or - key = "Macro calls - resolved" and value = count(MacroCall mc | mc.hasExpanded()) - or - key = "Macro calls - unresolved" and value = count(MacroCall mc | not mc.hasExpanded()) -} - -predicate inconsistencyStats(string key, int value) { - key = "Inconsistencies - AST" and value = getTotalAstInconsistencies() - or - key = "Inconsistencies - Path resolution" and value = getTotalPathResolutionInconsistencies() - or - key = "Inconsistencies - CFG" and value = getTotalCfgInconsistencies() - or - key = "Inconsistencies - data flow" and value = getTotalDataFlowInconsistencies() -} - -predicate taintStats(string key, int value) { - key = "Taint sources - active" and value = count(ActiveThreatModelSource s) - or - key = "Taint sources - disabled" and - value = count(ThreatModelSource s | not s instanceof ActiveThreatModelSource) - or - key = "Taint sources - sensitive data" and value = count(SensitiveData d) - or - key = "Taint edges - number of edges" and value = getTaintEdgesCount() - or - key = "Taint reach - nodes tainted" and value = getTaintedNodesCount() - or - key = "Taint reach - per million nodes" and value = getTaintReach().floor() - or - key = "Taint sinks - query sinks" and value = getQuerySinksCount() - or - key = "Taint sinks - cryptographic operations" and - value = count(Cryptography::CryptographicOperation o) -} from string key, int value where From cc90ba5836c1c60921ab7f4dfddb555c583114e2 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 11 Mar 2025 17:45:24 +0000 Subject: [PATCH 106/409] Rust: Create a less noisy version of the summary stats query, for use in tests. --- .../hello-project/summary.qlref | 2 +- .../hello-workspace/summary.qlref | 2 +- .../ql/src/queries/summary/SummaryStatsLess.ql | 18 ++++++++++++++++++ .../query-tests/diagnostics/SummaryStats.qlref | 1 - ...tats.expected => SummaryStatsLess.expected} | 0 .../diagnostics/SummaryStatsLess.qlref | 1 + 6 files changed, 21 insertions(+), 3 deletions(-) create mode 100644 rust/ql/src/queries/summary/SummaryStatsLess.ql delete mode 100644 rust/ql/test/query-tests/diagnostics/SummaryStats.qlref rename rust/ql/test/query-tests/diagnostics/{SummaryStats.expected => SummaryStatsLess.expected} (100%) create mode 100644 rust/ql/test/query-tests/diagnostics/SummaryStatsLess.qlref diff --git a/rust/ql/integration-tests/hello-project/summary.qlref b/rust/ql/integration-tests/hello-project/summary.qlref index b94ba40446a..3d1b7ac7f1b 100644 --- a/rust/ql/integration-tests/hello-project/summary.qlref +++ b/rust/ql/integration-tests/hello-project/summary.qlref @@ -1 +1 @@ -queries/summary/SummaryStats.ql +queries/summary/SummaryStatsLess.ql diff --git a/rust/ql/integration-tests/hello-workspace/summary.qlref b/rust/ql/integration-tests/hello-workspace/summary.qlref index b94ba40446a..3d1b7ac7f1b 100644 --- a/rust/ql/integration-tests/hello-workspace/summary.qlref +++ b/rust/ql/integration-tests/hello-workspace/summary.qlref @@ -1 +1 @@ -queries/summary/SummaryStats.ql +queries/summary/SummaryStatsLess.ql diff --git a/rust/ql/src/queries/summary/SummaryStatsLess.ql b/rust/ql/src/queries/summary/SummaryStatsLess.ql new file mode 100644 index 00000000000..ddcc76d16bc --- /dev/null +++ b/rust/ql/src/queries/summary/SummaryStatsLess.ql @@ -0,0 +1,18 @@ +/** + * @name Summary Statistics Less + * @description A table of summary statistics about a database, with data that + * has been found to be noisy on tests removed. + * @kind metric + * @id rust/summary/summary-statistics-less + * @tags summary + */ + +import rust +import Stats + +from string key, int value +where + extractionStats(key, value) + or + inconsistencyStats(key, value) +select key, value order by key diff --git a/rust/ql/test/query-tests/diagnostics/SummaryStats.qlref b/rust/ql/test/query-tests/diagnostics/SummaryStats.qlref deleted file mode 100644 index b94ba40446a..00000000000 --- a/rust/ql/test/query-tests/diagnostics/SummaryStats.qlref +++ /dev/null @@ -1 +0,0 @@ -queries/summary/SummaryStats.ql diff --git a/rust/ql/test/query-tests/diagnostics/SummaryStats.expected b/rust/ql/test/query-tests/diagnostics/SummaryStatsLess.expected similarity index 100% rename from rust/ql/test/query-tests/diagnostics/SummaryStats.expected rename to rust/ql/test/query-tests/diagnostics/SummaryStatsLess.expected diff --git a/rust/ql/test/query-tests/diagnostics/SummaryStatsLess.qlref b/rust/ql/test/query-tests/diagnostics/SummaryStatsLess.qlref new file mode 100644 index 00000000000..3d1b7ac7f1b --- /dev/null +++ b/rust/ql/test/query-tests/diagnostics/SummaryStatsLess.qlref @@ -0,0 +1 @@ +queries/summary/SummaryStatsLess.ql From 86840a78c2c098b821118180e9d75b2db578c09e Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 11 Mar 2025 17:47:11 +0000 Subject: [PATCH 107/409] Rust: Update .expected files. --- .../integration-tests/hello-project/summary.expected | 10 ---------- .../hello-workspace/summary.cargo.expected | 10 ---------- .../hello-workspace/summary.rust-project.expected | 10 ---------- .../query-tests/diagnostics/SummaryStatsLess.expected | 10 ---------- 4 files changed, 40 deletions(-) diff --git a/rust/ql/integration-tests/hello-project/summary.expected b/rust/ql/integration-tests/hello-project/summary.expected index 1dd49972c22..1ce4e784cbf 100644 --- a/rust/ql/integration-tests/hello-project/summary.expected +++ b/rust/ql/integration-tests/hello-project/summary.expected @@ -1,5 +1,3 @@ -| Elements extracted | 67 | -| Elements unextracted | 0 | | Extraction errors | 0 | | Extraction warnings | 1 | | Files extracted - total | 5 | @@ -15,11 +13,3 @@ | Macro calls - resolved | 2 | | Macro calls - total | 2 | | Macro calls - unresolved | 0 | -| Taint edges - number of edges | 1674 | -| Taint reach - nodes tainted | 0 | -| Taint reach - per million nodes | 0 | -| Taint sinks - cryptographic operations | 0 | -| Taint sinks - query sinks | 1 | -| Taint sources - active | 0 | -| Taint sources - disabled | 0 | -| Taint sources - sensitive data | 0 | diff --git a/rust/ql/integration-tests/hello-workspace/summary.cargo.expected b/rust/ql/integration-tests/hello-workspace/summary.cargo.expected index baaba2837e7..67da3bcf309 100644 --- a/rust/ql/integration-tests/hello-workspace/summary.cargo.expected +++ b/rust/ql/integration-tests/hello-workspace/summary.cargo.expected @@ -1,5 +1,3 @@ -| Elements extracted | 90 | -| Elements unextracted | 0 | | Extraction errors | 0 | | Extraction warnings | 0 | | Files extracted - total | 4 | @@ -15,11 +13,3 @@ | Macro calls - resolved | 2 | | Macro calls - total | 2 | | Macro calls - unresolved | 0 | -| Taint edges - number of edges | 1674 | -| Taint reach - nodes tainted | 0 | -| Taint reach - per million nodes | 0 | -| Taint sinks - cryptographic operations | 0 | -| Taint sinks - query sinks | 1 | -| Taint sources - active | 0 | -| Taint sources - disabled | 0 | -| Taint sources - sensitive data | 0 | diff --git a/rust/ql/integration-tests/hello-workspace/summary.rust-project.expected b/rust/ql/integration-tests/hello-workspace/summary.rust-project.expected index baaba2837e7..67da3bcf309 100644 --- a/rust/ql/integration-tests/hello-workspace/summary.rust-project.expected +++ b/rust/ql/integration-tests/hello-workspace/summary.rust-project.expected @@ -1,5 +1,3 @@ -| Elements extracted | 90 | -| Elements unextracted | 0 | | Extraction errors | 0 | | Extraction warnings | 0 | | Files extracted - total | 4 | @@ -15,11 +13,3 @@ | Macro calls - resolved | 2 | | Macro calls - total | 2 | | Macro calls - unresolved | 0 | -| Taint edges - number of edges | 1674 | -| Taint reach - nodes tainted | 0 | -| Taint reach - per million nodes | 0 | -| Taint sinks - cryptographic operations | 0 | -| Taint sinks - query sinks | 1 | -| Taint sources - active | 0 | -| Taint sources - disabled | 0 | -| Taint sources - sensitive data | 0 | diff --git a/rust/ql/test/query-tests/diagnostics/SummaryStatsLess.expected b/rust/ql/test/query-tests/diagnostics/SummaryStatsLess.expected index d34cd849069..640bd179abd 100644 --- a/rust/ql/test/query-tests/diagnostics/SummaryStatsLess.expected +++ b/rust/ql/test/query-tests/diagnostics/SummaryStatsLess.expected @@ -1,5 +1,3 @@ -| Elements extracted | 406 | -| Elements unextracted | 0 | | Extraction errors | 0 | | Extraction warnings | 7 | | Files extracted - total | 7 | @@ -15,11 +13,3 @@ | Macro calls - resolved | 8 | | Macro calls - total | 9 | | Macro calls - unresolved | 1 | -| Taint edges - number of edges | 1674 | -| Taint reach - nodes tainted | 0 | -| Taint reach - per million nodes | 0 | -| Taint sinks - cryptographic operations | 0 | -| Taint sinks - query sinks | 3 | -| Taint sources - active | 0 | -| Taint sources - disabled | 0 | -| Taint sources - sensitive data | 0 | From 73eebcbca6be68f8acf83bda16499695625c3f43 Mon Sep 17 00:00:00 2001 From: Joe Farebrother Date: Tue, 1 Apr 2025 09:59:58 +0100 Subject: [PATCH 108/409] Python: Add file-not-closed and special-method-wrong-signature to python code-quality suite --- python/ql/src/codeql-suites/python-code-quality.qls | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/python/ql/src/codeql-suites/python-code-quality.qls b/python/ql/src/codeql-suites/python-code-quality.qls index 1b0cc2b4e4a..3ada7e8eb4c 100644 --- a/python/ql/src/codeql-suites/python-code-quality.qls +++ b/python/ql/src/codeql-suites/python-code-quality.qls @@ -1,5 +1,7 @@ - queries: . - include: id: - - py/not-named-self + - py/not-named-self - py/not-named-cls + - py/file-not-closed + - py/special-method-wrong-signature From 7afcd1bbecf60c6c8bb7af57a31ae760b22f162e Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Tue, 1 Apr 2025 11:07:17 +0200 Subject: [PATCH 109/409] Swift: Update test output. --- .../ql/test/library-tests/dataflow/dataflow/DataFlow.expected | 3 +++ .../ql/test/library-tests/dataflow/dataflow/LocalFlow.expected | 2 ++ swift/ql/test/library-tests/dataflow/dataflow/test.swift | 2 +- 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/swift/ql/test/library-tests/dataflow/dataflow/DataFlow.expected b/swift/ql/test/library-tests/dataflow/dataflow/DataFlow.expected index bf6376bb0a1..7ab18dcf818 100644 --- a/swift/ql/test/library-tests/dataflow/dataflow/DataFlow.expected +++ b/swift/ql/test/library-tests/dataflow/dataflow/DataFlow.expected @@ -172,6 +172,7 @@ edges | test.swift:6:19:6:26 | call to source() | test.swift:7:15:7:15 | t1 | provenance | | | test.swift:6:19:6:26 | call to source() | test.swift:9:15:9:15 | t1 | provenance | | | test.swift:6:19:6:26 | call to source() | test.swift:10:15:10:15 | t2 | provenance | | +| test.swift:6:19:6:26 | call to source() | test.swift:15:15:15:15 | t2 | provenance | | | test.swift:25:20:25:27 | call to source() | test.swift:29:18:29:21 | x | provenance | | | test.swift:26:26:26:33 | call to source() | test.swift:29:26:29:29 | y | provenance | | | test.swift:29:18:29:21 | x | test.swift:30:15:30:15 | x | provenance | | @@ -964,6 +965,7 @@ nodes | test.swift:7:15:7:15 | t1 | semmle.label | t1 | | test.swift:9:15:9:15 | t1 | semmle.label | t1 | | test.swift:10:15:10:15 | t2 | semmle.label | t2 | +| test.swift:15:15:15:15 | t2 | semmle.label | t2 | | test.swift:25:20:25:27 | call to source() | semmle.label | call to source() | | test.swift:26:26:26:33 | call to source() | semmle.label | call to source() | | test.swift:29:18:29:21 | x | semmle.label | x | @@ -1706,6 +1708,7 @@ subpaths | test.swift:7:15:7:15 | t1 | test.swift:6:19:6:26 | call to source() | test.swift:7:15:7:15 | t1 | result | | test.swift:9:15:9:15 | t1 | test.swift:6:19:6:26 | call to source() | test.swift:9:15:9:15 | t1 | result | | test.swift:10:15:10:15 | t2 | test.swift:6:19:6:26 | call to source() | test.swift:10:15:10:15 | t2 | result | +| test.swift:15:15:15:15 | t2 | test.swift:6:19:6:26 | call to source() | test.swift:15:15:15:15 | t2 | result | | test.swift:30:15:30:15 | x | test.swift:25:20:25:27 | call to source() | test.swift:30:15:30:15 | x | result | | test.swift:31:15:31:15 | y | test.swift:26:26:26:33 | call to source() | test.swift:31:15:31:15 | y | result | | test.swift:39:15:39:29 | call to callee_source() | test.swift:35:12:35:19 | call to source() | test.swift:39:15:39:29 | call to callee_source() | result | diff --git a/swift/ql/test/library-tests/dataflow/dataflow/LocalFlow.expected b/swift/ql/test/library-tests/dataflow/dataflow/LocalFlow.expected index 7ec3f1a5aa4..3132e0aee3a 100644 --- a/swift/ql/test/library-tests/dataflow/dataflow/LocalFlow.expected +++ b/swift/ql/test/library-tests/dataflow/dataflow/LocalFlow.expected @@ -250,11 +250,13 @@ | test.swift:7:15:7:15 | [post] t1 | test.swift:8:10:8:10 | t1 | | test.swift:7:15:7:15 | t1 | test.swift:8:10:8:10 | t1 | | test.swift:8:5:8:10 | SSA def(t2) | test.swift:10:15:10:15 | t2 | +| test.swift:8:5:8:10 | SSA def(t2) | test.swift:15:5:15:5 | SSA phi(t2) | | test.swift:8:10:8:10 | t1 | test.swift:8:5:8:10 | SSA def(t2) | | test.swift:8:10:8:10 | t1 | test.swift:9:15:9:15 | t1 | | test.swift:9:15:9:15 | [post] t1 | test.swift:11:8:11:8 | t1 | | test.swift:9:15:9:15 | t1 | test.swift:11:8:11:8 | t1 | | test.swift:12:9:12:14 | SSA def(t2) | test.swift:13:19:13:19 | t2 | +| test.swift:12:9:12:14 | SSA def(t2) | test.swift:15:5:15:5 | SSA phi(t2) | | test.swift:12:14:12:14 | 0 | test.swift:12:9:12:14 | SSA def(t2) | | test.swift:15:5:15:5 | SSA phi(t2) | test.swift:15:15:15:15 | t2 | | test.swift:17:5:17:10 | SSA def(t1) | test.swift:21:15:21:15 | t1 | diff --git a/swift/ql/test/library-tests/dataflow/dataflow/test.swift b/swift/ql/test/library-tests/dataflow/dataflow/test.swift index 515aa666201..b0f23ccb303 100644 --- a/swift/ql/test/library-tests/dataflow/dataflow/test.swift +++ b/swift/ql/test/library-tests/dataflow/dataflow/test.swift @@ -12,7 +12,7 @@ func intraprocedural_with_local_flow() -> Void { t2 = 0 sink(arg: t2) } - sink(arg: t2) // $ MISSING: flow=6 + sink(arg: t2) // $ flow=6 t1 = 0; while(false) { From 1d49252c03840cd15ffd6d38b3b6692636dfbd1d Mon Sep 17 00:00:00 2001 From: Arthur Baars Date: Tue, 1 Apr 2025 12:34:18 +0200 Subject: [PATCH 110/409] Rust: QLTest: delete Cargo.lock files --- rust/extractor/src/qltest.rs | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/rust/extractor/src/qltest.rs b/rust/extractor/src/qltest.rs index 9553907b7db..316ecd0cee4 100644 --- a/rust/extractor/src/qltest.rs +++ b/rust/extractor/src/qltest.rs @@ -4,6 +4,7 @@ use glob::glob; use itertools::Itertools; use std::ffi::OsStr; use std::fs; +use std::path::Path; use std::process::Command; use tracing::info; @@ -58,9 +59,18 @@ fn set_sources(config: &mut Config) -> anyhow::Result<()> { Ok(()) } +fn remove_file_if_exists(path: &Path) -> anyhow::Result<()> { + match fs::remove_file(path) { + Err(e) if e.kind() == std::io::ErrorKind::NotFound => Ok(()), + x => x, + } + .context(format!("removing file {}", path.display())) +} + pub(crate) fn prepare(config: &mut Config) -> anyhow::Result<()> { dump_lib()?; set_sources(config)?; + remove_file_if_exists(Path::new("Cargo.lock"))?; dump_cargo_manifest(&config.qltest_dependencies)?; if config.qltest_cargo_check { let status = Command::new("cargo") From 81a39f380ac6cdffc311e24aa479ea6b1f7bdcb1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=93scar=20San=20Jos=C3=A9?= Date: Tue, 1 Apr 2025 12:48:00 +0200 Subject: [PATCH 111/409] Change niceness of test server --- .../java/buildless-snapshot-repository/test.py | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/java/ql/integration-tests/java/buildless-snapshot-repository/test.py b/java/ql/integration-tests/java/buildless-snapshot-repository/test.py index e5e38d725ae..d343ce4b962 100644 --- a/java/ql/integration-tests/java/buildless-snapshot-repository/test.py +++ b/java/ql/integration-tests/java/buildless-snapshot-repository/test.py @@ -1,11 +1,15 @@ import subprocess -import sys +import runs_on def test(codeql, java): - # This serves the "repo" directory on http://localhost:9427 + # This serves the "repo" directory on http://localhost:9428 + command = ["python3", "-m", "http.server", "9428", "-b", "localhost"] + if runs_on.github_actions and runs_on.posix: + # On GitHub Actions, we try to run the server with higher priority + command = ["nice", "-n", "10"] + command repo_server_process = subprocess.Popen( - [sys.executable, "-m", "http.server", "9427"], cwd="repo" + command, cwd="repo" ) try: codeql.database.create( From 1ec3e8712b5b0daf3a0db52c30137a32fc0bc2e1 Mon Sep 17 00:00:00 2001 From: yoff Date: Tue, 1 Apr 2025 13:18:30 +0200 Subject: [PATCH 112/409] Apply suggestions from code review Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com> --- actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql b/actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql index 6d5bd04b3e2..760ef8c1897 100644 --- a/actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql +++ b/actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql @@ -30,6 +30,7 @@ string jobNeedsPersmission(Job job) { actionsPermissionsDataModel(versionedAction(stepUses(stepInJob(job))), result) } +/** Gets a suggestion for the minimal token permissions for `job`, as a JSON string. */ string permissionsForJob(Job job) { result = "{" + concat(string permission | permission = jobNeedsPersmission(job) | permission, ", ") + "}" @@ -46,4 +47,4 @@ where ) and permissions = permissionsForJob(job) select job, - "Actions Job or Workflow does not set permissions. A minimal set might be " + permissions + "Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: " + permissions From 10205cb9906dfd6bcbffe7f68b601fd1a7d62cb2 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Tue, 1 Apr 2025 11:30:43 +0000 Subject: [PATCH 113/409] Post-release preparation for codeql-cli-2.21.0 --- actions/ql/lib/qlpack.yml | 2 +- actions/ql/src/qlpack.yml | 2 +- cpp/ql/lib/qlpack.yml | 2 +- cpp/ql/src/qlpack.yml | 2 +- csharp/ql/campaigns/Solorigate/lib/qlpack.yml | 2 +- csharp/ql/campaigns/Solorigate/src/qlpack.yml | 2 +- csharp/ql/lib/qlpack.yml | 2 +- csharp/ql/src/qlpack.yml | 2 +- go/ql/consistency-queries/qlpack.yml | 2 +- go/ql/lib/qlpack.yml | 2 +- go/ql/src/qlpack.yml | 2 +- java/ql/lib/qlpack.yml | 2 +- java/ql/src/qlpack.yml | 2 +- javascript/ql/lib/qlpack.yml | 2 +- javascript/ql/src/qlpack.yml | 2 +- misc/suite-helpers/qlpack.yml | 2 +- python/ql/lib/qlpack.yml | 2 +- python/ql/src/qlpack.yml | 2 +- ruby/ql/lib/qlpack.yml | 2 +- ruby/ql/src/qlpack.yml | 2 +- rust/ql/lib/qlpack.yml | 2 +- rust/ql/src/qlpack.yml | 2 +- shared/controlflow/qlpack.yml | 2 +- shared/dataflow/qlpack.yml | 2 +- shared/mad/qlpack.yml | 2 +- shared/rangeanalysis/qlpack.yml | 2 +- shared/regex/qlpack.yml | 2 +- shared/ssa/qlpack.yml | 2 +- shared/threat-models/qlpack.yml | 2 +- shared/tutorial/qlpack.yml | 2 +- shared/typeflow/qlpack.yml | 2 +- shared/typeinference/qlpack.yml | 2 +- shared/typetracking/qlpack.yml | 2 +- shared/typos/qlpack.yml | 2 +- shared/util/qlpack.yml | 2 +- shared/xml/qlpack.yml | 2 +- shared/yaml/qlpack.yml | 2 +- swift/ql/lib/qlpack.yml | 2 +- swift/ql/src/qlpack.yml | 2 +- 39 files changed, 39 insertions(+), 39 deletions(-) diff --git a/actions/ql/lib/qlpack.yml b/actions/ql/lib/qlpack.yml index 2362bf619f7..aecd3607345 100644 --- a/actions/ql/lib/qlpack.yml +++ b/actions/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/actions-all -version: 0.4.6 +version: 0.4.7-dev library: true warnOnImplicitThis: true dependencies: diff --git a/actions/ql/src/qlpack.yml b/actions/ql/src/qlpack.yml index d43eedd5444..f6eb8be1138 100644 --- a/actions/ql/src/qlpack.yml +++ b/actions/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/actions-queries -version: 0.5.3 +version: 0.5.4-dev library: false warnOnImplicitThis: true groups: [actions, queries] diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index 2f9e0a91ca6..5ee964c4b50 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 4.1.0 +version: 4.1.1-dev groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index be8212979fa..67293337da9 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 1.3.7 +version: 1.3.8-dev groups: - cpp - queries diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index 10f9ed40e0d..eefe4e2fe57 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.7.37 +version: 1.7.38-dev groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index a4148e9688b..a03f987c8c7 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.7.37 +version: 1.7.38-dev groups: - csharp - solorigate diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index e80d0a3ebbd..647655511ea 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 5.1.3 +version: 5.1.4-dev groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index d669f267976..d6f04fe6575 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 1.1.0 +version: 1.1.1-dev groups: - csharp - queries diff --git a/go/ql/consistency-queries/qlpack.yml b/go/ql/consistency-queries/qlpack.yml index 82bc42c2378..78d52739d9e 100644 --- a/go/ql/consistency-queries/qlpack.yml +++ b/go/ql/consistency-queries/qlpack.yml @@ -1,5 +1,5 @@ name: codeql-go-consistency-queries -version: 1.0.20 +version: 1.0.21-dev groups: - go - queries diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index 487e9205e72..34ba33332a2 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 4.2.2 +version: 4.2.3-dev groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index 514a7809b7f..3e3b248716d 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 1.1.11 +version: 1.1.12-dev groups: - go - queries diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index 9936592e430..1037ae7708a 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 7.1.2 +version: 7.1.3-dev groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index d7143d40041..e7c3a7da88e 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 1.4.0 +version: 1.4.1-dev groups: - java - queries diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index 9a38483496e..80004cfa6a0 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 2.6.0 +version: 2.6.1-dev groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index 7556097a440..3a5ecb85b4f 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 1.5.2 +version: 1.5.3-dev groups: - javascript - queries diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index 303abd1b23f..28a36682869 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,4 +1,4 @@ name: codeql/suite-helpers -version: 1.0.20 +version: 1.0.21-dev groups: shared warnOnImplicitThis: true diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index 709aed32422..020415470fe 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 4.0.4 +version: 4.0.5-dev groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index 321638c2577..2d3896cc57f 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 1.4.6 +version: 1.4.7-dev groups: - python - queries diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index 92f9db23dfd..639f6fb35f1 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 4.1.3 +version: 4.1.4-dev groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index b38e7eb7fda..ca0617aa13e 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 1.1.15 +version: 1.1.16-dev groups: - ruby - queries diff --git a/rust/ql/lib/qlpack.yml b/rust/ql/lib/qlpack.yml index 8ca8fd5100c..603ede342c7 100644 --- a/rust/ql/lib/qlpack.yml +++ b/rust/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rust-all -version: 0.1.5 +version: 0.1.6-dev groups: rust extractor: rust dbscheme: rust.dbscheme diff --git a/rust/ql/src/qlpack.yml b/rust/ql/src/qlpack.yml index 4158c204364..4b0296c0af8 100644 --- a/rust/ql/src/qlpack.yml +++ b/rust/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rust-queries -version: 0.1.5 +version: 0.1.6-dev groups: - rust - queries diff --git a/shared/controlflow/qlpack.yml b/shared/controlflow/qlpack.yml index 8b0b8d6e05a..5b1c8278c8a 100644 --- a/shared/controlflow/qlpack.yml +++ b/shared/controlflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/controlflow -version: 2.0.4 +version: 2.0.5-dev groups: shared library: true dependencies: diff --git a/shared/dataflow/qlpack.yml b/shared/dataflow/qlpack.yml index cb4f087f143..86a58593efd 100644 --- a/shared/dataflow/qlpack.yml +++ b/shared/dataflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/dataflow -version: 2.0.4 +version: 2.0.5-dev groups: shared library: true dependencies: diff --git a/shared/mad/qlpack.yml b/shared/mad/qlpack.yml index d5b498e369e..0c7d0f8fb14 100644 --- a/shared/mad/qlpack.yml +++ b/shared/mad/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/mad -version: 1.0.20 +version: 1.0.21-dev groups: shared library: true dependencies: diff --git a/shared/rangeanalysis/qlpack.yml b/shared/rangeanalysis/qlpack.yml index 544e541bc32..258e34f4416 100644 --- a/shared/rangeanalysis/qlpack.yml +++ b/shared/rangeanalysis/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rangeanalysis -version: 1.0.20 +version: 1.0.21-dev groups: shared library: true dependencies: diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index a9950725bb8..fb48dd895fe 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 1.0.20 +version: 1.0.21-dev groups: shared library: true dependencies: diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index 0945748a4cd..c5e5a147085 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ssa -version: 1.0.20 +version: 1.0.21-dev groups: shared library: true dependencies: diff --git a/shared/threat-models/qlpack.yml b/shared/threat-models/qlpack.yml index 6458fce2229..2698ba75fe4 100644 --- a/shared/threat-models/qlpack.yml +++ b/shared/threat-models/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/threat-models -version: 1.0.20 +version: 1.0.21-dev library: true groups: shared dataExtensions: diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index 3cbfb9b8150..239783afe11 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -1,7 +1,7 @@ name: codeql/tutorial description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries. -version: 1.0.20 +version: 1.0.21-dev groups: shared library: true warnOnImplicitThis: true diff --git a/shared/typeflow/qlpack.yml b/shared/typeflow/qlpack.yml index 974e866403f..243dbbefacc 100644 --- a/shared/typeflow/qlpack.yml +++ b/shared/typeflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typeflow -version: 1.0.20 +version: 1.0.21-dev groups: shared library: true dependencies: diff --git a/shared/typeinference/qlpack.yml b/shared/typeinference/qlpack.yml index d71f3639515..4606888741a 100644 --- a/shared/typeinference/qlpack.yml +++ b/shared/typeinference/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typeinference -version: 0.0.1 +version: 0.0.2-dev groups: shared library: true dependencies: diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index dcee785031a..387f2df0850 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typetracking -version: 2.0.4 +version: 2.0.5-dev groups: shared library: true dependencies: diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index 66603d0cfd4..b84e528b13a 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typos -version: 1.0.20 +version: 1.0.21-dev groups: shared library: true warnOnImplicitThis: true diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index ca15e29077c..cec325c5327 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/util -version: 2.0.7 +version: 2.0.8-dev groups: shared library: true dependencies: null diff --git a/shared/xml/qlpack.yml b/shared/xml/qlpack.yml index 0f0a5c9e585..ddd183347db 100644 --- a/shared/xml/qlpack.yml +++ b/shared/xml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/xml -version: 1.0.20 +version: 1.0.21-dev groups: shared library: true dependencies: diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index 5239b96b722..bfb8003b745 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/yaml -version: 1.0.20 +version: 1.0.21-dev groups: shared library: true warnOnImplicitThis: true diff --git a/swift/ql/lib/qlpack.yml b/swift/ql/lib/qlpack.yml index 64b6a20fccc..a8937945393 100644 --- a/swift/ql/lib/qlpack.yml +++ b/swift/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-all -version: 4.1.3 +version: 4.1.4-dev groups: swift extractor: swift dbscheme: swift.dbscheme diff --git a/swift/ql/src/qlpack.yml b/swift/ql/src/qlpack.yml index 7c8c0606694..65d542ab524 100644 --- a/swift/ql/src/qlpack.yml +++ b/swift/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-queries -version: 1.1.0 +version: 1.1.1-dev groups: - swift - queries From 3cdd641b8191590c1416fb325f718243ced6e1f5 Mon Sep 17 00:00:00 2001 From: yoff Date: Tue, 1 Apr 2025 13:43:00 +0200 Subject: [PATCH 114/409] actions: fix typo --- .../ql/src/Security/CWE-275/MissingActionsPermissions.ql | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql b/actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql index 760ef8c1897..bc3b4869a8d 100644 --- a/actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql +++ b/actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql @@ -26,14 +26,14 @@ string versionedAction(string fullActionSelector) { string stepUses(Step step) { result = step.getUses().(ScalarValue).getValue() } -string jobNeedsPersmission(Job job) { +string jobNeedsPermission(Job job) { actionsPermissionsDataModel(versionedAction(stepUses(stepInJob(job))), result) } /** Gets a suggestion for the minimal token permissions for `job`, as a JSON string. */ string permissionsForJob(Job job) { result = - "{" + concat(string permission | permission = jobNeedsPersmission(job) | permission, ", ") + "}" + "{" + concat(string permission | permission = jobNeedsPermission(job) | permission, ", ") + "}" } from Job job, string permissions @@ -47,4 +47,5 @@ where ) and permissions = permissionsForJob(job) select job, - "Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: " + permissions + "Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: " + + permissions From d33ce423d8874a3f28a663b0fcad8dd3c9af02d1 Mon Sep 17 00:00:00 2001 From: Marco Gario Date: Tue, 1 Apr 2025 13:58:37 +0200 Subject: [PATCH 115/409] Update UntrustedCheckoutCritical.ql --- actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql b/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql index 9676e942f7c..ad79a1ce776 100644 --- a/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql +++ b/actions/ql/src/Security/CWE-829/UntrustedCheckoutCritical.ql @@ -1,5 +1,5 @@ /** - * @name Checkout of untrusted code in a priviledged context + * @name Checkout of untrusted code in a privileged context * @description Privileged workflows have read/write access to the base repository and access to secrets. * By explicitly checking out and running the build script from a fork the untrusted code is running in an environment * that is able to push to the base repository and to access secrets. From 8acf9ceef4614a86a2efdc364f3e9952a7d7dbea Mon Sep 17 00:00:00 2001 From: Simon Friis Vindum Date: Fri, 28 Mar 2025 15:48:07 +0100 Subject: [PATCH 116/409] Rust: Make trait a base type mention of the self type parameter --- rust/ql/lib/codeql/rust/internal/Type.qll | 35 ++- .../codeql/rust/internal/TypeInference.qll | 101 ++++---- .../lib/codeql/rust/internal/TypeMention.qll | 46 ++-- .../type-inference/type-inference.expected | 240 +++--------------- 4 files changed, 126 insertions(+), 296 deletions(-) diff --git a/rust/ql/lib/codeql/rust/internal/Type.qll b/rust/ql/lib/codeql/rust/internal/Type.qll index 8bf9f4a1c11..86abcb638f8 100644 --- a/rust/ql/lib/codeql/rust/internal/Type.qll +++ b/rust/ql/lib/codeql/rust/internal/Type.qll @@ -16,7 +16,7 @@ newtype TType = TRefType() or // todo: add mut? TTypeParamTypeParameter(TypeParam t) or TRefTypeParameter() or - TSelfTypeParameter() + TSelfTypeParameter(Trait t) /** * A type without type arguments. @@ -144,9 +144,6 @@ class TraitType extends Type, TTrait { override TypeParameter getTypeParameter(int i) { result = TTypeParamTypeParameter(trait.getGenericParamList().getTypeParam(i)) - or - result = TSelfTypeParameter() and - i = -1 } pragma[nomagic] @@ -226,11 +223,9 @@ class ImplType extends Type, TImpl { override TypeParameter getTypeParameter(int i) { result = TTypeParamTypeParameter(impl.getGenericParamList().getTypeParam(i)) - or - result = TSelfTypeParameter() and - i = -1 } + /** Get the trait implemented by this `impl` block, if any. */ override TypeMention getABaseTypeMention() { result = impl.getTrait() } override string toString() { result = impl.toString() } @@ -334,11 +329,29 @@ class RefTypeParameter extends TypeParameter, TRefTypeParameter { override Location getLocation() { result instanceof EmptyLocation } } -/** An implicit `Self` type parameter. */ +/** + * The implicit `Self` type parameter of a trait, that refers to the + * implementing type of the trait. + * + * The Rust Reference on the implicit `Self` parameter: + * https://doc.rust-lang.org/reference/items/traits.html#r-items.traits.self-param + */ class SelfTypeParameter extends TypeParameter, TSelfTypeParameter { - override Function getMethod(string name) { none() } + private Trait trait; - override string toString() { result = "(Self)" } + SelfTypeParameter() { this = TSelfTypeParameter(trait) } - override Location getLocation() { result instanceof EmptyLocation } + Trait getTrait() { result = trait } + + override TypeMention getABaseTypeMention() { result = trait } + + override Function getMethod(string name) { + // The `Self` type parameter is an implementation of the trait, so it has + // all the trait's methods. + result = trait.(ItemNode).getASuccessor(name) + } + + override string toString() { result = "Self [" + trait.toString() + "]" } + + override Location getLocation() { result = trait.getLocation() } } diff --git a/rust/ql/lib/codeql/rust/internal/TypeInference.qll b/rust/ql/lib/codeql/rust/internal/TypeInference.qll index 5c59cee8a17..bef741d2470 100644 --- a/rust/ql/lib/codeql/rust/internal/TypeInference.qll +++ b/rust/ql/lib/codeql/rust/internal/TypeInference.qll @@ -38,21 +38,42 @@ private module Input1 implements InputSig1 { } } - class TypeParameterPosition = TypeParam; + private newtype TTypeParameterPosition = + TTypeParamTypeParameterPosition(TypeParam tp) or + TSelfTypeParameterPosition() + + class TypeParameterPosition extends TTypeParameterPosition { + TypeParam asTypeParam() { this = TTypeParamTypeParameterPosition(result) } + + predicate isSelf() { this = TSelfTypeParameterPosition() } + + string toString() { + result = this.asTypeParam().toString() + or + result = "Self" and this.isSelf() + } + } + + /** Holds if `typeParam`, `param` and `ppos` all concern the same `TypeParam`. */ + additional predicate typeParamMatchPosition( + TypeParam typeParam, TypeParamTypeParameter param, TypeParameterPosition ppos + ) { + typeParam = param.getTypeParam() and typeParam = ppos.asTypeParam() + } bindingset[apos] bindingset[ppos] predicate typeArgumentParameterPositionMatch(TypeArgumentPosition apos, TypeParameterPosition ppos) { - apos.asTypeParam() = ppos + apos.asTypeParam() = ppos.asTypeParam() or - apos.asMethodTypeArgumentPosition() = ppos.getPosition() + apos.asMethodTypeArgumentPosition() = ppos.asTypeParam().getPosition() } - private predicate id(Raw::TypeParam x, Raw::TypeParam y) { x = y } + private predicate id(Raw::AstNode x, Raw::AstNode y) { x = y } - private predicate idOfRaw(Raw::TypeParam x, int y) = equivalenceRelation(id/2)(x, y) + private predicate idOfRaw(Raw::AstNode x, int y) = equivalenceRelation(id/2)(x, y) - private int idOf(TypeParam node) { idOfRaw(Synth::convertAstNodeToRaw(node), result) } + private int idOf(AstNode node) { idOfRaw(Synth::convertAstNodeToRaw(node), result) } int getTypeParameterId(TypeParameter tp) { tp = @@ -61,12 +82,11 @@ private module Input1 implements InputSig1 { kind = 0 and id = 0 or - tp0 instanceof SelfTypeParameter and - kind = 0 and - id = 1 - or - id = idOf(tp0.(TypeParamTypeParameter).getTypeParam()) and - kind = 1 + kind = 1 and + exists(AstNode node | id = idOf(node) | + node = tp0.(TypeParamTypeParameter).getTypeParam() or + node = tp0.(SelfTypeParameter).getTrait() + ) | tp0 order by kind, id ) @@ -211,15 +231,6 @@ private Type inferImplSelfType(Impl i, TypePath path) { result = i.getSelfTy().(TypeReprMention).resolveTypeAt(path) } -pragma[nomagic] -private Type inferTraitSelfType(Trait t, TypePath path) { - result = TTrait(t) and - path.isEmpty() - or - result = TTypeParamTypeParameter(t.getGenericParamList().getATypeParam()) and - path = TypePath::singleton(result) -} - /** Gets the type at `path` of the implicitly typed `self` parameter. */ pragma[nomagic] private Type inferImplicitSelfType(SelfParam self, TypePath path) { @@ -230,7 +241,7 @@ private Type inferImplicitSelfType(SelfParam self, TypePath path) { | t = inferImplSelfType(i, suffix) or - t = inferTraitSelfType(i, suffix) + t = TSelfTypeParameter(i) and suffix.isEmpty() ) } @@ -273,8 +284,7 @@ private module StructExprMatchingInput implements MatchingInputSig { abstract TypeParam getATypeParam(); final TypeParameter getTypeParameter(TypeParameterPosition ppos) { - result.(TypeParamTypeParameter).getTypeParam() = ppos and - ppos = this.getATypeParam() + typeParamMatchPosition(this.getATypeParam(), result, ppos) } abstract StructField getField(string name); @@ -417,12 +427,7 @@ private module CallExprBaseMatchingInput implements MatchingInputSig { } abstract class Declaration extends AstNode { - abstract TypeParam getATypeParam(); - - final TypeParameter getTypeParameter(TypeParameterPosition ppos) { - result.(TypeParamTypeParameter).getTypeParam() = ppos and - ppos = this.getATypeParam() - } + abstract TypeParameter getTypeParameter(TypeParameterPosition ppos); pragma[nomagic] abstract Type getParameterType(DeclarationPosition dpos, TypePath path); @@ -440,7 +445,9 @@ private module CallExprBaseMatchingInput implements MatchingInputSig { private class TupleStructDecl extends Declaration, Struct { TupleStructDecl() { this.isTuple() } - override TypeParam getATypeParam() { result = this.getGenericParamList().getATypeParam() } + override TypeParameter getTypeParameter(TypeParameterPosition ppos) { + typeParamMatchPosition(this.getGenericParamList().getATypeParam(), result, ppos) + } override Type getParameterType(DeclarationPosition dpos, TypePath path) { exists(int pos | @@ -461,8 +468,8 @@ private module CallExprBaseMatchingInput implements MatchingInputSig { private class TupleVariantDecl extends Declaration, Variant { TupleVariantDecl() { this.isTuple() } - override TypeParam getATypeParam() { - result = this.getEnum().getGenericParamList().getATypeParam() + override TypeParameter getTypeParameter(TypeParameterPosition ppos) { + typeParamMatchPosition(this.getEnum().getGenericParamList().getATypeParam(), result, ppos) } override Type getParameterType(DeclarationPosition dpos, TypePath path) { @@ -483,38 +490,36 @@ private module CallExprBaseMatchingInput implements MatchingInputSig { } } - pragma[nomagic] - private Type inferAnnotatedTypeInclSelf(AstNode n, TypePath path) { - result = getTypeAnnotation(n).resolveTypeAtInclSelf(path) - } - private class FunctionDecl extends Declaration, Function { - override TypeParam getATypeParam() { result = this.getGenericParamList().getATypeParam() } + override TypeParameter getTypeParameter(TypeParameterPosition ppos) { + typeParamMatchPosition(this.getGenericParamList().getATypeParam(), result, ppos) + or + exists(TraitItemNode trait | this = trait.getAnAssocItem() | + typeParamMatchPosition(trait.getTypeParam(_), result, ppos) + or + ppos.isSelf() and result = TSelfTypeParameter(trait) + ) + } override Type getParameterType(DeclarationPosition dpos, TypePath path) { exists(Param p, int i, boolean inMethod | paramPos(this.getParamList(), p, i, inMethod) and dpos = TPositionalDeclarationPosition(i, inMethod) and - result = inferAnnotatedTypeInclSelf(p.getPat(), path) + result = inferAnnotatedType(p.getPat(), path) ) or exists(SelfParam self | self = pragma[only_bind_into](this.getParamList().getSelfParam()) and dpos.isSelf() | - // `self` parameter with type annotation - result = inferAnnotatedTypeInclSelf(self, path) + result = inferAnnotatedType(self, path) // `self` parameter with type annotation or - // `self` parameter without type annotation - result = inferImplicitSelfType(self, path) - or - // `self` parameter without type annotation should also have the special `Self` type - result = getRefAdjustImplicitSelfType(self, TypePath::nil(), TSelfTypeParameter(), path) + result = inferImplicitSelfType(self, path) // `self` parameter without type annotation ) } override Type getReturnType(TypePath path) { - result = this.getRetType().getTypeRepr().(TypeReprMention).resolveTypeAtInclSelf(path) + result = this.getRetType().getTypeRepr().(TypeReprMention).resolveTypeAt(path) } } diff --git a/rust/ql/lib/codeql/rust/internal/TypeMention.qll b/rust/ql/lib/codeql/rust/internal/TypeMention.qll index f8fa7923f21..a5e696313a3 100644 --- a/rust/ql/lib/codeql/rust/internal/TypeMention.qll +++ b/rust/ql/lib/codeql/rust/internal/TypeMention.qll @@ -29,27 +29,6 @@ abstract class TypeMention extends AstNode { /** Gets the type that the sub mention at `path` resolves to, if any. */ Type resolveTypeAt(TypePath path) { result = this.getMentionAt(path).resolveType() } - - /** - * Like `resolveTypeAt`, but also resolves `Self` mentions to the implicit - * `Self` type parameter. - * - * This is only needed when resolving types for calls to methods; inside the - * methods themselves, `Self` only resolves to the relevant trait or type - * being implemented. - */ - final Type resolveTypeAtInclSelf(TypePath path) { - result = this.resolveTypeAt(path) - or - exists(TypeMention tm, ImplOrTraitItemNode node | - tm = this.getMentionAt(path) and - result = TSelfTypeParameter() - | - tm = node.getASelfPath() - or - tm.(PathTypeRepr).getPath() = node.getASelfPath() - ) - } } class TypeReprMention extends TypeMention, TypeRepr { @@ -80,11 +59,11 @@ class PathMention extends TypeMention, Path { override TypeMention getTypeArgument(int i) { result = this.getSegment().getGenericArgList().getTypeArg(i) or - // `Self` paths inside traits and `impl` blocks have implicit type arguments - // that are the type parameters of the trait or impl. For example, in + // `Self` paths inside `impl` blocks have implicit type arguments that are + // the type parameters of the `impl` block. For example, in // // ```rust - // impl Foo { + // impl Foo { // fn m(self) -> Self { // self // } @@ -92,10 +71,9 @@ class PathMention extends TypeMention, Path { // ``` // // the `Self` return type is shorthand for `Foo`. - exists(ImplOrTraitItemNode node | this = node.getASelfPath() | + exists(ImplItemNode node | + this = node.getASelfPath() and result = node.(ImplItemNode).getSelfPath().getSegment().getGenericArgList().getTypeArg(i) - or - result = node.(Trait).getGenericParamList().getTypeParam(i) ) } @@ -105,7 +83,13 @@ class PathMention extends TypeMention, Path { or result = TEnum(i) or - result = TTrait(i) + exists(TraitItemNode trait | trait = i | + // If this is a `Self` path, then it resolves to the implicit `Self` + // type parameter, otherwise it is a trait bound. + if this = trait.getASelfPath() + then result = TSelfTypeParameter(trait) + else result = TTrait(trait) + ) or result = TTypeParamTypeParameter(i) or @@ -171,3 +155,9 @@ class ImplMention extends TypeMention, ImplItemNode { ) } } + +class TraitMention extends TypeMention, TraitItemNode { + override TypeMention getTypeArgument(int i) { result = this.getTypeParam(i) } + + override Type resolveType() { result = TTrait(this) } +} diff --git a/rust/ql/test/library-tests/type-inference/type-inference.expected b/rust/ql/test/library-tests/type-inference/type-inference.expected index 6d92dd08f12..e7788f014ca 100644 --- a/rust/ql/test/library-tests/type-inference/type-inference.expected +++ b/rust/ql/test/library-tests/type-inference/type-inference.expected @@ -1,42 +1,7 @@ inferType -| loop/main.rs:7:12:7:15 | SelfParam | | loop/main.rs:6:1:8:1 | trait T1 | -| loop/main.rs:7:12:7:15 | SelfParam | T | loop/main.rs:6:10:6:10 | T | -| loop/main.rs:11:12:11:15 | SelfParam | | loop/main.rs:6:1:8:1 | trait T1 | -| loop/main.rs:11:12:11:15 | SelfParam | | loop/main.rs:10:1:14:1 | trait T2 | -| loop/main.rs:11:12:11:15 | SelfParam | T | loop/main.rs:4:1:4:15 | struct S | -| loop/main.rs:11:12:11:15 | SelfParam | T | loop/main.rs:10:10:10:10 | T | -| loop/main.rs:11:12:11:15 | SelfParam | T.T | loop/main.rs:4:1:4:15 | struct S | -| loop/main.rs:11:12:11:15 | SelfParam | T.T | loop/main.rs:10:10:10:10 | T | -| loop/main.rs:11:12:11:15 | SelfParam | T.T.T | loop/main.rs:4:1:4:15 | struct S | -| loop/main.rs:11:12:11:15 | SelfParam | T.T.T.T | loop/main.rs:4:1:4:15 | struct S | -| loop/main.rs:11:12:11:15 | SelfParam | T.T.T.T | loop/main.rs:10:10:10:10 | T | -| loop/main.rs:11:12:11:15 | SelfParam | T.T.T.T.T | loop/main.rs:4:1:4:15 | struct S | -| loop/main.rs:11:12:11:15 | SelfParam | T.T.T.T.T.T | loop/main.rs:4:1:4:15 | struct S | -| loop/main.rs:11:12:11:15 | SelfParam | T.T.T.T.T.T | loop/main.rs:10:10:10:10 | T | -| loop/main.rs:11:12:11:15 | SelfParam | T.T.T.T.T.T.T | loop/main.rs:4:1:4:15 | struct S | -| loop/main.rs:11:12:11:15 | SelfParam | T.T.T.T.T.T.T.T | loop/main.rs:4:1:4:15 | struct S | -| loop/main.rs:11:12:11:15 | SelfParam | T.T.T.T.T.T.T.T | loop/main.rs:10:10:10:10 | T | -| loop/main.rs:11:12:11:15 | SelfParam | T.T.T.T.T.T.T.T.T | loop/main.rs:4:1:4:15 | struct S | -| loop/main.rs:11:12:11:15 | SelfParam | T.T.T.T.T.T.T.T.T.T | loop/main.rs:4:1:4:15 | struct S | -| loop/main.rs:11:12:11:15 | SelfParam | T.T.T.T.T.T.T.T.T.T | loop/main.rs:10:10:10:10 | T | -| loop/main.rs:12:9:12:12 | self | | loop/main.rs:6:1:8:1 | trait T1 | -| loop/main.rs:12:9:12:12 | self | | loop/main.rs:10:1:14:1 | trait T2 | -| loop/main.rs:12:9:12:12 | self | T | loop/main.rs:4:1:4:15 | struct S | -| loop/main.rs:12:9:12:12 | self | T | loop/main.rs:10:10:10:10 | T | -| loop/main.rs:12:9:12:12 | self | T.T | loop/main.rs:4:1:4:15 | struct S | -| loop/main.rs:12:9:12:12 | self | T.T | loop/main.rs:10:10:10:10 | T | -| loop/main.rs:12:9:12:12 | self | T.T.T | loop/main.rs:4:1:4:15 | struct S | -| loop/main.rs:12:9:12:12 | self | T.T.T.T | loop/main.rs:4:1:4:15 | struct S | -| loop/main.rs:12:9:12:12 | self | T.T.T.T | loop/main.rs:10:10:10:10 | T | -| loop/main.rs:12:9:12:12 | self | T.T.T.T.T | loop/main.rs:4:1:4:15 | struct S | -| loop/main.rs:12:9:12:12 | self | T.T.T.T.T.T | loop/main.rs:4:1:4:15 | struct S | -| loop/main.rs:12:9:12:12 | self | T.T.T.T.T.T | loop/main.rs:10:10:10:10 | T | -| loop/main.rs:12:9:12:12 | self | T.T.T.T.T.T.T | loop/main.rs:4:1:4:15 | struct S | -| loop/main.rs:12:9:12:12 | self | T.T.T.T.T.T.T.T | loop/main.rs:4:1:4:15 | struct S | -| loop/main.rs:12:9:12:12 | self | T.T.T.T.T.T.T.T | loop/main.rs:10:10:10:10 | T | -| loop/main.rs:12:9:12:12 | self | T.T.T.T.T.T.T.T.T | loop/main.rs:4:1:4:15 | struct S | -| loop/main.rs:12:9:12:12 | self | T.T.T.T.T.T.T.T.T.T | loop/main.rs:4:1:4:15 | struct S | -| loop/main.rs:12:9:12:12 | self | T.T.T.T.T.T.T.T.T.T | loop/main.rs:10:10:10:10 | T | +| loop/main.rs:7:12:7:15 | SelfParam | | loop/main.rs:6:1:8:1 | Self [trait T1] | +| loop/main.rs:11:12:11:15 | SelfParam | | loop/main.rs:10:1:14:1 | Self [trait T2] | +| loop/main.rs:12:9:12:12 | self | | loop/main.rs:10:1:14:1 | Self [trait T2] | | main.rs:26:13:26:13 | x | | main.rs:5:5:8:5 | struct MyThing | | main.rs:26:17:26:32 | MyThing {...} | | main.rs:5:5:8:5 | struct MyThing | | main.rs:26:30:26:30 | S | | main.rs:2:5:3:13 | struct S | @@ -171,21 +136,13 @@ inferType | main.rs:137:26:137:26 | y | | main.rs:94:5:97:5 | struct MyThing | | main.rs:137:26:137:26 | y | A | main.rs:101:5:102:14 | struct S2 | | main.rs:137:26:137:31 | y.m2(...) | | main.rs:101:5:102:14 | struct S2 | -| main.rs:153:15:153:18 | SelfParam | | main.rs:152:5:161:5 | trait MyTrait | -| main.rs:153:15:153:18 | SelfParam | A | main.rs:152:19:152:19 | A | -| main.rs:155:15:155:18 | SelfParam | | main.rs:152:5:161:5 | trait MyTrait | -| main.rs:155:15:155:18 | SelfParam | A | main.rs:152:19:152:19 | A | -| main.rs:158:9:160:9 | { ... } | | main.rs:152:5:161:5 | trait MyTrait | -| main.rs:158:9:160:9 | { ... } | A | main.rs:152:19:152:19 | A | -| main.rs:159:13:159:16 | self | | main.rs:152:5:161:5 | trait MyTrait | -| main.rs:159:13:159:16 | self | A | main.rs:152:19:152:19 | A | -| main.rs:163:43:163:43 | x | | main.rs:152:5:161:5 | trait MyTrait | +| main.rs:153:15:153:18 | SelfParam | | main.rs:152:5:161:5 | Self [trait MyTrait] | +| main.rs:155:15:155:18 | SelfParam | | main.rs:152:5:161:5 | Self [trait MyTrait] | +| main.rs:158:9:160:9 | { ... } | | main.rs:152:5:161:5 | Self [trait MyTrait] | +| main.rs:159:13:159:16 | self | | main.rs:152:5:161:5 | Self [trait MyTrait] | | main.rs:163:43:163:43 | x | | main.rs:163:26:163:40 | T2 | -| main.rs:163:43:163:43 | x | A | main.rs:163:22:163:23 | T1 | | main.rs:163:56:165:5 | { ... } | | main.rs:163:22:163:23 | T1 | -| main.rs:164:9:164:9 | x | | main.rs:152:5:161:5 | trait MyTrait | | main.rs:164:9:164:9 | x | | main.rs:163:26:163:40 | T2 | -| main.rs:164:9:164:9 | x | A | main.rs:163:22:163:23 | T1 | | main.rs:164:9:164:14 | x.m1(...) | | main.rs:163:22:163:23 | T1 | | main.rs:168:15:168:18 | SelfParam | | main.rs:142:5:145:5 | struct MyThing | | main.rs:168:15:168:18 | SelfParam | A | main.rs:147:5:148:14 | struct S1 | @@ -230,124 +187,65 @@ inferType | main.rs:189:40:189:40 | x | A | main.rs:147:5:148:14 | struct S1 | | main.rs:190:40:190:40 | y | | main.rs:142:5:145:5 | struct MyThing | | main.rs:190:40:190:40 | y | A | main.rs:149:5:150:14 | struct S2 | -| main.rs:206:19:206:22 | SelfParam | | main.rs:205:5:207:5 | trait FirstTrait | -| main.rs:206:19:206:22 | SelfParam | FT | main.rs:205:22:205:23 | FT | -| main.rs:210:19:210:22 | SelfParam | | main.rs:209:5:211:5 | trait SecondTrait | -| main.rs:210:19:210:22 | SelfParam | ST | main.rs:209:23:209:24 | ST | -| main.rs:213:64:213:64 | x | | main.rs:209:5:211:5 | trait SecondTrait | +| main.rs:206:19:206:22 | SelfParam | | main.rs:205:5:207:5 | Self [trait FirstTrait] | +| main.rs:210:19:210:22 | SelfParam | | main.rs:209:5:211:5 | Self [trait SecondTrait] | | main.rs:213:64:213:64 | x | | main.rs:213:45:213:61 | T | -| main.rs:213:64:213:64 | x | ST | main.rs:213:35:213:42 | I | | main.rs:215:13:215:14 | s1 | | main.rs:213:35:213:42 | I | -| main.rs:215:18:215:18 | x | | main.rs:209:5:211:5 | trait SecondTrait | | main.rs:215:18:215:18 | x | | main.rs:213:45:213:61 | T | -| main.rs:215:18:215:18 | x | ST | main.rs:213:35:213:42 | I | | main.rs:215:18:215:27 | x.method(...) | | main.rs:213:35:213:42 | I | | main.rs:216:26:216:27 | s1 | | main.rs:213:35:213:42 | I | -| main.rs:219:65:219:65 | x | | main.rs:209:5:211:5 | trait SecondTrait | | main.rs:219:65:219:65 | x | | main.rs:219:46:219:62 | T | -| main.rs:219:65:219:65 | x | ST | main.rs:219:36:219:43 | I | | main.rs:221:13:221:14 | s2 | | main.rs:219:36:219:43 | I | -| main.rs:221:18:221:18 | x | | main.rs:209:5:211:5 | trait SecondTrait | | main.rs:221:18:221:18 | x | | main.rs:219:46:219:62 | T | -| main.rs:221:18:221:18 | x | ST | main.rs:219:36:219:43 | I | | main.rs:221:18:221:27 | x.method(...) | | main.rs:219:36:219:43 | I | | main.rs:222:26:222:27 | s2 | | main.rs:219:36:219:43 | I | -| main.rs:225:49:225:49 | x | | main.rs:205:5:207:5 | trait FirstTrait | | main.rs:225:49:225:49 | x | | main.rs:225:30:225:46 | T | -| main.rs:225:49:225:49 | x | FT | main.rs:197:5:198:14 | struct S1 | | main.rs:226:13:226:13 | s | | main.rs:197:5:198:14 | struct S1 | -| main.rs:226:17:226:17 | x | | main.rs:205:5:207:5 | trait FirstTrait | | main.rs:226:17:226:17 | x | | main.rs:225:30:225:46 | T | -| main.rs:226:17:226:17 | x | FT | main.rs:197:5:198:14 | struct S1 | | main.rs:226:17:226:26 | x.method(...) | | main.rs:197:5:198:14 | struct S1 | | main.rs:227:26:227:26 | s | | main.rs:197:5:198:14 | struct S1 | -| main.rs:230:53:230:53 | x | | main.rs:205:5:207:5 | trait FirstTrait | | main.rs:230:53:230:53 | x | | main.rs:230:34:230:50 | T | -| main.rs:230:53:230:53 | x | FT | main.rs:197:5:198:14 | struct S1 | | main.rs:231:13:231:13 | s | | main.rs:197:5:198:14 | struct S1 | -| main.rs:231:17:231:17 | x | | main.rs:205:5:207:5 | trait FirstTrait | | main.rs:231:17:231:17 | x | | main.rs:230:34:230:50 | T | -| main.rs:231:17:231:17 | x | FT | main.rs:197:5:198:14 | struct S1 | | main.rs:231:17:231:26 | x.method(...) | | main.rs:197:5:198:14 | struct S1 | | main.rs:232:26:232:26 | s | | main.rs:197:5:198:14 | struct S1 | -| main.rs:236:16:236:19 | SelfParam | | main.rs:235:5:239:5 | trait Pair | -| main.rs:236:16:236:19 | SelfParam | P1 | main.rs:235:16:235:17 | P1 | -| main.rs:236:16:236:19 | SelfParam | P2 | main.rs:235:20:235:21 | P2 | -| main.rs:238:16:238:19 | SelfParam | | main.rs:235:5:239:5 | trait Pair | -| main.rs:238:16:238:19 | SelfParam | P1 | main.rs:235:16:235:17 | P1 | -| main.rs:238:16:238:19 | SelfParam | P2 | main.rs:235:20:235:21 | P2 | -| main.rs:241:58:241:58 | x | | main.rs:235:5:239:5 | trait Pair | +| main.rs:236:16:236:19 | SelfParam | | main.rs:235:5:239:5 | Self [trait Pair] | +| main.rs:238:16:238:19 | SelfParam | | main.rs:235:5:239:5 | Self [trait Pair] | | main.rs:241:58:241:58 | x | | main.rs:241:41:241:55 | T | -| main.rs:241:58:241:58 | x | P1 | main.rs:197:5:198:14 | struct S1 | -| main.rs:241:58:241:58 | x | P2 | main.rs:200:5:201:14 | struct S2 | -| main.rs:241:64:241:64 | y | | main.rs:235:5:239:5 | trait Pair | | main.rs:241:64:241:64 | y | | main.rs:241:41:241:55 | T | -| main.rs:241:64:241:64 | y | P1 | main.rs:197:5:198:14 | struct S1 | -| main.rs:241:64:241:64 | y | P2 | main.rs:200:5:201:14 | struct S2 | | main.rs:243:13:243:14 | s1 | | main.rs:197:5:198:14 | struct S1 | -| main.rs:243:18:243:18 | x | | main.rs:235:5:239:5 | trait Pair | | main.rs:243:18:243:18 | x | | main.rs:241:41:241:55 | T | -| main.rs:243:18:243:18 | x | P1 | main.rs:197:5:198:14 | struct S1 | -| main.rs:243:18:243:18 | x | P2 | main.rs:200:5:201:14 | struct S2 | | main.rs:243:18:243:24 | x.fst(...) | | main.rs:197:5:198:14 | struct S1 | | main.rs:244:13:244:14 | s2 | | main.rs:200:5:201:14 | struct S2 | -| main.rs:244:18:244:18 | y | | main.rs:235:5:239:5 | trait Pair | | main.rs:244:18:244:18 | y | | main.rs:241:41:241:55 | T | -| main.rs:244:18:244:18 | y | P1 | main.rs:197:5:198:14 | struct S1 | -| main.rs:244:18:244:18 | y | P2 | main.rs:200:5:201:14 | struct S2 | | main.rs:244:18:244:24 | y.snd(...) | | main.rs:200:5:201:14 | struct S2 | | main.rs:245:32:245:33 | s1 | | main.rs:197:5:198:14 | struct S1 | | main.rs:245:36:245:37 | s2 | | main.rs:200:5:201:14 | struct S2 | -| main.rs:248:69:248:69 | x | | main.rs:235:5:239:5 | trait Pair | | main.rs:248:69:248:69 | x | | main.rs:248:52:248:66 | T | -| main.rs:248:69:248:69 | x | P1 | main.rs:197:5:198:14 | struct S1 | -| main.rs:248:69:248:69 | x | P2 | main.rs:248:41:248:49 | T2 | -| main.rs:248:75:248:75 | y | | main.rs:235:5:239:5 | trait Pair | | main.rs:248:75:248:75 | y | | main.rs:248:52:248:66 | T | -| main.rs:248:75:248:75 | y | P1 | main.rs:197:5:198:14 | struct S1 | -| main.rs:248:75:248:75 | y | P2 | main.rs:248:41:248:49 | T2 | | main.rs:250:13:250:14 | s1 | | main.rs:197:5:198:14 | struct S1 | -| main.rs:250:18:250:18 | x | | main.rs:235:5:239:5 | trait Pair | | main.rs:250:18:250:18 | x | | main.rs:248:52:248:66 | T | -| main.rs:250:18:250:18 | x | P1 | main.rs:197:5:198:14 | struct S1 | -| main.rs:250:18:250:18 | x | P2 | main.rs:248:41:248:49 | T2 | | main.rs:250:18:250:24 | x.fst(...) | | main.rs:197:5:198:14 | struct S1 | | main.rs:251:13:251:14 | s2 | | main.rs:248:41:248:49 | T2 | -| main.rs:251:18:251:18 | y | | main.rs:235:5:239:5 | trait Pair | | main.rs:251:18:251:18 | y | | main.rs:248:52:248:66 | T | -| main.rs:251:18:251:18 | y | P1 | main.rs:197:5:198:14 | struct S1 | -| main.rs:251:18:251:18 | y | P2 | main.rs:248:41:248:49 | T2 | | main.rs:251:18:251:24 | y.snd(...) | | main.rs:248:41:248:49 | T2 | | main.rs:252:32:252:33 | s1 | | main.rs:197:5:198:14 | struct S1 | | main.rs:252:36:252:37 | s2 | | main.rs:248:41:248:49 | T2 | -| main.rs:268:15:268:18 | SelfParam | | main.rs:267:5:276:5 | trait MyTrait | -| main.rs:268:15:268:18 | SelfParam | A | main.rs:267:19:267:19 | A | -| main.rs:270:15:270:18 | SelfParam | | main.rs:267:5:276:5 | trait MyTrait | -| main.rs:270:15:270:18 | SelfParam | A | main.rs:267:19:267:19 | A | +| main.rs:268:15:268:18 | SelfParam | | main.rs:267:5:276:5 | Self [trait MyTrait] | +| main.rs:270:15:270:18 | SelfParam | | main.rs:267:5:276:5 | Self [trait MyTrait] | | main.rs:273:9:275:9 | { ... } | | main.rs:267:19:267:19 | A | -| main.rs:274:13:274:16 | self | | main.rs:267:5:276:5 | trait MyTrait | -| main.rs:274:13:274:16 | self | A | main.rs:267:19:267:19 | A | +| main.rs:274:13:274:16 | self | | main.rs:267:5:276:5 | Self [trait MyTrait] | | main.rs:274:13:274:21 | self.m1(...) | | main.rs:267:19:267:19 | A | -| main.rs:279:43:279:43 | x | | main.rs:267:5:276:5 | trait MyTrait | | main.rs:279:43:279:43 | x | | main.rs:279:26:279:40 | T2 | -| main.rs:279:43:279:43 | x | A | main.rs:279:22:279:23 | T1 | | main.rs:279:56:281:5 | { ... } | | main.rs:279:22:279:23 | T1 | -| main.rs:280:9:280:9 | x | | main.rs:267:5:276:5 | trait MyTrait | | main.rs:280:9:280:9 | x | | main.rs:279:26:279:40 | T2 | -| main.rs:280:9:280:9 | x | A | main.rs:279:22:279:23 | T1 | | main.rs:280:9:280:14 | x.m1(...) | | main.rs:279:22:279:23 | T1 | | main.rs:284:49:284:49 | x | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:284:49:284:49 | x | T | main.rs:267:5:276:5 | trait MyTrait | | main.rs:284:49:284:49 | x | T | main.rs:284:32:284:46 | T2 | -| main.rs:284:49:284:49 | x | T.A | main.rs:284:28:284:29 | T1 | | main.rs:284:71:286:5 | { ... } | | main.rs:284:28:284:29 | T1 | | main.rs:285:9:285:9 | x | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:285:9:285:9 | x | T | main.rs:267:5:276:5 | trait MyTrait | | main.rs:285:9:285:9 | x | T | main.rs:284:32:284:46 | T2 | -| main.rs:285:9:285:9 | x | T.A | main.rs:284:28:284:29 | T1 | -| main.rs:285:9:285:11 | x.a | | main.rs:267:5:276:5 | trait MyTrait | | main.rs:285:9:285:11 | x.a | | main.rs:284:32:284:46 | T2 | -| main.rs:285:9:285:11 | x.a | A | main.rs:284:28:284:29 | T1 | | main.rs:285:9:285:16 | ... .m1(...) | | main.rs:284:28:284:29 | T1 | | main.rs:289:15:289:18 | SelfParam | | main.rs:257:5:260:5 | struct MyThing | | main.rs:289:15:289:18 | SelfParam | T | main.rs:288:10:288:10 | T | @@ -372,31 +270,19 @@ inferType | main.rs:299:26:299:26 | y | T | main.rs:264:5:265:14 | struct S2 | | main.rs:299:26:299:31 | y.m1(...) | | main.rs:264:5:265:14 | struct S2 | | main.rs:301:13:301:13 | x | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:301:13:301:13 | x | | main.rs:267:5:276:5 | trait MyTrait | -| main.rs:301:13:301:13 | x | A | main.rs:262:5:263:14 | struct S1 | | main.rs:301:13:301:13 | x | T | main.rs:262:5:263:14 | struct S1 | | main.rs:301:17:301:33 | MyThing {...} | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:301:17:301:33 | MyThing {...} | | main.rs:267:5:276:5 | trait MyTrait | -| main.rs:301:17:301:33 | MyThing {...} | A | main.rs:262:5:263:14 | struct S1 | | main.rs:301:17:301:33 | MyThing {...} | T | main.rs:262:5:263:14 | struct S1 | | main.rs:301:30:301:31 | S1 | | main.rs:262:5:263:14 | struct S1 | | main.rs:302:13:302:13 | y | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:302:13:302:13 | y | | main.rs:267:5:276:5 | trait MyTrait | -| main.rs:302:13:302:13 | y | A | main.rs:264:5:265:14 | struct S2 | | main.rs:302:13:302:13 | y | T | main.rs:264:5:265:14 | struct S2 | | main.rs:302:17:302:33 | MyThing {...} | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:302:17:302:33 | MyThing {...} | | main.rs:267:5:276:5 | trait MyTrait | -| main.rs:302:17:302:33 | MyThing {...} | A | main.rs:264:5:265:14 | struct S2 | | main.rs:302:17:302:33 | MyThing {...} | T | main.rs:264:5:265:14 | struct S2 | | main.rs:302:30:302:31 | S2 | | main.rs:264:5:265:14 | struct S2 | | main.rs:304:26:304:26 | x | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:304:26:304:26 | x | | main.rs:267:5:276:5 | trait MyTrait | -| main.rs:304:26:304:26 | x | A | main.rs:262:5:263:14 | struct S1 | | main.rs:304:26:304:26 | x | T | main.rs:262:5:263:14 | struct S1 | | main.rs:304:26:304:31 | x.m2(...) | | main.rs:262:5:263:14 | struct S1 | | main.rs:305:26:305:26 | y | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:305:26:305:26 | y | | main.rs:267:5:276:5 | trait MyTrait | -| main.rs:305:26:305:26 | y | A | main.rs:264:5:265:14 | struct S2 | | main.rs:305:26:305:26 | y | T | main.rs:264:5:265:14 | struct S2 | | main.rs:305:26:305:31 | y.m2(...) | | main.rs:264:5:265:14 | struct S2 | | main.rs:307:13:307:14 | x2 | | main.rs:257:5:260:5 | struct MyThing | @@ -441,8 +327,8 @@ inferType | main.rs:321:46:321:47 | y3 | | main.rs:257:5:260:5 | struct MyThing | | main.rs:321:46:321:47 | y3 | T | main.rs:257:5:260:5 | struct MyThing | | main.rs:321:46:321:47 | y3 | T.T | main.rs:264:5:265:14 | struct S2 | -| main.rs:329:15:329:18 | SelfParam | | main.rs:326:5:338:5 | trait MyTrait | -| main.rs:331:15:331:18 | SelfParam | | main.rs:326:5:338:5 | trait MyTrait | +| main.rs:329:15:329:18 | SelfParam | | main.rs:326:5:338:5 | Self [trait MyTrait] | +| main.rs:331:15:331:18 | SelfParam | | main.rs:326:5:338:5 | Self [trait MyTrait] | | main.rs:346:15:346:18 | SelfParam | | main.rs:340:5:341:13 | struct S | | main.rs:346:45:348:9 | { ... } | | main.rs:340:5:341:13 | struct S | | main.rs:347:13:347:13 | S | | main.rs:340:5:341:13 | struct S | @@ -450,11 +336,8 @@ inferType | main.rs:352:17:352:17 | S | | main.rs:340:5:341:13 | struct S | | main.rs:353:26:353:26 | x | | main.rs:340:5:341:13 | struct S | | main.rs:353:26:353:31 | x.m1(...) | | main.rs:340:5:341:13 | struct S | -| main.rs:355:13:355:13 | x | | main.rs:326:5:338:5 | trait MyTrait | | main.rs:355:13:355:13 | x | | main.rs:340:5:341:13 | struct S | -| main.rs:355:17:355:17 | S | | main.rs:326:5:338:5 | trait MyTrait | | main.rs:355:17:355:17 | S | | main.rs:340:5:341:13 | struct S | -| main.rs:356:26:356:26 | x | | main.rs:326:5:338:5 | trait MyTrait | | main.rs:356:26:356:26 | x | | main.rs:340:5:341:13 | struct S | | main.rs:373:15:373:18 | SelfParam | | main.rs:361:5:365:5 | enum MyEnum | | main.rs:373:15:373:18 | SelfParam | A | main.rs:372:10:372:10 | T | @@ -482,39 +365,21 @@ inferType | main.rs:386:26:386:26 | y | | main.rs:361:5:365:5 | enum MyEnum | | main.rs:386:26:386:26 | y | A | main.rs:369:5:370:14 | struct S2 | | main.rs:386:26:386:31 | y.m1(...) | | main.rs:369:5:370:14 | struct S2 | -| main.rs:407:15:407:18 | SelfParam | | main.rs:406:5:408:5 | trait MyTrait1 | -| main.rs:407:15:407:18 | SelfParam | Tr1 | main.rs:406:20:406:22 | Tr1 | -| main.rs:411:15:411:18 | SelfParam | | main.rs:406:5:408:5 | trait MyTrait1 | -| main.rs:411:15:411:18 | SelfParam | | main.rs:410:5:421:5 | trait MyTrait2 | -| main.rs:411:15:411:18 | SelfParam | Tr1 | main.rs:410:20:410:22 | Tr2 | -| main.rs:411:15:411:18 | SelfParam | Tr2 | main.rs:410:20:410:22 | Tr2 | +| main.rs:407:15:407:18 | SelfParam | | main.rs:406:5:408:5 | Self [trait MyTrait1] | +| main.rs:411:15:411:18 | SelfParam | | main.rs:410:5:421:5 | Self [trait MyTrait2] | | main.rs:414:9:420:9 | { ... } | | main.rs:410:20:410:22 | Tr2 | | main.rs:415:13:419:13 | if ... {...} else {...} | | main.rs:410:20:410:22 | Tr2 | | main.rs:415:26:417:13 | { ... } | | main.rs:410:20:410:22 | Tr2 | -| main.rs:416:17:416:20 | self | | main.rs:406:5:408:5 | trait MyTrait1 | -| main.rs:416:17:416:20 | self | | main.rs:410:5:421:5 | trait MyTrait2 | -| main.rs:416:17:416:20 | self | Tr1 | main.rs:410:20:410:22 | Tr2 | -| main.rs:416:17:416:20 | self | Tr2 | main.rs:410:20:410:22 | Tr2 | +| main.rs:416:17:416:20 | self | | main.rs:410:5:421:5 | Self [trait MyTrait2] | | main.rs:416:17:416:25 | self.m1(...) | | main.rs:410:20:410:22 | Tr2 | | main.rs:417:20:419:13 | { ... } | | main.rs:410:20:410:22 | Tr2 | | main.rs:418:17:418:30 | ...::m1(...) | | main.rs:410:20:410:22 | Tr2 | -| main.rs:418:26:418:29 | self | | main.rs:406:5:408:5 | trait MyTrait1 | -| main.rs:418:26:418:29 | self | | main.rs:410:5:421:5 | trait MyTrait2 | -| main.rs:418:26:418:29 | self | Tr1 | main.rs:410:20:410:22 | Tr2 | -| main.rs:418:26:418:29 | self | Tr2 | main.rs:410:20:410:22 | Tr2 | -| main.rs:424:15:424:18 | SelfParam | | main.rs:410:5:421:5 | trait MyTrait2 | -| main.rs:424:15:424:18 | SelfParam | | main.rs:423:5:434:5 | trait MyTrait3 | -| main.rs:424:15:424:18 | SelfParam | Tr2 | main.rs:391:5:394:5 | struct MyThing | -| main.rs:424:15:424:18 | SelfParam | Tr2.A | main.rs:423:20:423:22 | Tr3 | -| main.rs:424:15:424:18 | SelfParam | Tr3 | main.rs:423:20:423:22 | Tr3 | +| main.rs:418:26:418:29 | self | | main.rs:410:5:421:5 | Self [trait MyTrait2] | +| main.rs:424:15:424:18 | SelfParam | | main.rs:423:5:434:5 | Self [trait MyTrait3] | | main.rs:427:9:433:9 | { ... } | | main.rs:423:20:423:22 | Tr3 | | main.rs:428:13:432:13 | if ... {...} else {...} | | main.rs:423:20:423:22 | Tr3 | | main.rs:428:26:430:13 | { ... } | | main.rs:423:20:423:22 | Tr3 | -| main.rs:429:17:429:20 | self | | main.rs:410:5:421:5 | trait MyTrait2 | -| main.rs:429:17:429:20 | self | | main.rs:423:5:434:5 | trait MyTrait3 | -| main.rs:429:17:429:20 | self | Tr2 | main.rs:391:5:394:5 | struct MyThing | -| main.rs:429:17:429:20 | self | Tr2.A | main.rs:423:20:423:22 | Tr3 | -| main.rs:429:17:429:20 | self | Tr3 | main.rs:423:20:423:22 | Tr3 | +| main.rs:429:17:429:20 | self | | main.rs:423:5:434:5 | Self [trait MyTrait3] | | main.rs:429:17:429:25 | self.m2(...) | | main.rs:391:5:394:5 | struct MyThing | | main.rs:429:17:429:25 | self.m2(...) | A | main.rs:423:20:423:22 | Tr3 | | main.rs:429:17:429:27 | ... .a | | main.rs:423:20:423:22 | Tr3 | @@ -522,11 +387,7 @@ inferType | main.rs:431:17:431:30 | ...::m2(...) | | main.rs:391:5:394:5 | struct MyThing | | main.rs:431:17:431:30 | ...::m2(...) | A | main.rs:423:20:423:22 | Tr3 | | main.rs:431:17:431:32 | ... .a | | main.rs:423:20:423:22 | Tr3 | -| main.rs:431:26:431:29 | self | | main.rs:410:5:421:5 | trait MyTrait2 | -| main.rs:431:26:431:29 | self | | main.rs:423:5:434:5 | trait MyTrait3 | -| main.rs:431:26:431:29 | self | Tr2 | main.rs:391:5:394:5 | struct MyThing | -| main.rs:431:26:431:29 | self | Tr2.A | main.rs:423:20:423:22 | Tr3 | -| main.rs:431:26:431:29 | self | Tr3 | main.rs:423:20:423:22 | Tr3 | +| main.rs:431:26:431:29 | self | | main.rs:423:5:434:5 | Self [trait MyTrait3] | | main.rs:437:15:437:18 | SelfParam | | main.rs:391:5:394:5 | struct MyThing | | main.rs:437:15:437:18 | SelfParam | A | main.rs:436:10:436:10 | T | | main.rs:437:26:439:9 | { ... } | | main.rs:436:10:436:10 | T | @@ -559,60 +420,36 @@ inferType | main.rs:459:26:459:26 | y | A | main.rs:403:5:404:14 | struct S2 | | main.rs:459:26:459:31 | y.m1(...) | | main.rs:403:5:404:14 | struct S2 | | main.rs:461:13:461:13 | x | | main.rs:391:5:394:5 | struct MyThing | -| main.rs:461:13:461:13 | x | | main.rs:410:5:421:5 | trait MyTrait2 | | main.rs:461:13:461:13 | x | A | main.rs:401:5:402:14 | struct S1 | -| main.rs:461:13:461:13 | x | Tr2 | main.rs:401:5:402:14 | struct S1 | | main.rs:461:17:461:33 | MyThing {...} | | main.rs:391:5:394:5 | struct MyThing | -| main.rs:461:17:461:33 | MyThing {...} | | main.rs:410:5:421:5 | trait MyTrait2 | | main.rs:461:17:461:33 | MyThing {...} | A | main.rs:401:5:402:14 | struct S1 | -| main.rs:461:17:461:33 | MyThing {...} | Tr2 | main.rs:401:5:402:14 | struct S1 | | main.rs:461:30:461:31 | S1 | | main.rs:401:5:402:14 | struct S1 | | main.rs:462:13:462:13 | y | | main.rs:391:5:394:5 | struct MyThing | -| main.rs:462:13:462:13 | y | | main.rs:410:5:421:5 | trait MyTrait2 | | main.rs:462:13:462:13 | y | A | main.rs:403:5:404:14 | struct S2 | -| main.rs:462:13:462:13 | y | Tr2 | main.rs:403:5:404:14 | struct S2 | | main.rs:462:17:462:33 | MyThing {...} | | main.rs:391:5:394:5 | struct MyThing | -| main.rs:462:17:462:33 | MyThing {...} | | main.rs:410:5:421:5 | trait MyTrait2 | | main.rs:462:17:462:33 | MyThing {...} | A | main.rs:403:5:404:14 | struct S2 | -| main.rs:462:17:462:33 | MyThing {...} | Tr2 | main.rs:403:5:404:14 | struct S2 | | main.rs:462:30:462:31 | S2 | | main.rs:403:5:404:14 | struct S2 | | main.rs:464:26:464:26 | x | | main.rs:391:5:394:5 | struct MyThing | -| main.rs:464:26:464:26 | x | | main.rs:410:5:421:5 | trait MyTrait2 | | main.rs:464:26:464:26 | x | A | main.rs:401:5:402:14 | struct S1 | -| main.rs:464:26:464:26 | x | Tr2 | main.rs:401:5:402:14 | struct S1 | | main.rs:464:26:464:31 | x.m2(...) | | main.rs:401:5:402:14 | struct S1 | | main.rs:465:26:465:26 | y | | main.rs:391:5:394:5 | struct MyThing | -| main.rs:465:26:465:26 | y | | main.rs:410:5:421:5 | trait MyTrait2 | | main.rs:465:26:465:26 | y | A | main.rs:403:5:404:14 | struct S2 | -| main.rs:465:26:465:26 | y | Tr2 | main.rs:403:5:404:14 | struct S2 | | main.rs:465:26:465:31 | y.m2(...) | | main.rs:403:5:404:14 | struct S2 | | main.rs:467:13:467:13 | x | | main.rs:396:5:399:5 | struct MyThing2 | -| main.rs:467:13:467:13 | x | | main.rs:423:5:434:5 | trait MyTrait3 | | main.rs:467:13:467:13 | x | A | main.rs:401:5:402:14 | struct S1 | -| main.rs:467:13:467:13 | x | Tr3 | main.rs:401:5:402:14 | struct S1 | | main.rs:467:17:467:34 | MyThing2 {...} | | main.rs:396:5:399:5 | struct MyThing2 | -| main.rs:467:17:467:34 | MyThing2 {...} | | main.rs:423:5:434:5 | trait MyTrait3 | | main.rs:467:17:467:34 | MyThing2 {...} | A | main.rs:401:5:402:14 | struct S1 | -| main.rs:467:17:467:34 | MyThing2 {...} | Tr3 | main.rs:401:5:402:14 | struct S1 | | main.rs:467:31:467:32 | S1 | | main.rs:401:5:402:14 | struct S1 | | main.rs:468:13:468:13 | y | | main.rs:396:5:399:5 | struct MyThing2 | -| main.rs:468:13:468:13 | y | | main.rs:423:5:434:5 | trait MyTrait3 | | main.rs:468:13:468:13 | y | A | main.rs:403:5:404:14 | struct S2 | -| main.rs:468:13:468:13 | y | Tr3 | main.rs:403:5:404:14 | struct S2 | | main.rs:468:17:468:34 | MyThing2 {...} | | main.rs:396:5:399:5 | struct MyThing2 | -| main.rs:468:17:468:34 | MyThing2 {...} | | main.rs:423:5:434:5 | trait MyTrait3 | | main.rs:468:17:468:34 | MyThing2 {...} | A | main.rs:403:5:404:14 | struct S2 | -| main.rs:468:17:468:34 | MyThing2 {...} | Tr3 | main.rs:403:5:404:14 | struct S2 | | main.rs:468:31:468:32 | S2 | | main.rs:403:5:404:14 | struct S2 | | main.rs:470:26:470:26 | x | | main.rs:396:5:399:5 | struct MyThing2 | -| main.rs:470:26:470:26 | x | | main.rs:423:5:434:5 | trait MyTrait3 | | main.rs:470:26:470:26 | x | A | main.rs:401:5:402:14 | struct S1 | -| main.rs:470:26:470:26 | x | Tr3 | main.rs:401:5:402:14 | struct S1 | | main.rs:470:26:470:31 | x.m3(...) | | main.rs:401:5:402:14 | struct S1 | | main.rs:471:26:471:26 | y | | main.rs:396:5:399:5 | struct MyThing2 | -| main.rs:471:26:471:26 | y | | main.rs:423:5:434:5 | trait MyTrait3 | | main.rs:471:26:471:26 | y | A | main.rs:403:5:404:14 | struct S2 | -| main.rs:471:26:471:26 | y | Tr3 | main.rs:403:5:404:14 | struct S2 | | main.rs:471:26:471:31 | y.m3(...) | | main.rs:403:5:404:14 | struct S2 | | main.rs:489:22:489:22 | x | | file://:0:0:0:0 | & | | main.rs:489:22:489:22 | x | &T | main.rs:489:11:489:19 | T | @@ -685,16 +522,13 @@ inferType | main.rs:563:26:563:27 | p3 | | main.rs:525:5:531:5 | enum PairOption | | main.rs:563:26:563:27 | p3 | Fst | main.rs:539:5:540:14 | struct S3 | | main.rs:575:16:575:24 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:575:16:575:24 | SelfParam | &T | main.rs:574:5:580:5 | trait MyTrait | -| main.rs:575:16:575:24 | SelfParam | &T.S | main.rs:574:19:574:19 | S | +| main.rs:575:16:575:24 | SelfParam | &T | main.rs:574:5:580:5 | Self [trait MyTrait] | | main.rs:575:27:575:31 | value | | main.rs:574:19:574:19 | S | | main.rs:577:21:577:29 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:577:21:577:29 | SelfParam | &T | main.rs:574:5:580:5 | trait MyTrait | -| main.rs:577:21:577:29 | SelfParam | &T.S | main.rs:574:19:574:19 | S | +| main.rs:577:21:577:29 | SelfParam | &T | main.rs:574:5:580:5 | Self [trait MyTrait] | | main.rs:577:32:577:36 | value | | main.rs:574:19:574:19 | S | | main.rs:578:13:578:16 | self | | file://:0:0:0:0 | & | -| main.rs:578:13:578:16 | self | &T | main.rs:574:5:580:5 | trait MyTrait | -| main.rs:578:13:578:16 | self | &T.S | main.rs:574:19:574:19 | S | +| main.rs:578:13:578:16 | self | &T | main.rs:574:5:580:5 | Self [trait MyTrait] | | main.rs:578:22:578:26 | value | | main.rs:574:19:574:19 | S | | main.rs:583:16:583:24 | SelfParam | | file://:0:0:0:0 | & | | main.rs:583:16:583:24 | SelfParam | &T | main.rs:568:5:572:5 | enum MyOption | @@ -733,18 +567,10 @@ inferType | main.rs:610:26:610:27 | x2 | | main.rs:568:5:572:5 | enum MyOption | | main.rs:610:26:610:27 | x2 | T | main.rs:601:5:602:13 | struct S | | main.rs:612:13:612:18 | mut x3 | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:612:13:612:18 | mut x3 | | main.rs:574:5:580:5 | trait MyTrait | -| main.rs:612:13:612:18 | mut x3 | S | main.rs:601:5:602:13 | struct S | | main.rs:612:22:612:36 | ...::new(...) | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:612:22:612:36 | ...::new(...) | | main.rs:574:5:580:5 | trait MyTrait | -| main.rs:612:22:612:36 | ...::new(...) | S | main.rs:601:5:602:13 | struct S | | main.rs:613:9:613:10 | x3 | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:613:9:613:10 | x3 | | main.rs:574:5:580:5 | trait MyTrait | -| main.rs:613:9:613:10 | x3 | S | main.rs:601:5:602:13 | struct S | | main.rs:613:21:613:21 | S | | main.rs:601:5:602:13 | struct S | | main.rs:614:26:614:27 | x3 | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:614:26:614:27 | x3 | | main.rs:574:5:580:5 | trait MyTrait | -| main.rs:614:26:614:27 | x3 | S | main.rs:601:5:602:13 | struct S | | main.rs:616:13:616:18 | mut x4 | | main.rs:568:5:572:5 | enum MyOption | | main.rs:616:13:616:18 | mut x4 | T | main.rs:601:5:602:13 | struct S | | main.rs:616:22:616:36 | ...::new(...) | | main.rs:568:5:572:5 | enum MyOption | @@ -940,29 +766,25 @@ inferType | main.rs:697:28:697:29 | x6 | &T | main.rs:651:5:652:19 | struct S | | main.rs:697:28:697:29 | x6 | &T.T | main.rs:654:5:655:14 | struct S2 | | main.rs:703:16:703:20 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:703:16:703:20 | SelfParam | &T | main.rs:702:5:708:5 | trait MyTrait | +| main.rs:703:16:703:20 | SelfParam | &T | main.rs:702:5:708:5 | Self [trait MyTrait] | | main.rs:705:16:705:20 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:705:16:705:20 | SelfParam | &T | main.rs:702:5:708:5 | trait MyTrait | +| main.rs:705:16:705:20 | SelfParam | &T | main.rs:702:5:708:5 | Self [trait MyTrait] | | main.rs:705:32:707:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:705:32:707:9 | { ... } | &T | main.rs:702:5:708:5 | trait MyTrait | +| main.rs:705:32:707:9 | { ... } | &T | main.rs:702:5:708:5 | Self [trait MyTrait] | | main.rs:706:13:706:16 | self | | file://:0:0:0:0 | & | -| main.rs:706:13:706:16 | self | &T | main.rs:702:5:708:5 | trait MyTrait | +| main.rs:706:13:706:16 | self | &T | main.rs:702:5:708:5 | Self [trait MyTrait] | | main.rs:706:13:706:22 | self.foo(...) | | file://:0:0:0:0 | & | -| main.rs:706:13:706:22 | self.foo(...) | &T | main.rs:702:5:708:5 | trait MyTrait | +| main.rs:706:13:706:22 | self.foo(...) | &T | main.rs:702:5:708:5 | Self [trait MyTrait] | | main.rs:713:16:713:20 | SelfParam | | file://:0:0:0:0 | & | | main.rs:713:16:713:20 | SelfParam | &T | main.rs:710:5:710:20 | struct MyStruct | | main.rs:713:36:715:9 | { ... } | | file://:0:0:0:0 | & | | main.rs:713:36:715:9 | { ... } | &T | main.rs:710:5:710:20 | struct MyStruct | | main.rs:714:13:714:16 | self | | file://:0:0:0:0 | & | | main.rs:714:13:714:16 | self | &T | main.rs:710:5:710:20 | struct MyStruct | -| main.rs:719:13:719:13 | x | | main.rs:702:5:708:5 | trait MyTrait | | main.rs:719:13:719:13 | x | | main.rs:710:5:710:20 | struct MyStruct | -| main.rs:719:17:719:24 | MyStruct | | main.rs:702:5:708:5 | trait MyTrait | | main.rs:719:17:719:24 | MyStruct | | main.rs:710:5:710:20 | struct MyStruct | -| main.rs:720:9:720:9 | x | | main.rs:702:5:708:5 | trait MyTrait | | main.rs:720:9:720:9 | x | | main.rs:710:5:710:20 | struct MyStruct | | main.rs:720:9:720:15 | x.bar(...) | | file://:0:0:0:0 | & | -| main.rs:720:9:720:15 | x.bar(...) | &T | main.rs:702:5:708:5 | trait MyTrait | | main.rs:720:9:720:15 | x.bar(...) | &T | main.rs:710:5:710:20 | struct MyStruct | | main.rs:730:16:730:20 | SelfParam | | file://:0:0:0:0 | & | | main.rs:730:16:730:20 | SelfParam | &T | main.rs:727:5:727:26 | struct MyStruct | From 01810cbac94a587ea5211a99550d516061355d21 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Tue, 1 Apr 2025 14:59:05 +0200 Subject: [PATCH 117/409] Rust: Update `PhiDefinition.toString` --- rust/ql/lib/codeql/rust/dataflow/Ssa.qll | 2 +- .../test/library-tests/variables/Ssa.expected | 174 +++++++++--------- 2 files changed, 88 insertions(+), 88 deletions(-) diff --git a/rust/ql/lib/codeql/rust/dataflow/Ssa.qll b/rust/ql/lib/codeql/rust/dataflow/Ssa.qll index 4a439f46b9c..932b846c4a3 100644 --- a/rust/ql/lib/codeql/rust/dataflow/Ssa.qll +++ b/rust/ql/lib/codeql/rust/dataflow/Ssa.qll @@ -263,7 +263,7 @@ module Ssa { not exists(this.getSplitString()) and prefix = "" | - result = prefix + "phi" + result = prefix + SsaImpl::PhiDefinition.super.toString() ) } diff --git a/rust/ql/test/library-tests/variables/Ssa.expected b/rust/ql/test/library-tests/variables/Ssa.expected index 05c6f57045d..f45005b51a0 100644 --- a/rust/ql/test/library-tests/variables/Ssa.expected +++ b/rust/ql/test/library-tests/variables/Ssa.expected @@ -38,45 +38,45 @@ definition | main.rs:173:17:173:27 | id_variable | main.rs:173:17:173:27 | id_variable | | main.rs:178:26:178:27 | id | main.rs:178:26:178:27 | id | | main.rs:189:9:189:14 | either | main.rs:189:9:189:14 | either | -| main.rs:191:9:191:44 | phi | main.rs:191:9:191:44 | a3 | +| main.rs:191:9:191:44 | SSA phi(a3) | main.rs:191:9:191:44 | a3 | | main.rs:191:22:191:23 | a3 | main.rs:191:9:191:44 | a3 | | main.rs:191:42:191:43 | a3 | main.rs:191:9:191:44 | a3 | | main.rs:203:9:203:10 | tv | main.rs:203:9:203:10 | tv | -| main.rs:205:9:205:81 | phi | main.rs:205:9:205:81 | a4 | +| main.rs:205:9:205:81 | SSA phi(a4) | main.rs:205:9:205:81 | a4 | | main.rs:205:28:205:29 | a4 | main.rs:205:9:205:81 | a4 | | main.rs:205:54:205:55 | a4 | main.rs:205:9:205:81 | a4 | | main.rs:205:79:205:80 | a4 | main.rs:205:9:205:81 | a4 | -| main.rs:209:9:209:83 | phi | main.rs:209:9:209:83 | a5 | -| main.rs:209:10:209:57 | [match(true)] phi | main.rs:209:9:209:83 | a5 | +| main.rs:209:9:209:83 | SSA phi(a5) | main.rs:209:9:209:83 | a5 | +| main.rs:209:10:209:57 | [match(true)] SSA phi(a5) | main.rs:209:9:209:83 | a5 | | main.rs:209:29:209:30 | a5 | main.rs:209:9:209:83 | a5 | | main.rs:209:55:209:56 | a5 | main.rs:209:9:209:83 | a5 | | main.rs:209:81:209:82 | a5 | main.rs:209:9:209:83 | a5 | -| main.rs:213:9:213:83 | phi | main.rs:213:9:213:83 | a6 | +| main.rs:213:9:213:83 | SSA phi(a6) | main.rs:213:9:213:83 | a6 | | main.rs:213:28:213:29 | a6 | main.rs:213:9:213:83 | a6 | -| main.rs:213:35:213:82 | phi | main.rs:213:9:213:83 | a6 | +| main.rs:213:35:213:82 | SSA phi(a6) | main.rs:213:9:213:83 | a6 | | main.rs:213:55:213:56 | a6 | main.rs:213:9:213:83 | a6 | | main.rs:213:80:213:81 | a6 | main.rs:213:9:213:83 | a6 | | main.rs:219:9:219:14 | either | main.rs:219:9:219:14 | either | -| main.rs:221:9:221:44 | [match(true)] phi | main.rs:221:9:221:44 | a7 | +| main.rs:221:9:221:44 | [match(true)] SSA phi(a7) | main.rs:221:9:221:44 | a7 | | main.rs:221:22:221:23 | a7 | main.rs:221:9:221:44 | a7 | | main.rs:221:42:221:43 | a7 | main.rs:221:9:221:44 | a7 | | main.rs:229:9:229:14 | either | main.rs:229:9:229:14 | either | | main.rs:232:13:232:13 | e | main.rs:232:13:232:13 | e | -| main.rs:233:14:233:51 | [match(true)] phi | main.rs:233:14:233:51 | a11 | +| main.rs:233:14:233:51 | [match(true)] SSA phi(a11) | main.rs:233:14:233:51 | a11 | | main.rs:233:27:233:29 | a11 | main.rs:233:14:233:51 | a11 | | main.rs:233:48:233:50 | a11 | main.rs:233:14:233:51 | a11 | | main.rs:236:33:236:35 | a12 | main.rs:236:33:236:35 | a12 | | main.rs:253:9:253:10 | fv | main.rs:253:9:253:10 | fv | -| main.rs:255:9:255:109 | phi | main.rs:255:9:255:109 | a13 | +| main.rs:255:9:255:109 | SSA phi(a13) | main.rs:255:9:255:109 | a13 | | main.rs:255:27:255:29 | a13 | main.rs:255:9:255:109 | a13 | -| main.rs:255:35:255:82 | [match(true)] phi | main.rs:255:9:255:109 | a13 | +| main.rs:255:35:255:82 | [match(true)] SSA phi(a13) | main.rs:255:9:255:109 | a13 | | main.rs:255:54:255:56 | a13 | main.rs:255:9:255:109 | a13 | | main.rs:255:79:255:81 | a13 | main.rs:255:9:255:109 | a13 | | main.rs:255:106:255:108 | a13 | main.rs:255:9:255:109 | a13 | | main.rs:261:5:261:6 | a8 | main.rs:261:5:261:6 | a8 | | main.rs:263:9:263:10 | b3 | main.rs:263:9:263:10 | b3 | | main.rs:264:9:264:10 | c1 | main.rs:264:9:264:10 | c1 | -| main.rs:272:6:272:41 | phi | main.rs:272:6:272:41 | a9 | +| main.rs:272:6:272:41 | SSA phi(a9) | main.rs:272:6:272:41 | a9 | | main.rs:272:19:272:20 | a9 | main.rs:272:6:272:41 | a9 | | main.rs:272:39:272:40 | a9 | main.rs:272:6:272:41 | a9 | | main.rs:279:13:279:15 | a10 | main.rs:279:13:279:15 | a10 | @@ -138,7 +138,7 @@ definition | main.rs:471:5:471:15 | i | main.rs:466:13:466:13 | i | | main.rs:475:8:475:8 | b | main.rs:475:8:475:8 | b | | main.rs:476:13:476:13 | x | main.rs:476:13:476:13 | x | -| main.rs:479:5:487:5 | phi | main.rs:476:13:476:13 | x | +| main.rs:479:5:487:5 | SSA phi(x) | main.rs:476:13:476:13 | x | | main.rs:480:9:480:9 | x | main.rs:476:13:476:13 | x | | main.rs:484:9:484:9 | x | main.rs:476:13:476:13 | x | | main.rs:491:13:491:14 | b1 | main.rs:491:13:491:14 | b1 | @@ -207,26 +207,26 @@ read | main.rs:173:17:173:27 | id_variable | main.rs:173:17:173:27 | id_variable | main.rs:174:24:174:34 | id_variable | | main.rs:178:26:178:27 | id | main.rs:178:26:178:27 | id | main.rs:179:23:179:24 | id | | main.rs:189:9:189:14 | either | main.rs:189:9:189:14 | either | main.rs:190:11:190:16 | either | -| main.rs:191:9:191:44 | phi | main.rs:191:9:191:44 | a3 | main.rs:192:26:192:27 | a3 | +| main.rs:191:9:191:44 | SSA phi(a3) | main.rs:191:9:191:44 | a3 | main.rs:192:26:192:27 | a3 | | main.rs:203:9:203:10 | tv | main.rs:203:9:203:10 | tv | main.rs:204:11:204:12 | tv | | main.rs:203:9:203:10 | tv | main.rs:203:9:203:10 | tv | main.rs:208:11:208:12 | tv | | main.rs:203:9:203:10 | tv | main.rs:203:9:203:10 | tv | main.rs:212:11:212:12 | tv | -| main.rs:205:9:205:81 | phi | main.rs:205:9:205:81 | a4 | main.rs:206:26:206:27 | a4 | -| main.rs:209:9:209:83 | phi | main.rs:209:9:209:83 | a5 | main.rs:210:26:210:27 | a5 | -| main.rs:213:9:213:83 | phi | main.rs:213:9:213:83 | a6 | main.rs:214:26:214:27 | a6 | +| main.rs:205:9:205:81 | SSA phi(a4) | main.rs:205:9:205:81 | a4 | main.rs:206:26:206:27 | a4 | +| main.rs:209:9:209:83 | SSA phi(a5) | main.rs:209:9:209:83 | a5 | main.rs:210:26:210:27 | a5 | +| main.rs:213:9:213:83 | SSA phi(a6) | main.rs:213:9:213:83 | a6 | main.rs:214:26:214:27 | a6 | | main.rs:219:9:219:14 | either | main.rs:219:9:219:14 | either | main.rs:220:11:220:16 | either | -| main.rs:221:9:221:44 | [match(true)] phi | main.rs:221:9:221:44 | a7 | main.rs:222:16:222:17 | a7 | -| main.rs:221:9:221:44 | [match(true)] phi | main.rs:221:9:221:44 | a7 | main.rs:223:26:223:27 | a7 | +| main.rs:221:9:221:44 | [match(true)] SSA phi(a7) | main.rs:221:9:221:44 | a7 | main.rs:222:16:222:17 | a7 | +| main.rs:221:9:221:44 | [match(true)] SSA phi(a7) | main.rs:221:9:221:44 | a7 | main.rs:223:26:223:27 | a7 | | main.rs:229:9:229:14 | either | main.rs:229:9:229:14 | either | main.rs:231:11:231:16 | either | | main.rs:232:13:232:13 | e | main.rs:232:13:232:13 | e | main.rs:237:15:237:15 | e | -| main.rs:233:14:233:51 | [match(true)] phi | main.rs:233:14:233:51 | a11 | main.rs:235:23:235:25 | a11 | +| main.rs:233:14:233:51 | [match(true)] SSA phi(a11) | main.rs:233:14:233:51 | a11 | main.rs:235:23:235:25 | a11 | | main.rs:236:33:236:35 | a12 | main.rs:236:33:236:35 | a12 | main.rs:238:28:238:30 | a12 | | main.rs:253:9:253:10 | fv | main.rs:253:9:253:10 | fv | main.rs:254:11:254:12 | fv | -| main.rs:255:9:255:109 | phi | main.rs:255:9:255:109 | a13 | main.rs:256:26:256:28 | a13 | +| main.rs:255:9:255:109 | SSA phi(a13) | main.rs:255:9:255:109 | a13 | main.rs:256:26:256:28 | a13 | | main.rs:261:5:261:6 | a8 | main.rs:261:5:261:6 | a8 | main.rs:266:15:266:16 | a8 | | main.rs:263:9:263:10 | b3 | main.rs:263:9:263:10 | b3 | main.rs:267:15:267:16 | b3 | | main.rs:264:9:264:10 | c1 | main.rs:264:9:264:10 | c1 | main.rs:268:15:268:16 | c1 | -| main.rs:272:6:272:41 | phi | main.rs:272:6:272:41 | a9 | main.rs:274:15:274:16 | a9 | +| main.rs:272:6:272:41 | SSA phi(a9) | main.rs:272:6:272:41 | a9 | main.rs:274:15:274:16 | a9 | | main.rs:279:13:279:15 | a10 | main.rs:279:13:279:15 | a10 | main.rs:283:15:283:17 | a10 | | main.rs:280:13:280:14 | b4 | main.rs:280:13:280:14 | b4 | main.rs:284:15:284:16 | b4 | | main.rs:281:13:281:14 | c2 | main.rs:281:13:281:14 | c2 | main.rs:285:15:285:16 | c2 | @@ -297,7 +297,7 @@ read | main.rs:475:8:475:8 | b | main.rs:475:8:475:8 | b | main.rs:479:8:479:8 | b | | main.rs:476:13:476:13 | x | main.rs:476:13:476:13 | x | main.rs:477:15:477:15 | x | | main.rs:476:13:476:13 | x | main.rs:476:13:476:13 | x | main.rs:478:15:478:15 | x | -| main.rs:479:5:487:5 | phi | main.rs:476:13:476:13 | x | main.rs:488:15:488:15 | x | +| main.rs:479:5:487:5 | SSA phi(x) | main.rs:476:13:476:13 | x | main.rs:488:15:488:15 | x | | main.rs:480:9:480:9 | x | main.rs:476:13:476:13 | x | main.rs:481:19:481:19 | x | | main.rs:480:9:480:9 | x | main.rs:476:13:476:13 | x | main.rs:482:19:482:19 | x | | main.rs:484:9:484:9 | x | main.rs:476:13:476:13 | x | main.rs:485:19:485:19 | x | @@ -372,23 +372,23 @@ firstRead | main.rs:173:17:173:27 | id_variable | main.rs:173:17:173:27 | id_variable | main.rs:174:24:174:34 | id_variable | | main.rs:178:26:178:27 | id | main.rs:178:26:178:27 | id | main.rs:179:23:179:24 | id | | main.rs:189:9:189:14 | either | main.rs:189:9:189:14 | either | main.rs:190:11:190:16 | either | -| main.rs:191:9:191:44 | phi | main.rs:191:9:191:44 | a3 | main.rs:192:26:192:27 | a3 | +| main.rs:191:9:191:44 | SSA phi(a3) | main.rs:191:9:191:44 | a3 | main.rs:192:26:192:27 | a3 | | main.rs:203:9:203:10 | tv | main.rs:203:9:203:10 | tv | main.rs:204:11:204:12 | tv | -| main.rs:205:9:205:81 | phi | main.rs:205:9:205:81 | a4 | main.rs:206:26:206:27 | a4 | -| main.rs:209:9:209:83 | phi | main.rs:209:9:209:83 | a5 | main.rs:210:26:210:27 | a5 | -| main.rs:213:9:213:83 | phi | main.rs:213:9:213:83 | a6 | main.rs:214:26:214:27 | a6 | +| main.rs:205:9:205:81 | SSA phi(a4) | main.rs:205:9:205:81 | a4 | main.rs:206:26:206:27 | a4 | +| main.rs:209:9:209:83 | SSA phi(a5) | main.rs:209:9:209:83 | a5 | main.rs:210:26:210:27 | a5 | +| main.rs:213:9:213:83 | SSA phi(a6) | main.rs:213:9:213:83 | a6 | main.rs:214:26:214:27 | a6 | | main.rs:219:9:219:14 | either | main.rs:219:9:219:14 | either | main.rs:220:11:220:16 | either | -| main.rs:221:9:221:44 | [match(true)] phi | main.rs:221:9:221:44 | a7 | main.rs:222:16:222:17 | a7 | +| main.rs:221:9:221:44 | [match(true)] SSA phi(a7) | main.rs:221:9:221:44 | a7 | main.rs:222:16:222:17 | a7 | | main.rs:229:9:229:14 | either | main.rs:229:9:229:14 | either | main.rs:231:11:231:16 | either | | main.rs:232:13:232:13 | e | main.rs:232:13:232:13 | e | main.rs:237:15:237:15 | e | -| main.rs:233:14:233:51 | [match(true)] phi | main.rs:233:14:233:51 | a11 | main.rs:235:23:235:25 | a11 | +| main.rs:233:14:233:51 | [match(true)] SSA phi(a11) | main.rs:233:14:233:51 | a11 | main.rs:235:23:235:25 | a11 | | main.rs:236:33:236:35 | a12 | main.rs:236:33:236:35 | a12 | main.rs:238:28:238:30 | a12 | | main.rs:253:9:253:10 | fv | main.rs:253:9:253:10 | fv | main.rs:254:11:254:12 | fv | -| main.rs:255:9:255:109 | phi | main.rs:255:9:255:109 | a13 | main.rs:256:26:256:28 | a13 | +| main.rs:255:9:255:109 | SSA phi(a13) | main.rs:255:9:255:109 | a13 | main.rs:256:26:256:28 | a13 | | main.rs:261:5:261:6 | a8 | main.rs:261:5:261:6 | a8 | main.rs:266:15:266:16 | a8 | | main.rs:263:9:263:10 | b3 | main.rs:263:9:263:10 | b3 | main.rs:267:15:267:16 | b3 | | main.rs:264:9:264:10 | c1 | main.rs:264:9:264:10 | c1 | main.rs:268:15:268:16 | c1 | -| main.rs:272:6:272:41 | phi | main.rs:272:6:272:41 | a9 | main.rs:274:15:274:16 | a9 | +| main.rs:272:6:272:41 | SSA phi(a9) | main.rs:272:6:272:41 | a9 | main.rs:274:15:274:16 | a9 | | main.rs:279:13:279:15 | a10 | main.rs:279:13:279:15 | a10 | main.rs:283:15:283:17 | a10 | | main.rs:280:13:280:14 | b4 | main.rs:280:13:280:14 | b4 | main.rs:284:15:284:16 | b4 | | main.rs:281:13:281:14 | c2 | main.rs:281:13:281:14 | c2 | main.rs:285:15:285:16 | c2 | @@ -444,7 +444,7 @@ firstRead | main.rs:471:5:471:15 | i | main.rs:466:13:466:13 | i | main.rs:472:15:472:15 | i | | main.rs:475:8:475:8 | b | main.rs:475:8:475:8 | b | main.rs:479:8:479:8 | b | | main.rs:476:13:476:13 | x | main.rs:476:13:476:13 | x | main.rs:477:15:477:15 | x | -| main.rs:479:5:487:5 | phi | main.rs:476:13:476:13 | x | main.rs:488:15:488:15 | x | +| main.rs:479:5:487:5 | SSA phi(x) | main.rs:476:13:476:13 | x | main.rs:488:15:488:15 | x | | main.rs:480:9:480:9 | x | main.rs:476:13:476:13 | x | main.rs:481:19:481:19 | x | | main.rs:484:9:484:9 | x | main.rs:476:13:476:13 | x | main.rs:485:19:485:19 | x | | main.rs:491:13:491:14 | b1 | main.rs:491:13:491:14 | b1 | main.rs:493:8:493:9 | b1 | @@ -477,7 +477,7 @@ adjacentReads | main.rs:128:9:128:15 | numbers | main.rs:128:9:128:15 | numbers | main.rs:130:11:130:17 | numbers | main.rs:142:11:142:17 | numbers | | main.rs:203:9:203:10 | tv | main.rs:203:9:203:10 | tv | main.rs:204:11:204:12 | tv | main.rs:208:11:208:12 | tv | | main.rs:203:9:203:10 | tv | main.rs:203:9:203:10 | tv | main.rs:208:11:208:12 | tv | main.rs:212:11:212:12 | tv | -| main.rs:221:9:221:44 | [match(true)] phi | main.rs:221:9:221:44 | a7 | main.rs:222:16:222:17 | a7 | main.rs:223:26:223:27 | a7 | +| main.rs:221:9:221:44 | [match(true)] SSA phi(a7) | main.rs:221:9:221:44 | a7 | main.rs:222:16:222:17 | a7 | main.rs:223:26:223:27 | a7 | | main.rs:288:9:288:10 | c2 | main.rs:281:13:281:14 | c2 | main.rs:294:9:294:10 | c2 | main.rs:298:15:298:16 | c2 | | main.rs:289:9:289:10 | b4 | main.rs:280:13:280:14 | b4 | main.rs:293:9:293:10 | b4 | main.rs:297:15:297:16 | b4 | | main.rs:289:9:289:10 | b4 | main.rs:280:13:280:14 | b4 | main.rs:297:15:297:16 | b4 | main.rs:311:15:311:16 | b4 | @@ -506,32 +506,32 @@ adjacentReads | main.rs:540:13:540:13 | a | main.rs:540:13:540:13 | a | main.rs:542:5:542:5 | a | main.rs:543:15:543:15 | a | | main.rs:549:9:549:9 | x | main.rs:549:9:549:9 | x | main.rs:550:20:550:20 | x | main.rs:551:15:551:15 | x | phi -| main.rs:191:9:191:44 | phi | main.rs:191:9:191:44 | a3 | main.rs:191:22:191:23 | a3 | -| main.rs:191:9:191:44 | phi | main.rs:191:9:191:44 | a3 | main.rs:191:42:191:43 | a3 | -| main.rs:205:9:205:81 | phi | main.rs:205:9:205:81 | a4 | main.rs:205:28:205:29 | a4 | -| main.rs:205:9:205:81 | phi | main.rs:205:9:205:81 | a4 | main.rs:205:54:205:55 | a4 | -| main.rs:205:9:205:81 | phi | main.rs:205:9:205:81 | a4 | main.rs:205:79:205:80 | a4 | -| main.rs:209:9:209:83 | phi | main.rs:209:9:209:83 | a5 | main.rs:209:10:209:57 | [match(true)] phi | -| main.rs:209:9:209:83 | phi | main.rs:209:9:209:83 | a5 | main.rs:209:81:209:82 | a5 | -| main.rs:209:10:209:57 | [match(true)] phi | main.rs:209:9:209:83 | a5 | main.rs:209:29:209:30 | a5 | -| main.rs:209:10:209:57 | [match(true)] phi | main.rs:209:9:209:83 | a5 | main.rs:209:55:209:56 | a5 | -| main.rs:213:9:213:83 | phi | main.rs:213:9:213:83 | a6 | main.rs:213:28:213:29 | a6 | -| main.rs:213:9:213:83 | phi | main.rs:213:9:213:83 | a6 | main.rs:213:35:213:82 | phi | -| main.rs:213:35:213:82 | phi | main.rs:213:9:213:83 | a6 | main.rs:213:55:213:56 | a6 | -| main.rs:213:35:213:82 | phi | main.rs:213:9:213:83 | a6 | main.rs:213:80:213:81 | a6 | -| main.rs:221:9:221:44 | [match(true)] phi | main.rs:221:9:221:44 | a7 | main.rs:221:22:221:23 | a7 | -| main.rs:221:9:221:44 | [match(true)] phi | main.rs:221:9:221:44 | a7 | main.rs:221:42:221:43 | a7 | -| main.rs:233:14:233:51 | [match(true)] phi | main.rs:233:14:233:51 | a11 | main.rs:233:27:233:29 | a11 | -| main.rs:233:14:233:51 | [match(true)] phi | main.rs:233:14:233:51 | a11 | main.rs:233:48:233:50 | a11 | -| main.rs:255:9:255:109 | phi | main.rs:255:9:255:109 | a13 | main.rs:255:27:255:29 | a13 | -| main.rs:255:9:255:109 | phi | main.rs:255:9:255:109 | a13 | main.rs:255:35:255:82 | [match(true)] phi | -| main.rs:255:9:255:109 | phi | main.rs:255:9:255:109 | a13 | main.rs:255:106:255:108 | a13 | -| main.rs:255:35:255:82 | [match(true)] phi | main.rs:255:9:255:109 | a13 | main.rs:255:54:255:56 | a13 | -| main.rs:255:35:255:82 | [match(true)] phi | main.rs:255:9:255:109 | a13 | main.rs:255:79:255:81 | a13 | -| main.rs:272:6:272:41 | phi | main.rs:272:6:272:41 | a9 | main.rs:272:19:272:20 | a9 | -| main.rs:272:6:272:41 | phi | main.rs:272:6:272:41 | a9 | main.rs:272:39:272:40 | a9 | -| main.rs:479:5:487:5 | phi | main.rs:476:13:476:13 | x | main.rs:480:9:480:9 | x | -| main.rs:479:5:487:5 | phi | main.rs:476:13:476:13 | x | main.rs:484:9:484:9 | x | +| main.rs:191:9:191:44 | SSA phi(a3) | main.rs:191:9:191:44 | a3 | main.rs:191:22:191:23 | a3 | +| main.rs:191:9:191:44 | SSA phi(a3) | main.rs:191:9:191:44 | a3 | main.rs:191:42:191:43 | a3 | +| main.rs:205:9:205:81 | SSA phi(a4) | main.rs:205:9:205:81 | a4 | main.rs:205:28:205:29 | a4 | +| main.rs:205:9:205:81 | SSA phi(a4) | main.rs:205:9:205:81 | a4 | main.rs:205:54:205:55 | a4 | +| main.rs:205:9:205:81 | SSA phi(a4) | main.rs:205:9:205:81 | a4 | main.rs:205:79:205:80 | a4 | +| main.rs:209:9:209:83 | SSA phi(a5) | main.rs:209:9:209:83 | a5 | main.rs:209:10:209:57 | [match(true)] SSA phi(a5) | +| main.rs:209:9:209:83 | SSA phi(a5) | main.rs:209:9:209:83 | a5 | main.rs:209:81:209:82 | a5 | +| main.rs:209:10:209:57 | [match(true)] SSA phi(a5) | main.rs:209:9:209:83 | a5 | main.rs:209:29:209:30 | a5 | +| main.rs:209:10:209:57 | [match(true)] SSA phi(a5) | main.rs:209:9:209:83 | a5 | main.rs:209:55:209:56 | a5 | +| main.rs:213:9:213:83 | SSA phi(a6) | main.rs:213:9:213:83 | a6 | main.rs:213:28:213:29 | a6 | +| main.rs:213:9:213:83 | SSA phi(a6) | main.rs:213:9:213:83 | a6 | main.rs:213:35:213:82 | SSA phi(a6) | +| main.rs:213:35:213:82 | SSA phi(a6) | main.rs:213:9:213:83 | a6 | main.rs:213:55:213:56 | a6 | +| main.rs:213:35:213:82 | SSA phi(a6) | main.rs:213:9:213:83 | a6 | main.rs:213:80:213:81 | a6 | +| main.rs:221:9:221:44 | [match(true)] SSA phi(a7) | main.rs:221:9:221:44 | a7 | main.rs:221:22:221:23 | a7 | +| main.rs:221:9:221:44 | [match(true)] SSA phi(a7) | main.rs:221:9:221:44 | a7 | main.rs:221:42:221:43 | a7 | +| main.rs:233:14:233:51 | [match(true)] SSA phi(a11) | main.rs:233:14:233:51 | a11 | main.rs:233:27:233:29 | a11 | +| main.rs:233:14:233:51 | [match(true)] SSA phi(a11) | main.rs:233:14:233:51 | a11 | main.rs:233:48:233:50 | a11 | +| main.rs:255:9:255:109 | SSA phi(a13) | main.rs:255:9:255:109 | a13 | main.rs:255:27:255:29 | a13 | +| main.rs:255:9:255:109 | SSA phi(a13) | main.rs:255:9:255:109 | a13 | main.rs:255:35:255:82 | [match(true)] SSA phi(a13) | +| main.rs:255:9:255:109 | SSA phi(a13) | main.rs:255:9:255:109 | a13 | main.rs:255:106:255:108 | a13 | +| main.rs:255:35:255:82 | [match(true)] SSA phi(a13) | main.rs:255:9:255:109 | a13 | main.rs:255:54:255:56 | a13 | +| main.rs:255:35:255:82 | [match(true)] SSA phi(a13) | main.rs:255:9:255:109 | a13 | main.rs:255:79:255:81 | a13 | +| main.rs:272:6:272:41 | SSA phi(a9) | main.rs:272:6:272:41 | a9 | main.rs:272:19:272:20 | a9 | +| main.rs:272:6:272:41 | SSA phi(a9) | main.rs:272:6:272:41 | a9 | main.rs:272:39:272:40 | a9 | +| main.rs:479:5:487:5 | SSA phi(x) | main.rs:476:13:476:13 | x | main.rs:480:9:480:9 | x | +| main.rs:479:5:487:5 | SSA phi(x) | main.rs:476:13:476:13 | x | main.rs:484:9:484:9 | x | phiReadNode | main.rs:104:11:105:12 | SSA phi read(s1) | main.rs:102:9:102:10 | s1 | | main.rs:493:5:497:5 | SSA phi read(x) | main.rs:492:9:492:9 | x | @@ -545,35 +545,35 @@ phiReadInput | main.rs:493:5:497:5 | SSA phi read(x) | main.rs:494:19:494:19 | SSA read(x) | | main.rs:493:5:497:5 | SSA phi read(x) | main.rs:496:19:496:19 | SSA read(x) | ultimateDef -| main.rs:191:9:191:44 | phi | main.rs:191:22:191:23 | a3 | -| main.rs:191:9:191:44 | phi | main.rs:191:42:191:43 | a3 | -| main.rs:205:9:205:81 | phi | main.rs:205:28:205:29 | a4 | -| main.rs:205:9:205:81 | phi | main.rs:205:54:205:55 | a4 | -| main.rs:205:9:205:81 | phi | main.rs:205:79:205:80 | a4 | -| main.rs:209:9:209:83 | phi | main.rs:209:29:209:30 | a5 | -| main.rs:209:9:209:83 | phi | main.rs:209:55:209:56 | a5 | -| main.rs:209:9:209:83 | phi | main.rs:209:81:209:82 | a5 | -| main.rs:209:10:209:57 | [match(true)] phi | main.rs:209:29:209:30 | a5 | -| main.rs:209:10:209:57 | [match(true)] phi | main.rs:209:55:209:56 | a5 | -| main.rs:213:9:213:83 | phi | main.rs:213:28:213:29 | a6 | -| main.rs:213:9:213:83 | phi | main.rs:213:55:213:56 | a6 | -| main.rs:213:9:213:83 | phi | main.rs:213:80:213:81 | a6 | -| main.rs:213:35:213:82 | phi | main.rs:213:55:213:56 | a6 | -| main.rs:213:35:213:82 | phi | main.rs:213:80:213:81 | a6 | -| main.rs:221:9:221:44 | [match(true)] phi | main.rs:221:22:221:23 | a7 | -| main.rs:221:9:221:44 | [match(true)] phi | main.rs:221:42:221:43 | a7 | -| main.rs:233:14:233:51 | [match(true)] phi | main.rs:233:27:233:29 | a11 | -| main.rs:233:14:233:51 | [match(true)] phi | main.rs:233:48:233:50 | a11 | -| main.rs:255:9:255:109 | phi | main.rs:255:27:255:29 | a13 | -| main.rs:255:9:255:109 | phi | main.rs:255:54:255:56 | a13 | -| main.rs:255:9:255:109 | phi | main.rs:255:79:255:81 | a13 | -| main.rs:255:9:255:109 | phi | main.rs:255:106:255:108 | a13 | -| main.rs:255:35:255:82 | [match(true)] phi | main.rs:255:54:255:56 | a13 | -| main.rs:255:35:255:82 | [match(true)] phi | main.rs:255:79:255:81 | a13 | -| main.rs:272:6:272:41 | phi | main.rs:272:19:272:20 | a9 | -| main.rs:272:6:272:41 | phi | main.rs:272:39:272:40 | a9 | -| main.rs:479:5:487:5 | phi | main.rs:480:9:480:9 | x | -| main.rs:479:5:487:5 | phi | main.rs:484:9:484:9 | x | +| main.rs:191:9:191:44 | SSA phi(a3) | main.rs:191:22:191:23 | a3 | +| main.rs:191:9:191:44 | SSA phi(a3) | main.rs:191:42:191:43 | a3 | +| main.rs:205:9:205:81 | SSA phi(a4) | main.rs:205:28:205:29 | a4 | +| main.rs:205:9:205:81 | SSA phi(a4) | main.rs:205:54:205:55 | a4 | +| main.rs:205:9:205:81 | SSA phi(a4) | main.rs:205:79:205:80 | a4 | +| main.rs:209:9:209:83 | SSA phi(a5) | main.rs:209:29:209:30 | a5 | +| main.rs:209:9:209:83 | SSA phi(a5) | main.rs:209:55:209:56 | a5 | +| main.rs:209:9:209:83 | SSA phi(a5) | main.rs:209:81:209:82 | a5 | +| main.rs:209:10:209:57 | [match(true)] SSA phi(a5) | main.rs:209:29:209:30 | a5 | +| main.rs:209:10:209:57 | [match(true)] SSA phi(a5) | main.rs:209:55:209:56 | a5 | +| main.rs:213:9:213:83 | SSA phi(a6) | main.rs:213:28:213:29 | a6 | +| main.rs:213:9:213:83 | SSA phi(a6) | main.rs:213:55:213:56 | a6 | +| main.rs:213:9:213:83 | SSA phi(a6) | main.rs:213:80:213:81 | a6 | +| main.rs:213:35:213:82 | SSA phi(a6) | main.rs:213:55:213:56 | a6 | +| main.rs:213:35:213:82 | SSA phi(a6) | main.rs:213:80:213:81 | a6 | +| main.rs:221:9:221:44 | [match(true)] SSA phi(a7) | main.rs:221:22:221:23 | a7 | +| main.rs:221:9:221:44 | [match(true)] SSA phi(a7) | main.rs:221:42:221:43 | a7 | +| main.rs:233:14:233:51 | [match(true)] SSA phi(a11) | main.rs:233:27:233:29 | a11 | +| main.rs:233:14:233:51 | [match(true)] SSA phi(a11) | main.rs:233:48:233:50 | a11 | +| main.rs:255:9:255:109 | SSA phi(a13) | main.rs:255:27:255:29 | a13 | +| main.rs:255:9:255:109 | SSA phi(a13) | main.rs:255:54:255:56 | a13 | +| main.rs:255:9:255:109 | SSA phi(a13) | main.rs:255:79:255:81 | a13 | +| main.rs:255:9:255:109 | SSA phi(a13) | main.rs:255:106:255:108 | a13 | +| main.rs:255:35:255:82 | [match(true)] SSA phi(a13) | main.rs:255:54:255:56 | a13 | +| main.rs:255:35:255:82 | [match(true)] SSA phi(a13) | main.rs:255:79:255:81 | a13 | +| main.rs:272:6:272:41 | SSA phi(a9) | main.rs:272:19:272:20 | a9 | +| main.rs:272:6:272:41 | SSA phi(a9) | main.rs:272:39:272:40 | a9 | +| main.rs:479:5:487:5 | SSA phi(x) | main.rs:480:9:480:9 | x | +| main.rs:479:5:487:5 | SSA phi(x) | main.rs:484:9:484:9 | x | assigns | main.rs:16:9:16:10 | x1 | main.rs:16:14:16:16 | "a" | | main.rs:21:13:21:14 | x2 | main.rs:21:18:21:18 | 4 | From 9dea9f50466b6c519a8f70744996b98aece2c25f Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Tue, 1 Apr 2025 14:59:43 +0200 Subject: [PATCH 118/409] SSA: Make `phiWithoutTwoPriorRefs` consistency check more informative --- .../CWE-089/CONSISTENCY/SsaConsistency.expected | 4 ++-- shared/ssa/codeql/ssa/Ssa.qll | 13 ++++++------- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/rust/ql/test/query-tests/security/CWE-089/CONSISTENCY/SsaConsistency.expected b/rust/ql/test/query-tests/security/CWE-089/CONSISTENCY/SsaConsistency.expected index d5074d0d43a..cc715332c84 100644 --- a/rust/ql/test/query-tests/security/CWE-089/CONSISTENCY/SsaConsistency.expected +++ b/rust/ql/test/query-tests/security/CWE-089/CONSISTENCY/SsaConsistency.expected @@ -1,4 +1,4 @@ uselessPhiNode -| sqlx.rs:155:5:157:5 | phi | 1 | +| sqlx.rs:155:5:157:5 | SSA phi(arg0) | 1 | phiWithoutTwoPriorRefs -| sqlx.rs:155:5:157:5 | phi | 1 | +| sqlx.rs:155:5:157:5 | SSA phi(arg0) | sqlx.rs:155:5:157:5 | if enable_remote {...} | sqlx.rs:156:17:156:86 | arg0 | 1 | diff --git a/shared/ssa/codeql/ssa/Ssa.qll b/shared/ssa/codeql/ssa/Ssa.qll index 2bbdb6e2a47..c7e2a507d67 100644 --- a/shared/ssa/codeql/ssa/Ssa.qll +++ b/shared/ssa/codeql/ssa/Ssa.qll @@ -1412,13 +1412,12 @@ module Make Input> { } /** Holds if `phi` has less than 2 immediately prior references. */ - query predicate phiWithoutTwoPriorRefs(PhiNode phi, int inputRefs) { - exists(BasicBlock bbPhi, SourceVariable v | - phi.definesAt(v, bbPhi, _) and - inputRefs = - count(BasicBlock bb, int i | AdjacentSsaRefs::adjacentRefPhi(bb, i, _, bbPhi, v)) and - inputRefs < 2 - ) + query predicate phiWithoutTwoPriorRefs( + PhiNode phi, BasicBlock bbPhi, SourceVariable v, int inputRefs + ) { + phi.definesAt(v, bbPhi, _) and + inputRefs = count(BasicBlock bb, int i | AdjacentSsaRefs::adjacentRefPhi(bb, i, _, bbPhi, v)) and + inputRefs < 2 } /** From dcaeeabad8d65782764314e70088faf23797bd2b Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Tue, 1 Apr 2025 15:01:58 +0200 Subject: [PATCH 119/409] Rust: Fix `capturedCallRead` --- rust/ql/lib/codeql/rust/dataflow/internal/SsaImpl.qll | 2 +- .../security/CWE-089/CONSISTENCY/SsaConsistency.expected | 4 ---- 2 files changed, 1 insertion(+), 5 deletions(-) delete mode 100644 rust/ql/test/query-tests/security/CWE-089/CONSISTENCY/SsaConsistency.expected diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/SsaImpl.qll b/rust/ql/lib/codeql/rust/dataflow/internal/SsaImpl.qll index dcfe4f0edaf..f2500f32ca8 100644 --- a/rust/ql/lib/codeql/rust/dataflow/internal/SsaImpl.qll +++ b/rust/ql/lib/codeql/rust/dataflow/internal/SsaImpl.qll @@ -189,7 +189,7 @@ private predicate capturedCallRead(Expr call, BasicBlock bb, int i, Variable v) hasCapturedRead(pragma[only_bind_into](v), pragma[only_bind_into](scope)) and ( variableWriteInOuterScope(bb, any(int j | j < i), v, scope) or - variableWriteInOuterScope(bb.getAPredecessor+(), _, v, scope) + variableWriteInOuterScope(bb.getImmediateDominator+(), _, v, scope) ) and call = bb.getNode(i).getAstNode() ) diff --git a/rust/ql/test/query-tests/security/CWE-089/CONSISTENCY/SsaConsistency.expected b/rust/ql/test/query-tests/security/CWE-089/CONSISTENCY/SsaConsistency.expected deleted file mode 100644 index cc715332c84..00000000000 --- a/rust/ql/test/query-tests/security/CWE-089/CONSISTENCY/SsaConsistency.expected +++ /dev/null @@ -1,4 +0,0 @@ -uselessPhiNode -| sqlx.rs:155:5:157:5 | SSA phi(arg0) | 1 | -phiWithoutTwoPriorRefs -| sqlx.rs:155:5:157:5 | SSA phi(arg0) | sqlx.rs:155:5:157:5 | if enable_remote {...} | sqlx.rs:156:17:156:86 | arg0 | 1 | From 9b2eff88a6db7f5a277006dcf3a6909674d7e7f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=93scar=20San=20Jos=C3=A9?= Date: Tue, 1 Apr 2025 15:17:52 +0200 Subject: [PATCH 120/409] restore original port --- .../java/buildless-snapshot-repository/test.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/java/ql/integration-tests/java/buildless-snapshot-repository/test.py b/java/ql/integration-tests/java/buildless-snapshot-repository/test.py index d343ce4b962..2241f2917b9 100644 --- a/java/ql/integration-tests/java/buildless-snapshot-repository/test.py +++ b/java/ql/integration-tests/java/buildless-snapshot-repository/test.py @@ -3,11 +3,11 @@ import runs_on def test(codeql, java): - # This serves the "repo" directory on http://localhost:9428 - command = ["python3", "-m", "http.server", "9428", "-b", "localhost"] + # This serves the "repo" directory on http://localhost:9427 + command = ["python3", "-m", "http.server", "9427", "-b", "localhost"] if runs_on.github_actions and runs_on.posix: # On GitHub Actions, we try to run the server with higher priority - command = ["nice", "-n", "10"] + command + command = ["sudo", "nice", "-n", "10"] + command repo_server_process = subprocess.Popen( command, cwd="repo" ) From e1ef56b8bb9242234078c685eff27ab13fc13d78 Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Tue, 1 Apr 2025 15:23:16 +0200 Subject: [PATCH 121/409] Swift: Fix accidental cartesian product. --- swift/ql/lib/codeql/swift/dataflow/Ssa.qll | 1 + 1 file changed, 1 insertion(+) diff --git a/swift/ql/lib/codeql/swift/dataflow/Ssa.qll b/swift/ql/lib/codeql/swift/dataflow/Ssa.qll index f052ed8b314..ed75a06e534 100644 --- a/swift/ql/lib/codeql/swift/dataflow/Ssa.qll +++ b/swift/ql/lib/codeql/swift/dataflow/Ssa.qll @@ -159,6 +159,7 @@ module Ssa { cached predicate adjacentReadPair(ControlFlowNode read1, ControlFlowNode read2) { + read1 = this.getARead() and exists(SsaInput::BasicBlock bb1, int i1, SsaInput::BasicBlock bb2, int i2 | read1 = bb1.getNode(i1) and SsaImpl::adjacentUseUse(bb1, i1, bb2, i2, _, true) and From c9fc7882e6ff1396c957cb6b1d459dc8bcdc32dd Mon Sep 17 00:00:00 2001 From: Taus Date: Tue, 1 Apr 2025 13:59:19 +0000 Subject: [PATCH 122/409] Actions: Fix bad performance in `getTargetPath` Seen on `github/codeql`, some queries had very poor performance: ``` [2/24 eval 36m4s] Evaluation done; writing results to codeql/actions-queries/Security/CWE-312/ExcessiveSecretsExposure.bqrs ``` Investigating further lead to the following worrying sequence of joins (after I ran out of patience and cancelled the query): ``` [2025-04-01 12:31:03] Tuple counts for Yaml::YamlInclude.getTargetPath/0#dispred#32565107#fb#reorder_1_0/2@i6#9f4b2jw1 after 8m40s: ... 559418 ~33% {1} r5 = SCAN `Yaml::YamlNode.getLocation/0#dispred#24555c57#prev_delta` OUTPUT In.1 ... 909345525 ~821% {3} r7 = JOIN r5 WITH `Yaml::YamlNode.getLocation/0#dispred#24555c57#prev` CARTESIAN PRODUCT OUTPUT Rhs.1, Lhs.0 'result', Rhs.0 909342139 ~779% {3} | JOIN WITH `Locations::Location.getFile/0#dispred#dcf38c8d#prev` ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'result', Lhs.2 909338753 ~794% {3} | JOIN WITH containerparent_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'result', Lhs.2 909335367 ~824% {3} | JOIN WITH `FileSystem::Container.getAbsolutePath/0#dispred#d234e6fa` ON FIRST 1 OUTPUT Lhs.2, Lhs.1 'result', Rhs.1 883246724 ~812% {3} | JOIN WITH `Yaml::YamlNode.getDocument/0#dispred#ee1eb3bf#bf_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1 'this', Lhs.1 'result', Lhs.2 760047185 ~838% {5} | JOIN WITH yaml_scalars ON FIRST 1 OUTPUT Lhs.1 'result', Lhs.0 'this', Rhs.2, _, Lhs.2 0 ~0% {4} | REWRITE WITH Tmp.3 := "/", Out.3 := (In.4 ++ Tmp.3 ++ InOut.2), TEST Out.3 = InOut.0 KEEPING 4 {4} | REWRITE WITH NOT [TEST InOut.2 startsWith "/"] ... ``` The culprit turned out to be the following method on class `YamlInclude` ```ql private string getTargetPath() { exists(string path | path = this.getValue() | if path.matches("/%") then result = path else result = this.getDocument().getLocation().getFile().getParentContainer().getAbsolutePath() + "/" + path ) } ``` Basically, in the `else` branch, the evaluator was producing all possible values of `result` before filtering out the ones where the `path` component started with a forward slash. To fix this, I opted to factor out the logic into two helper predicates, each accounting for whether `this.getValue()` does or does not start with a `/`. With this, evaluating the original query from a clean cache takes roughly 3.3s. --- shared/yaml/codeql/yaml/Yaml.qll | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/shared/yaml/codeql/yaml/Yaml.qll b/shared/yaml/codeql/yaml/Yaml.qll index 028654de226..422be89124f 100644 --- a/shared/yaml/codeql/yaml/Yaml.qll +++ b/shared/yaml/codeql/yaml/Yaml.qll @@ -424,14 +424,23 @@ module Make { * Gets the absolute path of the file included by this directive. */ private string getTargetPath() { - exists(string path | path = this.getValue() | - if path.matches("/%") - then result = path - else - result = - this.getDocument().getLocation().getFile().getParentContainer().getAbsolutePath() + "/" + - path - ) + result = this.getAbsolutePath() + or + result = + this.getDocument().getLocation().getFile().getParentContainer().getAbsolutePath() + "/" + + this.getRelativePath() + } + + /** Join-order helper for `getTargetPath`. Gets the path but only if it is an absolute path. */ + private string getAbsolutePath() { + result = this.getValue() and + result.matches("/%") + } + + /** Join-order helper for `getTargetPath`. Gets the path, but only if it is a relative path. */ + private string getRelativePath() { + result = this.getValue() and + not result.matches("/%") } } From e1784bb10c5188aa9a30b70a390db83ebd55ebe3 Mon Sep 17 00:00:00 2001 From: Asger F Date: Mon, 31 Mar 2025 18:26:06 +0200 Subject: [PATCH 123/409] JS: Fix handling of spread args on a bound function --- javascript/ql/lib/semmle/javascript/ApiGraphs.qll | 9 ++++++--- javascript/ql/test/ApiGraphs/spread/tst.js | 9 +++++++++ 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/ApiGraphs.qll b/javascript/ql/lib/semmle/javascript/ApiGraphs.qll index a1ffc8c02f1..84bfa67de98 100644 --- a/javascript/ql/lib/semmle/javascript/ApiGraphs.qll +++ b/javascript/ql/lib/semmle/javascript/ApiGraphs.qll @@ -962,11 +962,14 @@ module API { } private predicate spreadArgumentPassing(TApiNode base, int i, DataFlow::Node spreadArray) { - exists(DataFlow::Node use, DataFlow::SourceNode pred, int bound, InvokeExpr invoke | + exists( + DataFlow::Node use, DataFlow::SourceNode pred, int bound, InvokeExpr invoke, int spreadPos + | use(base, use) and pred = trackUseNode(use, _, bound, "") and - invoke = getAnInvocationWithSpread(pred, i) and - spreadArray = invoke.getArgument(i - bound).(SpreadElement).getOperand().flow() + invoke = getAnInvocationWithSpread(pred, spreadPos) and + spreadArray = invoke.getArgument(spreadPos).(SpreadElement).getOperand().flow() and + i = bound + spreadPos ) } diff --git a/javascript/ql/test/ApiGraphs/spread/tst.js b/javascript/ql/test/ApiGraphs/spread/tst.js index 67fed3ef13e..33fcb81662c 100644 --- a/javascript/ql/test/ApiGraphs/spread/tst.js +++ b/javascript/ql/test/ApiGraphs/spread/tst.js @@ -18,3 +18,12 @@ function getArgs() { } lib.m2(...getArgs()); + +function f3() { + return [ + 'x', /* def=moduleImport("something").getMember("exports").getMember("m3").getSpreadArgument(1).getArrayElement() */ + 'y', /* def=moduleImport("something").getMember("exports").getMember("m3").getSpreadArgument(1).getArrayElement() */ + ] +} + +lib.m3.bind(undefined, 1)(...f3()); From 4746cfddf255c492cfbbba307350a67c48ade3f7 Mon Sep 17 00:00:00 2001 From: Asger F Date: Tue, 1 Apr 2025 16:26:07 +0200 Subject: [PATCH 124/409] JS: Add clarifying comment --- javascript/ql/lib/semmle/javascript/ApiGraphs.qll | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/javascript/ql/lib/semmle/javascript/ApiGraphs.qll b/javascript/ql/lib/semmle/javascript/ApiGraphs.qll index 84bfa67de98..974fdd7c0cb 100644 --- a/javascript/ql/lib/semmle/javascript/ApiGraphs.qll +++ b/javascript/ql/lib/semmle/javascript/ApiGraphs.qll @@ -866,6 +866,14 @@ module API { .getAReturn() ) or + // Handle rest parameters escaping into external code. For example: + // + // function foo(...rest) { + // externalFunc(rest); + // } + // + // Here, 'rest' reaches a def-node at the call to externalFunc, so we need to ensure + // the arguments passed to 'foo' are stored in the 'rest' array. exists(Function fun, DataFlow::InvokeNode invoke, int argIndex, Parameter rest | fun.getRestParameter() = rest and rest.flow() = pred and From 8afdf25e9a761f6141f305b1b15bd4a2e5581964 Mon Sep 17 00:00:00 2001 From: Taus Date: Tue, 1 Apr 2025 14:50:00 +0000 Subject: [PATCH 125/409] Actions: Mark helper predicate as `noinline`. --- shared/yaml/codeql/yaml/Yaml.qll | 1 + 1 file changed, 1 insertion(+) diff --git a/shared/yaml/codeql/yaml/Yaml.qll b/shared/yaml/codeql/yaml/Yaml.qll index 422be89124f..1467fd09d13 100644 --- a/shared/yaml/codeql/yaml/Yaml.qll +++ b/shared/yaml/codeql/yaml/Yaml.qll @@ -438,6 +438,7 @@ module Make { } /** Join-order helper for `getTargetPath`. Gets the path, but only if it is a relative path. */ + pragma[noinline] private string getRelativePath() { result = this.getValue() and not result.matches("/%") From bd7c684c6c5d8a500e5e4ca3f7181fc9e43508d8 Mon Sep 17 00:00:00 2001 From: yoff Date: Tue, 1 Apr 2025 17:06:32 +0200 Subject: [PATCH 126/409] actions: add test with empty permissions --- .../Security/CWE-275/.github/workflows/perms7.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 actions/ql/test/query-tests/Security/CWE-275/.github/workflows/perms7.yml diff --git a/actions/ql/test/query-tests/Security/CWE-275/.github/workflows/perms7.yml b/actions/ql/test/query-tests/Security/CWE-275/.github/workflows/perms7.yml new file mode 100644 index 00000000000..0ec255f0d10 --- /dev/null +++ b/actions/ql/test/query-tests/Security/CWE-275/.github/workflows/perms7.yml @@ -0,0 +1,10 @@ +on: + workflow_call: + workflow_dispatch: + +jobs: + build: + name: Build and test + runs-on: ubuntu-latest + steps: + - uses: actions/add-to-project@v2 From ee1eb199b557970e2675c2afd1efaba0949980a0 Mon Sep 17 00:00:00 2001 From: yoff Date: Tue, 1 Apr 2025 17:07:02 +0200 Subject: [PATCH 127/409] actions: add description of `actionsPermissionsDataModel` --- actions/ql/lib/codeql/actions/config/ConfigExtensions.qll | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/actions/ql/lib/codeql/actions/config/ConfigExtensions.qll b/actions/ql/lib/codeql/actions/config/ConfigExtensions.qll index b86ce68a5fd..906cabbd27d 100644 --- a/actions/ql/lib/codeql/actions/config/ConfigExtensions.qll +++ b/actions/ql/lib/codeql/actions/config/ConfigExtensions.qll @@ -80,5 +80,10 @@ extensible predicate untrustedGhCommandDataModel(string cmd_regex, string flag); /** * Holds if `action` needs `permission` to run. + * - 'action' is the name of the action without any version information. + * E.g. for the action selector `actions/checkout@v2`, `action` is `actions/checkout`. + * - `permission` is of the form `scope-name: read|write`, for example `contents: read`. + * - see https://github.com/actions/checkout?tab=readme-ov-file#recommended-permissions + * for an example of recommended permissions. */ extensible predicate actionsPermissionsDataModel(string action, string permission); From 6fd8aba5609b84979a7c3ade3c94acfe37b9167c Mon Sep 17 00:00:00 2001 From: yoff Date: Tue, 1 Apr 2025 17:07:21 +0200 Subject: [PATCH 128/409] actions: simplify using existing `UsesStep` --- .../Security/CWE-275/MissingActionsPermissions.ql | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql b/actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql index bc3b4869a8d..aedf65bc564 100644 --- a/actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql +++ b/actions/ql/src/Security/CWE-275/MissingActionsPermissions.ql @@ -16,18 +16,8 @@ import actions Step stepInJob(Job job) { result = job.(LocalJob).getAStep() } -bindingset[fullActionSelector] -string versionedAction(string fullActionSelector) { - result = fullActionSelector.substring(0, fullActionSelector.indexOf("@")) - or - not exists(fullActionSelector.indexOf("@")) and - result = fullActionSelector -} - -string stepUses(Step step) { result = step.getUses().(ScalarValue).getValue() } - string jobNeedsPermission(Job job) { - actionsPermissionsDataModel(versionedAction(stepUses(stepInJob(job))), result) + actionsPermissionsDataModel(stepInJob(job).(UsesStep).getCallee(), result) } /** Gets a suggestion for the minimal token permissions for `job`, as a JSON string. */ From fb6296a5647ed33ad98fcfb2f36140ff570502a9 Mon Sep 17 00:00:00 2001 From: Chris Smowton Date: Tue, 1 Apr 2025 16:07:40 +0100 Subject: [PATCH 129/409] Persistence models: recognise jakarta.persistence --- .../java/frameworks/javaee/Persistence.qll | 220 +++++++++++------- 1 file changed, 140 insertions(+), 80 deletions(-) diff --git a/java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll b/java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll index e60659426e5..b1f256878af 100644 --- a/java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll +++ b/java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll @@ -4,6 +4,10 @@ import java +private string getAPersistencePackageName() { + result = ["javax.persistence", "jakarta.persistence"] +} + /** * A `RefType` with the `@Entity` annotation that indicates that it can be persisted using a JPA * compatible framework. @@ -27,7 +31,7 @@ class PersistentEntity extends RefType { else // If the access type is not explicit, then the location of the `Id` annotation determines // which access type is used. - if this.getAMethod().hasAnnotation("javax.persistence", "Id") + if this.getAMethod().hasAnnotation(getAPersistencePackageName(), "Id") then result = "property" else result = "field" } @@ -51,14 +55,16 @@ class PersistentEntity extends RefType { * A `@javax.persistence.Access` annotation. */ class AccessAnnotation extends Annotation { - AccessAnnotation() { this.getType().hasQualifiedName("javax.persistence", "Access") } + AccessAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Access") } } /** * A `@javax.persistence.AccessType` annotation. */ class AccessTypeAnnotation extends Annotation { - AccessTypeAnnotation() { this.getType().hasQualifiedName("javax.persistence", "AccessType") } + AccessTypeAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "AccessType") + } } /** @@ -66,7 +72,7 @@ class AccessTypeAnnotation extends Annotation { */ class AssociationOverrideAnnotation extends Annotation { AssociationOverrideAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "AssociationOverride") + this.getType().hasQualifiedName(getAPersistencePackageName(), "AssociationOverride") } } @@ -75,7 +81,7 @@ class AssociationOverrideAnnotation extends Annotation { */ class AssociationOverridesAnnotation extends Annotation { AssociationOverridesAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "AssociationOverrides") + this.getType().hasQualifiedName(getAPersistencePackageName(), "AssociationOverrides") } } @@ -84,7 +90,7 @@ class AssociationOverridesAnnotation extends Annotation { */ class AttributeOverrideAnnotation extends Annotation { AttributeOverrideAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "AttributeOverride") + this.getType().hasQualifiedName(getAPersistencePackageName(), "AttributeOverride") } } @@ -93,7 +99,7 @@ class AttributeOverrideAnnotation extends Annotation { */ class AttributeOverridesAnnotation extends Annotation { AttributeOverridesAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "AttributeOverrides") + this.getType().hasQualifiedName(getAPersistencePackageName(), "AttributeOverrides") } } @@ -101,14 +107,16 @@ class AttributeOverridesAnnotation extends Annotation { * A `@javax.persistence.Basic` annotation. */ class BasicAnnotation extends Annotation { - BasicAnnotation() { this.getType().hasQualifiedName("javax.persistence", "Basic") } + BasicAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Basic") } } /** * A `@javax.persistence.Cacheable` annotation. */ class CacheableAnnotation extends Annotation { - CacheableAnnotation() { this.getType().hasQualifiedName("javax.persistence", "Cacheable") } + CacheableAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "Cacheable") + } } /** @@ -116,7 +124,7 @@ class CacheableAnnotation extends Annotation { */ class CollectionTableAnnotation extends Annotation { CollectionTableAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "CollectionTable") + this.getType().hasQualifiedName(getAPersistencePackageName(), "CollectionTable") } } @@ -124,14 +132,16 @@ class CollectionTableAnnotation extends Annotation { * A `@javax.persistence.Column` annotation. */ class ColumnAnnotation extends Annotation { - ColumnAnnotation() { this.getType().hasQualifiedName("javax.persistence", "Column") } + ColumnAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Column") } } /** * A `@javax.persistence.ColumnResult` annotation. */ class ColumnResultAnnotation extends Annotation { - ColumnResultAnnotation() { this.getType().hasQualifiedName("javax.persistence", "ColumnResult") } + ColumnResultAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "ColumnResult") + } } /** @@ -139,7 +149,7 @@ class ColumnResultAnnotation extends Annotation { */ class DiscriminatorColumnAnnotation extends Annotation { DiscriminatorColumnAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "DiscriminatorColumn") + this.getType().hasQualifiedName(getAPersistencePackageName(), "DiscriminatorColumn") } } @@ -148,7 +158,7 @@ class DiscriminatorColumnAnnotation extends Annotation { */ class DiscriminatorValueAnnotation extends Annotation { DiscriminatorValueAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "DiscriminatorValue") + this.getType().hasQualifiedName(getAPersistencePackageName(), "DiscriminatorValue") } } @@ -157,7 +167,7 @@ class DiscriminatorValueAnnotation extends Annotation { */ class ElementCollectionAnnotation extends Annotation { ElementCollectionAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "ElementCollection") + this.getType().hasQualifiedName(getAPersistencePackageName(), "ElementCollection") } } @@ -165,28 +175,32 @@ class ElementCollectionAnnotation extends Annotation { * A `@javax.persistence.Embeddable` annotation. */ class EmbeddableAnnotation extends Annotation { - EmbeddableAnnotation() { this.getType().hasQualifiedName("javax.persistence", "Embeddable") } + EmbeddableAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "Embeddable") + } } /** * A `@javax.persistence.Embedded` annotation. */ class EmbeddedAnnotation extends Annotation { - EmbeddedAnnotation() { this.getType().hasQualifiedName("javax.persistence", "Embedded") } + EmbeddedAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Embedded") } } /** * A `@javax.persistence.EmbeddedId` annotation. */ class EmbeddedIdAnnotation extends Annotation { - EmbeddedIdAnnotation() { this.getType().hasQualifiedName("javax.persistence", "EmbeddedId") } + EmbeddedIdAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "EmbeddedId") + } } /** * A `@javax.persistence.Entity` annotation. */ class EntityAnnotation extends Annotation { - EntityAnnotation() { this.getType().hasQualifiedName("javax.persistence", "Entity") } + EntityAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Entity") } } /** @@ -194,7 +208,7 @@ class EntityAnnotation extends Annotation { */ class EntityListenersAnnotation extends Annotation { EntityListenersAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "EntityListeners") + this.getType().hasQualifiedName(getAPersistencePackageName(), "EntityListeners") } } @@ -202,14 +216,18 @@ class EntityListenersAnnotation extends Annotation { * A `@javax.persistence.EntityResult` annotation. */ class EntityResultAnnotation extends Annotation { - EntityResultAnnotation() { this.getType().hasQualifiedName("javax.persistence", "EntityResult") } + EntityResultAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "EntityResult") + } } /** * A `@javax.persistence.Enumerated` annotation. */ class EnumeratedAnnotation extends Annotation { - EnumeratedAnnotation() { this.getType().hasQualifiedName("javax.persistence", "Enumerated") } + EnumeratedAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "Enumerated") + } } /** @@ -217,7 +235,7 @@ class EnumeratedAnnotation extends Annotation { */ class ExcludeDefaultListenersAnnotation extends Annotation { ExcludeDefaultListenersAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "ExcludeDefaultListeners") + this.getType().hasQualifiedName(getAPersistencePackageName(), "ExcludeDefaultListeners") } } @@ -226,7 +244,7 @@ class ExcludeDefaultListenersAnnotation extends Annotation { */ class ExcludeSuperclassListenersAnnotation extends Annotation { ExcludeSuperclassListenersAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "ExcludeSuperclassListeners") + this.getType().hasQualifiedName(getAPersistencePackageName(), "ExcludeSuperclassListeners") } } @@ -234,7 +252,9 @@ class ExcludeSuperclassListenersAnnotation extends Annotation { * A `@javax.persistence.FieldResult` annotation. */ class FieldResultAnnotation extends Annotation { - FieldResultAnnotation() { this.getType().hasQualifiedName("javax.persistence", "FieldResult") } + FieldResultAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "FieldResult") + } } /** @@ -242,7 +262,7 @@ class FieldResultAnnotation extends Annotation { */ class GeneratedValueAnnotation extends Annotation { GeneratedValueAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "GeneratedValue") + this.getType().hasQualifiedName(getAPersistencePackageName(), "GeneratedValue") } } @@ -250,84 +270,100 @@ class GeneratedValueAnnotation extends Annotation { * A `@javax.persistence.Id` annotation. */ class IdAnnotation extends Annotation { - IdAnnotation() { this.getType().hasQualifiedName("javax.persistence", "Id") } + IdAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Id") } } /** * A `@javax.persistence.IdClass` annotation. */ class IdClassAnnotation extends Annotation { - IdClassAnnotation() { this.getType().hasQualifiedName("javax.persistence", "IdClass") } + IdClassAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "IdClass") } } /** * A `@javax.persistence.Inheritance` annotation. */ class InheritanceAnnotation extends Annotation { - InheritanceAnnotation() { this.getType().hasQualifiedName("javax.persistence", "Inheritance") } + InheritanceAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "Inheritance") + } } /** * A `@javax.persistence.JoinColumn` annotation. */ class JoinColumnAnnotation extends Annotation { - JoinColumnAnnotation() { this.getType().hasQualifiedName("javax.persistence", "JoinColumn") } + JoinColumnAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "JoinColumn") + } } /** * A `@javax.persistence.JoinColumns` annotation. */ class JoinColumnsAnnotation extends Annotation { - JoinColumnsAnnotation() { this.getType().hasQualifiedName("javax.persistence", "JoinColumns") } + JoinColumnsAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "JoinColumns") + } } /** * A `@javax.persistence.JoinTable` annotation. */ class JoinTableAnnotation extends Annotation { - JoinTableAnnotation() { this.getType().hasQualifiedName("javax.persistence", "JoinTable") } + JoinTableAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "JoinTable") + } } /** * A `@javax.persistence.Lob` annotation. */ class LobAnnotation extends Annotation { - LobAnnotation() { this.getType().hasQualifiedName("javax.persistence", "Lob") } + LobAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Lob") } } /** * A `@javax.persistence.ManyToMany` annotation. */ class ManyToManyAnnotation extends Annotation { - ManyToManyAnnotation() { this.getType().hasQualifiedName("javax.persistence", "ManyToMany") } + ManyToManyAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "ManyToMany") + } } /** * A `@javax.persistence.ManyToOne` annotation. */ class ManyToOneAnnotation extends Annotation { - ManyToOneAnnotation() { this.getType().hasQualifiedName("javax.persistence", "ManyToOne") } + ManyToOneAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "ManyToOne") + } } /** * A `@javax.persistence.MapKey` annotation. */ class MapKeyAnnotation extends Annotation { - MapKeyAnnotation() { this.getType().hasQualifiedName("javax.persistence", "MapKey") } + MapKeyAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "MapKey") } } /** * A `@javax.persistence.MapKeyClass` annotation. */ class MapKeyClassAnnotation extends Annotation { - MapKeyClassAnnotation() { this.getType().hasQualifiedName("javax.persistence", "MapKeyClass") } + MapKeyClassAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "MapKeyClass") + } } /** * A `@javax.persistence.MapKeyColumn` annotation. */ class MapKeyColumnAnnotation extends Annotation { - MapKeyColumnAnnotation() { this.getType().hasQualifiedName("javax.persistence", "MapKeyColumn") } + MapKeyColumnAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "MapKeyColumn") + } } /** @@ -335,7 +371,7 @@ class MapKeyColumnAnnotation extends Annotation { */ class MapKeyEnumeratedAnnotation extends Annotation { MapKeyEnumeratedAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "MapKeyEnumerated") + this.getType().hasQualifiedName(getAPersistencePackageName(), "MapKeyEnumerated") } } @@ -344,7 +380,7 @@ class MapKeyEnumeratedAnnotation extends Annotation { */ class MapKeyJoinColumnAnnotation extends Annotation { MapKeyJoinColumnAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "MapKeyJoinColumn") + this.getType().hasQualifiedName(getAPersistencePackageName(), "MapKeyJoinColumn") } } @@ -353,7 +389,7 @@ class MapKeyJoinColumnAnnotation extends Annotation { */ class MapKeyJoinColumnsAnnotation extends Annotation { MapKeyJoinColumnsAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "MapKeyJoinColumns") + this.getType().hasQualifiedName(getAPersistencePackageName(), "MapKeyJoinColumns") } } @@ -362,7 +398,7 @@ class MapKeyJoinColumnsAnnotation extends Annotation { */ class MapKeyTemporalAnnotation extends Annotation { MapKeyTemporalAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "MapKeyTemporal") + this.getType().hasQualifiedName(getAPersistencePackageName(), "MapKeyTemporal") } } @@ -371,7 +407,7 @@ class MapKeyTemporalAnnotation extends Annotation { */ class MappedSuperclassAnnotation extends Annotation { MappedSuperclassAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "MappedSuperclass") + this.getType().hasQualifiedName(getAPersistencePackageName(), "MappedSuperclass") } } @@ -379,7 +415,7 @@ class MappedSuperclassAnnotation extends Annotation { * A `@javax.persistence.MapsId` annotation. */ class MapsIdAnnotation extends Annotation { - MapsIdAnnotation() { this.getType().hasQualifiedName("javax.persistence", "MapsId") } + MapsIdAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "MapsId") } } /** @@ -387,7 +423,7 @@ class MapsIdAnnotation extends Annotation { */ class NamedNativeQueriesAnnotation extends Annotation { NamedNativeQueriesAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "NamedNativeQueries") + this.getType().hasQualifiedName(getAPersistencePackageName(), "NamedNativeQueries") } } @@ -396,7 +432,7 @@ class NamedNativeQueriesAnnotation extends Annotation { */ class NamedNativeQueryAnnotation extends Annotation { NamedNativeQueryAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "NamedNativeQuery") + this.getType().hasQualifiedName(getAPersistencePackageName(), "NamedNativeQuery") } } @@ -404,42 +440,50 @@ class NamedNativeQueryAnnotation extends Annotation { * A `@javax.persistence.NamedQueries` annotation. */ class NamedQueriesAnnotation extends Annotation { - NamedQueriesAnnotation() { this.getType().hasQualifiedName("javax.persistence", "NamedQueries") } + NamedQueriesAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "NamedQueries") + } } /** * A `@javax.persistence.NamedQuery` annotation. */ class NamedQueryAnnotation extends Annotation { - NamedQueryAnnotation() { this.getType().hasQualifiedName("javax.persistence", "NamedQuery") } + NamedQueryAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "NamedQuery") + } } /** * A `@javax.persistence.OneToMany` annotation. */ class OneToManyAnnotation extends Annotation { - OneToManyAnnotation() { this.getType().hasQualifiedName("javax.persistence", "OneToMany") } + OneToManyAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "OneToMany") + } } /** * A `@javax.persistence.OneToOne` annotation. */ class OneToOneAnnotation extends Annotation { - OneToOneAnnotation() { this.getType().hasQualifiedName("javax.persistence", "OneToOne") } + OneToOneAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "OneToOne") } } /** * A `@javax.persistence.OrderBy` annotation. */ class OrderByAnnotation extends Annotation { - OrderByAnnotation() { this.getType().hasQualifiedName("javax.persistence", "OrderBy") } + OrderByAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "OrderBy") } } /** * A `@javax.persistence.OrderColumn` annotation. */ class OrderColumnAnnotation extends Annotation { - OrderColumnAnnotation() { this.getType().hasQualifiedName("javax.persistence", "OrderColumn") } + OrderColumnAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "OrderColumn") + } } /** @@ -447,7 +491,7 @@ class OrderColumnAnnotation extends Annotation { */ class PersistenceContextAnnotation extends Annotation { PersistenceContextAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "PersistenceContext") + this.getType().hasQualifiedName(getAPersistencePackageName(), "PersistenceContext") } } @@ -456,7 +500,7 @@ class PersistenceContextAnnotation extends Annotation { */ class PersistenceContextsAnnotation extends Annotation { PersistenceContextsAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "PersistenceContexts") + this.getType().hasQualifiedName(getAPersistencePackageName(), "PersistenceContexts") } } @@ -465,7 +509,7 @@ class PersistenceContextsAnnotation extends Annotation { */ class PersistencePropertyAnnotation extends Annotation { PersistencePropertyAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "PersistenceProperty") + this.getType().hasQualifiedName(getAPersistencePackageName(), "PersistenceProperty") } } @@ -474,7 +518,7 @@ class PersistencePropertyAnnotation extends Annotation { */ class PersistenceUnitAnnotation extends Annotation { PersistenceUnitAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "PersistenceUnit") + this.getType().hasQualifiedName(getAPersistencePackageName(), "PersistenceUnit") } } @@ -483,7 +527,7 @@ class PersistenceUnitAnnotation extends Annotation { */ class PersistenceUnitsAnnotation extends Annotation { PersistenceUnitsAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "PersistenceUnits") + this.getType().hasQualifiedName(getAPersistencePackageName(), "PersistenceUnits") } } @@ -491,49 +535,61 @@ class PersistenceUnitsAnnotation extends Annotation { * A `@javax.persistence.PostLoad` annotation. */ class PostLoadAnnotation extends Annotation { - PostLoadAnnotation() { this.getType().hasQualifiedName("javax.persistence", "PostLoad") } + PostLoadAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "PostLoad") } } /** * A `@javax.persistence.PostPersist` annotation. */ class PostPersistAnnotation extends Annotation { - PostPersistAnnotation() { this.getType().hasQualifiedName("javax.persistence", "PostPersist") } + PostPersistAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "PostPersist") + } } /** * A `@javax.persistence.PostRemove` annotation. */ class PostRemoveAnnotation extends Annotation { - PostRemoveAnnotation() { this.getType().hasQualifiedName("javax.persistence", "PostRemove") } + PostRemoveAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "PostRemove") + } } /** * A `@javax.persistence.PostUpdate` annotation. */ class PostUpdateAnnotation extends Annotation { - PostUpdateAnnotation() { this.getType().hasQualifiedName("javax.persistence", "PostUpdate") } + PostUpdateAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "PostUpdate") + } } /** * A `@javax.persistence.PrePersist` annotation. */ class PrePersistAnnotation extends Annotation { - PrePersistAnnotation() { this.getType().hasQualifiedName("javax.persistence", "PrePersist") } + PrePersistAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "PrePersist") + } } /** * A `@javax.persistence.PreRemove` annotation. */ class PreRemoveAnnotation extends Annotation { - PreRemoveAnnotation() { this.getType().hasQualifiedName("javax.persistence", "PreRemove") } + PreRemoveAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "PreRemove") + } } /** * A `@javax.persistence.PreUpdate` annotation. */ class PreUpdateAnnotation extends Annotation { - PreUpdateAnnotation() { this.getType().hasQualifiedName("javax.persistence", "PreUpdate") } + PreUpdateAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "PreUpdate") + } } /** @@ -541,7 +597,7 @@ class PreUpdateAnnotation extends Annotation { */ class PrimaryKeyJoinColumnAnnotation extends Annotation { PrimaryKeyJoinColumnAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "PrimaryKeyJoinColumn") + this.getType().hasQualifiedName(getAPersistencePackageName(), "PrimaryKeyJoinColumn") } } @@ -550,7 +606,7 @@ class PrimaryKeyJoinColumnAnnotation extends Annotation { */ class PrimaryKeyJoinColumnsAnnotation extends Annotation { PrimaryKeyJoinColumnsAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "PrimaryKeyJoinColumns") + this.getType().hasQualifiedName(getAPersistencePackageName(), "PrimaryKeyJoinColumns") } } @@ -558,7 +614,9 @@ class PrimaryKeyJoinColumnsAnnotation extends Annotation { * A `@javax.persistence.QueryHint` annotation. */ class QueryHintAnnotation extends Annotation { - QueryHintAnnotation() { this.getType().hasQualifiedName("javax.persistence", "QueryHint") } + QueryHintAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "QueryHint") + } } /** @@ -566,7 +624,7 @@ class QueryHintAnnotation extends Annotation { */ class SecondaryTableAnnotation extends Annotation { SecondaryTableAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "SecondaryTable") + this.getType().hasQualifiedName(getAPersistencePackageName(), "SecondaryTable") } } @@ -575,7 +633,7 @@ class SecondaryTableAnnotation extends Annotation { */ class SecondaryTablesAnnotation extends Annotation { SecondaryTablesAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "SecondaryTables") + this.getType().hasQualifiedName(getAPersistencePackageName(), "SecondaryTables") } } @@ -584,7 +642,7 @@ class SecondaryTablesAnnotation extends Annotation { */ class SequenceGeneratorAnnotation extends Annotation { SequenceGeneratorAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "SequenceGenerator") + this.getType().hasQualifiedName(getAPersistencePackageName(), "SequenceGenerator") } } @@ -593,7 +651,7 @@ class SequenceGeneratorAnnotation extends Annotation { */ class SqlResultSetMappingAnnotation extends Annotation { SqlResultSetMappingAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "SqlResultSetMapping") + this.getType().hasQualifiedName(getAPersistencePackageName(), "SqlResultSetMapping") } } @@ -602,7 +660,7 @@ class SqlResultSetMappingAnnotation extends Annotation { */ class SqlResultSetMappingsAnnotation extends Annotation { SqlResultSetMappingsAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "SqlResultSetMappings") + this.getType().hasQualifiedName(getAPersistencePackageName(), "SqlResultSetMappings") } } @@ -610,7 +668,7 @@ class SqlResultSetMappingsAnnotation extends Annotation { * A `@javax.persistence.Table` annotation. */ class TableAnnotation extends Annotation { - TableAnnotation() { this.getType().hasQualifiedName("javax.persistence", "Table") } + TableAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Table") } } /** @@ -618,7 +676,7 @@ class TableAnnotation extends Annotation { */ class TableGeneratorAnnotation extends Annotation { TableGeneratorAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "TableGenerator") + this.getType().hasQualifiedName(getAPersistencePackageName(), "TableGenerator") } } @@ -626,14 +684,16 @@ class TableGeneratorAnnotation extends Annotation { * A `@javax.persistence.Temporal` annotation. */ class TemporalAnnotation extends Annotation { - TemporalAnnotation() { this.getType().hasQualifiedName("javax.persistence", "Temporal") } + TemporalAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Temporal") } } /** * A `@javax.persistence.Transient` annotation. */ class TransientAnnotation extends Annotation { - TransientAnnotation() { this.getType().hasQualifiedName("javax.persistence", "Transient") } + TransientAnnotation() { + this.getType().hasQualifiedName(getAPersistencePackageName(), "Transient") + } } /** @@ -641,7 +701,7 @@ class TransientAnnotation extends Annotation { */ class UniqueConstraintAnnotation extends Annotation { UniqueConstraintAnnotation() { - this.getType().hasQualifiedName("javax.persistence", "UniqueConstraint") + this.getType().hasQualifiedName(getAPersistencePackageName(), "UniqueConstraint") } } @@ -649,12 +709,12 @@ class UniqueConstraintAnnotation extends Annotation { * A `@javax.persistence.Version` annotation. */ class VersionAnnotation extends Annotation { - VersionAnnotation() { this.getType().hasQualifiedName("javax.persistence", "Version") } + VersionAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Version") } } /** The interface `javax.persistence.EntityManager`. */ class TypeEntityManager extends Interface { - TypeEntityManager() { this.hasQualifiedName("javax.persistence", "EntityManager") } + TypeEntityManager() { this.hasQualifiedName(getAPersistencePackageName(), "EntityManager") } /** Gets a method named `createQuery` declared in the `EntityManager` interface. */ Method getACreateQueryMethod() { @@ -677,7 +737,7 @@ class TypeEntityManager extends Interface { /** The interface `javax.persistence.Query`, which represents queries in the Java Persistence Query Language. */ class TypeQuery extends Interface { - TypeQuery() { this.hasQualifiedName("javax.persistence", "Query") } + TypeQuery() { this.hasQualifiedName(getAPersistencePackageName(), "Query") } /** Gets a method named `setParameter` declared in the `Query` interface. */ Method getASetParameterMethod() { From d83f35ff648942215dd5db69151cca947eb2f8e3 Mon Sep 17 00:00:00 2001 From: yoff Date: Tue, 1 Apr 2025 17:07:43 +0200 Subject: [PATCH 130/409] actions: remove unneded API --- actions/ql/lib/codeql/actions/Ast.qll | 2 -- actions/ql/lib/codeql/actions/ast/internal/Ast.qll | 2 -- 2 files changed, 4 deletions(-) diff --git a/actions/ql/lib/codeql/actions/Ast.qll b/actions/ql/lib/codeql/actions/Ast.qll index a50febdea97..8c1925f3288 100644 --- a/actions/ql/lib/codeql/actions/Ast.qll +++ b/actions/ql/lib/codeql/actions/Ast.qll @@ -242,8 +242,6 @@ class Step extends AstNode instanceof StepImpl { If getIf() { result = super.getIf() } - AstNode getUses() { result = super.getUses() } - StepsContainer getContainer() { result = super.getContainer() } Step getNextStep() { result = super.getNextStep() } diff --git a/actions/ql/lib/codeql/actions/ast/internal/Ast.qll b/actions/ql/lib/codeql/actions/ast/internal/Ast.qll index 44ae082a34d..b0cbb8a1d79 100644 --- a/actions/ql/lib/codeql/actions/ast/internal/Ast.qll +++ b/actions/ql/lib/codeql/actions/ast/internal/Ast.qll @@ -1194,8 +1194,6 @@ class StepImpl extends AstNodeImpl, TStepNode { /** Gets the value of the `if` field in this step, if any. */ IfImpl getIf() { result.getNode() = n.lookup("if") } - AstNodeImpl getUses() { result.getNode() = n.lookup("uses") } - /** Gets the Runs or LocalJob that this step is in. */ StepsContainerImpl getContainer() { result = this.getParentNode().(RunsImpl) or From 80ae8794f55a6bcedf90e12c6757270845a50e82 Mon Sep 17 00:00:00 2001 From: yoff Date: Tue, 1 Apr 2025 17:07:57 +0200 Subject: [PATCH 131/409] actions: update test expectations --- .../Security/CWE-275/MissingActionsPermissions.expected | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/actions/ql/test/query-tests/Security/CWE-275/MissingActionsPermissions.expected b/actions/ql/test/query-tests/Security/CWE-275/MissingActionsPermissions.expected index c7103d6f8dd..1a3c36c78ca 100644 --- a/actions/ql/test/query-tests/Security/CWE-275/MissingActionsPermissions.expected +++ b/actions/ql/test/query-tests/Security/CWE-275/MissingActionsPermissions.expected @@ -1,4 +1,5 @@ -| .github/workflows/perms1.yml:6:5:9:32 | Job: build | Actions Job or Workflow does not set permissions. A minimal set might be {contents: read} | -| .github/workflows/perms2.yml:6:5:10:2 | Job: build | Actions Job or Workflow does not set permissions. A minimal set might be {contents: read} | -| .github/workflows/perms5.yml:7:5:10:32 | Job: build | Actions Job or Workflow does not set permissions. A minimal set might be {contents: read} | -| .github/workflows/perms6.yml:7:5:11:39 | Job: build | Actions Job or Workflow does not set permissions. A minimal set might be {contents: read, id-token: write, pages: write} | +| .github/workflows/perms1.yml:6:5:9:32 | Job: build | Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read} | +| .github/workflows/perms2.yml:6:5:10:2 | Job: build | Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read} | +| .github/workflows/perms5.yml:7:5:10:32 | Job: build | Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read} | +| .github/workflows/perms6.yml:7:5:11:39 | Job: build | Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read, id-token: write, pages: write} | +| .github/workflows/perms7.yml:7:5:10:38 | Job: build | Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {} | From a5a6fd37dfc0f77f6db7bed6a9c6b5178263707c Mon Sep 17 00:00:00 2001 From: Chris Smowton Date: Tue, 1 Apr 2025 16:19:42 +0100 Subject: [PATCH 132/409] Enable recognising jakarta.persistence in dead-code queries --- java/ql/lib/semmle/code/java/deadcode/DeadField.qll | 5 +++-- java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll | 3 ++- .../lib/semmle/code/java/frameworks/javaee/Persistence.qll | 5 ++++- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/java/ql/lib/semmle/code/java/deadcode/DeadField.qll b/java/ql/lib/semmle/code/java/deadcode/DeadField.qll index 48cfd945375..b1a990ac246 100644 --- a/java/ql/lib/semmle/code/java/deadcode/DeadField.qll +++ b/java/ql/lib/semmle/code/java/deadcode/DeadField.qll @@ -3,6 +3,7 @@ import semmle.code.java.deadcode.DeadCode import semmle.code.java.frameworks.javaee.Persistence import semmle.code.java.frameworks.JAXB import semmle.code.java.frameworks.jackson.JacksonSerializability +import semmle.code.java.frameworks.javaee.Persistence /** * A field that is from a source file. @@ -161,10 +162,10 @@ class JpaReadField extends ReflectivelyReadField { this = entity.getAField() and ( entity.getAccessType() = "field" or - this.hasAnnotation("javax.persistence", "Access") + this.hasAnnotation(getAPersistencePackageName(), "Access") ) | - not this.hasAnnotation("javax.persistence", "Transient") and + not this.hasAnnotation(getAPersistencePackageName(), "Transient") and not this.isStatic() and not this.isFinal() ) diff --git a/java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll b/java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll index bca78aeae05..7c0a2fdc2d3 100644 --- a/java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll +++ b/java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll @@ -7,6 +7,7 @@ import semmle.code.java.deadcode.StrutsEntryPoints import semmle.code.java.deadcode.TestEntryPoints import semmle.code.java.deadcode.WebEntryPoints import semmle.code.java.frameworks.javaee.JavaServerFaces +import semmle.code.java.frameworks.javaee.Persistence import semmle.code.java.frameworks.JAXB import semmle.code.java.frameworks.JaxWS import semmle.code.java.JMX @@ -395,7 +396,7 @@ class PersistencePropertyMethod extends CallableEntryPoint { this = e.getACallable() and ( e.getAccessType() = "property" or - this.hasAnnotation("javax.persistence", "Access") + this.hasAnnotation(getAPersistencePackageName(), "Access") ) and ( this.getName().matches("get%") or diff --git a/java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll b/java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll index b1f256878af..482988050d2 100644 --- a/java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll +++ b/java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll @@ -4,7 +4,10 @@ import java -private string getAPersistencePackageName() { +/** + * Gets a JavaEE Persistence API package name. + */ +string getAPersistencePackageName() { result = ["javax.persistence", "jakarta.persistence"] } From 50119ae481ed4a8f6fa4f89a26b89532624e6b80 Mon Sep 17 00:00:00 2001 From: Chris Smowton Date: Tue, 1 Apr 2025 16:20:06 +0100 Subject: [PATCH 133/409] Update docs --- .../java/frameworks/javaee/Persistence.qll | 162 +++++++++--------- 1 file changed, 80 insertions(+), 82 deletions(-) diff --git a/java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll b/java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll index 482988050d2..1cb9af2e0d9 100644 --- a/java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll +++ b/java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll @@ -7,9 +7,7 @@ import java /** * Gets a JavaEE Persistence API package name. */ -string getAPersistencePackageName() { - result = ["javax.persistence", "jakarta.persistence"] -} +string getAPersistencePackageName() { result = ["javax.persistence", "jakarta.persistence"] } /** * A `RefType` with the `@Entity` annotation that indicates that it can be persisted using a JPA @@ -40,7 +38,7 @@ class PersistentEntity extends RefType { } /** - * Gets the access type for this entity as defined by a `@javax.persistence.Access` annotation, + * Gets the access type for this entity as defined by a `@{javax,jakarta}.persistence.Access` annotation, * if any, in lower case. */ string getAccessTypeFromAnnotation() { @@ -51,18 +49,18 @@ class PersistentEntity extends RefType { } /* - * Annotations in the `javax.persistence` package. + * Annotations in the `{javax,jakarta}.persistence` package. */ /** - * A `@javax.persistence.Access` annotation. + * A `@{javax,jakarta}.persistence.Access` annotation. */ class AccessAnnotation extends Annotation { AccessAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Access") } } /** - * A `@javax.persistence.AccessType` annotation. + * A `@{javax,jakarta}.persistence.AccessType` annotation. */ class AccessTypeAnnotation extends Annotation { AccessTypeAnnotation() { @@ -71,7 +69,7 @@ class AccessTypeAnnotation extends Annotation { } /** - * A `@javax.persistence.AssociationOverride` annotation. + * A `@{javax,jakarta}.persistence.AssociationOverride` annotation. */ class AssociationOverrideAnnotation extends Annotation { AssociationOverrideAnnotation() { @@ -80,7 +78,7 @@ class AssociationOverrideAnnotation extends Annotation { } /** - * A `@javax.persistence.AssociationOverrides` annotation. + * A `@{javax,jakarta}.persistence.AssociationOverrides` annotation. */ class AssociationOverridesAnnotation extends Annotation { AssociationOverridesAnnotation() { @@ -89,7 +87,7 @@ class AssociationOverridesAnnotation extends Annotation { } /** - * A `@javax.persistence.AttributeOverride` annotation. + * A `@{javax,jakarta}.persistence.AttributeOverride` annotation. */ class AttributeOverrideAnnotation extends Annotation { AttributeOverrideAnnotation() { @@ -98,7 +96,7 @@ class AttributeOverrideAnnotation extends Annotation { } /** - * A `@javax.persistence.AttributeOverrides` annotation. + * A `@{javax,jakarta}.persistence.AttributeOverrides` annotation. */ class AttributeOverridesAnnotation extends Annotation { AttributeOverridesAnnotation() { @@ -107,14 +105,14 @@ class AttributeOverridesAnnotation extends Annotation { } /** - * A `@javax.persistence.Basic` annotation. + * A `@{javax,jakarta}.persistence.Basic` annotation. */ class BasicAnnotation extends Annotation { BasicAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Basic") } } /** - * A `@javax.persistence.Cacheable` annotation. + * A `@{javax,jakarta}.persistence.Cacheable` annotation. */ class CacheableAnnotation extends Annotation { CacheableAnnotation() { @@ -123,7 +121,7 @@ class CacheableAnnotation extends Annotation { } /** - * A `@javax.persistence.CollectionTable` annotation. + * A `@{javax,jakarta}.persistence.CollectionTable` annotation. */ class CollectionTableAnnotation extends Annotation { CollectionTableAnnotation() { @@ -132,14 +130,14 @@ class CollectionTableAnnotation extends Annotation { } /** - * A `@javax.persistence.Column` annotation. + * A `@{javax,jakarta}.persistence.Column` annotation. */ class ColumnAnnotation extends Annotation { ColumnAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Column") } } /** - * A `@javax.persistence.ColumnResult` annotation. + * A `@{javax,jakarta}.persistence.ColumnResult` annotation. */ class ColumnResultAnnotation extends Annotation { ColumnResultAnnotation() { @@ -148,7 +146,7 @@ class ColumnResultAnnotation extends Annotation { } /** - * A `@javax.persistence.DiscriminatorColumn` annotation. + * A `@{javax,jakarta}.persistence.DiscriminatorColumn` annotation. */ class DiscriminatorColumnAnnotation extends Annotation { DiscriminatorColumnAnnotation() { @@ -157,7 +155,7 @@ class DiscriminatorColumnAnnotation extends Annotation { } /** - * A `@javax.persistence.DiscriminatorValue` annotation. + * A `@{javax,jakarta}.persistence.DiscriminatorValue` annotation. */ class DiscriminatorValueAnnotation extends Annotation { DiscriminatorValueAnnotation() { @@ -166,7 +164,7 @@ class DiscriminatorValueAnnotation extends Annotation { } /** - * A `@javax.persistence.ElementCollection` annotation. + * A `@{javax,jakarta}.persistence.ElementCollection` annotation. */ class ElementCollectionAnnotation extends Annotation { ElementCollectionAnnotation() { @@ -175,7 +173,7 @@ class ElementCollectionAnnotation extends Annotation { } /** - * A `@javax.persistence.Embeddable` annotation. + * A `@{javax,jakarta}.persistence.Embeddable` annotation. */ class EmbeddableAnnotation extends Annotation { EmbeddableAnnotation() { @@ -184,14 +182,14 @@ class EmbeddableAnnotation extends Annotation { } /** - * A `@javax.persistence.Embedded` annotation. + * A `@{javax,jakarta}.persistence.Embedded` annotation. */ class EmbeddedAnnotation extends Annotation { EmbeddedAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Embedded") } } /** - * A `@javax.persistence.EmbeddedId` annotation. + * A `@{javax,jakarta}.persistence.EmbeddedId` annotation. */ class EmbeddedIdAnnotation extends Annotation { EmbeddedIdAnnotation() { @@ -200,14 +198,14 @@ class EmbeddedIdAnnotation extends Annotation { } /** - * A `@javax.persistence.Entity` annotation. + * A `@{javax,jakarta}.persistence.Entity` annotation. */ class EntityAnnotation extends Annotation { EntityAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Entity") } } /** - * A `@javax.persistence.EntityListeners` annotation. + * A `@{javax,jakarta}.persistence.EntityListeners` annotation. */ class EntityListenersAnnotation extends Annotation { EntityListenersAnnotation() { @@ -216,7 +214,7 @@ class EntityListenersAnnotation extends Annotation { } /** - * A `@javax.persistence.EntityResult` annotation. + * A `@{javax,jakarta}.persistence.EntityResult` annotation. */ class EntityResultAnnotation extends Annotation { EntityResultAnnotation() { @@ -225,7 +223,7 @@ class EntityResultAnnotation extends Annotation { } /** - * A `@javax.persistence.Enumerated` annotation. + * A `@{javax,jakarta}.persistence.Enumerated` annotation. */ class EnumeratedAnnotation extends Annotation { EnumeratedAnnotation() { @@ -234,7 +232,7 @@ class EnumeratedAnnotation extends Annotation { } /** - * A `@javax.persistence.ExcludeDefaultListeners` annotation. + * A `@{javax,jakarta}.persistence.ExcludeDefaultListeners` annotation. */ class ExcludeDefaultListenersAnnotation extends Annotation { ExcludeDefaultListenersAnnotation() { @@ -243,7 +241,7 @@ class ExcludeDefaultListenersAnnotation extends Annotation { } /** - * A `@javax.persistence.ExcludeSuperclassListeners` annotation. + * A `@{javax,jakarta}.persistence.ExcludeSuperclassListeners` annotation. */ class ExcludeSuperclassListenersAnnotation extends Annotation { ExcludeSuperclassListenersAnnotation() { @@ -252,7 +250,7 @@ class ExcludeSuperclassListenersAnnotation extends Annotation { } /** - * A `@javax.persistence.FieldResult` annotation. + * A `@{javax,jakarta}.persistence.FieldResult` annotation. */ class FieldResultAnnotation extends Annotation { FieldResultAnnotation() { @@ -261,7 +259,7 @@ class FieldResultAnnotation extends Annotation { } /** - * A `@javax.persistence.GeneratedValue` annotation. + * A `@{javax,jakarta}.persistence.GeneratedValue` annotation. */ class GeneratedValueAnnotation extends Annotation { GeneratedValueAnnotation() { @@ -270,21 +268,21 @@ class GeneratedValueAnnotation extends Annotation { } /** - * A `@javax.persistence.Id` annotation. + * A `@{javax,jakarta}.persistence.Id` annotation. */ class IdAnnotation extends Annotation { IdAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Id") } } /** - * A `@javax.persistence.IdClass` annotation. + * A `@{javax,jakarta}.persistence.IdClass` annotation. */ class IdClassAnnotation extends Annotation { IdClassAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "IdClass") } } /** - * A `@javax.persistence.Inheritance` annotation. + * A `@{javax,jakarta}.persistence.Inheritance` annotation. */ class InheritanceAnnotation extends Annotation { InheritanceAnnotation() { @@ -293,7 +291,7 @@ class InheritanceAnnotation extends Annotation { } /** - * A `@javax.persistence.JoinColumn` annotation. + * A `@{javax,jakarta}.persistence.JoinColumn` annotation. */ class JoinColumnAnnotation extends Annotation { JoinColumnAnnotation() { @@ -302,7 +300,7 @@ class JoinColumnAnnotation extends Annotation { } /** - * A `@javax.persistence.JoinColumns` annotation. + * A `@{javax,jakarta}.persistence.JoinColumns` annotation. */ class JoinColumnsAnnotation extends Annotation { JoinColumnsAnnotation() { @@ -311,7 +309,7 @@ class JoinColumnsAnnotation extends Annotation { } /** - * A `@javax.persistence.JoinTable` annotation. + * A `@{javax,jakarta}.persistence.JoinTable` annotation. */ class JoinTableAnnotation extends Annotation { JoinTableAnnotation() { @@ -320,14 +318,14 @@ class JoinTableAnnotation extends Annotation { } /** - * A `@javax.persistence.Lob` annotation. + * A `@{javax,jakarta}.persistence.Lob` annotation. */ class LobAnnotation extends Annotation { LobAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Lob") } } /** - * A `@javax.persistence.ManyToMany` annotation. + * A `@{javax,jakarta}.persistence.ManyToMany` annotation. */ class ManyToManyAnnotation extends Annotation { ManyToManyAnnotation() { @@ -336,7 +334,7 @@ class ManyToManyAnnotation extends Annotation { } /** - * A `@javax.persistence.ManyToOne` annotation. + * A `@{javax,jakarta}.persistence.ManyToOne` annotation. */ class ManyToOneAnnotation extends Annotation { ManyToOneAnnotation() { @@ -345,14 +343,14 @@ class ManyToOneAnnotation extends Annotation { } /** - * A `@javax.persistence.MapKey` annotation. + * A `@{javax,jakarta}.persistence.MapKey` annotation. */ class MapKeyAnnotation extends Annotation { MapKeyAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "MapKey") } } /** - * A `@javax.persistence.MapKeyClass` annotation. + * A `@{javax,jakarta}.persistence.MapKeyClass` annotation. */ class MapKeyClassAnnotation extends Annotation { MapKeyClassAnnotation() { @@ -361,7 +359,7 @@ class MapKeyClassAnnotation extends Annotation { } /** - * A `@javax.persistence.MapKeyColumn` annotation. + * A `@{javax,jakarta}.persistence.MapKeyColumn` annotation. */ class MapKeyColumnAnnotation extends Annotation { MapKeyColumnAnnotation() { @@ -370,7 +368,7 @@ class MapKeyColumnAnnotation extends Annotation { } /** - * A `@javax.persistence.MapKeyEnumerated` annotation. + * A `@{javax,jakarta}.persistence.MapKeyEnumerated` annotation. */ class MapKeyEnumeratedAnnotation extends Annotation { MapKeyEnumeratedAnnotation() { @@ -379,7 +377,7 @@ class MapKeyEnumeratedAnnotation extends Annotation { } /** - * A `@javax.persistence.MapKeyJoinColumn` annotation. + * A `@{javax,jakarta}.persistence.MapKeyJoinColumn` annotation. */ class MapKeyJoinColumnAnnotation extends Annotation { MapKeyJoinColumnAnnotation() { @@ -388,7 +386,7 @@ class MapKeyJoinColumnAnnotation extends Annotation { } /** - * A `@javax.persistence.MapKeyJoinColumns` annotation. + * A `@{javax,jakarta}.persistence.MapKeyJoinColumns` annotation. */ class MapKeyJoinColumnsAnnotation extends Annotation { MapKeyJoinColumnsAnnotation() { @@ -397,7 +395,7 @@ class MapKeyJoinColumnsAnnotation extends Annotation { } /** - * A `@javax.persistence.MapKeyTemporal` annotation. + * A `@{javax,jakarta}.persistence.MapKeyTemporal` annotation. */ class MapKeyTemporalAnnotation extends Annotation { MapKeyTemporalAnnotation() { @@ -406,7 +404,7 @@ class MapKeyTemporalAnnotation extends Annotation { } /** - * A `@javax.persistence.MappedSuperclass` annotation. + * A `@{javax,jakarta}.persistence.MappedSuperclass` annotation. */ class MappedSuperclassAnnotation extends Annotation { MappedSuperclassAnnotation() { @@ -415,14 +413,14 @@ class MappedSuperclassAnnotation extends Annotation { } /** - * A `@javax.persistence.MapsId` annotation. + * A `@{javax,jakarta}.persistence.MapsId` annotation. */ class MapsIdAnnotation extends Annotation { MapsIdAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "MapsId") } } /** - * A `@javax.persistence.NamedNativeQueries` annotation. + * A `@{javax,jakarta}.persistence.NamedNativeQueries` annotation. */ class NamedNativeQueriesAnnotation extends Annotation { NamedNativeQueriesAnnotation() { @@ -431,7 +429,7 @@ class NamedNativeQueriesAnnotation extends Annotation { } /** - * A `@javax.persistence.NamedNativeQuery` annotation. + * A `@{javax,jakarta}.persistence.NamedNativeQuery` annotation. */ class NamedNativeQueryAnnotation extends Annotation { NamedNativeQueryAnnotation() { @@ -440,7 +438,7 @@ class NamedNativeQueryAnnotation extends Annotation { } /** - * A `@javax.persistence.NamedQueries` annotation. + * A `@{javax,jakarta}.persistence.NamedQueries` annotation. */ class NamedQueriesAnnotation extends Annotation { NamedQueriesAnnotation() { @@ -449,7 +447,7 @@ class NamedQueriesAnnotation extends Annotation { } /** - * A `@javax.persistence.NamedQuery` annotation. + * A `@{javax,jakarta}.persistence.NamedQuery` annotation. */ class NamedQueryAnnotation extends Annotation { NamedQueryAnnotation() { @@ -458,7 +456,7 @@ class NamedQueryAnnotation extends Annotation { } /** - * A `@javax.persistence.OneToMany` annotation. + * A `@{javax,jakarta}.persistence.OneToMany` annotation. */ class OneToManyAnnotation extends Annotation { OneToManyAnnotation() { @@ -467,21 +465,21 @@ class OneToManyAnnotation extends Annotation { } /** - * A `@javax.persistence.OneToOne` annotation. + * A `@{javax,jakarta}.persistence.OneToOne` annotation. */ class OneToOneAnnotation extends Annotation { OneToOneAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "OneToOne") } } /** - * A `@javax.persistence.OrderBy` annotation. + * A `@{javax,jakarta}.persistence.OrderBy` annotation. */ class OrderByAnnotation extends Annotation { OrderByAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "OrderBy") } } /** - * A `@javax.persistence.OrderColumn` annotation. + * A `@{javax,jakarta}.persistence.OrderColumn` annotation. */ class OrderColumnAnnotation extends Annotation { OrderColumnAnnotation() { @@ -490,7 +488,7 @@ class OrderColumnAnnotation extends Annotation { } /** - * A `@javax.persistence.PersistenceContext` annotation. + * A `@{javax,jakarta}.persistence.PersistenceContext` annotation. */ class PersistenceContextAnnotation extends Annotation { PersistenceContextAnnotation() { @@ -499,7 +497,7 @@ class PersistenceContextAnnotation extends Annotation { } /** - * A `@javax.persistence.PersistenceContexts` annotation. + * A `@{javax,jakarta}.persistence.PersistenceContexts` annotation. */ class PersistenceContextsAnnotation extends Annotation { PersistenceContextsAnnotation() { @@ -508,7 +506,7 @@ class PersistenceContextsAnnotation extends Annotation { } /** - * A `@javax.persistence.PersistenceProperty` annotation. + * A `@{javax,jakarta}.persistence.PersistenceProperty` annotation. */ class PersistencePropertyAnnotation extends Annotation { PersistencePropertyAnnotation() { @@ -517,7 +515,7 @@ class PersistencePropertyAnnotation extends Annotation { } /** - * A `@javax.persistence.PersistenceUnit` annotation. + * A `@{javax,jakarta}.persistence.PersistenceUnit` annotation. */ class PersistenceUnitAnnotation extends Annotation { PersistenceUnitAnnotation() { @@ -526,7 +524,7 @@ class PersistenceUnitAnnotation extends Annotation { } /** - * A `@javax.persistence.PersistenceUnits` annotation. + * A `@{javax,jakarta}.persistence.PersistenceUnits` annotation. */ class PersistenceUnitsAnnotation extends Annotation { PersistenceUnitsAnnotation() { @@ -535,14 +533,14 @@ class PersistenceUnitsAnnotation extends Annotation { } /** - * A `@javax.persistence.PostLoad` annotation. + * A `@{javax,jakarta}.persistence.PostLoad` annotation. */ class PostLoadAnnotation extends Annotation { PostLoadAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "PostLoad") } } /** - * A `@javax.persistence.PostPersist` annotation. + * A `@{javax,jakarta}.persistence.PostPersist` annotation. */ class PostPersistAnnotation extends Annotation { PostPersistAnnotation() { @@ -551,7 +549,7 @@ class PostPersistAnnotation extends Annotation { } /** - * A `@javax.persistence.PostRemove` annotation. + * A `@{javax,jakarta}.persistence.PostRemove` annotation. */ class PostRemoveAnnotation extends Annotation { PostRemoveAnnotation() { @@ -560,7 +558,7 @@ class PostRemoveAnnotation extends Annotation { } /** - * A `@javax.persistence.PostUpdate` annotation. + * A `@{javax,jakarta}.persistence.PostUpdate` annotation. */ class PostUpdateAnnotation extends Annotation { PostUpdateAnnotation() { @@ -569,7 +567,7 @@ class PostUpdateAnnotation extends Annotation { } /** - * A `@javax.persistence.PrePersist` annotation. + * A `@{javax,jakarta}.persistence.PrePersist` annotation. */ class PrePersistAnnotation extends Annotation { PrePersistAnnotation() { @@ -578,7 +576,7 @@ class PrePersistAnnotation extends Annotation { } /** - * A `@javax.persistence.PreRemove` annotation. + * A `@{javax,jakarta}.persistence.PreRemove` annotation. */ class PreRemoveAnnotation extends Annotation { PreRemoveAnnotation() { @@ -587,7 +585,7 @@ class PreRemoveAnnotation extends Annotation { } /** - * A `@javax.persistence.PreUpdate` annotation. + * A `@{javax,jakarta}.persistence.PreUpdate` annotation. */ class PreUpdateAnnotation extends Annotation { PreUpdateAnnotation() { @@ -596,7 +594,7 @@ class PreUpdateAnnotation extends Annotation { } /** - * A `@javax.persistence.PrimaryKeyJoinColumn` annotation. + * A `@{javax,jakarta}.persistence.PrimaryKeyJoinColumn` annotation. */ class PrimaryKeyJoinColumnAnnotation extends Annotation { PrimaryKeyJoinColumnAnnotation() { @@ -605,7 +603,7 @@ class PrimaryKeyJoinColumnAnnotation extends Annotation { } /** - * A `@javax.persistence.PrimaryKeyJoinColumns` annotation. + * A `@{javax,jakarta}.persistence.PrimaryKeyJoinColumns` annotation. */ class PrimaryKeyJoinColumnsAnnotation extends Annotation { PrimaryKeyJoinColumnsAnnotation() { @@ -614,7 +612,7 @@ class PrimaryKeyJoinColumnsAnnotation extends Annotation { } /** - * A `@javax.persistence.QueryHint` annotation. + * A `@{javax,jakarta}.persistence.QueryHint` annotation. */ class QueryHintAnnotation extends Annotation { QueryHintAnnotation() { @@ -623,7 +621,7 @@ class QueryHintAnnotation extends Annotation { } /** - * A `@javax.persistence.SecondaryTable` annotation. + * A `@{javax,jakarta}.persistence.SecondaryTable` annotation. */ class SecondaryTableAnnotation extends Annotation { SecondaryTableAnnotation() { @@ -632,7 +630,7 @@ class SecondaryTableAnnotation extends Annotation { } /** - * A `@javax.persistence.SecondaryTables` annotation. + * A `@{javax,jakarta}.persistence.SecondaryTables` annotation. */ class SecondaryTablesAnnotation extends Annotation { SecondaryTablesAnnotation() { @@ -641,7 +639,7 @@ class SecondaryTablesAnnotation extends Annotation { } /** - * A `@javax.persistence.SequenceGenerator` annotation. + * A `@{javax,jakarta}.persistence.SequenceGenerator` annotation. */ class SequenceGeneratorAnnotation extends Annotation { SequenceGeneratorAnnotation() { @@ -650,7 +648,7 @@ class SequenceGeneratorAnnotation extends Annotation { } /** - * A `@javax.persistence.SqlResultSetMapping` annotation. + * A `@{javax,jakarta}.persistence.SqlResultSetMapping` annotation. */ class SqlResultSetMappingAnnotation extends Annotation { SqlResultSetMappingAnnotation() { @@ -659,7 +657,7 @@ class SqlResultSetMappingAnnotation extends Annotation { } /** - * A `@javax.persistence.SqlResultSetMappings` annotation. + * A `@{javax,jakarta}.persistence.SqlResultSetMappings` annotation. */ class SqlResultSetMappingsAnnotation extends Annotation { SqlResultSetMappingsAnnotation() { @@ -668,14 +666,14 @@ class SqlResultSetMappingsAnnotation extends Annotation { } /** - * A `@javax.persistence.Table` annotation. + * A `@{javax,jakarta}.persistence.Table` annotation. */ class TableAnnotation extends Annotation { TableAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Table") } } /** - * A `@javax.persistence.TableGenerator` annotation. + * A `@{javax,jakarta}.persistence.TableGenerator` annotation. */ class TableGeneratorAnnotation extends Annotation { TableGeneratorAnnotation() { @@ -684,14 +682,14 @@ class TableGeneratorAnnotation extends Annotation { } /** - * A `@javax.persistence.Temporal` annotation. + * A `@{javax,jakarta}.persistence.Temporal` annotation. */ class TemporalAnnotation extends Annotation { TemporalAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Temporal") } } /** - * A `@javax.persistence.Transient` annotation. + * A `@{javax,jakarta}.persistence.Transient` annotation. */ class TransientAnnotation extends Annotation { TransientAnnotation() { @@ -700,7 +698,7 @@ class TransientAnnotation extends Annotation { } /** - * A `@javax.persistence.UniqueConstraint` annotation. + * A `@{javax,jakarta}.persistence.UniqueConstraint` annotation. */ class UniqueConstraintAnnotation extends Annotation { UniqueConstraintAnnotation() { @@ -709,7 +707,7 @@ class UniqueConstraintAnnotation extends Annotation { } /** - * A `@javax.persistence.Version` annotation. + * A `@{javax,jakarta}.persistence.Version` annotation. */ class VersionAnnotation extends Annotation { VersionAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Version") } From 20839745bdef8c13662321d96c33027234d62afb Mon Sep 17 00:00:00 2001 From: Chris Smowton Date: Tue, 1 Apr 2025 16:49:56 +0100 Subject: [PATCH 134/409] Remove redundant import --- java/ql/lib/semmle/code/java/deadcode/DeadField.qll | 1 - 1 file changed, 1 deletion(-) diff --git a/java/ql/lib/semmle/code/java/deadcode/DeadField.qll b/java/ql/lib/semmle/code/java/deadcode/DeadField.qll index b1a990ac246..2dcbb96f3b5 100644 --- a/java/ql/lib/semmle/code/java/deadcode/DeadField.qll +++ b/java/ql/lib/semmle/code/java/deadcode/DeadField.qll @@ -3,7 +3,6 @@ import semmle.code.java.deadcode.DeadCode import semmle.code.java.frameworks.javaee.Persistence import semmle.code.java.frameworks.JAXB import semmle.code.java.frameworks.jackson.JacksonSerializability -import semmle.code.java.frameworks.javaee.Persistence /** * A field that is from a source file. From 5d37ccfa9046e1d26659209bc99ee367994bd3d0 Mon Sep 17 00:00:00 2001 From: Chris Smowton Date: Tue, 1 Apr 2025 16:51:29 +0100 Subject: [PATCH 135/409] Change note --- java/ql/lib/change-notes/2025-04-01-jakarta-persistence.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 java/ql/lib/change-notes/2025-04-01-jakarta-persistence.md diff --git a/java/ql/lib/change-notes/2025-04-01-jakarta-persistence.md b/java/ql/lib/change-notes/2025-04-01-jakarta-persistence.md new file mode 100644 index 00000000000..0a5759ec3db --- /dev/null +++ b/java/ql/lib/change-notes/2025-04-01-jakarta-persistence.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* All existing modelling and support for `javax.persistence` now applies to `jakarta.persistence` as well. From 3c555fce112a1b699255dfd26aace94407e25c00 Mon Sep 17 00:00:00 2001 From: Chris Smowton Date: Tue, 1 Apr 2025 17:12:35 +0100 Subject: [PATCH 136/409] Add basic test for SQL injection vs Jakarta Persistence --- .../CWE-089/semmle/examples/JakartaPersistence.java | 13 +++++++++++++ .../security/CWE-089/semmle/examples/options | 2 +- .../jakarta/persistence/EntityManager.java | 7 +++++++ .../jakarta/persistence/Query.java | 7 +++++++ 4 files changed, 28 insertions(+), 1 deletion(-) create mode 100644 java/ql/test/query-tests/security/CWE-089/semmle/examples/JakartaPersistence.java create mode 100644 java/ql/test/stubs/jakarta-persistence-api-3.2.0/jakarta/persistence/EntityManager.java create mode 100644 java/ql/test/stubs/jakarta-persistence-api-3.2.0/jakarta/persistence/Query.java diff --git a/java/ql/test/query-tests/security/CWE-089/semmle/examples/JakartaPersistence.java b/java/ql/test/query-tests/security/CWE-089/semmle/examples/JakartaPersistence.java new file mode 100644 index 00000000000..0327a75cf77 --- /dev/null +++ b/java/ql/test/query-tests/security/CWE-089/semmle/examples/JakartaPersistence.java @@ -0,0 +1,13 @@ +import jakarta.persistence.EntityManager; + +public class JakartaPersistence { + + public static String source() { return null; } + + public static void test(EntityManager entityManager) { + + entityManager.createNativeQuery(source()); // $ sqlInjection + + } + +} diff --git a/java/ql/test/query-tests/security/CWE-089/semmle/examples/options b/java/ql/test/query-tests/security/CWE-089/semmle/examples/options index 832af0f3423..0252ff61ad3 100644 --- a/java/ql/test/query-tests/security/CWE-089/semmle/examples/options +++ b/java/ql/test/query-tests/security/CWE-089/semmle/examples/options @@ -1 +1 @@ -//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/mongodbClient:${testdir}/../../../../../stubs/springframework-5.8.x:${testdir}/../../../../../stubs/apache-hive --release 21 +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/mongodbClient:${testdir}/../../../../../stubs/springframework-5.8.x:${testdir}/../../../../../stubs/apache-hive:${testdir}/../../../../../stubs/jakarta-persistence-api-3.2.0 --release 21 diff --git a/java/ql/test/stubs/jakarta-persistence-api-3.2.0/jakarta/persistence/EntityManager.java b/java/ql/test/stubs/jakarta-persistence-api-3.2.0/jakarta/persistence/EntityManager.java new file mode 100644 index 00000000000..3adc0fdd41e --- /dev/null +++ b/java/ql/test/stubs/jakarta-persistence-api-3.2.0/jakarta/persistence/EntityManager.java @@ -0,0 +1,7 @@ +package jakarta.persistence; + +public interface EntityManager extends AutoCloseable { + + Query createNativeQuery(String sqlString); + +} diff --git a/java/ql/test/stubs/jakarta-persistence-api-3.2.0/jakarta/persistence/Query.java b/java/ql/test/stubs/jakarta-persistence-api-3.2.0/jakarta/persistence/Query.java new file mode 100644 index 00000000000..1bf5197b5c8 --- /dev/null +++ b/java/ql/test/stubs/jakarta-persistence-api-3.2.0/jakarta/persistence/Query.java @@ -0,0 +1,7 @@ +package jakarta.persistence; + +public interface Query { + + int executeUpdate(); + +} From 1d7dac485eb0a15aa88d8d5bcb032ae54b0fbff9 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 1 Apr 2025 17:40:34 +0100 Subject: [PATCH 137/409] Rust: switch the query to taint flow so that we get taint through conversions (without needing a special case). --- .../AccessInvalidPointerExtensions.qll | 14 -------- .../security/CWE-825/AccessInvalidPointer.ql | 3 +- .../CWE-825/AccessInvalidPointer.expected | 35 ++++++++++--------- .../security/CWE-825/deallocation.rs | 2 +- 4 files changed, 22 insertions(+), 32 deletions(-) diff --git a/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll b/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll index 360a66e402c..37788609211 100644 --- a/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/AccessInvalidPointerExtensions.qll @@ -46,20 +46,6 @@ module AccessInvalidPointer { ModelsAsDataSource() { sourceNode(this, "pointer-invalidate") } } - /** - * A pointer invalidation from an argument of a modeled call (this is a workaround). - */ - private class ModelsAsDataArgumentSource extends Source { - ModelsAsDataArgumentSource() { - exists(DataFlow::Node n, CallExpr ce, Expr arg | - sourceNode(n, "pointer-invalidate") and - n.(FlowSummaryNode).getSourceElement() = ce.getFunction() and - arg = ce.getArgList().getAnArg() and - this.asExpr().getExpr().getParentNode+() = arg - ) - } - } - /** * A pointer access using the unary `*` operator. */ diff --git a/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql b/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql index 1d84fffe1ee..d0a13b9ddb1 100644 --- a/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql +++ b/rust/ql/src/queries/security/CWE-825/AccessInvalidPointer.ql @@ -14,6 +14,7 @@ import rust import codeql.rust.dataflow.DataFlow +import codeql.rust.dataflow.TaintTracking import codeql.rust.security.AccessInvalidPointerExtensions import AccessInvalidPointerFlow::PathGraph @@ -33,7 +34,7 @@ module AccessInvalidPointerConfig implements DataFlow::ConfigSig { } } -module AccessInvalidPointerFlow = DataFlow::Global; +module AccessInvalidPointerFlow = TaintTracking::Global; from AccessInvalidPointerFlow::PathNode sourceNode, AccessInvalidPointerFlow::PathNode sinkNode where AccessInvalidPointerFlow::flowPath(sourceNode, sinkNode) diff --git a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected index 9479cffc7f5..7bccaa02f63 100644 --- a/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected +++ b/rust/ql/test/query-tests/security/CWE-825/AccessInvalidPointer.expected @@ -3,17 +3,16 @@ | deallocation.rs:37:14:37:33 | ...::read::<...> | deallocation.rs:20:3:20:21 | ...::dealloc | deallocation.rs:37:14:37:33 | ...::read::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:20:3:20:21 | ...::dealloc | invalid | | deallocation.rs:44:6:44:7 | m1 | deallocation.rs:20:3:20:21 | ...::dealloc | deallocation.rs:44:6:44:7 | m1 | This operation dereferences a pointer that may be $@. | deallocation.rs:20:3:20:21 | ...::dealloc | invalid | | deallocation.rs:49:5:49:25 | ...::write::<...> | deallocation.rs:20:3:20:21 | ...::dealloc | deallocation.rs:49:5:49:25 | ...::write::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:20:3:20:21 | ...::dealloc | invalid | -| deallocation.rs:76:16:76:17 | m2 | deallocation.rs:70:23:70:24 | m2 | deallocation.rs:76:16:76:17 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:70:23:70:24 | m2 | invalid | -| deallocation.rs:81:16:81:17 | m2 | deallocation.rs:70:23:70:24 | m2 | deallocation.rs:81:16:81:17 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:70:23:70:24 | m2 | invalid | -| deallocation.rs:86:7:86:8 | m2 | deallocation.rs:70:23:70:24 | m2 | deallocation.rs:86:7:86:8 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:70:23:70:24 | m2 | invalid | -| deallocation.rs:90:7:90:8 | m2 | deallocation.rs:70:23:70:24 | m2 | deallocation.rs:90:7:90:8 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:70:23:70:24 | m2 | invalid | -| deallocation.rs:95:5:95:31 | ...::write::<...> | deallocation.rs:70:23:70:24 | m2 | deallocation.rs:95:5:95:31 | ...::write::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:70:23:70:24 | m2 | invalid | -| deallocation.rs:115:13:115:18 | my_ptr | deallocation.rs:112:14:112:19 | my_ptr | deallocation.rs:115:13:115:18 | my_ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:112:14:112:19 | my_ptr | invalid | +| deallocation.rs:76:16:76:17 | m2 | deallocation.rs:70:3:70:21 | ...::dealloc | deallocation.rs:76:16:76:17 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:70:3:70:21 | ...::dealloc | invalid | +| deallocation.rs:81:16:81:17 | m2 | deallocation.rs:70:3:70:21 | ...::dealloc | deallocation.rs:81:16:81:17 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:70:3:70:21 | ...::dealloc | invalid | +| deallocation.rs:86:7:86:8 | m2 | deallocation.rs:70:3:70:21 | ...::dealloc | deallocation.rs:86:7:86:8 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:70:3:70:21 | ...::dealloc | invalid | +| deallocation.rs:90:7:90:8 | m2 | deallocation.rs:70:3:70:21 | ...::dealloc | deallocation.rs:90:7:90:8 | m2 | This operation dereferences a pointer that may be $@. | deallocation.rs:70:3:70:21 | ...::dealloc | invalid | +| deallocation.rs:95:5:95:31 | ...::write::<...> | deallocation.rs:70:3:70:21 | ...::dealloc | deallocation.rs:95:5:95:31 | ...::write::<...> | This operation dereferences a pointer that may be $@. | deallocation.rs:70:3:70:21 | ...::dealloc | invalid | +| deallocation.rs:115:13:115:18 | my_ptr | deallocation.rs:112:3:112:12 | ...::free | deallocation.rs:115:13:115:18 | my_ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:112:3:112:12 | ...::free | invalid | | deallocation.rs:130:14:130:15 | p1 | deallocation.rs:123:23:123:40 | ...::dangling | deallocation.rs:130:14:130:15 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:123:23:123:40 | ...::dangling | invalid | | deallocation.rs:131:14:131:15 | p2 | deallocation.rs:124:21:124:42 | ...::dangling_mut | deallocation.rs:131:14:131:15 | p2 | This operation dereferences a pointer that may be $@. | deallocation.rs:124:21:124:42 | ...::dangling_mut | invalid | | deallocation.rs:132:14:132:15 | p3 | deallocation.rs:125:23:125:36 | ...::null | deallocation.rs:132:14:132:15 | p3 | This operation dereferences a pointer that may be $@. | deallocation.rs:125:23:125:36 | ...::null | invalid | | deallocation.rs:180:15:180:16 | p1 | deallocation.rs:176:3:176:25 | ...::drop_in_place | deallocation.rs:180:15:180:16 | p1 | This operation dereferences a pointer that may be $@. | deallocation.rs:176:3:176:25 | ...::drop_in_place | invalid | -| deallocation.rs:189:29:189:30 | p3 | deallocation.rs:189:29:189:30 | p3 | deallocation.rs:189:29:189:30 | p3 | This operation dereferences a pointer that may be $@. | deallocation.rs:189:29:189:30 | p3 | invalid | | deallocation.rs:248:18:248:20 | ptr | deallocation.rs:242:3:242:25 | ...::drop_in_place | deallocation.rs:248:18:248:20 | ptr | This operation dereferences a pointer that may be $@. | deallocation.rs:242:3:242:25 | ...::drop_in_place | invalid | edges | deallocation.rs:20:3:20:21 | ...::dealloc | deallocation.rs:20:23:20:24 | [post] m1 | provenance | Src:MaD:3 MaD:3 | @@ -23,13 +22,15 @@ edges | deallocation.rs:20:23:20:24 | [post] m1 | deallocation.rs:49:27:49:28 | m1 | provenance | | | deallocation.rs:37:35:37:36 | m1 | deallocation.rs:37:14:37:33 | ...::read::<...> | provenance | MaD:1 Sink:MaD:1 | | deallocation.rs:49:27:49:28 | m1 | deallocation.rs:49:5:49:25 | ...::write::<...> | provenance | MaD:2 Sink:MaD:2 | -| deallocation.rs:70:23:70:24 | m2 | deallocation.rs:76:16:76:17 | m2 | provenance | | -| deallocation.rs:70:23:70:24 | m2 | deallocation.rs:81:16:81:17 | m2 | provenance | | -| deallocation.rs:70:23:70:24 | m2 | deallocation.rs:86:7:86:8 | m2 | provenance | | -| deallocation.rs:70:23:70:24 | m2 | deallocation.rs:90:7:90:8 | m2 | provenance | | -| deallocation.rs:70:23:70:24 | m2 | deallocation.rs:95:33:95:34 | m2 | provenance | | +| deallocation.rs:70:3:70:21 | ...::dealloc | deallocation.rs:70:23:70:35 | [post] m2 as ... | provenance | Src:MaD:3 MaD:3 | +| deallocation.rs:70:23:70:35 | [post] m2 as ... | deallocation.rs:76:16:76:17 | m2 | provenance | | +| deallocation.rs:70:23:70:35 | [post] m2 as ... | deallocation.rs:81:16:81:17 | m2 | provenance | | +| deallocation.rs:70:23:70:35 | [post] m2 as ... | deallocation.rs:86:7:86:8 | m2 | provenance | | +| deallocation.rs:70:23:70:35 | [post] m2 as ... | deallocation.rs:90:7:90:8 | m2 | provenance | | +| deallocation.rs:70:23:70:35 | [post] m2 as ... | deallocation.rs:95:33:95:34 | m2 | provenance | | | deallocation.rs:95:33:95:34 | m2 | deallocation.rs:95:5:95:31 | ...::write::<...> | provenance | MaD:2 Sink:MaD:2 | -| deallocation.rs:112:14:112:19 | my_ptr | deallocation.rs:115:13:115:18 | my_ptr | provenance | | +| deallocation.rs:112:3:112:12 | ...::free | deallocation.rs:112:14:112:40 | [post] my_ptr as ... | provenance | Src:MaD:8 MaD:8 | +| deallocation.rs:112:14:112:40 | [post] my_ptr as ... | deallocation.rs:115:13:115:18 | my_ptr | provenance | | | deallocation.rs:123:6:123:7 | p1 | deallocation.rs:130:14:130:15 | p1 | provenance | | | deallocation.rs:123:23:123:40 | ...::dangling | deallocation.rs:123:23:123:42 | ...::dangling(...) | provenance | Src:MaD:4 MaD:4 | | deallocation.rs:123:23:123:42 | ...::dangling(...) | deallocation.rs:123:6:123:7 | p1 | provenance | | @@ -51,6 +52,7 @@ models | 5 | Source: lang:core; crate::ptr::dangling_mut; pointer-invalidate; ReturnValue | | 6 | Source: lang:core; crate::ptr::drop_in_place; pointer-invalidate; Argument[0] | | 7 | Source: lang:core; crate::ptr::null; pointer-invalidate; ReturnValue | +| 8 | Source: repo:https://github.com/rust-lang/libc:libc; ::free; pointer-invalidate; Argument[0] | nodes | deallocation.rs:20:3:20:21 | ...::dealloc | semmle.label | ...::dealloc | | deallocation.rs:20:23:20:24 | [post] m1 | semmle.label | [post] m1 | @@ -60,14 +62,16 @@ nodes | deallocation.rs:44:6:44:7 | m1 | semmle.label | m1 | | deallocation.rs:49:5:49:25 | ...::write::<...> | semmle.label | ...::write::<...> | | deallocation.rs:49:27:49:28 | m1 | semmle.label | m1 | -| deallocation.rs:70:23:70:24 | m2 | semmle.label | m2 | +| deallocation.rs:70:3:70:21 | ...::dealloc | semmle.label | ...::dealloc | +| deallocation.rs:70:23:70:35 | [post] m2 as ... | semmle.label | [post] m2 as ... | | deallocation.rs:76:16:76:17 | m2 | semmle.label | m2 | | deallocation.rs:81:16:81:17 | m2 | semmle.label | m2 | | deallocation.rs:86:7:86:8 | m2 | semmle.label | m2 | | deallocation.rs:90:7:90:8 | m2 | semmle.label | m2 | | deallocation.rs:95:5:95:31 | ...::write::<...> | semmle.label | ...::write::<...> | | deallocation.rs:95:33:95:34 | m2 | semmle.label | m2 | -| deallocation.rs:112:14:112:19 | my_ptr | semmle.label | my_ptr | +| deallocation.rs:112:3:112:12 | ...::free | semmle.label | ...::free | +| deallocation.rs:112:14:112:40 | [post] my_ptr as ... | semmle.label | [post] my_ptr as ... | | deallocation.rs:115:13:115:18 | my_ptr | semmle.label | my_ptr | | deallocation.rs:123:6:123:7 | p1 | semmle.label | p1 | | deallocation.rs:123:23:123:40 | ...::dangling | semmle.label | ...::dangling | @@ -84,7 +88,6 @@ nodes | deallocation.rs:176:3:176:25 | ...::drop_in_place | semmle.label | ...::drop_in_place | | deallocation.rs:176:27:176:28 | [post] p1 | semmle.label | [post] p1 | | deallocation.rs:180:15:180:16 | p1 | semmle.label | p1 | -| deallocation.rs:189:29:189:30 | p3 | semmle.label | p3 | | deallocation.rs:242:3:242:25 | ...::drop_in_place | semmle.label | ...::drop_in_place | | deallocation.rs:242:27:242:29 | [post] ptr | semmle.label | [post] ptr | | deallocation.rs:248:18:248:20 | ptr | semmle.label | ptr | diff --git a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs index dde42aa9414..361f938e02c 100644 --- a/rust/ql/test/query-tests/security/CWE-825/deallocation.rs +++ b/rust/ql/test/query-tests/security/CWE-825/deallocation.rs @@ -186,7 +186,7 @@ pub fn test_ptr_drop(mode: i32) { } let p3 = std::alloc::alloc(layout) as *mut Vec; - std::ptr::drop_in_place((*p3).as_mut_ptr()); // $ SPURIOUS: Alert[rust/access-invalid-pointer] + std::ptr::drop_in_place((*p3).as_mut_ptr()); // GOOD } } From 00bb9056c2a36563f85a1f7c154657a289ddc3b0 Mon Sep 17 00:00:00 2001 From: Jon Janego Date: Tue, 1 Apr 2025 15:42:36 -0500 Subject: [PATCH 138/409] Update query-metadata-style-guide.md --- docs/query-metadata-style-guide.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/query-metadata-style-guide.md b/docs/query-metadata-style-guide.md index 4c3f5b8814f..e45d88ffab5 100644 --- a/docs/query-metadata-style-guide.md +++ b/docs/query-metadata-style-guide.md @@ -180,7 +180,7 @@ There are also more specific `@tags` that can be added. See, the following pages Maintainers are expected to add a `@security-severity` tag to security relevant queries that will be run on Code Scanning. There is a documented internal process for generating these `@security-severity` values. -TODO: should we have a severity value for quality queries? +We will use the `problem.severity` attribute to handle the severity for quality-related queries. ### Metric/summary `@tags` From 74587f0d646ec0fbc464adddf3ec689bddd22c3f Mon Sep 17 00:00:00 2001 From: Jon Janego Date: Tue, 1 Apr 2025 18:47:52 -0500 Subject: [PATCH 139/409] Update ExprHasNoEffect.ql adding quality tags per metadata styleguide --- javascript/ql/src/Expressions/ExprHasNoEffect.ql | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/javascript/ql/src/Expressions/ExprHasNoEffect.ql b/javascript/ql/src/Expressions/ExprHasNoEffect.ql index f0cd3addcb6..197564244af 100644 --- a/javascript/ql/src/Expressions/ExprHasNoEffect.ql +++ b/javascript/ql/src/Expressions/ExprHasNoEffect.ql @@ -5,10 +5,12 @@ * @kind problem * @problem.severity warning * @id js/useless-expression - * @tags maintainability + * @tags quality +* maintainability * correctness * external/cwe/cwe-480 * external/cwe/cwe-561 + * useless-code * @precision very-high */ From 09de7cfe4d7128076d21ca5fc16df760701676a0 Mon Sep 17 00:00:00 2001 From: Aditya Sharad Date: Tue, 1 Apr 2025 17:01:47 -0700 Subject: [PATCH 140/409] Docs: Add GitHub Actions as a supported language Include GitHub Actions (identifier `actions`) everywhere we list supported languages, query packs, and library packs. Query and library documentation link targets do not exist yet. --- docs/codeql/codeql-overview/codeql-tools.rst | 2 ++ .../reusables/actions-further-reading.rst | 2 ++ docs/codeql/reusables/extractors.rst | 2 ++ docs/codeql/reusables/supported-frameworks.rst | 17 +++++++++++++++++ .../reusables/supported-versions-compilers.rst | 2 ++ .../about-codeql-queries.rst | 1 + docs/query-help-style-guide.md | 7 +++++-- docs/query-metadata-style-guide.md | 5 ++++- 8 files changed, 35 insertions(+), 3 deletions(-) create mode 100644 docs/codeql/reusables/actions-further-reading.rst diff --git a/docs/codeql/codeql-overview/codeql-tools.rst b/docs/codeql/codeql-overview/codeql-tools.rst index f3d37880ab6..ada1a75689e 100644 --- a/docs/codeql/codeql-overview/codeql-tools.rst +++ b/docs/codeql/codeql-overview/codeql-tools.rst @@ -23,6 +23,8 @@ The standard CodeQL query and library packs (`source `__) maintained by GitHub are: +- ``codeql/actions-queries`` (`changelog `__, `source `__) +- ``codeql/actions-all`` (`changelog `__, `source `__) - ``codeql/cpp-queries`` (`changelog `__, `source `__) - ``codeql/cpp-all`` (`changelog `__, `source `__) - ``codeql/csharp-queries`` (`changelog `__, `source `__) diff --git a/docs/codeql/reusables/actions-further-reading.rst b/docs/codeql/reusables/actions-further-reading.rst new file mode 100644 index 00000000000..03fe948a1cd --- /dev/null +++ b/docs/codeql/reusables/actions-further-reading.rst @@ -0,0 +1,2 @@ +- `CodeQL queries for GitHub Actions `__ +- `CodeQL library reference for GitHub Actions `__ diff --git a/docs/codeql/reusables/extractors.rst b/docs/codeql/reusables/extractors.rst index bfcd7571cb7..30ccef6e465 100644 --- a/docs/codeql/reusables/extractors.rst +++ b/docs/codeql/reusables/extractors.rst @@ -4,6 +4,8 @@ * - Language - Identifier + * - GitHub Actions + - ``actions`` * - C/C++ - ``cpp`` * - C# diff --git a/docs/codeql/reusables/supported-frameworks.rst b/docs/codeql/reusables/supported-frameworks.rst index 68ce952f70f..e6bf21a20ff 100644 --- a/docs/codeql/reusables/supported-frameworks.rst +++ b/docs/codeql/reusables/supported-frameworks.rst @@ -40,6 +40,23 @@ and the CodeQL library pack ``codeql/csharp-all`` (`changelog `__, `source `__) +and the CodeQL library pack ``codeql/actions-all`` (`changelog `__, `source `__). + +.. csv-table:: + :header-rows: 1 + :class: fullWidthTable + :widths: auto + :align: left + + Name, Category + `GitHub Actions workflow YAML files `, Workflows + `GitHub Actions action metadata YAML files `, Actions + Go built-in support ================================ diff --git a/docs/codeql/reusables/supported-versions-compilers.rst b/docs/codeql/reusables/supported-versions-compilers.rst index 92821d9556f..a1d65556580 100644 --- a/docs/codeql/reusables/supported-versions-compilers.rst +++ b/docs/codeql/reusables/supported-versions-compilers.rst @@ -16,6 +16,7 @@ .NET Core up to 3.1 .NET 5, .NET 6, .NET 7, .NET 8, .NET 9","``.sln``, ``.csproj``, ``.cs``, ``.cshtml``, ``.xaml``" + GitHub Actions [12]_,"Not applicable",Not applicable,"``.github/workflows/*.yml``, ``.github/workflows/*.yaml``, ``action.yml``, ``action.yaml``" Go (aka Golang), "Go up to 1.24", "Go 1.11 or more recent", ``.go`` Java,"Java 7 to 24 [5]_","javac (OpenJDK and Oracle JDK), @@ -40,3 +41,4 @@ .. [9] Requires glibc 2.17. .. [10] Support for the analysis of Swift requires macOS. .. [11] TypeScript analysis is performed by running the JavaScript extractor with TypeScript enabled. This is the default. + .. [12] Support for GitHub Actions is in public preview. diff --git a/docs/codeql/writing-codeql-queries/about-codeql-queries.rst b/docs/codeql/writing-codeql-queries/about-codeql-queries.rst index 6d263b80303..f4e60b513c9 100644 --- a/docs/codeql/writing-codeql-queries/about-codeql-queries.rst +++ b/docs/codeql/writing-codeql-queries/about-codeql-queries.rst @@ -74,6 +74,7 @@ When writing your own alert queries, you would typically import the standard lib - :ref:`CodeQL library guide for C and C++ ` - :ref:`CodeQL library guide for C# ` - :ref:`CodeQL library guide for Go ` +- :ref:`CodeQL library guide for GitHub Actions ` - :ref:`CodeQL library guide for Java and Kotlin ` - :ref:`CodeQL library guide for JavaScript ` - :ref:`CodeQL library guide for Python ` diff --git a/docs/query-help-style-guide.md b/docs/query-help-style-guide.md index 143d9f4b821..88b9844fc22 100644 --- a/docs/query-help-style-guide.md +++ b/docs/query-help-style-guide.md @@ -7,9 +7,12 @@ When you contribute a new [supported query](supported-queries.md) to this reposi * [C/C++ queries](https://codeql.github.com/codeql-query-help/cpp/) * [C# queries](https://codeql.github.com/codeql-query-help/csharp/) * [Go queries](https://codeql.github.com/codeql-query-help/go/) -* [Java queries](https://codeql.github.com/codeql-query-help/java/) -* [JavaScript queries](https://codeql.github.com/codeql-query-help/javascript/) +* [GitHub Actions queries](https://codeql.github.com/codeql-query-help/actions/) +* [Java/Kotlin queries](https://codeql.github.com/codeql-query-help/java/) +* [JavaScript/TypeScript queries](https://codeql.github.com/codeql-query-help/javascript/) * [Python queries](https://codeql.github.com/codeql-query-help/python/) +* [Ruby queries](https://codeql.github.com/codeql-query-help/ruby/) +* [Swift queries](https://codeql.github.com/codeql-query-help/swift/) ### Location and file name diff --git a/docs/query-metadata-style-guide.md b/docs/query-metadata-style-guide.md index ff478340b10..f5f2143d8be 100644 --- a/docs/query-metadata-style-guide.md +++ b/docs/query-metadata-style-guide.md @@ -19,10 +19,13 @@ For examples of query files for the languages supported by CodeQL, visit the fol * [C/C++ queries](https://codeql.github.com/codeql-query-help/cpp/) * [C# queries](https://codeql.github.com/codeql-query-help/csharp/) +* [GitHub Actions queries](https://codeql.github.com/codeql-query-help/actions/) * [Go queries](https://codeql.github.com/codeql-query-help/go/) -* [Java queries](https://codeql.github.com/codeql-query-help/java/) +* [Java/Kotlin queries](https://codeql.github.com/codeql-query-help/java/) * [JavaScript queries](https://codeql.github.com/codeql-query-help/javascript/) * [Python queries](https://codeql.github.com/codeql-query-help/python/) +* [Ruby queries](https://codeql.github.com/codeql-query-help/ruby/) +* [Swift queries](https://codeql.github.com/codeql-query-help/swift/) ## Metadata area From f6442d20db6f37ee24f4580ce4656521e275c0cc Mon Sep 17 00:00:00 2001 From: Aditya Sharad Date: Tue, 1 Apr 2025 17:09:03 -0700 Subject: [PATCH 141/409] Docs: Add Actions pages for CWE coverage --- docs/codeql/query-help/codeql-cwe-coverage.rst | 1 + docs/codeql/query-help/index.rst | 2 ++ 2 files changed, 3 insertions(+) diff --git a/docs/codeql/query-help/codeql-cwe-coverage.rst b/docs/codeql/query-help/codeql-cwe-coverage.rst index ab78764e6aa..6236289a9ab 100644 --- a/docs/codeql/query-help/codeql-cwe-coverage.rst +++ b/docs/codeql/query-help/codeql-cwe-coverage.rst @@ -27,6 +27,7 @@ Note that the CWE coverage includes both "`supported queries ` - :doc:`CodeQL query help for C# ` +- :doc:`CodeQL query help for GitHub Actions ` - :doc:`CodeQL query help for Go ` - :doc:`CodeQL query help for Java and Kotlin ` - :doc:`CodeQL query help for JavaScript and TypeScript ` @@ -28,6 +29,7 @@ For a full list of the CWEs covered by these queries, see ":doc:`CodeQL CWE cove :hidden: :titlesonly: + actions cpp csharp go From f379f23216d391873f675edeeed667c8a674ea42 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 2 Apr 2025 00:22:37 +0000 Subject: [PATCH 142/409] Add changed framework coverage reports --- csharp/documentation/library-coverage/coverage.csv | 14 +++++++------- csharp/documentation/library-coverage/coverage.rst | 6 +++--- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/csharp/documentation/library-coverage/coverage.csv b/csharp/documentation/library-coverage/coverage.csv index 8ec9be90060..2d786f62d6e 100644 --- a/csharp/documentation/library-coverage/coverage.csv +++ b/csharp/documentation/library-coverage/coverage.csv @@ -8,20 +8,20 @@ ILLink.Shared,,,37,,,,,,,,,,,,,,,,,,,11,26 ILLink.Tasks,,,5,,,,,,,,,,,,,,,,,,,4,1 Internal.IL,,,54,,,,,,,,,,,,,,,,,,,28,26 Internal.Pgo,,,9,,,,,,,,,,,,,,,,,,,2,7 -Internal.TypeSystem,,,345,,,,,,,,,,,,,,,,,,,205,140 +Internal.TypeSystem,,,342,,,,,,,,,,,,,,,,,,,205,137 Microsoft.ApplicationBlocks.Data,28,,,,,,,,,,,,28,,,,,,,,,, Microsoft.AspNetCore.Components,2,4,2,,,,,,,2,,,,,,,,,4,,,1,1 Microsoft.AspNetCore.Http,,,1,,,,,,,,,,,,,,,,,,,1, Microsoft.AspNetCore.Mvc,,,2,,,,,,,,,,,,,,,,,,,,2 Microsoft.AspNetCore.WebUtilities,,,2,,,,,,,,,,,,,,,,,,,2, Microsoft.CSharp,,,2,,,,,,,,,,,,,,,,,,,2, -Microsoft.Diagnostics.Tools.Pgo,,,23,,,,,,,,,,,,,,,,,,,,23 +Microsoft.Diagnostics.Tools.Pgo,,,21,,,,,,,,,,,,,,,,,,,,21 Microsoft.DotNet.Build.Tasks,,,11,,,,,,,,,,,,,,,,,,,9,2 Microsoft.DotNet.PlatformAbstractions,,,1,,,,,,,,,,,,,,,,,,,1, Microsoft.EntityFrameworkCore,6,,12,,,,,,,,,,6,,,,,,,,,,12 Microsoft.Extensions.Caching.Distributed,,,3,,,,,,,,,,,,,,,,,,,,3 Microsoft.Extensions.Caching.Memory,,,37,,,,,,,,,,,,,,,,,,,5,32 -Microsoft.Extensions.Configuration,,3,123,,,,,,,,,,,,,3,,,,,,40,83 +Microsoft.Extensions.Configuration,,3,118,,,,,,,,,,,,,3,,,,,,41,77 Microsoft.Extensions.DependencyInjection,,,209,,,,,,,,,,,,,,,,,,,15,194 Microsoft.Extensions.DependencyModel,,1,57,,,,,,,,,,,,,1,,,,,,13,44 Microsoft.Extensions.Diagnostics.Metrics,,,14,,,,,,,,,,,,,,,,,,,1,13 @@ -31,16 +31,16 @@ Microsoft.Extensions.Hosting,,,61,,,,,,,,,,,,,,,,,,,29,32 Microsoft.Extensions.Http,,,9,,,,,,,,,,,,,,,,,,,7,2 Microsoft.Extensions.Logging,,,107,,,,,,,,,,,,,,,,,,,26,81 Microsoft.Extensions.Options,,,174,,,,,,,,,,,,,,,,,,,48,126 -Microsoft.Extensions.Primitives,,,76,,,,,,,,,,,,,,,,,,,67,9 +Microsoft.Extensions.Primitives,,,75,,,,,,,,,,,,,,,,,,,68,7 Microsoft.Interop,,,216,,,,,,,,,,,,,,,,,,,71,145 Microsoft.JSInterop,2,,,,,,,,,,2,,,,,,,,,,,, Microsoft.NET.Build.Tasks,,,5,,,,,,,,,,,,,,,,,,,3,2 -Microsoft.VisualBasic,,,13,,,,,,,,,,,,,,,,,,,1,12 +Microsoft.VisualBasic,,,6,,,,,,,,,,,,,,,,,,,1,5 Microsoft.Win32,,4,2,,,,,,,,,,,,,,,,,,4,,2 -Mono.Linker,,,280,,,,,,,,,,,,,,,,,,,129,151 +Mono.Linker,,,278,,,,,,,,,,,,,,,,,,,130,148 MySql.Data.MySqlClient,48,,,,,,,,,,,,48,,,,,,,,,, Newtonsoft.Json,,,91,,,,,,,,,,,,,,,,,,,73,18 ServiceStack,194,,7,27,,,,,75,,,,92,,,,,,,,,7, SourceGenerators,,,5,,,,,,,,,,,,,,,,,,,,5 -System,54,47,12255,,6,5,5,,,4,1,,33,2,,6,15,17,4,3,,5955,6300 +System,54,47,12111,,6,5,5,,,4,1,,33,2,,6,15,17,4,3,,5993,6118 Windows.Security.Cryptography.Core,1,,,,,,,1,,,,,,,,,,,,,,, diff --git a/csharp/documentation/library-coverage/coverage.rst b/csharp/documentation/library-coverage/coverage.rst index 64adc583943..a7c9f8bc54c 100644 --- a/csharp/documentation/library-coverage/coverage.rst +++ b/csharp/documentation/library-coverage/coverage.rst @@ -8,7 +8,7 @@ C# framework & library support Framework / library,Package,Flow sources,Taint & value steps,Sinks (total),`CWE-079` :sub:`Cross-site scripting` `ServiceStack `_,"``ServiceStack.*``, ``ServiceStack``",,7,194, - System,"``System.*``, ``System``",47,12255,54,5 - Others,"``Amazon.Lambda.APIGatewayEvents``, ``Amazon.Lambda.Core``, ``Dapper``, ``ILCompiler``, ``ILLink.RoslynAnalyzer``, ``ILLink.Shared``, ``ILLink.Tasks``, ``Internal.IL``, ``Internal.Pgo``, ``Internal.TypeSystem``, ``Microsoft.ApplicationBlocks.Data``, ``Microsoft.AspNetCore.Components``, ``Microsoft.AspNetCore.Http``, ``Microsoft.AspNetCore.Mvc``, ``Microsoft.AspNetCore.WebUtilities``, ``Microsoft.CSharp``, ``Microsoft.Diagnostics.Tools.Pgo``, ``Microsoft.DotNet.Build.Tasks``, ``Microsoft.DotNet.PlatformAbstractions``, ``Microsoft.EntityFrameworkCore``, ``Microsoft.Extensions.Caching.Distributed``, ``Microsoft.Extensions.Caching.Memory``, ``Microsoft.Extensions.Configuration``, ``Microsoft.Extensions.DependencyInjection``, ``Microsoft.Extensions.DependencyModel``, ``Microsoft.Extensions.Diagnostics.Metrics``, ``Microsoft.Extensions.FileProviders``, ``Microsoft.Extensions.FileSystemGlobbing``, ``Microsoft.Extensions.Hosting``, ``Microsoft.Extensions.Http``, ``Microsoft.Extensions.Logging``, ``Microsoft.Extensions.Options``, ``Microsoft.Extensions.Primitives``, ``Microsoft.Interop``, ``Microsoft.JSInterop``, ``Microsoft.NET.Build.Tasks``, ``Microsoft.VisualBasic``, ``Microsoft.Win32``, ``Mono.Linker``, ``MySql.Data.MySqlClient``, ``Newtonsoft.Json``, ``SourceGenerators``, ``Windows.Security.Cryptography.Core``",60,2272,152,4 - Totals,,107,14534,400,9 + System,"``System.*``, ``System``",47,12111,54,5 + Others,"``Amazon.Lambda.APIGatewayEvents``, ``Amazon.Lambda.Core``, ``Dapper``, ``ILCompiler``, ``ILLink.RoslynAnalyzer``, ``ILLink.Shared``, ``ILLink.Tasks``, ``Internal.IL``, ``Internal.Pgo``, ``Internal.TypeSystem``, ``Microsoft.ApplicationBlocks.Data``, ``Microsoft.AspNetCore.Components``, ``Microsoft.AspNetCore.Http``, ``Microsoft.AspNetCore.Mvc``, ``Microsoft.AspNetCore.WebUtilities``, ``Microsoft.CSharp``, ``Microsoft.Diagnostics.Tools.Pgo``, ``Microsoft.DotNet.Build.Tasks``, ``Microsoft.DotNet.PlatformAbstractions``, ``Microsoft.EntityFrameworkCore``, ``Microsoft.Extensions.Caching.Distributed``, ``Microsoft.Extensions.Caching.Memory``, ``Microsoft.Extensions.Configuration``, ``Microsoft.Extensions.DependencyInjection``, ``Microsoft.Extensions.DependencyModel``, ``Microsoft.Extensions.Diagnostics.Metrics``, ``Microsoft.Extensions.FileProviders``, ``Microsoft.Extensions.FileSystemGlobbing``, ``Microsoft.Extensions.Hosting``, ``Microsoft.Extensions.Http``, ``Microsoft.Extensions.Logging``, ``Microsoft.Extensions.Options``, ``Microsoft.Extensions.Primitives``, ``Microsoft.Interop``, ``Microsoft.JSInterop``, ``Microsoft.NET.Build.Tasks``, ``Microsoft.VisualBasic``, ``Microsoft.Win32``, ``Mono.Linker``, ``MySql.Data.MySqlClient``, ``Newtonsoft.Json``, ``SourceGenerators``, ``Windows.Security.Cryptography.Core``",60,2252,152,4 + Totals,,107,14370,400,9 From a1ceaa0aa32f0452a2eb6e36a1c0dfa6c19735a6 Mon Sep 17 00:00:00 2001 From: Aditya Sharad Date: Tue, 1 Apr 2025 19:02:46 -0700 Subject: [PATCH 143/409] Docs: Add initial library docs for Actions Create the basic structure, state the key importable libraries. Describe a workflow. State the extensible predicates available. Other elements are to be filled in later. --- .../codeql-library-for-actions.rst | 139 ++++++++++++++++++ ...customizing-library-models-for-actions.rst | 46 ++++++ 2 files changed, 185 insertions(+) create mode 100644 docs/codeql/codeql-language-guides/codeql-library-for-actions.rst create mode 100644 docs/codeql/codeql-language-guides/customizing-library-models-for-actions.rst diff --git a/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst b/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst new file mode 100644 index 00000000000..3d31d5e1d23 --- /dev/null +++ b/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst @@ -0,0 +1,139 @@ +.. _codeql-library-for-actions: + +CodeQL library for GitHub Actions +======================= + +When you're analyzing GitHub Actions workflows and action metadata files, you can make use of the large collection of classes in the CodeQL library for GitHub Actions. + +Overview +-------- + +CodeQL ships with an extensive library for analyzing GitHub Actions code, particularly GitHub Actions workflow files and Action metadata files, each written in YAML. +The classes in this library present the data from a CodeQL database in an object-oriented form and provide abstractions and predicates +to help you with common analysis tasks. + +The library is implemented as a set of CodeQL modules, that is, files with the extension ``.qll``. The +module `actions.qll `__ imports most other standard library modules, so you can include the complete +library by beginning your query with: + +.. code-block:: ql + + import actions + +The CodeQL libraries model various aspects of the YAML code used to define workflows and actions. +The above import includes the abstract syntax tree (AST) library, which is used for locating program elements, to match syntactic +elements in the YAML source code. This can be used to find values, patterns and structures. +Both the underlying YAML elements and the GitHub Actions-specific meaning of those elements are modeled. + +See the GitHub Actions documentation on `workflow syntax `__ and `metadata syntax `__ for more information on GitHub Actions YAML syntax and meaning. + +The control flow graph (CFG) is imported using + +.. code-block:: ql + + import codeql.actions.Cfg + +The CFG models the control flow between statements and expressions, for example whether one expression can +be evaluated before another expression, or whether an expression "dominates" another one, meaning that all paths to an +expression must flow through another expression first. + +The data flow library is imported using + +.. code-block:: ql + + import codeql.actions.DataFlow + +Data flow tracks the flow of data through the program, including through function calls (interprocedural data flow) and between steps in a job or workflow. +Data flow is particularly useful for security queries, where untrusted data flows to vulnerable parts of the program +to exploit it. Related to data flow, is the taint-tracking library, which finds how data can *influence* other values +in a program, even when it is not copied exactly. + +To summarize, the main GitHub Actions library modules are: + +.. list-table:: Main GitHub Actions library modules + :header-rows: 1 + + * - Import + - Description + * - ``actions`` + - The standard GitHub Actions library + * - ``codeql.actions.Ast`` + - The abstract syntax tree library (also imported by `actions.qll`) + * - ``codeql.actions.Cfg`` + - The control flow graph library + * - ``codeql.actions.DataFlow`` + - The data flow library + * - ``codeql.actions.TaintTracking`` + - The taint tracking library + +The CodeQL examples in this article are only excerpts and are not meant to represent complete queries. + +Abstract syntax +--------------- + +The abstract syntax tree (AST) represents the elements of the source code organized into a tree. The `AST viewer `__ +in Visual Studio Code shows the AST nodes, including the relevant CodeQL classes and predicates. + +All CodeQL AST classes inherit from the `AstNode` class, which provides the following member predicates +to all AST classes: + +.. list-table:: Main predicates in ``AstNode`` + :header-rows: 1 + + * - Predicate + - Description + * - ``getEnclosingWorkflow()`` + - Gets the enclosing Actions workflow, if any. Applies only to elements within a workflow. + * - ``getEnclosingJob()`` + - Gets the enclosing Actions workflow job, if any. Applies only to elements within a workflow. + * - ``getEnclosingStep()`` + - Gets the enclosing Actions workflow job step, if any. + * - ``getEnclosingCompositeAction()`` + - Gets the enclosing composite action, if any. Applies only to elements within an action metadata file. + * - ``getLocation()`` + - Gets the location of this node. + * - ``getAChildNode()`` + - Gets a child node of this node. + * - ``getParentNode()`` + - Gets the parent of this `AstNode`, if this node is not a root node. + * - ``getATriggerEvent()`` + - Gets an Actions trigger event that can start the enclosing Actions workflow, if any. + + +Workflows +~~~~~~~ + +A workflow is a configurable automated process made up of one or more jobs, +defined in a workflow YAML file in the `.github/workflows` directory of a GitHub repository. + +In the CodeQL AST library, a `Workflow` is an `AstNode` representing the mapping at the top level of an Actions YAML workflow file. + +See the GitHub Actions documentation on `workflows `__ and `workflow syntax `__ for more information. + +.. list-table:: Callable classes + :header-rows: 1 + + * - CodeQL class + - Description and selected predicates + * - ``Workflow`` + - An Actions workflow. This is a mapping at the top level of an Actions YAML workflow file. See https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions. + + On getOn() { result = super.getOn() } + + - `getAJob()` - Gets a job within the `jobs` mapping of this workflow. + - `getEnv()` - Gets an `env` mapping within this workflow declaring workflow-level environment variables, if any. + - `getJob(string jobId)` - Gets a job within the `jobs` mapping of this workflow with the given job ID. + - `getOn()` - Gets the `on` mapping defining the events that trigger this workflow. + - `getPermissions()` - Gets a `permissions` mapping within this workflow declaring workflow-level token permissions, if any. + - `getStrategy()` - Gets a `strategy` mapping for the jobs in this workflow, if any. + - `getName()` - Gets the name of this workflow, if defined within the workflow. + +The following example lists all jobs in a workflow with the name declaration `name: test`: + +.. code-block:: ql + + import actions + + from Workflow w + where w.getName() = "test" + select w, m.getAJob() diff --git a/docs/codeql/codeql-language-guides/customizing-library-models-for-actions.rst b/docs/codeql/codeql-language-guides/customizing-library-models-for-actions.rst new file mode 100644 index 00000000000..40bee7079b5 --- /dev/null +++ b/docs/codeql/codeql-language-guides/customizing-library-models-for-actions.rst @@ -0,0 +1,46 @@ +.. _customizing-library-models-for-actions: + +Customizing Library Models for GitHub Actions +========================================= + +.. include:: ../reusables/beta-note-customizing-library-models.rst + +GitHub Actions analysis can be customized by adding library models in data extension files. + +A data extension for GitHub Actions is a YAML file of the form: + +.. code-block:: yaml + + extensions: + - addsTo: + pack: codeql/actions-all + extensible: + data: + - + - + - ... + +The CodeQL library for GitHub Actions exposes the following extensible predicates: + +Customizing data flow and taint tracking: + +- **actionsSourceModel**\(action, version, output, kind, provenance) +- **actionsSinkModel**\(action, version, input, kind, provenance) +- **actionsSummaryModel**\(action, version, input, output, kind, provenance) + +Customizing Actions-specific analysis: + +- **argumentInjectionSinksDataModel**\(regexp, command_group, argument_group) +- **contextTriggerDataModel**\(trigger, context_prefix) +- **externallyTriggerableEventsDataModel**\(event) +- **immutableActionsDataModel**\(action) +- **poisonableActionsDataModel**\(action) +- **poisonableCommandsDataModel**\(regexp) +- **poisonableLocalScriptsDataModel**\(regexp, group) +- **repositoryDataModel**\(visibility, default_branch_name) +- **trustedActionsOwnerDataModel**\(owner) +- **untrustedEventPropertiesDataModel**\(property, kind) +- **untrustedGhCommandDataModel**\(cmd_regex, flag) +- **untrustedGitCommandDataModel**\(cmd_regex, flag) +- **vulnerableActionsDataModel**\(action, vulnerable_version, vulnerable_sha, fixed_version) +- **workflowDataModel**\(path, trigger, job, secrets_source, permissions, runner) \ No newline at end of file From 9db5cdf957fda415afafa900fee517e1e2a89489 Mon Sep 17 00:00:00 2001 From: Aditya Sharad Date: Tue, 1 Apr 2025 19:03:59 -0700 Subject: [PATCH 144/409] Docs: Add query help page placeholders for Actions --- docs/codeql/query-help/actions-cwe.md | 8 ++++++++ docs/codeql/query-help/actions.rst | 8 ++++++++ 2 files changed, 16 insertions(+) create mode 100644 docs/codeql/query-help/actions-cwe.md create mode 100644 docs/codeql/query-help/actions.rst diff --git a/docs/codeql/query-help/actions-cwe.md b/docs/codeql/query-help/actions-cwe.md new file mode 100644 index 00000000000..d594e0e76c4 --- /dev/null +++ b/docs/codeql/query-help/actions-cwe.md @@ -0,0 +1,8 @@ +# CWE coverage for GitHub Actions + +An overview of CWE coverage for GitHub Actions in the latest release of CodeQL. + +## Overview + + + diff --git a/docs/codeql/query-help/actions.rst b/docs/codeql/query-help/actions.rst new file mode 100644 index 00000000000..38debf91819 --- /dev/null +++ b/docs/codeql/query-help/actions.rst @@ -0,0 +1,8 @@ +CodeQL query help for GitHub Actions +============================ + +.. include:: ../reusables/query-help-overview.rst + +These queries are published in the CodeQL query pack ``codeql/actions-queries`` (`changelog `__, `source `__). + +.. include:: toc-actions.rst From 3b8c4d970ff293d40e70bd41700cc8915c0e2530 Mon Sep 17 00:00:00 2001 From: Aditya Sharad Date: Tue, 1 Apr 2025 19:07:34 -0700 Subject: [PATCH 145/409] Docs: Remove spurious predicate reference --- .../codeql-language-guides/codeql-library-for-actions.rst | 3 --- 1 file changed, 3 deletions(-) diff --git a/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst b/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst index 3d31d5e1d23..52baa1ed51e 100644 --- a/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst +++ b/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst @@ -117,9 +117,6 @@ See the GitHub Actions documentation on `workflows Date: Wed, 2 Apr 2025 08:43:29 +0200 Subject: [PATCH 146/409] Apply suggestions from code review Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com> --- actions/ql/lib/codeql/actions/config/Config.qll | 4 ++-- actions/ql/lib/codeql/actions/config/ConfigExtensions.qll | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/actions/ql/lib/codeql/actions/config/Config.qll b/actions/ql/lib/codeql/actions/config/Config.qll index e55d36f1bab..e6359c14258 100644 --- a/actions/ql/lib/codeql/actions/config/Config.qll +++ b/actions/ql/lib/codeql/actions/config/Config.qll @@ -158,8 +158,8 @@ predicate untrustedGhCommandDataModel(string cmd_regex, string flag) { /** * MaD models for permissions needed by actions * Fields: - * - action: action name - * - permission: permission name + * - action: action name, e.g. `actions/checkout` + * - permission: permission name, e.g. `contents: read` */ predicate actionsPermissionsDataModel(string action, string permission) { Extensions::actionsPermissionsDataModel(action, permission) diff --git a/actions/ql/lib/codeql/actions/config/ConfigExtensions.qll b/actions/ql/lib/codeql/actions/config/ConfigExtensions.qll index 906cabbd27d..87a91935940 100644 --- a/actions/ql/lib/codeql/actions/config/ConfigExtensions.qll +++ b/actions/ql/lib/codeql/actions/config/ConfigExtensions.qll @@ -85,5 +85,6 @@ extensible predicate untrustedGhCommandDataModel(string cmd_regex, string flag); * - `permission` is of the form `scope-name: read|write`, for example `contents: read`. * - see https://github.com/actions/checkout?tab=readme-ov-file#recommended-permissions * for an example of recommended permissions. + * - see https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/controlling-permissions-for-github_token for documentation of token permissions. */ extensible predicate actionsPermissionsDataModel(string action, string permission); From c18529086af3b0f0c4a1452944a9cf338564a734 Mon Sep 17 00:00:00 2001 From: yoff Date: Wed, 2 Apr 2025 08:50:05 +0200 Subject: [PATCH 147/409] actions: add change note --- .../change-notes/2025-02-04-suggest-actions-permissions.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 actions/ql/src/change-notes/2025-02-04-suggest-actions-permissions.md diff --git a/actions/ql/src/change-notes/2025-02-04-suggest-actions-permissions.md b/actions/ql/src/change-notes/2025-02-04-suggest-actions-permissions.md new file mode 100644 index 00000000000..c775b70274f --- /dev/null +++ b/actions/ql/src/change-notes/2025-02-04-suggest-actions-permissions.md @@ -0,0 +1,4 @@ +--- +category: fix +--- +* Alerts produced by the query `actions/missing-workflow-permissions` now include a minimal set of recommended permissions in the alert message, based on well-known actions seen within the workflow file. \ No newline at end of file From 1d81c77fcdc01e30f86bc8dd5209ae88a6b9ad17 Mon Sep 17 00:00:00 2001 From: Ian Roof Date: Thu, 26 Sep 2024 16:56:41 -0400 Subject: [PATCH 148/409] C#: Enhanced LogForgingQuery to treat C# Enums as simple types. --- .../code/csharp/security/Sanitizers.qll | 3 +- .../2024-09-18-csharp-log-forging-enum.md | 4 ++ .../CWE-117/LogForgingSimpleTypes.cs | 46 +++++++++++++++++++ 3 files changed, 52 insertions(+), 1 deletion(-) create mode 100644 csharp/ql/src/change-notes/2024-09-18-csharp-log-forging-enum.md create mode 100644 csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingSimpleTypes.cs diff --git a/csharp/ql/lib/semmle/code/csharp/security/Sanitizers.qll b/csharp/ql/lib/semmle/code/csharp/security/Sanitizers.qll index 2a456b14c68..c356014432a 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/Sanitizers.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/Sanitizers.qll @@ -57,7 +57,8 @@ class SimpleTypeSanitizedExpr extends DataFlow::ExprNode { SimpleTypeSanitizedExpr() { exists(Type t | t = this.getType() or t = this.getType().(NullableType).getUnderlyingType() | t instanceof SimpleType or - t instanceof SystemDateTimeStruct + t instanceof SystemDateTimeStruct or + t instanceof Enum ) } } diff --git a/csharp/ql/src/change-notes/2024-09-18-csharp-log-forging-enum.md b/csharp/ql/src/change-notes/2024-09-18-csharp-log-forging-enum.md new file mode 100644 index 00000000000..5c0dc208ac8 --- /dev/null +++ b/csharp/ql/src/change-notes/2024-09-18-csharp-log-forging-enum.md @@ -0,0 +1,4 @@ +--- +category: fix +--- +* Enhanced LogForgingQuery to treat C# Enums as simple types. \ No newline at end of file diff --git a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingSimpleTypes.cs b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingSimpleTypes.cs new file mode 100644 index 00000000000..32c746abc0c --- /dev/null +++ b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingSimpleTypes.cs @@ -0,0 +1,46 @@ +using System; +using System.Diagnostics; +using System.IO; +using System.Net; +using System.Web; +using Microsoft.Extensions.Logging; + +class ILogger +{ + public void Warn(string message) { } +} + +enum TestEnum +{ + TestEnumValue +} + +public class LogForgingSimpleTypes +{ + public void Execute(HttpContext ctx) + { + // GOOD: int + logger.Warn("Logging simple type (int):" 1); + + // GOOD: long + logger.Warn("Logging simple type (int):" 1L); + + // GOOD: float + logger.Warn("Logging simple type (float):" 1.1); + + // GOOD: double + logger.Warn("Logging simple type (double):" 1.1d); + + // GOOD: decimal + logger.Warn("Logging simple type (double):" 1.1m); + + // GOOD: Enum + logger.Warn("Logging simple type (Enum):" TestEnum.TestEnumVAlue); + + // GOOD: DateTime + logger.Warn("Logging simple type (int):" new DateTime()); + + // GOOD: DateTimeOffset + logger.Warn("Logging simple type (int):" DateTimeOffset.UtcNow); + } +} From 48db2b9315f4eb2ab29f711881f52bfbbe4847ea Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 2 Apr 2025 10:12:16 +0200 Subject: [PATCH 149/409] JS: Add test --- .../ql/test/query-tests/Security/CWE-079/DomBasedXss/dom.js | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/dom.js diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/dom.js b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/dom.js new file mode 100644 index 00000000000..51adf27b6d3 --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/dom.js @@ -0,0 +1,5 @@ +function t1() { + const elm = document.getElementById("foo"); + const e2 = elm.getElementsByTagName("bar")[0]; + e2.innerHTML = window.name; // $ MISSING: Alert +} From 46f88e7ce765db957f20a7396dca18797e094747 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 2 Apr 2025 09:50:09 +0200 Subject: [PATCH 150/409] JS: Updates to DOM model --- javascript/ql/lib/semmle/javascript/DOM.qll | 6 ++++-- .../query-tests/Security/CWE-079/DomBasedXss/Xss.expected | 2 ++ .../CWE-079/DomBasedXss/XssWithAdditionalSources.expected | 1 + .../ql/test/query-tests/Security/CWE-079/DomBasedXss/dom.js | 2 +- 4 files changed, 8 insertions(+), 3 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/DOM.qll b/javascript/ql/lib/semmle/javascript/DOM.qll index 50a529b4a53..21854c1a9d0 100644 --- a/javascript/ql/lib/semmle/javascript/DOM.qll +++ b/javascript/ql/lib/semmle/javascript/DOM.qll @@ -247,7 +247,7 @@ module DOM { ] | ( - result = documentRef().getAMethodCall(collectionName) or + result = domValueRef().getAMethodCall(collectionName) or result = DataFlow::globalVarRef(collectionName).getACall() ) ) @@ -441,10 +441,12 @@ module DOM { DataFlow::SourceNode domValueRef() { result = domValueRef(DataFlow::TypeTracker::end()) or - result.hasUnderlyingType("Element") + result.hasUnderlyingType(["Element", "HTMLCollection", "HTMLCollectionOf"]) or result.hasUnderlyingType(any(string s | s.matches("HTML%Element"))) or + result = documentRef() + or exists(DataFlow::ClassNode cls | cls.getASuperClassNode().getALocalSource() = DataFlow::globalVarRef(any(string s | s.matches("HTML%Element"))) and diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected index 7de1561f79e..6ba8ab703bf 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/Xss.expected @@ -53,6 +53,7 @@ | dates.js:57:31:57:101 | `Time i ... aint)}` | dates.js:54:36:54:55 | window.location.hash | dates.js:57:31:57:101 | `Time i ... aint)}` | Cross-site scripting vulnerability due to $@. | dates.js:54:36:54:55 | window.location.hash | user-provided value | | dates.js:59:31:59:87 | `Time i ... aint)}` | dates.js:54:36:54:55 | window.location.hash | dates.js:59:31:59:87 | `Time i ... aint)}` | Cross-site scripting vulnerability due to $@. | dates.js:54:36:54:55 | window.location.hash | user-provided value | | dates.js:61:31:61:88 | `Time i ... aint)}` | dates.js:54:36:54:55 | window.location.hash | dates.js:61:31:61:88 | `Time i ... aint)}` | Cross-site scripting vulnerability due to $@. | dates.js:54:36:54:55 | window.location.hash | user-provided value | +| dom.js:4:20:4:30 | window.name | dom.js:4:20:4:30 | window.name | dom.js:4:20:4:30 | window.name | Cross-site scripting vulnerability due to $@. | dom.js:4:20:4:30 | window.name | user-provided value | | dragAndDrop.ts:15:25:15:28 | html | dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | dragAndDrop.ts:15:25:15:28 | html | Cross-site scripting vulnerability due to $@. | dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | user-provided value | | dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | Cross-site scripting vulnerability due to $@. | dragAndDrop.ts:24:23:24:57 | e.dataT ... /html') | user-provided value | | dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | Cross-site scripting vulnerability due to $@. | dragAndDrop.ts:29:19:29:53 | e.dataT ... /html') | user-provided value | @@ -937,6 +938,7 @@ nodes | dates.js:61:31:61:88 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | | dates.js:61:42:61:86 | dayjs.s ... (taint) | semmle.label | dayjs.s ... (taint) | | dates.js:61:81:61:85 | taint | semmle.label | taint | +| dom.js:4:20:4:30 | window.name | semmle.label | window.name | | dragAndDrop.ts:8:11:8:50 | html | semmle.label | html | | dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | semmle.label | dataTra ... /html') | | dragAndDrop.ts:15:25:15:28 | html | semmle.label | html | diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.expected b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.expected index eb961fc83db..7780ae82dc4 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.expected @@ -138,6 +138,7 @@ nodes | dates.js:61:31:61:88 | `Time i ... aint)}` | semmle.label | `Time i ... aint)}` | | dates.js:61:42:61:86 | dayjs.s ... (taint) | semmle.label | dayjs.s ... (taint) | | dates.js:61:81:61:85 | taint | semmle.label | taint | +| dom.js:4:20:4:30 | window.name | semmle.label | window.name | | dragAndDrop.ts:8:11:8:50 | html | semmle.label | html | | dragAndDrop.ts:8:18:8:50 | dataTra ... /html') | semmle.label | dataTra ... /html') | | dragAndDrop.ts:15:25:15:28 | html | semmle.label | html | diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/dom.js b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/dom.js index 51adf27b6d3..cf4f0bb3fbe 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/dom.js +++ b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/dom.js @@ -1,5 +1,5 @@ function t1() { const elm = document.getElementById("foo"); const e2 = elm.getElementsByTagName("bar")[0]; - e2.innerHTML = window.name; // $ MISSING: Alert + e2.innerHTML = window.name; // $ Alert } From 78b25388ca8dcf3013b357b343ec6d365f45575f Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 2 Apr 2025 09:51:24 +0200 Subject: [PATCH 151/409] JS: Protect against bad join in BadRandomness This code resulted in bad join orders in response to certain library changes. The actual library changes have to be split into smaller pieces but I'd like to ensure I don't run into the bad join again. --- .../ql/src/Security/CWE-327/BadRandomness.ql | 32 ++++++++----------- 1 file changed, 14 insertions(+), 18 deletions(-) diff --git a/javascript/ql/src/Security/CWE-327/BadRandomness.ql b/javascript/ql/src/Security/CWE-327/BadRandomness.ql index dd6de6cc1c0..5de0f9b3dfd 100644 --- a/javascript/ql/src/Security/CWE-327/BadRandomness.ql +++ b/javascript/ql/src/Security/CWE-327/BadRandomness.ql @@ -30,30 +30,26 @@ private int powerOfTwo() { * Gets a node that has value 2^n for some n. */ private DataFlow::Node isPowerOfTwo() { - exists(DataFlow::Node prev | - prev.getIntValue() = powerOfTwo() - or - // Getting around the 32 bit ints in QL. These are some hex values of the form 0x10000000 - prev.asExpr().(NumberLiteral).getValue() = - ["281474976710656", "17592186044416", "1099511627776", "68719476736", "4294967296"] - | - result = prev.getASuccessor*() - ) + result.getIntValue() = powerOfTwo() + or + // Getting around the 32 bit ints in QL. These are some hex values of the form 0x10000000 + result.asExpr().(NumberLiteral).getValue() = + ["281474976710656", "17592186044416", "1099511627776", "68719476736", "4294967296"] + or + result = isPowerOfTwo().getASuccessor() } /** * Gets a node that has value (2^n)-1 for some n. */ private DataFlow::Node isPowerOfTwoMinusOne() { - exists(DataFlow::Node prev | - prev.getIntValue() = powerOfTwo() - 1 - or - // Getting around the 32 bit ints in QL. These are some hex values of the form 0xfffffff - prev.asExpr().(NumberLiteral).getValue() = - ["281474976710655", "17592186044415", "1099511627775", "68719476735", "4294967295"] - | - result = prev.getASuccessor*() - ) + result.getIntValue() = powerOfTwo() - 1 + or + // Getting around the 32 bit ints in QL. These are some hex values of the form 0xfffffff + result.asExpr().(NumberLiteral).getValue() = + ["281474976710655", "17592186044415", "1099511627775", "68719476735", "4294967295"] + or + result = isPowerOfTwoMinusOne().getASuccessor() } /** From efdb4a6d82845fe0ef1ccaaf6cda4ac2d1bcdcd1 Mon Sep 17 00:00:00 2001 From: Joe Farebrother Date: Thu, 27 Mar 2025 10:11:11 +0000 Subject: [PATCH 152/409] Use global dataflow for loop variable capture --- .../ql/src/Variables/LoopVariableCapture.ql | 66 ++++++++++++------- 1 file changed, 44 insertions(+), 22 deletions(-) diff --git a/python/ql/src/Variables/LoopVariableCapture.ql b/python/ql/src/Variables/LoopVariableCapture.ql index e4ccd73e5e1..16130d5d50f 100644 --- a/python/ql/src/Variables/LoopVariableCapture.ql +++ b/python/ql/src/Variables/LoopVariableCapture.ql @@ -10,38 +10,60 @@ */ import python +import semmle.python.dataflow.new.DataFlow -// Gets the scope of the iteration variable of the looping scope -Scope iteration_variable_scope(AstNode loop) { - result = loop.(For).getScope() - or - result = loop.(Comp).getFunction() +abstract class Loop extends AstNode { + abstract Variable getALoopVariable(); } -predicate capturing_looping_construct(CallableExpr capturing, AstNode loop, Variable var) { - var.getScope() = iteration_variable_scope(loop) and +class ForLoop extends Loop, For { + override Variable getALoopVariable() { + this.getTarget() = result.getAnAccess().getParentNode*() and + result.getScope() = this.getScope() + } +} + +predicate capturesLoopVariable(CallableExpr capturing, Loop loop, Variable var) { var.getAnAccess().getScope() = capturing.getInnerScope() and capturing.getParentNode+() = loop and - ( - loop.(For).getTarget() = var.getAnAccess() - or - var = loop.(Comp).getAnIterationVariable() - ) + var = loop.getALoopVariable() } -predicate escaping_capturing_looping_construct(CallableExpr capturing, AstNode loop, Variable var) { - capturing_looping_construct(capturing, loop, var) and - // Escapes if used out side of for loop or is a lambda in a comprehension - ( - loop instanceof For and - exists(Expr e | e.pointsTo(_, _, capturing) | not loop.contains(e)) +module EscapingCaptureFlowSig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { capturesLoopVariable(node.asExpr(), _, _) } + + predicate isSink(DataFlow::Node node) { + // Stored in a field. + exists(DataFlow::AttrWrite aw | aw.getObject() = node) or - loop.(Comp).getElt() = capturing + // Stored in a dict/list. + exists(Assign assign, Subscript sub | + sub = assign.getATarget() and node.asExpr() = assign.getValue() + ) or - loop.(Comp).getElt().(Tuple).getAnElt() = capturing - ) + // Stored in a list. + exists(DataFlow::MethodCallNode mc | mc.calls(_, "append") and node = mc.getArg(0)) + or + // Used in a yeild statement, likely included in a collection. + // The element of comprehension expressions desugar to involve a yield statement internally. + exists(Yield y | node.asExpr() = y.getValue()) + } + + predicate isBarrierOut(DataFlow::Node node) { isSink(node) } + + predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet cs) { + isSink(node) and + exists(cs) + } +} + +module EscapingCaptureFlow = DataFlow::Global; + +predicate escapingCapture(CallableExpr capturing, Loop loop, Variable var) { + capturesLoopVariable(capturing, loop, var) and + EscapingCaptureFlow::flow(DataFlow::exprNode(capturing), _) } from CallableExpr capturing, AstNode loop, Variable var -where escaping_capturing_looping_construct(capturing, loop, var) +where escapingCapture(capturing, loop, var) select capturing, "Capture of loop variable $@.", loop, var.getId() From 08b428118790ee14875d4f8ea1d59e12142ae94c Mon Sep 17 00:00:00 2001 From: Joe Farebrother Date: Mon, 31 Mar 2025 10:23:12 +0100 Subject: [PATCH 153/409] Update query message and remove field case --- python/ql/src/Variables/LoopVariableCapture.ql | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/python/ql/src/Variables/LoopVariableCapture.ql b/python/ql/src/Variables/LoopVariableCapture.ql index 16130d5d50f..4682e682d81 100644 --- a/python/ql/src/Variables/LoopVariableCapture.ql +++ b/python/ql/src/Variables/LoopVariableCapture.ql @@ -34,8 +34,9 @@ module EscapingCaptureFlowSig implements DataFlow::ConfigSig { predicate isSink(DataFlow::Node node) { // Stored in a field. - exists(DataFlow::AttrWrite aw | aw.getObject() = node) - or + // This appeared to lead to FPs through wrapper classes. + // exists(DataFlow::AttrWrite aw | aw.getObject() = node) + // or // Stored in a dict/list. exists(Assign assign, Subscript sub | sub = assign.getATarget() and node.asExpr() = assign.getValue() @@ -44,7 +45,7 @@ module EscapingCaptureFlowSig implements DataFlow::ConfigSig { // Stored in a list. exists(DataFlow::MethodCallNode mc | mc.calls(_, "append") and node = mc.getArg(0)) or - // Used in a yeild statement, likely included in a collection. + // Used in a yield statement, likely included in a collection. // The element of comprehension expressions desugar to involve a yield statement internally. exists(Yield y | node.asExpr() = y.getValue()) } @@ -64,6 +65,8 @@ predicate escapingCapture(CallableExpr capturing, Loop loop, Variable var) { EscapingCaptureFlow::flow(DataFlow::exprNode(capturing), _) } -from CallableExpr capturing, AstNode loop, Variable var -where escapingCapture(capturing, loop, var) -select capturing, "Capture of loop variable $@.", loop, var.getId() +from CallableExpr capturing, AstNode loop, Variable var, string descr +where + escapingCapture(capturing, loop, var) and + if capturing instanceof Lambda then descr = "lambda" else descr = "function" +select capturing, "This " + descr + " captures the loop variable $@.", loop, var.getId() From 5b7200a0418ca7a86a8ed863de755cd355c44634 Mon Sep 17 00:00:00 2001 From: Joe Farebrother Date: Mon, 31 Mar 2025 11:04:13 +0100 Subject: [PATCH 154/409] Use flow path in alerts --- .../ql/src/Variables/LoopVariableCapture.ql | 22 ++++++++++++++----- 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/python/ql/src/Variables/LoopVariableCapture.ql b/python/ql/src/Variables/LoopVariableCapture.ql index 4682e682d81..e0a3d521144 100644 --- a/python/ql/src/Variables/LoopVariableCapture.ql +++ b/python/ql/src/Variables/LoopVariableCapture.ql @@ -1,7 +1,7 @@ /** * @name Loop variable capture * @description Capture of a loop variable is not the same as capturing the value of a loop variable, and may be erroneous. - * @kind problem + * @kind path-problem * @tags correctness * @problem.severity error * @sub-severity low @@ -60,13 +60,23 @@ module EscapingCaptureFlowSig implements DataFlow::ConfigSig { module EscapingCaptureFlow = DataFlow::Global; -predicate escapingCapture(CallableExpr capturing, Loop loop, Variable var) { +import EscapingCaptureFlow::PathGraph + +predicate escapingCapture( + CallableExpr capturing, Loop loop, Variable var, EscapingCaptureFlow::PathNode source, + EscapingCaptureFlow::PathNode sink +) { capturesLoopVariable(capturing, loop, var) and - EscapingCaptureFlow::flow(DataFlow::exprNode(capturing), _) + capturing = source.getNode().asExpr() and + EscapingCaptureFlow::flowPath(source, sink) } -from CallableExpr capturing, AstNode loop, Variable var, string descr +from + CallableExpr capturing, AstNode loop, Variable var, string descr, + EscapingCaptureFlow::PathNode source, EscapingCaptureFlow::PathNode sink where - escapingCapture(capturing, loop, var) and + escapingCapture(capturing, loop, var, source, sink) and if capturing instanceof Lambda then descr = "lambda" else descr = "function" -select capturing, "This " + descr + " captures the loop variable $@.", loop, var.getId() +select capturing, source, sink, + "This " + descr + " captures the loop variable $@, and may escape the loop by being stored $@.", + loop, var.getId(), sink, "here" From 11830bf66132f39c9df6567ef71193ac98213a4b Mon Sep 17 00:00:00 2001 From: Joe Farebrother Date: Mon, 31 Mar 2025 14:33:55 +0100 Subject: [PATCH 155/409] Move to separate folder --- .../{ => LoopVariableCapture}/LoopVariableCapture.py | 0 .../{ => LoopVariableCapture}/LoopVariableCapture.qhelp | 0 .../{ => LoopVariableCapture}/LoopVariableCapture.ql | 8 ++++++++ .../{ => LoopVariableCapture}/LoopVariableCapture2.py | 0 4 files changed, 8 insertions(+) rename python/ql/src/Variables/{ => LoopVariableCapture}/LoopVariableCapture.py (100%) rename python/ql/src/Variables/{ => LoopVariableCapture}/LoopVariableCapture.qhelp (100%) rename python/ql/src/Variables/{ => LoopVariableCapture}/LoopVariableCapture.ql (91%) rename python/ql/src/Variables/{ => LoopVariableCapture}/LoopVariableCapture2.py (100%) diff --git a/python/ql/src/Variables/LoopVariableCapture.py b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.py similarity index 100% rename from python/ql/src/Variables/LoopVariableCapture.py rename to python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.py diff --git a/python/ql/src/Variables/LoopVariableCapture.qhelp b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.qhelp similarity index 100% rename from python/ql/src/Variables/LoopVariableCapture.qhelp rename to python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.qhelp diff --git a/python/ql/src/Variables/LoopVariableCapture.ql b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql similarity index 91% rename from python/ql/src/Variables/LoopVariableCapture.ql rename to python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql index e0a3d521144..b2ed802e9c3 100644 --- a/python/ql/src/Variables/LoopVariableCapture.ql +++ b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql @@ -52,6 +52,14 @@ module EscapingCaptureFlowSig implements DataFlow::ConfigSig { predicate isBarrierOut(DataFlow::Node node) { isSink(node) } + predicate isBarrier(DataFlow::Node node) { + // Incorrect virtual dispatch to __call__ methods is a source of FPs. + exists(Function call | + call.getName() = "__call__" and + call.getArg(0) = node.(DataFlow::ParameterNode).getParameter() + ) + } + predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet cs) { isSink(node) and exists(cs) diff --git a/python/ql/src/Variables/LoopVariableCapture2.py b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture2.py similarity index 100% rename from python/ql/src/Variables/LoopVariableCapture2.py rename to python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture2.py From 2d6476ad2138138c6fa1ac3b5fb6127254496aa4 Mon Sep 17 00:00:00 2001 From: Joe Farebrother Date: Tue, 1 Apr 2025 09:56:01 +0100 Subject: [PATCH 156/409] Update names and alert message --- .../Variables/LoopVariableCapture/LoopVariableCapture.ql | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql index b2ed802e9c3..6c979ffdf82 100644 --- a/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql +++ b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql @@ -29,7 +29,7 @@ predicate capturesLoopVariable(CallableExpr capturing, Loop loop, Variable var) var = loop.getALoopVariable() } -module EscapingCaptureFlowSig implements DataFlow::ConfigSig { +module EscapingCaptureFlowConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node node) { capturesLoopVariable(node.asExpr(), _, _) } predicate isSink(DataFlow::Node node) { @@ -66,7 +66,7 @@ module EscapingCaptureFlowSig implements DataFlow::ConfigSig { } } -module EscapingCaptureFlow = DataFlow::Global; +module EscapingCaptureFlow = DataFlow::Global; import EscapingCaptureFlow::PathGraph @@ -86,5 +86,5 @@ where escapingCapture(capturing, loop, var, source, sink) and if capturing instanceof Lambda then descr = "lambda" else descr = "function" select capturing, source, sink, - "This " + descr + " captures the loop variable $@, and may escape the loop by being stored $@.", - loop, var.getId(), sink, "here" + "This " + descr + " captures the loop variable $@, and may escape the loop by being stored at $@.", + loop, var.getId(), sink, "this location" From c37809a187bf948186b23d548471931a398cc808 Mon Sep 17 00:00:00 2001 From: Joe Farebrother Date: Wed, 2 Apr 2025 09:33:30 +0100 Subject: [PATCH 157/409] Reduce scope of allowImplicitRead to avoid cartesian product. --- .../Variables/LoopVariableCapture/LoopVariableCapture.ql | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql index 6c979ffdf82..49392e3d01e 100644 --- a/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql +++ b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql @@ -62,7 +62,12 @@ module EscapingCaptureFlowConfig implements DataFlow::ConfigSig { predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet cs) { isSink(node) and - exists(cs) + ( + cs instanceof DataFlow::TupleElementContent or + cs instanceof DataFlow::ListElementContent or + cs instanceof DataFlow::SetElementContent or + cs instanceof DataFlow::DictionaryElementAnyContent + ) } } From 77e4d9e6920b01fb51d47177f0a061df17aa4d49 Mon Sep 17 00:00:00 2001 From: Chris Smowton Date: Wed, 2 Apr 2025 10:03:49 +0100 Subject: [PATCH 158/409] Fix stray references to the javax package name Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com> --- .../ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll b/java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll index 1cb9af2e0d9..b38cba889e0 100644 --- a/java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll +++ b/java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll @@ -713,7 +713,7 @@ class VersionAnnotation extends Annotation { VersionAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Version") } } -/** The interface `javax.persistence.EntityManager`. */ +/** The interface `{javax,jakarta}.persistence.EntityManager`. */ class TypeEntityManager extends Interface { TypeEntityManager() { this.hasQualifiedName(getAPersistencePackageName(), "EntityManager") } @@ -736,7 +736,7 @@ class TypeEntityManager extends Interface { } } -/** The interface `javax.persistence.Query`, which represents queries in the Java Persistence Query Language. */ +/** The interface `{javax,jakarta}.persistence.Query`, which represents queries in the Java Persistence Query Language. */ class TypeQuery extends Interface { TypeQuery() { this.hasQualifiedName(getAPersistencePackageName(), "Query") } From 024712c073a8351965faea00175a8e0d9345711e Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 2 Apr 2025 09:48:32 +0200 Subject: [PATCH 159/409] C#: Temporarily comment out considering Enums as having a sanitizing effect. --- csharp/ql/lib/semmle/code/csharp/security/Sanitizers.qll | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/csharp/ql/lib/semmle/code/csharp/security/Sanitizers.qll b/csharp/ql/lib/semmle/code/csharp/security/Sanitizers.qll index c356014432a..08874cb533e 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/Sanitizers.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/Sanitizers.qll @@ -57,8 +57,8 @@ class SimpleTypeSanitizedExpr extends DataFlow::ExprNode { SimpleTypeSanitizedExpr() { exists(Type t | t = this.getType() or t = this.getType().(NullableType).getUnderlyingType() | t instanceof SimpleType or - t instanceof SystemDateTimeStruct or - t instanceof Enum + t instanceof SystemDateTimeStruct + // or t instanceof Enum ) } } From 60e3b4351a41890b65395684c575a98f1adabcd8 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 2 Apr 2025 10:16:52 +0200 Subject: [PATCH 160/409] C#: Fix simple types testcases. --- .../CWE-117/LogForgingAsp.cs | 54 +++++++++++++++++++ .../CWE-117/LogForgingSimpleTypes.cs | 46 ---------------- 2 files changed, 54 insertions(+), 46 deletions(-) delete mode 100644 csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingSimpleTypes.cs diff --git a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingAsp.cs b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingAsp.cs index a3293344b33..1bbef682496 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingAsp.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingAsp.cs @@ -3,6 +3,11 @@ using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Http.Headers; using Microsoft.AspNetCore.Mvc; +public enum TestEnum +{ + TestEnumValue +} + public class AspController : ControllerBase { public void Action1(string username) @@ -38,4 +43,53 @@ public class AspController : ControllerBase logger.Warn($"Warning about the bool: {b}"); } } + + public void ActionInt(int i) + { + var logger = new ILogger(); + // GOOD: int is a sanitizer. + logger.Warn($"Warning about the int: {i}"); + } + + public void ActionLong(long l) + { + var logger = new ILogger(); + // GOOD: long is a sanitizer. + logger.Warn($"Warning about the long: {l}"); + } + + public void ActionFloat(float f) + { + var logger = new ILogger(); + // GOOD: float is a sanitizer. + logger.Warn($"Warning about the float: {f}"); + } + + public void ActionDouble(double d) + { + var logger = new ILogger(); + // GOOD: double is a sanitizer. + logger.Warn($"Warning about the double: {d}"); + } + + public void ActionDecimal(decimal d) + { + var logger = new ILogger(); + // GOOD: decimal is a sanitizer. + logger.Warn($"Warning about the decimal: {d}"); + } + + public void ActionEnum(TestEnum e) + { + var logger = new ILogger(); + // GOOD: Enum is a sanitizer. [FALSE POSITIVE] + logger.Warn($"Warning about the enum: {e}"); + } + + public void ActionDateTime(DateTimeOffset dt) + { + var logger = new ILogger(); + // GOOD: DateTimeOffset is a sanitizer. [FALSEPOSITIVE] + logger.Warn($"Warning about the DateTimeOffset: {dt}"); + } } diff --git a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingSimpleTypes.cs b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingSimpleTypes.cs deleted file mode 100644 index 32c746abc0c..00000000000 --- a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingSimpleTypes.cs +++ /dev/null @@ -1,46 +0,0 @@ -using System; -using System.Diagnostics; -using System.IO; -using System.Net; -using System.Web; -using Microsoft.Extensions.Logging; - -class ILogger -{ - public void Warn(string message) { } -} - -enum TestEnum -{ - TestEnumValue -} - -public class LogForgingSimpleTypes -{ - public void Execute(HttpContext ctx) - { - // GOOD: int - logger.Warn("Logging simple type (int):" 1); - - // GOOD: long - logger.Warn("Logging simple type (int):" 1L); - - // GOOD: float - logger.Warn("Logging simple type (float):" 1.1); - - // GOOD: double - logger.Warn("Logging simple type (double):" 1.1d); - - // GOOD: decimal - logger.Warn("Logging simple type (double):" 1.1m); - - // GOOD: Enum - logger.Warn("Logging simple type (Enum):" TestEnum.TestEnumVAlue); - - // GOOD: DateTime - logger.Warn("Logging simple type (int):" new DateTime()); - - // GOOD: DateTimeOffset - logger.Warn("Logging simple type (int):" DateTimeOffset.UtcNow); - } -} From 08159896f385d2e24eb422c69b49bde911822d79 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 2 Apr 2025 10:33:08 +0200 Subject: [PATCH 161/409] C#: Convert cs/log-forging tests to inline expectations. --- .../Security Features/CWE-117/LogForging.cs | 8 +++---- .../CWE-117/LogForging.expected | 21 +++++++++++++++---- .../CWE-117/LogForging.qlref | 4 +++- .../CWE-117/LogForgingAsp.cs | 6 +++--- 4 files changed, 27 insertions(+), 12 deletions(-) diff --git a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.cs b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.cs index 691d98f986e..18169e4a4b0 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.cs @@ -15,10 +15,10 @@ public class LogForgingHandler : IHttpHandler public void ProcessRequest(HttpContext ctx) { - String username = ctx.Request.QueryString["username"]; + String username = ctx.Request.QueryString["username"]; // $ Source ILogger logger = new ILogger(); // BAD: Logged as-is - logger.Warn(username + " logged in"); + logger.Warn(username + " logged in"); // $ Alert // GOOD: New-lines removed logger.Warn(username.Replace(Environment.NewLine, "") + " logged in"); // GOOD: New-lines removed @@ -28,11 +28,11 @@ public class LogForgingHandler : IHttpHandler // GOOD: Html encoded logger.Warn(WebUtility.HtmlEncode(username) + " logged in"); // BAD: Logged as-is to TraceSource - new TraceSource("Test").TraceInformation(username + " logged in"); + new TraceSource("Test").TraceInformation(username + " logged in"); // $ Alert Microsoft.Extensions.Logging.ILogger logger2 = null; // BAD: Logged as-is - logger2.LogError(username); + logger2.LogError(username); // $ Alert } public bool IsReusable diff --git a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.expected b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.expected index f817ebd27b0..d7177aaf0de 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.expected @@ -2,7 +2,9 @@ | LogForging.cs:21:21:21:43 | ... + ... | LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:21:21:21:43 | ... + ... | This log entry depends on a $@. | LogForging.cs:18:27:18:49 | access to property QueryString | user-provided value | | LogForging.cs:31:50:31:72 | ... + ... | LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:31:50:31:72 | ... + ... | This log entry depends on a $@. | LogForging.cs:18:27:18:49 | access to property QueryString | user-provided value | | LogForging.cs:35:26:35:33 | access to local variable username | LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:35:26:35:33 | access to local variable username | This log entry depends on a $@. | LogForging.cs:18:27:18:49 | access to property QueryString | user-provided value | -| LogForgingAsp.cs:12:21:12:43 | ... + ... | LogForgingAsp.cs:8:32:8:39 | username : String | LogForgingAsp.cs:12:21:12:43 | ... + ... | This log entry depends on a $@. | LogForgingAsp.cs:8:32:8:39 | username | user-provided value | +| LogForgingAsp.cs:17:21:17:43 | ... + ... | LogForgingAsp.cs:13:32:13:39 | username : String | LogForgingAsp.cs:17:21:17:43 | ... + ... | This log entry depends on a $@. | LogForgingAsp.cs:13:32:13:39 | username | user-provided value | +| LogForgingAsp.cs:86:21:86:50 | $"..." | LogForgingAsp.cs:82:37:82:37 | e : TestEnum | LogForgingAsp.cs:86:21:86:50 | $"..." | This log entry depends on a $@. | LogForgingAsp.cs:82:37:82:37 | e | user-provided value | +| LogForgingAsp.cs:93:21:93:61 | $"..." | LogForgingAsp.cs:89:47:89:48 | dt : DateTimeOffset | LogForgingAsp.cs:93:21:93:61 | $"..." | This log entry depends on a $@. | LogForgingAsp.cs:89:47:89:48 | dt | user-provided value | edges | LogForging.cs:18:16:18:23 | access to local variable username : String | LogForging.cs:21:21:21:43 | ... + ... | provenance | | | LogForging.cs:18:16:18:23 | access to local variable username : String | LogForging.cs:31:50:31:72 | ... + ... | provenance | | @@ -10,7 +12,9 @@ edges | LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:18:16:18:23 | access to local variable username : String | provenance | | | LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:18:27:18:61 | access to indexer : String | provenance | MaD:1 | | LogForging.cs:18:27:18:61 | access to indexer : String | LogForging.cs:18:16:18:23 | access to local variable username : String | provenance | | -| LogForgingAsp.cs:8:32:8:39 | username : String | LogForgingAsp.cs:12:21:12:43 | ... + ... | provenance | | +| LogForgingAsp.cs:13:32:13:39 | username : String | LogForgingAsp.cs:17:21:17:43 | ... + ... | provenance | | +| LogForgingAsp.cs:82:37:82:37 | e : TestEnum | LogForgingAsp.cs:86:21:86:50 | $"..." | provenance | | +| LogForgingAsp.cs:89:47:89:48 | dt : DateTimeOffset | LogForgingAsp.cs:93:21:93:61 | $"..." | provenance | | models | 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | nodes @@ -20,6 +24,15 @@ nodes | LogForging.cs:21:21:21:43 | ... + ... | semmle.label | ... + ... | | LogForging.cs:31:50:31:72 | ... + ... | semmle.label | ... + ... | | LogForging.cs:35:26:35:33 | access to local variable username | semmle.label | access to local variable username | -| LogForgingAsp.cs:8:32:8:39 | username : String | semmle.label | username : String | -| LogForgingAsp.cs:12:21:12:43 | ... + ... | semmle.label | ... + ... | +| LogForgingAsp.cs:13:32:13:39 | username : String | semmle.label | username : String | +| LogForgingAsp.cs:17:21:17:43 | ... + ... | semmle.label | ... + ... | +| LogForgingAsp.cs:82:37:82:37 | e : TestEnum | semmle.label | e : TestEnum | +| LogForgingAsp.cs:86:21:86:50 | $"..." | semmle.label | $"..." | +| LogForgingAsp.cs:89:47:89:48 | dt : DateTimeOffset | semmle.label | dt : DateTimeOffset | +| LogForgingAsp.cs:93:21:93:61 | $"..." | semmle.label | $"..." | subpaths +testFailures +| LogForgingAsp.cs:82:37:82:37 | e : TestEnum | Unexpected result: Source | +| LogForgingAsp.cs:86:21:86:50 | $"..." | Unexpected result: Alert | +| LogForgingAsp.cs:89:47:89:48 | dt : DateTimeOffset | Unexpected result: Source | +| LogForgingAsp.cs:93:21:93:61 | $"..." | Unexpected result: Alert | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.qlref b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.qlref index a41529bfeb1..7396362dcbf 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.qlref @@ -1,2 +1,4 @@ query: Security Features/CWE-117/LogForging.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingAsp.cs b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingAsp.cs index 1bbef682496..b65b42ce969 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingAsp.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingAsp.cs @@ -10,11 +10,11 @@ public enum TestEnum public class AspController : ControllerBase { - public void Action1(string username) + public void Action1(string username) // $ Source { var logger = new ILogger(); // BAD: Logged as-is - logger.Warn(username + " logged in"); + logger.Warn(username + " logged in"); // $ Alert } public void Action1(DateTime date) @@ -89,7 +89,7 @@ public class AspController : ControllerBase public void ActionDateTime(DateTimeOffset dt) { var logger = new ILogger(); - // GOOD: DateTimeOffset is a sanitizer. [FALSEPOSITIVE] + // GOOD: DateTimeOffset is a sanitizer. [FALSE POSITIVE] logger.Warn($"Warning about the DateTimeOffset: {dt}"); } } From cf75493fe9b6f9ea21882f2c124af8a28637527b Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 2 Apr 2025 11:16:06 +0200 Subject: [PATCH 162/409] C#: Consider Enums and System.DateTimeOffset as having a sanitizing effect. --- csharp/ql/lib/semmle/code/csharp/frameworks/System.qll | 5 +++++ csharp/ql/lib/semmle/code/csharp/security/Sanitizers.qll | 5 +++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/System.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/System.qll index 56e063b1b5e..678563589e8 100644 --- a/csharp/ql/lib/semmle/code/csharp/frameworks/System.qll +++ b/csharp/ql/lib/semmle/code/csharp/frameworks/System.qll @@ -756,6 +756,11 @@ class SystemDateTimeStruct extends SystemStruct { SystemDateTimeStruct() { this.hasName("DateTime") } } +/** The `System.DateTimeOffset` struct. */ +class SystemDateTimeOffsetStruct extends SystemStruct { + SystemDateTimeOffsetStruct() { this.hasName("DateTimeOffset") } +} + /** The `System.Span` struct. */ class SystemSpanStruct extends SystemUnboundGenericStruct { SystemSpanStruct() { diff --git a/csharp/ql/lib/semmle/code/csharp/security/Sanitizers.qll b/csharp/ql/lib/semmle/code/csharp/security/Sanitizers.qll index 08874cb533e..db4b3c6da18 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/Sanitizers.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/Sanitizers.qll @@ -57,8 +57,9 @@ class SimpleTypeSanitizedExpr extends DataFlow::ExprNode { SimpleTypeSanitizedExpr() { exists(Type t | t = this.getType() or t = this.getType().(NullableType).getUnderlyingType() | t instanceof SimpleType or - t instanceof SystemDateTimeStruct - // or t instanceof Enum + t instanceof SystemDateTimeStruct or + t instanceof SystemDateTimeOffsetStruct or + t instanceof Enum ) } } From d7f5ce249297b16dd9d7ffb9e3972116f6c0f12d Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 2 Apr 2025 11:19:37 +0200 Subject: [PATCH 163/409] C#: Update log forging expected test output. --- .../Security Features/CWE-117/LogForging.expected | 13 ------------- .../Security Features/CWE-117/LogForgingAsp.cs | 4 ++-- 2 files changed, 2 insertions(+), 15 deletions(-) diff --git a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.expected b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.expected index d7177aaf0de..1820eaa07d9 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.expected @@ -3,8 +3,6 @@ | LogForging.cs:31:50:31:72 | ... + ... | LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:31:50:31:72 | ... + ... | This log entry depends on a $@. | LogForging.cs:18:27:18:49 | access to property QueryString | user-provided value | | LogForging.cs:35:26:35:33 | access to local variable username | LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:35:26:35:33 | access to local variable username | This log entry depends on a $@. | LogForging.cs:18:27:18:49 | access to property QueryString | user-provided value | | LogForgingAsp.cs:17:21:17:43 | ... + ... | LogForgingAsp.cs:13:32:13:39 | username : String | LogForgingAsp.cs:17:21:17:43 | ... + ... | This log entry depends on a $@. | LogForgingAsp.cs:13:32:13:39 | username | user-provided value | -| LogForgingAsp.cs:86:21:86:50 | $"..." | LogForgingAsp.cs:82:37:82:37 | e : TestEnum | LogForgingAsp.cs:86:21:86:50 | $"..." | This log entry depends on a $@. | LogForgingAsp.cs:82:37:82:37 | e | user-provided value | -| LogForgingAsp.cs:93:21:93:61 | $"..." | LogForgingAsp.cs:89:47:89:48 | dt : DateTimeOffset | LogForgingAsp.cs:93:21:93:61 | $"..." | This log entry depends on a $@. | LogForgingAsp.cs:89:47:89:48 | dt | user-provided value | edges | LogForging.cs:18:16:18:23 | access to local variable username : String | LogForging.cs:21:21:21:43 | ... + ... | provenance | | | LogForging.cs:18:16:18:23 | access to local variable username : String | LogForging.cs:31:50:31:72 | ... + ... | provenance | | @@ -13,8 +11,6 @@ edges | LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:18:27:18:61 | access to indexer : String | provenance | MaD:1 | | LogForging.cs:18:27:18:61 | access to indexer : String | LogForging.cs:18:16:18:23 | access to local variable username : String | provenance | | | LogForgingAsp.cs:13:32:13:39 | username : String | LogForgingAsp.cs:17:21:17:43 | ... + ... | provenance | | -| LogForgingAsp.cs:82:37:82:37 | e : TestEnum | LogForgingAsp.cs:86:21:86:50 | $"..." | provenance | | -| LogForgingAsp.cs:89:47:89:48 | dt : DateTimeOffset | LogForgingAsp.cs:93:21:93:61 | $"..." | provenance | | models | 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | nodes @@ -26,13 +22,4 @@ nodes | LogForging.cs:35:26:35:33 | access to local variable username | semmle.label | access to local variable username | | LogForgingAsp.cs:13:32:13:39 | username : String | semmle.label | username : String | | LogForgingAsp.cs:17:21:17:43 | ... + ... | semmle.label | ... + ... | -| LogForgingAsp.cs:82:37:82:37 | e : TestEnum | semmle.label | e : TestEnum | -| LogForgingAsp.cs:86:21:86:50 | $"..." | semmle.label | $"..." | -| LogForgingAsp.cs:89:47:89:48 | dt : DateTimeOffset | semmle.label | dt : DateTimeOffset | -| LogForgingAsp.cs:93:21:93:61 | $"..." | semmle.label | $"..." | subpaths -testFailures -| LogForgingAsp.cs:82:37:82:37 | e : TestEnum | Unexpected result: Source | -| LogForgingAsp.cs:86:21:86:50 | $"..." | Unexpected result: Alert | -| LogForgingAsp.cs:89:47:89:48 | dt : DateTimeOffset | Unexpected result: Source | -| LogForgingAsp.cs:93:21:93:61 | $"..." | Unexpected result: Alert | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingAsp.cs b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingAsp.cs index b65b42ce969..64f0e34e569 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingAsp.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingAsp.cs @@ -82,14 +82,14 @@ public class AspController : ControllerBase public void ActionEnum(TestEnum e) { var logger = new ILogger(); - // GOOD: Enum is a sanitizer. [FALSE POSITIVE] + // GOOD: Enum is a sanitizer. logger.Warn($"Warning about the enum: {e}"); } public void ActionDateTime(DateTimeOffset dt) { var logger = new ILogger(); - // GOOD: DateTimeOffset is a sanitizer. [FALSE POSITIVE] + // GOOD: DateTimeOffset is a sanitizer. logger.Warn($"Warning about the DateTimeOffset: {dt}"); } } From 22c943657aae161afbbe79fa5fbb96306bac4c55 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 2 Apr 2025 09:38:15 +0200 Subject: [PATCH 164/409] C#: Update change note. --- .../ql/src/change-notes/2024-09-18-csharp-log-forging-enum.md | 4 ---- csharp/ql/src/change-notes/2025-04-02-simple-type-enum.md | 4 ++++ 2 files changed, 4 insertions(+), 4 deletions(-) delete mode 100644 csharp/ql/src/change-notes/2024-09-18-csharp-log-forging-enum.md create mode 100644 csharp/ql/src/change-notes/2025-04-02-simple-type-enum.md diff --git a/csharp/ql/src/change-notes/2024-09-18-csharp-log-forging-enum.md b/csharp/ql/src/change-notes/2024-09-18-csharp-log-forging-enum.md deleted file mode 100644 index 5c0dc208ac8..00000000000 --- a/csharp/ql/src/change-notes/2024-09-18-csharp-log-forging-enum.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: fix ---- -* Enhanced LogForgingQuery to treat C# Enums as simple types. \ No newline at end of file diff --git a/csharp/ql/src/change-notes/2025-04-02-simple-type-enum.md b/csharp/ql/src/change-notes/2025-04-02-simple-type-enum.md new file mode 100644 index 00000000000..ac93bd31b3e --- /dev/null +++ b/csharp/ql/src/change-notes/2025-04-02-simple-type-enum.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Enums and `System.DateTimeOffset` are now treated as *simple* types, which means that they are considered to have a sanitizing effect. This impacts many queries, among others the `cs/log-forging` query. From c737ee9b529f33c9c3ba1c2da5f351cbcbf1b85b Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 2 Apr 2025 10:58:47 +0100 Subject: [PATCH 165/409] Rust: Accept another consistency check failure. --- .../security/CWE-696/CONSISTENCY/DataFlowConsistency.expected | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 rust/ql/test/query-tests/security/CWE-696/CONSISTENCY/DataFlowConsistency.expected diff --git a/rust/ql/test/query-tests/security/CWE-696/CONSISTENCY/DataFlowConsistency.expected b/rust/ql/test/query-tests/security/CWE-696/CONSISTENCY/DataFlowConsistency.expected new file mode 100644 index 00000000000..ad26ad761aa --- /dev/null +++ b/rust/ql/test/query-tests/security/CWE-696/CONSISTENCY/DataFlowConsistency.expected @@ -0,0 +1,2 @@ +postWithInFlow +| test.rs:118:17:118:19 | [post] ptr | PostUpdateNode should not be the target of local flow. | From 8663f3b8b2db90f6c804b023173e47df1b0ca60a Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Wed, 2 Apr 2025 12:32:28 +0200 Subject: [PATCH 166/409] Rust: Add another disjunct to `postWithInFlowExclude` --- .../lib/codeql/rust/dataflow/internal/DataFlowConsistency.qll | 3 +++ 1 file changed, 3 insertions(+) diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowConsistency.qll b/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowConsistency.qll index c95056a7dba..f8e24c4c34a 100644 --- a/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowConsistency.qll +++ b/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowConsistency.qll @@ -1,6 +1,7 @@ import codeql.rust.dataflow.DataFlow::DataFlow as DataFlow private import rust private import codeql.rust.dataflow.internal.DataFlowImpl +private import codeql.rust.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl private import codeql.rust.dataflow.internal.Node as Node private import codeql.rust.dataflow.internal.TaintTrackingImpl private import codeql.dataflow.internal.DataFlowImplConsistency @@ -20,6 +21,8 @@ private module Input implements InputSig { n.(Node::PostUpdateNode).getPreUpdateNode().asExpr() = any(Node::ReceiverNode r).getReceiver() or n.(Node::PostUpdateNode).getPreUpdateNode().asExpr() = getPostUpdateReverseStep(_, _) + or + FlowSummaryImpl::Private::Steps::sourceLocalStep(_, n, _) } predicate missingLocationExclude(RustDataFlow::Node n) { not exists(n.asExpr().getLocation()) } From 14999c19dacc263ec37f0d0bad1124a6ffa33dd8 Mon Sep 17 00:00:00 2001 From: Napalys Date: Wed, 2 Apr 2025 10:21:17 +0200 Subject: [PATCH 167/409] Added test cases for `rimraf` library. --- .../Security/CWE-022/TaintedPath/rimraf.js | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/rimraf.js diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/rimraf.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/rimraf.js new file mode 100644 index 00000000000..a6f3c52068a --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/rimraf.js @@ -0,0 +1,30 @@ +const express = require('express'); +const rimraf = require('rimraf'); + +const app = express(); +app.use(express.json()); + +app.post('/rmsync', async (req, res) => { + const { path } = req.body; // $ MISSING: Source + + rimraf.sync(path); // $ MISSING: Alert + rimraf.rimrafSync(path); // $ MISSING: Alert + rimraf.native(path); // $ MISSING: Alert + await rimraf.native(path); // $ MISSING: Alert + rimraf.native.sync(path); // $ MISSING: Alert + rimraf.nativeSync(path); // $ MISSING: Alert + await rimraf.manual(path); // $ MISSING: Alert + rimraf.manual(path); // $ MISSING: Alert + rimraf.manual.sync(path); // $ MISSING: Alert + rimraf.manualSync(path); // $ MISSING: Alert + await rimraf.windows(path); // $ MISSING: Alert + rimraf.windows(path); // $ MISSING: Alert + rimraf.windows.sync(path); // $ MISSING: Alert + rimraf.windowsSync(path); // $ MISSING: Alert + rimraf.moveRemove(path); // $ MISSING: Alert + rimraf.moveRemove.sync(path); // $ MISSING: Alert + rimraf.moveRemoveSync(path); // $ MISSING: Alert + rimraf.posixSync(path); // $ MISSING: Alert + rimraf.posix(path); // $ MISSING: Alert + rimraf.posix.sync(path); // $ MISSING: Alert +}); From b16b407f892d4adaf377f84ea099ad14fa3366e5 Mon Sep 17 00:00:00 2001 From: Napalys Date: Wed, 2 Apr 2025 12:49:48 +0200 Subject: [PATCH 168/409] Add `rimraf` model and update tests for path injection vulnerabilities --- javascript/ql/lib/ext/rimraf.model.yml | 8 +++ .../CWE-022/TaintedPath/TaintedPath.expected | 67 +++++++++++++++++++ .../Security/CWE-022/TaintedPath/rimraf.js | 42 ++++++------ 3 files changed, 96 insertions(+), 21 deletions(-) create mode 100644 javascript/ql/lib/ext/rimraf.model.yml diff --git a/javascript/ql/lib/ext/rimraf.model.yml b/javascript/ql/lib/ext/rimraf.model.yml new file mode 100644 index 00000000000..8afd53e47ef --- /dev/null +++ b/javascript/ql/lib/ext/rimraf.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: codeql/javascript-all + extensible: sinkModel + data: + - ["rimraf", "Member[sync,native,manual,windows,moveRemove,posix].Argument[0]", "path-injection"] + - ["rimraf", "Member[rimrafSync,nativeSync,manualSync,windowsSync,moveRemoveSync,posixSync].Argument[0]", "path-injection"] + - ["rimraf", "Member[native,manual,windows,moveRemove,posix].Member[sync].Argument[0]", "path-injection"] diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected index 4147726065e..99be2545b8e 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected @@ -168,6 +168,26 @@ | prettier.js:11:44:11:44 | p | prettier.js:6:13:6:13 | p | prettier.js:11:44:11:44 | p | This path depends on a $@. | prettier.js:6:13:6:13 | p | user-provided value | | pupeteer.js:9:28:9:34 | tainted | pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:9:28:9:34 | tainted | This path depends on a $@. | pupeteer.js:5:28:5:53 | parseTo ... t).name | user-provided value | | pupeteer.js:13:37:13:43 | tainted | pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:13:37:13:43 | tainted | This path depends on a $@. | pupeteer.js:5:28:5:53 | parseTo ... t).name | user-provided value | +| rimraf.js:10:17:10:20 | path | rimraf.js:8:22:8:29 | req.body | rimraf.js:10:17:10:20 | path | This path depends on a $@. | rimraf.js:8:22:8:29 | req.body | user-provided value | +| rimraf.js:11:23:11:26 | path | rimraf.js:8:22:8:29 | req.body | rimraf.js:11:23:11:26 | path | This path depends on a $@. | rimraf.js:8:22:8:29 | req.body | user-provided value | +| rimraf.js:12:19:12:22 | path | rimraf.js:8:22:8:29 | req.body | rimraf.js:12:19:12:22 | path | This path depends on a $@. | rimraf.js:8:22:8:29 | req.body | user-provided value | +| rimraf.js:13:25:13:28 | path | rimraf.js:8:22:8:29 | req.body | rimraf.js:13:25:13:28 | path | This path depends on a $@. | rimraf.js:8:22:8:29 | req.body | user-provided value | +| rimraf.js:14:24:14:27 | path | rimraf.js:8:22:8:29 | req.body | rimraf.js:14:24:14:27 | path | This path depends on a $@. | rimraf.js:8:22:8:29 | req.body | user-provided value | +| rimraf.js:15:23:15:26 | path | rimraf.js:8:22:8:29 | req.body | rimraf.js:15:23:15:26 | path | This path depends on a $@. | rimraf.js:8:22:8:29 | req.body | user-provided value | +| rimraf.js:16:25:16:28 | path | rimraf.js:8:22:8:29 | req.body | rimraf.js:16:25:16:28 | path | This path depends on a $@. | rimraf.js:8:22:8:29 | req.body | user-provided value | +| rimraf.js:17:19:17:22 | path | rimraf.js:8:22:8:29 | req.body | rimraf.js:17:19:17:22 | path | This path depends on a $@. | rimraf.js:8:22:8:29 | req.body | user-provided value | +| rimraf.js:18:24:18:27 | path | rimraf.js:8:22:8:29 | req.body | rimraf.js:18:24:18:27 | path | This path depends on a $@. | rimraf.js:8:22:8:29 | req.body | user-provided value | +| rimraf.js:19:23:19:26 | path | rimraf.js:8:22:8:29 | req.body | rimraf.js:19:23:19:26 | path | This path depends on a $@. | rimraf.js:8:22:8:29 | req.body | user-provided value | +| rimraf.js:20:26:20:29 | path | rimraf.js:8:22:8:29 | req.body | rimraf.js:20:26:20:29 | path | This path depends on a $@. | rimraf.js:8:22:8:29 | req.body | user-provided value | +| rimraf.js:21:20:21:23 | path | rimraf.js:8:22:8:29 | req.body | rimraf.js:21:20:21:23 | path | This path depends on a $@. | rimraf.js:8:22:8:29 | req.body | user-provided value | +| rimraf.js:22:25:22:28 | path | rimraf.js:8:22:8:29 | req.body | rimraf.js:22:25:22:28 | path | This path depends on a $@. | rimraf.js:8:22:8:29 | req.body | user-provided value | +| rimraf.js:23:24:23:27 | path | rimraf.js:8:22:8:29 | req.body | rimraf.js:23:24:23:27 | path | This path depends on a $@. | rimraf.js:8:22:8:29 | req.body | user-provided value | +| rimraf.js:24:23:24:26 | path | rimraf.js:8:22:8:29 | req.body | rimraf.js:24:23:24:26 | path | This path depends on a $@. | rimraf.js:8:22:8:29 | req.body | user-provided value | +| rimraf.js:25:28:25:31 | path | rimraf.js:8:22:8:29 | req.body | rimraf.js:25:28:25:31 | path | This path depends on a $@. | rimraf.js:8:22:8:29 | req.body | user-provided value | +| rimraf.js:26:27:26:30 | path | rimraf.js:8:22:8:29 | req.body | rimraf.js:26:27:26:30 | path | This path depends on a $@. | rimraf.js:8:22:8:29 | req.body | user-provided value | +| rimraf.js:27:22:27:25 | path | rimraf.js:8:22:8:29 | req.body | rimraf.js:27:22:27:25 | path | This path depends on a $@. | rimraf.js:8:22:8:29 | req.body | user-provided value | +| rimraf.js:28:18:28:21 | path | rimraf.js:8:22:8:29 | req.body | rimraf.js:28:18:28:21 | path | This path depends on a $@. | rimraf.js:8:22:8:29 | req.body | user-provided value | +| rimraf.js:29:23:29:26 | path | rimraf.js:8:22:8:29 | req.body | rimraf.js:29:23:29:26 | path | This path depends on a $@. | rimraf.js:8:22:8:29 | req.body | user-provided value | | sharedlib-repro.js:22:18:22:25 | filepath | sharedlib-repro.js:13:22:13:43 | req.par ... spaceId | sharedlib-repro.js:22:18:22:25 | filepath | This path depends on a $@. | sharedlib-repro.js:13:22:13:43 | req.par ... spaceId | user-provided value | | tainted-access-paths.js:8:19:8:22 | path | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:8:19:8:22 | path | This path depends on a $@. | tainted-access-paths.js:6:24:6:30 | req.url | user-provided value | | tainted-access-paths.js:12:19:12:25 | obj.sub | tainted-access-paths.js:6:24:6:30 | req.url | tainted-access-paths.js:12:19:12:25 | obj.sub | This path depends on a $@. | tainted-access-paths.js:6:24:6:30 | req.url | user-provided value | @@ -594,6 +614,29 @@ edges | pupeteer.js:5:9:5:71 | tainted | pupeteer.js:13:37:13:43 | tainted | provenance | | | pupeteer.js:5:19:5:71 | "dir/" ... t.data" | pupeteer.js:5:9:5:71 | tainted | provenance | | | pupeteer.js:5:28:5:53 | parseTo ... t).name | pupeteer.js:5:19:5:71 | "dir/" ... t.data" | provenance | Config | +| rimraf.js:8:11:8:18 | { path } | rimraf.js:8:13:8:16 | path | provenance | Config | +| rimraf.js:8:11:8:29 | path | rimraf.js:10:17:10:20 | path | provenance | | +| rimraf.js:8:11:8:29 | path | rimraf.js:11:23:11:26 | path | provenance | | +| rimraf.js:8:11:8:29 | path | rimraf.js:12:19:12:22 | path | provenance | | +| rimraf.js:8:11:8:29 | path | rimraf.js:13:25:13:28 | path | provenance | | +| rimraf.js:8:11:8:29 | path | rimraf.js:14:24:14:27 | path | provenance | | +| rimraf.js:8:11:8:29 | path | rimraf.js:15:23:15:26 | path | provenance | | +| rimraf.js:8:11:8:29 | path | rimraf.js:16:25:16:28 | path | provenance | | +| rimraf.js:8:11:8:29 | path | rimraf.js:17:19:17:22 | path | provenance | | +| rimraf.js:8:11:8:29 | path | rimraf.js:18:24:18:27 | path | provenance | | +| rimraf.js:8:11:8:29 | path | rimraf.js:19:23:19:26 | path | provenance | | +| rimraf.js:8:11:8:29 | path | rimraf.js:20:26:20:29 | path | provenance | | +| rimraf.js:8:11:8:29 | path | rimraf.js:21:20:21:23 | path | provenance | | +| rimraf.js:8:11:8:29 | path | rimraf.js:22:25:22:28 | path | provenance | | +| rimraf.js:8:11:8:29 | path | rimraf.js:23:24:23:27 | path | provenance | | +| rimraf.js:8:11:8:29 | path | rimraf.js:24:23:24:26 | path | provenance | | +| rimraf.js:8:11:8:29 | path | rimraf.js:25:28:25:31 | path | provenance | | +| rimraf.js:8:11:8:29 | path | rimraf.js:26:27:26:30 | path | provenance | | +| rimraf.js:8:11:8:29 | path | rimraf.js:27:22:27:25 | path | provenance | | +| rimraf.js:8:11:8:29 | path | rimraf.js:28:18:28:21 | path | provenance | | +| rimraf.js:8:11:8:29 | path | rimraf.js:29:23:29:26 | path | provenance | | +| rimraf.js:8:13:8:16 | path | rimraf.js:8:11:8:29 | path | provenance | | +| rimraf.js:8:22:8:29 | req.body | rimraf.js:8:11:8:18 | { path } | provenance | | | sharedlib-repro.js:13:22:13:43 | req.par ... spaceId | sharedlib-repro.js:21:27:21:34 | filepath | provenance | | | sharedlib-repro.js:21:27:21:34 | filepath | sharedlib-repro.js:22:18:22:25 | filepath | provenance | | | tainted-access-paths.js:6:7:6:48 | path | tainted-access-paths.js:8:19:8:22 | path | provenance | | @@ -1133,6 +1176,30 @@ nodes | pupeteer.js:5:28:5:53 | parseTo ... t).name | semmle.label | parseTo ... t).name | | pupeteer.js:9:28:9:34 | tainted | semmle.label | tainted | | pupeteer.js:13:37:13:43 | tainted | semmle.label | tainted | +| rimraf.js:8:11:8:18 | { path } | semmle.label | { path } | +| rimraf.js:8:11:8:29 | path | semmle.label | path | +| rimraf.js:8:13:8:16 | path | semmle.label | path | +| rimraf.js:8:22:8:29 | req.body | semmle.label | req.body | +| rimraf.js:10:17:10:20 | path | semmle.label | path | +| rimraf.js:11:23:11:26 | path | semmle.label | path | +| rimraf.js:12:19:12:22 | path | semmle.label | path | +| rimraf.js:13:25:13:28 | path | semmle.label | path | +| rimraf.js:14:24:14:27 | path | semmle.label | path | +| rimraf.js:15:23:15:26 | path | semmle.label | path | +| rimraf.js:16:25:16:28 | path | semmle.label | path | +| rimraf.js:17:19:17:22 | path | semmle.label | path | +| rimraf.js:18:24:18:27 | path | semmle.label | path | +| rimraf.js:19:23:19:26 | path | semmle.label | path | +| rimraf.js:20:26:20:29 | path | semmle.label | path | +| rimraf.js:21:20:21:23 | path | semmle.label | path | +| rimraf.js:22:25:22:28 | path | semmle.label | path | +| rimraf.js:23:24:23:27 | path | semmle.label | path | +| rimraf.js:24:23:24:26 | path | semmle.label | path | +| rimraf.js:25:28:25:31 | path | semmle.label | path | +| rimraf.js:26:27:26:30 | path | semmle.label | path | +| rimraf.js:27:22:27:25 | path | semmle.label | path | +| rimraf.js:28:18:28:21 | path | semmle.label | path | +| rimraf.js:29:23:29:26 | path | semmle.label | path | | sharedlib-repro.js:13:22:13:43 | req.par ... spaceId | semmle.label | req.par ... spaceId | | sharedlib-repro.js:21:27:21:34 | filepath | semmle.label | filepath | | sharedlib-repro.js:22:18:22:25 | filepath | semmle.label | filepath | diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/rimraf.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/rimraf.js index a6f3c52068a..9595078cf8d 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/rimraf.js +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/rimraf.js @@ -5,26 +5,26 @@ const app = express(); app.use(express.json()); app.post('/rmsync', async (req, res) => { - const { path } = req.body; // $ MISSING: Source + const { path } = req.body; // $ Source - rimraf.sync(path); // $ MISSING: Alert - rimraf.rimrafSync(path); // $ MISSING: Alert - rimraf.native(path); // $ MISSING: Alert - await rimraf.native(path); // $ MISSING: Alert - rimraf.native.sync(path); // $ MISSING: Alert - rimraf.nativeSync(path); // $ MISSING: Alert - await rimraf.manual(path); // $ MISSING: Alert - rimraf.manual(path); // $ MISSING: Alert - rimraf.manual.sync(path); // $ MISSING: Alert - rimraf.manualSync(path); // $ MISSING: Alert - await rimraf.windows(path); // $ MISSING: Alert - rimraf.windows(path); // $ MISSING: Alert - rimraf.windows.sync(path); // $ MISSING: Alert - rimraf.windowsSync(path); // $ MISSING: Alert - rimraf.moveRemove(path); // $ MISSING: Alert - rimraf.moveRemove.sync(path); // $ MISSING: Alert - rimraf.moveRemoveSync(path); // $ MISSING: Alert - rimraf.posixSync(path); // $ MISSING: Alert - rimraf.posix(path); // $ MISSING: Alert - rimraf.posix.sync(path); // $ MISSING: Alert + rimraf.sync(path); // $ Alert + rimraf.rimrafSync(path); // $ Alert + rimraf.native(path); // $ Alert + await rimraf.native(path); // $ Alert + rimraf.native.sync(path); // $ Alert + rimraf.nativeSync(path); // $ Alert + await rimraf.manual(path); // $ Alert + rimraf.manual(path); // $ Alert + rimraf.manual.sync(path); // $ Alert + rimraf.manualSync(path); // $ Alert + await rimraf.windows(path); // $ Alert + rimraf.windows(path); // $ Alert + rimraf.windows.sync(path); // $ Alert + rimraf.windowsSync(path); // $ Alert + rimraf.moveRemove(path); // $ Alert + rimraf.moveRemove.sync(path); // $ Alert + rimraf.moveRemoveSync(path); // $ Alert + rimraf.posixSync(path); // $ Alert + rimraf.posix(path); // $ Alert + rimraf.posix.sync(path); // $ Alert }); From 390d9ffe668f3218d939788ae7ebdeb6e61c6006 Mon Sep 17 00:00:00 2001 From: Napalys Date: Wed, 2 Apr 2025 12:50:53 +0200 Subject: [PATCH 169/409] Added change note --- javascript/ql/lib/change-notes/2025-04-02-rimraf.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 javascript/ql/lib/change-notes/2025-04-02-rimraf.md diff --git a/javascript/ql/lib/change-notes/2025-04-02-rimraf.md b/javascript/ql/lib/change-notes/2025-04-02-rimraf.md new file mode 100644 index 00000000000..3d0521643d5 --- /dev/null +++ b/javascript/ql/lib/change-notes/2025-04-02-rimraf.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Added support for additional `rimraf` methods as sinks in path-injection queries. From 9fc0ee185b02fd13b0ebbeca13a85ddfd23d2257 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 2 Apr 2025 12:03:20 +0100 Subject: [PATCH 170/409] Rust: Change the query ID to rust/summary/summary-statistics-reduced. --- rust/ql/src/queries/summary/SummaryStatsLess.ql | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rust/ql/src/queries/summary/SummaryStatsLess.ql b/rust/ql/src/queries/summary/SummaryStatsLess.ql index ddcc76d16bc..75358064bba 100644 --- a/rust/ql/src/queries/summary/SummaryStatsLess.ql +++ b/rust/ql/src/queries/summary/SummaryStatsLess.ql @@ -1,9 +1,9 @@ /** - * @name Summary Statistics Less + * @name Summary Statistics Reduced * @description A table of summary statistics about a database, with data that * has been found to be noisy on tests removed. * @kind metric - * @id rust/summary/summary-statistics-less + * @id rust/summary/summary-statistics-reduced * @tags summary */ From 02245af3ca64272acb2ddf8b7588922a580705db Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 2 Apr 2025 12:11:55 +0100 Subject: [PATCH 171/409] Rust: Rename the query file. --- rust/ql/integration-tests/hello-project/summary.qlref | 2 +- rust/ql/integration-tests/hello-workspace/summary.qlref | 2 +- .../summary/{SummaryStatsLess.ql => SummaryStatsReduced.ql} | 0 rust/ql/test/query-tests/diagnostics/SummaryStatsLess.qlref | 2 +- 4 files changed, 3 insertions(+), 3 deletions(-) rename rust/ql/src/queries/summary/{SummaryStatsLess.ql => SummaryStatsReduced.ql} (100%) diff --git a/rust/ql/integration-tests/hello-project/summary.qlref b/rust/ql/integration-tests/hello-project/summary.qlref index 3d1b7ac7f1b..926fc790391 100644 --- a/rust/ql/integration-tests/hello-project/summary.qlref +++ b/rust/ql/integration-tests/hello-project/summary.qlref @@ -1 +1 @@ -queries/summary/SummaryStatsLess.ql +queries/summary/SummaryStatsReduced.ql diff --git a/rust/ql/integration-tests/hello-workspace/summary.qlref b/rust/ql/integration-tests/hello-workspace/summary.qlref index 3d1b7ac7f1b..926fc790391 100644 --- a/rust/ql/integration-tests/hello-workspace/summary.qlref +++ b/rust/ql/integration-tests/hello-workspace/summary.qlref @@ -1 +1 @@ -queries/summary/SummaryStatsLess.ql +queries/summary/SummaryStatsReduced.ql diff --git a/rust/ql/src/queries/summary/SummaryStatsLess.ql b/rust/ql/src/queries/summary/SummaryStatsReduced.ql similarity index 100% rename from rust/ql/src/queries/summary/SummaryStatsLess.ql rename to rust/ql/src/queries/summary/SummaryStatsReduced.ql diff --git a/rust/ql/test/query-tests/diagnostics/SummaryStatsLess.qlref b/rust/ql/test/query-tests/diagnostics/SummaryStatsLess.qlref index 3d1b7ac7f1b..926fc790391 100644 --- a/rust/ql/test/query-tests/diagnostics/SummaryStatsLess.qlref +++ b/rust/ql/test/query-tests/diagnostics/SummaryStatsLess.qlref @@ -1 +1 @@ -queries/summary/SummaryStatsLess.ql +queries/summary/SummaryStatsReduced.ql From fbde235253853fe0387b7947e9a9689a0b8ec7fc Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Wed, 2 Apr 2025 12:16:10 +0100 Subject: [PATCH 172/409] Rust: Rename the test as well. --- .../{SummaryStatsLess.expected => SummaryStatsReeduced.expected} | 0 .../{SummaryStatsLess.qlref => SummaryStatsReeduced.qlref} | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename rust/ql/test/query-tests/diagnostics/{SummaryStatsLess.expected => SummaryStatsReeduced.expected} (100%) rename rust/ql/test/query-tests/diagnostics/{SummaryStatsLess.qlref => SummaryStatsReeduced.qlref} (100%) diff --git a/rust/ql/test/query-tests/diagnostics/SummaryStatsLess.expected b/rust/ql/test/query-tests/diagnostics/SummaryStatsReeduced.expected similarity index 100% rename from rust/ql/test/query-tests/diagnostics/SummaryStatsLess.expected rename to rust/ql/test/query-tests/diagnostics/SummaryStatsReeduced.expected diff --git a/rust/ql/test/query-tests/diagnostics/SummaryStatsLess.qlref b/rust/ql/test/query-tests/diagnostics/SummaryStatsReeduced.qlref similarity index 100% rename from rust/ql/test/query-tests/diagnostics/SummaryStatsLess.qlref rename to rust/ql/test/query-tests/diagnostics/SummaryStatsReeduced.qlref From 9ebaac82cf4ecdeb50cb118e644b584d4837bf98 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 2 Apr 2025 13:47:18 +0200 Subject: [PATCH 173/409] JS: Add tests for Response object sink --- .../CWE-079/ReflectedXss/response-object.js | 39 +++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/response-object.js diff --git a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/response-object.js b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/response-object.js new file mode 100644 index 00000000000..7dbeb14d30d --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/response-object.js @@ -0,0 +1,39 @@ +const express = require('express'); + +// Note: We're using using express for the taint source in order to to test 'Response' +// in isolation from the more complicated http frameworks. + +express().get('/foo', (req) => { + const data = req.body; // $ MISSING: Source + + new Response(data); // $ MISSING: Alert + new Response(data, {}); // $ MISSING: Alert + new Response(data, { headers: null }); // $ MISSING: Alert + + new Response(data, { headers: { 'content-type': 'text/plain'}}); + new Response(data, { headers: { 'content-type': 'text/html'}}); // $ MISSING: Alert + + new Response(data, { headers: { 'Content-Type': 'text/plain'}}); + new Response(data, { headers: { 'Content-Type': 'text/html'}}); // $ MISSING: Alert + + const headers1 = new Headers({ 'content-type': 'text/plain'}); + new Response(data, { headers: headers1 }); + + const headers2 = new Headers({ 'content-type': 'text/html'}); + new Response(data, { headers: headers2 }); // $ MISSING: Alert + + const headers3 = new Headers(); + new Response(data, { headers: headers3 }); // $ MISSING: Alert + + const headers4 = new Headers(); + headers4.set('content-type', 'text/plain'); + new Response(data, { headers: headers4 }); + + const headers5 = new Headers(); + headers5.set('content-type', 'text/html'); + new Response(data, { headers: headers5 }); // $ MISSING: Alert + + const headers6 = new Headers(); + headers6.set('unrelated-header', 'text/plain'); + new Response(data, { headers: headers6 }); // $ MISSING: Alert +}); From 6820cbabc8ac9eefda6ab6bc7a179990cf747aba Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 2 Apr 2025 14:01:00 +0200 Subject: [PATCH 174/409] C#: Accept file sync mismatch for C# testfiles if they are identical modulo comments. --- config/sync-files.py | 35 ++++++++++++++++++++++++++++++----- 1 file changed, 30 insertions(+), 5 deletions(-) diff --git a/config/sync-files.py b/config/sync-files.py index 9645d42f1e5..66d4d017ed8 100644 --- a/config/sync-files.py +++ b/config/sync-files.py @@ -58,7 +58,19 @@ def file_checksum(filename): with open(filename, 'rb') as file_handle: return hashlib.sha1(file_handle.read()).hexdigest() -def check_group(group_name, files, master_file_picker, emit_error): +def accept_prefix(line1, line2): + suffix = line2.removeprefix(line1) + return not suffix or suffix.lstrip().startswith("//") + +def equivalent_lines(lines1, lines2): + if len(lines1) != len(lines2): + return False + for line1, line2 in zip(lines1, lines2): + if not accept_prefix(line1, line2) and not accept_prefix(line2, line1): + return False + return True + +def check_group(group_name, files, master_file_picker, emit_error, accept_prefix): extant_files = [f for f in files if path.isfile(f)] if len(extant_files) == 0: emit_error(__file__, 0, "No files found from group '" + group_name + "'.") @@ -70,11 +82,23 @@ def check_group(group_name, files, master_file_picker, emit_error): return checksums = {file_checksum(f) for f in extant_files} - - if len(checksums) == 1 and len(extant_files) == len(files): + same_lengths = len(extant_files) == len(files) + if len(checksums) == 1 and same_lengths: # All files are present and identical. return + # In this case we also consider files indentical, if + # (1) The group only containts two files. + # (2) The lines of one file are the same as the lines of another file + # modulo comments. + if accept_prefix and same_lengths and len(extant_files) == 2: + with open(extant_files[0], 'r') as f1: + file1_lines = [l.strip('\n\r') for l in f1.readlines()] + with open(extant_files[1], 'r') as f2: + file2_lines = [l.strip('\n\r') for l in f2.readlines()] + if equivalent_lines(file1_lines, file2_lines): + return + master_file = master_file_picker(extant_files) if master_file is None: emit_error(__file__, 0, @@ -139,9 +163,10 @@ def sync_identical_files(emit_error): raise Exception("Bad command line or file not found") chdir_repo_root() load_if_exists('.', 'config/identical-files.json') - file_groups.update(csharp_test_files()) + for group_name, files in csharp_test_files().items(): + check_group(group_name, files, master_file_picker, emit_error, True) for group_name, files in file_groups.items(): - check_group(group_name, files, master_file_picker, emit_error) + check_group(group_name, files, master_file_picker, emit_error, False) def main(): sync_identical_files(emit_local_error) From 30a9cd7c8a7cda2649996e680c525057adeba97e Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 2 Apr 2025 14:09:52 +0200 Subject: [PATCH 175/409] JS: Include document as a DOM value --- .../ql/test/library-tests/DOM/Customizations.expected | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/javascript/ql/test/library-tests/DOM/Customizations.expected b/javascript/ql/test/library-tests/DOM/Customizations.expected index 3fc5570c743..df15c409be2 100644 --- a/javascript/ql/test/library-tests/DOM/Customizations.expected +++ b/javascript/ql/test/library-tests/DOM/Customizations.expected @@ -7,20 +7,26 @@ test_documentRef test_locationRef | customization.js:3:3:3:14 | doc.location | test_domValueRef +| customization.js:2:13:2:31 | customGetDocument() | +| customization.js:3:3:3:14 | doc.location | | customization.js:4:3:4:20 | doc.getElementById | | customization.js:4:3:4:28 | doc.get ... 'test') | | event-handler-receiver.html:4:20:4:19 | this | +| event-handler-receiver.js:1:1:1:8 | document | | event-handler-receiver.js:1:1:1:23 | documen ... entById | | event-handler-receiver.js:1:1:1:32 | documen ... my-id') | | event-handler-receiver.js:1:44:1:43 | this | | event-handler-receiver.js:2:3:2:17 | this.parentNode | +| event-handler-receiver.js:5:1:5:8 | document | | event-handler-receiver.js:5:1:5:23 | documen ... entById | | event-handler-receiver.js:5:1:5:32 | documen ... my-id') | | event-handler-receiver.js:5:60:5:59 | this | | event-handler-receiver.js:6:3:6:17 | this.parentNode | +| nameditems.js:1:1:1:8 | document | | nameditems.js:1:1:1:23 | documen ... entById | | nameditems.js:1:1:1:30 | documen ... ('foo') | | nameditems.js:1:1:2:19 | documen ... em('x') | +| querySelectorAll.js:2:5:2:12 | document | | querySelectorAll.js:2:5:2:29 | documen ... ctorAll | | querySelectorAll.js:2:5:2:36 | documen ... ('foo') | | querySelectorAll.js:2:46:2:48 | elm | From 2c40359143e07e32c59fac49981b911429428671 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 2 Apr 2025 14:11:54 +0200 Subject: [PATCH 176/409] JS: Change note --- .../2025-04-02-name-resolution-independent-fixes.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 javascript/ql/src/change-notes/2025-04-02-name-resolution-independent-fixes.md diff --git a/javascript/ql/src/change-notes/2025-04-02-name-resolution-independent-fixes.md b/javascript/ql/src/change-notes/2025-04-02-name-resolution-independent-fixes.md new file mode 100644 index 00000000000..4773744a984 --- /dev/null +++ b/javascript/ql/src/change-notes/2025-04-02-name-resolution-independent-fixes.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Slightly improved detection of DOM element references, leading to XSS results being detected in more cases. From 10564fac4d86207c52946125ee3c700c97394194 Mon Sep 17 00:00:00 2001 From: Nicolas Will Date: Wed, 2 Apr 2025 14:20:24 +0200 Subject: [PATCH 177/409] Add @ps-codeql to CODEOWNERS for experimental cryptography MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This pull request adds @github/ps-codeql as a code owner of `**/experimental/quantum/` to support the development of post-quantum cryptography-related libraries and queries. We’ll be committing stable but experimental work to these directories as it becomes ready for public use, with a near-term goal of moving it out of experimental. To get started, we’d also need write access to `github/codeql`. cc @adityasharad @lcartey --- CODEOWNERS | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CODEOWNERS b/CODEOWNERS index e7fb27e9f86..90c3cb9af60 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -14,6 +14,9 @@ /java/ql/test-kotlin1/ @github/codeql-kotlin /java/ql/test-kotlin2/ @github/codeql-kotlin +# Experimental CodeQL cryptography +**/experimental/quantum/ @github/ps-codeql + # CodeQL tools and associated docs /docs/codeql/codeql-cli/ @github/codeql-cli-reviewers /docs/codeql/codeql-for-visual-studio-code/ @github/codeql-vscode-reviewers From 93d0f364d6c2441e867279c5c36566756e116e0a Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 2 Apr 2025 15:00:05 +0200 Subject: [PATCH 178/409] C#: Add ConstantConditionBad file. --- .../Control-Flow/ConstantCondition/ConstantConditionBad.cs | 7 +++++++ .../Control-Flow/ConstantCondition/ConstantIfCondition.cs | 5 ----- 2 files changed, 7 insertions(+), 5 deletions(-) create mode 100644 csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantConditionBad.cs diff --git a/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantConditionBad.cs b/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantConditionBad.cs new file mode 100644 index 00000000000..66af12c057a --- /dev/null +++ b/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantConditionBad.cs @@ -0,0 +1,7 @@ +class Bad +{ + public int Max(int a, int b) + { + return a > a ? a : b; // $ Alert + } +} diff --git a/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantIfCondition.cs b/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantIfCondition.cs index 146dbcf5661..04c91cc222d 100644 --- a/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantIfCondition.cs +++ b/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantIfCondition.cs @@ -25,11 +25,6 @@ namespace ConstantIfCondition } } - public int Max(int a, int b) - { - return a > a ? a : b; // $ Alert - } - public int Bar() { return ZERO; From 88b061e27ee45584e31d2c2c9c9c15c1c275f909 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 27 Mar 2025 16:24:41 +0000 Subject: [PATCH 179/409] Add change note --- .../change-notes/2025-03-27-database-local-source-models.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 go/ql/lib/change-notes/2025-03-27-database-local-source-models.md diff --git a/go/ql/lib/change-notes/2025-03-27-database-local-source-models.md b/go/ql/lib/change-notes/2025-03-27-database-local-source-models.md new file mode 100644 index 00000000000..95f08d00b9c --- /dev/null +++ b/go/ql/lib/change-notes/2025-03-27-database-local-source-models.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Local source models for APIs reading from databases have been added for `github.com/gogf/gf/database/gdb` and `github.com/uptrace/bun`. From 89e853b4bec561e272e2b2cb6fdfd6eafd568c9f Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 27 Mar 2025 22:09:55 +0000 Subject: [PATCH 180/409] Don't use non-existent dependency This makes some go tooling, like `go mod tidy`, not work. --- .../go/dataflow/flowsources/local/database/go.mod | 1 - .../flowsources/local/database/source.ext.yml | 2 +- .../flowsources/local/database/test.ext.yml | 2 +- .../local/database/test_Masterminds_squirrel.go | 13 ++++++++----- .../vendor/github.com/nonexistent/sources/stub.go | 5 ----- .../flowsources/local/database/vendor/modules.txt | 3 --- 6 files changed, 10 insertions(+), 16 deletions(-) delete mode 100644 go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/nonexistent/sources/stub.go diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/go.mod b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/go.mod index 560bcd759c3..66d6a2e6ed8 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/go.mod +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/go.mod @@ -12,7 +12,6 @@ require ( github.com/rqlite/gorqlite v0.0.0-20250128004930-114c7828b55a go.mongodb.org/mongo-driver v1.17.3 gorm.io/gorm v1.25.12 - github.com/nonexistent/sources v0.0.0-20250300000000-000000000000 ) require ( diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/source.ext.yml b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/source.ext.yml index 5e7e11e1b31..476c0cf7212 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/source.ext.yml +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/source.ext.yml @@ -8,4 +8,4 @@ extensions: pack: codeql/go-all extensible: sourceModel data: - - ["github.com/nonexistent/sources", "", False, "Source", "", "", "ReturnValue", "database", "manual"] \ No newline at end of file + - ["test", "", False, "Source", "", "", "ReturnValue", "database", "manual"] diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test.ext.yml b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test.ext.yml index 45623fd20ad..8e91b5dfb48 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test.ext.yml +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test.ext.yml @@ -10,4 +10,4 @@ extensions: pack: codeql/go-all extensible: sourceModel data: - - ["github.com/nonexistent/sources", "", False, "Source", "", "", "ReturnValue", "database", "manual"] \ No newline at end of file + - ["test", "", False, "Source", "", "", "ReturnValue", "database", "manual"] diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_Masterminds_squirrel.go b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_Masterminds_squirrel.go index cc1418e884c..6a5a57df289 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_Masterminds_squirrel.go +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_Masterminds_squirrel.go @@ -6,9 +6,12 @@ import ( "context" "github.com/Masterminds/squirrel" - src "github.com/nonexistent/sources" ) +func Source[T any]() T { + return *new(T) +} + func test_Masterminds_squirrel_QueryRower(ctx context.Context, db squirrel.QueryRower, sqlizer squirrel.Sqlizer) { scanner := db.QueryRow("") // $ source @@ -136,7 +139,7 @@ func test_Masterminds_squirrel_DeleteBuilder(ctx context.Context, builder squirr sink(r32) // $ hasTaintFlow="r32" sink(r33) // $ hasTaintFlow="r33" - builder2 := src.Source[squirrel.DeleteBuilder]() // $ source + builder2 := Source[squirrel.DeleteBuilder]() // $ source var r41, r42, r43 string builder2.ScanContext(ctx, &r41, &r42, &r43) @@ -177,7 +180,7 @@ func test_Masterminds_squirrel_InsertBuilder(ctx context.Context, builder squirr sink(r42) // $ hasTaintFlow="r42" sink(r43) // $ hasTaintFlow="r43" - builder2 := src.Source[squirrel.InsertBuilder]() // $ source + builder2 := Source[squirrel.InsertBuilder]() // $ source var r51, r52, r53 string builder2.Scan(&r51, &r52, &r53) @@ -225,7 +228,7 @@ func test_Masterminds_squirrel_SelectBuilder(ctx context.Context, builder squirr sink(r42) // $ hasTaintFlow="r42" sink(r43) // $ hasTaintFlow="r43" - builder2 := src.Source[squirrel.SelectBuilder]() // $ source + builder2 := Source[squirrel.SelectBuilder]() // $ source var r51, r52, r53 string builder2.Scan(&r51, &r52, &r53) @@ -273,7 +276,7 @@ func test_Masterminds_squirrel_UpdateBuilder(ctx context.Context, builder squirr sink(r42) // $ hasTaintFlow="r42" sink(r43) // $ hasTaintFlow="r43" - builder2 := src.Source[squirrel.UpdateBuilder]() // $ source + builder2 := Source[squirrel.UpdateBuilder]() // $ source var r51, r52, r53 string builder2.Scan(&r51, &r52, &r53) diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/nonexistent/sources/stub.go b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/nonexistent/sources/stub.go deleted file mode 100644 index afc57a3900d..00000000000 --- a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/nonexistent/sources/stub.go +++ /dev/null @@ -1,5 +0,0 @@ -package sources - -func Source[T any]() T { - return *new(T) -} diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/modules.txt index 01fbca5130d..bba2801e9c3 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/modules.txt +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/modules.txt @@ -25,9 +25,6 @@ go.mongodb.org/mongo-driver/mongo # gorm.io/gorm v1.25.12 ## explicit gorm.io/gorm -# github.com/nonexistent/sources v0.0.0-20250300000000-000000000000 -## explicit -github.com/nonexistent/sources # github.com/couchbase/gocbcore/v10 v10.5.4 ## explicit github.com/couchbase/gocbcore/v10 From c54f0d82e2b072d8d7f0833a0ecf998565901b57 Mon Sep 17 00:00:00 2001 From: Ed Minnix Date: Wed, 23 Oct 2024 13:02:30 -0400 Subject: [PATCH 181/409] [bun] Model github.com/uptrace/bun --- .../lib/ext/github.com.uptrace.bun.model.yml | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/go/ql/lib/ext/github.com.uptrace.bun.model.yml b/go/ql/lib/ext/github.com.uptrace.bun.model.yml index a08adb07973..6d56db78320 100644 --- a/go/ql/lib/ext/github.com.uptrace.bun.model.yml +++ b/go/ql/lib/ext/github.com.uptrace.bun.model.yml @@ -1,4 +1,26 @@ extensions: + - addsTo: + pack: codeql/go-all + extensible: sourceModel + data: + - ["github.com/uptrace/bun", "AddColumnQuery", True, "Model", "", "", "Argument[0]", "database", "manual"] + - ["github.com/uptrace/bun", "CreateIndexQuery", True, "Model", "", "", "Argument[0]", "database", "manual"] + - ["github.com/uptrace/bun", "CreateTableQuery", True, "Model", "", "", "Argument[0]", "database", "manual"] + - ["github.com/uptrace/bun", "DeleteQuery", True, "Model", "", "", "Argument[0]", "database", "manual"] + - ["github.com/uptrace/bun", "DropIndexQuery", True, "Model", "", "", "Argument[0]", "database", "manual"] + - ["github.com/uptrace/bun", "DropTableQuery", True, "Model", "", "", "Argument[0]", "database", "manual"] + - ["github.com/uptrace/bun", "InsertQuery", True, "Model", "", "", "Argument[0]", "database", "manual"] + - ["github.com/uptrace/bun", "MergeQuery", True, "Model", "", "", "Argument[0]", "database", "manual"] + - ["github.com/uptrace/bun", "SelectQuery", True, "Model", "", "", "Argument[0]", "database", "manual"] + - ["github.com/uptrace/bun", "TruncateQuery", True, "Model", "", "", "Argument[0]", "database", "manual"] + - ["github.com/uptrace/bun", "UpdateQuery", True, "Model", "", "", "Argument[0]", "database", "manual"] + - ["github.com/uptrace/bun", "DeleteQuery", True, "Scan", "", "", "Argument[0]", "database", "manual"] + - ["github.com/uptrace/bun", "InsertQuery", True, "Scan", "", "", "Argument[0]", "database", "manual"] + - ["github.com/uptrace/bun", "MergeQuery", True, "Scan", "", "", "Argument[0]", "database", "manual"] + - ["github.com/uptrace/bun", "RawQuery", True, "Scan", "", "", "Argument[0]", "database", "manual"] + - ["github.com/uptrace/bun", "SelectQuery", True, "Scan", "", "", "Argument[0]", "database", "manual"] + - ["github.com/uptrace/bun", "TruncateQuery", True, "Scan", "", "", "Argument[0]", "database", "manual"] + - ["github.com/uptrace/bun", "UpdateQuery", True, "Scan", "", "", "Argument[0]", "database", "manual"] - addsTo: pack: codeql/go-all extensible: sinkModel From db65a6ff850cc2554ca8aa7802ec545126eec540 Mon Sep 17 00:00:00 2001 From: Ed Minnix Date: Tue, 22 Oct 2024 22:15:03 -0400 Subject: [PATCH 182/409] [gogf] Model github.com/gogf/gf/database/gdb Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com> --- .../github.com.gogf.gf.database.gdb.model.yml | 51 +++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/go/ql/lib/ext/github.com.gogf.gf.database.gdb.model.yml b/go/ql/lib/ext/github.com.gogf.gf.database.gdb.model.yml index 030656c6eb8..a667507009c 100644 --- a/go/ql/lib/ext/github.com.gogf.gf.database.gdb.model.yml +++ b/go/ql/lib/ext/github.com.gogf.gf.database.gdb.model.yml @@ -55,3 +55,54 @@ extensions: - ["github.com/gogf/gf/database/gdb", "Tx", True, "Prepare", "", "", "Argument[0]", "sql-injection", "manual"] - ["github.com/gogf/gf/database/gdb", "Tx", True, "Query", "", "", "Argument[0]", "sql-injection", "manual"] - ["github.com/gogf/gf/database/gdb", "Tx", True, "Raw", "", "", "Argument[0]", "sql-injection", "manual"] + - addsTo: + pack: codeql/go-all + extensible: sourceModel + data: + # These models are for v1. Some of them hold for v2, but we should model v2 properly. + - ["github.com/gogf/gf/database/gdb", "DB", True, "DoExec", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "DB", True, "DoGetAll", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "DB", True, "DoQuery", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "DB", True, "GetAll", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "DB", True, "GetOne", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "DB", True, "GetValue", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "DB", True, "Query", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "DB", True, "Raw", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "DB", True, "GetScan", "", "", "Argument[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "DB", True, "GetStruct", "", "", "Argument[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "DB", True, "GetStructs", "", "", "Argument[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "Model", True, "Raw", "", "", "ReturnValue[0]", "database", "manual"] + - addsTo: + pack: codeql/go-all + extensible: summaryModel + data: + - ["github.com/gogf/gf/database/gdb", "Model", True, "All", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Model", True, "Array", "", "", "Argument[receiver]", "ReturnValue[0].ArrayElement", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Model", True, "FindAll", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Model", True, "FindArray", "", "", "Argument[receiver]", "ReturnValue[0].ArrayElement", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Model", True, "FindOne", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Model", True, "FindValue", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Model", True, "FindScan", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Model", True, "One", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Record", True, "GMap", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Record", True, "Interface", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Record", True, "Json", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Record", True, "Map", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Record", True, "Struct", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Record", True, "Xml", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Result", True, "Array", "", "", "Argument[receiver]", "ReturnValue.ArrayElement", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Result", True, "Chunk", "", "", "Argument[receiver]", "ReturnValue.ArrayElement", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Result", True, "Interface", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Result", True, "Json", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Result", True, "List", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Result", True, "MapKeyInt", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Result", True, "MapKeyStr", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Result", True, "MapKeyUint", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Result", True, "MapKeyValue", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Result", True, "RecordKeyInt", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Result", True, "RecordKeyStr", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Result", True, "RecordKeyUint", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Result", True, "RecordKeyValue", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Result", True, "ScanList", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Result", True, "Structs", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Result", True, "Xml", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] From 9cf411712087098c042eec359192257e74c31631 Mon Sep 17 00:00:00 2001 From: Ed Minnix Date: Wed, 8 Jan 2025 14:43:26 -0500 Subject: [PATCH 183/409] Add tests for gogf/gf/database/gdb --- .../local/database/test_gogf_gf_database_gdb.go | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_gogf_gf_database_gdb.go diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_gogf_gf_database_gdb.go b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_gogf_gf_database_gdb.go new file mode 100644 index 00000000000..e13266529e9 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_gogf_gf_database_gdb.go @@ -0,0 +1,17 @@ +package test + +import ( + "fmt" + + "github.com/gogf/gf/database/gdb" +) + +func gogf(g gdb.DB) { + u1, err := g.GetOne("SELECT user from users") // $source + + if err != nil { + return + } + + fmt.Println(u1) +} From ddb7da4c13d4503fbe6d17e0b0aaa5eacb508e17 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Fri, 28 Mar 2025 09:03:35 +0000 Subject: [PATCH 184/409] Add gogf models and tests --- .../github.com.gogf.gf.database.gdb.model.yml | 52 ++-- .../database/test_gogf_gf_database_gdb.go | 241 +++++++++++++++++- 2 files changed, 270 insertions(+), 23 deletions(-) diff --git a/go/ql/lib/ext/github.com.gogf.gf.database.gdb.model.yml b/go/ql/lib/ext/github.com.gogf.gf.database.gdb.model.yml index a667507009c..fbca149dd7a 100644 --- a/go/ql/lib/ext/github.com.gogf.gf.database.gdb.model.yml +++ b/go/ql/lib/ext/github.com.gogf.gf.database.gdb.model.yml @@ -60,36 +60,59 @@ extensions: extensible: sourceModel data: # These models are for v1. Some of them hold for v2, but we should model v2 properly. - - ["github.com/gogf/gf/database/gdb", "DB", True, "DoExec", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "Core", True, "DoGetAll", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "Core", True, "DoQuery", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "Core", True, "GetAll", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "Core", True, "GetArray", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "Core", True, "GetOne", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "Core", True, "GetScan", "", "", "Argument[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "Core", True, "GetStruct", "", "", "Argument[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "Core", True, "GetStructs", "", "", "Argument[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "Core", True, "GetValue", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "Core", True, "Query", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "DB", True, "DoGetAll", "", "", "ReturnValue[0]", "database", "manual"] - ["github.com/gogf/gf/database/gdb", "DB", True, "DoQuery", "", "", "ReturnValue[0]", "database", "manual"] - ["github.com/gogf/gf/database/gdb", "DB", True, "GetAll", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "DB", True, "GetArray", "", "", "ReturnValue[0]", "database", "manual"] - ["github.com/gogf/gf/database/gdb", "DB", True, "GetOne", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "DB", True, "GetScan", "", "", "Argument[0]", "database", "manual"] - ["github.com/gogf/gf/database/gdb", "DB", True, "GetValue", "", "", "ReturnValue[0]", "database", "manual"] - ["github.com/gogf/gf/database/gdb", "DB", True, "Query", "", "", "ReturnValue[0]", "database", "manual"] - - ["github.com/gogf/gf/database/gdb", "DB", True, "Raw", "", "", "ReturnValue[0]", "database", "manual"] - - ["github.com/gogf/gf/database/gdb", "DB", True, "GetScan", "", "", "Argument[0]", "database", "manual"] - - ["github.com/gogf/gf/database/gdb", "DB", True, "GetStruct", "", "", "Argument[0]", "database", "manual"] - - ["github.com/gogf/gf/database/gdb", "DB", True, "GetStructs", "", "", "Argument[0]", "database", "manual"] - - ["github.com/gogf/gf/database/gdb", "Model", True, "Raw", "", "", "ReturnValue[0]", "database", "manual"] + + - ["github.com/gogf/gf/database/gdb", "Model", True, "All", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "Model", True, "Array", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "Model", True, "FindAll", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "Model", True, "FindArray", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "Model", True, "FindOne", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "Model", True, "FindScan", "", "", "Argument[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "Model", True, "FindValue", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "Model", True, "One", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "Model", True, "Scan", "", "", "Argument[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "Model", True, "ScanList", "", "", "Argument[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "Model", True, "Select", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "Model", True, "Struct", "", "", "Argument[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "Model", True, "Structs", "", "", "Argument[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "Model", True, "Value", "", "", "ReturnValue[0]", "database", "manual"] + + - ["github.com/gogf/gf/database/gdb", "TX", True, "GetAll", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "TX", True, "GetOne", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "TX", True, "GetScan", "", "", "Argument[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "TX", True, "GetStruct", "", "", "Argument[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "TX", True, "GetStructs", "", "", "Argument[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "TX", True, "GetValue", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/gogf/gf/database/gdb", "TX", True, "Query", "", "", "ReturnValue[0]", "database", "manual"] - addsTo: pack: codeql/go-all extensible: summaryModel data: - - ["github.com/gogf/gf/database/gdb", "Model", True, "All", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"] - - ["github.com/gogf/gf/database/gdb", "Model", True, "Array", "", "", "Argument[receiver]", "ReturnValue[0].ArrayElement", "taint", "manual"] - - ["github.com/gogf/gf/database/gdb", "Model", True, "FindAll", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"] - - ["github.com/gogf/gf/database/gdb", "Model", True, "FindArray", "", "", "Argument[receiver]", "ReturnValue[0].ArrayElement", "taint", "manual"] - - ["github.com/gogf/gf/database/gdb", "Model", True, "FindOne", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"] - - ["github.com/gogf/gf/database/gdb", "Model", True, "FindValue", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"] - - ["github.com/gogf/gf/database/gdb", "Model", True, "FindScan", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"] - - ["github.com/gogf/gf/database/gdb", "Model", True, "One", "", "", "Argument[receiver]", "ReturnValue[0]", "taint", "manual"] - ["github.com/gogf/gf/database/gdb", "Record", True, "GMap", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] - ["github.com/gogf/gf/database/gdb", "Record", True, "Interface", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] - ["github.com/gogf/gf/database/gdb", "Record", True, "Json", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] - ["github.com/gogf/gf/database/gdb", "Record", True, "Map", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] - ["github.com/gogf/gf/database/gdb", "Record", True, "Struct", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"] - ["github.com/gogf/gf/database/gdb", "Record", True, "Xml", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] + - ["github.com/gogf/gf/database/gdb", "Result", True, "Array", "", "", "Argument[receiver]", "ReturnValue.ArrayElement", "taint", "manual"] - ["github.com/gogf/gf/database/gdb", "Result", True, "Chunk", "", "", "Argument[receiver]", "ReturnValue.ArrayElement", "taint", "manual"] - ["github.com/gogf/gf/database/gdb", "Result", True, "Interface", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] @@ -102,7 +125,6 @@ extensions: - ["github.com/gogf/gf/database/gdb", "Result", True, "RecordKeyInt", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] - ["github.com/gogf/gf/database/gdb", "Result", True, "RecordKeyStr", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] - ["github.com/gogf/gf/database/gdb", "Result", True, "RecordKeyUint", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] - - ["github.com/gogf/gf/database/gdb", "Result", True, "RecordKeyValue", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] - ["github.com/gogf/gf/database/gdb", "Result", True, "ScanList", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"] - ["github.com/gogf/gf/database/gdb", "Result", True, "Structs", "", "", "Argument[receiver]", "Argument[0]", "taint", "manual"] - ["github.com/gogf/gf/database/gdb", "Result", True, "Xml", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"] diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_gogf_gf_database_gdb.go b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_gogf_gf_database_gdb.go index e13266529e9..436c9dab677 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_gogf_gf_database_gdb.go +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_gogf_gf_database_gdb.go @@ -1,17 +1,242 @@ package test -import ( - "fmt" +//go:generate depstubber -vendor github.com/gogf/gf/database/gdb Core,DB,Model,TX,Record,Result +import ( "github.com/gogf/gf/database/gdb" ) -func gogf(g gdb.DB) { - u1, err := g.GetOne("SELECT user from users") // $source +func gogf_Core(g gdb.Core) { + v1, _ := g.DoGetAll(nil, nil, "SELECT user from users") // $ source + sink(v1) // $ hasTaintFlow="v1" - if err != nil { - return - } + v2, _ := g.DoQuery(nil, nil, "SELECT user from users") // $ source + sink(v2) // $ hasTaintFlow="v2" - fmt.Println(u1) + v3, _ := g.GetAll("SELECT user from users") // $ source + sink(v3) // $ hasTaintFlow="v3" + + v4, _ := g.GetArray("SELECT user from users") // $ source + sink(v4) // $ hasTaintFlow="v4" + + v5, _ := g.GetOne("SELECT user from users") // $ source + sink(v5) // $ hasTaintFlow="v5" + + var v6 User + g.GetScan(&v6, "SELECT user from users") // $ source + sink(v6) // $ hasTaintFlow="v6" + + var v7 User + g.GetStruct(&v7, "SELECT user from users") // $ source + sink(v7) // $ hasTaintFlow="v7" + + var v8 []User // $ source + g.GetStructs(v8, "SELECT user from users") + sink(v8) // $ hasTaintFlow="v8" + + v9, _ := g.GetValue("SELECT user from users") // $ source + sink(v9) // $ hasTaintFlow="v9" + + v10, _ := g.Query("SELECT user from users") // $ source + sink(v10) // $ hasTaintFlow="v10" +} + +func gogf_DB(g gdb.DB) { + v1, _ := g.DoGetAll(nil, nil, "SELECT user from users") // $ source + sink(v1) // $ hasTaintFlow="v1" + + v2, _ := g.DoQuery(nil, nil, "SELECT user from users") // $ source + sink(v2) // $ hasTaintFlow="v2" + + v3, _ := g.GetAll("SELECT user from users") // $ source + sink(v3) // $ hasTaintFlow="v3" + + v4, _ := g.GetArray("SELECT user from users") // $ source + sink(v4) // $ hasTaintFlow="v4" + + v5, _ := g.GetOne("SELECT user from users") // $ source + sink(v5) // $ hasTaintFlow="v5" + + var v6 User + g.GetScan(&v6, "SELECT user from users") // $ source + sink(v6) // $ hasTaintFlow="v6" + + v7, _ := g.GetValue("SELECT user from users") // $ source + sink(v7) // $ hasTaintFlow="v7" + + v8, _ := g.Query("SELECT user from users") // $ source + sink(v8) // $ hasTaintFlow="v8" +} + +func gogf_Model(g gdb.Model) { + v1, _ := g.All() // $ source + sink(v1) // $ hasTaintFlow="v1" + + v2, _ := g.Array() // $ source + sink(v2) // $ hasTaintFlow="v2" + + v3, _ := g.FindAll() // $ source + sink(v3) // $ hasTaintFlow="v3" + + v4, _ := g.FindArray() // $ source + sink(v4) // $ hasTaintFlow="v4" + + v5, _ := g.FindOne() // $ source + sink(v5) // $ hasTaintFlow="v5" + + var v6 User + g.FindScan(&v6) // $ source + sink(v6) // $ hasTaintFlow="v6" + + v7, _ := g.FindValue() // $ source + sink(v7) // $ hasTaintFlow="v7" + + v8, _ := g.One() // $ source + sink(v8) // $ hasTaintFlow="v8" + + var v9 User + g.Scan(&v9) // $ source + sink(v9) // $ hasTaintFlow="v9" + + var v10 []User + g.ScanList(&v10, "") // $ source + sink(v10) // $ hasTaintFlow="v10" + + v11, _ := g.Select() // $ source + sink(v11) // $ hasTaintFlow="v11" + + var v12 User + g.Struct(&v12) // $ source + sink(v12) // $ hasTaintFlow="v12" + + var v13 []User + g.Structs(&v13, "") // $ source + sink(v13) // $ hasTaintFlow="v13" + + v14, _ := g.Value() // $ source + sink(v14) // $ hasTaintFlow="v14" +} + +func gogf_TX(g gdb.TX) { + v1, _ := g.GetAll("SELECT user from users") // $ source + sink(v1) // $ hasTaintFlow="v1" + + v2, _ := g.GetOne("SELECT user from users") // $ source + sink(v2) // $ hasTaintFlow="v2" + + var v3 User + g.GetScan(&v3, "SELECT user from users") // $ source + sink(v3) // $ hasTaintFlow="v3" + + var v4 User + g.GetStruct(&v4, "SELECT user from users") // $ source + sink(v4) // $ hasTaintFlow="v4" + + var v5 []User // $ source + g.GetStructs(v5, "SELECT user from users") + sink(v5) // $ hasTaintFlow="v5" + + v6, _ := g.GetValue("SELECT user from users") // $ source + sink(v6) // $ hasTaintFlow="v6" + + v7, _ := g.Query("SELECT user from users") // $ source + sink(v7) // $ hasTaintFlow="v7" +} + +func gogf_Record_summary(g gdb.Core) { + record1, _ := g.GetOne("SELECT summary from records") // $ source + gmap := record1.GMap() + sink(gmap) // $ hasTaintFlow="gmap" + + record2, _ := g.GetOne("SELECT summary from records") // $ source + interface_ := record2.Interface() + sink(interface_) // $ hasTaintFlow="interface_" + + record3, _ := g.GetOne("SELECT summary from records") // $ source + json := record3.Json() + sink(json) // $ hasTaintFlow="json" + + record4, _ := g.GetOne("SELECT summary from records") // $ source + map_ := record4.Map() + sink(map_) // $ hasTaintFlow="map_" + + record5, _ := g.GetOne("SELECT summary from records") // $ source + var struct_ struct{} + record5.Struct(&struct_) + sink(struct_) // $ hasTaintFlow="struct_" + + record6, _ := g.GetOne("SELECT summary from records") // $ source + xml := record6.Xml() + sink(xml) // $ hasTaintFlow="xml" + + // Note: currently missing models for methods on return type of `GMap`, + // which is `StrAnyMap` from package "github.com/gogf/gf/container/gmap". +} + +func gogf_Result_summary(g gdb.Core) { + result1, _ := g.GetAll("SELECT summary from records") // $ source + array := result1.Array() + sink(array) // $ hasTaintFlow="array" + + result2, _ := g.GetAll("SELECT summary from records") // $ source + chunk := result2.Chunk(1) + sink(chunk) // $ hasTaintFlow="chunk" + + result3, _ := g.GetAll("SELECT summary from records") // $ source + interface_ := result3.Interface() + sink(interface_) // $ hasTaintFlow="interface_" + + result4, _ := g.GetAll("SELECT summary from records") // $ source + json := result4.Json() + sink(json) // $ hasTaintFlow="json" + + result5, _ := g.GetAll("SELECT summary from records") // $ source + list := result5.List() + sink(list) // $ hasTaintFlow="list" + + result6, _ := g.GetAll("SELECT summary from records") // $ source + mapkeyint := result6.MapKeyInt("") + sink(mapkeyint) // $ hasTaintFlow="mapkeyint" + + result7, _ := g.GetAll("SELECT summary from records") // $ source + mapkeystr := result7.MapKeyStr("") + sink(mapkeystr) // $ hasTaintFlow="mapkeystr" + + result8, _ := g.GetAll("SELECT summary from records") // $ source + mapkeyuint := result8.MapKeyUint("") + sink(mapkeyuint) // $ hasTaintFlow="mapkeyuint" + + result9, _ := g.GetAll("SELECT summary from records") // $ source + mapkeyvalue := result9.MapKeyValue("") + sink(mapkeyvalue) // $ hasTaintFlow="mapkeyvalue" + + result10, _ := g.GetAll("SELECT summary from records") // $ source + recordkeyint := result10.RecordKeyInt("") + sink(recordkeyint) // $ hasTaintFlow="recordkeyint" + + result11, _ := g.GetAll("SELECT summary from records") // $ source + recordkeystr := result11.RecordKeyStr("") + sink(recordkeystr) // $ hasTaintFlow="recordkeystr" + + result12, _ := g.GetAll("SELECT summary from records") // $ source + recordkeyuint := result12.RecordKeyUint("") + sink(recordkeyuint) // $ hasTaintFlow="recordkeyuint" + + result13, _ := g.GetAll("SELECT summary from records") // $ source + var structslice1 []struct{} + result13.ScanList(&structslice1, "") + sink(structslice1) // $ hasTaintFlow="structslice1" + + result14, _ := g.GetAll("SELECT summary from records") // $ source + var structslice2 []struct{} + result14.Structs(&structslice2) + sink(structslice2) // $ hasTaintFlow="structslice2" + + result15, _ := g.GetAll("SELECT summary from records") // $ source + xml := result15.Xml() + sink(xml) // $ hasTaintFlow="xml" + + // Note: currently missing models for methods on the type `Var` from + // package "github.com/gogf/gf/container/gvar", which is involved in the + // return type of `Array` and `MapKeyValue`. } From 1687042c3be5d5a07e80c9465b0e4867cefb5ba8 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Wed, 2 Apr 2025 14:06:29 +0100 Subject: [PATCH 185/409] Add Bun models and tests --- .../lib/ext/github.com.uptrace.bun.model.yml | 35 ++++---- go/ql/lib/go.qll | 1 + go/ql/lib/semmle/go/frameworks/Bun.qll | 90 +++++++++++++++++++ .../local/database/test_uptrace_bun.go | 77 ++++++++++++++++ 4 files changed, 186 insertions(+), 17 deletions(-) create mode 100644 go/ql/lib/semmle/go/frameworks/Bun.qll create mode 100644 go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_uptrace_bun.go diff --git a/go/ql/lib/ext/github.com.uptrace.bun.model.yml b/go/ql/lib/ext/github.com.uptrace.bun.model.yml index 6d56db78320..45af9c15a44 100644 --- a/go/ql/lib/ext/github.com.uptrace.bun.model.yml +++ b/go/ql/lib/ext/github.com.uptrace.bun.model.yml @@ -3,24 +3,19 @@ extensions: pack: codeql/go-all extensible: sourceModel data: - - ["github.com/uptrace/bun", "AddColumnQuery", True, "Model", "", "", "Argument[0]", "database", "manual"] - - ["github.com/uptrace/bun", "CreateIndexQuery", True, "Model", "", "", "Argument[0]", "database", "manual"] - - ["github.com/uptrace/bun", "CreateTableQuery", True, "Model", "", "", "Argument[0]", "database", "manual"] - - ["github.com/uptrace/bun", "DeleteQuery", True, "Model", "", "", "Argument[0]", "database", "manual"] - - ["github.com/uptrace/bun", "DropIndexQuery", True, "Model", "", "", "Argument[0]", "database", "manual"] - - ["github.com/uptrace/bun", "DropTableQuery", True, "Model", "", "", "Argument[0]", "database", "manual"] - - ["github.com/uptrace/bun", "InsertQuery", True, "Model", "", "", "Argument[0]", "database", "manual"] - - ["github.com/uptrace/bun", "MergeQuery", True, "Model", "", "", "Argument[0]", "database", "manual"] + - ["github.com/uptrace/bun", "DB", True, "Query", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/uptrace/bun", "DB", True, "QueryRow", "", "", "ReturnValue", "database", "manual"] + - ["github.com/uptrace/bun", "IDB", True, "QueryContext", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/uptrace/bun", "IDB", True, "QueryRowContext", "", "", "ReturnValue", "database", "manual"] + # - ["github.com/uptrace/bun", "RawQuery", True, "Exec", "", "", "Argument[0]", "database", "manual"] # Implemented in QL because variadic arguments as sources aren't supported in this format yet + # - ["github.com/uptrace/bun", "RawQuery", True, "Scan", "", "", "Argument[0]", "database", "manual"] # Implemented in QL because variadic arguments as sources aren't supported in this format yet + # - ["github.com/uptrace/bun", "SelectQuery", True, "Exec", "", "", "Argument[0]", "database", "manual"] # Implemented in QL because variadic arguments as sources aren't supported in this format yet - ["github.com/uptrace/bun", "SelectQuery", True, "Model", "", "", "Argument[0]", "database", "manual"] - - ["github.com/uptrace/bun", "TruncateQuery", True, "Model", "", "", "Argument[0]", "database", "manual"] - - ["github.com/uptrace/bun", "UpdateQuery", True, "Model", "", "", "Argument[0]", "database", "manual"] - - ["github.com/uptrace/bun", "DeleteQuery", True, "Scan", "", "", "Argument[0]", "database", "manual"] - - ["github.com/uptrace/bun", "InsertQuery", True, "Scan", "", "", "Argument[0]", "database", "manual"] - - ["github.com/uptrace/bun", "MergeQuery", True, "Scan", "", "", "Argument[0]", "database", "manual"] - - ["github.com/uptrace/bun", "RawQuery", True, "Scan", "", "", "Argument[0]", "database", "manual"] - - ["github.com/uptrace/bun", "SelectQuery", True, "Scan", "", "", "Argument[0]", "database", "manual"] - - ["github.com/uptrace/bun", "TruncateQuery", True, "Scan", "", "", "Argument[0]", "database", "manual"] - - ["github.com/uptrace/bun", "UpdateQuery", True, "Scan", "", "", "Argument[0]", "database", "manual"] + - ["github.com/uptrace/bun", "SelectQuery", True, "Rows", "", "", "ReturnValue[0]", "database", "manual"] + # - ["github.com/uptrace/bun", "SelectQuery", True, "Scan", "", "", "Argument[1]", "database", "manual"] # Implemented in QL because variadic arguments as sources aren't supported in this format yet + # - ["github.com/uptrace/bun", "SelectQuery", True, "ScanAndCount", "", "", "Argument[1]", "database", "manual"] # Implemented in QL because variadic arguments as sources aren't supported in this format yet + - ["github.com/uptrace/bun", "Tx", True, "Query", "", "", "ReturnValue[0]", "database", "manual"] + - ["github.com/uptrace/bun", "Tx", True, "QueryRow", "", "", "ReturnValue", "database", "manual"] - addsTo: pack: codeql/go-all extensible: sinkModel @@ -88,3 +83,9 @@ extensions: - ["github.com/uptrace/bun", "UpdateQuery", True, "TableExpr", "", "", "Argument[0]", "sql-injection", "manual"] - ["github.com/uptrace/bun", "UpdateQuery", True, "Where", "", "", "Argument[0]", "sql-injection", "manual"] - ["github.com/uptrace/bun", "UpdateQuery", True, "WhereOr", "", "", "Argument[0]", "sql-injection", "manual"] + # - addsTo: + # pack: codeql/go-all + # extensible: summaryModel + # data: + # - ["github.com/uptrace/bun", "DB", True, "ScanRow", "", "", "Argument[1]", "Argument[2].ArrayElement", "taint", "manual"] # Implemented in QL because variadic arguments as outputs aren't supported in this format yet + # - ["github.com/uptrace/bun", "DB", True, "ScanRows", "", "", "Argument[1]", "Argument[2].ArrayElement", "taint", "manual"] # Implemented in QL because variadic arguments as outputs aren't supported in this format yet diff --git a/go/ql/lib/go.qll b/go/ql/lib/go.qll index 51ff4916e16..16f2f1702fa 100644 --- a/go/ql/lib/go.qll +++ b/go/ql/lib/go.qll @@ -32,6 +32,7 @@ import semmle.go.frameworks.Afero import semmle.go.frameworks.AwsLambda import semmle.go.frameworks.Beego import semmle.go.frameworks.BeegoOrm +import semmle.go.frameworks.Bun import semmle.go.frameworks.RsCors import semmle.go.frameworks.Couchbase import semmle.go.frameworks.Echo diff --git a/go/ql/lib/semmle/go/frameworks/Bun.qll b/go/ql/lib/semmle/go/frameworks/Bun.qll new file mode 100644 index 00000000000..65c524f9fde --- /dev/null +++ b/go/ql/lib/semmle/go/frameworks/Bun.qll @@ -0,0 +1,90 @@ +/** + * Provides classes modeling security-relevant aspects of the `Bun` package. + */ + +import go + +/** + * Provides classes modeling security-relevant aspects of the `Bun` package. + */ +private module Bun { + private string packagePath() { result = package("github.com/uptrace/bun", "") } + + private class RawQuerySources extends SourceNode { + RawQuerySources() { + // func (q *RawQuery) Exec(ctx context.Context, dest ...interface{}) (sql.Result, error) + // func (q *RawQuery) Scan(ctx context.Context, dest ...interface{}) error + exists(DataFlow::CallNode cn, int i | + cn.getTarget().(Method).hasQualifiedName(packagePath(), "RawQuery", ["Exec", "Scan"]) and + i >= 1 + | + this = cn.getSyntacticArgument(i) + ) + } + + override string getThreatModel() { result = "database" } + } + + private class SelectQuerySources extends SourceNode { + SelectQuerySources() { + // func (q *SelectQuery) Exec(ctx context.Context, dest ...interface{}) (res sql.Result, err error) + // func (q *SelectQuery) Scan(ctx context.Context, dest ...interface{}) error + // func (q *SelectQuery) ScanAndCount(ctx context.Context, dest ...interface{}) (int, error) + exists(DataFlow::CallNode cn, int i | + cn.getTarget() + .(Method) + .hasQualifiedName(packagePath(), "SelectQuery", ["Exec", "Scan", "ScanAndCount"]) and + i >= 1 + | + this = cn.getSyntacticArgument(i) + ) + } + + override string getThreatModel() { result = "database" } + } + + private class DBScanRows extends TaintTracking::FunctionModel, Method { + FunctionInput inp; + FunctionOutput outp; + + DBScanRows() { + // func (db *DB) ScanRow(ctx context.Context, rows *sql.Rows, dest ...interface{}) error + // func (db *DB) ScanRows(ctx context.Context, rows *sql.Rows, dest ...interface{}) error + this.hasQualifiedName(packagePath(), "DB", ["ScanRow", "ScanRows"]) and + inp.isParameter(1) and + outp.isParameter(any(int i | i >= 2)) + } + + override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) { + input = inp and output = outp + } + } + // private class BuilderScan extends TaintTracking::FunctionModel, Method { + // FunctionInput inp; + // FunctionOutput outp; + // BuilderScan() { + // // signature: func (b {Insert,Delete,Select,Update}Builder) Scan(dest ...interface{}) error + // this.hasQualifiedName(packagePath(), + // ["DeleteBuilder", "InsertBuilder", "SelectBuilder", "UpdateBuilder"], "Scan") and + // inp.isReceiver() and + // outp.isParameter(_) + // } + // override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) { + // input = inp and output = outp + // } + // } + // private class BuilderScanContext extends TaintTracking::FunctionModel, Method { + // FunctionInput inp; + // FunctionOutput outp; + // BuilderScanContext() { + // // signature: func (b {Insert,Delete,Select,Update}Builder) ScanContext(ctx context.Context, dest ...interface{}) error + // this.hasQualifiedName(packagePath(), + // ["DeleteBuilder", "InsertBuilder", "SelectBuilder", "UpdateBuilder"], "ScanContext") and + // inp.isReceiver() and + // exists(int i | i > 0 | outp.isParameter(i)) + // } + // override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) { + // input = inp and output = outp + // } + // } +} diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_uptrace_bun.go b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_uptrace_bun.go new file mode 100644 index 00000000000..dc8b5c7e366 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/test_uptrace_bun.go @@ -0,0 +1,77 @@ +package test + +//go:generate depstubber -vendor github.com/uptrace/bun Conn,DB,RawQuery,SelectQuery,Tx + +import ( + "context" + + "github.com/uptrace/bun" +) + +func Test_bun_conn(conn bun.Conn) { + ctx := context.Background() + + rows1, _ := conn.QueryContext(ctx, "SELECT * FROM users") // $ source + conn.QueryRowContext(ctx, "SELECT * FROM users") // $ source + + ignore(rows1) +} + +func Test_bun_db(db bun.DB) { + ctx := context.Background() + + rows1, _ := db.Query("SELECT * FROM users") // $ source + + for rows1.Next() { + var user User + db.ScanRow(ctx, rows1, &user) + sink(user) // $ hasTaintFlow="user" + } + + rows2, _ := db.QueryContext(ctx, "SELECT * FROM users") // $ source + var users []User + + db.ScanRows(ctx, rows2, &users) + sink(users) // $ hasTaintFlow="users" + + db.QueryRow("SELECT * FROM users") // $ source + db.QueryRowContext(ctx, "SELECT * FROM users") // $ source +} + +func Test_bun_rawquery(q bun.RawQuery) { + ctx := context.Background() + + var u1 []User + q.Exec(ctx, &u1) // $ source + var u2 []User + q.Scan(ctx, &u2) // $ source +} + +func Test_bun_selectquery(q bun.SelectQuery) { + ctx := context.Background() + + rows, _ := q.Rows(ctx) // $ source + var u1 []User + q.Exec(ctx, &u1) // $ source + var u2 []User + q.Model(&u2).Scan(ctx) // $ source + var u3 map[string]interface{} + q.Scan(ctx, &u3) // $ source + var u4 []User + q.Model(&u4).ScanAndCount(ctx) // $ source + var u5 map[string]interface{} + q.ScanAndCount(ctx, &u5) // $ source + + ignore(rows) +} + +func Test_bun_tx(tx bun.Tx) { + ctx := context.Background() + + rows1, _ := tx.Query("SELECT * FROM users") // $ source + rows2, _ := tx.QueryContext(ctx, "SELECT * FROM users") // $ source + tx.QueryRow("SELECT * FROM users") // $ source + tx.QueryRowContext(ctx, "SELECT * FROM users") // $ source + + ignore(rows1, rows2) +} From ecd09edf6443286f703f0124659d45e8b049d8e7 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Wed, 2 Apr 2025 14:15:58 +0100 Subject: [PATCH 186/409] Add stubs for gogf/gf and uptrace/bun --- .../flowsources/local/database/go.mod | 2 + .../github.com/gogf/gf/database/gdb/stub.go | 1175 +++++++ .../vendor/github.com/uptrace/bun/stub.go | 2763 +++++++++++++++++ .../local/database/vendor/modules.txt | 6 + 4 files changed, 3946 insertions(+) create mode 100644 go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/gogf/gf/database/gdb/stub.go create mode 100644 go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/uptrace/bun/stub.go diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/go.mod b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/go.mod index 66d6a2e6ed8..ade22aaf764 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/go.mod +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/go.mod @@ -7,9 +7,11 @@ require ( github.com/beego/beego/v2 v2.3.5 github.com/couchbase/gocb v1.6.7 github.com/couchbase/gocb/v2 v2.9.4 + github.com/gogf/gf v1.16.9 github.com/jmoiron/sqlx v1.4.0 github.com/Masterminds/squirrel v1.5.4 github.com/rqlite/gorqlite v0.0.0-20250128004930-114c7828b55a + github.com/uptrace/bun v1.2.11 go.mongodb.org/mongo-driver v1.17.3 gorm.io/gorm v1.25.12 ) diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/gogf/gf/database/gdb/stub.go b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/gogf/gf/database/gdb/stub.go new file mode 100644 index 00000000000..6554cbb324a --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/gogf/gf/database/gdb/stub.go @@ -0,0 +1,1175 @@ +// Code generated by depstubber. DO NOT EDIT. +// This is a simple stub for github.com/gogf/gf/database/gdb, strictly for use in testing. + +// See the LICENSE file for information about the licensing of the original library. +// Source: github.com/gogf/gf/database/gdb (exports: Core,DB,Model,TX,Record,Result; functions: ) + +// Package gdb is a stub of github.com/gogf/gf/database/gdb, generated by depstubber. +package gdb + +import ( + context "context" + sql "database/sql" + time "time" +) + +type ChunkHandler func(Result, error) bool + +type ConfigNode struct { + Host string + Port string + User string + Pass string + Name string + Type string + Link string + Role string + Debug bool + Prefix string + DryRun bool + Weight int + Charset string + Timezone string + MaxIdleConnCount int + MaxOpenConnCount int + MaxConnLifeTime time.Duration + QueryTimeout time.Duration + ExecTimeout time.Duration + TranTimeout time.Duration + PrepareTimeout time.Duration + CreatedAt string + UpdatedAt string + DeletedAt string + TimeMaintainDisabled bool + CtxStrict bool +} + +func (_ *ConfigNode) String() string { + return "" +} + +type Core struct{} + +func (_ *Core) Begin() (*TX, error) { + return nil, nil +} + +func (_ *Core) Close(_ context.Context) error { + return nil +} + +func (_ *Core) Ctx(_ context.Context) DB { + return nil +} + +func (_ *Core) Delete(_ string, _ interface{}, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *Core) DoCommit(_ context.Context, _ Link, _ string, _ []interface{}) (string, []interface{}, error) { + return "", nil, nil +} + +func (_ *Core) DoDelete(_ context.Context, _ Link, _ string, _ string, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *Core) DoExec(_ context.Context, _ Link, _ string, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *Core) DoGetAll(_ context.Context, _ Link, _ string, _ ...interface{}) (Result, error) { + return nil, nil +} + +func (_ *Core) DoInsert(_ context.Context, _ Link, _ string, _ []map[string]interface{}, _ DoInsertOption) (sql.Result, error) { + return nil, nil +} + +func (_ *Core) DoPrepare(_ context.Context, _ Link, _ string) (*Stmt, error) { + return nil, nil +} + +func (_ *Core) DoQuery(_ context.Context, _ Link, _ string, _ ...interface{}) (*sql.Rows, error) { + return nil, nil +} + +func (_ *Core) DoUpdate(_ context.Context, _ Link, _ string, _ interface{}, _ string, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *Core) Exec(_ string, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *Core) GetAll(_ string, _ ...interface{}) (Result, error) { + return nil, nil +} + +func (_ *Core) GetArray(_ string, _ ...interface{}) ([]interface{}, error) { + return nil, nil +} + +func (_ *Core) GetCache() interface{} { + return nil +} + +func (_ *Core) GetChars() (string, string) { + return "", "" +} + +func (_ *Core) GetConfig() *ConfigNode { + return nil +} + +func (_ *Core) GetCore() *Core { + return nil +} + +func (_ *Core) GetCount(_ string, _ ...interface{}) (int, error) { + return 0, nil +} + +func (_ *Core) GetCtx() context.Context { + return nil +} + +func (_ *Core) GetCtxTimeout(_ int, _ context.Context) (context.Context, context.CancelFunc) { + return nil, nil +} + +func (_ *Core) GetDebug() bool { + return false +} + +func (_ *Core) GetDryRun() bool { + return false +} + +func (_ *Core) GetGroup() string { + return "" +} + +func (_ *Core) GetLogger() interface{} { + return nil +} + +func (_ *Core) GetOne(_ string, _ ...interface{}) (Record, error) { + return nil, nil +} + +func (_ *Core) GetPrefix() string { + return "" +} + +func (_ *Core) GetScan(_ interface{}, _ string, _ ...interface{}) error { + return nil +} + +func (_ *Core) GetSchema() string { + return "" +} + +func (_ *Core) GetStruct(_ interface{}, _ string, _ ...interface{}) error { + return nil +} + +func (_ *Core) GetStructs(_ interface{}, _ string, _ ...interface{}) error { + return nil +} + +func (_ *Core) GetValue(_ string, _ ...interface{}) (interface{}, error) { + return nil, nil +} + +func (_ *Core) HasTable(_ string) (bool, error) { + return false, nil +} + +func (_ *Core) Insert(_ string, _ interface{}, _ ...int) (sql.Result, error) { + return nil, nil +} + +func (_ *Core) InsertAndGetId(_ string, _ interface{}, _ ...int) (int64, error) { + return 0, nil +} + +func (_ *Core) InsertIgnore(_ string, _ interface{}, _ ...int) (sql.Result, error) { + return nil, nil +} + +func (_ *Core) MarshalJSON() ([]byte, error) { + return nil, nil +} + +func (_ *Core) Master(_ ...string) (*sql.DB, error) { + return nil, nil +} + +func (_ *Core) MasterLink(_ ...string) (Link, error) { + return nil, nil +} + +func (_ *Core) Model(_ ...interface{}) *Model { + return nil +} + +func (_ *Core) PingMaster() error { + return nil +} + +func (_ *Core) PingSlave() error { + return nil +} + +func (_ *Core) Prepare(_ string, _ ...bool) (*Stmt, error) { + return nil, nil +} + +func (_ *Core) Query(_ string, _ ...interface{}) (*sql.Rows, error) { + return nil, nil +} + +func (_ *Core) QuotePrefixTableName(_ string) string { + return "" +} + +func (_ *Core) QuoteString(_ string) string { + return "" +} + +func (_ *Core) QuoteWord(_ string) string { + return "" +} + +func (_ *Core) Raw(_ string, _ ...interface{}) *Model { + return nil +} + +func (_ *Core) Replace(_ string, _ interface{}, _ ...int) (sql.Result, error) { + return nil, nil +} + +func (_ *Core) Save(_ string, _ interface{}, _ ...int) (sql.Result, error) { + return nil, nil +} + +func (_ *Core) Schema(_ string) *Schema { + return nil +} + +func (_ *Core) SetDebug(_ bool) {} + +func (_ *Core) SetDryRun(_ bool) {} + +func (_ *Core) SetLogger(_ interface{}) {} + +func (_ *Core) SetMaxConnLifeTime(_ time.Duration) {} + +func (_ *Core) SetMaxIdleConnCount(_ int) {} + +func (_ *Core) SetMaxOpenConnCount(_ int) {} + +func (_ *Core) SetSchema(_ string) {} + +func (_ *Core) Slave(_ ...string) (*sql.DB, error) { + return nil, nil +} + +func (_ *Core) SlaveLink(_ ...string) (Link, error) { + return nil, nil +} + +func (_ *Core) Table(_ ...interface{}) *Model { + return nil +} + +func (_ *Core) TableFields(_ string, _ ...string) (map[string]*TableField, error) { + return nil, nil +} + +func (_ *Core) Tables(_ ...string) ([]string, error) { + return nil, nil +} + +func (_ *Core) Transaction(_ context.Context, _ func(context.Context, *TX) error) error { + return nil +} + +func (_ *Core) Union(_ ...*Model) *Model { + return nil +} + +func (_ *Core) UnionAll(_ ...*Model) *Model { + return nil +} + +func (_ *Core) Update(_ string, _ interface{}, _ interface{}, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *Core) With(_ ...interface{}) *Model { + return nil +} + +type DB interface { + Begin() (*TX, error) + Close(_ context.Context) error + Ctx(_ context.Context) DB + Delete(_ string, _ interface{}, _ ...interface{}) (sql.Result, error) + DoCommit(_ context.Context, _ Link, _ string, _ []interface{}) (string, []interface{}, error) + DoDelete(_ context.Context, _ Link, _ string, _ string, _ ...interface{}) (sql.Result, error) + DoExec(_ context.Context, _ Link, _ string, _ ...interface{}) (sql.Result, error) + DoGetAll(_ context.Context, _ Link, _ string, _ ...interface{}) (Result, error) + DoInsert(_ context.Context, _ Link, _ string, _ []map[string]interface{}, _ DoInsertOption) (sql.Result, error) + DoPrepare(_ context.Context, _ Link, _ string) (*Stmt, error) + DoQuery(_ context.Context, _ Link, _ string, _ ...interface{}) (*sql.Rows, error) + DoUpdate(_ context.Context, _ Link, _ string, _ interface{}, _ string, _ ...interface{}) (sql.Result, error) + Exec(_ string, _ ...interface{}) (sql.Result, error) + FilteredLink() string + GetAll(_ string, _ ...interface{}) (Result, error) + GetArray(_ string, _ ...interface{}) ([]interface{}, error) + GetCache() interface{} + GetChars() (string, string) + GetConfig() *ConfigNode + GetCore() *Core + GetCount(_ string, _ ...interface{}) (int, error) + GetCtx() context.Context + GetDebug() bool + GetDryRun() bool + GetGroup() string + GetLogger() interface{} + GetOne(_ string, _ ...interface{}) (Record, error) + GetPrefix() string + GetScan(_ interface{}, _ string, _ ...interface{}) error + GetSchema() string + GetValue(_ string, _ ...interface{}) (interface{}, error) + Insert(_ string, _ interface{}, _ ...int) (sql.Result, error) + InsertAndGetId(_ string, _ interface{}, _ ...int) (int64, error) + InsertIgnore(_ string, _ interface{}, _ ...int) (sql.Result, error) + Master(_ ...string) (*sql.DB, error) + Model(_ ...interface{}) *Model + Open(_ *ConfigNode) (*sql.DB, error) + PingMaster() error + PingSlave() error + Prepare(_ string, _ ...bool) (*Stmt, error) + Query(_ string, _ ...interface{}) (*sql.Rows, error) + Raw(_ string, _ ...interface{}) *Model + Replace(_ string, _ interface{}, _ ...int) (sql.Result, error) + Save(_ string, _ interface{}, _ ...int) (sql.Result, error) + Schema(_ string) *Schema + SetDebug(_ bool) + SetDryRun(_ bool) + SetLogger(_ interface{}) + SetMaxConnLifeTime(_ time.Duration) + SetMaxIdleConnCount(_ int) + SetMaxOpenConnCount(_ int) + SetSchema(_ string) + Slave(_ ...string) (*sql.DB, error) + Table(_ ...interface{}) *Model + TableFields(_ context.Context, _ string, _ ...string) (map[string]*TableField, error) + Tables(_ context.Context, _ ...string) ([]string, error) + Transaction(_ context.Context, _ func(context.Context, *TX) error) error + Union(_ ...*Model) *Model + UnionAll(_ ...*Model) *Model + Update(_ string, _ interface{}, _ interface{}, _ ...interface{}) (sql.Result, error) + With(_ ...interface{}) *Model +} + +type DoInsertOption struct { + OnDuplicateStr string + OnDuplicateMap map[string]interface{} + InsertOption int + BatchCount int +} + +type Link interface { + Exec(_ string, _ ...interface{}) (sql.Result, error) + ExecContext(_ context.Context, _ string, _ ...interface{}) (sql.Result, error) + IsTransaction() bool + Prepare(_ string) (*sql.Stmt, error) + PrepareContext(_ context.Context, _ string) (*sql.Stmt, error) + Query(_ string, _ ...interface{}) (*sql.Rows, error) + QueryContext(_ context.Context, _ string, _ ...interface{}) (*sql.Rows, error) +} + +type Model struct{} + +func (_ *Model) All(_ ...interface{}) (Result, error) { + return nil, nil +} + +func (_ *Model) And(_ interface{}, _ ...interface{}) *Model { + return nil +} + +func (_ *Model) Args(_ ...interface{}) *Model { + return nil +} + +func (_ *Model) Array(_ ...interface{}) ([]interface{}, error) { + return nil, nil +} + +func (_ *Model) As(_ string) *Model { + return nil +} + +func (_ *Model) Avg(_ string) (float64, error) { + return 0, nil +} + +func (_ *Model) Batch(_ int) *Model { + return nil +} + +func (_ *Model) Cache(_ time.Duration, _ ...string) *Model { + return nil +} + +func (_ *Model) Chunk(_ int, _ ChunkHandler) {} + +func (_ *Model) Clone() *Model { + return nil +} + +func (_ *Model) Count(_ ...interface{}) (int, error) { + return 0, nil +} + +func (_ *Model) CountColumn(_ string) (int, error) { + return 0, nil +} + +func (_ *Model) Ctx(_ context.Context) *Model { + return nil +} + +func (_ *Model) DB(_ DB) *Model { + return nil +} + +func (_ *Model) Data(_ ...interface{}) *Model { + return nil +} + +func (_ *Model) Decrement(_ string, _ interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *Model) Delete(_ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *Model) Distinct() *Model { + return nil +} + +func (_ *Model) FieldAvg(_ string, _ ...string) *Model { + return nil +} + +func (_ *Model) FieldCount(_ string, _ ...string) *Model { + return nil +} + +func (_ *Model) FieldMax(_ string, _ ...string) *Model { + return nil +} + +func (_ *Model) FieldMin(_ string, _ ...string) *Model { + return nil +} + +func (_ *Model) FieldSum(_ string, _ ...string) *Model { + return nil +} + +func (_ *Model) Fields(_ ...interface{}) *Model { + return nil +} + +func (_ *Model) FieldsEx(_ ...interface{}) *Model { + return nil +} + +func (_ *Model) FieldsExStr(_ string, _ ...string) string { + return "" +} + +func (_ *Model) FieldsStr(_ ...string) string { + return "" +} + +func (_ *Model) Filter() *Model { + return nil +} + +func (_ *Model) FindAll(_ ...interface{}) (Result, error) { + return nil, nil +} + +func (_ *Model) FindArray(_ ...interface{}) ([]interface{}, error) { + return nil, nil +} + +func (_ *Model) FindCount(_ ...interface{}) (int, error) { + return 0, nil +} + +func (_ *Model) FindOne(_ ...interface{}) (Record, error) { + return nil, nil +} + +func (_ *Model) FindScan(_ interface{}, _ ...interface{}) error { + return nil +} + +func (_ *Model) FindValue(_ ...interface{}) (interface{}, error) { + return nil, nil +} + +func (_ *Model) ForPage(_ int, _ int) *Model { + return nil +} + +func (_ *Model) GetCtx() context.Context { + return nil +} + +func (_ *Model) GetFieldsExStr(_ string, _ ...string) string { + return "" +} + +func (_ *Model) GetFieldsStr(_ ...string) string { + return "" +} + +func (_ *Model) Group(_ ...string) *Model { + return nil +} + +func (_ *Model) GroupBy(_ string) *Model { + return nil +} + +func (_ *Model) Handler(_ ...ModelHandler) *Model { + return nil +} + +func (_ *Model) HasField(_ string) (bool, error) { + return false, nil +} + +func (_ *Model) Having(_ interface{}, _ ...interface{}) *Model { + return nil +} + +func (_ *Model) Increment(_ string, _ interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *Model) InnerJoin(_ ...string) *Model { + return nil +} + +func (_ *Model) Insert(_ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *Model) InsertAndGetId(_ ...interface{}) (int64, error) { + return 0, nil +} + +func (_ *Model) InsertIgnore(_ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *Model) LeftJoin(_ ...string) *Model { + return nil +} + +func (_ *Model) Limit(_ ...int) *Model { + return nil +} + +func (_ *Model) LockShared() *Model { + return nil +} + +func (_ *Model) LockUpdate() *Model { + return nil +} + +func (_ *Model) Master() *Model { + return nil +} + +func (_ *Model) Max(_ string) (float64, error) { + return 0, nil +} + +func (_ *Model) Min(_ string) (float64, error) { + return 0, nil +} + +func (_ *Model) Offset(_ int) *Model { + return nil +} + +func (_ *Model) OmitEmpty() *Model { + return nil +} + +func (_ *Model) OmitEmptyData() *Model { + return nil +} + +func (_ *Model) OmitEmptyWhere() *Model { + return nil +} + +func (_ *Model) OmitNil() *Model { + return nil +} + +func (_ *Model) OmitNilData() *Model { + return nil +} + +func (_ *Model) OmitNilWhere() *Model { + return nil +} + +func (_ *Model) OnDuplicate(_ ...interface{}) *Model { + return nil +} + +func (_ *Model) OnDuplicateEx(_ ...interface{}) *Model { + return nil +} + +func (_ *Model) One(_ ...interface{}) (Record, error) { + return nil, nil +} + +func (_ *Model) Option(_ int) *Model { + return nil +} + +func (_ *Model) Or(_ interface{}, _ ...interface{}) *Model { + return nil +} + +func (_ *Model) Order(_ ...string) *Model { + return nil +} + +func (_ *Model) OrderAsc(_ string) *Model { + return nil +} + +func (_ *Model) OrderBy(_ string) *Model { + return nil +} + +func (_ *Model) OrderDesc(_ string) *Model { + return nil +} + +func (_ *Model) OrderRandom() *Model { + return nil +} + +func (_ *Model) Page(_ int, _ int) *Model { + return nil +} + +func (_ *Model) Raw(_ string, _ ...interface{}) *Model { + return nil +} + +func (_ *Model) Replace(_ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *Model) RightJoin(_ ...string) *Model { + return nil +} + +func (_ *Model) Safe(_ ...bool) *Model { + return nil +} + +func (_ *Model) Save(_ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *Model) Scan(_ interface{}, _ ...interface{}) error { + return nil +} + +func (_ *Model) ScanList(_ interface{}, _ string, _ ...string) error { + return nil +} + +func (_ *Model) Schema(_ string) *Model { + return nil +} + +func (_ *Model) Select(_ ...interface{}) (Result, error) { + return nil, nil +} + +func (_ *Model) Slave() *Model { + return nil +} + +func (_ *Model) Struct(_ interface{}, _ ...interface{}) error { + return nil +} + +func (_ *Model) Structs(_ interface{}, _ ...interface{}) error { + return nil +} + +func (_ *Model) Sum(_ string) (float64, error) { + return 0, nil +} + +func (_ *Model) TX(_ *TX) *Model { + return nil +} + +func (_ *Model) TableFields(_ string, _ ...string) (map[string]*TableField, error) { + return nil, nil +} + +func (_ *Model) Transaction(_ context.Context, _ func(context.Context, *TX) error) error { + return nil +} + +func (_ *Model) Union(_ ...*Model) *Model { + return nil +} + +func (_ *Model) UnionAll(_ ...*Model) *Model { + return nil +} + +func (_ *Model) Unscoped() *Model { + return nil +} + +func (_ *Model) Update(_ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *Model) Value(_ ...interface{}) (interface{}, error) { + return nil, nil +} + +func (_ *Model) Where(_ interface{}, _ ...interface{}) *Model { + return nil +} + +func (_ *Model) WhereBetween(_ string, _ interface{}, _ interface{}) *Model { + return nil +} + +func (_ *Model) WhereGT(_ string, _ interface{}) *Model { + return nil +} + +func (_ *Model) WhereGTE(_ string, _ interface{}) *Model { + return nil +} + +func (_ *Model) WhereIn(_ string, _ interface{}) *Model { + return nil +} + +func (_ *Model) WhereLT(_ string, _ interface{}) *Model { + return nil +} + +func (_ *Model) WhereLTE(_ string, _ interface{}) *Model { + return nil +} + +func (_ *Model) WhereLike(_ string, _ interface{}) *Model { + return nil +} + +func (_ *Model) WhereNot(_ string, _ interface{}) *Model { + return nil +} + +func (_ *Model) WhereNotBetween(_ string, _ interface{}, _ interface{}) *Model { + return nil +} + +func (_ *Model) WhereNotIn(_ string, _ interface{}) *Model { + return nil +} + +func (_ *Model) WhereNotLike(_ string, _ interface{}) *Model { + return nil +} + +func (_ *Model) WhereNotNull(_ ...string) *Model { + return nil +} + +func (_ *Model) WhereNull(_ ...string) *Model { + return nil +} + +func (_ *Model) WhereOr(_ interface{}, _ ...interface{}) *Model { + return nil +} + +func (_ *Model) WhereOrBetween(_ string, _ interface{}, _ interface{}) *Model { + return nil +} + +func (_ *Model) WhereOrGT(_ string, _ interface{}) *Model { + return nil +} + +func (_ *Model) WhereOrGTE(_ string, _ interface{}) *Model { + return nil +} + +func (_ *Model) WhereOrIn(_ string, _ interface{}) *Model { + return nil +} + +func (_ *Model) WhereOrLT(_ string, _ interface{}) *Model { + return nil +} + +func (_ *Model) WhereOrLTE(_ string, _ interface{}) *Model { + return nil +} + +func (_ *Model) WhereOrLike(_ string, _ interface{}) *Model { + return nil +} + +func (_ *Model) WhereOrNotBetween(_ string, _ interface{}, _ interface{}) *Model { + return nil +} + +func (_ *Model) WhereOrNotIn(_ string, _ interface{}) *Model { + return nil +} + +func (_ *Model) WhereOrNotLike(_ string, _ interface{}) *Model { + return nil +} + +func (_ *Model) WhereOrNotNull(_ ...string) *Model { + return nil +} + +func (_ *Model) WhereOrNull(_ ...string) *Model { + return nil +} + +func (_ *Model) WhereOrf(_ string, _ ...interface{}) *Model { + return nil +} + +func (_ *Model) WherePri(_ interface{}, _ ...interface{}) *Model { + return nil +} + +func (_ *Model) Wheref(_ string, _ ...interface{}) *Model { + return nil +} + +func (_ *Model) With(_ ...interface{}) *Model { + return nil +} + +func (_ *Model) WithAll() *Model { + return nil +} + +type ModelHandler func(*Model) *Model + +type Record map[string]interface{} + +func (_ Record) GMap() interface{} { + return nil +} + +func (_ Record) Interface() interface{} { + return nil +} + +func (_ Record) IsEmpty() bool { + return false +} + +func (_ Record) Json() string { + return "" +} + +func (_ Record) Map() map[string]interface{} { + return nil +} + +func (_ Record) Struct(_ interface{}) error { + return nil +} + +func (_ Record) Xml(_ ...string) string { + return "" +} + +type Result []Record + +func (_ Result) Array(_ ...string) []interface{} { + return nil +} + +func (_ Result) Chunk(_ int) []Result { + return nil +} + +func (_ Result) Interface() interface{} { + return nil +} + +func (_ Result) IsEmpty() bool { + return false +} + +func (_ Result) Json() string { + return "" +} + +func (_ Result) Len() int { + return 0 +} + +func (_ Result) List() []map[string]interface{} { + return nil +} + +func (_ Result) MapKeyInt(_ string) map[int]map[string]interface{} { + return nil +} + +func (_ Result) MapKeyStr(_ string) map[string]map[string]interface{} { + return nil +} + +func (_ Result) MapKeyUint(_ string) map[uint]map[string]interface{} { + return nil +} + +func (_ Result) MapKeyValue(_ string) map[string]interface{} { + return nil +} + +func (_ Result) RecordKeyInt(_ string) map[int]Record { + return nil +} + +func (_ Result) RecordKeyStr(_ string) map[string]Record { + return nil +} + +func (_ Result) RecordKeyUint(_ string) map[uint]Record { + return nil +} + +func (_ Result) ScanList(_ interface{}, _ string, _ ...string) error { + return nil +} + +func (_ Result) Size() int { + return 0 +} + +func (_ Result) Structs(_ interface{}) error { + return nil +} + +func (_ Result) Xml(_ ...string) string { + return "" +} + +type Schema struct{} + +func (_ *Schema) Model(_ string) *Model { + return nil +} + +func (_ *Schema) Table(_ string) *Model { + return nil +} + +type Stmt struct { + *sql.Stmt +} + +func (_ *Stmt) Close() error { + return nil +} + +func (_ *Stmt) Exec(_ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *Stmt) ExecContext(_ context.Context, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *Stmt) Query(_ ...interface{}) (*sql.Rows, error) { + return nil, nil +} + +func (_ *Stmt) QueryContext(_ context.Context, _ ...interface{}) (*sql.Rows, error) { + return nil, nil +} + +func (_ *Stmt) QueryRow(_ ...interface{}) *sql.Row { + return nil +} + +func (_ *Stmt) QueryRowContext(_ context.Context, _ ...interface{}) *sql.Row { + return nil +} + +type TX struct{} + +func (_ *TX) Begin() error { + return nil +} + +func (_ *TX) Commit() error { + return nil +} + +func (_ *TX) Ctx(_ context.Context) *TX { + return nil +} + +func (_ *TX) Delete(_ string, _ interface{}, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *TX) Exec(_ string, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *TX) GetAll(_ string, _ ...interface{}) (Result, error) { + return nil, nil +} + +func (_ *TX) GetCount(_ string, _ ...interface{}) (int, error) { + return 0, nil +} + +func (_ *TX) GetOne(_ string, _ ...interface{}) (Record, error) { + return nil, nil +} + +func (_ *TX) GetScan(_ interface{}, _ string, _ ...interface{}) error { + return nil +} + +func (_ *TX) GetStruct(_ interface{}, _ string, _ ...interface{}) error { + return nil +} + +func (_ *TX) GetStructs(_ interface{}, _ string, _ ...interface{}) error { + return nil +} + +func (_ *TX) GetValue(_ string, _ ...interface{}) (interface{}, error) { + return nil, nil +} + +func (_ *TX) Insert(_ string, _ interface{}, _ ...int) (sql.Result, error) { + return nil, nil +} + +func (_ *TX) InsertAndGetId(_ string, _ interface{}, _ ...int) (int64, error) { + return 0, nil +} + +func (_ *TX) InsertIgnore(_ string, _ interface{}, _ ...int) (sql.Result, error) { + return nil, nil +} + +func (_ *TX) IsClosed() bool { + return false +} + +func (_ *TX) Model(_ ...interface{}) *Model { + return nil +} + +func (_ *TX) Prepare(_ string) (*Stmt, error) { + return nil, nil +} + +func (_ *TX) Query(_ string, _ ...interface{}) (*sql.Rows, error) { + return nil, nil +} + +func (_ *TX) Raw(_ string, _ ...interface{}) *Model { + return nil +} + +func (_ *TX) Replace(_ string, _ interface{}, _ ...int) (sql.Result, error) { + return nil, nil +} + +func (_ *TX) Rollback() error { + return nil +} + +func (_ *TX) RollbackTo(_ string) error { + return nil +} + +func (_ *TX) Save(_ string, _ interface{}, _ ...int) (sql.Result, error) { + return nil, nil +} + +func (_ *TX) SavePoint(_ string) error { + return nil +} + +func (_ *TX) Schema(_ string) *Schema { + return nil +} + +func (_ *TX) Transaction(_ context.Context, _ func(context.Context, *TX) error) error { + return nil +} + +func (_ *TX) Update(_ string, _ interface{}, _ interface{}, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *TX) With(_ interface{}) *Model { + return nil +} + +type TableField struct { + Index int + Name string + Type string + Null bool + Key string + Default interface{} + Extra string + Comment string +} diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/uptrace/bun/stub.go b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/uptrace/bun/stub.go new file mode 100644 index 00000000000..4500c820958 --- /dev/null +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/github.com/uptrace/bun/stub.go @@ -0,0 +1,2763 @@ +// Code generated by depstubber. DO NOT EDIT. +// This is a simple stub for github.com/uptrace/bun, strictly for use in testing. + +// See the LICENSE file for information about the licensing of the original library. +// Source: github.com/uptrace/bun (exports: Conn,DB,RawQuery,SelectQuery,Tx; functions: ) + +// Package bun is a stub of github.com/uptrace/bun, generated by depstubber. +package bun + +import ( + context "context" + sql "database/sql" + driver "database/sql/driver" + reflect "reflect" + time "time" +) + +type AddColumnQuery struct{} + +func (_ *AddColumnQuery) AppendNamedArg(_ interface{}, _ []byte, _ string) ([]byte, bool) { + return nil, false +} + +func (_ *AddColumnQuery) AppendQuery(_ interface{}, _ []byte) ([]byte, error) { + return nil, nil +} + +func (_ *AddColumnQuery) Apply(_ ...func(*AddColumnQuery) *AddColumnQuery) *AddColumnQuery { + return nil +} + +func (_ *AddColumnQuery) ColumnExpr(_ string, _ ...interface{}) *AddColumnQuery { + return nil +} + +func (_ *AddColumnQuery) Comment(_ string) *AddColumnQuery { + return nil +} + +func (_ *AddColumnQuery) Conn(_ IConn) *AddColumnQuery { + return nil +} + +func (_ *AddColumnQuery) DB() *DB { + return nil +} + +func (_ *AddColumnQuery) Dialect() interface{} { + return nil +} + +func (_ *AddColumnQuery) Err(_ error) *AddColumnQuery { + return nil +} + +func (_ *AddColumnQuery) Exec(_ context.Context, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *AddColumnQuery) GetModel() interface{} { + return nil +} + +func (_ *AddColumnQuery) GetTableName() string { + return "" +} + +func (_ *AddColumnQuery) IfNotExists() *AddColumnQuery { + return nil +} + +func (_ *AddColumnQuery) Model(_ interface{}) *AddColumnQuery { + return nil +} + +func (_ *AddColumnQuery) ModelTableExpr(_ string, _ ...interface{}) *AddColumnQuery { + return nil +} + +func (_ *AddColumnQuery) NewAddColumn() *AddColumnQuery { + return nil +} + +func (_ *AddColumnQuery) NewCreateIndex() *CreateIndexQuery { + return nil +} + +func (_ *AddColumnQuery) NewCreateTable() *CreateTableQuery { + return nil +} + +func (_ *AddColumnQuery) NewDelete() *DeleteQuery { + return nil +} + +func (_ *AddColumnQuery) NewDropColumn() *DropColumnQuery { + return nil +} + +func (_ *AddColumnQuery) NewDropIndex() *DropIndexQuery { + return nil +} + +func (_ *AddColumnQuery) NewDropTable() *DropTableQuery { + return nil +} + +func (_ *AddColumnQuery) NewInsert() *InsertQuery { + return nil +} + +func (_ *AddColumnQuery) NewRaw(_ string, _ ...interface{}) *RawQuery { + return nil +} + +func (_ *AddColumnQuery) NewSelect() *SelectQuery { + return nil +} + +func (_ *AddColumnQuery) NewTruncateTable() *TruncateTableQuery { + return nil +} + +func (_ *AddColumnQuery) NewUpdate() *UpdateQuery { + return nil +} + +func (_ *AddColumnQuery) NewValues(_ interface{}) *ValuesQuery { + return nil +} + +func (_ *AddColumnQuery) Operation() string { + return "" +} + +func (_ *AddColumnQuery) Table(_ ...string) *AddColumnQuery { + return nil +} + +func (_ *AddColumnQuery) TableExpr(_ string, _ ...interface{}) *AddColumnQuery { + return nil +} + +type Conn struct { + *sql.Conn +} + +func (_ Conn) BeginTx(_ context.Context, _ *sql.TxOptions) (Tx, error) { + return Tx{}, nil +} + +func (_ Conn) Close() error { + return nil +} + +func (_ Conn) Dialect() interface{} { + return nil +} + +func (_ Conn) ExecContext(_ context.Context, _ string, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ Conn) NewAddColumn() *AddColumnQuery { + return nil +} + +func (_ Conn) NewCreateIndex() *CreateIndexQuery { + return nil +} + +func (_ Conn) NewCreateTable() *CreateTableQuery { + return nil +} + +func (_ Conn) NewDelete() *DeleteQuery { + return nil +} + +func (_ Conn) NewDropColumn() *DropColumnQuery { + return nil +} + +func (_ Conn) NewDropIndex() *DropIndexQuery { + return nil +} + +func (_ Conn) NewDropTable() *DropTableQuery { + return nil +} + +func (_ Conn) NewInsert() *InsertQuery { + return nil +} + +func (_ Conn) NewMerge() *MergeQuery { + return nil +} + +func (_ Conn) NewRaw(_ string, _ ...interface{}) *RawQuery { + return nil +} + +func (_ Conn) NewSelect() *SelectQuery { + return nil +} + +func (_ Conn) NewTruncateTable() *TruncateTableQuery { + return nil +} + +func (_ Conn) NewUpdate() *UpdateQuery { + return nil +} + +func (_ Conn) NewValues(_ interface{}) *ValuesQuery { + return nil +} + +func (_ Conn) PingContext(_ context.Context) error { + return nil +} + +func (_ Conn) PrepareContext(_ context.Context, _ string) (*sql.Stmt, error) { + return nil, nil +} + +func (_ Conn) QueryContext(_ context.Context, _ string, _ ...interface{}) (*sql.Rows, error) { + return nil, nil +} + +func (_ Conn) QueryRowContext(_ context.Context, _ string, _ ...interface{}) *sql.Row { + return nil +} + +func (_ Conn) Raw(_ func(interface{}) error) error { + return nil +} + +func (_ Conn) RunInTx(_ context.Context, _ *sql.TxOptions, _ func(context.Context, Tx) error) error { + return nil +} + +type CreateIndexQuery struct{} + +func (_ *CreateIndexQuery) AppendNamedArg(_ interface{}, _ []byte, _ string) ([]byte, bool) { + return nil, false +} + +func (_ *CreateIndexQuery) AppendQuery(_ interface{}, _ []byte) ([]byte, error) { + return nil, nil +} + +func (_ *CreateIndexQuery) Column(_ ...string) *CreateIndexQuery { + return nil +} + +func (_ *CreateIndexQuery) ColumnExpr(_ string, _ ...interface{}) *CreateIndexQuery { + return nil +} + +func (_ *CreateIndexQuery) Comment(_ string) *CreateIndexQuery { + return nil +} + +func (_ *CreateIndexQuery) Concurrently() *CreateIndexQuery { + return nil +} + +func (_ *CreateIndexQuery) Conn(_ IConn) *CreateIndexQuery { + return nil +} + +func (_ *CreateIndexQuery) DB() *DB { + return nil +} + +func (_ *CreateIndexQuery) Dialect() interface{} { + return nil +} + +func (_ *CreateIndexQuery) Err(_ error) *CreateIndexQuery { + return nil +} + +func (_ *CreateIndexQuery) ExcludeColumn(_ ...string) *CreateIndexQuery { + return nil +} + +func (_ *CreateIndexQuery) Exec(_ context.Context, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *CreateIndexQuery) GetModel() interface{} { + return nil +} + +func (_ *CreateIndexQuery) GetTableName() string { + return "" +} + +func (_ *CreateIndexQuery) IfNotExists() *CreateIndexQuery { + return nil +} + +func (_ *CreateIndexQuery) Include(_ ...string) *CreateIndexQuery { + return nil +} + +func (_ *CreateIndexQuery) IncludeExpr(_ string, _ ...interface{}) *CreateIndexQuery { + return nil +} + +func (_ *CreateIndexQuery) Index(_ string) *CreateIndexQuery { + return nil +} + +func (_ *CreateIndexQuery) IndexExpr(_ string, _ ...interface{}) *CreateIndexQuery { + return nil +} + +func (_ *CreateIndexQuery) Model(_ interface{}) *CreateIndexQuery { + return nil +} + +func (_ *CreateIndexQuery) ModelTableExpr(_ string, _ ...interface{}) *CreateIndexQuery { + return nil +} + +func (_ *CreateIndexQuery) NewAddColumn() *AddColumnQuery { + return nil +} + +func (_ *CreateIndexQuery) NewCreateIndex() *CreateIndexQuery { + return nil +} + +func (_ *CreateIndexQuery) NewCreateTable() *CreateTableQuery { + return nil +} + +func (_ *CreateIndexQuery) NewDelete() *DeleteQuery { + return nil +} + +func (_ *CreateIndexQuery) NewDropColumn() *DropColumnQuery { + return nil +} + +func (_ *CreateIndexQuery) NewDropIndex() *DropIndexQuery { + return nil +} + +func (_ *CreateIndexQuery) NewDropTable() *DropTableQuery { + return nil +} + +func (_ *CreateIndexQuery) NewInsert() *InsertQuery { + return nil +} + +func (_ *CreateIndexQuery) NewRaw(_ string, _ ...interface{}) *RawQuery { + return nil +} + +func (_ *CreateIndexQuery) NewSelect() *SelectQuery { + return nil +} + +func (_ *CreateIndexQuery) NewTruncateTable() *TruncateTableQuery { + return nil +} + +func (_ *CreateIndexQuery) NewUpdate() *UpdateQuery { + return nil +} + +func (_ *CreateIndexQuery) NewValues(_ interface{}) *ValuesQuery { + return nil +} + +func (_ *CreateIndexQuery) Operation() string { + return "" +} + +func (_ *CreateIndexQuery) Table(_ ...string) *CreateIndexQuery { + return nil +} + +func (_ *CreateIndexQuery) TableExpr(_ string, _ ...interface{}) *CreateIndexQuery { + return nil +} + +func (_ *CreateIndexQuery) Unique() *CreateIndexQuery { + return nil +} + +func (_ *CreateIndexQuery) Using(_ string, _ ...interface{}) *CreateIndexQuery { + return nil +} + +func (_ *CreateIndexQuery) Where(_ string, _ ...interface{}) *CreateIndexQuery { + return nil +} + +func (_ *CreateIndexQuery) WhereOr(_ string, _ ...interface{}) *CreateIndexQuery { + return nil +} + +type CreateTableQuery struct{} + +func (_ *CreateTableQuery) AppendNamedArg(_ interface{}, _ []byte, _ string) ([]byte, bool) { + return nil, false +} + +func (_ *CreateTableQuery) AppendQuery(_ interface{}, _ []byte) ([]byte, error) { + return nil, nil +} + +func (_ *CreateTableQuery) ColumnExpr(_ string, _ ...interface{}) *CreateTableQuery { + return nil +} + +func (_ *CreateTableQuery) Comment(_ string) *CreateTableQuery { + return nil +} + +func (_ *CreateTableQuery) Conn(_ IConn) *CreateTableQuery { + return nil +} + +func (_ *CreateTableQuery) DB() *DB { + return nil +} + +func (_ *CreateTableQuery) Dialect() interface{} { + return nil +} + +func (_ *CreateTableQuery) Err(_ error) *CreateTableQuery { + return nil +} + +func (_ *CreateTableQuery) Exec(_ context.Context, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *CreateTableQuery) ForeignKey(_ string, _ ...interface{}) *CreateTableQuery { + return nil +} + +func (_ *CreateTableQuery) GetModel() interface{} { + return nil +} + +func (_ *CreateTableQuery) GetTableName() string { + return "" +} + +func (_ *CreateTableQuery) IfNotExists() *CreateTableQuery { + return nil +} + +func (_ *CreateTableQuery) Model(_ interface{}) *CreateTableQuery { + return nil +} + +func (_ *CreateTableQuery) ModelTableExpr(_ string, _ ...interface{}) *CreateTableQuery { + return nil +} + +func (_ *CreateTableQuery) NewAddColumn() *AddColumnQuery { + return nil +} + +func (_ *CreateTableQuery) NewCreateIndex() *CreateIndexQuery { + return nil +} + +func (_ *CreateTableQuery) NewCreateTable() *CreateTableQuery { + return nil +} + +func (_ *CreateTableQuery) NewDelete() *DeleteQuery { + return nil +} + +func (_ *CreateTableQuery) NewDropColumn() *DropColumnQuery { + return nil +} + +func (_ *CreateTableQuery) NewDropIndex() *DropIndexQuery { + return nil +} + +func (_ *CreateTableQuery) NewDropTable() *DropTableQuery { + return nil +} + +func (_ *CreateTableQuery) NewInsert() *InsertQuery { + return nil +} + +func (_ *CreateTableQuery) NewRaw(_ string, _ ...interface{}) *RawQuery { + return nil +} + +func (_ *CreateTableQuery) NewSelect() *SelectQuery { + return nil +} + +func (_ *CreateTableQuery) NewTruncateTable() *TruncateTableQuery { + return nil +} + +func (_ *CreateTableQuery) NewUpdate() *UpdateQuery { + return nil +} + +func (_ *CreateTableQuery) NewValues(_ interface{}) *ValuesQuery { + return nil +} + +func (_ *CreateTableQuery) Operation() string { + return "" +} + +func (_ *CreateTableQuery) PartitionBy(_ string, _ ...interface{}) *CreateTableQuery { + return nil +} + +func (_ *CreateTableQuery) String() string { + return "" +} + +func (_ *CreateTableQuery) Table(_ ...string) *CreateTableQuery { + return nil +} + +func (_ *CreateTableQuery) TableExpr(_ string, _ ...interface{}) *CreateTableQuery { + return nil +} + +func (_ *CreateTableQuery) TableSpace(_ string) *CreateTableQuery { + return nil +} + +func (_ *CreateTableQuery) Temp() *CreateTableQuery { + return nil +} + +func (_ *CreateTableQuery) Varchar(_ int) *CreateTableQuery { + return nil +} + +func (_ *CreateTableQuery) WithForeignKeys() *CreateTableQuery { + return nil +} + +type DB struct{} + +func (_ DB) Driver() driver.Driver { + return nil +} + +func (_ DB) Ping() error { + return nil +} + +func (_ DB) PingContext(_ context.Context) error { + return nil +} + +func (_ DB) SetConnMaxIdleTime(_ time.Duration) {} + +func (_ DB) SetConnMaxLifetime(_ time.Duration) {} + +func (_ DB) SetMaxIdleConns(_ int) {} + +func (_ DB) SetMaxOpenConns(_ int) {} + +func (_ DB) Stats() sql.DBStats { + return sql.DBStats{} +} + +func (_ *DB) AddQueryHook(_ QueryHook) {} + +func (_ *DB) Begin() (Tx, error) { + return Tx{}, nil +} + +func (_ *DB) BeginTx(_ context.Context, _ *sql.TxOptions) (Tx, error) { + return Tx{}, nil +} + +func (_ *DB) Close() error { + return nil +} + +func (_ *DB) Conn(_ context.Context) (Conn, error) { + return Conn{}, nil +} + +func (_ *DB) DBStats() DBStats { + return DBStats{} +} + +func (_ *DB) Dialect() interface{} { + return nil +} + +func (_ *DB) Exec(_ string, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *DB) ExecContext(_ context.Context, _ string, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *DB) Formatter() interface{} { + return nil +} + +func (_ *DB) HasFeature(_ interface{}) bool { + return false +} + +func (_ *DB) NewAddColumn() *AddColumnQuery { + return nil +} + +func (_ *DB) NewCreateIndex() *CreateIndexQuery { + return nil +} + +func (_ *DB) NewCreateTable() *CreateTableQuery { + return nil +} + +func (_ *DB) NewDelete() *DeleteQuery { + return nil +} + +func (_ *DB) NewDropColumn() *DropColumnQuery { + return nil +} + +func (_ *DB) NewDropIndex() *DropIndexQuery { + return nil +} + +func (_ *DB) NewDropTable() *DropTableQuery { + return nil +} + +func (_ *DB) NewInsert() *InsertQuery { + return nil +} + +func (_ *DB) NewMerge() *MergeQuery { + return nil +} + +func (_ *DB) NewRaw(_ string, _ ...interface{}) *RawQuery { + return nil +} + +func (_ *DB) NewSelect() *SelectQuery { + return nil +} + +func (_ *DB) NewTruncateTable() *TruncateTableQuery { + return nil +} + +func (_ *DB) NewUpdate() *UpdateQuery { + return nil +} + +func (_ *DB) NewValues(_ interface{}) *ValuesQuery { + return nil +} + +func (_ *DB) Prepare(_ string) (Stmt, error) { + return Stmt{}, nil +} + +func (_ *DB) PrepareContext(_ context.Context, _ string) (Stmt, error) { + return Stmt{}, nil +} + +func (_ *DB) Query(_ string, _ ...interface{}) (*sql.Rows, error) { + return nil, nil +} + +func (_ *DB) QueryContext(_ context.Context, _ string, _ ...interface{}) (*sql.Rows, error) { + return nil, nil +} + +func (_ *DB) QueryRow(_ string, _ ...interface{}) *sql.Row { + return nil +} + +func (_ *DB) QueryRowContext(_ context.Context, _ string, _ ...interface{}) *sql.Row { + return nil +} + +func (_ *DB) RegisterModel(_ ...interface{}) {} + +func (_ *DB) ResetModel(_ context.Context, _ ...interface{}) error { + return nil +} + +func (_ *DB) RunInTx(_ context.Context, _ *sql.TxOptions, _ func(context.Context, Tx) error) error { + return nil +} + +func (_ *DB) ScanRow(_ context.Context, _ *sql.Rows, _ ...interface{}) error { + return nil +} + +func (_ *DB) ScanRows(_ context.Context, _ *sql.Rows, _ ...interface{}) error { + return nil +} + +func (_ *DB) String() string { + return "" +} + +func (_ *DB) Table(_ reflect.Type) interface{} { + return nil +} + +func (_ *DB) UpdateFQN(_ string, _ string) interface{} { + return nil +} + +func (_ *DB) WithNamedArg(_ string, _ interface{}) *DB { + return nil +} + +type DBStats struct { + Queries uint32 + Errors uint32 +} + +type DeleteQuery struct{} + +func (_ *DeleteQuery) AppendNamedArg(_ interface{}, _ []byte, _ string) ([]byte, bool) { + return nil, false +} + +func (_ *DeleteQuery) AppendQuery(_ interface{}, _ []byte) ([]byte, error) { + return nil, nil +} + +func (_ *DeleteQuery) Apply(_ ...func(*DeleteQuery) *DeleteQuery) *DeleteQuery { + return nil +} + +func (_ *DeleteQuery) ApplyQueryBuilder(_ func(QueryBuilder) QueryBuilder) *DeleteQuery { + return nil +} + +func (_ *DeleteQuery) Comment(_ string) *DeleteQuery { + return nil +} + +func (_ *DeleteQuery) Conn(_ IConn) *DeleteQuery { + return nil +} + +func (_ *DeleteQuery) DB() *DB { + return nil +} + +func (_ *DeleteQuery) Dialect() interface{} { + return nil +} + +func (_ *DeleteQuery) Err(_ error) *DeleteQuery { + return nil +} + +func (_ *DeleteQuery) Exec(_ context.Context, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *DeleteQuery) ForceDelete() *DeleteQuery { + return nil +} + +func (_ *DeleteQuery) GetModel() interface{} { + return nil +} + +func (_ *DeleteQuery) GetTableName() string { + return "" +} + +func (_ *DeleteQuery) Limit(_ int) *DeleteQuery { + return nil +} + +func (_ *DeleteQuery) Model(_ interface{}) *DeleteQuery { + return nil +} + +func (_ *DeleteQuery) ModelTableExpr(_ string, _ ...interface{}) *DeleteQuery { + return nil +} + +func (_ *DeleteQuery) NewAddColumn() *AddColumnQuery { + return nil +} + +func (_ *DeleteQuery) NewCreateIndex() *CreateIndexQuery { + return nil +} + +func (_ *DeleteQuery) NewCreateTable() *CreateTableQuery { + return nil +} + +func (_ *DeleteQuery) NewDelete() *DeleteQuery { + return nil +} + +func (_ *DeleteQuery) NewDropColumn() *DropColumnQuery { + return nil +} + +func (_ *DeleteQuery) NewDropIndex() *DropIndexQuery { + return nil +} + +func (_ *DeleteQuery) NewDropTable() *DropTableQuery { + return nil +} + +func (_ *DeleteQuery) NewInsert() *InsertQuery { + return nil +} + +func (_ *DeleteQuery) NewRaw(_ string, _ ...interface{}) *RawQuery { + return nil +} + +func (_ *DeleteQuery) NewSelect() *SelectQuery { + return nil +} + +func (_ *DeleteQuery) NewTruncateTable() *TruncateTableQuery { + return nil +} + +func (_ *DeleteQuery) NewUpdate() *UpdateQuery { + return nil +} + +func (_ *DeleteQuery) NewValues(_ interface{}) *ValuesQuery { + return nil +} + +func (_ *DeleteQuery) Operation() string { + return "" +} + +func (_ *DeleteQuery) Order(_ ...string) *DeleteQuery { + return nil +} + +func (_ *DeleteQuery) OrderExpr(_ string, _ ...interface{}) *DeleteQuery { + return nil +} + +func (_ *DeleteQuery) QueryBuilder() QueryBuilder { + return nil +} + +func (_ *DeleteQuery) Returning(_ string, _ ...interface{}) *DeleteQuery { + return nil +} + +func (_ *DeleteQuery) Scan(_ context.Context, _ ...interface{}) error { + return nil +} + +func (_ *DeleteQuery) String() string { + return "" +} + +func (_ *DeleteQuery) Table(_ ...string) *DeleteQuery { + return nil +} + +func (_ *DeleteQuery) TableExpr(_ string, _ ...interface{}) *DeleteQuery { + return nil +} + +func (_ *DeleteQuery) Where(_ string, _ ...interface{}) *DeleteQuery { + return nil +} + +func (_ *DeleteQuery) WhereAllWithDeleted() *DeleteQuery { + return nil +} + +func (_ *DeleteQuery) WhereDeleted() *DeleteQuery { + return nil +} + +func (_ *DeleteQuery) WhereGroup(_ string, _ func(*DeleteQuery) *DeleteQuery) *DeleteQuery { + return nil +} + +func (_ *DeleteQuery) WhereOr(_ string, _ ...interface{}) *DeleteQuery { + return nil +} + +func (_ *DeleteQuery) WherePK(_ ...string) *DeleteQuery { + return nil +} + +func (_ *DeleteQuery) With(_ string, _ interface{}) *DeleteQuery { + return nil +} + +func (_ *DeleteQuery) WithRecursive(_ string, _ interface{}) *DeleteQuery { + return nil +} + +type DropColumnQuery struct{} + +func (_ *DropColumnQuery) AppendNamedArg(_ interface{}, _ []byte, _ string) ([]byte, bool) { + return nil, false +} + +func (_ *DropColumnQuery) AppendQuery(_ interface{}, _ []byte) ([]byte, error) { + return nil, nil +} + +func (_ *DropColumnQuery) Apply(_ ...func(*DropColumnQuery) *DropColumnQuery) *DropColumnQuery { + return nil +} + +func (_ *DropColumnQuery) Column(_ ...string) *DropColumnQuery { + return nil +} + +func (_ *DropColumnQuery) ColumnExpr(_ string, _ ...interface{}) *DropColumnQuery { + return nil +} + +func (_ *DropColumnQuery) Comment(_ string) *DropColumnQuery { + return nil +} + +func (_ *DropColumnQuery) Conn(_ IConn) *DropColumnQuery { + return nil +} + +func (_ *DropColumnQuery) DB() *DB { + return nil +} + +func (_ *DropColumnQuery) Dialect() interface{} { + return nil +} + +func (_ *DropColumnQuery) Err(_ error) *DropColumnQuery { + return nil +} + +func (_ *DropColumnQuery) Exec(_ context.Context, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *DropColumnQuery) GetModel() interface{} { + return nil +} + +func (_ *DropColumnQuery) GetTableName() string { + return "" +} + +func (_ *DropColumnQuery) Model(_ interface{}) *DropColumnQuery { + return nil +} + +func (_ *DropColumnQuery) ModelTableExpr(_ string, _ ...interface{}) *DropColumnQuery { + return nil +} + +func (_ *DropColumnQuery) NewAddColumn() *AddColumnQuery { + return nil +} + +func (_ *DropColumnQuery) NewCreateIndex() *CreateIndexQuery { + return nil +} + +func (_ *DropColumnQuery) NewCreateTable() *CreateTableQuery { + return nil +} + +func (_ *DropColumnQuery) NewDelete() *DeleteQuery { + return nil +} + +func (_ *DropColumnQuery) NewDropColumn() *DropColumnQuery { + return nil +} + +func (_ *DropColumnQuery) NewDropIndex() *DropIndexQuery { + return nil +} + +func (_ *DropColumnQuery) NewDropTable() *DropTableQuery { + return nil +} + +func (_ *DropColumnQuery) NewInsert() *InsertQuery { + return nil +} + +func (_ *DropColumnQuery) NewRaw(_ string, _ ...interface{}) *RawQuery { + return nil +} + +func (_ *DropColumnQuery) NewSelect() *SelectQuery { + return nil +} + +func (_ *DropColumnQuery) NewTruncateTable() *TruncateTableQuery { + return nil +} + +func (_ *DropColumnQuery) NewUpdate() *UpdateQuery { + return nil +} + +func (_ *DropColumnQuery) NewValues(_ interface{}) *ValuesQuery { + return nil +} + +func (_ *DropColumnQuery) Operation() string { + return "" +} + +func (_ *DropColumnQuery) Table(_ ...string) *DropColumnQuery { + return nil +} + +func (_ *DropColumnQuery) TableExpr(_ string, _ ...interface{}) *DropColumnQuery { + return nil +} + +type DropIndexQuery struct{} + +func (_ *DropIndexQuery) AppendNamedArg(_ interface{}, _ []byte, _ string) ([]byte, bool) { + return nil, false +} + +func (_ *DropIndexQuery) AppendQuery(_ interface{}, _ []byte) ([]byte, error) { + return nil, nil +} + +func (_ *DropIndexQuery) Cascade() *DropIndexQuery { + return nil +} + +func (_ *DropIndexQuery) Comment(_ string) *DropIndexQuery { + return nil +} + +func (_ *DropIndexQuery) Concurrently() *DropIndexQuery { + return nil +} + +func (_ *DropIndexQuery) Conn(_ IConn) *DropIndexQuery { + return nil +} + +func (_ *DropIndexQuery) DB() *DB { + return nil +} + +func (_ *DropIndexQuery) Dialect() interface{} { + return nil +} + +func (_ *DropIndexQuery) Err(_ error) *DropIndexQuery { + return nil +} + +func (_ *DropIndexQuery) Exec(_ context.Context, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *DropIndexQuery) GetModel() interface{} { + return nil +} + +func (_ *DropIndexQuery) GetTableName() string { + return "" +} + +func (_ *DropIndexQuery) IfExists() *DropIndexQuery { + return nil +} + +func (_ *DropIndexQuery) Index(_ string, _ ...interface{}) *DropIndexQuery { + return nil +} + +func (_ *DropIndexQuery) Model(_ interface{}) *DropIndexQuery { + return nil +} + +func (_ *DropIndexQuery) NewAddColumn() *AddColumnQuery { + return nil +} + +func (_ *DropIndexQuery) NewCreateIndex() *CreateIndexQuery { + return nil +} + +func (_ *DropIndexQuery) NewCreateTable() *CreateTableQuery { + return nil +} + +func (_ *DropIndexQuery) NewDelete() *DeleteQuery { + return nil +} + +func (_ *DropIndexQuery) NewDropColumn() *DropColumnQuery { + return nil +} + +func (_ *DropIndexQuery) NewDropIndex() *DropIndexQuery { + return nil +} + +func (_ *DropIndexQuery) NewDropTable() *DropTableQuery { + return nil +} + +func (_ *DropIndexQuery) NewInsert() *InsertQuery { + return nil +} + +func (_ *DropIndexQuery) NewRaw(_ string, _ ...interface{}) *RawQuery { + return nil +} + +func (_ *DropIndexQuery) NewSelect() *SelectQuery { + return nil +} + +func (_ *DropIndexQuery) NewTruncateTable() *TruncateTableQuery { + return nil +} + +func (_ *DropIndexQuery) NewUpdate() *UpdateQuery { + return nil +} + +func (_ *DropIndexQuery) NewValues(_ interface{}) *ValuesQuery { + return nil +} + +func (_ *DropIndexQuery) Operation() string { + return "" +} + +func (_ *DropIndexQuery) Restrict() *DropIndexQuery { + return nil +} + +type DropTableQuery struct{} + +func (_ *DropTableQuery) AppendNamedArg(_ interface{}, _ []byte, _ string) ([]byte, bool) { + return nil, false +} + +func (_ *DropTableQuery) AppendQuery(_ interface{}, _ []byte) ([]byte, error) { + return nil, nil +} + +func (_ *DropTableQuery) Cascade() *DropTableQuery { + return nil +} + +func (_ *DropTableQuery) Comment(_ string) *DropTableQuery { + return nil +} + +func (_ *DropTableQuery) Conn(_ IConn) *DropTableQuery { + return nil +} + +func (_ *DropTableQuery) DB() *DB { + return nil +} + +func (_ *DropTableQuery) Dialect() interface{} { + return nil +} + +func (_ *DropTableQuery) Err(_ error) *DropTableQuery { + return nil +} + +func (_ *DropTableQuery) Exec(_ context.Context, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *DropTableQuery) GetModel() interface{} { + return nil +} + +func (_ *DropTableQuery) GetTableName() string { + return "" +} + +func (_ *DropTableQuery) IfExists() *DropTableQuery { + return nil +} + +func (_ *DropTableQuery) Model(_ interface{}) *DropTableQuery { + return nil +} + +func (_ *DropTableQuery) ModelTableExpr(_ string, _ ...interface{}) *DropTableQuery { + return nil +} + +func (_ *DropTableQuery) NewAddColumn() *AddColumnQuery { + return nil +} + +func (_ *DropTableQuery) NewCreateIndex() *CreateIndexQuery { + return nil +} + +func (_ *DropTableQuery) NewCreateTable() *CreateTableQuery { + return nil +} + +func (_ *DropTableQuery) NewDelete() *DeleteQuery { + return nil +} + +func (_ *DropTableQuery) NewDropColumn() *DropColumnQuery { + return nil +} + +func (_ *DropTableQuery) NewDropIndex() *DropIndexQuery { + return nil +} + +func (_ *DropTableQuery) NewDropTable() *DropTableQuery { + return nil +} + +func (_ *DropTableQuery) NewInsert() *InsertQuery { + return nil +} + +func (_ *DropTableQuery) NewRaw(_ string, _ ...interface{}) *RawQuery { + return nil +} + +func (_ *DropTableQuery) NewSelect() *SelectQuery { + return nil +} + +func (_ *DropTableQuery) NewTruncateTable() *TruncateTableQuery { + return nil +} + +func (_ *DropTableQuery) NewUpdate() *UpdateQuery { + return nil +} + +func (_ *DropTableQuery) NewValues(_ interface{}) *ValuesQuery { + return nil +} + +func (_ *DropTableQuery) Operation() string { + return "" +} + +func (_ *DropTableQuery) Restrict() *DropTableQuery { + return nil +} + +func (_ *DropTableQuery) String() string { + return "" +} + +func (_ *DropTableQuery) Table(_ ...string) *DropTableQuery { + return nil +} + +func (_ *DropTableQuery) TableExpr(_ string, _ ...interface{}) *DropTableQuery { + return nil +} + +type IConn interface { + ExecContext(_ context.Context, _ string, _ ...interface{}) (sql.Result, error) + QueryContext(_ context.Context, _ string, _ ...interface{}) (*sql.Rows, error) + QueryRowContext(_ context.Context, _ string, _ ...interface{}) *sql.Row +} + +type InsertQuery struct{} + +func (_ *InsertQuery) AppendNamedArg(_ interface{}, _ []byte, _ string) ([]byte, bool) { + return nil, false +} + +func (_ *InsertQuery) AppendQuery(_ interface{}, _ []byte) ([]byte, error) { + return nil, nil +} + +func (_ *InsertQuery) Apply(_ ...func(*InsertQuery) *InsertQuery) *InsertQuery { + return nil +} + +func (_ *InsertQuery) Column(_ ...string) *InsertQuery { + return nil +} + +func (_ *InsertQuery) ColumnExpr(_ string, _ ...interface{}) *InsertQuery { + return nil +} + +func (_ *InsertQuery) Comment(_ string) *InsertQuery { + return nil +} + +func (_ *InsertQuery) Conn(_ IConn) *InsertQuery { + return nil +} + +func (_ *InsertQuery) DB() *DB { + return nil +} + +func (_ *InsertQuery) Dialect() interface{} { + return nil +} + +func (_ *InsertQuery) Err(_ error) *InsertQuery { + return nil +} + +func (_ *InsertQuery) ExcludeColumn(_ ...string) *InsertQuery { + return nil +} + +func (_ *InsertQuery) Exec(_ context.Context, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *InsertQuery) GetModel() interface{} { + return nil +} + +func (_ *InsertQuery) GetTableName() string { + return "" +} + +func (_ *InsertQuery) Ignore() *InsertQuery { + return nil +} + +func (_ *InsertQuery) Model(_ interface{}) *InsertQuery { + return nil +} + +func (_ *InsertQuery) ModelTableExpr(_ string, _ ...interface{}) *InsertQuery { + return nil +} + +func (_ *InsertQuery) NewAddColumn() *AddColumnQuery { + return nil +} + +func (_ *InsertQuery) NewCreateIndex() *CreateIndexQuery { + return nil +} + +func (_ *InsertQuery) NewCreateTable() *CreateTableQuery { + return nil +} + +func (_ *InsertQuery) NewDelete() *DeleteQuery { + return nil +} + +func (_ *InsertQuery) NewDropColumn() *DropColumnQuery { + return nil +} + +func (_ *InsertQuery) NewDropIndex() *DropIndexQuery { + return nil +} + +func (_ *InsertQuery) NewDropTable() *DropTableQuery { + return nil +} + +func (_ *InsertQuery) NewInsert() *InsertQuery { + return nil +} + +func (_ *InsertQuery) NewRaw(_ string, _ ...interface{}) *RawQuery { + return nil +} + +func (_ *InsertQuery) NewSelect() *SelectQuery { + return nil +} + +func (_ *InsertQuery) NewTruncateTable() *TruncateTableQuery { + return nil +} + +func (_ *InsertQuery) NewUpdate() *UpdateQuery { + return nil +} + +func (_ *InsertQuery) NewValues(_ interface{}) *ValuesQuery { + return nil +} + +func (_ *InsertQuery) On(_ string, _ ...interface{}) *InsertQuery { + return nil +} + +func (_ *InsertQuery) Operation() string { + return "" +} + +func (_ *InsertQuery) Replace() *InsertQuery { + return nil +} + +func (_ *InsertQuery) Returning(_ string, _ ...interface{}) *InsertQuery { + return nil +} + +func (_ *InsertQuery) Scan(_ context.Context, _ ...interface{}) error { + return nil +} + +func (_ *InsertQuery) Set(_ string, _ ...interface{}) *InsertQuery { + return nil +} + +func (_ *InsertQuery) String() string { + return "" +} + +func (_ *InsertQuery) Table(_ ...string) *InsertQuery { + return nil +} + +func (_ *InsertQuery) TableExpr(_ string, _ ...interface{}) *InsertQuery { + return nil +} + +func (_ *InsertQuery) Value(_ string, _ string, _ ...interface{}) *InsertQuery { + return nil +} + +func (_ *InsertQuery) Where(_ string, _ ...interface{}) *InsertQuery { + return nil +} + +func (_ *InsertQuery) WhereOr(_ string, _ ...interface{}) *InsertQuery { + return nil +} + +func (_ *InsertQuery) With(_ string, _ interface{}) *InsertQuery { + return nil +} + +func (_ *InsertQuery) WithRecursive(_ string, _ interface{}) *InsertQuery { + return nil +} + +type MergeQuery struct{} + +func (_ *MergeQuery) AppendNamedArg(_ interface{}, _ []byte, _ string) ([]byte, bool) { + return nil, false +} + +func (_ *MergeQuery) AppendQuery(_ interface{}, _ []byte) ([]byte, error) { + return nil, nil +} + +func (_ *MergeQuery) Apply(_ ...func(*MergeQuery) *MergeQuery) *MergeQuery { + return nil +} + +func (_ *MergeQuery) Comment(_ string) *MergeQuery { + return nil +} + +func (_ *MergeQuery) Conn(_ IConn) *MergeQuery { + return nil +} + +func (_ *MergeQuery) DB() *DB { + return nil +} + +func (_ *MergeQuery) Dialect() interface{} { + return nil +} + +func (_ *MergeQuery) Err(_ error) *MergeQuery { + return nil +} + +func (_ *MergeQuery) Exec(_ context.Context, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *MergeQuery) GetModel() interface{} { + return nil +} + +func (_ *MergeQuery) GetTableName() string { + return "" +} + +func (_ *MergeQuery) Model(_ interface{}) *MergeQuery { + return nil +} + +func (_ *MergeQuery) ModelTableExpr(_ string, _ ...interface{}) *MergeQuery { + return nil +} + +func (_ *MergeQuery) NewAddColumn() *AddColumnQuery { + return nil +} + +func (_ *MergeQuery) NewCreateIndex() *CreateIndexQuery { + return nil +} + +func (_ *MergeQuery) NewCreateTable() *CreateTableQuery { + return nil +} + +func (_ *MergeQuery) NewDelete() *DeleteQuery { + return nil +} + +func (_ *MergeQuery) NewDropColumn() *DropColumnQuery { + return nil +} + +func (_ *MergeQuery) NewDropIndex() *DropIndexQuery { + return nil +} + +func (_ *MergeQuery) NewDropTable() *DropTableQuery { + return nil +} + +func (_ *MergeQuery) NewInsert() *InsertQuery { + return nil +} + +func (_ *MergeQuery) NewRaw(_ string, _ ...interface{}) *RawQuery { + return nil +} + +func (_ *MergeQuery) NewSelect() *SelectQuery { + return nil +} + +func (_ *MergeQuery) NewTruncateTable() *TruncateTableQuery { + return nil +} + +func (_ *MergeQuery) NewUpdate() *UpdateQuery { + return nil +} + +func (_ *MergeQuery) NewValues(_ interface{}) *ValuesQuery { + return nil +} + +func (_ *MergeQuery) On(_ string, _ ...interface{}) *MergeQuery { + return nil +} + +func (_ *MergeQuery) Operation() string { + return "" +} + +func (_ *MergeQuery) Returning(_ string, _ ...interface{}) *MergeQuery { + return nil +} + +func (_ *MergeQuery) Scan(_ context.Context, _ ...interface{}) error { + return nil +} + +func (_ *MergeQuery) String() string { + return "" +} + +func (_ *MergeQuery) Table(_ ...string) *MergeQuery { + return nil +} + +func (_ *MergeQuery) TableExpr(_ string, _ ...interface{}) *MergeQuery { + return nil +} + +func (_ *MergeQuery) Using(_ string, _ ...interface{}) *MergeQuery { + return nil +} + +func (_ *MergeQuery) When(_ string, _ ...interface{}) *MergeQuery { + return nil +} + +func (_ *MergeQuery) WhenDelete(_ string) *MergeQuery { + return nil +} + +func (_ *MergeQuery) WhenInsert(_ string, _ func(*InsertQuery) *InsertQuery) *MergeQuery { + return nil +} + +func (_ *MergeQuery) WhenUpdate(_ string, _ func(*UpdateQuery) *UpdateQuery) *MergeQuery { + return nil +} + +func (_ *MergeQuery) With(_ string, _ interface{}) *MergeQuery { + return nil +} + +func (_ *MergeQuery) WithRecursive(_ string, _ interface{}) *MergeQuery { + return nil +} + +type QueryBuilder interface { + AppendQuery(_ interface{}, _ []byte) ([]byte, error) + GetModel() interface{} + GetTableName() string + Operation() string + Unwrap() interface{} + Where(_ string, _ ...interface{}) QueryBuilder + WhereAllWithDeleted() QueryBuilder + WhereDeleted() QueryBuilder + WhereGroup(_ string, _ func(QueryBuilder) QueryBuilder) QueryBuilder + WhereOr(_ string, _ ...interface{}) QueryBuilder + WherePK(_ ...string) QueryBuilder +} + +type QueryEvent struct { + DB *DB + QueryAppender interface{} + IQuery interface{} + Query string + QueryTemplate string + QueryArgs []interface{} + Model interface{} + StartTime time.Time + Result sql.Result + Err error + Stash map[interface{}]interface{} +} + +func (_ *QueryEvent) Operation() string { + return "" +} + +type QueryHook interface { + AfterQuery(_ context.Context, _ *QueryEvent) + BeforeQuery(_ context.Context, _ *QueryEvent) context.Context +} + +type RawQuery struct{} + +func (_ *RawQuery) AppendNamedArg(_ interface{}, _ []byte, _ string) ([]byte, bool) { + return nil, false +} + +func (_ *RawQuery) AppendQuery(_ interface{}, _ []byte) ([]byte, error) { + return nil, nil +} + +func (_ *RawQuery) Comment(_ string) *RawQuery { + return nil +} + +func (_ *RawQuery) Conn(_ IConn) *RawQuery { + return nil +} + +func (_ *RawQuery) DB() *DB { + return nil +} + +func (_ *RawQuery) Dialect() interface{} { + return nil +} + +func (_ *RawQuery) Err(_ error) *RawQuery { + return nil +} + +func (_ *RawQuery) Exec(_ context.Context, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *RawQuery) GetModel() interface{} { + return nil +} + +func (_ *RawQuery) GetTableName() string { + return "" +} + +func (_ *RawQuery) NewAddColumn() *AddColumnQuery { + return nil +} + +func (_ *RawQuery) NewCreateIndex() *CreateIndexQuery { + return nil +} + +func (_ *RawQuery) NewCreateTable() *CreateTableQuery { + return nil +} + +func (_ *RawQuery) NewDelete() *DeleteQuery { + return nil +} + +func (_ *RawQuery) NewDropColumn() *DropColumnQuery { + return nil +} + +func (_ *RawQuery) NewDropIndex() *DropIndexQuery { + return nil +} + +func (_ *RawQuery) NewDropTable() *DropTableQuery { + return nil +} + +func (_ *RawQuery) NewInsert() *InsertQuery { + return nil +} + +func (_ *RawQuery) NewRaw(_ string, _ ...interface{}) *RawQuery { + return nil +} + +func (_ *RawQuery) NewSelect() *SelectQuery { + return nil +} + +func (_ *RawQuery) NewTruncateTable() *TruncateTableQuery { + return nil +} + +func (_ *RawQuery) NewUpdate() *UpdateQuery { + return nil +} + +func (_ *RawQuery) NewValues(_ interface{}) *ValuesQuery { + return nil +} + +func (_ *RawQuery) Operation() string { + return "" +} + +func (_ *RawQuery) Scan(_ context.Context, _ ...interface{}) error { + return nil +} + +func (_ *RawQuery) String() string { + return "" +} + +type RelationOpts struct { + Apply func(*SelectQuery) *SelectQuery + AdditionalJoinOnConditions []interface{} +} + +type SelectQuery struct{} + +func (_ *SelectQuery) AppendNamedArg(_ interface{}, _ []byte, _ string) ([]byte, bool) { + return nil, false +} + +func (_ *SelectQuery) AppendQuery(_ interface{}, _ []byte) ([]byte, error) { + return nil, nil +} + +func (_ *SelectQuery) Apply(_ ...func(*SelectQuery) *SelectQuery) *SelectQuery { + return nil +} + +func (_ *SelectQuery) ApplyQueryBuilder(_ func(QueryBuilder) QueryBuilder) *SelectQuery { + return nil +} + +func (_ *SelectQuery) Clone() *SelectQuery { + return nil +} + +func (_ *SelectQuery) Column(_ ...string) *SelectQuery { + return nil +} + +func (_ *SelectQuery) ColumnExpr(_ string, _ ...interface{}) *SelectQuery { + return nil +} + +func (_ *SelectQuery) Comment(_ string) *SelectQuery { + return nil +} + +func (_ *SelectQuery) Conn(_ IConn) *SelectQuery { + return nil +} + +func (_ *SelectQuery) Count(_ context.Context) (int, error) { + return 0, nil +} + +func (_ *SelectQuery) DB() *DB { + return nil +} + +func (_ *SelectQuery) Dialect() interface{} { + return nil +} + +func (_ *SelectQuery) Distinct() *SelectQuery { + return nil +} + +func (_ *SelectQuery) DistinctOn(_ string, _ ...interface{}) *SelectQuery { + return nil +} + +func (_ *SelectQuery) Err(_ error) *SelectQuery { + return nil +} + +func (_ *SelectQuery) Except(_ *SelectQuery) *SelectQuery { + return nil +} + +func (_ *SelectQuery) ExceptAll(_ *SelectQuery) *SelectQuery { + return nil +} + +func (_ *SelectQuery) ExcludeColumn(_ ...string) *SelectQuery { + return nil +} + +func (_ *SelectQuery) Exec(_ context.Context, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *SelectQuery) Exists(_ context.Context) (bool, error) { + return false, nil +} + +func (_ *SelectQuery) For(_ string, _ ...interface{}) *SelectQuery { + return nil +} + +func (_ *SelectQuery) ForceIndex(_ ...string) *SelectQuery { + return nil +} + +func (_ *SelectQuery) ForceIndexForGroupBy(_ ...string) *SelectQuery { + return nil +} + +func (_ *SelectQuery) ForceIndexForJoin(_ ...string) *SelectQuery { + return nil +} + +func (_ *SelectQuery) ForceIndexForOrderBy(_ ...string) *SelectQuery { + return nil +} + +func (_ *SelectQuery) GetModel() interface{} { + return nil +} + +func (_ *SelectQuery) GetTableName() string { + return "" +} + +func (_ *SelectQuery) Group(_ ...string) *SelectQuery { + return nil +} + +func (_ *SelectQuery) GroupExpr(_ string, _ ...interface{}) *SelectQuery { + return nil +} + +func (_ *SelectQuery) Having(_ string, _ ...interface{}) *SelectQuery { + return nil +} + +func (_ *SelectQuery) IgnoreIndex(_ ...string) *SelectQuery { + return nil +} + +func (_ *SelectQuery) IgnoreIndexForGroupBy(_ ...string) *SelectQuery { + return nil +} + +func (_ *SelectQuery) IgnoreIndexForJoin(_ ...string) *SelectQuery { + return nil +} + +func (_ *SelectQuery) IgnoreIndexForOrderBy(_ ...string) *SelectQuery { + return nil +} + +func (_ *SelectQuery) Intersect(_ *SelectQuery) *SelectQuery { + return nil +} + +func (_ *SelectQuery) IntersectAll(_ *SelectQuery) *SelectQuery { + return nil +} + +func (_ *SelectQuery) Join(_ string, _ ...interface{}) *SelectQuery { + return nil +} + +func (_ *SelectQuery) JoinOn(_ string, _ ...interface{}) *SelectQuery { + return nil +} + +func (_ *SelectQuery) JoinOnOr(_ string, _ ...interface{}) *SelectQuery { + return nil +} + +func (_ *SelectQuery) Limit(_ int) *SelectQuery { + return nil +} + +func (_ *SelectQuery) Model(_ interface{}) *SelectQuery { + return nil +} + +func (_ *SelectQuery) ModelTableExpr(_ string, _ ...interface{}) *SelectQuery { + return nil +} + +func (_ *SelectQuery) NewAddColumn() *AddColumnQuery { + return nil +} + +func (_ *SelectQuery) NewCreateIndex() *CreateIndexQuery { + return nil +} + +func (_ *SelectQuery) NewCreateTable() *CreateTableQuery { + return nil +} + +func (_ *SelectQuery) NewDelete() *DeleteQuery { + return nil +} + +func (_ *SelectQuery) NewDropColumn() *DropColumnQuery { + return nil +} + +func (_ *SelectQuery) NewDropIndex() *DropIndexQuery { + return nil +} + +func (_ *SelectQuery) NewDropTable() *DropTableQuery { + return nil +} + +func (_ *SelectQuery) NewInsert() *InsertQuery { + return nil +} + +func (_ *SelectQuery) NewRaw(_ string, _ ...interface{}) *RawQuery { + return nil +} + +func (_ *SelectQuery) NewSelect() *SelectQuery { + return nil +} + +func (_ *SelectQuery) NewTruncateTable() *TruncateTableQuery { + return nil +} + +func (_ *SelectQuery) NewUpdate() *UpdateQuery { + return nil +} + +func (_ *SelectQuery) NewValues(_ interface{}) *ValuesQuery { + return nil +} + +func (_ *SelectQuery) Offset(_ int) *SelectQuery { + return nil +} + +func (_ *SelectQuery) Operation() string { + return "" +} + +func (_ *SelectQuery) Order(_ ...string) *SelectQuery { + return nil +} + +func (_ *SelectQuery) OrderExpr(_ string, _ ...interface{}) *SelectQuery { + return nil +} + +func (_ *SelectQuery) QueryBuilder() QueryBuilder { + return nil +} + +func (_ *SelectQuery) Relation(_ string, _ ...func(*SelectQuery) *SelectQuery) *SelectQuery { + return nil +} + +func (_ *SelectQuery) RelationWithOpts(_ string, _ RelationOpts) *SelectQuery { + return nil +} + +func (_ *SelectQuery) Rows(_ context.Context) (*sql.Rows, error) { + return nil, nil +} + +func (_ *SelectQuery) Scan(_ context.Context, _ ...interface{}) error { + return nil +} + +func (_ *SelectQuery) ScanAndCount(_ context.Context, _ ...interface{}) (int, error) { + return 0, nil +} + +func (_ *SelectQuery) String() string { + return "" +} + +func (_ *SelectQuery) Table(_ ...string) *SelectQuery { + return nil +} + +func (_ *SelectQuery) TableExpr(_ string, _ ...interface{}) *SelectQuery { + return nil +} + +func (_ *SelectQuery) Union(_ *SelectQuery) *SelectQuery { + return nil +} + +func (_ *SelectQuery) UnionAll(_ *SelectQuery) *SelectQuery { + return nil +} + +func (_ *SelectQuery) UseIndex(_ ...string) *SelectQuery { + return nil +} + +func (_ *SelectQuery) UseIndexForGroupBy(_ ...string) *SelectQuery { + return nil +} + +func (_ *SelectQuery) UseIndexForJoin(_ ...string) *SelectQuery { + return nil +} + +func (_ *SelectQuery) UseIndexForOrderBy(_ ...string) *SelectQuery { + return nil +} + +func (_ *SelectQuery) Where(_ string, _ ...interface{}) *SelectQuery { + return nil +} + +func (_ *SelectQuery) WhereAllWithDeleted() *SelectQuery { + return nil +} + +func (_ *SelectQuery) WhereDeleted() *SelectQuery { + return nil +} + +func (_ *SelectQuery) WhereGroup(_ string, _ func(*SelectQuery) *SelectQuery) *SelectQuery { + return nil +} + +func (_ *SelectQuery) WhereOr(_ string, _ ...interface{}) *SelectQuery { + return nil +} + +func (_ *SelectQuery) WherePK(_ ...string) *SelectQuery { + return nil +} + +func (_ *SelectQuery) With(_ string, _ interface{}) *SelectQuery { + return nil +} + +func (_ *SelectQuery) WithRecursive(_ string, _ interface{}) *SelectQuery { + return nil +} + +type Stmt struct { + *sql.Stmt +} + +func (_ Stmt) Close() error { + return nil +} + +func (_ Stmt) Exec(_ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ Stmt) ExecContext(_ context.Context, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ Stmt) Query(_ ...interface{}) (*sql.Rows, error) { + return nil, nil +} + +func (_ Stmt) QueryContext(_ context.Context, _ ...interface{}) (*sql.Rows, error) { + return nil, nil +} + +func (_ Stmt) QueryRow(_ ...interface{}) *sql.Row { + return nil +} + +func (_ Stmt) QueryRowContext(_ context.Context, _ ...interface{}) *sql.Row { + return nil +} + +type TruncateTableQuery struct{} + +func (_ *TruncateTableQuery) AppendNamedArg(_ interface{}, _ []byte, _ string) ([]byte, bool) { + return nil, false +} + +func (_ *TruncateTableQuery) AppendQuery(_ interface{}, _ []byte) ([]byte, error) { + return nil, nil +} + +func (_ *TruncateTableQuery) Cascade() *TruncateTableQuery { + return nil +} + +func (_ *TruncateTableQuery) Comment(_ string) *TruncateTableQuery { + return nil +} + +func (_ *TruncateTableQuery) Conn(_ IConn) *TruncateTableQuery { + return nil +} + +func (_ *TruncateTableQuery) ContinueIdentity() *TruncateTableQuery { + return nil +} + +func (_ *TruncateTableQuery) DB() *DB { + return nil +} + +func (_ *TruncateTableQuery) Dialect() interface{} { + return nil +} + +func (_ *TruncateTableQuery) Err(_ error) *TruncateTableQuery { + return nil +} + +func (_ *TruncateTableQuery) Exec(_ context.Context, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *TruncateTableQuery) GetModel() interface{} { + return nil +} + +func (_ *TruncateTableQuery) GetTableName() string { + return "" +} + +func (_ *TruncateTableQuery) Model(_ interface{}) *TruncateTableQuery { + return nil +} + +func (_ *TruncateTableQuery) ModelTableExpr(_ string, _ ...interface{}) *TruncateTableQuery { + return nil +} + +func (_ *TruncateTableQuery) NewAddColumn() *AddColumnQuery { + return nil +} + +func (_ *TruncateTableQuery) NewCreateIndex() *CreateIndexQuery { + return nil +} + +func (_ *TruncateTableQuery) NewCreateTable() *CreateTableQuery { + return nil +} + +func (_ *TruncateTableQuery) NewDelete() *DeleteQuery { + return nil +} + +func (_ *TruncateTableQuery) NewDropColumn() *DropColumnQuery { + return nil +} + +func (_ *TruncateTableQuery) NewDropIndex() *DropIndexQuery { + return nil +} + +func (_ *TruncateTableQuery) NewDropTable() *DropTableQuery { + return nil +} + +func (_ *TruncateTableQuery) NewInsert() *InsertQuery { + return nil +} + +func (_ *TruncateTableQuery) NewRaw(_ string, _ ...interface{}) *RawQuery { + return nil +} + +func (_ *TruncateTableQuery) NewSelect() *SelectQuery { + return nil +} + +func (_ *TruncateTableQuery) NewTruncateTable() *TruncateTableQuery { + return nil +} + +func (_ *TruncateTableQuery) NewUpdate() *UpdateQuery { + return nil +} + +func (_ *TruncateTableQuery) NewValues(_ interface{}) *ValuesQuery { + return nil +} + +func (_ *TruncateTableQuery) Operation() string { + return "" +} + +func (_ *TruncateTableQuery) Restrict() *TruncateTableQuery { + return nil +} + +func (_ *TruncateTableQuery) Table(_ ...string) *TruncateTableQuery { + return nil +} + +func (_ *TruncateTableQuery) TableExpr(_ string, _ ...interface{}) *TruncateTableQuery { + return nil +} + +type Tx struct { + *sql.Tx +} + +func (_ Tx) Begin() (Tx, error) { + return Tx{}, nil +} + +func (_ Tx) BeginTx(_ context.Context, _ *sql.TxOptions) (Tx, error) { + return Tx{}, nil +} + +func (_ Tx) Commit() error { + return nil +} + +func (_ Tx) Dialect() interface{} { + return nil +} + +func (_ Tx) Exec(_ string, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ Tx) ExecContext(_ context.Context, _ string, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ Tx) NewAddColumn() *AddColumnQuery { + return nil +} + +func (_ Tx) NewCreateIndex() *CreateIndexQuery { + return nil +} + +func (_ Tx) NewCreateTable() *CreateTableQuery { + return nil +} + +func (_ Tx) NewDelete() *DeleteQuery { + return nil +} + +func (_ Tx) NewDropColumn() *DropColumnQuery { + return nil +} + +func (_ Tx) NewDropIndex() *DropIndexQuery { + return nil +} + +func (_ Tx) NewDropTable() *DropTableQuery { + return nil +} + +func (_ Tx) NewInsert() *InsertQuery { + return nil +} + +func (_ Tx) NewMerge() *MergeQuery { + return nil +} + +func (_ Tx) NewRaw(_ string, _ ...interface{}) *RawQuery { + return nil +} + +func (_ Tx) NewSelect() *SelectQuery { + return nil +} + +func (_ Tx) NewTruncateTable() *TruncateTableQuery { + return nil +} + +func (_ Tx) NewUpdate() *UpdateQuery { + return nil +} + +func (_ Tx) NewValues(_ interface{}) *ValuesQuery { + return nil +} + +func (_ Tx) Prepare(_ string) (*sql.Stmt, error) { + return nil, nil +} + +func (_ Tx) PrepareContext(_ context.Context, _ string) (*sql.Stmt, error) { + return nil, nil +} + +func (_ Tx) Query(_ string, _ ...interface{}) (*sql.Rows, error) { + return nil, nil +} + +func (_ Tx) QueryContext(_ context.Context, _ string, _ ...interface{}) (*sql.Rows, error) { + return nil, nil +} + +func (_ Tx) QueryRow(_ string, _ ...interface{}) *sql.Row { + return nil +} + +func (_ Tx) QueryRowContext(_ context.Context, _ string, _ ...interface{}) *sql.Row { + return nil +} + +func (_ Tx) Rollback() error { + return nil +} + +func (_ Tx) RunInTx(_ context.Context, _ *sql.TxOptions, _ func(context.Context, Tx) error) error { + return nil +} + +func (_ Tx) Stmt(_ *sql.Stmt) *sql.Stmt { + return nil +} + +func (_ Tx) StmtContext(_ context.Context, _ *sql.Stmt) *sql.Stmt { + return nil +} + +type UpdateQuery struct{} + +func (_ *UpdateQuery) AppendNamedArg(_ interface{}, _ []byte, _ string) ([]byte, bool) { + return nil, false +} + +func (_ *UpdateQuery) AppendQuery(_ interface{}, _ []byte) ([]byte, error) { + return nil, nil +} + +func (_ *UpdateQuery) Apply(_ ...func(*UpdateQuery) *UpdateQuery) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) ApplyQueryBuilder(_ func(QueryBuilder) QueryBuilder) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) Bulk() *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) Column(_ ...string) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) Comment(_ string) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) Conn(_ IConn) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) DB() *DB { + return nil +} + +func (_ *UpdateQuery) Dialect() interface{} { + return nil +} + +func (_ *UpdateQuery) Err(_ error) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) ExcludeColumn(_ ...string) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) Exec(_ context.Context, _ ...interface{}) (sql.Result, error) { + return nil, nil +} + +func (_ *UpdateQuery) FQN(_ string) interface{} { + return nil +} + +func (_ *UpdateQuery) ForceIndex(_ ...string) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) GetModel() interface{} { + return nil +} + +func (_ *UpdateQuery) GetTableName() string { + return "" +} + +func (_ *UpdateQuery) IgnoreIndex(_ ...string) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) Join(_ string, _ ...interface{}) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) JoinOn(_ string, _ ...interface{}) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) JoinOnOr(_ string, _ ...interface{}) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) Limit(_ int) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) Model(_ interface{}) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) ModelTableExpr(_ string, _ ...interface{}) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) NewAddColumn() *AddColumnQuery { + return nil +} + +func (_ *UpdateQuery) NewCreateIndex() *CreateIndexQuery { + return nil +} + +func (_ *UpdateQuery) NewCreateTable() *CreateTableQuery { + return nil +} + +func (_ *UpdateQuery) NewDelete() *DeleteQuery { + return nil +} + +func (_ *UpdateQuery) NewDropColumn() *DropColumnQuery { + return nil +} + +func (_ *UpdateQuery) NewDropIndex() *DropIndexQuery { + return nil +} + +func (_ *UpdateQuery) NewDropTable() *DropTableQuery { + return nil +} + +func (_ *UpdateQuery) NewInsert() *InsertQuery { + return nil +} + +func (_ *UpdateQuery) NewRaw(_ string, _ ...interface{}) *RawQuery { + return nil +} + +func (_ *UpdateQuery) NewSelect() *SelectQuery { + return nil +} + +func (_ *UpdateQuery) NewTruncateTable() *TruncateTableQuery { + return nil +} + +func (_ *UpdateQuery) NewUpdate() *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) NewValues(_ interface{}) *ValuesQuery { + return nil +} + +func (_ *UpdateQuery) OmitZero() *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) Operation() string { + return "" +} + +func (_ *UpdateQuery) Order(_ ...string) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) OrderExpr(_ string, _ ...interface{}) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) QueryBuilder() QueryBuilder { + return nil +} + +func (_ *UpdateQuery) Returning(_ string, _ ...interface{}) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) Scan(_ context.Context, _ ...interface{}) error { + return nil +} + +func (_ *UpdateQuery) Set(_ string, _ ...interface{}) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) SetColumn(_ string, _ string, _ ...interface{}) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) String() string { + return "" +} + +func (_ *UpdateQuery) Table(_ ...string) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) TableExpr(_ string, _ ...interface{}) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) UseIndex(_ ...string) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) Value(_ string, _ string, _ ...interface{}) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) Where(_ string, _ ...interface{}) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) WhereAllWithDeleted() *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) WhereDeleted() *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) WhereGroup(_ string, _ func(*UpdateQuery) *UpdateQuery) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) WhereOr(_ string, _ ...interface{}) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) WherePK(_ ...string) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) With(_ string, _ interface{}) *UpdateQuery { + return nil +} + +func (_ *UpdateQuery) WithRecursive(_ string, _ interface{}) *UpdateQuery { + return nil +} + +type ValuesQuery struct{} + +func (_ *ValuesQuery) AppendColumns(_ interface{}, _ []byte) ([]byte, error) { + return nil, nil +} + +func (_ *ValuesQuery) AppendNamedArg(_ interface{}, _ []byte, _ string) ([]byte, bool) { + return nil, false +} + +func (_ *ValuesQuery) AppendQuery(_ interface{}, _ []byte) ([]byte, error) { + return nil, nil +} + +func (_ *ValuesQuery) Column(_ ...string) *ValuesQuery { + return nil +} + +func (_ *ValuesQuery) Comment(_ string) *ValuesQuery { + return nil +} + +func (_ *ValuesQuery) Conn(_ IConn) *ValuesQuery { + return nil +} + +func (_ *ValuesQuery) DB() *DB { + return nil +} + +func (_ *ValuesQuery) Dialect() interface{} { + return nil +} + +func (_ *ValuesQuery) Err(_ error) *ValuesQuery { + return nil +} + +func (_ *ValuesQuery) GetModel() interface{} { + return nil +} + +func (_ *ValuesQuery) GetTableName() string { + return "" +} + +func (_ *ValuesQuery) NewAddColumn() *AddColumnQuery { + return nil +} + +func (_ *ValuesQuery) NewCreateIndex() *CreateIndexQuery { + return nil +} + +func (_ *ValuesQuery) NewCreateTable() *CreateTableQuery { + return nil +} + +func (_ *ValuesQuery) NewDelete() *DeleteQuery { + return nil +} + +func (_ *ValuesQuery) NewDropColumn() *DropColumnQuery { + return nil +} + +func (_ *ValuesQuery) NewDropIndex() *DropIndexQuery { + return nil +} + +func (_ *ValuesQuery) NewDropTable() *DropTableQuery { + return nil +} + +func (_ *ValuesQuery) NewInsert() *InsertQuery { + return nil +} + +func (_ *ValuesQuery) NewRaw(_ string, _ ...interface{}) *RawQuery { + return nil +} + +func (_ *ValuesQuery) NewSelect() *SelectQuery { + return nil +} + +func (_ *ValuesQuery) NewTruncateTable() *TruncateTableQuery { + return nil +} + +func (_ *ValuesQuery) NewUpdate() *UpdateQuery { + return nil +} + +func (_ *ValuesQuery) NewValues(_ interface{}) *ValuesQuery { + return nil +} + +func (_ *ValuesQuery) Operation() string { + return "" +} + +func (_ *ValuesQuery) Value(_ string, _ string, _ ...interface{}) *ValuesQuery { + return nil +} + +func (_ *ValuesQuery) WithOrder() *ValuesQuery { + return nil +} diff --git a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/modules.txt b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/modules.txt index bba2801e9c3..0b90dd899e3 100644 --- a/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/modules.txt +++ b/go/ql/test/library-tests/semmle/go/dataflow/flowsources/local/database/vendor/modules.txt @@ -10,6 +10,9 @@ github.com/couchbase/gocb # github.com/couchbase/gocb/v2 v2.9.4 ## explicit github.com/couchbase/gocb/v2 +# github.com/gogf/gf v1.16.9 +## explicit +github.com/gogf/gf/database/gdb # github.com/jmoiron/sqlx v1.4.0 ## explicit github.com/jmoiron/sqlx @@ -19,6 +22,9 @@ github.com/Masterminds/squirrel # github.com/rqlite/gorqlite v0.0.0-20250128004930-114c7828b55a ## explicit github.com/rqlite/gorqlite +# github.com/uptrace/bun v1.2.11 +## explicit +github.com/uptrace/bun # go.mongodb.org/mongo-driver v1.17.3 ## explicit go.mongodb.org/mongo-driver/mongo From 14a84c3209702151076e8267bff66c8eb3a242ce Mon Sep 17 00:00:00 2001 From: idrissrio Date: Wed, 2 Apr 2025 15:20:06 +0200 Subject: [PATCH 187/409] C++: update expected test results after extractor changes --- cpp/ql/test/library-tests/specifiers2/specifiers2.expected | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/cpp/ql/test/library-tests/specifiers2/specifiers2.expected b/cpp/ql/test/library-tests/specifiers2/specifiers2.expected index c0259eb0901..d2af0d309e8 100644 --- a/cpp/ql/test/library-tests/specifiers2/specifiers2.expected +++ b/cpp/ql/test/library-tests/specifiers2/specifiers2.expected @@ -27,7 +27,7 @@ | Function | cpp20.cpp:62:8:62:8 | operator= | operator= | extern, inline, is_constexpr, public | | Function | cpp20.cpp:62:8:62:8 | operator= | operator= | extern, inline, is_constexpr, public | | Function | cpp20.cpp:64:5:64:21 | TestExplicitBool4 | TestExplicitBool4 | explicit, extern, public | -| Function | file://:0:0:0:0 | TestExplicitBool | TestExplicitBool | explicit, has_trailing_return_type | +| Function | file://:0:0:0:0 | TestExplicitBool | TestExplicitBool | explicit | | Function | file://:0:0:0:0 | operator delete | operator delete | extern | | Function | file://:0:0:0:0 | operator new | operator new | extern | | Function | specifiers2.c:11:6:11:6 | f | f | c_linkage, extern | @@ -67,6 +67,8 @@ | Function | specifiers2pp.cpp:63:19:63:34 | member_constexpr | member_constexpr | const, declared_constexpr, inline, is_constexpr, private | | Function | specifiers2pp.cpp:64:19:64:40 | member_const_constexpr | member_const_constexpr | const, declared_constexpr, inline, is_constexpr, private | | FunctionDeclarationEntry | cpp20.cpp:11:14:11:24 | declaration of TestExplict | TestExplict | explicit | +| FunctionDeclarationEntry | cpp20.cpp:23:1:23:1 | declaration of TestExplicitBool | TestExplicitBool | has_trailing_return_type | +| FunctionDeclarationEntry | cpp20.cpp:24:1:24:16 | definition of TestExplicitBool | TestExplicitBool | has_trailing_return_type | | FunctionDeclarationEntry | cpp20.cpp:40:23:40:23 | definition of TestExplicitBool2 | TestExplicitBool2 | explicit | | FunctionDeclarationEntry | cpp20.cpp:51:5:51:5 | definition of TestExplicitBool3 | TestExplicitBool3 | explicit | | FunctionDeclarationEntry | cpp20.cpp:51:5:51:21 | declaration of TestExplicitBool3 | TestExplicitBool3 | explicit | From 2193bece907d31ec6c052b2ffd52efa064ada77c Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 2 Apr 2025 15:30:48 +0200 Subject: [PATCH 188/409] C#: Update test expected output. --- .../Control-Flow/ConstantCondition/ConstantCondition.expected | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantCondition.expected b/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantCondition.expected index 9e0e69edb90..e154d10b9d3 100644 --- a/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantCondition.expected +++ b/csharp/ql/test/query-tests/Bad Practices/Control-Flow/ConstantCondition/ConstantCondition.expected @@ -11,6 +11,7 @@ | ConstantCondition.cs:114:13:114:14 | access to parameter b1 | Condition always evaluates to 'true'. | | ConstantCondition.cs:114:19:114:20 | access to parameter b2 | Condition always evaluates to 'true'. | | ConstantCondition.cs:141:22:141:22 | _ | Pattern always matches. | +| ConstantConditionBad.cs:5:16:5:20 | ... > ... | Condition always evaluates to 'false'. | | ConstantConditionalExpressionCondition.cs:11:22:11:34 | ... == ... | Condition always evaluates to 'true'. | | ConstantConditionalExpressionCondition.cs:12:21:12:25 | false | Condition always evaluates to 'false'. | | ConstantConditionalExpressionCondition.cs:13:21:13:30 | ... == ... | Condition always evaluates to 'true'. | @@ -19,7 +20,6 @@ | ConstantIfCondition.cs:11:17:11:29 | ... == ... | Condition always evaluates to 'true'. | | ConstantIfCondition.cs:14:17:14:21 | false | Condition always evaluates to 'false'. | | ConstantIfCondition.cs:17:17:17:26 | ... == ... | Condition always evaluates to 'true'. | -| ConstantIfCondition.cs:30:20:30:24 | ... > ... | Condition always evaluates to 'false'. | | ConstantIsNullOrEmpty.cs:10:21:10:54 | call to method IsNullOrEmpty | Condition always evaluates to 'false'. | | ConstantIsNullOrEmpty.cs:46:21:46:46 | call to method IsNullOrEmpty | Condition always evaluates to 'true'. | | ConstantIsNullOrEmpty.cs:50:21:50:44 | call to method IsNullOrEmpty | Condition always evaluates to 'true'. | From 001735bfb8bc2d28541ce9286e4d6083b9fda219 Mon Sep 17 00:00:00 2001 From: Simon Friis Vindum Date: Wed, 2 Apr 2025 15:01:05 +0200 Subject: [PATCH 189/409] Rust: Take internal IDs of a smaller class --- rust/ql/lib/codeql/rust/internal/TypeInference.qll | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/rust/ql/lib/codeql/rust/internal/TypeInference.qll b/rust/ql/lib/codeql/rust/internal/TypeInference.qll index bef741d2470..ed6370f1638 100644 --- a/rust/ql/lib/codeql/rust/internal/TypeInference.qll +++ b/rust/ql/lib/codeql/rust/internal/TypeInference.qll @@ -69,9 +69,12 @@ private module Input1 implements InputSig1 { apos.asMethodTypeArgumentPosition() = ppos.asTypeParam().getPosition() } - private predicate id(Raw::AstNode x, Raw::AstNode y) { x = y } + /** A raw AST node that might correspond to a type parameter. */ + private class RawTypeParameter = @type_param or @trait; - private predicate idOfRaw(Raw::AstNode x, int y) = equivalenceRelation(id/2)(x, y) + private predicate id(RawTypeParameter x, RawTypeParameter y) { x = y } + + private predicate idOfRaw(RawTypeParameter x, int y) = equivalenceRelation(id/2)(x, y) private int idOf(AstNode node) { idOfRaw(Synth::convertAstNodeToRaw(node), result) } From 16142a287a8cf9a49a10ac9aae5058871e4a234f Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 2 Apr 2025 15:43:34 +0200 Subject: [PATCH 190/409] C#: Add NoDisposeCallOnLocalIDisposableBad file and update test expected output. --- .../NoDisposeCallOnLocalIDisposable.cs | 9 --------- .../NoDisposeCallOnLocalIDisposable.expected | 2 +- .../NoDisposeCallOnLocalIDisposableBad.cs | 11 +++++++++++ 3 files changed, 12 insertions(+), 10 deletions(-) create mode 100644 csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/NoDisposeCallOnLocalIDisposableBad.cs diff --git a/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/NoDisposeCallOnLocalIDisposable.cs b/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/NoDisposeCallOnLocalIDisposable.cs index aa11be14f67..a2fd6cd50f1 100644 --- a/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/NoDisposeCallOnLocalIDisposable.cs +++ b/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/NoDisposeCallOnLocalIDisposable.cs @@ -114,15 +114,6 @@ class Test public void Dispose() { } } -class Bad -{ - long GetLength(string file) - { - var stream = new FileStream(file, FileMode.Open); // $ Alert - return stream.Length; - } -} - static class Extensions { public static FileStream Fluent(this FileStream fs) => fs; diff --git a/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/NoDisposeCallOnLocalIDisposable.expected b/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/NoDisposeCallOnLocalIDisposable.expected index f08cf6837c5..5d82fb99a8d 100644 --- a/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/NoDisposeCallOnLocalIDisposable.expected +++ b/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/NoDisposeCallOnLocalIDisposable.expected @@ -4,4 +4,4 @@ | NoDisposeCallOnLocalIDisposable.cs:76:25:76:71 | call to method Create | Disposable 'XmlReader' is created but not disposed. | | NoDisposeCallOnLocalIDisposable.cs:76:42:76:64 | object creation of type StringReader | Disposable 'StringReader' is created but not disposed. | | NoDisposeCallOnLocalIDisposable.cs:104:23:104:38 | object creation of type HttpClient | Disposable 'HttpClient' is created but not disposed. | -| NoDisposeCallOnLocalIDisposable.cs:121:22:121:56 | object creation of type FileStream | Disposable 'FileStream' is created but not disposed. | +| NoDisposeCallOnLocalIDisposableBad.cs:8:22:8:56 | object creation of type FileStream | Disposable 'FileStream' is created but not disposed. | diff --git a/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/NoDisposeCallOnLocalIDisposableBad.cs b/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/NoDisposeCallOnLocalIDisposableBad.cs new file mode 100644 index 00000000000..e8f00535890 --- /dev/null +++ b/csharp/ql/test/query-tests/API Abuse/NoDisposeCallOnLocalIDisposable/NoDisposeCallOnLocalIDisposableBad.cs @@ -0,0 +1,11 @@ +using System; +using System.IO; + +class Bad +{ + long GetLength(string file) + { + var stream = new FileStream(file, FileMode.Open); // $ Alert + return stream.Length; + } +} From d8ef4fc25d067d7ec159b1ebf3adc6048db78fb8 Mon Sep 17 00:00:00 2001 From: Jon Janego Date: Wed, 2 Apr 2025 10:22:27 -0500 Subject: [PATCH 191/409] Update javascript/ql/src/Expressions/ExprHasNoEffect.ql Co-authored-by: Napalys Klicius --- javascript/ql/src/Expressions/ExprHasNoEffect.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/javascript/ql/src/Expressions/ExprHasNoEffect.ql b/javascript/ql/src/Expressions/ExprHasNoEffect.ql index 197564244af..9cdb22b8ecf 100644 --- a/javascript/ql/src/Expressions/ExprHasNoEffect.ql +++ b/javascript/ql/src/Expressions/ExprHasNoEffect.ql @@ -6,7 +6,7 @@ * @problem.severity warning * @id js/useless-expression * @tags quality -* maintainability + * maintainability * correctness * external/cwe/cwe-480 * external/cwe/cwe-561 From 4207322719f3ba31948636b257a31aade1c1fa50 Mon Sep 17 00:00:00 2001 From: Aditya Sharad Date: Wed, 2 Apr 2025 11:39:01 -0700 Subject: [PATCH 192/409] Docs: Make Actions underlines the right length Fixes warnings in Sphinx build. --- .../codeql-language-guides/codeql-library-for-actions.rst | 2 +- .../customizing-library-models-for-actions.rst | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst b/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst index 52baa1ed51e..2923b3f7415 100644 --- a/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst +++ b/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst @@ -1,7 +1,7 @@ .. _codeql-library-for-actions: CodeQL library for GitHub Actions -======================= +================================= When you're analyzing GitHub Actions workflows and action metadata files, you can make use of the large collection of classes in the CodeQL library for GitHub Actions. diff --git a/docs/codeql/codeql-language-guides/customizing-library-models-for-actions.rst b/docs/codeql/codeql-language-guides/customizing-library-models-for-actions.rst index 40bee7079b5..3d1a0b21827 100644 --- a/docs/codeql/codeql-language-guides/customizing-library-models-for-actions.rst +++ b/docs/codeql/codeql-language-guides/customizing-library-models-for-actions.rst @@ -1,7 +1,7 @@ .. _customizing-library-models-for-actions: Customizing Library Models for GitHub Actions -========================================= +============================================= .. include:: ../reusables/beta-note-customizing-library-models.rst From 118abd40c958f98e5632299f36eb4eecbb1c2757 Mon Sep 17 00:00:00 2001 From: Jonas Jensen Date: Wed, 2 Apr 2025 14:19:45 -0700 Subject: [PATCH 193/409] Java: add exclude-from-incremental tag to telemetry queries In the future, this tag should signal to the action that the queries should be excluded from incremental scans because they are too slow and/or produce too many results. The three queries tagged here rely on global data-flow analysis to find all XSS sinks. All other metric and diagnostic queries are fast enough for incrementality. --- java/ql/src/Telemetry/SupportedExternalApis.ql | 2 +- java/ql/src/Telemetry/SupportedExternalSinks.ql | 2 +- java/ql/src/Telemetry/UnsupportedExternalAPIs.ql | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/java/ql/src/Telemetry/SupportedExternalApis.ql b/java/ql/src/Telemetry/SupportedExternalApis.ql index a28b408cbb5..a49eb9456fc 100644 --- a/java/ql/src/Telemetry/SupportedExternalApis.ql +++ b/java/ql/src/Telemetry/SupportedExternalApis.ql @@ -2,7 +2,7 @@ * @name Usage of supported APIs coming from external libraries * @description A list of supported 3rd party APIs used in the codebase. Excludes test and generated code. * @kind metric - * @tags summary telemetry + * @tags summary telemetry exclude-from-incremental * @id java/telemetry/supported-external-api */ diff --git a/java/ql/src/Telemetry/SupportedExternalSinks.ql b/java/ql/src/Telemetry/SupportedExternalSinks.ql index 6456b7e296c..23b7cfeeb51 100644 --- a/java/ql/src/Telemetry/SupportedExternalSinks.ql +++ b/java/ql/src/Telemetry/SupportedExternalSinks.ql @@ -2,7 +2,7 @@ * @name Supported sinks in external libraries * @description A list of 3rd party APIs detected as sinks. Excludes test and generated code. * @kind metric - * @tags summary telemetry + * @tags summary telemetry exclude-from-incremental * @id java/telemetry/supported-external-api-sinks */ diff --git a/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql b/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql index c4ff31847e3..ee3f6bcdefa 100644 --- a/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql +++ b/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql @@ -2,7 +2,7 @@ * @name Usage of unsupported APIs coming from external libraries * @description A list of 3rd party APIs used in the codebase. Excludes test and generated code. * @kind metric - * @tags summary telemetry + * @tags summary telemetry exclude-from-incremental * @id java/telemetry/unsupported-external-api */ From 67dd301a37f3509a09fa804880b953dfc00dbfe3 Mon Sep 17 00:00:00 2001 From: Aditya Sharad Date: Wed, 2 Apr 2025 15:25:27 -0700 Subject: [PATCH 194/409] Docs: Add language guide structure for Actions --- .../codeql-for-actions.rst | 17 +++++++++++++++++ docs/codeql/codeql-language-guides/index.rst | 1 + 2 files changed, 18 insertions(+) create mode 100644 docs/codeql/codeql-language-guides/codeql-for-actions.rst diff --git a/docs/codeql/codeql-language-guides/codeql-for-actions.rst b/docs/codeql/codeql-language-guides/codeql-for-actions.rst new file mode 100644 index 00000000000..a05ad84ccb1 --- /dev/null +++ b/docs/codeql/codeql-language-guides/codeql-for-actions.rst @@ -0,0 +1,17 @@ + +.. _codeql-for-actions: + +CodeQL for GitHub Actions +=============== + +Experiment and learn how to write effective and efficient queries for CodeQL databases generated from GitHub Actions code. + +.. toctree:: + :hidden: + + codeql-library-for-actions + customizing-library-models-for-actions + +- :doc:`CodeQL library for GitHub Actions `: When you're analyzing a Ruby program, you can make use of the large collection of classes in the CodeQL library for GitHub Actions. + +- :doc:`Customizing library models for GitHub Actions `: You can model frameworks and libraries that your codebase depends on using data extensions and publish them as CodeQL model packs. diff --git a/docs/codeql/codeql-language-guides/index.rst b/docs/codeql/codeql-language-guides/index.rst index 2b4fabc01a7..f59d8163db2 100644 --- a/docs/codeql/codeql-language-guides/index.rst +++ b/docs/codeql/codeql-language-guides/index.rst @@ -7,6 +7,7 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat .. toctree:: + codeql-for-actions codeql-for-cpp codeql-for-csharp codeql-for-go From 8f6dc1cdfc0624ee2fbff10b72a106c03eac287a Mon Sep 17 00:00:00 2001 From: Aditya Sharad Date: Wed, 2 Apr 2025 15:56:42 -0700 Subject: [PATCH 195/409] Docs: Fix more short underlines --- docs/codeql/codeql-language-guides/codeql-for-actions.rst | 2 +- .../codeql-language-guides/codeql-library-for-actions.rst | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/codeql/codeql-language-guides/codeql-for-actions.rst b/docs/codeql/codeql-language-guides/codeql-for-actions.rst index a05ad84ccb1..d4597811a47 100644 --- a/docs/codeql/codeql-language-guides/codeql-for-actions.rst +++ b/docs/codeql/codeql-language-guides/codeql-for-actions.rst @@ -2,7 +2,7 @@ .. _codeql-for-actions: CodeQL for GitHub Actions -=============== +========================= Experiment and learn how to write effective and efficient queries for CodeQL databases generated from GitHub Actions code. diff --git a/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst b/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst index 2923b3f7415..5f4b03fa5e3 100644 --- a/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst +++ b/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst @@ -101,7 +101,7 @@ to all AST classes: Workflows -~~~~~~~ +~~~~~~~~~ A workflow is a configurable automated process made up of one or more jobs, defined in a workflow YAML file in the `.github/workflows` directory of a GitHub repository. From 4d6afe7d29618013925d43f60f3484f1531e1b3c Mon Sep 17 00:00:00 2001 From: Aditya Sharad Date: Wed, 2 Apr 2025 16:00:55 -0700 Subject: [PATCH 196/409] Docs: Address comments on Actions docs --- .../codeql-language-guides/codeql-library-for-actions.rst | 4 ++-- docs/codeql/reusables/supported-versions-compilers.rst | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst b/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst index 5f4b03fa5e3..507438583c6 100644 --- a/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst +++ b/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst @@ -3,7 +3,7 @@ CodeQL library for GitHub Actions ================================= -When you're analyzing GitHub Actions workflows and action metadata files, you can make use of the large collection of classes in the CodeQL library for GitHub Actions. +When you're analyzing GitHub Actions workflows and Action metadata files, you can make use of the large collection of classes in the CodeQL library for GitHub Actions. Overview -------- @@ -116,7 +116,7 @@ See the GitHub Actions documentation on `workflows Date: Wed, 2 Apr 2025 19:54:28 +0200 Subject: [PATCH 197/409] Ruby: Add argument-less `super` call tests --- ruby/ql/test/library-tests/ast/Ast.expected | 40 + .../library-tests/ast/TreeSitter.expected | 90 ++ .../test/library-tests/ast/ValueText.expected | 10 + .../library-tests/ast/params/params.expected | 30 + .../test/library-tests/ast/params/params.rb | 15 + .../dataflow/params/TypeTracker.expected | 866 +++++++++++++----- .../dataflow/params/params_flow.rb | 22 + 7 files changed, 844 insertions(+), 229 deletions(-) diff --git a/ruby/ql/test/library-tests/ast/Ast.expected b/ruby/ql/test/library-tests/ast/Ast.expected index 0748c0cfde6..5c29d3f536d 100644 --- a/ruby/ql/test/library-tests/ast/Ast.expected +++ b/ruby/ql/test/library-tests/ast/Ast.expected @@ -3153,6 +3153,46 @@ params/params.rb: # 95| getReceiver: [LocalVariableAccess] hash # 95| getArgument: [HashSplatExpr] ** ... # 95| getAnOperand/getOperand/getReceiver: [LocalVariableAccess] __synth__0 +# 98| getStmt: [ClassDeclaration] Sup +# 99| getStmt: [Method] m +# 99| getParameter: [SimpleParameter] x +# 99| getDefiningAccess: [LocalVariableAccess] x +# 99| getParameter: [SplatParameter] *rest +# 99| getDefiningAccess: [LocalVariableAccess] rest +# 99| getParameter: [KeywordParameter] k +# 99| getDefiningAccess: [LocalVariableAccess] k +# 99| getParameter: [HashSplatParameter] **kwargs +# 99| getDefiningAccess: [LocalVariableAccess] kwargs +# 100| getStmt: [MethodCall] call to print +# 100| getReceiver: [SelfVariableAccess] self +# 100| getArgument: [AddExpr] ... + ... +# 100| getAnOperand/getLeftOperand/getReceiver: [LocalVariableAccess] x +# 100| getAnOperand/getArgument/getRightOperand: [IntegerLiteral] 1 +# 101| getStmt: [MethodCall] call to print +# 101| getReceiver: [SelfVariableAccess] self +# 101| getArgument: [AddExpr] ... + ... +# 101| getAnOperand/getLeftOperand/getReceiver: [LocalVariableAccess] k +# 101| getAnOperand/getArgument/getRightOperand: [IntegerLiteral] 1 +# 105| getStmt: [ClassDeclaration] Sub +# 105| getSuperclassExpr: [ConstantReadAccess] Sup +# 106| getStmt: [Method] m +# 106| getParameter: [SimpleParameter] y +# 106| getDefiningAccess: [LocalVariableAccess] y +# 106| getParameter: [SplatParameter] *rest +# 106| getDefiningAccess: [LocalVariableAccess] rest +# 106| getParameter: [KeywordParameter] k +# 106| getDefiningAccess: [LocalVariableAccess] k +# 106| getParameter: [HashSplatParameter] **kwargs +# 106| getDefiningAccess: [LocalVariableAccess] kwargs +# 107| getStmt: [SuperCall] super call to m +# 111| getStmt: [MethodCall] call to m +# 111| getReceiver: [MethodCall] call to new +# 111| getReceiver: [ConstantReadAccess] Sub +# 111| getArgument: [IntegerLiteral] 42 +# 111| getArgument: [Pair] Pair +# 111| getKey: [SymbolLiteral] :k +# 111| getComponent: [StringTextComponent] k +# 111| getValue: [IntegerLiteral] 22 erb/template.html.erb: # 19| [Toplevel] template.html.erb # 19| getStmt: [StringLiteral] "hello world" diff --git a/ruby/ql/test/library-tests/ast/TreeSitter.expected b/ruby/ql/test/library-tests/ast/TreeSitter.expected index 8b72224d002..04a66cce847 100644 --- a/ruby/ql/test/library-tests/ast/TreeSitter.expected +++ b/ruby/ql/test/library-tests/ast/TreeSitter.expected @@ -6192,6 +6192,96 @@ params/params.rb: # 95| 0: [ReservedWord] ** # 95| 2: [ReservedWord] ) # 96| 4: [ReservedWord] end +# 98| 25: [Class] Class +# 98| 0: [ReservedWord] class +# 98| 1: [Constant] Sup +# 99| 2: [BodyStatement] BodyStatement +# 99| 0: [Method] Method +# 99| 0: [ReservedWord] def +# 99| 1: [Identifier] m +# 99| 2: [MethodParameters] MethodParameters +# 99| 0: [ReservedWord] ( +# 99| 1: [Identifier] x +# 99| 2: [ReservedWord] , +# 99| 3: [SplatParameter] SplatParameter +# 99| 0: [ReservedWord] * +# 99| 1: [Identifier] rest +# 99| 4: [ReservedWord] , +# 99| 5: [KeywordParameter] KeywordParameter +# 99| 0: [Identifier] k +# 99| 1: [ReservedWord] : +# 99| 6: [ReservedWord] , +# 99| 7: [HashSplatParameter] HashSplatParameter +# 99| 0: [ReservedWord] ** +# 99| 1: [Identifier] kwargs +# 99| 8: [ReservedWord] ) +# 100| 3: [BodyStatement] BodyStatement +# 100| 0: [Call] Call +# 100| 0: [Identifier] print +# 100| 1: [ArgumentList] ArgumentList +# 100| 0: [ReservedWord] ( +# 100| 1: [Binary] Binary +# 100| 0: [Identifier] x +# 100| 1: [ReservedWord] + +# 100| 2: [Integer] 1 +# 100| 2: [ReservedWord] ) +# 101| 1: [Call] Call +# 101| 0: [Identifier] print +# 101| 1: [ArgumentList] ArgumentList +# 101| 0: [ReservedWord] ( +# 101| 1: [Binary] Binary +# 101| 0: [Identifier] k +# 101| 1: [ReservedWord] + +# 101| 2: [Integer] 1 +# 101| 2: [ReservedWord] ) +# 102| 4: [ReservedWord] end +# 103| 3: [ReservedWord] end +# 105| 26: [Class] Class +# 105| 0: [ReservedWord] class +# 105| 1: [Constant] Sub +# 105| 2: [Superclass] Superclass +# 105| 0: [ReservedWord] < +# 105| 1: [Constant] Sup +# 106| 3: [BodyStatement] BodyStatement +# 106| 0: [Method] Method +# 106| 0: [ReservedWord] def +# 106| 1: [Identifier] m +# 106| 2: [MethodParameters] MethodParameters +# 106| 0: [ReservedWord] ( +# 106| 1: [Identifier] y +# 106| 2: [ReservedWord] , +# 106| 3: [SplatParameter] SplatParameter +# 106| 0: [ReservedWord] * +# 106| 1: [Identifier] rest +# 106| 4: [ReservedWord] , +# 106| 5: [KeywordParameter] KeywordParameter +# 106| 0: [Identifier] k +# 106| 1: [ReservedWord] : +# 106| 6: [ReservedWord] , +# 106| 7: [HashSplatParameter] HashSplatParameter +# 106| 0: [ReservedWord] ** +# 106| 1: [Identifier] kwargs +# 106| 8: [ReservedWord] ) +# 107| 3: [BodyStatement] BodyStatement +# 107| 0: [Super] super +# 108| 4: [ReservedWord] end +# 109| 4: [ReservedWord] end +# 111| 27: [Call] Call +# 111| 0: [Call] Call +# 111| 0: [Constant] Sub +# 111| 1: [ReservedWord] . +# 111| 2: [Identifier] new +# 111| 1: [ReservedWord] . +# 111| 2: [Identifier] m +# 111| 3: [ArgumentList] ArgumentList +# 111| 0: [ReservedWord] ( +# 111| 1: [Integer] 42 +# 111| 2: [ReservedWord] , +# 111| 3: [Pair] Pair +# 111| 0: [HashKeySymbol] k +# 111| 1: [ReservedWord] : +# 111| 2: [Integer] 22 +# 111| 4: [ReservedWord] ) # 1| [Comment] # Tests for the different kinds and contexts of parameters. # 3| [Comment] # Method containing identifier parameters # 7| [Comment] # Block containing identifier parameters diff --git a/ruby/ql/test/library-tests/ast/ValueText.expected b/ruby/ql/test/library-tests/ast/ValueText.expected index 90e594c0b1c..195beb5f2e3 100644 --- a/ruby/ql/test/library-tests/ast/ValueText.expected +++ b/ruby/ql/test/library-tests/ast/ValueText.expected @@ -941,6 +941,11 @@ exprValue | params/params.rb:65:41:65:42 | 99 | 99 | int | | params/params.rb:70:42:70:45 | 1000 | 1000 | int | | params/params.rb:70:52:70:53 | 20 | 20 | int | +| params/params.rb:100:15:100:15 | 1 | 1 | int | +| params/params.rb:101:15:101:15 | 1 | 1 | int | +| params/params.rb:111:11:111:12 | 42 | 42 | int | +| params/params.rb:111:15:111:15 | :k | :k | symbol | +| params/params.rb:111:18:111:19 | 22 | 22 | int | exprCfgNodeValue | calls/calls.rb:8:1:8:3 | 123 | 123 | int | | calls/calls.rb:11:5:11:5 | 0 | 0 | int | @@ -1855,3 +1860,8 @@ exprCfgNodeValue | params/params.rb:65:41:65:42 | 99 | 99 | int | | params/params.rb:70:42:70:45 | 1000 | 1000 | int | | params/params.rb:70:52:70:53 | 20 | 20 | int | +| params/params.rb:100:15:100:15 | 1 | 1 | int | +| params/params.rb:101:15:101:15 | 1 | 1 | int | +| params/params.rb:111:11:111:12 | 42 | 42 | int | +| params/params.rb:111:15:111:15 | :k | :k | symbol | +| params/params.rb:111:18:111:19 | 22 | 22 | int | diff --git a/ruby/ql/test/library-tests/ast/params/params.expected b/ruby/ql/test/library-tests/ast/params/params.expected index f90d5d5577b..8bec3e37fa6 100644 --- a/ruby/ql/test/library-tests/ast/params/params.expected +++ b/ruby/ql/test/library-tests/ast/params/params.expected @@ -39,6 +39,14 @@ idParams | params.rb:86:14:86:14 | x | x | | params.rb:89:31:89:35 | array | array | | params.rb:94:36:94:39 | hash | hash | +| params.rb:99:9:99:9 | x | x | +| params.rb:99:12:99:16 | *rest | rest | +| params.rb:99:19:99:19 | k | k | +| params.rb:99:23:99:30 | **kwargs | kwargs | +| params.rb:106:9:106:9 | y | y | +| params.rb:106:12:106:16 | *rest | rest | +| params.rb:106:19:106:19 | k | k | +| params.rb:106:23:106:30 | **kwargs | kwargs | blockParams | params.rb:46:28:46:33 | &block | block | | params.rb:62:29:62:34 | &block | block | @@ -56,10 +64,14 @@ splatParams | params.rb:30:31:30:36 | *splat | splat | | params.rb:34:21:34:26 | *splat | splat | | params.rb:38:29:38:33 | *blah | blah | +| params.rb:99:12:99:16 | *rest | rest | +| params.rb:106:12:106:16 | *rest | rest | hashSplatParams | params.rb:30:39:30:52 | **double_splat | double_splat | | params.rb:34:29:34:42 | **double_splat | double_splat | | params.rb:38:36:38:43 | **wibble | wibble | +| params.rb:99:23:99:30 | **kwargs | kwargs | +| params.rb:106:23:106:30 | **kwargs | kwargs | keywordParams | params.rb:41:35:41:37 | foo | foo | (none) | | params.rb:41:41:41:43 | bar | bar | 7 | @@ -67,6 +79,8 @@ keywordParams | params.rb:49:33:49:34 | yy | yy | 100 | | params.rb:53:37:53:37 | y | y | (none) | | params.rb:53:41:53:41 | z | z | 3 | +| params.rb:99:19:99:19 | k | k | (none) | +| params.rb:106:19:106:19 | k | k | (none) | optionalParams | params.rb:58:39:58:42 | val2 | val2 | params.rb:58:46:58:46 | 0 | | params.rb:58:49:58:52 | val3 | val3 | params.rb:58:56:58:58 | 100 | @@ -97,6 +111,14 @@ paramsInMethods | params.rb:89:1:91:3 | anonymous_splat_parameter | 1 | params.rb:89:38:89:38 | * | SplatParameter | | params.rb:94:1:96:3 | anonymous_hash_splat_parameter | 0 | params.rb:94:36:94:39 | hash | SimpleParameter | | params.rb:94:1:96:3 | anonymous_hash_splat_parameter | 1 | params.rb:94:42:94:43 | ** | HashSplatParameter | +| params.rb:99:3:102:5 | m | 0 | params.rb:99:9:99:9 | x | SimpleParameter | +| params.rb:99:3:102:5 | m | 1 | params.rb:99:12:99:16 | *rest | SplatParameter | +| params.rb:99:3:102:5 | m | 2 | params.rb:99:19:99:19 | k | KeywordParameter | +| params.rb:99:3:102:5 | m | 3 | params.rb:99:23:99:30 | **kwargs | HashSplatParameter | +| params.rb:106:3:108:5 | m | 0 | params.rb:106:9:106:9 | y | SimpleParameter | +| params.rb:106:3:108:5 | m | 1 | params.rb:106:12:106:16 | *rest | SplatParameter | +| params.rb:106:3:108:5 | m | 2 | params.rb:106:19:106:19 | k | KeywordParameter | +| params.rb:106:3:108:5 | m | 3 | params.rb:106:23:106:30 | **kwargs | HashSplatParameter | paramsInBlocks | params.rb:9:11:11:3 | do ... end | 0 | params.rb:9:15:9:17 | key | SimpleParameter | | params.rb:9:11:11:3 | do ... end | 1 | params.rb:9:20:9:24 | value | SimpleParameter | @@ -175,3 +197,11 @@ params | params.rb:89:38:89:38 | * | 1 | SplatParameter | | params.rb:94:36:94:39 | hash | 0 | SimpleParameter | | params.rb:94:42:94:43 | ** | 1 | HashSplatParameter | +| params.rb:99:9:99:9 | x | 0 | SimpleParameter | +| params.rb:99:12:99:16 | *rest | 1 | SplatParameter | +| params.rb:99:19:99:19 | k | 2 | KeywordParameter | +| params.rb:99:23:99:30 | **kwargs | 3 | HashSplatParameter | +| params.rb:106:9:106:9 | y | 0 | SimpleParameter | +| params.rb:106:12:106:16 | *rest | 1 | SplatParameter | +| params.rb:106:19:106:19 | k | 2 | KeywordParameter | +| params.rb:106:23:106:30 | **kwargs | 3 | HashSplatParameter | diff --git a/ruby/ql/test/library-tests/ast/params/params.rb b/ruby/ql/test/library-tests/ast/params/params.rb index c29d3739e2e..6a8f8718356 100644 --- a/ruby/ql/test/library-tests/ast/params/params.rb +++ b/ruby/ql/test/library-tests/ast/params/params.rb @@ -94,3 +94,18 @@ end def anonymous_hash_splat_parameter(hash, **) hash.merge(**) end + +class Sup + def m(x, *rest, k:, **kwargs) + print(x + 1) + print(k + 1) + end +end + +class Sub < Sup + def m(y, *rest, k:, **kwargs) + super + end +end + +Sub.new.m(42, k: 22) \ No newline at end of file diff --git a/ruby/ql/test/library-tests/dataflow/params/TypeTracker.expected b/ruby/ql/test/library-tests/dataflow/params/TypeTracker.expected index 23d66c80ad2..99c21ba6f75 100644 --- a/ruby/ql/test/library-tests/dataflow/params/TypeTracker.expected +++ b/ruby/ql/test/library-tests/dataflow/params/TypeTracker.expected @@ -3,25 +3,25 @@ track | params_flow.rb:1:1:3:3 | self in taint | type tracker without call steps | params_flow.rb:1:1:3:3 | self in taint | | params_flow.rb:1:1:3:3 | synthetic splat parameter | type tracker without call steps | params_flow.rb:1:1:3:3 | synthetic splat parameter | | params_flow.rb:1:1:3:3 | taint | type tracker without call steps | params_flow.rb:1:1:3:3 | taint | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | type tracker with call steps | params_flow.rb:1:1:3:3 | self in taint | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | type tracker with call steps | params_flow.rb:5:1:7:3 | self in sink | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | type tracker with call steps | params_flow.rb:9:1:12:3 | self in positional | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | type tracker with call steps | params_flow.rb:16:1:19:3 | self in keyword | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | type tracker with call steps | params_flow.rb:25:1:31:3 | self in kwargs | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | type tracker with call steps | params_flow.rb:49:1:53:3 | self in posargs | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | type tracker with call steps | params_flow.rb:64:1:66:3 | self in splatstuff | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | type tracker with call steps | params_flow.rb:69:1:76:3 | self in splatmid | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | type tracker with call steps | params_flow.rb:83:1:91:3 | self in pos_many | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | type tracker with call steps | params_flow.rb:98:1:103:3 | self in splatmidsmall | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | type tracker with call steps | params_flow.rb:108:1:112:3 | self in splat_followed_by_keyword_param | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | type tracker with call steps | params_flow.rb:120:1:126:3 | self in destruct | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | type tracker with call steps | params_flow.rb:133:1:135:3 | self in splatall | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | type tracker with call steps | params_flow.rb:139:1:141:3 | self in hashSplatSideEffect | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | type tracker with call steps | params_flow.rb:153:1:155:3 | self in keywordSideEffect | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | type tracker with call steps | params_flow.rb:167:1:169:3 | self in splatSideEffect | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | type tracker with call steps | params_flow.rb:181:1:183:3 | self in positionSideEffect | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | type tracker with call steps | params_flow.rb:200:1:205:3 | self in foo | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | type tracker without call steps | params_flow.rb:1:1:207:15 | self in params_flow.rb | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | type tracker with call steps | params_flow.rb:1:1:3:3 | self in taint | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | type tracker with call steps | params_flow.rb:5:1:7:3 | self in sink | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | type tracker with call steps | params_flow.rb:9:1:12:3 | self in positional | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | type tracker with call steps | params_flow.rb:16:1:19:3 | self in keyword | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | type tracker with call steps | params_flow.rb:25:1:31:3 | self in kwargs | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | type tracker with call steps | params_flow.rb:49:1:53:3 | self in posargs | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | type tracker with call steps | params_flow.rb:64:1:66:3 | self in splatstuff | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | type tracker with call steps | params_flow.rb:69:1:76:3 | self in splatmid | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | type tracker with call steps | params_flow.rb:83:1:91:3 | self in pos_many | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | type tracker with call steps | params_flow.rb:98:1:103:3 | self in splatmidsmall | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | type tracker with call steps | params_flow.rb:108:1:112:3 | self in splat_followed_by_keyword_param | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | type tracker with call steps | params_flow.rb:120:1:126:3 | self in destruct | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | type tracker with call steps | params_flow.rb:133:1:135:3 | self in splatall | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | type tracker with call steps | params_flow.rb:139:1:141:3 | self in hashSplatSideEffect | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | type tracker with call steps | params_flow.rb:153:1:155:3 | self in keywordSideEffect | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | type tracker with call steps | params_flow.rb:167:1:169:3 | self in splatSideEffect | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | type tracker with call steps | params_flow.rb:181:1:183:3 | self in positionSideEffect | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | type tracker with call steps | params_flow.rb:200:1:205:3 | self in foo | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | type tracker without call steps | params_flow.rb:1:1:229:4 | self in params_flow.rb | | params_flow.rb:1:11:1:11 | x | type tracker with call steps | params_flow.rb:5:10:5:10 | x | | params_flow.rb:1:11:1:11 | x | type tracker with call steps | params_flow.rb:9:16:9:17 | p1 | | params_flow.rb:1:11:1:11 | x | type tracker with call steps | params_flow.rb:9:20:9:21 | p2 | @@ -52,6 +52,8 @@ track | params_flow.rb:1:11:1:11 | x | type tracker with call steps | params_flow.rb:168:26:168:35 | ...[...] | | params_flow.rb:1:11:1:11 | x | type tracker with call steps | params_flow.rb:181:28:181:29 | p2 | | params_flow.rb:1:11:1:11 | x | type tracker with call steps | params_flow.rb:200:9:200:9 | x | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps | params_flow.rb:222:11:222:11 | x | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps | params_flow.rb:222:21:222:22 | k1 | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element | params_flow.rb:9:1:12:3 | synthetic splat parameter | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 | params_flow.rb:6:5:6:10 | synthetic splat argument | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 | params_flow.rb:9:1:12:3 | synthetic splat parameter | @@ -88,6 +90,8 @@ track | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 | params_flow.rb:133:14:133:18 | *args | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 | params_flow.rb:134:5:134:16 | synthetic splat argument | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 | params_flow.rb:200:1:205:3 | synthetic splat parameter | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 | params_flow.rb:222:5:224:7 | synthetic splat parameter | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 | params_flow.rb:222:14:222:18 | *rest | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 or unknown | params_flow.rb:64:16:64:17 | *x | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 or unknown | params_flow.rb:140:5:140:15 | [post] ...[...] | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 or unknown | params_flow.rb:140:5:140:38 | call to insert | @@ -110,15 +114,20 @@ track | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 1 | params_flow.rb:168:5:168:36 | synthetic splat argument | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 1 | params_flow.rb:181:1:183:3 | synthetic splat parameter | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 1 | params_flow.rb:182:5:182:20 | synthetic splat argument | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 1 | params_flow.rb:222:5:224:7 | synthetic splat parameter | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 2 | params_flow.rb:69:1:76:3 | synthetic splat parameter | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 2 | params_flow.rb:83:1:91:3 | synthetic splat parameter | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 2 | params_flow.rb:98:1:103:3 | synthetic splat parameter | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 2 | params_flow.rb:133:14:133:18 | *args | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 2 | params_flow.rb:222:14:222:18 | *rest | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 3 | params_flow.rb:69:1:76:3 | synthetic splat parameter | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 3 | params_flow.rb:83:1:91:3 | synthetic splat parameter | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 3 | params_flow.rb:222:5:224:7 | synthetic splat parameter | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 4 | params_flow.rb:69:1:76:3 | synthetic splat parameter | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 4 | params_flow.rb:83:1:91:3 | synthetic splat parameter | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 5 | params_flow.rb:83:1:91:3 | synthetic splat parameter | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element :k1 | params_flow.rb:222:26:222:33 | **kwargs | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element :k2 | params_flow.rb:222:26:222:33 | **kwargs | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element :p1 | params_flow.rb:16:1:19:3 | synthetic hash-splat parameter | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element :p1 | params_flow.rb:25:1:31:3 | synthetic hash-splat parameter | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element :p1 | params_flow.rb:25:17:25:24 | **kwargs | @@ -212,6 +221,12 @@ track | params_flow.rb:1:11:1:11 | x | type tracker without call steps | params_flow.rb:185:14:185:22 | call to taint | | params_flow.rb:1:11:1:11 | x | type tracker without call steps | params_flow.rb:192:24:192:32 | call to taint | | params_flow.rb:1:11:1:11 | x | type tracker without call steps | params_flow.rb:196:10:196:18 | call to taint | +| params_flow.rb:1:11:1:11 | x | type tracker without call steps | params_flow.rb:217:15:217:23 | call to taint | +| params_flow.rb:1:11:1:11 | x | type tracker without call steps | params_flow.rb:227:11:227:19 | call to taint | +| params_flow.rb:1:11:1:11 | x | type tracker without call steps | params_flow.rb:227:22:227:30 | call to taint | +| params_flow.rb:1:11:1:11 | x | type tracker without call steps | params_flow.rb:227:36:227:44 | call to taint | +| params_flow.rb:1:11:1:11 | x | type tracker without call steps | params_flow.rb:227:51:227:59 | call to taint | +| params_flow.rb:1:11:1:11 | x | type tracker without call steps | params_flow.rb:227:66:227:74 | call to taint | | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content attribute [] | params_flow.rb:117:1:117:1 | [post] x | | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element | params_flow.rb:117:1:117:1 | [post] x | | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element | params_flow.rb:118:12:118:13 | * ... | @@ -263,6 +278,8 @@ track | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element 0 | params_flow.rb:195:12:198:1 | call to [] | | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element 0 | params_flow.rb:195:12:198:1 | synthetic hash-splat argument | | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element 0 | params_flow.rb:207:5:207:13 | * ... | +| params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element 0 | params_flow.rb:217:9:217:23 | synthetic splat argument | +| params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element 0 | params_flow.rb:227:1:229:3 | synthetic splat argument | | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element 0 or unknown | params_flow.rb:67:12:67:16 | * ... | | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element 1 | params_flow.rb:14:1:14:30 | synthetic splat argument | | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element 1 | params_flow.rb:44:1:44:28 | synthetic splat argument | @@ -312,6 +329,7 @@ track | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element 1 | params_flow.rb:185:8:185:24 | synthetic splat argument | | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element 1 | params_flow.rb:187:20:187:24 | * ... | | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element 1 | params_flow.rb:192:1:192:33 | synthetic splat argument | +| params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element 1 | params_flow.rb:227:1:229:3 | synthetic splat argument | | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element 2 | params_flow.rb:78:1:78:63 | synthetic splat argument | | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element 2 | params_flow.rb:80:8:80:51 | call to [] | | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element 2 | params_flow.rb:80:8:80:51 | synthetic splat argument | @@ -340,12 +358,15 @@ track | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element 3 | params_flow.rb:94:1:94:48 | synthetic splat argument | | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element 3 | params_flow.rb:94:32:94:36 | * ... | | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element 3 | params_flow.rb:96:1:96:88 | synthetic splat argument | +| params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element 3 | params_flow.rb:227:1:229:3 | synthetic splat argument | | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element 4 | params_flow.rb:78:1:78:63 | synthetic splat argument | | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element 4 | params_flow.rb:81:1:81:37 | synthetic splat argument | | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element 4 | params_flow.rb:94:1:94:48 | synthetic splat argument | | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element 4 | params_flow.rb:96:1:96:88 | synthetic splat argument | | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element 5 | params_flow.rb:94:1:94:48 | synthetic splat argument | | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element :c | params_flow.rb:114:1:114:67 | synthetic hash-splat argument | +| params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element :k1 | params_flow.rb:227:1:229:3 | synthetic hash-splat argument | +| params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element :k2 | params_flow.rb:227:1:229:3 | synthetic hash-splat argument | | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element :p1 | params_flow.rb:21:1:21:35 | synthetic hash-splat argument | | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element :p1 | params_flow.rb:22:1:22:35 | synthetic hash-splat argument | | params_flow.rb:1:11:1:11 | x | type tracker without call steps with content element :p1 | params_flow.rb:23:1:23:41 | synthetic hash-splat argument | @@ -470,6 +491,13 @@ track | params_flow.rb:6:5:6:10 | call to puts | type tracker without call steps | params_flow.rb:203:5:203:15 | call to sink | | params_flow.rb:6:5:6:10 | call to puts | type tracker without call steps | params_flow.rb:204:5:204:15 | call to sink | | params_flow.rb:6:5:6:10 | call to puts | type tracker without call steps | params_flow.rb:207:1:207:14 | call to foo | +| params_flow.rb:6:5:6:10 | call to puts | type tracker without call steps | params_flow.rb:211:9:211:15 | call to sink | +| params_flow.rb:6:5:6:10 | call to puts | type tracker without call steps | params_flow.rb:212:9:212:21 | call to sink | +| params_flow.rb:6:5:6:10 | call to puts | type tracker without call steps | params_flow.rb:213:9:213:21 | call to sink | +| params_flow.rb:6:5:6:10 | call to puts | type tracker without call steps | params_flow.rb:214:9:214:21 | call to sink | +| params_flow.rb:6:5:6:10 | call to puts | type tracker without call steps | params_flow.rb:215:9:215:16 | call to sink | +| params_flow.rb:6:5:6:10 | call to puts | type tracker without call steps | params_flow.rb:216:9:216:25 | call to sink | +| params_flow.rb:6:5:6:10 | call to puts | type tracker without call steps | params_flow.rb:228:5:228:11 | call to sink | | params_flow.rb:6:5:6:10 | synthetic splat argument | type tracker without call steps | params_flow.rb:6:5:6:10 | synthetic splat argument | | params_flow.rb:9:1:12:3 | &block | type tracker without call steps | params_flow.rb:9:1:12:3 | &block | | params_flow.rb:9:1:12:3 | positional | type tracker without call steps | params_flow.rb:9:1:12:3 | positional | @@ -3089,221 +3117,407 @@ track | params_flow.rb:207:1:207:14 | call to foo | type tracker without call steps | params_flow.rb:207:1:207:14 | call to foo | | params_flow.rb:207:5:207:13 | * ... | type tracker with call steps | params_flow.rb:200:1:205:3 | synthetic splat parameter | | params_flow.rb:207:5:207:13 | * ... | type tracker without call steps | params_flow.rb:207:5:207:13 | * ... | +| params_flow.rb:209:1:219:3 | self (Sup) | type tracker without call steps | params_flow.rb:209:1:219:3 | self (Sup) | +| params_flow.rb:210:5:218:7 | &block | type tracker without call steps | params_flow.rb:210:5:218:7 | &block | +| params_flow.rb:210:5:218:7 | m | type tracker without call steps | params_flow.rb:210:5:218:7 | m | +| params_flow.rb:210:5:218:7 | self in m | type tracker with call steps | params_flow.rb:1:1:3:3 | self in taint | +| params_flow.rb:210:5:218:7 | self in m | type tracker with call steps | params_flow.rb:5:1:7:3 | self in sink | +| params_flow.rb:210:5:218:7 | self in m | type tracker without call steps | params_flow.rb:210:5:218:7 | self in m | +| params_flow.rb:210:5:218:7 | synthetic hash-splat parameter | type tracker without call steps | params_flow.rb:210:5:218:7 | synthetic hash-splat parameter | +| params_flow.rb:210:5:218:7 | synthetic splat parameter | type tracker without call steps | params_flow.rb:210:5:218:7 | synthetic splat parameter | +| params_flow.rb:210:11:210:11 | x | type tracker with call steps | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:210:11:210:11 | x | type tracker with call steps with content element 0 | params_flow.rb:6:5:6:10 | synthetic splat argument | +| params_flow.rb:210:11:210:11 | x | type tracker without call steps | params_flow.rb:210:11:210:11 | x | +| params_flow.rb:210:11:210:11 | x | type tracker without call steps | params_flow.rb:210:11:210:11 | x | +| params_flow.rb:210:11:210:11 | x | type tracker without call steps with content element 0 | params_flow.rb:211:9:211:15 | synthetic splat argument | +| params_flow.rb:210:14:210:18 | *rest | type tracker without call steps | params_flow.rb:210:14:210:18 | *rest | +| params_flow.rb:210:15:210:18 | rest | type tracker without call steps | params_flow.rb:210:15:210:18 | rest | +| params_flow.rb:210:21:210:22 | k1 | type tracker with call steps | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:210:21:210:22 | k1 | type tracker with call steps with content element 0 | params_flow.rb:6:5:6:10 | synthetic splat argument | +| params_flow.rb:210:21:210:22 | k1 | type tracker without call steps | params_flow.rb:210:21:210:22 | k1 | +| params_flow.rb:210:21:210:22 | k1 | type tracker without call steps | params_flow.rb:210:21:210:22 | k1 | +| params_flow.rb:210:21:210:22 | k1 | type tracker without call steps with content element 0 | params_flow.rb:215:9:215:16 | synthetic splat argument | +| params_flow.rb:210:26:210:33 | **kwargs | type tracker without call steps | params_flow.rb:210:26:210:33 | **kwargs | +| params_flow.rb:210:28:210:33 | kwargs | type tracker without call steps | params_flow.rb:210:28:210:33 | kwargs | +| params_flow.rb:211:9:211:15 | call to sink | type tracker without call steps | params_flow.rb:211:9:211:15 | call to sink | +| params_flow.rb:211:9:211:15 | synthetic splat argument | type tracker without call steps | params_flow.rb:211:9:211:15 | synthetic splat argument | +| params_flow.rb:212:9:212:21 | call to sink | type tracker without call steps | params_flow.rb:212:9:212:21 | call to sink | +| params_flow.rb:212:9:212:21 | synthetic splat argument | type tracker without call steps | params_flow.rb:212:9:212:21 | synthetic splat argument | +| params_flow.rb:212:14:212:20 | ...[...] | type tracker with call steps | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:212:14:212:20 | ...[...] | type tracker with call steps with content element 0 | params_flow.rb:6:5:6:10 | synthetic splat argument | +| params_flow.rb:212:14:212:20 | ...[...] | type tracker without call steps | params_flow.rb:212:14:212:20 | ...[...] | +| params_flow.rb:212:14:212:20 | ...[...] | type tracker without call steps with content element 0 | params_flow.rb:212:9:212:21 | synthetic splat argument | +| params_flow.rb:212:14:212:20 | synthetic splat argument | type tracker without call steps | params_flow.rb:212:14:212:20 | synthetic splat argument | +| params_flow.rb:212:19:212:19 | 0 | type tracker without call steps | params_flow.rb:212:19:212:19 | 0 | +| params_flow.rb:212:19:212:19 | 0 | type tracker without call steps with content element 0 | params_flow.rb:212:14:212:20 | synthetic splat argument | +| params_flow.rb:213:9:213:21 | call to sink | type tracker without call steps | params_flow.rb:213:9:213:21 | call to sink | +| params_flow.rb:213:9:213:21 | synthetic splat argument | type tracker without call steps | params_flow.rb:213:9:213:21 | synthetic splat argument | +| params_flow.rb:213:14:213:20 | ...[...] | type tracker with call steps | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:213:14:213:20 | ...[...] | type tracker with call steps with content element 0 | params_flow.rb:6:5:6:10 | synthetic splat argument | +| params_flow.rb:213:14:213:20 | ...[...] | type tracker without call steps | params_flow.rb:213:14:213:20 | ...[...] | +| params_flow.rb:213:14:213:20 | ...[...] | type tracker without call steps with content element 0 | params_flow.rb:213:9:213:21 | synthetic splat argument | +| params_flow.rb:213:14:213:20 | synthetic splat argument | type tracker without call steps | params_flow.rb:213:14:213:20 | synthetic splat argument | +| params_flow.rb:213:19:213:19 | 1 | type tracker without call steps | params_flow.rb:213:19:213:19 | 1 | +| params_flow.rb:213:19:213:19 | 1 | type tracker without call steps with content element 0 | params_flow.rb:213:14:213:20 | synthetic splat argument | +| params_flow.rb:214:9:214:21 | call to sink | type tracker without call steps | params_flow.rb:214:9:214:21 | call to sink | +| params_flow.rb:214:9:214:21 | synthetic splat argument | type tracker without call steps | params_flow.rb:214:9:214:21 | synthetic splat argument | +| params_flow.rb:214:14:214:20 | ...[...] | type tracker with call steps | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:214:14:214:20 | ...[...] | type tracker with call steps with content element 0 | params_flow.rb:6:5:6:10 | synthetic splat argument | +| params_flow.rb:214:14:214:20 | ...[...] | type tracker without call steps | params_flow.rb:214:14:214:20 | ...[...] | +| params_flow.rb:214:14:214:20 | ...[...] | type tracker without call steps with content element 0 | params_flow.rb:214:9:214:21 | synthetic splat argument | +| params_flow.rb:214:14:214:20 | synthetic splat argument | type tracker without call steps | params_flow.rb:214:14:214:20 | synthetic splat argument | +| params_flow.rb:214:19:214:19 | 2 | type tracker without call steps | params_flow.rb:214:19:214:19 | 2 | +| params_flow.rb:214:19:214:19 | 2 | type tracker without call steps with content element 0 | params_flow.rb:214:14:214:20 | synthetic splat argument | +| params_flow.rb:215:9:215:16 | call to sink | type tracker without call steps | params_flow.rb:215:9:215:16 | call to sink | +| params_flow.rb:215:9:215:16 | synthetic splat argument | type tracker without call steps | params_flow.rb:215:9:215:16 | synthetic splat argument | +| params_flow.rb:216:9:216:25 | call to sink | type tracker without call steps | params_flow.rb:216:9:216:25 | call to sink | +| params_flow.rb:216:9:216:25 | synthetic splat argument | type tracker without call steps | params_flow.rb:216:9:216:25 | synthetic splat argument | +| params_flow.rb:216:14:216:24 | ...[...] | type tracker with call steps | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:216:14:216:24 | ...[...] | type tracker with call steps with content element 0 | params_flow.rb:6:5:6:10 | synthetic splat argument | +| params_flow.rb:216:14:216:24 | ...[...] | type tracker without call steps | params_flow.rb:216:14:216:24 | ...[...] | +| params_flow.rb:216:14:216:24 | ...[...] | type tracker without call steps with content element 0 | params_flow.rb:216:9:216:25 | synthetic splat argument | +| params_flow.rb:216:14:216:24 | synthetic splat argument | type tracker without call steps | params_flow.rb:216:14:216:24 | synthetic splat argument | +| params_flow.rb:216:21:216:23 | :k2 | type tracker without call steps | params_flow.rb:216:21:216:23 | :k2 | +| params_flow.rb:216:21:216:23 | :k2 | type tracker without call steps with content element 0 | params_flow.rb:216:14:216:24 | synthetic splat argument | +| params_flow.rb:217:9:217:23 | synthetic splat argument | type tracker without call steps | params_flow.rb:217:9:217:23 | synthetic splat argument | +| params_flow.rb:217:9:217:23 | yield ... | type tracker without call steps | params_flow.rb:217:9:217:23 | yield ... | +| params_flow.rb:217:9:217:23 | yield ... | type tracker without call steps | params_flow.rb:223:9:223:13 | super call to m | +| params_flow.rb:217:9:217:23 | yield ... | type tracker without call steps | params_flow.rb:227:1:229:3 | call to m | +| params_flow.rb:217:9:217:23 | yield block argument | type tracker without call steps | params_flow.rb:217:9:217:23 | yield block argument | +| params_flow.rb:217:15:217:23 | call to taint | type tracker without call steps | params_flow.rb:217:15:217:23 | call to taint | +| params_flow.rb:217:15:217:23 | call to taint | type tracker without call steps with content element 0 | params_flow.rb:217:9:217:23 | synthetic splat argument | +| params_flow.rb:217:15:217:23 | synthetic splat argument | type tracker without call steps | params_flow.rb:217:15:217:23 | synthetic splat argument | +| params_flow.rb:217:21:217:22 | 86 | type tracker with call steps | params_flow.rb:1:11:1:11 | x | +| params_flow.rb:217:21:217:22 | 86 | type tracker without call steps | params_flow.rb:217:15:217:23 | call to taint | +| params_flow.rb:217:21:217:22 | 86 | type tracker without call steps | params_flow.rb:217:21:217:22 | 86 | +| params_flow.rb:217:21:217:22 | 86 | type tracker without call steps with content element 0 | params_flow.rb:217:9:217:23 | synthetic splat argument | +| params_flow.rb:217:21:217:22 | 86 | type tracker without call steps with content element 0 | params_flow.rb:217:15:217:23 | synthetic splat argument | +| params_flow.rb:221:1:225:3 | self (Sub) | type tracker without call steps | params_flow.rb:221:1:225:3 | self (Sub) | +| params_flow.rb:221:13:221:15 | Sup | type tracker without call steps | params_flow.rb:221:13:221:15 | Sup | +| params_flow.rb:222:5:224:7 | &block | type tracker without call steps | params_flow.rb:222:5:224:7 | &block | +| params_flow.rb:222:5:224:7 | m | type tracker without call steps | params_flow.rb:222:5:224:7 | m | +| params_flow.rb:222:5:224:7 | self in m | type tracker without call steps | params_flow.rb:222:5:224:7 | self in m | +| params_flow.rb:222:5:224:7 | synthetic hash-splat parameter | type tracker without call steps | params_flow.rb:222:5:224:7 | synthetic hash-splat parameter | +| params_flow.rb:222:5:224:7 | synthetic splat parameter | type tracker without call steps | params_flow.rb:222:5:224:7 | synthetic splat parameter | +| params_flow.rb:222:11:222:11 | x | type tracker without call steps | params_flow.rb:222:11:222:11 | x | +| params_flow.rb:222:11:222:11 | x | type tracker without call steps | params_flow.rb:222:11:222:11 | x | +| params_flow.rb:222:14:222:18 | *rest | type tracker without call steps | params_flow.rb:222:14:222:18 | *rest | +| params_flow.rb:222:15:222:18 | rest | type tracker without call steps | params_flow.rb:222:15:222:18 | rest | +| params_flow.rb:222:21:222:22 | k1 | type tracker without call steps | params_flow.rb:222:21:222:22 | k1 | +| params_flow.rb:222:21:222:22 | k1 | type tracker without call steps | params_flow.rb:222:21:222:22 | k1 | +| params_flow.rb:222:26:222:33 | **kwargs | type tracker without call steps | params_flow.rb:222:26:222:33 | **kwargs | +| params_flow.rb:222:28:222:33 | kwargs | type tracker without call steps | params_flow.rb:222:28:222:33 | kwargs | +| params_flow.rb:223:9:223:13 | super call to m | type tracker without call steps | params_flow.rb:223:9:223:13 | super call to m | +| params_flow.rb:223:9:223:13 | super call to m | type tracker without call steps | params_flow.rb:227:1:229:3 | call to m | +| params_flow.rb:227:1:227:3 | Sub | type tracker without call steps | params_flow.rb:227:1:227:3 | Sub | +| params_flow.rb:227:1:227:7 | call to new | type tracker with call steps | params_flow.rb:222:5:224:7 | self in m | +| params_flow.rb:227:1:227:7 | call to new | type tracker without call steps | params_flow.rb:227:1:227:7 | call to new | +| params_flow.rb:227:1:229:3 | call to m | type tracker without call steps | params_flow.rb:227:1:229:3 | call to m | +| params_flow.rb:227:1:229:3 | synthetic hash-splat argument | type tracker with call steps | params_flow.rb:222:26:222:33 | **kwargs | +| params_flow.rb:227:1:229:3 | synthetic hash-splat argument | type tracker without call steps | params_flow.rb:227:1:229:3 | synthetic hash-splat argument | +| params_flow.rb:227:1:229:3 | synthetic splat argument | type tracker with call steps | params_flow.rb:222:5:224:7 | synthetic splat parameter | +| params_flow.rb:227:1:229:3 | synthetic splat argument | type tracker without call steps | params_flow.rb:227:1:229:3 | synthetic splat argument | +| params_flow.rb:227:11:227:19 | call to taint | type tracker with call steps | params_flow.rb:222:11:222:11 | x | +| params_flow.rb:227:11:227:19 | call to taint | type tracker with call steps with content element 0 | params_flow.rb:222:5:224:7 | synthetic splat parameter | +| params_flow.rb:227:11:227:19 | call to taint | type tracker without call steps | params_flow.rb:227:11:227:19 | call to taint | +| params_flow.rb:227:11:227:19 | call to taint | type tracker without call steps with content element 0 | params_flow.rb:227:1:229:3 | synthetic splat argument | +| params_flow.rb:227:11:227:19 | synthetic splat argument | type tracker without call steps | params_flow.rb:227:11:227:19 | synthetic splat argument | +| params_flow.rb:227:17:227:18 | 81 | type tracker with call steps | params_flow.rb:1:11:1:11 | x | +| params_flow.rb:227:17:227:18 | 81 | type tracker with call steps | params_flow.rb:222:11:222:11 | x | +| params_flow.rb:227:17:227:18 | 81 | type tracker with call steps with content element 0 | params_flow.rb:222:5:224:7 | synthetic splat parameter | +| params_flow.rb:227:17:227:18 | 81 | type tracker without call steps | params_flow.rb:227:11:227:19 | call to taint | +| params_flow.rb:227:17:227:18 | 81 | type tracker without call steps | params_flow.rb:227:17:227:18 | 81 | +| params_flow.rb:227:17:227:18 | 81 | type tracker without call steps with content element 0 | params_flow.rb:227:1:229:3 | synthetic splat argument | +| params_flow.rb:227:17:227:18 | 81 | type tracker without call steps with content element 0 | params_flow.rb:227:11:227:19 | synthetic splat argument | +| params_flow.rb:227:22:227:30 | call to taint | type tracker with call steps with content element 0 | params_flow.rb:222:14:222:18 | *rest | +| params_flow.rb:227:22:227:30 | call to taint | type tracker with call steps with content element 1 | params_flow.rb:222:5:224:7 | synthetic splat parameter | +| params_flow.rb:227:22:227:30 | call to taint | type tracker without call steps | params_flow.rb:227:22:227:30 | call to taint | +| params_flow.rb:227:22:227:30 | call to taint | type tracker without call steps with content element 1 | params_flow.rb:227:1:229:3 | synthetic splat argument | +| params_flow.rb:227:22:227:30 | synthetic splat argument | type tracker without call steps | params_flow.rb:227:22:227:30 | synthetic splat argument | +| params_flow.rb:227:28:227:29 | 82 | type tracker with call steps | params_flow.rb:1:11:1:11 | x | +| params_flow.rb:227:28:227:29 | 82 | type tracker with call steps with content element 0 | params_flow.rb:222:14:222:18 | *rest | +| params_flow.rb:227:28:227:29 | 82 | type tracker with call steps with content element 1 | params_flow.rb:222:5:224:7 | synthetic splat parameter | +| params_flow.rb:227:28:227:29 | 82 | type tracker without call steps | params_flow.rb:227:22:227:30 | call to taint | +| params_flow.rb:227:28:227:29 | 82 | type tracker without call steps | params_flow.rb:227:28:227:29 | 82 | +| params_flow.rb:227:28:227:29 | 82 | type tracker without call steps with content element 0 | params_flow.rb:227:22:227:30 | synthetic splat argument | +| params_flow.rb:227:28:227:29 | 82 | type tracker without call steps with content element 1 | params_flow.rb:227:1:229:3 | synthetic splat argument | +| params_flow.rb:227:33:227:33 | 0 | type tracker with call steps with content element 1 | params_flow.rb:222:14:222:18 | *rest | +| params_flow.rb:227:33:227:33 | 0 | type tracker with call steps with content element 2 | params_flow.rb:222:5:224:7 | synthetic splat parameter | +| params_flow.rb:227:33:227:33 | 0 | type tracker without call steps | params_flow.rb:227:33:227:33 | 0 | +| params_flow.rb:227:33:227:33 | 0 | type tracker without call steps with content element 2 | params_flow.rb:227:1:229:3 | synthetic splat argument | +| params_flow.rb:227:36:227:44 | call to taint | type tracker with call steps with content element 2 | params_flow.rb:222:14:222:18 | *rest | +| params_flow.rb:227:36:227:44 | call to taint | type tracker with call steps with content element 3 | params_flow.rb:222:5:224:7 | synthetic splat parameter | +| params_flow.rb:227:36:227:44 | call to taint | type tracker without call steps | params_flow.rb:227:36:227:44 | call to taint | +| params_flow.rb:227:36:227:44 | call to taint | type tracker without call steps with content element 3 | params_flow.rb:227:1:229:3 | synthetic splat argument | +| params_flow.rb:227:36:227:44 | synthetic splat argument | type tracker without call steps | params_flow.rb:227:36:227:44 | synthetic splat argument | +| params_flow.rb:227:42:227:43 | 83 | type tracker with call steps | params_flow.rb:1:11:1:11 | x | +| params_flow.rb:227:42:227:43 | 83 | type tracker with call steps with content element 2 | params_flow.rb:222:14:222:18 | *rest | +| params_flow.rb:227:42:227:43 | 83 | type tracker with call steps with content element 3 | params_flow.rb:222:5:224:7 | synthetic splat parameter | +| params_flow.rb:227:42:227:43 | 83 | type tracker without call steps | params_flow.rb:227:36:227:44 | call to taint | +| params_flow.rb:227:42:227:43 | 83 | type tracker without call steps | params_flow.rb:227:42:227:43 | 83 | +| params_flow.rb:227:42:227:43 | 83 | type tracker without call steps with content element 0 | params_flow.rb:227:36:227:44 | synthetic splat argument | +| params_flow.rb:227:42:227:43 | 83 | type tracker without call steps with content element 3 | params_flow.rb:227:1:229:3 | synthetic splat argument | +| params_flow.rb:227:47:227:48 | :k1 | type tracker without call steps | params_flow.rb:227:47:227:48 | :k1 | +| params_flow.rb:227:47:227:59 | Pair | type tracker without call steps | params_flow.rb:227:47:227:59 | Pair | +| params_flow.rb:227:51:227:59 | call to taint | type tracker with call steps | params_flow.rb:222:21:222:22 | k1 | +| params_flow.rb:227:51:227:59 | call to taint | type tracker with call steps with content element :k1 | params_flow.rb:222:26:222:33 | **kwargs | +| params_flow.rb:227:51:227:59 | call to taint | type tracker without call steps | params_flow.rb:227:51:227:59 | call to taint | +| params_flow.rb:227:51:227:59 | call to taint | type tracker without call steps with content element :k1 | params_flow.rb:227:1:229:3 | synthetic hash-splat argument | +| params_flow.rb:227:51:227:59 | synthetic splat argument | type tracker without call steps | params_flow.rb:227:51:227:59 | synthetic splat argument | +| params_flow.rb:227:57:227:58 | 84 | type tracker with call steps | params_flow.rb:1:11:1:11 | x | +| params_flow.rb:227:57:227:58 | 84 | type tracker with call steps | params_flow.rb:222:21:222:22 | k1 | +| params_flow.rb:227:57:227:58 | 84 | type tracker with call steps with content element :k1 | params_flow.rb:222:26:222:33 | **kwargs | +| params_flow.rb:227:57:227:58 | 84 | type tracker without call steps | params_flow.rb:227:51:227:59 | call to taint | +| params_flow.rb:227:57:227:58 | 84 | type tracker without call steps | params_flow.rb:227:57:227:58 | 84 | +| params_flow.rb:227:57:227:58 | 84 | type tracker without call steps with content element 0 | params_flow.rb:227:51:227:59 | synthetic splat argument | +| params_flow.rb:227:57:227:58 | 84 | type tracker without call steps with content element :k1 | params_flow.rb:227:1:229:3 | synthetic hash-splat argument | +| params_flow.rb:227:62:227:63 | :k2 | type tracker without call steps | params_flow.rb:227:62:227:63 | :k2 | +| params_flow.rb:227:62:227:74 | Pair | type tracker without call steps | params_flow.rb:227:62:227:74 | Pair | +| params_flow.rb:227:66:227:74 | call to taint | type tracker with call steps with content element :k2 | params_flow.rb:222:26:222:33 | **kwargs | +| params_flow.rb:227:66:227:74 | call to taint | type tracker without call steps | params_flow.rb:227:66:227:74 | call to taint | +| params_flow.rb:227:66:227:74 | call to taint | type tracker without call steps with content element :k2 | params_flow.rb:227:1:229:3 | synthetic hash-splat argument | +| params_flow.rb:227:66:227:74 | synthetic splat argument | type tracker without call steps | params_flow.rb:227:66:227:74 | synthetic splat argument | +| params_flow.rb:227:72:227:73 | 85 | type tracker with call steps | params_flow.rb:1:11:1:11 | x | +| params_flow.rb:227:72:227:73 | 85 | type tracker with call steps with content element :k2 | params_flow.rb:222:26:222:33 | **kwargs | +| params_flow.rb:227:72:227:73 | 85 | type tracker without call steps | params_flow.rb:227:66:227:74 | call to taint | +| params_flow.rb:227:72:227:73 | 85 | type tracker without call steps | params_flow.rb:227:72:227:73 | 85 | +| params_flow.rb:227:72:227:73 | 85 | type tracker without call steps with content element 0 | params_flow.rb:227:66:227:74 | synthetic splat argument | +| params_flow.rb:227:72:227:73 | 85 | type tracker without call steps with content element :k2 | params_flow.rb:227:1:229:3 | synthetic hash-splat argument | +| params_flow.rb:227:77:229:3 | self | type tracker with call steps | params_flow.rb:5:1:7:3 | self in sink | +| params_flow.rb:227:77:229:3 | self | type tracker without call steps | params_flow.rb:227:77:229:3 | self | +| params_flow.rb:227:77:229:3 | do ... end | type tracker with call steps | params_flow.rb:222:5:224:7 | &block | +| params_flow.rb:227:77:229:3 | do ... end | type tracker without call steps | params_flow.rb:227:77:229:3 | do ... end | +| params_flow.rb:227:77:229:3 | synthetic splat parameter | type tracker without call steps | params_flow.rb:227:77:229:3 | synthetic splat parameter | +| params_flow.rb:227:81:227:81 | x | type tracker with call steps | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:81:227:81 | x | type tracker with call steps with content element 0 | params_flow.rb:6:5:6:10 | synthetic splat argument | +| params_flow.rb:227:81:227:81 | x | type tracker without call steps | params_flow.rb:227:81:227:81 | x | +| params_flow.rb:227:81:227:81 | x | type tracker without call steps | params_flow.rb:227:81:227:81 | x | +| params_flow.rb:227:81:227:81 | x | type tracker without call steps with content element 0 | params_flow.rb:228:5:228:11 | synthetic splat argument | +| params_flow.rb:228:5:228:11 | call to sink | type tracker without call steps | params_flow.rb:228:5:228:11 | call to sink | +| params_flow.rb:228:5:228:11 | synthetic splat argument | type tracker without call steps | params_flow.rb:228:5:228:11 | synthetic splat argument | trackEnd | params_flow.rb:1:1:3:3 | &block | params_flow.rb:1:1:3:3 | &block | | params_flow.rb:1:1:3:3 | self in taint | params_flow.rb:1:1:3:3 | self in taint | | params_flow.rb:1:1:3:3 | synthetic splat parameter | params_flow.rb:1:1:3:3 | synthetic splat parameter | | params_flow.rb:1:1:3:3 | taint | params_flow.rb:1:1:3:3 | taint | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:1:1:3:3 | self in taint | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:1:1:207:15 | self (params_flow.rb) | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:1:1:207:15 | self in params_flow.rb | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:5:1:7:3 | self (sink) | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:5:1:7:3 | self in sink | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:6:5:6:10 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:9:1:12:3 | self (positional) | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:9:1:12:3 | self in positional | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:10:5:10:11 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:11:5:11:11 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:14:1:14:30 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:14:12:14:19 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:14:22:14:29 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:16:1:19:3 | self (keyword) | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:16:1:19:3 | self in keyword | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:17:5:17:11 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:18:5:18:11 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:21:1:21:35 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:21:13:21:20 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:21:27:21:34 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:22:1:22:35 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:22:13:22:20 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:22:27:22:34 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:23:1:23:41 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:23:16:23:23 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:23:33:23:40 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:25:1:31:3 | self (kwargs) | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:25:1:31:3 | self in kwargs | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:26:5:26:11 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:27:5:27:22 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:28:5:28:22 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:29:5:29:22 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:30:5:30:22 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:33:1:33:58 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:33:12:33:19 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:33:26:33:34 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:33:41:33:49 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:34:14:34:22 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:35:1:35:29 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:35:12:35:20 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:37:16:37:24 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:37:34:37:42 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:38:1:38:14 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:40:16:40:24 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:41:1:41:30 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:41:13:41:21 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:43:9:43:17 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:44:1:44:28 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:44:12:44:20 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:46:9:46:17 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:46:20:46:28 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:47:1:47:17 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:49:1:53:3 | self (posargs) | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:49:1:53:3 | self in posargs | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:50:5:50:11 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:51:5:51:21 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:52:5:52:21 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:55:1:55:29 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:55:9:55:17 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:55:20:55:28 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:57:9:57:17 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:58:1:58:25 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:58:9:58:17 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:60:9:60:17 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:60:20:60:28 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:61:1:61:14 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:63:8:63:16 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:64:1:66:3 | self (splatstuff) | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:64:1:66:3 | self in splatstuff | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:65:5:65:13 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:67:1:67:17 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:69:1:76:3 | self (splatmid) | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:69:1:76:3 | self in splatmid | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:70:5:70:10 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:71:5:71:10 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:72:5:72:13 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:73:5:73:13 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:74:5:74:10 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:75:5:75:10 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:78:1:78:63 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:78:10:78:18 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:78:21:78:29 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:78:32:78:40 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:78:43:78:51 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:78:54:78:62 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:80:9:80:17 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:80:20:80:28 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:80:31:80:39 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:80:42:80:50 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:81:1:81:37 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:81:10:81:18 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:81:28:81:36 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:83:1:91:3 | self (pos_many) | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:83:1:91:3 | self in pos_many | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:84:5:84:10 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:85:5:85:10 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:86:5:86:10 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:87:5:87:10 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:88:5:88:10 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:89:5:89:10 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:90:5:90:10 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:93:9:93:17 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:93:20:93:28 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:93:31:93:39 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:93:42:93:50 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:94:1:94:48 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:94:10:94:18 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:94:21:94:29 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:94:39:94:47 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:96:1:96:88 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:96:10:96:18 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:96:21:96:29 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:96:34:96:42 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:96:45:96:53 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:96:56:96:64 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:96:68:96:76 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:96:79:96:87 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:98:1:103:3 | self (splatmidsmall) | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:98:1:103:3 | self in splatmidsmall | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:99:5:99:10 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:100:5:100:18 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:101:5:101:18 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:102:5:102:10 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:105:1:105:49 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:105:15:105:23 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:105:28:105:36 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:105:39:105:47 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:106:1:106:46 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:106:15:106:23 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:106:26:106:34 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:106:37:106:45 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:108:1:112:3 | self (splat_followed_by_keyword_param) | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:108:1:112:3 | self in splat_followed_by_keyword_param | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:109:5:109:10 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:110:5:110:13 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:111:5:111:10 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:114:1:114:67 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:114:33:114:41 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:114:44:114:52 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:114:58:114:66 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:117:3:117:14 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:117:19:117:27 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:118:1:118:14 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:120:1:126:3 | self (destruct) | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:120:1:126:3 | self in destruct | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:121:5:121:10 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:122:5:122:10 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:123:5:123:10 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:124:5:124:10 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:125:5:125:10 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:128:1:128:61 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:128:11:128:19 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:128:22:128:30 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:128:35:128:43 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:128:50:128:58 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:130:9:130:17 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:130:20:130:28 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:131:1:131:46 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:131:17:131:25 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:133:1:135:3 | self (splatall) | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:133:1:135:3 | self in splatall | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:134:5:134:16 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:137:1:137:44 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:137:12:137:20 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:137:23:137:31 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:137:34:137:42 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:139:1:141:3 | self in hashSplatSideEffect | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:143:24:143:32 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:144:1:144:20 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:145:1:145:29 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:146:1:146:20 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:149:1:149:11 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:150:1:150:42 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:150:33:150:41 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:151:1:151:11 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:153:1:155:3 | self in keywordSideEffect | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:157:24:157:32 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:158:1:158:20 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:159:1:159:27 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:160:1:160:20 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:163:1:163:11 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:164:1:164:40 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:164:31:164:39 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:165:1:165:11 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:167:1:169:3 | self in splatSideEffect | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:171:17:171:25 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:172:1:172:19 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:173:1:173:25 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:174:1:174:19 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:177:1:177:11 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:178:1:178:30 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:178:21:178:29 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:179:1:179:11 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:181:1:183:3 | self in positionSideEffect | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:185:14:185:22 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:186:1:186:16 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:187:1:187:25 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:188:1:188:16 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:191:1:191:11 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:192:1:192:33 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:192:24:192:32 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:193:1:193:11 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:196:10:196:18 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:200:1:205:3 | self (foo) | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:200:1:205:3 | self in foo | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:201:5:201:15 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:202:5:202:15 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:203:5:203:15 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:204:5:204:15 | self | -| params_flow.rb:1:1:207:15 | self in params_flow.rb | params_flow.rb:207:1:207:14 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:1:1:3:3 | self in taint | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:1:1:229:4 | captured self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:1:1:229:4 | self (params_flow.rb) | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:1:1:229:4 | self in params_flow.rb | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:5:1:7:3 | self (sink) | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:5:1:7:3 | self in sink | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:6:5:6:10 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:9:1:12:3 | self (positional) | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:9:1:12:3 | self in positional | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:10:5:10:11 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:11:5:11:11 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:14:1:14:30 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:14:12:14:19 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:14:22:14:29 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:16:1:19:3 | self (keyword) | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:16:1:19:3 | self in keyword | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:17:5:17:11 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:18:5:18:11 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:21:1:21:35 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:21:13:21:20 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:21:27:21:34 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:22:1:22:35 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:22:13:22:20 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:22:27:22:34 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:23:1:23:41 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:23:16:23:23 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:23:33:23:40 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:25:1:31:3 | self (kwargs) | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:25:1:31:3 | self in kwargs | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:26:5:26:11 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:27:5:27:22 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:28:5:28:22 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:29:5:29:22 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:30:5:30:22 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:33:1:33:58 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:33:12:33:19 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:33:26:33:34 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:33:41:33:49 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:34:14:34:22 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:35:1:35:29 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:35:12:35:20 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:37:16:37:24 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:37:34:37:42 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:38:1:38:14 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:40:16:40:24 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:41:1:41:30 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:41:13:41:21 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:43:9:43:17 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:44:1:44:28 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:44:12:44:20 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:46:9:46:17 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:46:20:46:28 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:47:1:47:17 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:49:1:53:3 | self (posargs) | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:49:1:53:3 | self in posargs | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:50:5:50:11 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:51:5:51:21 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:52:5:52:21 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:55:1:55:29 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:55:9:55:17 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:55:20:55:28 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:57:9:57:17 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:58:1:58:25 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:58:9:58:17 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:60:9:60:17 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:60:20:60:28 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:61:1:61:14 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:63:8:63:16 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:64:1:66:3 | self (splatstuff) | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:64:1:66:3 | self in splatstuff | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:65:5:65:13 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:67:1:67:17 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:69:1:76:3 | self (splatmid) | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:69:1:76:3 | self in splatmid | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:70:5:70:10 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:71:5:71:10 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:72:5:72:13 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:73:5:73:13 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:74:5:74:10 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:75:5:75:10 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:78:1:78:63 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:78:10:78:18 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:78:21:78:29 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:78:32:78:40 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:78:43:78:51 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:78:54:78:62 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:80:9:80:17 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:80:20:80:28 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:80:31:80:39 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:80:42:80:50 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:81:1:81:37 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:81:10:81:18 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:81:28:81:36 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:83:1:91:3 | self (pos_many) | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:83:1:91:3 | self in pos_many | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:84:5:84:10 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:85:5:85:10 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:86:5:86:10 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:87:5:87:10 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:88:5:88:10 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:89:5:89:10 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:90:5:90:10 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:93:9:93:17 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:93:20:93:28 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:93:31:93:39 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:93:42:93:50 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:94:1:94:48 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:94:10:94:18 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:94:21:94:29 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:94:39:94:47 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:96:1:96:88 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:96:10:96:18 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:96:21:96:29 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:96:34:96:42 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:96:45:96:53 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:96:56:96:64 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:96:68:96:76 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:96:79:96:87 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:98:1:103:3 | self (splatmidsmall) | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:98:1:103:3 | self in splatmidsmall | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:99:5:99:10 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:100:5:100:18 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:101:5:101:18 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:102:5:102:10 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:105:1:105:49 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:105:15:105:23 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:105:28:105:36 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:105:39:105:47 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:106:1:106:46 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:106:15:106:23 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:106:26:106:34 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:106:37:106:45 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:108:1:112:3 | self (splat_followed_by_keyword_param) | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:108:1:112:3 | self in splat_followed_by_keyword_param | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:109:5:109:10 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:110:5:110:13 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:111:5:111:10 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:114:1:114:67 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:114:33:114:41 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:114:44:114:52 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:114:58:114:66 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:117:3:117:14 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:117:19:117:27 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:118:1:118:14 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:120:1:126:3 | self (destruct) | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:120:1:126:3 | self in destruct | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:121:5:121:10 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:122:5:122:10 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:123:5:123:10 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:124:5:124:10 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:125:5:125:10 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:128:1:128:61 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:128:11:128:19 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:128:22:128:30 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:128:35:128:43 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:128:50:128:58 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:130:9:130:17 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:130:20:130:28 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:131:1:131:46 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:131:17:131:25 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:133:1:135:3 | self (splatall) | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:133:1:135:3 | self in splatall | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:134:5:134:16 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:137:1:137:44 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:137:12:137:20 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:137:23:137:31 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:137:34:137:42 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:139:1:141:3 | self in hashSplatSideEffect | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:143:24:143:32 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:144:1:144:20 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:145:1:145:29 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:146:1:146:20 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:149:1:149:11 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:150:1:150:42 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:150:33:150:41 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:151:1:151:11 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:153:1:155:3 | self in keywordSideEffect | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:157:24:157:32 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:158:1:158:20 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:159:1:159:27 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:160:1:160:20 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:163:1:163:11 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:164:1:164:40 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:164:31:164:39 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:165:1:165:11 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:167:1:169:3 | self in splatSideEffect | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:171:17:171:25 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:172:1:172:19 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:173:1:173:25 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:174:1:174:19 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:177:1:177:11 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:178:1:178:30 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:178:21:178:29 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:179:1:179:11 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:181:1:183:3 | self in positionSideEffect | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:185:14:185:22 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:186:1:186:16 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:187:1:187:25 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:188:1:188:16 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:191:1:191:11 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:192:1:192:33 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:192:24:192:32 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:193:1:193:11 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:196:10:196:18 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:200:1:205:3 | self (foo) | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:200:1:205:3 | self in foo | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:201:5:201:15 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:202:5:202:15 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:203:5:203:15 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:204:5:204:15 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:207:1:207:14 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:227:11:227:19 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:227:22:227:30 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:227:36:227:44 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:227:51:227:59 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:227:66:227:74 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:227:77:229:3 | self | +| params_flow.rb:1:1:229:4 | self in params_flow.rb | params_flow.rb:228:5:228:11 | self | | params_flow.rb:1:11:1:11 | x | params_flow.rb:1:11:1:11 | x | | params_flow.rb:1:11:1:11 | x | params_flow.rb:1:11:1:11 | x | | params_flow.rb:1:11:1:11 | x | params_flow.rb:1:11:1:11 | x | @@ -3474,6 +3688,14 @@ trackEnd | params_flow.rb:1:11:1:11 | x | params_flow.rb:200:9:200:9 | x | | params_flow.rb:1:11:1:11 | x | params_flow.rb:201:11:201:11 | x | | params_flow.rb:1:11:1:11 | x | params_flow.rb:202:11:202:11 | x | +| params_flow.rb:1:11:1:11 | x | params_flow.rb:217:15:217:23 | call to taint | +| params_flow.rb:1:11:1:11 | x | params_flow.rb:222:11:222:11 | x | +| params_flow.rb:1:11:1:11 | x | params_flow.rb:222:21:222:22 | k1 | +| params_flow.rb:1:11:1:11 | x | params_flow.rb:227:11:227:19 | call to taint | +| params_flow.rb:1:11:1:11 | x | params_flow.rb:227:22:227:30 | call to taint | +| params_flow.rb:1:11:1:11 | x | params_flow.rb:227:36:227:44 | call to taint | +| params_flow.rb:1:11:1:11 | x | params_flow.rb:227:51:227:59 | call to taint | +| params_flow.rb:1:11:1:11 | x | params_flow.rb:227:66:227:74 | call to taint | | params_flow.rb:5:1:7:3 | &block | params_flow.rb:5:1:7:3 | &block | | params_flow.rb:5:1:7:3 | self in sink | params_flow.rb:5:1:7:3 | self (sink) | | params_flow.rb:5:1:7:3 | self in sink | params_flow.rb:5:1:7:3 | self in sink | @@ -3570,6 +3792,13 @@ trackEnd | params_flow.rb:6:5:6:10 | call to puts | params_flow.rb:203:5:203:15 | call to sink | | params_flow.rb:6:5:6:10 | call to puts | params_flow.rb:204:5:204:15 | call to sink | | params_flow.rb:6:5:6:10 | call to puts | params_flow.rb:207:1:207:14 | call to foo | +| params_flow.rb:6:5:6:10 | call to puts | params_flow.rb:211:9:211:15 | call to sink | +| params_flow.rb:6:5:6:10 | call to puts | params_flow.rb:212:9:212:21 | call to sink | +| params_flow.rb:6:5:6:10 | call to puts | params_flow.rb:213:9:213:21 | call to sink | +| params_flow.rb:6:5:6:10 | call to puts | params_flow.rb:214:9:214:21 | call to sink | +| params_flow.rb:6:5:6:10 | call to puts | params_flow.rb:215:9:215:16 | call to sink | +| params_flow.rb:6:5:6:10 | call to puts | params_flow.rb:216:9:216:25 | call to sink | +| params_flow.rb:6:5:6:10 | call to puts | params_flow.rb:228:5:228:11 | call to sink | | params_flow.rb:6:5:6:10 | synthetic splat argument | params_flow.rb:6:5:6:10 | synthetic splat argument | | params_flow.rb:9:1:12:3 | &block | params_flow.rb:9:1:12:3 | &block | | params_flow.rb:9:1:12:3 | positional | params_flow.rb:9:1:12:3 | positional | @@ -6205,5 +6434,184 @@ trackEnd | params_flow.rb:207:1:207:14 | call to foo | params_flow.rb:207:1:207:14 | call to foo | | params_flow.rb:207:5:207:13 | * ... | params_flow.rb:200:1:205:3 | synthetic splat parameter | | params_flow.rb:207:5:207:13 | * ... | params_flow.rb:207:5:207:13 | * ... | +| params_flow.rb:209:1:219:3 | self (Sup) | params_flow.rb:209:1:219:3 | self (Sup) | +| params_flow.rb:210:5:218:7 | &block | params_flow.rb:210:5:218:7 | &block | +| params_flow.rb:210:5:218:7 | &block | params_flow.rb:217:9:217:23 | yield block argument | +| params_flow.rb:210:5:218:7 | m | params_flow.rb:209:1:219:3 | Sup | +| params_flow.rb:210:5:218:7 | m | params_flow.rb:210:5:218:7 | m | +| params_flow.rb:210:5:218:7 | self in m | params_flow.rb:1:1:3:3 | self in taint | +| params_flow.rb:210:5:218:7 | self in m | params_flow.rb:5:1:7:3 | self (sink) | +| params_flow.rb:210:5:218:7 | self in m | params_flow.rb:5:1:7:3 | self in sink | +| params_flow.rb:210:5:218:7 | self in m | params_flow.rb:6:5:6:10 | self | +| params_flow.rb:210:5:218:7 | self in m | params_flow.rb:210:5:218:7 | self (m) | +| params_flow.rb:210:5:218:7 | self in m | params_flow.rb:210:5:218:7 | self in m | +| params_flow.rb:210:5:218:7 | self in m | params_flow.rb:211:9:211:15 | self | +| params_flow.rb:210:5:218:7 | self in m | params_flow.rb:212:9:212:21 | self | +| params_flow.rb:210:5:218:7 | self in m | params_flow.rb:213:9:213:21 | self | +| params_flow.rb:210:5:218:7 | self in m | params_flow.rb:214:9:214:21 | self | +| params_flow.rb:210:5:218:7 | self in m | params_flow.rb:215:9:215:16 | self | +| params_flow.rb:210:5:218:7 | self in m | params_flow.rb:216:9:216:25 | self | +| params_flow.rb:210:5:218:7 | self in m | params_flow.rb:217:15:217:23 | self | +| params_flow.rb:210:5:218:7 | synthetic hash-splat parameter | params_flow.rb:210:5:218:7 | synthetic hash-splat parameter | +| params_flow.rb:210:5:218:7 | synthetic splat parameter | params_flow.rb:210:5:218:7 | synthetic splat parameter | +| params_flow.rb:210:11:210:11 | x | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:210:11:210:11 | x | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:210:11:210:11 | x | params_flow.rb:6:10:6:10 | x | +| params_flow.rb:210:11:210:11 | x | params_flow.rb:210:11:210:11 | x | +| params_flow.rb:210:11:210:11 | x | params_flow.rb:210:11:210:11 | x | +| params_flow.rb:210:11:210:11 | x | params_flow.rb:210:11:210:11 | x | +| params_flow.rb:210:11:210:11 | x | params_flow.rb:211:14:211:14 | x | +| params_flow.rb:210:14:210:18 | *rest | params_flow.rb:210:14:210:18 | *rest | +| params_flow.rb:210:14:210:18 | *rest | params_flow.rb:210:15:210:18 | rest | +| params_flow.rb:210:14:210:18 | *rest | params_flow.rb:212:14:212:17 | rest | +| params_flow.rb:210:14:210:18 | *rest | params_flow.rb:213:14:213:17 | rest | +| params_flow.rb:210:14:210:18 | *rest | params_flow.rb:214:14:214:17 | rest | +| params_flow.rb:210:15:210:18 | rest | params_flow.rb:210:15:210:18 | rest | +| params_flow.rb:210:21:210:22 | k1 | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:210:21:210:22 | k1 | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:210:21:210:22 | k1 | params_flow.rb:6:10:6:10 | x | +| params_flow.rb:210:21:210:22 | k1 | params_flow.rb:210:21:210:22 | k1 | +| params_flow.rb:210:21:210:22 | k1 | params_flow.rb:210:21:210:22 | k1 | +| params_flow.rb:210:21:210:22 | k1 | params_flow.rb:210:21:210:22 | k1 | +| params_flow.rb:210:21:210:22 | k1 | params_flow.rb:215:14:215:15 | k1 | +| params_flow.rb:210:26:210:33 | **kwargs | params_flow.rb:210:26:210:33 | **kwargs | +| params_flow.rb:210:26:210:33 | **kwargs | params_flow.rb:210:28:210:33 | kwargs | +| params_flow.rb:210:26:210:33 | **kwargs | params_flow.rb:216:14:216:19 | kwargs | +| params_flow.rb:210:28:210:33 | kwargs | params_flow.rb:210:28:210:33 | kwargs | +| params_flow.rb:211:9:211:15 | call to sink | params_flow.rb:211:9:211:15 | call to sink | +| params_flow.rb:211:9:211:15 | synthetic splat argument | params_flow.rb:211:9:211:15 | synthetic splat argument | +| params_flow.rb:212:9:212:21 | call to sink | params_flow.rb:212:9:212:21 | call to sink | +| params_flow.rb:212:9:212:21 | synthetic splat argument | params_flow.rb:212:9:212:21 | synthetic splat argument | +| params_flow.rb:212:14:212:20 | ...[...] | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:212:14:212:20 | ...[...] | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:212:14:212:20 | ...[...] | params_flow.rb:6:10:6:10 | x | +| params_flow.rb:212:14:212:20 | ...[...] | params_flow.rb:212:14:212:20 | ...[...] | +| params_flow.rb:212:14:212:20 | synthetic splat argument | params_flow.rb:212:14:212:20 | synthetic splat argument | +| params_flow.rb:212:19:212:19 | 0 | params_flow.rb:212:19:212:19 | 0 | +| params_flow.rb:213:9:213:21 | call to sink | params_flow.rb:213:9:213:21 | call to sink | +| params_flow.rb:213:9:213:21 | synthetic splat argument | params_flow.rb:213:9:213:21 | synthetic splat argument | +| params_flow.rb:213:14:213:20 | ...[...] | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:213:14:213:20 | ...[...] | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:213:14:213:20 | ...[...] | params_flow.rb:6:10:6:10 | x | +| params_flow.rb:213:14:213:20 | ...[...] | params_flow.rb:213:14:213:20 | ...[...] | +| params_flow.rb:213:14:213:20 | synthetic splat argument | params_flow.rb:213:14:213:20 | synthetic splat argument | +| params_flow.rb:213:19:213:19 | 1 | params_flow.rb:213:19:213:19 | 1 | +| params_flow.rb:214:9:214:21 | call to sink | params_flow.rb:214:9:214:21 | call to sink | +| params_flow.rb:214:9:214:21 | synthetic splat argument | params_flow.rb:214:9:214:21 | synthetic splat argument | +| params_flow.rb:214:14:214:20 | ...[...] | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:214:14:214:20 | ...[...] | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:214:14:214:20 | ...[...] | params_flow.rb:6:10:6:10 | x | +| params_flow.rb:214:14:214:20 | ...[...] | params_flow.rb:214:14:214:20 | ...[...] | +| params_flow.rb:214:14:214:20 | synthetic splat argument | params_flow.rb:214:14:214:20 | synthetic splat argument | +| params_flow.rb:214:19:214:19 | 2 | params_flow.rb:214:19:214:19 | 2 | +| params_flow.rb:215:9:215:16 | call to sink | params_flow.rb:215:9:215:16 | call to sink | +| params_flow.rb:215:9:215:16 | synthetic splat argument | params_flow.rb:215:9:215:16 | synthetic splat argument | +| params_flow.rb:216:9:216:25 | call to sink | params_flow.rb:216:9:216:25 | call to sink | +| params_flow.rb:216:9:216:25 | synthetic splat argument | params_flow.rb:216:9:216:25 | synthetic splat argument | +| params_flow.rb:216:14:216:24 | ...[...] | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:216:14:216:24 | ...[...] | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:216:14:216:24 | ...[...] | params_flow.rb:6:10:6:10 | x | +| params_flow.rb:216:14:216:24 | ...[...] | params_flow.rb:216:14:216:24 | ...[...] | +| params_flow.rb:216:14:216:24 | synthetic splat argument | params_flow.rb:216:14:216:24 | synthetic splat argument | +| params_flow.rb:216:21:216:23 | :k2 | params_flow.rb:216:21:216:23 | :k2 | +| params_flow.rb:217:9:217:23 | synthetic splat argument | params_flow.rb:217:9:217:23 | synthetic splat argument | +| params_flow.rb:217:9:217:23 | yield ... | params_flow.rb:217:9:217:23 | yield ... | +| params_flow.rb:217:9:217:23 | yield ... | params_flow.rb:223:9:223:13 | super call to m | +| params_flow.rb:217:9:217:23 | yield ... | params_flow.rb:227:1:229:3 | call to m | +| params_flow.rb:217:9:217:23 | yield block argument | params_flow.rb:217:9:217:23 | yield block argument | +| params_flow.rb:217:15:217:23 | call to taint | params_flow.rb:217:15:217:23 | call to taint | +| params_flow.rb:217:15:217:23 | synthetic splat argument | params_flow.rb:217:15:217:23 | synthetic splat argument | +| params_flow.rb:217:21:217:22 | 86 | params_flow.rb:1:11:1:11 | x | +| params_flow.rb:217:21:217:22 | 86 | params_flow.rb:1:11:1:11 | x | +| params_flow.rb:217:21:217:22 | 86 | params_flow.rb:2:5:2:5 | x | +| params_flow.rb:217:21:217:22 | 86 | params_flow.rb:217:15:217:23 | call to taint | +| params_flow.rb:217:21:217:22 | 86 | params_flow.rb:217:21:217:22 | 86 | +| params_flow.rb:221:1:225:3 | self (Sub) | params_flow.rb:221:1:225:3 | self (Sub) | +| params_flow.rb:221:13:221:15 | Sup | params_flow.rb:221:13:221:15 | Sup | +| params_flow.rb:222:5:224:7 | &block | params_flow.rb:222:5:224:7 | &block | +| params_flow.rb:222:5:224:7 | m | params_flow.rb:221:1:225:3 | Sub | +| params_flow.rb:222:5:224:7 | m | params_flow.rb:222:5:224:7 | m | +| params_flow.rb:222:5:224:7 | self in m | params_flow.rb:222:5:224:7 | self in m | +| params_flow.rb:222:5:224:7 | synthetic hash-splat parameter | params_flow.rb:222:5:224:7 | synthetic hash-splat parameter | +| params_flow.rb:222:5:224:7 | synthetic splat parameter | params_flow.rb:222:5:224:7 | synthetic splat parameter | +| params_flow.rb:222:11:222:11 | x | params_flow.rb:222:11:222:11 | x | +| params_flow.rb:222:11:222:11 | x | params_flow.rb:222:11:222:11 | x | +| params_flow.rb:222:14:222:18 | *rest | params_flow.rb:222:14:222:18 | *rest | +| params_flow.rb:222:15:222:18 | rest | params_flow.rb:222:15:222:18 | rest | +| params_flow.rb:222:21:222:22 | k1 | params_flow.rb:222:21:222:22 | k1 | +| params_flow.rb:222:21:222:22 | k1 | params_flow.rb:222:21:222:22 | k1 | +| params_flow.rb:222:26:222:33 | **kwargs | params_flow.rb:222:26:222:33 | **kwargs | +| params_flow.rb:222:28:222:33 | kwargs | params_flow.rb:222:28:222:33 | kwargs | +| params_flow.rb:223:9:223:13 | super call to m | params_flow.rb:223:9:223:13 | super call to m | +| params_flow.rb:223:9:223:13 | super call to m | params_flow.rb:227:1:229:3 | call to m | +| params_flow.rb:227:1:227:3 | Sub | params_flow.rb:227:1:227:3 | Sub | +| params_flow.rb:227:1:227:7 | call to new | params_flow.rb:222:5:224:7 | self in m | +| params_flow.rb:227:1:227:7 | call to new | params_flow.rb:227:1:227:7 | call to new | +| params_flow.rb:227:1:229:3 | call to m | params_flow.rb:227:1:229:3 | call to m | +| params_flow.rb:227:1:229:3 | synthetic hash-splat argument | params_flow.rb:222:26:222:33 | **kwargs | +| params_flow.rb:227:1:229:3 | synthetic hash-splat argument | params_flow.rb:227:1:229:3 | synthetic hash-splat argument | +| params_flow.rb:227:1:229:3 | synthetic splat argument | params_flow.rb:222:5:224:7 | synthetic splat parameter | +| params_flow.rb:227:1:229:3 | synthetic splat argument | params_flow.rb:227:1:229:3 | synthetic splat argument | +| params_flow.rb:227:11:227:19 | call to taint | params_flow.rb:222:11:222:11 | x | +| params_flow.rb:227:11:227:19 | call to taint | params_flow.rb:227:11:227:19 | call to taint | +| params_flow.rb:227:11:227:19 | synthetic splat argument | params_flow.rb:227:11:227:19 | synthetic splat argument | +| params_flow.rb:227:17:227:18 | 81 | params_flow.rb:1:11:1:11 | x | +| params_flow.rb:227:17:227:18 | 81 | params_flow.rb:1:11:1:11 | x | +| params_flow.rb:227:17:227:18 | 81 | params_flow.rb:2:5:2:5 | x | +| params_flow.rb:227:17:227:18 | 81 | params_flow.rb:222:11:222:11 | x | +| params_flow.rb:227:17:227:18 | 81 | params_flow.rb:227:11:227:19 | call to taint | +| params_flow.rb:227:17:227:18 | 81 | params_flow.rb:227:17:227:18 | 81 | +| params_flow.rb:227:22:227:30 | call to taint | params_flow.rb:227:22:227:30 | call to taint | +| params_flow.rb:227:22:227:30 | synthetic splat argument | params_flow.rb:227:22:227:30 | synthetic splat argument | +| params_flow.rb:227:28:227:29 | 82 | params_flow.rb:1:11:1:11 | x | +| params_flow.rb:227:28:227:29 | 82 | params_flow.rb:1:11:1:11 | x | +| params_flow.rb:227:28:227:29 | 82 | params_flow.rb:2:5:2:5 | x | +| params_flow.rb:227:28:227:29 | 82 | params_flow.rb:227:22:227:30 | call to taint | +| params_flow.rb:227:28:227:29 | 82 | params_flow.rb:227:28:227:29 | 82 | +| params_flow.rb:227:33:227:33 | 0 | params_flow.rb:227:33:227:33 | 0 | +| params_flow.rb:227:36:227:44 | call to taint | params_flow.rb:227:36:227:44 | call to taint | +| params_flow.rb:227:36:227:44 | synthetic splat argument | params_flow.rb:227:36:227:44 | synthetic splat argument | +| params_flow.rb:227:42:227:43 | 83 | params_flow.rb:1:11:1:11 | x | +| params_flow.rb:227:42:227:43 | 83 | params_flow.rb:1:11:1:11 | x | +| params_flow.rb:227:42:227:43 | 83 | params_flow.rb:2:5:2:5 | x | +| params_flow.rb:227:42:227:43 | 83 | params_flow.rb:227:36:227:44 | call to taint | +| params_flow.rb:227:42:227:43 | 83 | params_flow.rb:227:42:227:43 | 83 | +| params_flow.rb:227:47:227:48 | :k1 | params_flow.rb:227:47:227:48 | :k1 | +| params_flow.rb:227:47:227:59 | Pair | params_flow.rb:227:47:227:59 | Pair | +| params_flow.rb:227:51:227:59 | call to taint | params_flow.rb:222:21:222:22 | k1 | +| params_flow.rb:227:51:227:59 | call to taint | params_flow.rb:227:51:227:59 | call to taint | +| params_flow.rb:227:51:227:59 | synthetic splat argument | params_flow.rb:227:51:227:59 | synthetic splat argument | +| params_flow.rb:227:57:227:58 | 84 | params_flow.rb:1:11:1:11 | x | +| params_flow.rb:227:57:227:58 | 84 | params_flow.rb:1:11:1:11 | x | +| params_flow.rb:227:57:227:58 | 84 | params_flow.rb:2:5:2:5 | x | +| params_flow.rb:227:57:227:58 | 84 | params_flow.rb:222:21:222:22 | k1 | +| params_flow.rb:227:57:227:58 | 84 | params_flow.rb:227:51:227:59 | call to taint | +| params_flow.rb:227:57:227:58 | 84 | params_flow.rb:227:57:227:58 | 84 | +| params_flow.rb:227:62:227:63 | :k2 | params_flow.rb:227:62:227:63 | :k2 | +| params_flow.rb:227:62:227:74 | Pair | params_flow.rb:227:62:227:74 | Pair | +| params_flow.rb:227:66:227:74 | call to taint | params_flow.rb:227:66:227:74 | call to taint | +| params_flow.rb:227:66:227:74 | synthetic splat argument | params_flow.rb:227:66:227:74 | synthetic splat argument | +| params_flow.rb:227:72:227:73 | 85 | params_flow.rb:1:11:1:11 | x | +| params_flow.rb:227:72:227:73 | 85 | params_flow.rb:1:11:1:11 | x | +| params_flow.rb:227:72:227:73 | 85 | params_flow.rb:2:5:2:5 | x | +| params_flow.rb:227:72:227:73 | 85 | params_flow.rb:227:66:227:74 | call to taint | +| params_flow.rb:227:72:227:73 | 85 | params_flow.rb:227:72:227:73 | 85 | +| params_flow.rb:227:77:229:3 | self | params_flow.rb:5:1:7:3 | self (sink) | +| params_flow.rb:227:77:229:3 | self | params_flow.rb:5:1:7:3 | self in sink | +| params_flow.rb:227:77:229:3 | self | params_flow.rb:6:5:6:10 | self | +| params_flow.rb:227:77:229:3 | self | params_flow.rb:227:77:229:3 | self | +| params_flow.rb:227:77:229:3 | self | params_flow.rb:228:5:228:11 | self | +| params_flow.rb:227:77:229:3 | do ... end | params_flow.rb:222:5:224:7 | &block | +| params_flow.rb:227:77:229:3 | do ... end | params_flow.rb:227:77:229:3 | do ... end | +| params_flow.rb:227:77:229:3 | synthetic splat parameter | params_flow.rb:227:77:229:3 | synthetic splat parameter | +| params_flow.rb:227:81:227:81 | x | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:81:227:81 | x | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:81:227:81 | x | params_flow.rb:6:10:6:10 | x | +| params_flow.rb:227:81:227:81 | x | params_flow.rb:227:81:227:81 | x | +| params_flow.rb:227:81:227:81 | x | params_flow.rb:227:81:227:81 | x | +| params_flow.rb:227:81:227:81 | x | params_flow.rb:227:81:227:81 | x | +| params_flow.rb:227:81:227:81 | x | params_flow.rb:228:10:228:10 | x | +| params_flow.rb:228:5:228:11 | call to sink | params_flow.rb:228:5:228:11 | call to sink | +| params_flow.rb:228:5:228:11 | synthetic splat argument | params_flow.rb:228:5:228:11 | synthetic splat argument | forwardButNoBackwardFlow backwardButNoForwardFlow diff --git a/ruby/ql/test/library-tests/dataflow/params/params_flow.rb b/ruby/ql/test/library-tests/dataflow/params/params_flow.rb index 65b663a7c4e..c4ced767fdf 100644 --- a/ruby/ql/test/library-tests/dataflow/params/params_flow.rb +++ b/ruby/ql/test/library-tests/dataflow/params/params_flow.rb @@ -205,3 +205,25 @@ def foo(x, y) end foo(*int_hash) + +class Sup + def m(x, *rest, k1:, **kwargs) + sink(x) # $ MISSING: hasValueFlow=81 + sink(rest[0]) # $ MISSING: hasValueFlow=82 + sink(rest[1]) + sink(rest[2]) # $ MISSING: hasValueFlow=83 + sink(k1) # $ MISSING: hasValueFlow=84 + sink(kwargs[:k2]) # $ MISSING: hasValueFlow=85 + yield taint(86) + end +end + +class Sub < Sup + def m(x, *rest, k1:, **kwargs) + super + end +end + +Sub.new.m(taint(81), taint(82), 0, taint(83), k1: taint(84), k2: taint(85)) do |x| + sink(x) # $ MISSING: hasValueFlow=86 +end From 65a11984bdeaf6ebb5856ce155a8d28ae479afe1 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Wed, 2 Apr 2025 19:55:07 +0200 Subject: [PATCH 198/409] Ruby: Synthesize implicit super arguments --- ruby/ql/lib/codeql/ruby/ast/Expr.qll | 25 +- ruby/ql/lib/codeql/ruby/ast/Literal.qll | 4 +- ruby/ql/lib/codeql/ruby/ast/Operation.qll | 4 - ruby/ql/lib/codeql/ruby/ast/internal/AST.qll | 41 ++- ruby/ql/lib/codeql/ruby/ast/internal/Call.qll | 48 ++- ruby/ql/lib/codeql/ruby/ast/internal/Expr.qll | 35 +++ .../lib/codeql/ruby/ast/internal/Literal.qll | 20 +- .../codeql/ruby/ast/internal/Operation.qll | 24 +- .../codeql/ruby/ast/internal/Synthesis.qll | 151 ++++++++- .../lib/codeql/ruby/ast/internal/Variable.qll | 41 +-- .../internal/ControlFlowGraphImpl.qll | 5 +- .../dataflow/internal/DataFlowPrivate.qll | 59 +++- ruby/ql/test/library-tests/ast/Ast.expected | 8 + .../test/library-tests/ast/ValueText.expected | 2 + .../dataflow/params/TypeTracker.expected | 294 ++++++++++++++++++ .../dataflow/params/params-flow.expected | 68 ++++ .../dataflow/params/params_flow.rb | 12 +- 17 files changed, 756 insertions(+), 85 deletions(-) diff --git a/ruby/ql/lib/codeql/ruby/ast/Expr.qll b/ruby/ql/lib/codeql/ruby/ast/Expr.qll index 3e17c573b50..5f916fbec5c 100644 --- a/ruby/ql/lib/codeql/ruby/ast/Expr.qll +++ b/ruby/ql/lib/codeql/ruby/ast/Expr.qll @@ -248,13 +248,7 @@ class ParenthesizedExpr extends StmtSequence, TParenthesizedExpr { * baz(qux: 1) * ``` */ -class Pair extends Expr, TPair { - private Ruby::Pair g; - - Pair() { this = TPair(g) } - - final override string getAPrimaryQlClass() { result = "Pair" } - +class Pair extends Expr instanceof PairImpl { /** * Gets the key expression of this pair. For example, the `SymbolLiteral` * representing the keyword `foo` in the following example: @@ -266,7 +260,7 @@ class Pair extends Expr, TPair { * { 'foo' => 123 } * ``` */ - final Expr getKey() { toGenerated(result) = g.getKey() } + final Expr getKey() { result = PairImpl.super.getKey() } /** * Gets the value expression of this pair. For example, the `IntegerLiteral` @@ -275,20 +269,9 @@ class Pair extends Expr, TPair { * { 'foo' => 123 } * ``` */ - final Expr getValue() { - toGenerated(result) = g.getValue() or - synthChild(this, 0, result) - } + final Expr getValue() { result = PairImpl.super.getValue() } - final override string toString() { result = "Pair" } - - final override AstNode getAChild(string pred) { - result = super.getAChild(pred) - or - pred = "getKey" and result = this.getKey() - or - pred = "getValue" and result = this.getValue() - } + final override string getAPrimaryQlClass() { result = "Pair" } } /** diff --git a/ruby/ql/lib/codeql/ruby/ast/Literal.qll b/ruby/ql/lib/codeql/ruby/ast/Literal.qll index 059db251fc4..cdeae9e64a6 100644 --- a/ruby/ql/lib/codeql/ruby/ast/Literal.qll +++ b/ruby/ql/lib/codeql/ruby/ast/Literal.qll @@ -305,7 +305,9 @@ class StringlikeLiteral extends Literal instanceof StringlikeLiteralImpl { final override AstNode getAChild(string pred) { result = Literal.super.getAChild(pred) or - pred = "getComponent" and result = this.getComponent(_) + pred = "getComponent" and + result = this.getComponent(_) and + not this instanceof SimpleSymbolLiteralSynth } } diff --git a/ruby/ql/lib/codeql/ruby/ast/Operation.qll b/ruby/ql/lib/codeql/ruby/ast/Operation.qll index e5c68b72c8f..2e005a207e3 100644 --- a/ruby/ql/lib/codeql/ruby/ast/Operation.qll +++ b/ruby/ql/lib/codeql/ruby/ast/Operation.qll @@ -92,10 +92,6 @@ class SplatExpr extends UnaryOperation, TSplatExpr { * ``` */ class HashSplatExpr extends UnaryOperation, THashSplatExpr { - private Ruby::HashSplatArgument g; - - HashSplatExpr() { this = THashSplatExpr(g) } - final override string getAPrimaryQlClass() { result = "HashSplatExpr" } } diff --git a/ruby/ql/lib/codeql/ruby/ast/internal/AST.qll b/ruby/ql/lib/codeql/ruby/ast/internal/AST.qll index 91f20773917..badcf1d6c6f 100644 --- a/ruby/ql/lib/codeql/ruby/ast/internal/AST.qll +++ b/ruby/ql/lib/codeql/ruby/ast/internal/AST.qll @@ -164,7 +164,8 @@ private module Cached { THashKeySymbolLiteral(Ruby::HashKeySymbol g) or THashLiteral(Ruby::Hash g) or THashPattern(Ruby::HashPattern g) or - THashSplatExpr(Ruby::HashSplatArgument g) or + THashSplatExprReal(Ruby::HashSplatArgument g) or + THashSplatExprSynth(Ast::AstNode parent, int i) { mkSynthChild(HashSplatExprKind(), parent, i) } or THashSplatNilParameter(Ruby::HashSplatNil g) { not g.getParent() instanceof Ruby::HashPattern } or THashSplatParameter(Ruby::HashSplatParameter g) { not g.getParent() instanceof Ruby::HashPattern @@ -232,7 +233,8 @@ private module Cached { TNotExprReal(Ruby::Unary g) { g instanceof @ruby_unary_bang or g instanceof @ruby_unary_not } or TNotExprSynth(Ast::AstNode parent, int i) { mkSynthChild(NotExprKind(), parent, i) } or TOptionalParameter(Ruby::OptionalParameter g) or - TPair(Ruby::Pair g) or + TPairReal(Ruby::Pair g) or + TPairSynth(Ast::AstNode parent, int i) { mkSynthChild(PairExprKind(), parent, i) } or TParenthesizedExpr(Ruby::ParenthesizedStatements g) or TParenthesizedPattern(Ruby::ParenthesizedPattern g) or TRShiftExprReal(Ruby::Binary g) { g instanceof @ruby_binary_ranglerangle } or @@ -274,7 +276,10 @@ private module Cached { TSimpleParameterSynth(Ast::AstNode parent, int i) { mkSynthChild(SimpleParameterKind(), parent, i) } or - TSimpleSymbolLiteral(Ruby::SimpleSymbol g) or + TSimpleSymbolLiteralReal(Ruby::SimpleSymbol g) or + TSimpleSymbolLiteralSynth(Ast::AstNode parent, int i, string value) { + mkSynthChild(SymbolLiteralExprKind(value), parent, i) + } or TSingletonClass(Ruby::SingletonClass g) or TSingletonMethod(Ruby::SingletonMethod g) or TSpaceshipExpr(Ruby::Binary g) { g instanceof @ruby_binary_langleequalrangle } or @@ -362,19 +367,19 @@ private module Cached { TEnsure or TEqExpr or TExponentExprReal or TFalseLiteral or TFile or TFindPattern or TFloatLiteral or TForExpr or TForwardParameter or TForwardArgument or TGEExpr or TGTExpr or TGlobalVariableAccessReal or THashKeySymbolLiteral or THashLiteral or THashPattern or - THashSplatExpr or THashSplatNilParameter or THashSplatParameter or THereDoc or + THashSplatExprReal or THashSplatNilParameter or THashSplatParameter or THereDoc or TIdentifierMethodCall or TIfReal or TIfModifierExpr or TInClauseReal or TInstanceVariableAccessReal or TIntegerLiteralReal or TKeywordParameter or TLEExpr or TLShiftExprReal or TLTExpr or TLambda or TLeftAssignmentList or TLine or TLocalVariableAccessReal or TLogicalAndExprReal or TLogicalOrExprReal or TMethod or TMatchPattern or TModuleDeclaration or TModuloExprReal or TMulExprReal or TNEExpr or TNextStmt or TNilLiteralReal or TNoRegExpMatchExpr or TNotExprReal or TOptionalParameter or - TPair or TParenthesizedExpr or TParenthesizedPattern or TRShiftExprReal or + TPairReal or TParenthesizedExpr or TParenthesizedPattern or TRShiftExprReal or TRangeLiteralReal or TRationalLiteral or TRedoStmt or TRegExpLiteral or TRegExpMatchExpr or TRegularArrayLiteral or TRegularMethodCall or TRegularStringLiteral or TRegularSuperCall or TRescueClause or TRescueModifierExpr or TRetryStmt or TReturnStmt or TScopeResolutionConstantAccess or TSelfReal or TSimpleParameterReal or - TSimpleSymbolLiteral or TSingletonClass or TSingletonMethod or TSpaceshipExpr or + TSimpleSymbolLiteralReal or TSingletonClass or TSingletonMethod or TSpaceshipExpr or TSplatExprReal or TSplatParameter or TStringArrayLiteral or TStringConcatenation or TStringEscapeSequenceComponent or TStringInterpolationComponent or TStringTextComponent or TSubExprReal or TSubshellLiteral or TSymbolArrayLiteral or TTernaryIfExpr or TTestPattern or @@ -392,7 +397,8 @@ private module Cached { TLShiftExprSynth or TLocalVariableAccessSynth or TLogicalAndExprSynth or TLogicalOrExprSynth or TMethodCallSynth or TModuloExprSynth or TMulExprSynth or TNilLiteralSynth or TRShiftExprSynth or TRangeLiteralSynth or TSelfSynth or - TSimpleParameterSynth or TSplatExprSynth or TStmtSequenceSynth or TSubExprSynth; + TSimpleParameterSynth or TSplatExprSynth or THashSplatExprSynth or TStmtSequenceSynth or + TSubExprSynth or TPairSynth or TSimpleSymbolLiteralSynth; /** * Gets the underlying TreeSitter entity for a given AST node. This does not @@ -468,7 +474,7 @@ private module Cached { n = THashKeySymbolLiteral(result) or n = THashLiteral(result) or n = THashPattern(result) or - n = THashSplatExpr(result) or + n = THashSplatExprReal(result) or n = THashSplatNilParameter(result) or n = THashSplatParameter(result) or n = THereDoc(result) or @@ -499,7 +505,7 @@ private module Cached { n = TNoRegExpMatchExpr(result) or n = TNotExprReal(result) or n = TOptionalParameter(result) or - n = TPair(result) or + n = TPairReal(result) or n = TParenthesizedExpr(result) or n = TParenthesizedPattern(result) or n = TRangeLiteralReal(result) or @@ -519,7 +525,7 @@ private module Cached { n = TScopeResolutionConstantAccess(result, _) or n = TSelfReal(result) or n = TSimpleParameterReal(result) or - n = TSimpleSymbolLiteral(result) or + n = TSimpleSymbolLiteralReal(result) or n = TSingletonClass(result) or n = TSingletonMethod(result) or n = TSpaceshipExpr(result) or @@ -633,9 +639,15 @@ private module Cached { or result = TSplatExprSynth(parent, i) or + result = THashSplatExprSynth(parent, i) + or result = TStmtSequenceSynth(parent, i) or result = TSubExprSynth(parent, i) + or + result = TPairSynth(parent, i) + or + result = TSimpleSymbolLiteralSynth(parent, i, _) } /** @@ -726,6 +738,8 @@ class TSelf = TSelfReal or TSelfSynth; class TDestructuredLhsExpr = TDestructuredLeftAssignment or TLeftAssignmentList; +class TPair = TPairReal or TPairSynth; + class TExpr = TSelf or TArgumentList or TRescueClause or TRescueModifierExpr or TPair or TStringConcatenation or TCall or TBlockArgument or TConstantAccess or TControlExpr or TLiteral or TCallable or @@ -734,6 +748,8 @@ class TExpr = class TSplatExpr = TSplatExprReal or TSplatExprSynth; +class THashSplatExpr = THashSplatExprReal or THashSplatExprSynth; + class TElse = TElseReal or TElseSynth; class TStmtSequence = @@ -768,13 +784,16 @@ class TStringInterpolationComponent = TStringInterpolationComponentNonRegexp or TStringInterpolationComponentRegexp; class TStringComponent = - TStringTextComponent or TStringEscapeSequenceComponent or TStringInterpolationComponent; + TStringTextComponent or TStringEscapeSequenceComponent or TStringInterpolationComponent or + TSimpleSymbolLiteralSynth; class TStringlikeLiteral = TStringLiteral or TRegExpLiteral or TSymbolLiteral or TSubshellLiteral or THereDoc; class TStringLiteral = TRegularStringLiteral or TBareStringLiteral; +class TSimpleSymbolLiteral = TSimpleSymbolLiteralReal or TSimpleSymbolLiteralSynth; + class TSymbolLiteral = TSimpleSymbolLiteral or TComplexSymbolLiteral or THashKeySymbolLiteral; class TComplexSymbolLiteral = TDelimitedSymbolLiteral or TBareSymbolLiteral; diff --git a/ruby/ql/lib/codeql/ruby/ast/internal/Call.qll b/ruby/ql/lib/codeql/ruby/ast/internal/Call.qll index db97b932a83..5bb34989a90 100644 --- a/ruby/ql/lib/codeql/ruby/ast/internal/Call.qll +++ b/ruby/ql/lib/codeql/ruby/ast/internal/Call.qll @@ -2,6 +2,7 @@ private import TreeSitter private import Variable private import codeql.ruby.AST private import codeql.ruby.ast.internal.AST +private import codeql.ruby.ast.internal.Scope predicate isIdentifierMethodCall(Ruby::Identifier g) { vcall(g) and not access(g, _) } @@ -133,18 +134,61 @@ private string getSuperMethodName(Ruby::Super sup) { ) } +private Ruby::Identifier getParameter(Ruby::Method m, int pos, Ruby::AstNode param) { + scopeDefinesParameterVariable(m, _, result, pos) and + param = m.getParameters().getChild(pos) +} + class TokenSuperCall extends SuperCallImpl, TTokenSuperCall { private Ruby::Super g; TokenSuperCall() { this = TTokenSuperCall(g) } + Ruby::Method getEnclosingMethod() { result = scopeOf(toGenerated(this)).getEnclosingMethod() } + + int getNumberOfImplicitArguments() { + exists(Ruby::Method encl | + encl = this.getEnclosingMethod() and + result = count(getParameter(encl, _, _)) + ) + } + + /** + * Gets the local variable defined by parameter `param` which is used as an + * implicit argument at position `pos`. + * + * For example, in + * + * ```ruby + * class Sup + * def m(x) + * end + * end + * + * class Sub < Sup + * def m(x) + * super + * end + * end + * ``` + * + * `x` is an implicit argument at position 0 of the `super` call in `Sub#m`. + */ + pragma[nomagic] + LocalVariableReal getImplicitArgument(int pos, Ruby::AstNode param) { + exists(Ruby::Method encl | + encl = this.getEnclosingMethod() and + toGenerated(result.getDefiningAccessImpl()) = getParameter(encl, pos, param) + ) + } + final override string getMethodNameImpl() { result = getSuperMethodName(g) } final override Expr getReceiverImpl() { none() } - final override Expr getArgumentImpl(int n) { none() } + final override Expr getArgumentImpl(int n) { synthChild(this, n, result) } - final override int getNumberOfArgumentsImpl() { result = 0 } + final override int getNumberOfArgumentsImpl() { result = this.getNumberOfImplicitArguments() } final override Block getBlockImpl() { none() } } diff --git a/ruby/ql/lib/codeql/ruby/ast/internal/Expr.qll b/ruby/ql/lib/codeql/ruby/ast/internal/Expr.qll index 9e8ca5e8fba..ba4f9e51f4e 100644 --- a/ruby/ql/lib/codeql/ruby/ast/internal/Expr.qll +++ b/ruby/ql/lib/codeql/ruby/ast/internal/Expr.qll @@ -120,3 +120,38 @@ class LeftAssignmentListImpl extends DestructuredLhsExprImpl, Ruby::LeftAssignme ) } } + +abstract class PairImpl extends Expr, TPair { + abstract Expr getKey(); + + abstract Expr getValue(); + + final override string toString() { result = "Pair" } + + final override AstNode getAChild(string pred) { + result = super.getAChild(pred) + or + pred = "getKey" and result = this.getKey() + or + pred = "getValue" and result = this.getValue() + } +} + +class PairReal extends PairImpl, TPairReal { + private Ruby::Pair g; + + PairReal() { this = TPairReal(g) } + + final override Expr getKey() { toGenerated(result) = g.getKey() } + + final override Expr getValue() { + toGenerated(result) = g.getValue() or + synthChild(this, 0, result) + } +} + +class PairSynth extends PairImpl, TPairSynth { + final override Expr getKey() { synthChild(this, 0, result) } + + final override Expr getValue() { synthChild(this, 1, result) } +} diff --git a/ruby/ql/lib/codeql/ruby/ast/internal/Literal.qll b/ruby/ql/lib/codeql/ruby/ast/internal/Literal.qll index debcaf10c51..a82256a0162 100644 --- a/ruby/ql/lib/codeql/ruby/ast/internal/Literal.qll +++ b/ruby/ql/lib/codeql/ruby/ast/internal/Literal.qll @@ -608,16 +608,32 @@ class BareStringLiteral extends StringLiteralImpl, TBareStringLiteral { abstract class SymbolLiteralImpl extends StringlikeLiteralImpl, TSymbolLiteral { } -class SimpleSymbolLiteral extends SymbolLiteralImpl, TSimpleSymbolLiteral { +abstract class SimpleSymbolLiteralImpl extends SymbolLiteralImpl, TSimpleSymbolLiteral { } + +class SimpleSymbolLiteralReal extends SimpleSymbolLiteralImpl, TSimpleSymbolLiteral { private Ruby::SimpleSymbol g; - SimpleSymbolLiteral() { this = TSimpleSymbolLiteral(g) } + SimpleSymbolLiteralReal() { this = TSimpleSymbolLiteralReal(g) } final override StringComponent getComponentImpl(int n) { n = 0 and toGenerated(result) = g } final override string toString() { result = g.getValue() } } +class SimpleSymbolLiteralSynth extends SimpleSymbolLiteralImpl, TSimpleSymbolLiteralSynth, + StringComponentImpl +{ + private string value; + + SimpleSymbolLiteralSynth() { this = TSimpleSymbolLiteralSynth(_, _, value) } + + final override string getValue() { result = value } + + final override StringComponent getComponentImpl(int n) { n = 0 and result = this } + + final override string toString() { result = value } +} + abstract class ComplexSymbolLiteral extends SymbolLiteralImpl, TComplexSymbolLiteral { } class DelimitedSymbolLiteral extends ComplexSymbolLiteral, TDelimitedSymbolLiteral { diff --git a/ruby/ql/lib/codeql/ruby/ast/internal/Operation.qll b/ruby/ql/lib/codeql/ruby/ast/internal/Operation.qll index 6fcf0bfc737..54c763e24d3 100644 --- a/ruby/ql/lib/codeql/ruby/ast/internal/Operation.qll +++ b/ruby/ql/lib/codeql/ruby/ast/internal/Operation.qll @@ -45,36 +45,42 @@ class NotExprSynth extends NotExprImpl, TNotExprSynth { final override Expr getOperandImpl() { synthChild(this, 0, result) } } -class SplatExprReal extends UnaryOperationImpl, TSplatExprReal { +abstract class SplatExprImpl extends UnaryOperationImpl, TSplatExpr { + final override string getOperatorImpl() { result = "*" } +} + +class SplatExprReal extends SplatExprImpl, TSplatExprReal { private Ruby::SplatArgument g; SplatExprReal() { this = TSplatExprReal(g) } - final override string getOperatorImpl() { result = "*" } - final override Expr getOperandImpl() { toGenerated(result) = g.getChild() or synthChild(this, 0, result) } } -class SplatExprSynth extends UnaryOperationImpl, TSplatExprSynth { - final override string getOperatorImpl() { result = "*" } - +class SplatExprSynth extends SplatExprImpl, TSplatExprSynth { final override Expr getOperandImpl() { synthChild(this, 0, result) } } -class HashSplatExprImpl extends UnaryOperationImpl, THashSplatExpr { +abstract class HashSplatExprImpl extends UnaryOperationImpl, THashSplatExpr { + final override string getOperatorImpl() { result = "**" } +} + +class HashSplatExprReal extends HashSplatExprImpl, THashSplatExprReal { private Ruby::HashSplatArgument g; - HashSplatExprImpl() { this = THashSplatExpr(g) } + HashSplatExprReal() { this = THashSplatExprReal(g) } final override Expr getOperandImpl() { toGenerated(result) = g.getChild() or synthChild(this, 0, result) } +} - final override string getOperatorImpl() { result = "**" } +class HashSplatExprSynth extends HashSplatExprImpl, THashSplatExprSynth { + final override Expr getOperandImpl() { synthChild(this, 0, result) } } abstract class DefinedExprImpl extends UnaryOperationImpl, TDefinedExpr { } diff --git a/ruby/ql/lib/codeql/ruby/ast/internal/Synthesis.qll b/ruby/ql/lib/codeql/ruby/ast/internal/Synthesis.qll index f33fb647bf3..5d1ee81c013 100644 --- a/ruby/ql/lib/codeql/ruby/ast/internal/Synthesis.qll +++ b/ruby/ql/lib/codeql/ruby/ast/internal/Synthesis.qll @@ -11,7 +11,7 @@ private import codeql.ruby.ast.internal.Scope private import codeql.ruby.AST /** A synthesized AST node kind. */ -newtype SynthKind = +newtype TSynthKind = AddExprKind() or AssignExprKind() or BitwiseAndExprKind() or @@ -42,16 +42,107 @@ newtype SynthKind = MulExprKind() or NilLiteralKind() or NotExprKind() or + PairExprKind() or RangeLiteralKind(boolean inclusive) { inclusive in [false, true] } or RShiftExprKind() or SimpleParameterKind() or SplatExprKind() or + HashSplatExprKind() or + SymbolLiteralExprKind(string value) { + value = any(Ruby::SimpleSymbol s).getValue() + or + value = any(Ruby::KeywordParameter p).getName().getValue() + } or StmtSequenceKind() or SelfKind(SelfVariable v) or SubExprKind() or ConstantReadAccessKind(string value) { any(Synthesis s).constantReadAccess(value) } or ConstantWriteAccessKind(string value) { any(Synthesis s).constantWriteAccess(value) } +class SynthKind extends TSynthKind { + string toString() { + this = AddExprKind() and result = "AddExprKind" + or + this = AssignExprKind() and result = "AssignExprKind" + or + this = BitwiseAndExprKind() and result = "BitwiseAndExprKind" + or + this = BitwiseOrExprKind() and result = "BitwiseOrExprKind" + or + this = BitwiseXorExprKind() and result = "BitwiseXorExprKind" + or + this = BooleanLiteralKind(_) and result = "BooleanLiteralKind" + or + this = BraceBlockKind() and result = "BraceBlockKind" + or + this = CaseMatchKind() and result = "CaseMatchKind" + or + this = ClassVariableAccessKind(_) and result = "ClassVariableAccessKind" + or + this = DefinedExprKind() and result = "DefinedExprKind" + or + this = DivExprKind() and result = "DivExprKind" + or + this = ElseKind() and result = "ElseKind" + or + this = ExponentExprKind() and result = "ExponentExprKind" + or + this = GlobalVariableAccessKind(_) and result = "GlobalVariableAccessKind" + or + this = IfKind() and result = "IfKind" + or + this = InClauseKind() and result = "InClauseKind" + or + this = InstanceVariableAccessKind(_) and result = "InstanceVariableAccessKind" + or + this = IntegerLiteralKind(_) and result = "IntegerLiteralKind" + or + this = LShiftExprKind() and result = "LShiftExprKind" + or + this = LocalVariableAccessRealKind(_) and result = "LocalVariableAccessRealKind" + or + this = LocalVariableAccessSynthKind(_) and result = "LocalVariableAccessSynthKind" + or + this = LogicalAndExprKind() and result = "LogicalAndExprKind" + or + this = LogicalOrExprKind() and result = "LogicalOrExprKind" + or + this = MethodCallKind(_, _, _) and result = "MethodCallKind" + or + this = ModuloExprKind() and result = "ModuloExprKind" + or + this = MulExprKind() and result = "MulExprKind" + or + this = NilLiteralKind() and result = "NilLiteralKind" + or + this = NotExprKind() and result = "NotExprKind" + or + this = PairExprKind() and result = "PairExprKind" + or + this = RangeLiteralKind(_) and result = "RangeLiteralKind" + or + this = RShiftExprKind() and result = "RShiftExprKind" + or + this = SimpleParameterKind() and result = "SimpleParameterKind" + or + this = SplatExprKind() and result = "SplatExprKind" + or + this = HashSplatExprKind() and result = "HashSplatExprKind" + or + this = SymbolLiteralExprKind(_) and result = "SymbolLiteralExprKind" + or + this = StmtSequenceKind() and result = "StmtSequenceKind" + or + this = SubExprKind() and result = "SubExprKind" + or + this = SelfKind(_) and result = "SelfKind" + or + this = ConstantReadAccessKind(_) and result = "ConstantReadAccessKind" + or + this = ConstantWriteAccessKind(_) and result = "ConstantWriteAccessKind" + } +} + /** * An AST child. * @@ -441,7 +532,7 @@ private module AssignOperationDesugar { pragma[nomagic] SynthKind getVariableAccessKind() { result in [ - LocalVariableAccessRealKind(v).(SynthKind), InstanceVariableAccessKind(v), + LocalVariableAccessRealKind(v).(TSynthKind), InstanceVariableAccessKind(v), ClassVariableAccessKind(v), GlobalVariableAccessKind(v) ] } @@ -1802,3 +1893,59 @@ private module MatchPatternDesugar { } } } + +private module ImplicitSuperArgsSynthesis { + pragma[nomagic] + private predicate superCallSynthesis(AstNode parent, int i, Child child) { + exists(TokenSuperCall call, SynthChild access, int pos, Ruby::AstNode param | + access = SynthChild(LocalVariableAccessRealKind(call.getImplicitArgument(pos, param))) + | + parent = call and + param instanceof Ruby::Identifier and + i = pos and + child = access + or + param instanceof Ruby::SplatParameter and + ( + parent = call and + i = pos and + child = SynthChild(SplatExprKind()) + or + parent = TSplatExprSynth(call, pos) and + i = 0 and + child = access + ) + or + param instanceof Ruby::HashSplatParameter and + ( + parent = call and + i = pos and + child = SynthChild(HashSplatExprKind()) + or + parent = THashSplatExprSynth(call, pos) and + i = 0 and + child = access + ) + or + exists(string name | name = param.(Ruby::KeywordParameter).getName().getValue() | + parent = call and + i = pos and + child = SynthChild(PairExprKind()) + or + parent = TPairSynth(call, pos) and + i = 0 and + child = SynthChild(SymbolLiteralExprKind(name)) + or + parent = TPairSynth(call, pos) and + i = 1 and + child = access + ) + ) + } + + private class SuperCallSynthesis extends Synthesis { + final override predicate child(AstNode parent, int i, Child child) { + superCallSynthesis(parent, i, child) + } + } +} diff --git a/ruby/ql/lib/codeql/ruby/ast/internal/Variable.qll b/ruby/ql/lib/codeql/ruby/ast/internal/Variable.qll index 51e5d4b5630..bea1ddadbfb 100644 --- a/ruby/ql/lib/codeql/ruby/ast/internal/Variable.qll +++ b/ruby/ql/lib/codeql/ruby/ast/internal/Variable.qll @@ -49,11 +49,11 @@ predicate implicitAssignmentNode(Ruby::AstNode n) { } /** Holds if `n` is inside a parameter. */ -predicate implicitParameterAssignmentNode(Ruby::AstNode n, Callable::Range c) { - n = c.getParameter(_) or - n = c.(Ruby::Block).getParameters().getLocals(_) or - n = c.(Ruby::DoBlock).getParameters().getLocals(_) or - implicitParameterAssignmentNode(n.getParent().(Ruby::DestructuredParameter), c) +predicate implicitParameterAssignmentNode(Ruby::AstNode n, Callable::Range c, int pos) { + n = c.getParameter(pos) or + n = c.(Ruby::Block).getParameters().getLocals(pos) or + n = c.(Ruby::DoBlock).getParameters().getLocals(pos) or + implicitParameterAssignmentNode(n.getParent().(Ruby::DestructuredParameter), c, pos) } private predicate instanceVariableAccess( @@ -77,26 +77,29 @@ private ModuleBase::Range enclosingModuleOrClass(Ruby::AstNode node) { exists(Scope::Range s | scopeOf(node) = s and result = s.getEnclosingModule()) } -private predicate parameterAssignment(Callable::Range scope, string name, Ruby::Identifier i) { - implicitParameterAssignmentNode(i, scope) and +private predicate parameterAssignment( + Callable::Range scope, string name, Ruby::Identifier i, int pos +) { + implicitParameterAssignmentNode(i, scope, pos) and name = i.getValue() } /** Holds if `scope` defines `name` in its parameter declaration at `i`. */ -private predicate scopeDefinesParameterVariable( - Callable::Range scope, string name, Ruby::Identifier i +predicate scopeDefinesParameterVariable( + Callable::Range scope, string name, Ruby::Identifier i, int pos ) { // In case of overlapping parameter names (e.g. `_`), only the first // parameter will give rise to a variable i = min(Ruby::Identifier other | - parameterAssignment(scope, name, other) + parameterAssignment(scope, name, other, _) | other order by other.getLocation().getStartLine(), other.getLocation().getStartColumn() - ) + ) and + parameterAssignment(scope, name, _, pos) or exists(Parameter::Range p | - p = scope.getParameter(_) and + p = scope.getParameter(pos) and name = i.getValue() | i = p.(Ruby::BlockParameter).getName() or @@ -153,7 +156,7 @@ private module Cached { ) } or TLocalVariableReal(Scope::Range scope, string name, Ruby::AstNode i) { - scopeDefinesParameterVariable(scope, name, i) + scopeDefinesParameterVariable(scope, name, i, _) or i = min(Ruby::AstNode other | @@ -161,7 +164,7 @@ private module Cached { | other order by other.getLocation().getStartLine(), other.getLocation().getStartColumn() ) and - not scopeDefinesParameterVariable(scope, name, _) and + not scopeDefinesParameterVariable(scope, name, _, _) and not inherits(scope, name, _) } or TSelfVariable(SelfBase::Range scope) or @@ -330,8 +333,8 @@ private module Cached { not access.getLocation().strictlyBefore(variable.getLocationImpl()) and // In case of overlapping parameter names, later parameters should not // be considered accesses to the first parameter - if parameterAssignment(_, _, access) - then scopeDefinesParameterVariable(_, _, access) + if parameterAssignment(_, _, access, _) + then scopeDefinesParameterVariable(_, _, access, _) else any() or exists(Scope::Range declScope | @@ -360,7 +363,7 @@ private module Cached { predicate implicitWriteAccess(Access access) { implicitAssignmentNode(access) or - scopeDefinesParameterVariable(_, _, access) + scopeDefinesParameterVariable(_, _, access, _) } cached @@ -399,11 +402,11 @@ private predicate inherits(Scope::Range scope, string name, Scope::Range outer) scope instanceof Ruby::DoBlock or scope instanceof Ruby::Lambda ) and - not scopeDefinesParameterVariable(scope, name, _) and + not scopeDefinesParameterVariable(scope, name, _, _) and ( outer = scope.getOuterScope() and ( - scopeDefinesParameterVariable(outer, name, _) + scopeDefinesParameterVariable(outer, name, _, _) or exists(Ruby::AstNode i | scopeAssigns(outer, name, i) and diff --git a/ruby/ql/lib/codeql/ruby/controlflow/internal/ControlFlowGraphImpl.qll b/ruby/ql/lib/codeql/ruby/controlflow/internal/ControlFlowGraphImpl.qll index 584e5d1c1ac..dd672ba982d 100644 --- a/ruby/ql/lib/codeql/ruby/controlflow/internal/ControlFlowGraphImpl.qll +++ b/ruby/ql/lib/codeql/ruby/controlflow/internal/ControlFlowGraphImpl.qll @@ -1430,7 +1430,10 @@ module Trees { } private class StringlikeLiteralTree extends StandardPostOrderTree instanceof StringlikeLiteral { - StringlikeLiteralTree() { not this instanceof HereDoc } + StringlikeLiteralTree() { + not this instanceof HereDoc and + not this instanceof AstInternal::TSimpleSymbolLiteralSynth + } final override ControlFlowTree getChildNode(int i) { result = super.getComponent(i) } } diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll index da0c0379717..4045c11ef76 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll @@ -1,6 +1,7 @@ private import codeql.util.Boolean private import codeql.util.Unit private import codeql.ruby.AST +private import codeql.ruby.ast.internal.Call private import codeql.ruby.ast.internal.Synthesis private import codeql.ruby.CFG private import codeql.ruby.dataflow.SSA @@ -468,9 +469,12 @@ private module Cached { TSelfToplevelParameterNode(Toplevel t) or TLambdaSelfReferenceNode(Callable c) { lambdaCreationExpr(_, _, c) } or TImplicitBlockParameterNode(MethodBase m) { not m.getAParameter() instanceof BlockParameter } or - TImplicitBlockArgumentNode(CfgNodes::ExprNodes::CallCfgNode yield) { + TImplicitYieldBlockArgumentNode(CfgNodes::ExprNodes::CallCfgNode yield) { yield = any(BlockParameterNode b).getAYieldCall() } or + TImplicitSuperBlockArgumentNode(CfgNodes::ExprNodes::CallCfgNode sup) { + sup = any(BlockParameterNode b).getASuperCall() + } or TSynthHashSplatParameterNode(DataFlowCallable c) { isParameterNode(_, c, any(ParameterPosition p | p.isKeyword(_))) } or @@ -1032,6 +1036,11 @@ private module ParameterNodes { CfgNodes::ExprNodes::CallCfgNode getAYieldCall() { this.getMethod() = result.getExpr().(YieldCall).getEnclosingMethod() } + + CfgNodes::ExprNodes::CallCfgNode getASuperCall() { + this.getMethod() = result.getExpr().getEnclosingMethod() and + result.getExpr() instanceof TokenSuperCall + } } private class ExplicitBlockParameterNode extends BlockParameterNode, NormalParameterNode { @@ -1298,15 +1307,23 @@ module ArgumentNodes { } } - class ImplicitBlockArgumentNode extends NodeImpl, ArgumentNode, TImplicitBlockArgumentNode { + abstract class ImplicitBlockArgumentNode extends NodeImpl, ArgumentNode { + pragma[nomagic] + abstract BlockParameterNode getParameterNode(boolean inSameScope); + + override string toStringImpl() { result = "yield block argument" } + } + + class ImplicitYieldBlockArgumentNode extends ImplicitBlockArgumentNode, + TImplicitYieldBlockArgumentNode + { CfgNodes::ExprNodes::CallCfgNode yield; - ImplicitBlockArgumentNode() { this = TImplicitBlockArgumentNode(yield) } + ImplicitYieldBlockArgumentNode() { this = TImplicitYieldBlockArgumentNode(yield) } CfgNodes::ExprNodes::CallCfgNode getYieldCall() { result = yield } - pragma[nomagic] - BlockParameterNode getParameterNode(boolean inSameScope) { + override BlockParameterNode getParameterNode(boolean inSameScope) { result.getAYieldCall() = yield and if nodeGetEnclosingCallable(this) = nodeGetEnclosingCallable(result) then inSameScope = true @@ -1326,8 +1343,36 @@ module ArgumentNodes { override CfgScope getCfgScope() { result = yield.getScope() } override Location getLocationImpl() { result = yield.getLocation() } + } - override string toStringImpl() { result = "yield block argument" } + class ImplicitSuperBlockArgumentNode extends ImplicitBlockArgumentNode, + TImplicitSuperBlockArgumentNode + { + CfgNodes::ExprNodes::CallCfgNode sup; + + ImplicitSuperBlockArgumentNode() { this = TImplicitSuperBlockArgumentNode(sup) } + + CfgNodes::ExprNodes::CallCfgNode getSuperCall() { result = sup } + + override BlockParameterNode getParameterNode(boolean inSameScope) { + result.getASuperCall() = sup and + if nodeGetEnclosingCallable(this) = nodeGetEnclosingCallable(result) + then inSameScope = true + else inSameScope = false + } + + override predicate sourceArgumentOf(CfgNodes::ExprNodes::CallCfgNode call, ArgumentPosition pos) { + call = sup and + pos.isBlock() + } + + override predicate argumentOf(DataFlowCall call, ArgumentPosition pos) { + this.sourceArgumentOf(call.asCall(), pos) + } + + override CfgScope getCfgScope() { result = sup.getScope() } + + override Location getLocationImpl() { result = sup.getLocation() } } private class SummaryArgumentNode extends FlowSummaryNode, ArgumentNode { @@ -2152,7 +2197,7 @@ private predicate lambdaCallExpr( */ predicate lambdaSourceCall(CfgNodes::ExprNodes::CallCfgNode call, LambdaCallKind kind, Node receiver) { kind = TYieldCallKind() and - call = receiver.(ImplicitBlockArgumentNode).getYieldCall() + call = receiver.(ImplicitYieldBlockArgumentNode).getYieldCall() or kind = TLambdaCallKind() and lambdaCallExpr(call, receiver.asExpr()) diff --git a/ruby/ql/test/library-tests/ast/Ast.expected b/ruby/ql/test/library-tests/ast/Ast.expected index 5c29d3f536d..294edfdab1e 100644 --- a/ruby/ql/test/library-tests/ast/Ast.expected +++ b/ruby/ql/test/library-tests/ast/Ast.expected @@ -3185,6 +3185,14 @@ params/params.rb: # 106| getParameter: [HashSplatParameter] **kwargs # 106| getDefiningAccess: [LocalVariableAccess] kwargs # 107| getStmt: [SuperCall] super call to m +# 107| getArgument: [HashSplatExpr] ** ... +# 107| getAnOperand/getOperand/getReceiver: [LocalVariableAccess] kwargs +# 107| getArgument: [Pair] Pair +# 107| getKey: [SymbolLiteral] k +# 107| getValue: [LocalVariableAccess] k +# 107| getArgument: [SplatExpr] * ... +# 107| getAnOperand/getOperand/getReceiver: [LocalVariableAccess] rest +# 107| getArgument: [LocalVariableAccess] y # 111| getStmt: [MethodCall] call to m # 111| getReceiver: [MethodCall] call to new # 111| getReceiver: [ConstantReadAccess] Sub diff --git a/ruby/ql/test/library-tests/ast/ValueText.expected b/ruby/ql/test/library-tests/ast/ValueText.expected index 195beb5f2e3..283eef73d25 100644 --- a/ruby/ql/test/library-tests/ast/ValueText.expected +++ b/ruby/ql/test/library-tests/ast/ValueText.expected @@ -943,6 +943,7 @@ exprValue | params/params.rb:70:52:70:53 | 20 | 20 | int | | params/params.rb:100:15:100:15 | 1 | 1 | int | | params/params.rb:101:15:101:15 | 1 | 1 | int | +| params/params.rb:107:5:107:9 | k | :k | symbol | | params/params.rb:111:11:111:12 | 42 | 42 | int | | params/params.rb:111:15:111:15 | :k | :k | symbol | | params/params.rb:111:18:111:19 | 22 | 22 | int | @@ -1862,6 +1863,7 @@ exprCfgNodeValue | params/params.rb:70:52:70:53 | 20 | 20 | int | | params/params.rb:100:15:100:15 | 1 | 1 | int | | params/params.rb:101:15:101:15 | 1 | 1 | int | +| params/params.rb:107:5:107:9 | k | :k | symbol | | params/params.rb:111:11:111:12 | 42 | 42 | int | | params/params.rb:111:15:111:15 | :k | :k | symbol | | params/params.rb:111:18:111:19 | 22 | 22 | int | diff --git a/ruby/ql/test/library-tests/dataflow/params/TypeTracker.expected b/ruby/ql/test/library-tests/dataflow/params/TypeTracker.expected index 99c21ba6f75..80e9e84a83a 100644 --- a/ruby/ql/test/library-tests/dataflow/params/TypeTracker.expected +++ b/ruby/ql/test/library-tests/dataflow/params/TypeTracker.expected @@ -52,8 +52,14 @@ track | params_flow.rb:1:11:1:11 | x | type tracker with call steps | params_flow.rb:168:26:168:35 | ...[...] | | params_flow.rb:1:11:1:11 | x | type tracker with call steps | params_flow.rb:181:28:181:29 | p2 | | params_flow.rb:1:11:1:11 | x | type tracker with call steps | params_flow.rb:200:9:200:9 | x | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps | params_flow.rb:210:11:210:11 | x | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps | params_flow.rb:210:21:210:22 | k1 | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps | params_flow.rb:212:14:212:20 | ...[...] | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps | params_flow.rb:214:14:214:20 | ...[...] | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps | params_flow.rb:216:14:216:24 | ...[...] | | params_flow.rb:1:11:1:11 | x | type tracker with call steps | params_flow.rb:222:11:222:11 | x | | params_flow.rb:1:11:1:11 | x | type tracker with call steps | params_flow.rb:222:21:222:22 | k1 | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps | params_flow.rb:227:81:227:81 | x | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element | params_flow.rb:9:1:12:3 | synthetic splat parameter | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 | params_flow.rb:6:5:6:10 | synthetic splat argument | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 | params_flow.rb:9:1:12:3 | synthetic splat parameter | @@ -90,8 +96,17 @@ track | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 | params_flow.rb:133:14:133:18 | *args | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 | params_flow.rb:134:5:134:16 | synthetic splat argument | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 | params_flow.rb:200:1:205:3 | synthetic splat parameter | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 | params_flow.rb:210:14:210:18 | *rest | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 | params_flow.rb:211:9:211:15 | synthetic splat argument | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 | params_flow.rb:212:9:212:21 | synthetic splat argument | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 | params_flow.rb:214:9:214:21 | synthetic splat argument | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 | params_flow.rb:215:9:215:16 | synthetic splat argument | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 | params_flow.rb:216:9:216:25 | synthetic splat argument | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 | params_flow.rb:222:5:224:7 | synthetic splat parameter | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 | params_flow.rb:222:14:222:18 | *rest | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 | params_flow.rb:223:9:223:13 | * ... | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 | params_flow.rb:223:9:223:13 | synthetic splat argument | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 | params_flow.rb:228:5:228:11 | synthetic splat argument | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 or unknown | params_flow.rb:64:16:64:17 | *x | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 or unknown | params_flow.rb:140:5:140:15 | [post] ...[...] | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 0 or unknown | params_flow.rb:140:5:140:38 | call to insert | @@ -115,19 +130,30 @@ track | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 1 | params_flow.rb:181:1:183:3 | synthetic splat parameter | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 1 | params_flow.rb:182:5:182:20 | synthetic splat argument | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 1 | params_flow.rb:222:5:224:7 | synthetic splat parameter | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 1 | params_flow.rb:223:9:223:13 | synthetic splat argument | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 2 | params_flow.rb:69:1:76:3 | synthetic splat parameter | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 2 | params_flow.rb:83:1:91:3 | synthetic splat parameter | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 2 | params_flow.rb:98:1:103:3 | synthetic splat parameter | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 2 | params_flow.rb:133:14:133:18 | *args | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 2 | params_flow.rb:210:14:210:18 | *rest | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 2 | params_flow.rb:222:14:222:18 | *rest | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 2 | params_flow.rb:223:9:223:13 | * ... | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 3 | params_flow.rb:69:1:76:3 | synthetic splat parameter | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 3 | params_flow.rb:83:1:91:3 | synthetic splat parameter | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 3 | params_flow.rb:222:5:224:7 | synthetic splat parameter | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 3 | params_flow.rb:223:9:223:13 | synthetic splat argument | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 4 | params_flow.rb:69:1:76:3 | synthetic splat parameter | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 4 | params_flow.rb:83:1:91:3 | synthetic splat parameter | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element 5 | params_flow.rb:83:1:91:3 | synthetic splat parameter | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element :k1 | params_flow.rb:210:5:218:7 | synthetic hash-splat parameter | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element :k1 | params_flow.rb:210:26:210:33 | **kwargs | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element :k1 | params_flow.rb:222:26:222:33 | **kwargs | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element :k1 | params_flow.rb:223:9:223:13 | ** ... | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element :k1 | params_flow.rb:223:9:223:13 | synthetic hash-splat argument | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element :k2 | params_flow.rb:210:5:218:7 | synthetic hash-splat parameter | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element :k2 | params_flow.rb:210:26:210:33 | **kwargs | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element :k2 | params_flow.rb:222:26:222:33 | **kwargs | +| params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element :k2 | params_flow.rb:223:9:223:13 | ** ... | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element :p1 | params_flow.rb:16:1:19:3 | synthetic hash-splat parameter | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element :p1 | params_flow.rb:25:1:31:3 | synthetic hash-splat parameter | | params_flow.rb:1:11:1:11 | x | type tracker with call steps with content element :p1 | params_flow.rb:25:17:25:24 | **kwargs | @@ -497,6 +523,9 @@ track | params_flow.rb:6:5:6:10 | call to puts | type tracker without call steps | params_flow.rb:214:9:214:21 | call to sink | | params_flow.rb:6:5:6:10 | call to puts | type tracker without call steps | params_flow.rb:215:9:215:16 | call to sink | | params_flow.rb:6:5:6:10 | call to puts | type tracker without call steps | params_flow.rb:216:9:216:25 | call to sink | +| params_flow.rb:6:5:6:10 | call to puts | type tracker without call steps | params_flow.rb:217:9:217:23 | yield ... | +| params_flow.rb:6:5:6:10 | call to puts | type tracker without call steps | params_flow.rb:223:9:223:13 | super call to m | +| params_flow.rb:6:5:6:10 | call to puts | type tracker without call steps | params_flow.rb:227:1:229:3 | call to m | | params_flow.rb:6:5:6:10 | call to puts | type tracker without call steps | params_flow.rb:228:5:228:11 | call to sink | | params_flow.rb:6:5:6:10 | synthetic splat argument | type tracker without call steps | params_flow.rb:6:5:6:10 | synthetic splat argument | | params_flow.rb:9:1:12:3 | &block | type tracker without call steps | params_flow.rb:9:1:12:3 | &block | @@ -3184,31 +3213,70 @@ track | params_flow.rb:217:9:217:23 | yield ... | type tracker without call steps | params_flow.rb:223:9:223:13 | super call to m | | params_flow.rb:217:9:217:23 | yield ... | type tracker without call steps | params_flow.rb:227:1:229:3 | call to m | | params_flow.rb:217:9:217:23 | yield block argument | type tracker without call steps | params_flow.rb:217:9:217:23 | yield block argument | +| params_flow.rb:217:15:217:23 | call to taint | type tracker with call steps | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:217:15:217:23 | call to taint | type tracker with call steps | params_flow.rb:227:81:227:81 | x | +| params_flow.rb:217:15:217:23 | call to taint | type tracker with call steps with content element 0 | params_flow.rb:6:5:6:10 | synthetic splat argument | +| params_flow.rb:217:15:217:23 | call to taint | type tracker with call steps with content element 0 | params_flow.rb:228:5:228:11 | synthetic splat argument | | params_flow.rb:217:15:217:23 | call to taint | type tracker without call steps | params_flow.rb:217:15:217:23 | call to taint | | params_flow.rb:217:15:217:23 | call to taint | type tracker without call steps with content element 0 | params_flow.rb:217:9:217:23 | synthetic splat argument | | params_flow.rb:217:15:217:23 | synthetic splat argument | type tracker without call steps | params_flow.rb:217:15:217:23 | synthetic splat argument | | params_flow.rb:217:21:217:22 | 86 | type tracker with call steps | params_flow.rb:1:11:1:11 | x | +| params_flow.rb:217:21:217:22 | 86 | type tracker with call steps | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:217:21:217:22 | 86 | type tracker with call steps | params_flow.rb:227:81:227:81 | x | +| params_flow.rb:217:21:217:22 | 86 | type tracker with call steps with content element 0 | params_flow.rb:6:5:6:10 | synthetic splat argument | +| params_flow.rb:217:21:217:22 | 86 | type tracker with call steps with content element 0 | params_flow.rb:228:5:228:11 | synthetic splat argument | | params_flow.rb:217:21:217:22 | 86 | type tracker without call steps | params_flow.rb:217:15:217:23 | call to taint | | params_flow.rb:217:21:217:22 | 86 | type tracker without call steps | params_flow.rb:217:21:217:22 | 86 | | params_flow.rb:217:21:217:22 | 86 | type tracker without call steps with content element 0 | params_flow.rb:217:9:217:23 | synthetic splat argument | | params_flow.rb:217:21:217:22 | 86 | type tracker without call steps with content element 0 | params_flow.rb:217:15:217:23 | synthetic splat argument | | params_flow.rb:221:1:225:3 | self (Sub) | type tracker without call steps | params_flow.rb:221:1:225:3 | self (Sub) | | params_flow.rb:221:13:221:15 | Sup | type tracker without call steps | params_flow.rb:221:13:221:15 | Sup | +| params_flow.rb:222:5:224:7 | &block | type tracker with call steps | params_flow.rb:210:5:218:7 | &block | | params_flow.rb:222:5:224:7 | &block | type tracker without call steps | params_flow.rb:222:5:224:7 | &block | | params_flow.rb:222:5:224:7 | m | type tracker without call steps | params_flow.rb:222:5:224:7 | m | | params_flow.rb:222:5:224:7 | self in m | type tracker without call steps | params_flow.rb:222:5:224:7 | self in m | | params_flow.rb:222:5:224:7 | synthetic hash-splat parameter | type tracker without call steps | params_flow.rb:222:5:224:7 | synthetic hash-splat parameter | | params_flow.rb:222:5:224:7 | synthetic splat parameter | type tracker without call steps | params_flow.rb:222:5:224:7 | synthetic splat parameter | +| params_flow.rb:222:11:222:11 | x | type tracker with call steps | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:222:11:222:11 | x | type tracker with call steps | params_flow.rb:210:11:210:11 | x | +| params_flow.rb:222:11:222:11 | x | type tracker with call steps with content element 0 | params_flow.rb:6:5:6:10 | synthetic splat argument | +| params_flow.rb:222:11:222:11 | x | type tracker with call steps with content element 0 | params_flow.rb:211:9:211:15 | synthetic splat argument | | params_flow.rb:222:11:222:11 | x | type tracker without call steps | params_flow.rb:222:11:222:11 | x | | params_flow.rb:222:11:222:11 | x | type tracker without call steps | params_flow.rb:222:11:222:11 | x | +| params_flow.rb:222:11:222:11 | x | type tracker without call steps with content element 0 | params_flow.rb:223:9:223:13 | synthetic splat argument | +| params_flow.rb:222:14:222:18 | *rest | type tracker with call steps | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:222:14:222:18 | *rest | type tracker with call steps | params_flow.rb:212:14:212:20 | ...[...] | +| params_flow.rb:222:14:222:18 | *rest | type tracker with call steps with content element 0 | params_flow.rb:6:5:6:10 | synthetic splat argument | +| params_flow.rb:222:14:222:18 | *rest | type tracker with call steps with content element 0 | params_flow.rb:212:9:212:21 | synthetic splat argument | +| params_flow.rb:222:14:222:18 | *rest | type tracker with call steps with content element 0 or unknown | params_flow.rb:210:14:210:18 | *rest | | params_flow.rb:222:14:222:18 | *rest | type tracker without call steps | params_flow.rb:222:14:222:18 | *rest | +| params_flow.rb:222:14:222:18 | *rest | type tracker without call steps with content element 0 or unknown | params_flow.rb:223:9:223:13 | * ... | +| params_flow.rb:222:14:222:18 | *rest | type tracker without call steps with content element 1 | params_flow.rb:223:9:223:13 | synthetic splat argument | | params_flow.rb:222:15:222:18 | rest | type tracker without call steps | params_flow.rb:222:15:222:18 | rest | +| params_flow.rb:222:21:222:22 | k1 | type tracker with call steps | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:222:21:222:22 | k1 | type tracker with call steps | params_flow.rb:210:21:210:22 | k1 | +| params_flow.rb:222:21:222:22 | k1 | type tracker with call steps with content element 0 | params_flow.rb:6:5:6:10 | synthetic splat argument | +| params_flow.rb:222:21:222:22 | k1 | type tracker with call steps with content element 0 | params_flow.rb:215:9:215:16 | synthetic splat argument | +| params_flow.rb:222:21:222:22 | k1 | type tracker with call steps with content element :k1 | params_flow.rb:210:26:210:33 | **kwargs | | params_flow.rb:222:21:222:22 | k1 | type tracker without call steps | params_flow.rb:222:21:222:22 | k1 | | params_flow.rb:222:21:222:22 | k1 | type tracker without call steps | params_flow.rb:222:21:222:22 | k1 | +| params_flow.rb:222:21:222:22 | k1 | type tracker without call steps with content element :k1 | params_flow.rb:223:9:223:13 | synthetic hash-splat argument | | params_flow.rb:222:26:222:33 | **kwargs | type tracker without call steps | params_flow.rb:222:26:222:33 | **kwargs | | params_flow.rb:222:28:222:33 | kwargs | type tracker without call steps | params_flow.rb:222:28:222:33 | kwargs | +| params_flow.rb:223:9:223:13 | * ... | type tracker with call steps | params_flow.rb:210:14:210:18 | *rest | +| params_flow.rb:223:9:223:13 | * ... | type tracker without call steps | params_flow.rb:223:9:223:13 | * ... | +| params_flow.rb:223:9:223:13 | ** ... | type tracker with call steps | params_flow.rb:210:5:218:7 | synthetic hash-splat parameter | +| params_flow.rb:223:9:223:13 | ** ... | type tracker with call steps | params_flow.rb:210:26:210:33 | **kwargs | +| params_flow.rb:223:9:223:13 | ** ... | type tracker without call steps | params_flow.rb:223:9:223:13 | ** ... | +| params_flow.rb:223:9:223:13 | Pair | type tracker without call steps | params_flow.rb:223:9:223:13 | Pair | +| params_flow.rb:223:9:223:13 | k1 | type tracker without call steps | params_flow.rb:223:9:223:13 | k1 | | params_flow.rb:223:9:223:13 | super call to m | type tracker without call steps | params_flow.rb:223:9:223:13 | super call to m | | params_flow.rb:223:9:223:13 | super call to m | type tracker without call steps | params_flow.rb:227:1:229:3 | call to m | +| params_flow.rb:223:9:223:13 | synthetic hash-splat argument | type tracker with call steps | params_flow.rb:210:26:210:33 | **kwargs | +| params_flow.rb:223:9:223:13 | synthetic hash-splat argument | type tracker without call steps | params_flow.rb:223:9:223:13 | synthetic hash-splat argument | +| params_flow.rb:223:9:223:13 | synthetic splat argument | type tracker without call steps | params_flow.rb:223:9:223:13 | synthetic splat argument | +| params_flow.rb:223:9:223:13 | yield block argument | type tracker with call steps | params_flow.rb:210:5:218:7 | &block | +| params_flow.rb:223:9:223:13 | yield block argument | type tracker without call steps | params_flow.rb:223:9:223:13 | yield block argument | | params_flow.rb:227:1:227:3 | Sub | type tracker without call steps | params_flow.rb:227:1:227:3 | Sub | | params_flow.rb:227:1:227:7 | call to new | type tracker with call steps | params_flow.rb:222:5:224:7 | self in m | | params_flow.rb:227:1:227:7 | call to new | type tracker without call steps | params_flow.rb:227:1:227:7 | call to new | @@ -3217,74 +3285,150 @@ track | params_flow.rb:227:1:229:3 | synthetic hash-splat argument | type tracker without call steps | params_flow.rb:227:1:229:3 | synthetic hash-splat argument | | params_flow.rb:227:1:229:3 | synthetic splat argument | type tracker with call steps | params_flow.rb:222:5:224:7 | synthetic splat parameter | | params_flow.rb:227:1:229:3 | synthetic splat argument | type tracker without call steps | params_flow.rb:227:1:229:3 | synthetic splat argument | +| params_flow.rb:227:11:227:19 | call to taint | type tracker with call steps | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:11:227:19 | call to taint | type tracker with call steps | params_flow.rb:210:11:210:11 | x | | params_flow.rb:227:11:227:19 | call to taint | type tracker with call steps | params_flow.rb:222:11:222:11 | x | +| params_flow.rb:227:11:227:19 | call to taint | type tracker with call steps with content element 0 | params_flow.rb:6:5:6:10 | synthetic splat argument | +| params_flow.rb:227:11:227:19 | call to taint | type tracker with call steps with content element 0 | params_flow.rb:211:9:211:15 | synthetic splat argument | | params_flow.rb:227:11:227:19 | call to taint | type tracker with call steps with content element 0 | params_flow.rb:222:5:224:7 | synthetic splat parameter | +| params_flow.rb:227:11:227:19 | call to taint | type tracker with call steps with content element 0 | params_flow.rb:223:9:223:13 | synthetic splat argument | | params_flow.rb:227:11:227:19 | call to taint | type tracker without call steps | params_flow.rb:227:11:227:19 | call to taint | | params_flow.rb:227:11:227:19 | call to taint | type tracker without call steps with content element 0 | params_flow.rb:227:1:229:3 | synthetic splat argument | | params_flow.rb:227:11:227:19 | synthetic splat argument | type tracker without call steps | params_flow.rb:227:11:227:19 | synthetic splat argument | | params_flow.rb:227:17:227:18 | 81 | type tracker with call steps | params_flow.rb:1:11:1:11 | x | +| params_flow.rb:227:17:227:18 | 81 | type tracker with call steps | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:17:227:18 | 81 | type tracker with call steps | params_flow.rb:210:11:210:11 | x | | params_flow.rb:227:17:227:18 | 81 | type tracker with call steps | params_flow.rb:222:11:222:11 | x | +| params_flow.rb:227:17:227:18 | 81 | type tracker with call steps with content element 0 | params_flow.rb:6:5:6:10 | synthetic splat argument | +| params_flow.rb:227:17:227:18 | 81 | type tracker with call steps with content element 0 | params_flow.rb:211:9:211:15 | synthetic splat argument | | params_flow.rb:227:17:227:18 | 81 | type tracker with call steps with content element 0 | params_flow.rb:222:5:224:7 | synthetic splat parameter | +| params_flow.rb:227:17:227:18 | 81 | type tracker with call steps with content element 0 | params_flow.rb:223:9:223:13 | synthetic splat argument | | params_flow.rb:227:17:227:18 | 81 | type tracker without call steps | params_flow.rb:227:11:227:19 | call to taint | | params_flow.rb:227:17:227:18 | 81 | type tracker without call steps | params_flow.rb:227:17:227:18 | 81 | | params_flow.rb:227:17:227:18 | 81 | type tracker without call steps with content element 0 | params_flow.rb:227:1:229:3 | synthetic splat argument | | params_flow.rb:227:17:227:18 | 81 | type tracker without call steps with content element 0 | params_flow.rb:227:11:227:19 | synthetic splat argument | +| params_flow.rb:227:22:227:30 | call to taint | type tracker with call steps | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:22:227:30 | call to taint | type tracker with call steps | params_flow.rb:212:14:212:20 | ...[...] | +| params_flow.rb:227:22:227:30 | call to taint | type tracker with call steps with content element 0 | params_flow.rb:6:5:6:10 | synthetic splat argument | +| params_flow.rb:227:22:227:30 | call to taint | type tracker with call steps with content element 0 | params_flow.rb:210:14:210:18 | *rest | +| params_flow.rb:227:22:227:30 | call to taint | type tracker with call steps with content element 0 | params_flow.rb:212:9:212:21 | synthetic splat argument | | params_flow.rb:227:22:227:30 | call to taint | type tracker with call steps with content element 0 | params_flow.rb:222:14:222:18 | *rest | +| params_flow.rb:227:22:227:30 | call to taint | type tracker with call steps with content element 0 | params_flow.rb:223:9:223:13 | * ... | | params_flow.rb:227:22:227:30 | call to taint | type tracker with call steps with content element 1 | params_flow.rb:222:5:224:7 | synthetic splat parameter | +| params_flow.rb:227:22:227:30 | call to taint | type tracker with call steps with content element 1 | params_flow.rb:223:9:223:13 | synthetic splat argument | | params_flow.rb:227:22:227:30 | call to taint | type tracker without call steps | params_flow.rb:227:22:227:30 | call to taint | | params_flow.rb:227:22:227:30 | call to taint | type tracker without call steps with content element 1 | params_flow.rb:227:1:229:3 | synthetic splat argument | | params_flow.rb:227:22:227:30 | synthetic splat argument | type tracker without call steps | params_flow.rb:227:22:227:30 | synthetic splat argument | | params_flow.rb:227:28:227:29 | 82 | type tracker with call steps | params_flow.rb:1:11:1:11 | x | +| params_flow.rb:227:28:227:29 | 82 | type tracker with call steps | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:28:227:29 | 82 | type tracker with call steps | params_flow.rb:212:14:212:20 | ...[...] | +| params_flow.rb:227:28:227:29 | 82 | type tracker with call steps with content element 0 | params_flow.rb:6:5:6:10 | synthetic splat argument | +| params_flow.rb:227:28:227:29 | 82 | type tracker with call steps with content element 0 | params_flow.rb:210:14:210:18 | *rest | +| params_flow.rb:227:28:227:29 | 82 | type tracker with call steps with content element 0 | params_flow.rb:212:9:212:21 | synthetic splat argument | | params_flow.rb:227:28:227:29 | 82 | type tracker with call steps with content element 0 | params_flow.rb:222:14:222:18 | *rest | +| params_flow.rb:227:28:227:29 | 82 | type tracker with call steps with content element 0 | params_flow.rb:223:9:223:13 | * ... | | params_flow.rb:227:28:227:29 | 82 | type tracker with call steps with content element 1 | params_flow.rb:222:5:224:7 | synthetic splat parameter | +| params_flow.rb:227:28:227:29 | 82 | type tracker with call steps with content element 1 | params_flow.rb:223:9:223:13 | synthetic splat argument | | params_flow.rb:227:28:227:29 | 82 | type tracker without call steps | params_flow.rb:227:22:227:30 | call to taint | | params_flow.rb:227:28:227:29 | 82 | type tracker without call steps | params_flow.rb:227:28:227:29 | 82 | | params_flow.rb:227:28:227:29 | 82 | type tracker without call steps with content element 0 | params_flow.rb:227:22:227:30 | synthetic splat argument | | params_flow.rb:227:28:227:29 | 82 | type tracker without call steps with content element 1 | params_flow.rb:227:1:229:3 | synthetic splat argument | +| params_flow.rb:227:33:227:33 | 0 | type tracker with call steps | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:33:227:33 | 0 | type tracker with call steps | params_flow.rb:213:14:213:20 | ...[...] | +| params_flow.rb:227:33:227:33 | 0 | type tracker with call steps with content element 0 | params_flow.rb:6:5:6:10 | synthetic splat argument | +| params_flow.rb:227:33:227:33 | 0 | type tracker with call steps with content element 0 | params_flow.rb:213:9:213:21 | synthetic splat argument | +| params_flow.rb:227:33:227:33 | 0 | type tracker with call steps with content element 1 | params_flow.rb:210:14:210:18 | *rest | | params_flow.rb:227:33:227:33 | 0 | type tracker with call steps with content element 1 | params_flow.rb:222:14:222:18 | *rest | +| params_flow.rb:227:33:227:33 | 0 | type tracker with call steps with content element 1 | params_flow.rb:223:9:223:13 | * ... | | params_flow.rb:227:33:227:33 | 0 | type tracker with call steps with content element 2 | params_flow.rb:222:5:224:7 | synthetic splat parameter | +| params_flow.rb:227:33:227:33 | 0 | type tracker with call steps with content element 2 | params_flow.rb:223:9:223:13 | synthetic splat argument | | params_flow.rb:227:33:227:33 | 0 | type tracker without call steps | params_flow.rb:227:33:227:33 | 0 | | params_flow.rb:227:33:227:33 | 0 | type tracker without call steps with content element 2 | params_flow.rb:227:1:229:3 | synthetic splat argument | +| params_flow.rb:227:36:227:44 | call to taint | type tracker with call steps | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:36:227:44 | call to taint | type tracker with call steps | params_flow.rb:214:14:214:20 | ...[...] | +| params_flow.rb:227:36:227:44 | call to taint | type tracker with call steps with content element 0 | params_flow.rb:6:5:6:10 | synthetic splat argument | +| params_flow.rb:227:36:227:44 | call to taint | type tracker with call steps with content element 0 | params_flow.rb:214:9:214:21 | synthetic splat argument | +| params_flow.rb:227:36:227:44 | call to taint | type tracker with call steps with content element 2 | params_flow.rb:210:14:210:18 | *rest | | params_flow.rb:227:36:227:44 | call to taint | type tracker with call steps with content element 2 | params_flow.rb:222:14:222:18 | *rest | +| params_flow.rb:227:36:227:44 | call to taint | type tracker with call steps with content element 2 | params_flow.rb:223:9:223:13 | * ... | | params_flow.rb:227:36:227:44 | call to taint | type tracker with call steps with content element 3 | params_flow.rb:222:5:224:7 | synthetic splat parameter | +| params_flow.rb:227:36:227:44 | call to taint | type tracker with call steps with content element 3 | params_flow.rb:223:9:223:13 | synthetic splat argument | | params_flow.rb:227:36:227:44 | call to taint | type tracker without call steps | params_flow.rb:227:36:227:44 | call to taint | | params_flow.rb:227:36:227:44 | call to taint | type tracker without call steps with content element 3 | params_flow.rb:227:1:229:3 | synthetic splat argument | | params_flow.rb:227:36:227:44 | synthetic splat argument | type tracker without call steps | params_flow.rb:227:36:227:44 | synthetic splat argument | | params_flow.rb:227:42:227:43 | 83 | type tracker with call steps | params_flow.rb:1:11:1:11 | x | +| params_flow.rb:227:42:227:43 | 83 | type tracker with call steps | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:42:227:43 | 83 | type tracker with call steps | params_flow.rb:214:14:214:20 | ...[...] | +| params_flow.rb:227:42:227:43 | 83 | type tracker with call steps with content element 0 | params_flow.rb:6:5:6:10 | synthetic splat argument | +| params_flow.rb:227:42:227:43 | 83 | type tracker with call steps with content element 0 | params_flow.rb:214:9:214:21 | synthetic splat argument | +| params_flow.rb:227:42:227:43 | 83 | type tracker with call steps with content element 2 | params_flow.rb:210:14:210:18 | *rest | | params_flow.rb:227:42:227:43 | 83 | type tracker with call steps with content element 2 | params_flow.rb:222:14:222:18 | *rest | +| params_flow.rb:227:42:227:43 | 83 | type tracker with call steps with content element 2 | params_flow.rb:223:9:223:13 | * ... | | params_flow.rb:227:42:227:43 | 83 | type tracker with call steps with content element 3 | params_flow.rb:222:5:224:7 | synthetic splat parameter | +| params_flow.rb:227:42:227:43 | 83 | type tracker with call steps with content element 3 | params_flow.rb:223:9:223:13 | synthetic splat argument | | params_flow.rb:227:42:227:43 | 83 | type tracker without call steps | params_flow.rb:227:36:227:44 | call to taint | | params_flow.rb:227:42:227:43 | 83 | type tracker without call steps | params_flow.rb:227:42:227:43 | 83 | | params_flow.rb:227:42:227:43 | 83 | type tracker without call steps with content element 0 | params_flow.rb:227:36:227:44 | synthetic splat argument | | params_flow.rb:227:42:227:43 | 83 | type tracker without call steps with content element 3 | params_flow.rb:227:1:229:3 | synthetic splat argument | | params_flow.rb:227:47:227:48 | :k1 | type tracker without call steps | params_flow.rb:227:47:227:48 | :k1 | | params_flow.rb:227:47:227:59 | Pair | type tracker without call steps | params_flow.rb:227:47:227:59 | Pair | +| params_flow.rb:227:51:227:59 | call to taint | type tracker with call steps | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:51:227:59 | call to taint | type tracker with call steps | params_flow.rb:210:21:210:22 | k1 | | params_flow.rb:227:51:227:59 | call to taint | type tracker with call steps | params_flow.rb:222:21:222:22 | k1 | +| params_flow.rb:227:51:227:59 | call to taint | type tracker with call steps with content element 0 | params_flow.rb:6:5:6:10 | synthetic splat argument | +| params_flow.rb:227:51:227:59 | call to taint | type tracker with call steps with content element 0 | params_flow.rb:215:9:215:16 | synthetic splat argument | +| params_flow.rb:227:51:227:59 | call to taint | type tracker with call steps with content element :k1 | params_flow.rb:210:5:218:7 | synthetic hash-splat parameter | +| params_flow.rb:227:51:227:59 | call to taint | type tracker with call steps with content element :k1 | params_flow.rb:210:26:210:33 | **kwargs | | params_flow.rb:227:51:227:59 | call to taint | type tracker with call steps with content element :k1 | params_flow.rb:222:26:222:33 | **kwargs | +| params_flow.rb:227:51:227:59 | call to taint | type tracker with call steps with content element :k1 | params_flow.rb:223:9:223:13 | ** ... | +| params_flow.rb:227:51:227:59 | call to taint | type tracker with call steps with content element :k1 | params_flow.rb:223:9:223:13 | synthetic hash-splat argument | | params_flow.rb:227:51:227:59 | call to taint | type tracker without call steps | params_flow.rb:227:51:227:59 | call to taint | | params_flow.rb:227:51:227:59 | call to taint | type tracker without call steps with content element :k1 | params_flow.rb:227:1:229:3 | synthetic hash-splat argument | | params_flow.rb:227:51:227:59 | synthetic splat argument | type tracker without call steps | params_flow.rb:227:51:227:59 | synthetic splat argument | | params_flow.rb:227:57:227:58 | 84 | type tracker with call steps | params_flow.rb:1:11:1:11 | x | +| params_flow.rb:227:57:227:58 | 84 | type tracker with call steps | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:57:227:58 | 84 | type tracker with call steps | params_flow.rb:210:21:210:22 | k1 | | params_flow.rb:227:57:227:58 | 84 | type tracker with call steps | params_flow.rb:222:21:222:22 | k1 | +| params_flow.rb:227:57:227:58 | 84 | type tracker with call steps with content element 0 | params_flow.rb:6:5:6:10 | synthetic splat argument | +| params_flow.rb:227:57:227:58 | 84 | type tracker with call steps with content element 0 | params_flow.rb:215:9:215:16 | synthetic splat argument | +| params_flow.rb:227:57:227:58 | 84 | type tracker with call steps with content element :k1 | params_flow.rb:210:5:218:7 | synthetic hash-splat parameter | +| params_flow.rb:227:57:227:58 | 84 | type tracker with call steps with content element :k1 | params_flow.rb:210:26:210:33 | **kwargs | | params_flow.rb:227:57:227:58 | 84 | type tracker with call steps with content element :k1 | params_flow.rb:222:26:222:33 | **kwargs | +| params_flow.rb:227:57:227:58 | 84 | type tracker with call steps with content element :k1 | params_flow.rb:223:9:223:13 | ** ... | +| params_flow.rb:227:57:227:58 | 84 | type tracker with call steps with content element :k1 | params_flow.rb:223:9:223:13 | synthetic hash-splat argument | | params_flow.rb:227:57:227:58 | 84 | type tracker without call steps | params_flow.rb:227:51:227:59 | call to taint | | params_flow.rb:227:57:227:58 | 84 | type tracker without call steps | params_flow.rb:227:57:227:58 | 84 | | params_flow.rb:227:57:227:58 | 84 | type tracker without call steps with content element 0 | params_flow.rb:227:51:227:59 | synthetic splat argument | | params_flow.rb:227:57:227:58 | 84 | type tracker without call steps with content element :k1 | params_flow.rb:227:1:229:3 | synthetic hash-splat argument | | params_flow.rb:227:62:227:63 | :k2 | type tracker without call steps | params_flow.rb:227:62:227:63 | :k2 | | params_flow.rb:227:62:227:74 | Pair | type tracker without call steps | params_flow.rb:227:62:227:74 | Pair | +| params_flow.rb:227:66:227:74 | call to taint | type tracker with call steps | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:66:227:74 | call to taint | type tracker with call steps | params_flow.rb:216:14:216:24 | ...[...] | +| params_flow.rb:227:66:227:74 | call to taint | type tracker with call steps with content element 0 | params_flow.rb:6:5:6:10 | synthetic splat argument | +| params_flow.rb:227:66:227:74 | call to taint | type tracker with call steps with content element 0 | params_flow.rb:216:9:216:25 | synthetic splat argument | +| params_flow.rb:227:66:227:74 | call to taint | type tracker with call steps with content element :k2 | params_flow.rb:210:5:218:7 | synthetic hash-splat parameter | +| params_flow.rb:227:66:227:74 | call to taint | type tracker with call steps with content element :k2 | params_flow.rb:210:26:210:33 | **kwargs | | params_flow.rb:227:66:227:74 | call to taint | type tracker with call steps with content element :k2 | params_flow.rb:222:26:222:33 | **kwargs | +| params_flow.rb:227:66:227:74 | call to taint | type tracker with call steps with content element :k2 | params_flow.rb:223:9:223:13 | ** ... | | params_flow.rb:227:66:227:74 | call to taint | type tracker without call steps | params_flow.rb:227:66:227:74 | call to taint | | params_flow.rb:227:66:227:74 | call to taint | type tracker without call steps with content element :k2 | params_flow.rb:227:1:229:3 | synthetic hash-splat argument | | params_flow.rb:227:66:227:74 | synthetic splat argument | type tracker without call steps | params_flow.rb:227:66:227:74 | synthetic splat argument | | params_flow.rb:227:72:227:73 | 85 | type tracker with call steps | params_flow.rb:1:11:1:11 | x | +| params_flow.rb:227:72:227:73 | 85 | type tracker with call steps | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:72:227:73 | 85 | type tracker with call steps | params_flow.rb:216:14:216:24 | ...[...] | +| params_flow.rb:227:72:227:73 | 85 | type tracker with call steps with content element 0 | params_flow.rb:6:5:6:10 | synthetic splat argument | +| params_flow.rb:227:72:227:73 | 85 | type tracker with call steps with content element 0 | params_flow.rb:216:9:216:25 | synthetic splat argument | +| params_flow.rb:227:72:227:73 | 85 | type tracker with call steps with content element :k2 | params_flow.rb:210:5:218:7 | synthetic hash-splat parameter | +| params_flow.rb:227:72:227:73 | 85 | type tracker with call steps with content element :k2 | params_flow.rb:210:26:210:33 | **kwargs | | params_flow.rb:227:72:227:73 | 85 | type tracker with call steps with content element :k2 | params_flow.rb:222:26:222:33 | **kwargs | +| params_flow.rb:227:72:227:73 | 85 | type tracker with call steps with content element :k2 | params_flow.rb:223:9:223:13 | ** ... | | params_flow.rb:227:72:227:73 | 85 | type tracker without call steps | params_flow.rb:227:66:227:74 | call to taint | | params_flow.rb:227:72:227:73 | 85 | type tracker without call steps | params_flow.rb:227:72:227:73 | 85 | | params_flow.rb:227:72:227:73 | 85 | type tracker without call steps with content element 0 | params_flow.rb:227:66:227:74 | synthetic splat argument | | params_flow.rb:227:72:227:73 | 85 | type tracker without call steps with content element :k2 | params_flow.rb:227:1:229:3 | synthetic hash-splat argument | | params_flow.rb:227:77:229:3 | self | type tracker with call steps | params_flow.rb:5:1:7:3 | self in sink | | params_flow.rb:227:77:229:3 | self | type tracker without call steps | params_flow.rb:227:77:229:3 | self | +| params_flow.rb:227:77:229:3 | do ... end | type tracker with call steps | params_flow.rb:210:5:218:7 | &block | | params_flow.rb:227:77:229:3 | do ... end | type tracker with call steps | params_flow.rb:222:5:224:7 | &block | | params_flow.rb:227:77:229:3 | do ... end | type tracker without call steps | params_flow.rb:227:77:229:3 | do ... end | | params_flow.rb:227:77:229:3 | synthetic splat parameter | type tracker without call steps | params_flow.rb:227:77:229:3 | synthetic splat parameter | @@ -3293,6 +3437,9 @@ track | params_flow.rb:227:81:227:81 | x | type tracker without call steps | params_flow.rb:227:81:227:81 | x | | params_flow.rb:227:81:227:81 | x | type tracker without call steps | params_flow.rb:227:81:227:81 | x | | params_flow.rb:227:81:227:81 | x | type tracker without call steps with content element 0 | params_flow.rb:228:5:228:11 | synthetic splat argument | +| params_flow.rb:228:5:228:11 | call to sink | type tracker without call steps | params_flow.rb:217:9:217:23 | yield ... | +| params_flow.rb:228:5:228:11 | call to sink | type tracker without call steps | params_flow.rb:223:9:223:13 | super call to m | +| params_flow.rb:228:5:228:11 | call to sink | type tracker without call steps | params_flow.rb:227:1:229:3 | call to m | | params_flow.rb:228:5:228:11 | call to sink | type tracker without call steps | params_flow.rb:228:5:228:11 | call to sink | | params_flow.rb:228:5:228:11 | synthetic splat argument | type tracker without call steps | params_flow.rb:228:5:228:11 | synthetic splat argument | trackEnd @@ -3688,14 +3835,30 @@ trackEnd | params_flow.rb:1:11:1:11 | x | params_flow.rb:200:9:200:9 | x | | params_flow.rb:1:11:1:11 | x | params_flow.rb:201:11:201:11 | x | | params_flow.rb:1:11:1:11 | x | params_flow.rb:202:11:202:11 | x | +| params_flow.rb:1:11:1:11 | x | params_flow.rb:210:11:210:11 | x | +| params_flow.rb:1:11:1:11 | x | params_flow.rb:210:11:210:11 | x | +| params_flow.rb:1:11:1:11 | x | params_flow.rb:210:21:210:22 | k1 | +| params_flow.rb:1:11:1:11 | x | params_flow.rb:210:21:210:22 | k1 | +| params_flow.rb:1:11:1:11 | x | params_flow.rb:211:14:211:14 | x | +| params_flow.rb:1:11:1:11 | x | params_flow.rb:212:14:212:20 | ...[...] | +| params_flow.rb:1:11:1:11 | x | params_flow.rb:214:14:214:20 | ...[...] | +| params_flow.rb:1:11:1:11 | x | params_flow.rb:215:14:215:15 | k1 | +| params_flow.rb:1:11:1:11 | x | params_flow.rb:216:14:216:24 | ...[...] | | params_flow.rb:1:11:1:11 | x | params_flow.rb:217:15:217:23 | call to taint | | params_flow.rb:1:11:1:11 | x | params_flow.rb:222:11:222:11 | x | +| params_flow.rb:1:11:1:11 | x | params_flow.rb:222:11:222:11 | x | | params_flow.rb:1:11:1:11 | x | params_flow.rb:222:21:222:22 | k1 | +| params_flow.rb:1:11:1:11 | x | params_flow.rb:222:21:222:22 | k1 | +| params_flow.rb:1:11:1:11 | x | params_flow.rb:223:9:223:13 | k1 | +| params_flow.rb:1:11:1:11 | x | params_flow.rb:223:9:223:13 | x | | params_flow.rb:1:11:1:11 | x | params_flow.rb:227:11:227:19 | call to taint | | params_flow.rb:1:11:1:11 | x | params_flow.rb:227:22:227:30 | call to taint | | params_flow.rb:1:11:1:11 | x | params_flow.rb:227:36:227:44 | call to taint | | params_flow.rb:1:11:1:11 | x | params_flow.rb:227:51:227:59 | call to taint | | params_flow.rb:1:11:1:11 | x | params_flow.rb:227:66:227:74 | call to taint | +| params_flow.rb:1:11:1:11 | x | params_flow.rb:227:81:227:81 | x | +| params_flow.rb:1:11:1:11 | x | params_flow.rb:227:81:227:81 | x | +| params_flow.rb:1:11:1:11 | x | params_flow.rb:228:10:228:10 | x | | params_flow.rb:5:1:7:3 | &block | params_flow.rb:5:1:7:3 | &block | | params_flow.rb:5:1:7:3 | self in sink | params_flow.rb:5:1:7:3 | self (sink) | | params_flow.rb:5:1:7:3 | self in sink | params_flow.rb:5:1:7:3 | self in sink | @@ -3798,6 +3961,9 @@ trackEnd | params_flow.rb:6:5:6:10 | call to puts | params_flow.rb:214:9:214:21 | call to sink | | params_flow.rb:6:5:6:10 | call to puts | params_flow.rb:215:9:215:16 | call to sink | | params_flow.rb:6:5:6:10 | call to puts | params_flow.rb:216:9:216:25 | call to sink | +| params_flow.rb:6:5:6:10 | call to puts | params_flow.rb:217:9:217:23 | yield ... | +| params_flow.rb:6:5:6:10 | call to puts | params_flow.rb:223:9:223:13 | super call to m | +| params_flow.rb:6:5:6:10 | call to puts | params_flow.rb:227:1:229:3 | call to m | | params_flow.rb:6:5:6:10 | call to puts | params_flow.rb:228:5:228:11 | call to sink | | params_flow.rb:6:5:6:10 | synthetic splat argument | params_flow.rb:6:5:6:10 | synthetic splat argument | | params_flow.rb:9:1:12:3 | &block | params_flow.rb:9:1:12:3 | &block | @@ -6519,81 +6685,203 @@ trackEnd | params_flow.rb:217:9:217:23 | yield ... | params_flow.rb:223:9:223:13 | super call to m | | params_flow.rb:217:9:217:23 | yield ... | params_flow.rb:227:1:229:3 | call to m | | params_flow.rb:217:9:217:23 | yield block argument | params_flow.rb:217:9:217:23 | yield block argument | +| params_flow.rb:217:15:217:23 | call to taint | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:217:15:217:23 | call to taint | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:217:15:217:23 | call to taint | params_flow.rb:6:10:6:10 | x | | params_flow.rb:217:15:217:23 | call to taint | params_flow.rb:217:15:217:23 | call to taint | +| params_flow.rb:217:15:217:23 | call to taint | params_flow.rb:227:81:227:81 | x | +| params_flow.rb:217:15:217:23 | call to taint | params_flow.rb:227:81:227:81 | x | +| params_flow.rb:217:15:217:23 | call to taint | params_flow.rb:228:10:228:10 | x | | params_flow.rb:217:15:217:23 | synthetic splat argument | params_flow.rb:217:15:217:23 | synthetic splat argument | | params_flow.rb:217:21:217:22 | 86 | params_flow.rb:1:11:1:11 | x | | params_flow.rb:217:21:217:22 | 86 | params_flow.rb:1:11:1:11 | x | | params_flow.rb:217:21:217:22 | 86 | params_flow.rb:2:5:2:5 | x | +| params_flow.rb:217:21:217:22 | 86 | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:217:21:217:22 | 86 | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:217:21:217:22 | 86 | params_flow.rb:6:10:6:10 | x | | params_flow.rb:217:21:217:22 | 86 | params_flow.rb:217:15:217:23 | call to taint | | params_flow.rb:217:21:217:22 | 86 | params_flow.rb:217:21:217:22 | 86 | +| params_flow.rb:217:21:217:22 | 86 | params_flow.rb:227:81:227:81 | x | +| params_flow.rb:217:21:217:22 | 86 | params_flow.rb:227:81:227:81 | x | +| params_flow.rb:217:21:217:22 | 86 | params_flow.rb:228:10:228:10 | x | | params_flow.rb:221:1:225:3 | self (Sub) | params_flow.rb:221:1:225:3 | self (Sub) | | params_flow.rb:221:13:221:15 | Sup | params_flow.rb:221:13:221:15 | Sup | +| params_flow.rb:222:5:224:7 | &block | params_flow.rb:210:5:218:7 | &block | +| params_flow.rb:222:5:224:7 | &block | params_flow.rb:217:9:217:23 | yield block argument | | params_flow.rb:222:5:224:7 | &block | params_flow.rb:222:5:224:7 | &block | +| params_flow.rb:222:5:224:7 | &block | params_flow.rb:223:9:223:13 | yield block argument | | params_flow.rb:222:5:224:7 | m | params_flow.rb:221:1:225:3 | Sub | | params_flow.rb:222:5:224:7 | m | params_flow.rb:222:5:224:7 | m | | params_flow.rb:222:5:224:7 | self in m | params_flow.rb:222:5:224:7 | self in m | | params_flow.rb:222:5:224:7 | synthetic hash-splat parameter | params_flow.rb:222:5:224:7 | synthetic hash-splat parameter | | params_flow.rb:222:5:224:7 | synthetic splat parameter | params_flow.rb:222:5:224:7 | synthetic splat parameter | +| params_flow.rb:222:11:222:11 | x | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:222:11:222:11 | x | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:222:11:222:11 | x | params_flow.rb:6:10:6:10 | x | +| params_flow.rb:222:11:222:11 | x | params_flow.rb:210:11:210:11 | x | +| params_flow.rb:222:11:222:11 | x | params_flow.rb:210:11:210:11 | x | +| params_flow.rb:222:11:222:11 | x | params_flow.rb:211:14:211:14 | x | | params_flow.rb:222:11:222:11 | x | params_flow.rb:222:11:222:11 | x | | params_flow.rb:222:11:222:11 | x | params_flow.rb:222:11:222:11 | x | +| params_flow.rb:222:11:222:11 | x | params_flow.rb:222:11:222:11 | x | +| params_flow.rb:222:11:222:11 | x | params_flow.rb:223:9:223:13 | x | +| params_flow.rb:222:14:222:18 | *rest | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:222:14:222:18 | *rest | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:222:14:222:18 | *rest | params_flow.rb:6:10:6:10 | x | +| params_flow.rb:222:14:222:18 | *rest | params_flow.rb:212:14:212:20 | ...[...] | | params_flow.rb:222:14:222:18 | *rest | params_flow.rb:222:14:222:18 | *rest | +| params_flow.rb:222:14:222:18 | *rest | params_flow.rb:222:15:222:18 | rest | +| params_flow.rb:222:14:222:18 | *rest | params_flow.rb:223:9:223:13 | rest | | params_flow.rb:222:15:222:18 | rest | params_flow.rb:222:15:222:18 | rest | +| params_flow.rb:222:21:222:22 | k1 | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:222:21:222:22 | k1 | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:222:21:222:22 | k1 | params_flow.rb:6:10:6:10 | x | +| params_flow.rb:222:21:222:22 | k1 | params_flow.rb:210:21:210:22 | k1 | +| params_flow.rb:222:21:222:22 | k1 | params_flow.rb:210:21:210:22 | k1 | +| params_flow.rb:222:21:222:22 | k1 | params_flow.rb:215:14:215:15 | k1 | | params_flow.rb:222:21:222:22 | k1 | params_flow.rb:222:21:222:22 | k1 | | params_flow.rb:222:21:222:22 | k1 | params_flow.rb:222:21:222:22 | k1 | +| params_flow.rb:222:21:222:22 | k1 | params_flow.rb:222:21:222:22 | k1 | +| params_flow.rb:222:21:222:22 | k1 | params_flow.rb:223:9:223:13 | k1 | | params_flow.rb:222:26:222:33 | **kwargs | params_flow.rb:222:26:222:33 | **kwargs | +| params_flow.rb:222:26:222:33 | **kwargs | params_flow.rb:222:28:222:33 | kwargs | +| params_flow.rb:222:26:222:33 | **kwargs | params_flow.rb:223:9:223:13 | kwargs | | params_flow.rb:222:28:222:33 | kwargs | params_flow.rb:222:28:222:33 | kwargs | +| params_flow.rb:223:9:223:13 | * ... | params_flow.rb:210:14:210:18 | *rest | +| params_flow.rb:223:9:223:13 | * ... | params_flow.rb:210:15:210:18 | rest | +| params_flow.rb:223:9:223:13 | * ... | params_flow.rb:212:14:212:17 | rest | +| params_flow.rb:223:9:223:13 | * ... | params_flow.rb:213:14:213:17 | rest | +| params_flow.rb:223:9:223:13 | * ... | params_flow.rb:214:14:214:17 | rest | +| params_flow.rb:223:9:223:13 | * ... | params_flow.rb:223:9:223:13 | * ... | +| params_flow.rb:223:9:223:13 | ** ... | params_flow.rb:210:5:218:7 | synthetic hash-splat parameter | +| params_flow.rb:223:9:223:13 | ** ... | params_flow.rb:210:26:210:33 | **kwargs | +| params_flow.rb:223:9:223:13 | ** ... | params_flow.rb:210:28:210:33 | kwargs | +| params_flow.rb:223:9:223:13 | ** ... | params_flow.rb:216:14:216:19 | kwargs | +| params_flow.rb:223:9:223:13 | ** ... | params_flow.rb:223:9:223:13 | ** ... | +| params_flow.rb:223:9:223:13 | Pair | params_flow.rb:223:9:223:13 | Pair | +| params_flow.rb:223:9:223:13 | k1 | params_flow.rb:223:9:223:13 | k1 | | params_flow.rb:223:9:223:13 | super call to m | params_flow.rb:223:9:223:13 | super call to m | | params_flow.rb:223:9:223:13 | super call to m | params_flow.rb:227:1:229:3 | call to m | +| params_flow.rb:223:9:223:13 | synthetic hash-splat argument | params_flow.rb:210:26:210:33 | **kwargs | +| params_flow.rb:223:9:223:13 | synthetic hash-splat argument | params_flow.rb:210:28:210:33 | kwargs | +| params_flow.rb:223:9:223:13 | synthetic hash-splat argument | params_flow.rb:216:14:216:19 | kwargs | +| params_flow.rb:223:9:223:13 | synthetic hash-splat argument | params_flow.rb:223:9:223:13 | synthetic hash-splat argument | +| params_flow.rb:223:9:223:13 | synthetic splat argument | params_flow.rb:223:9:223:13 | synthetic splat argument | +| params_flow.rb:223:9:223:13 | yield block argument | params_flow.rb:210:5:218:7 | &block | +| params_flow.rb:223:9:223:13 | yield block argument | params_flow.rb:217:9:217:23 | yield block argument | +| params_flow.rb:223:9:223:13 | yield block argument | params_flow.rb:223:9:223:13 | yield block argument | | params_flow.rb:227:1:227:3 | Sub | params_flow.rb:227:1:227:3 | Sub | | params_flow.rb:227:1:227:7 | call to new | params_flow.rb:222:5:224:7 | self in m | | params_flow.rb:227:1:227:7 | call to new | params_flow.rb:227:1:227:7 | call to new | | params_flow.rb:227:1:229:3 | call to m | params_flow.rb:227:1:229:3 | call to m | | params_flow.rb:227:1:229:3 | synthetic hash-splat argument | params_flow.rb:222:26:222:33 | **kwargs | +| params_flow.rb:227:1:229:3 | synthetic hash-splat argument | params_flow.rb:222:28:222:33 | kwargs | +| params_flow.rb:227:1:229:3 | synthetic hash-splat argument | params_flow.rb:223:9:223:13 | kwargs | | params_flow.rb:227:1:229:3 | synthetic hash-splat argument | params_flow.rb:227:1:229:3 | synthetic hash-splat argument | | params_flow.rb:227:1:229:3 | synthetic splat argument | params_flow.rb:222:5:224:7 | synthetic splat parameter | | params_flow.rb:227:1:229:3 | synthetic splat argument | params_flow.rb:227:1:229:3 | synthetic splat argument | +| params_flow.rb:227:11:227:19 | call to taint | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:11:227:19 | call to taint | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:11:227:19 | call to taint | params_flow.rb:6:10:6:10 | x | +| params_flow.rb:227:11:227:19 | call to taint | params_flow.rb:210:11:210:11 | x | +| params_flow.rb:227:11:227:19 | call to taint | params_flow.rb:210:11:210:11 | x | +| params_flow.rb:227:11:227:19 | call to taint | params_flow.rb:211:14:211:14 | x | | params_flow.rb:227:11:227:19 | call to taint | params_flow.rb:222:11:222:11 | x | +| params_flow.rb:227:11:227:19 | call to taint | params_flow.rb:222:11:222:11 | x | +| params_flow.rb:227:11:227:19 | call to taint | params_flow.rb:223:9:223:13 | x | | params_flow.rb:227:11:227:19 | call to taint | params_flow.rb:227:11:227:19 | call to taint | | params_flow.rb:227:11:227:19 | synthetic splat argument | params_flow.rb:227:11:227:19 | synthetic splat argument | | params_flow.rb:227:17:227:18 | 81 | params_flow.rb:1:11:1:11 | x | | params_flow.rb:227:17:227:18 | 81 | params_flow.rb:1:11:1:11 | x | | params_flow.rb:227:17:227:18 | 81 | params_flow.rb:2:5:2:5 | x | +| params_flow.rb:227:17:227:18 | 81 | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:17:227:18 | 81 | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:17:227:18 | 81 | params_flow.rb:6:10:6:10 | x | +| params_flow.rb:227:17:227:18 | 81 | params_flow.rb:210:11:210:11 | x | +| params_flow.rb:227:17:227:18 | 81 | params_flow.rb:210:11:210:11 | x | +| params_flow.rb:227:17:227:18 | 81 | params_flow.rb:211:14:211:14 | x | | params_flow.rb:227:17:227:18 | 81 | params_flow.rb:222:11:222:11 | x | +| params_flow.rb:227:17:227:18 | 81 | params_flow.rb:222:11:222:11 | x | +| params_flow.rb:227:17:227:18 | 81 | params_flow.rb:223:9:223:13 | x | | params_flow.rb:227:17:227:18 | 81 | params_flow.rb:227:11:227:19 | call to taint | | params_flow.rb:227:17:227:18 | 81 | params_flow.rb:227:17:227:18 | 81 | +| params_flow.rb:227:22:227:30 | call to taint | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:22:227:30 | call to taint | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:22:227:30 | call to taint | params_flow.rb:6:10:6:10 | x | +| params_flow.rb:227:22:227:30 | call to taint | params_flow.rb:212:14:212:20 | ...[...] | | params_flow.rb:227:22:227:30 | call to taint | params_flow.rb:227:22:227:30 | call to taint | | params_flow.rb:227:22:227:30 | synthetic splat argument | params_flow.rb:227:22:227:30 | synthetic splat argument | | params_flow.rb:227:28:227:29 | 82 | params_flow.rb:1:11:1:11 | x | | params_flow.rb:227:28:227:29 | 82 | params_flow.rb:1:11:1:11 | x | | params_flow.rb:227:28:227:29 | 82 | params_flow.rb:2:5:2:5 | x | +| params_flow.rb:227:28:227:29 | 82 | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:28:227:29 | 82 | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:28:227:29 | 82 | params_flow.rb:6:10:6:10 | x | +| params_flow.rb:227:28:227:29 | 82 | params_flow.rb:212:14:212:20 | ...[...] | | params_flow.rb:227:28:227:29 | 82 | params_flow.rb:227:22:227:30 | call to taint | | params_flow.rb:227:28:227:29 | 82 | params_flow.rb:227:28:227:29 | 82 | +| params_flow.rb:227:33:227:33 | 0 | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:33:227:33 | 0 | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:33:227:33 | 0 | params_flow.rb:6:10:6:10 | x | +| params_flow.rb:227:33:227:33 | 0 | params_flow.rb:213:14:213:20 | ...[...] | | params_flow.rb:227:33:227:33 | 0 | params_flow.rb:227:33:227:33 | 0 | +| params_flow.rb:227:36:227:44 | call to taint | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:36:227:44 | call to taint | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:36:227:44 | call to taint | params_flow.rb:6:10:6:10 | x | +| params_flow.rb:227:36:227:44 | call to taint | params_flow.rb:214:14:214:20 | ...[...] | | params_flow.rb:227:36:227:44 | call to taint | params_flow.rb:227:36:227:44 | call to taint | | params_flow.rb:227:36:227:44 | synthetic splat argument | params_flow.rb:227:36:227:44 | synthetic splat argument | | params_flow.rb:227:42:227:43 | 83 | params_flow.rb:1:11:1:11 | x | | params_flow.rb:227:42:227:43 | 83 | params_flow.rb:1:11:1:11 | x | | params_flow.rb:227:42:227:43 | 83 | params_flow.rb:2:5:2:5 | x | +| params_flow.rb:227:42:227:43 | 83 | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:42:227:43 | 83 | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:42:227:43 | 83 | params_flow.rb:6:10:6:10 | x | +| params_flow.rb:227:42:227:43 | 83 | params_flow.rb:214:14:214:20 | ...[...] | | params_flow.rb:227:42:227:43 | 83 | params_flow.rb:227:36:227:44 | call to taint | | params_flow.rb:227:42:227:43 | 83 | params_flow.rb:227:42:227:43 | 83 | | params_flow.rb:227:47:227:48 | :k1 | params_flow.rb:227:47:227:48 | :k1 | | params_flow.rb:227:47:227:59 | Pair | params_flow.rb:227:47:227:59 | Pair | +| params_flow.rb:227:51:227:59 | call to taint | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:51:227:59 | call to taint | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:51:227:59 | call to taint | params_flow.rb:6:10:6:10 | x | +| params_flow.rb:227:51:227:59 | call to taint | params_flow.rb:210:21:210:22 | k1 | +| params_flow.rb:227:51:227:59 | call to taint | params_flow.rb:210:21:210:22 | k1 | +| params_flow.rb:227:51:227:59 | call to taint | params_flow.rb:215:14:215:15 | k1 | | params_flow.rb:227:51:227:59 | call to taint | params_flow.rb:222:21:222:22 | k1 | +| params_flow.rb:227:51:227:59 | call to taint | params_flow.rb:222:21:222:22 | k1 | +| params_flow.rb:227:51:227:59 | call to taint | params_flow.rb:223:9:223:13 | k1 | | params_flow.rb:227:51:227:59 | call to taint | params_flow.rb:227:51:227:59 | call to taint | | params_flow.rb:227:51:227:59 | synthetic splat argument | params_flow.rb:227:51:227:59 | synthetic splat argument | | params_flow.rb:227:57:227:58 | 84 | params_flow.rb:1:11:1:11 | x | | params_flow.rb:227:57:227:58 | 84 | params_flow.rb:1:11:1:11 | x | | params_flow.rb:227:57:227:58 | 84 | params_flow.rb:2:5:2:5 | x | +| params_flow.rb:227:57:227:58 | 84 | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:57:227:58 | 84 | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:57:227:58 | 84 | params_flow.rb:6:10:6:10 | x | +| params_flow.rb:227:57:227:58 | 84 | params_flow.rb:210:21:210:22 | k1 | +| params_flow.rb:227:57:227:58 | 84 | params_flow.rb:210:21:210:22 | k1 | +| params_flow.rb:227:57:227:58 | 84 | params_flow.rb:215:14:215:15 | k1 | | params_flow.rb:227:57:227:58 | 84 | params_flow.rb:222:21:222:22 | k1 | +| params_flow.rb:227:57:227:58 | 84 | params_flow.rb:222:21:222:22 | k1 | +| params_flow.rb:227:57:227:58 | 84 | params_flow.rb:223:9:223:13 | k1 | | params_flow.rb:227:57:227:58 | 84 | params_flow.rb:227:51:227:59 | call to taint | | params_flow.rb:227:57:227:58 | 84 | params_flow.rb:227:57:227:58 | 84 | | params_flow.rb:227:62:227:63 | :k2 | params_flow.rb:227:62:227:63 | :k2 | | params_flow.rb:227:62:227:74 | Pair | params_flow.rb:227:62:227:74 | Pair | +| params_flow.rb:227:66:227:74 | call to taint | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:66:227:74 | call to taint | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:66:227:74 | call to taint | params_flow.rb:6:10:6:10 | x | +| params_flow.rb:227:66:227:74 | call to taint | params_flow.rb:216:14:216:24 | ...[...] | | params_flow.rb:227:66:227:74 | call to taint | params_flow.rb:227:66:227:74 | call to taint | | params_flow.rb:227:66:227:74 | synthetic splat argument | params_flow.rb:227:66:227:74 | synthetic splat argument | | params_flow.rb:227:72:227:73 | 85 | params_flow.rb:1:11:1:11 | x | | params_flow.rb:227:72:227:73 | 85 | params_flow.rb:1:11:1:11 | x | | params_flow.rb:227:72:227:73 | 85 | params_flow.rb:2:5:2:5 | x | +| params_flow.rb:227:72:227:73 | 85 | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:72:227:73 | 85 | params_flow.rb:5:10:5:10 | x | +| params_flow.rb:227:72:227:73 | 85 | params_flow.rb:6:10:6:10 | x | +| params_flow.rb:227:72:227:73 | 85 | params_flow.rb:216:14:216:24 | ...[...] | | params_flow.rb:227:72:227:73 | 85 | params_flow.rb:227:66:227:74 | call to taint | | params_flow.rb:227:72:227:73 | 85 | params_flow.rb:227:72:227:73 | 85 | | params_flow.rb:227:77:229:3 | self | params_flow.rb:5:1:7:3 | self (sink) | @@ -6601,7 +6889,10 @@ trackEnd | params_flow.rb:227:77:229:3 | self | params_flow.rb:6:5:6:10 | self | | params_flow.rb:227:77:229:3 | self | params_flow.rb:227:77:229:3 | self | | params_flow.rb:227:77:229:3 | self | params_flow.rb:228:5:228:11 | self | +| params_flow.rb:227:77:229:3 | do ... end | params_flow.rb:210:5:218:7 | &block | +| params_flow.rb:227:77:229:3 | do ... end | params_flow.rb:217:9:217:23 | yield block argument | | params_flow.rb:227:77:229:3 | do ... end | params_flow.rb:222:5:224:7 | &block | +| params_flow.rb:227:77:229:3 | do ... end | params_flow.rb:223:9:223:13 | yield block argument | | params_flow.rb:227:77:229:3 | do ... end | params_flow.rb:227:77:229:3 | do ... end | | params_flow.rb:227:77:229:3 | synthetic splat parameter | params_flow.rb:227:77:229:3 | synthetic splat parameter | | params_flow.rb:227:81:227:81 | x | params_flow.rb:5:10:5:10 | x | @@ -6611,6 +6902,9 @@ trackEnd | params_flow.rb:227:81:227:81 | x | params_flow.rb:227:81:227:81 | x | | params_flow.rb:227:81:227:81 | x | params_flow.rb:227:81:227:81 | x | | params_flow.rb:227:81:227:81 | x | params_flow.rb:228:10:228:10 | x | +| params_flow.rb:228:5:228:11 | call to sink | params_flow.rb:217:9:217:23 | yield ... | +| params_flow.rb:228:5:228:11 | call to sink | params_flow.rb:223:9:223:13 | super call to m | +| params_flow.rb:228:5:228:11 | call to sink | params_flow.rb:227:1:229:3 | call to m | | params_flow.rb:228:5:228:11 | call to sink | params_flow.rb:228:5:228:11 | call to sink | | params_flow.rb:228:5:228:11 | synthetic splat argument | params_flow.rb:228:5:228:11 | synthetic splat argument | forwardButNoBackwardFlow diff --git a/ruby/ql/test/library-tests/dataflow/params/params-flow.expected b/ruby/ql/test/library-tests/dataflow/params/params-flow.expected index 93946da9c11..6d00378560b 100644 --- a/ruby/ql/test/library-tests/dataflow/params/params-flow.expected +++ b/ruby/ql/test/library-tests/dataflow/params/params-flow.expected @@ -174,6 +174,34 @@ edges | params_flow.rb:192:24:192:32 | call to taint | params_flow.rb:181:28:181:29 | p2 | provenance | | | params_flow.rb:192:24:192:32 | call to taint | params_flow.rb:192:20:192:21 | [post] p1 : [collection] [element 0] | provenance | | | params_flow.rb:193:6:193:7 | p1 : [collection] [element 0] | params_flow.rb:193:6:193:10 | ...[...] | provenance | | +| params_flow.rb:210:11:210:11 | x | params_flow.rb:211:14:211:14 | x | provenance | | +| params_flow.rb:210:14:210:18 | *rest : [collection] [element 0] | params_flow.rb:212:14:212:17 | rest : [collection] [element 0] | provenance | | +| params_flow.rb:210:14:210:18 | *rest : [collection] [element 2] | params_flow.rb:214:14:214:17 | rest : [collection] [element 2] | provenance | | +| params_flow.rb:210:21:210:22 | k1 | params_flow.rb:215:14:215:15 | k1 | provenance | | +| params_flow.rb:210:26:210:33 | **kwargs : Hash [element :k2] | params_flow.rb:216:14:216:19 | kwargs : Hash [element :k2] | provenance | | +| params_flow.rb:212:14:212:17 | rest : [collection] [element 0] | params_flow.rb:212:14:212:20 | ...[...] | provenance | | +| params_flow.rb:214:14:214:17 | rest : [collection] [element 2] | params_flow.rb:214:14:214:20 | ...[...] | provenance | | +| params_flow.rb:216:14:216:19 | kwargs : Hash [element :k2] | params_flow.rb:216:14:216:24 | ...[...] | provenance | | +| params_flow.rb:217:15:217:23 | call to taint | params_flow.rb:227:81:227:81 | x | provenance | | +| params_flow.rb:222:11:222:11 | x | params_flow.rb:223:9:223:13 | x | provenance | | +| params_flow.rb:222:14:222:18 | *rest : [collection] [element 0] | params_flow.rb:223:9:223:13 | rest : [collection] [element 0] | provenance | | +| params_flow.rb:222:14:222:18 | *rest : [collection] [element 2] | params_flow.rb:223:9:223:13 | rest : [collection] [element 2] | provenance | | +| params_flow.rb:222:21:222:22 | k1 | params_flow.rb:223:9:223:13 | k1 | provenance | | +| params_flow.rb:222:26:222:33 | **kwargs : Hash [element :k2] | params_flow.rb:223:9:223:13 | kwargs : Hash [element :k2] | provenance | | +| params_flow.rb:223:9:223:13 | * ... : [collection] [element 0] | params_flow.rb:210:14:210:18 | *rest : [collection] [element 0] | provenance | | +| params_flow.rb:223:9:223:13 | * ... : [collection] [element 2] | params_flow.rb:210:14:210:18 | *rest : [collection] [element 2] | provenance | | +| params_flow.rb:223:9:223:13 | ** ... : Hash [element :k2] | params_flow.rb:210:26:210:33 | **kwargs : Hash [element :k2] | provenance | | +| params_flow.rb:223:9:223:13 | k1 | params_flow.rb:210:21:210:22 | k1 | provenance | | +| params_flow.rb:223:9:223:13 | kwargs : Hash [element :k2] | params_flow.rb:223:9:223:13 | ** ... : Hash [element :k2] | provenance | | +| params_flow.rb:223:9:223:13 | rest : [collection] [element 0] | params_flow.rb:223:9:223:13 | * ... : [collection] [element 0] | provenance | | +| params_flow.rb:223:9:223:13 | rest : [collection] [element 2] | params_flow.rb:223:9:223:13 | * ... : [collection] [element 2] | provenance | | +| params_flow.rb:223:9:223:13 | x | params_flow.rb:210:11:210:11 | x | provenance | | +| params_flow.rb:227:11:227:19 | call to taint | params_flow.rb:222:11:222:11 | x | provenance | | +| params_flow.rb:227:22:227:30 | call to taint | params_flow.rb:222:14:222:18 | *rest : [collection] [element 0] | provenance | | +| params_flow.rb:227:36:227:44 | call to taint | params_flow.rb:222:14:222:18 | *rest : [collection] [element 2] | provenance | | +| params_flow.rb:227:51:227:59 | call to taint | params_flow.rb:222:21:222:22 | k1 | provenance | | +| params_flow.rb:227:66:227:74 | call to taint | params_flow.rb:222:26:222:33 | **kwargs : Hash [element :k2] | provenance | | +| params_flow.rb:227:81:227:81 | x | params_flow.rb:228:10:228:10 | x | provenance | | nodes | params_flow.rb:9:16:9:17 | p1 | semmle.label | p1 | | params_flow.rb:9:20:9:21 | p2 | semmle.label | p2 | @@ -373,6 +401,40 @@ nodes | params_flow.rb:192:24:192:32 | call to taint | semmle.label | call to taint | | params_flow.rb:193:6:193:7 | p1 : [collection] [element 0] | semmle.label | p1 : [collection] [element 0] | | params_flow.rb:193:6:193:10 | ...[...] | semmle.label | ...[...] | +| params_flow.rb:210:11:210:11 | x | semmle.label | x | +| params_flow.rb:210:14:210:18 | *rest : [collection] [element 0] | semmle.label | *rest : [collection] [element 0] | +| params_flow.rb:210:14:210:18 | *rest : [collection] [element 2] | semmle.label | *rest : [collection] [element 2] | +| params_flow.rb:210:21:210:22 | k1 | semmle.label | k1 | +| params_flow.rb:210:26:210:33 | **kwargs : Hash [element :k2] | semmle.label | **kwargs : Hash [element :k2] | +| params_flow.rb:211:14:211:14 | x | semmle.label | x | +| params_flow.rb:212:14:212:17 | rest : [collection] [element 0] | semmle.label | rest : [collection] [element 0] | +| params_flow.rb:212:14:212:20 | ...[...] | semmle.label | ...[...] | +| params_flow.rb:214:14:214:17 | rest : [collection] [element 2] | semmle.label | rest : [collection] [element 2] | +| params_flow.rb:214:14:214:20 | ...[...] | semmle.label | ...[...] | +| params_flow.rb:215:14:215:15 | k1 | semmle.label | k1 | +| params_flow.rb:216:14:216:19 | kwargs : Hash [element :k2] | semmle.label | kwargs : Hash [element :k2] | +| params_flow.rb:216:14:216:24 | ...[...] | semmle.label | ...[...] | +| params_flow.rb:217:15:217:23 | call to taint | semmle.label | call to taint | +| params_flow.rb:222:11:222:11 | x | semmle.label | x | +| params_flow.rb:222:14:222:18 | *rest : [collection] [element 0] | semmle.label | *rest : [collection] [element 0] | +| params_flow.rb:222:14:222:18 | *rest : [collection] [element 2] | semmle.label | *rest : [collection] [element 2] | +| params_flow.rb:222:21:222:22 | k1 | semmle.label | k1 | +| params_flow.rb:222:26:222:33 | **kwargs : Hash [element :k2] | semmle.label | **kwargs : Hash [element :k2] | +| params_flow.rb:223:9:223:13 | * ... : [collection] [element 0] | semmle.label | * ... : [collection] [element 0] | +| params_flow.rb:223:9:223:13 | * ... : [collection] [element 2] | semmle.label | * ... : [collection] [element 2] | +| params_flow.rb:223:9:223:13 | ** ... : Hash [element :k2] | semmle.label | ** ... : Hash [element :k2] | +| params_flow.rb:223:9:223:13 | k1 | semmle.label | k1 | +| params_flow.rb:223:9:223:13 | kwargs : Hash [element :k2] | semmle.label | kwargs : Hash [element :k2] | +| params_flow.rb:223:9:223:13 | rest : [collection] [element 0] | semmle.label | rest : [collection] [element 0] | +| params_flow.rb:223:9:223:13 | rest : [collection] [element 2] | semmle.label | rest : [collection] [element 2] | +| params_flow.rb:223:9:223:13 | x | semmle.label | x | +| params_flow.rb:227:11:227:19 | call to taint | semmle.label | call to taint | +| params_flow.rb:227:22:227:30 | call to taint | semmle.label | call to taint | +| params_flow.rb:227:36:227:44 | call to taint | semmle.label | call to taint | +| params_flow.rb:227:51:227:59 | call to taint | semmle.label | call to taint | +| params_flow.rb:227:66:227:74 | call to taint | semmle.label | call to taint | +| params_flow.rb:227:81:227:81 | x | semmle.label | x | +| params_flow.rb:228:10:228:10 | x | semmle.label | x | subpaths | params_flow.rb:164:31:164:39 | call to taint | params_flow.rb:153:28:153:29 | p2 | params_flow.rb:153:23:153:24 | p1 [Return] : [collection] [element 0] | params_flow.rb:164:23:164:24 | [post] p1 : [collection] [element 0] | | params_flow.rb:192:24:192:32 | call to taint | params_flow.rb:181:28:181:29 | p2 | params_flow.rb:181:24:181:25 | p1 [Return] : [collection] [element 0] | params_flow.rb:192:20:192:21 | [post] p1 : [collection] [element 0] | @@ -430,3 +492,9 @@ testFailures | params_flow.rb:134:10:134:16 | ...[...] | params_flow.rb:137:23:137:31 | call to taint | params_flow.rb:134:10:134:16 | ...[...] | $@ | params_flow.rb:137:23:137:31 | call to taint | call to taint | | params_flow.rb:165:6:165:10 | ...[...] | params_flow.rb:164:31:164:39 | call to taint | params_flow.rb:165:6:165:10 | ...[...] | $@ | params_flow.rb:164:31:164:39 | call to taint | call to taint | | params_flow.rb:193:6:193:10 | ...[...] | params_flow.rb:192:24:192:32 | call to taint | params_flow.rb:193:6:193:10 | ...[...] | $@ | params_flow.rb:192:24:192:32 | call to taint | call to taint | +| params_flow.rb:211:14:211:14 | x | params_flow.rb:227:11:227:19 | call to taint | params_flow.rb:211:14:211:14 | x | $@ | params_flow.rb:227:11:227:19 | call to taint | call to taint | +| params_flow.rb:212:14:212:20 | ...[...] | params_flow.rb:227:22:227:30 | call to taint | params_flow.rb:212:14:212:20 | ...[...] | $@ | params_flow.rb:227:22:227:30 | call to taint | call to taint | +| params_flow.rb:214:14:214:20 | ...[...] | params_flow.rb:227:36:227:44 | call to taint | params_flow.rb:214:14:214:20 | ...[...] | $@ | params_flow.rb:227:36:227:44 | call to taint | call to taint | +| params_flow.rb:215:14:215:15 | k1 | params_flow.rb:227:51:227:59 | call to taint | params_flow.rb:215:14:215:15 | k1 | $@ | params_flow.rb:227:51:227:59 | call to taint | call to taint | +| params_flow.rb:216:14:216:24 | ...[...] | params_flow.rb:227:66:227:74 | call to taint | params_flow.rb:216:14:216:24 | ...[...] | $@ | params_flow.rb:227:66:227:74 | call to taint | call to taint | +| params_flow.rb:228:10:228:10 | x | params_flow.rb:217:15:217:23 | call to taint | params_flow.rb:228:10:228:10 | x | $@ | params_flow.rb:217:15:217:23 | call to taint | call to taint | diff --git a/ruby/ql/test/library-tests/dataflow/params/params_flow.rb b/ruby/ql/test/library-tests/dataflow/params/params_flow.rb index c4ced767fdf..6c00a879821 100644 --- a/ruby/ql/test/library-tests/dataflow/params/params_flow.rb +++ b/ruby/ql/test/library-tests/dataflow/params/params_flow.rb @@ -208,12 +208,12 @@ foo(*int_hash) class Sup def m(x, *rest, k1:, **kwargs) - sink(x) # $ MISSING: hasValueFlow=81 - sink(rest[0]) # $ MISSING: hasValueFlow=82 + sink(x) # $ hasValueFlow=81 + sink(rest[0]) # $ hasValueFlow=82 sink(rest[1]) - sink(rest[2]) # $ MISSING: hasValueFlow=83 - sink(k1) # $ MISSING: hasValueFlow=84 - sink(kwargs[:k2]) # $ MISSING: hasValueFlow=85 + sink(rest[2]) # $ hasValueFlow=83 + sink(k1) # $ hasValueFlow=84 + sink(kwargs[:k2]) # $ hasValueFlow=85 yield taint(86) end end @@ -225,5 +225,5 @@ class Sub < Sup end Sub.new.m(taint(81), taint(82), 0, taint(83), k1: taint(84), k2: taint(85)) do |x| - sink(x) # $ MISSING: hasValueFlow=86 + sink(x) # $ hasValueFlow=86 end From 34554fd000176461e7c995896eb5ed10a933ff1f Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Mon, 31 Mar 2025 13:25:42 +0200 Subject: [PATCH 199/409] SSA: Deprecate the public DefinitionExt. --- shared/ssa/codeql/ssa/Ssa.qll | 185 ++++++++++++++++++++-------------- 1 file changed, 107 insertions(+), 78 deletions(-) diff --git a/shared/ssa/codeql/ssa/Ssa.qll b/shared/ssa/codeql/ssa/Ssa.qll index 36895a28a8b..dab99df65b4 100644 --- a/shared/ssa/codeql/ssa/Ssa.qll +++ b/shared/ssa/codeql/ssa/Ssa.qll @@ -608,21 +608,21 @@ module Make Input> { } private module SsaDefReaches { - newtype TSsaRefKind = + deprecated newtype TSsaRefKind = SsaActualRead() or SsaPhiRead() or SsaDef() - class SsaRead = SsaActualRead or SsaPhiRead; + deprecated class SsaRead = SsaActualRead or SsaPhiRead; - class SsaDefExt = SsaDef or SsaPhiRead; + deprecated class SsaDefExt = SsaDef or SsaPhiRead; - SsaDefExt ssaDefExt() { any() } + deprecated SsaDefExt ssaDefExt() { any() } /** * A classification of SSA variable references into reads and definitions. */ - class SsaRefKind extends TSsaRefKind { + deprecated class SsaRefKind extends TSsaRefKind { string toString() { this = SsaActualRead() and result = "SsaActualRead" @@ -651,7 +651,7 @@ module Make Input> { * Unlike `Liveness::varRef`, this includes `phi` (read) nodes. */ pragma[nomagic] - predicate ssaRef(BasicBlock bb, int i, SourceVariable v, SsaRefKind k) { + deprecated predicate ssaRef(BasicBlock bb, int i, SourceVariable v, SsaRefKind k) { variableRead(bb, i, v, _) and k = SsaActualRead() or @@ -665,14 +665,14 @@ module Make Input> { * Holds if the `i`th node of basic block `bb` is a reference to `v`, and * this reference is not a phi-read. */ - predicate ssaRefNonPhiRead(BasicBlock bb, int i, SourceVariable v) { + deprecated predicate ssaRefNonPhiRead(BasicBlock bb, int i, SourceVariable v) { ssaRef(bb, i, v, [SsaActualRead().(TSsaRefKind), SsaDef()]) } - private newtype OrderedSsaRefIndex = - MkOrderedSsaRefIndex(int i, SsaRefKind k) { ssaRef(_, i, _, k) } + deprecated private newtype OrderedSsaRefIndex = + deprecated MkOrderedSsaRefIndex(int i, SsaRefKind k) { ssaRef(_, i, _, k) } - private OrderedSsaRefIndex ssaRefOrd( + deprecated private OrderedSsaRefIndex ssaRefOrd( BasicBlock bb, int i, SourceVariable v, SsaRefKind k, int ord ) { ssaRef(bb, i, v, k) and @@ -695,7 +695,7 @@ module Make Input> { * * Reads are considered before writes when they happen at the same index. */ - int ssaRefRank(BasicBlock bb, int i, SourceVariable v, SsaRefKind k) { + deprecated int ssaRefRank(BasicBlock bb, int i, SourceVariable v, SsaRefKind k) { ssaRefOrd(bb, i, v, k, _) = rank[result](int j, int ord, OrderedSsaRefIndex res | res = ssaRefOrd(bb, j, v, _, ord) @@ -704,7 +704,7 @@ module Make Input> { ) } - int maxSsaRefRank(BasicBlock bb, SourceVariable v) { + deprecated int maxSsaRefRank(BasicBlock bb, SourceVariable v) { result = ssaRefRank(bb, _, v, _) and not result + 1 = ssaRefRank(bb, _, v, _) } @@ -713,7 +713,9 @@ module Make Input> { * Holds if the SSA definition `def` reaches rank index `rnk` in its own * basic block `bb`. */ - predicate ssaDefReachesRank(BasicBlock bb, DefinitionExt def, int rnk, SourceVariable v) { + deprecated predicate ssaDefReachesRank( + BasicBlock bb, DefinitionExt def, int rnk, SourceVariable v + ) { exists(int i | rnk = ssaRefRank(bb, i, v, ssaDefExt()) and def.definesAt(v, bb, i, _) @@ -727,7 +729,9 @@ module Make Input> { * Holds if the SSA definition of `v` at `def` reaches index `i` in the same * basic block `bb`, without crossing another SSA definition of `v`. */ - predicate ssaDefReachesReadWithinBlock(SourceVariable v, DefinitionExt def, BasicBlock bb, int i) { + deprecated predicate ssaDefReachesReadWithinBlock( + SourceVariable v, DefinitionExt def, BasicBlock bb, int i + ) { exists(int rnk | ssaDefReachesRank(bb, def, rnk, v) and rnk = ssaRefRank(bb, i, v, SsaActualRead()) @@ -737,7 +741,9 @@ module Make Input> { /** * Same as `ssaRefRank()`, but restricted to a particular SSA definition `def`. */ - int ssaDefRank(DefinitionExt def, SourceVariable v, BasicBlock bb, int i, SsaRefKind k) { + deprecated int ssaDefRank( + DefinitionExt def, SourceVariable v, BasicBlock bb, int i, SsaRefKind k + ) { result = ssaRefRank(bb, i, v, k) and ( ssaDefReachesReadExt(v, def, bb, i) @@ -751,34 +757,38 @@ module Make Input> { * last reference to `v` inside `bb`. */ pragma[noinline] - predicate lastSsaRefExt(DefinitionExt def, SourceVariable v, BasicBlock bb, int i) { + deprecated predicate lastSsaRefExt(DefinitionExt def, SourceVariable v, BasicBlock bb, int i) { ssaDefRank(def, v, bb, i, _) = maxSsaRefRank(bb, v) } /** Gets a phi-read node into which `inp` is an input, if any. */ pragma[nomagic] - private DefinitionExt getAPhiReadOutput(DefinitionExt inp) { + deprecated private DefinitionExt getAPhiReadOutput(DefinitionExt inp) { phiHasInputFromBlockExt(result.(PhiReadNode), inp, _) } pragma[nomagic] - DefinitionExt getAnUltimateOutput(Definition def) { result = getAPhiReadOutput*(def) } + deprecated DefinitionExt getAnUltimateOutput(Definition def) { + result = getAPhiReadOutput*(def) + } /** * Same as `lastSsaRefExt`, but ignores phi-reads. */ pragma[noinline] - predicate lastSsaRef(Definition def, SourceVariable v, BasicBlock bb, int i) { + deprecated predicate lastSsaRef(Definition def, SourceVariable v, BasicBlock bb, int i) { lastSsaRefExt(getAnUltimateOutput(def), v, bb, i) and ssaRefNonPhiRead(bb, i, v) } - predicate defOccursInBlock(DefinitionExt def, BasicBlock bb, SourceVariable v, SsaRefKind k) { + deprecated predicate defOccursInBlock( + DefinitionExt def, BasicBlock bb, SourceVariable v, SsaRefKind k + ) { exists(ssaDefRank(def, v, bb, _, k)) } pragma[noinline] - predicate ssaDefReachesThroughBlock(DefinitionExt def, BasicBlock bb) { + deprecated predicate ssaDefReachesThroughBlock(DefinitionExt def, BasicBlock bb) { exists(SourceVariable v | ssaDefReachesEndOfBlockExt0(bb, def, v) and not defOccursInBlock(_, bb, v, _) @@ -792,7 +802,9 @@ module Make Input> { * nor written in any block on the path between `bb1` and `bb2`. */ pragma[nomagic] - predicate varBlockReachesExt(DefinitionExt def, SourceVariable v, BasicBlock bb1, BasicBlock bb2) { + deprecated predicate varBlockReachesExt( + DefinitionExt def, SourceVariable v, BasicBlock bb1, BasicBlock bb2 + ) { defOccursInBlock(def, bb1, v, _) and bb2 = getABasicBlockSuccessor(bb1) or @@ -804,7 +816,9 @@ module Make Input> { } pragma[nomagic] - private predicate phiReadStep(DefinitionExt def, PhiReadNode phi, BasicBlock bb1, BasicBlock bb2) { + deprecated private predicate phiReadStep( + DefinitionExt def, PhiReadNode phi, BasicBlock bb1, BasicBlock bb2 + ) { exists(SourceVariable v | varBlockReachesExt(pragma[only_bind_into](def), v, bb1, pragma[only_bind_into](bb2)) and phi.definesAt(v, bb2, _, _) and @@ -813,7 +827,7 @@ module Make Input> { } pragma[nomagic] - private predicate varBlockReachesExclPhiRead( + deprecated private predicate varBlockReachesExclPhiRead( DefinitionExt def, SourceVariable v, BasicBlock bb1, BasicBlock bb2 ) { varBlockReachesExt(def, v, bb1, bb2) and @@ -831,13 +845,17 @@ module Make Input> { * `def` is referenced (either a read or a write). */ pragma[nomagic] - predicate varBlockReachesRef(Definition def, SourceVariable v, BasicBlock bb1, BasicBlock bb2) { + deprecated predicate varBlockReachesRef( + Definition def, SourceVariable v, BasicBlock bb1, BasicBlock bb2 + ) { varBlockReachesExclPhiRead(getAnUltimateOutput(def), v, bb1, bb2) and ssaRefNonPhiRead(bb1, _, v) } pragma[nomagic] - predicate defAdjacentReadExt(DefinitionExt def, BasicBlock bb1, BasicBlock bb2, int i2) { + deprecated predicate defAdjacentReadExt( + DefinitionExt def, BasicBlock bb1, BasicBlock bb2, int i2 + ) { exists(SourceVariable v | varBlockReachesExt(def, v, bb1, bb2) and ssaRefRank(bb2, i2, v, SsaActualRead()) = 1 @@ -845,7 +863,7 @@ module Make Input> { } pragma[nomagic] - predicate defAdjacentRead(Definition def, BasicBlock bb1, BasicBlock bb2, int i2) { + deprecated predicate defAdjacentRead(Definition def, BasicBlock bb1, BasicBlock bb2, int i2) { exists(SourceVariable v | varBlockReachesRef(def, v, bb1, bb2) | ssaRefRank(bb2, i2, v, SsaActualRead()) = 1 or @@ -861,7 +879,7 @@ module Make Input> { * and `bb2`. */ pragma[nomagic] - predicate varBlockReachesExitExt(DefinitionExt def, BasicBlock bb) { + deprecated predicate varBlockReachesExitExt(DefinitionExt def, BasicBlock bb) { exists(BasicBlock bb2 | varBlockReachesExt(def, _, bb, bb2) | not defOccursInBlock(def, bb2, _, _) and not ssaDefReachesEndOfBlockExt0(bb2, def, _) @@ -869,7 +887,7 @@ module Make Input> { } pragma[nomagic] - private predicate varBlockReachesExitExclPhiRead(DefinitionExt def, BasicBlock bb) { + deprecated private predicate varBlockReachesExitExclPhiRead(DefinitionExt def, BasicBlock bb) { exists(BasicBlock bb2, SourceVariable v | varBlockReachesExt(def, v, bb, bb2) and not defOccursInBlock(def, bb2, _, _) and @@ -887,7 +905,7 @@ module Make Input> { * Same as `varBlockReachesExitExt`, but ignores phi-reads. */ pragma[nomagic] - predicate varBlockReachesExit(Definition def, BasicBlock bb) { + deprecated predicate varBlockReachesExit(Definition def, BasicBlock bb) { varBlockReachesExitExclPhiRead(getAnUltimateOutput(def), bb) } } @@ -895,7 +913,7 @@ module Make Input> { private import SsaDefReaches pragma[nomagic] - private predicate liveThroughExt(BasicBlock bb, SourceVariable v) { + deprecated private predicate liveThroughExt(BasicBlock bb, SourceVariable v) { liveAtExit(bb, v) and not ssaRef(bb, _, v, ssaDefExt()) } @@ -908,7 +926,9 @@ module Make Input> { * SSA definition of `v`. */ pragma[nomagic] - private predicate ssaDefReachesEndOfBlockExt0(BasicBlock bb, DefinitionExt def, SourceVariable v) { + deprecated private predicate ssaDefReachesEndOfBlockExt0( + BasicBlock bb, DefinitionExt def, SourceVariable v + ) { exists(int last | last = maxSsaRefRank(pragma[only_bind_into](bb), pragma[only_bind_into](v)) and ssaDefReachesRank(bb, def, last, v) and @@ -954,7 +974,7 @@ module Make Input> { * Holds if `inp` is an input to the phi (read) node `phi` along the edge originating in `bb`. */ pragma[nomagic] - predicate phiHasInputFromBlockExt(DefinitionExt phi, DefinitionExt inp, BasicBlock bb) { + deprecated predicate phiHasInputFromBlockExt(DefinitionExt phi, DefinitionExt inp, BasicBlock bb) { exists(SourceVariable v, BasicBlock bbDef | phi.definesAt(v, bbDef, _, _) and getABasicBlockPredecessor(bbDef) = bb and @@ -972,7 +992,9 @@ module Make Input> { * basic block `bb`, without crossing another SSA definition of `v`. */ pragma[nomagic] - predicate ssaDefReachesReadExt(SourceVariable v, DefinitionExt def, BasicBlock bb, int i) { + deprecated predicate ssaDefReachesReadExt( + SourceVariable v, DefinitionExt def, BasicBlock bb, int i + ) { ssaDefReachesReadWithinBlock(v, def, bb, i) or ssaRef(bb, i, v, SsaActualRead()) and @@ -998,7 +1020,7 @@ module Make Input> { * path between them without any read of `def`. */ pragma[nomagic] - predicate adjacentDefReadExt( + deprecated predicate adjacentDefReadExt( DefinitionExt def, SourceVariable v, BasicBlock bb1, int i1, BasicBlock bb2, int i2 ) { exists(int rnk | @@ -1018,7 +1040,9 @@ module Make Input> { * Same as `adjacentDefReadExt`, but ignores phi-reads. */ pragma[nomagic] - predicate adjacentDefRead(Definition def, BasicBlock bb1, int i1, BasicBlock bb2, int i2) { + deprecated predicate adjacentDefRead( + Definition def, BasicBlock bb1, int i1, BasicBlock bb2, int i2 + ) { exists(SourceVariable v | adjacentDefReadExt(getAnUltimateOutput(def), v, bb1, i1, bb2, i2) and ssaRefNonPhiRead(bb1, i1, v) @@ -1028,7 +1052,7 @@ module Make Input> { defAdjacentRead(def, bb1, bb2, i2) } - private predicate lastRefRedefExtSameBlock( + deprecated private predicate lastRefRedefExtSameBlock( DefinitionExt def, SourceVariable v, BasicBlock bb, int i, DefinitionExt next ) { exists(int rnk, int j | @@ -1046,7 +1070,7 @@ module Make Input> { * without passing through another read or write. */ pragma[nomagic] - predicate lastRefRedefExt( + deprecated predicate lastRefRedefExt( DefinitionExt def, SourceVariable v, BasicBlock bb, int i, DefinitionExt next ) { // Next reference to `v` inside `bb` is a write @@ -1072,7 +1096,7 @@ module Make Input> { * occurs in basic block `bb`. */ pragma[nomagic] - predicate lastRefRedefExt( + deprecated predicate lastRefRedefExt( DefinitionExt def, SourceVariable v, BasicBlock bb, int i, BasicBlock input, DefinitionExt next ) { // Next reference to `v` inside `bb` is a write @@ -1098,7 +1122,7 @@ module Make Input> { * Same as `lastRefRedefExt`, but ignores phi-reads. */ pragma[nomagic] - predicate lastRefRedef(Definition def, BasicBlock bb, int i, Definition next) { + deprecated predicate lastRefRedef(Definition def, BasicBlock bb, int i, Definition next) { exists(SourceVariable v | lastRefRedefExt(getAnUltimateOutput(def), v, bb, i, next) and ssaRefNonPhiRead(bb, i, v) @@ -1228,30 +1252,43 @@ module Make Input> { } } + deprecated class DefinitionExt = DefinitionExt_; + /** * An extended static single assignment (SSA) definition. * * This is either a normal SSA definition (`Definition`) or a * phi-read node (`PhiReadNode`). */ - class DefinitionExt extends TDefinitionExt { + private class DefinitionExt_ extends TDefinitionExt { /** Gets the source variable underlying this SSA definition. */ - SourceVariable getSourceVariable() { this.definesAt(result, _, _, _) } + SourceVariable getSourceVariable() { this.definesAt(result, _, _) } /** * Holds if this SSA definition defines `v` at index `i` in basic block `bb`. * Phi nodes are considered to be at index `-1`, while normal variable writes * are at the index of the control flow node they wrap. */ - final predicate definesAt(SourceVariable v, BasicBlock bb, int i, SsaRefKind kind) { + deprecated final predicate definesAt(SourceVariable v, BasicBlock bb, int i, SsaRefKind kind) { this.(Definition).definesAt(v, bb, i) and kind = SsaDef() or this = TPhiReadNode(v, bb) and i = -1 and kind = SsaPhiRead() } + /** + * Holds if this SSA definition defines `v` at index `i` in basic block `bb`. + * Phi nodes are considered to be at index `-1`, while normal variable writes + * are at the index of the control flow node they wrap. + */ + final predicate definesAt(SourceVariable v, BasicBlock bb, int i) { + this.(Definition).definesAt(v, bb, i) + or + this = TPhiReadNode(v, bb) and i = -1 + } + /** Gets the basic block to which this SSA definition belongs. */ - final BasicBlock getBasicBlock() { this.definesAt(_, result, _, _) } + final BasicBlock getBasicBlock() { this.definesAt(_, result, _) } /** Gets a textual representation of this SSA definition. */ string toString() { result = this.(Definition).toString() } @@ -1260,6 +1297,8 @@ module Make Input> { Location getLocation() { result = this.(Definition).getLocation() } } + deprecated class PhiReadNode = PhiReadNode_; + /** * A phi-read node. * @@ -1341,7 +1380,7 @@ module Make Input> { * to `phi-read` goes through a dominance-frontier block, and hence a phi node, * which contradicts reachability. */ - class PhiReadNode extends DefinitionExt, TPhiReadNode { + private class PhiReadNode_ extends DefinitionExt_, TPhiReadNode { override string toString() { result = "SSA phi read(" + this.getSourceVariable() + ")" } override Location getLocation() { result = this.getBasicBlock().getLocation() } @@ -1369,18 +1408,6 @@ module Make Input> { not uncertainWriteDefinitionInput(_, def) } - /** Holds if a read is not dominated by a definition. */ - query predicate notDominatedByDef(Definition def, SourceVariable v, BasicBlock bb, int i) { - exists(BasicBlock bbDef, int iDef | def.definesAt(v, bbDef, iDef) | - ssaDefReachesReadWithinBlock(v, def, bb, i) and - (bb != bbDef or i < iDef) - or - ssaDefReachesRead(v, def, bb, i) and - not ssaDefReachesReadWithinBlock(v, def, bb, i) and - not def.definesAt(v, getImmediateBasicBlockDominator*(bb), _) - ) - } - /** Holds if the end of a basic block can be reached by multiple definitions. */ query predicate nonUniqueDefReachesEndOfBlock(Definition def, SourceVariable v, BasicBlock bb) { ssaDefReachesEndOfBlock(bb, def, v) and @@ -1525,21 +1552,21 @@ module Make Input> { module DataFlowIntegration { private import codeql.util.Boolean - final private class DefinitionExtFinal = DefinitionExt; + final private class DefinitionExtFinal = DefinitionExt_; /** An SSA definition which is either a phi node or a phi read node. */ private class SsaPhiExt extends DefinitionExtFinal { SsaPhiExt() { this instanceof PhiNode or - this instanceof PhiReadNode + this instanceof PhiReadNode_ } } cached private Definition getAPhiInputDef(SsaPhiExt phi, BasicBlock bb) { exists(SourceVariable v, BasicBlock bbDef | - phi.definesAt(v, bbDef, _, _) and + phi.definesAt(v, bbDef, _) and getABasicBlockPredecessor(bbDef) = bb and ssaDefReachesEndOfBlock(bb, result, v) ) @@ -1612,9 +1639,9 @@ module Make Input> { SsaPhiExt phi, SsaPhiExt phi2, BasicBlock input, boolean relevant ) { exists(BasicBlock bb1, int i, SourceVariable v, BasicBlock bb2 | - phi.definesAt(pragma[only_bind_into](v), bb1, i, _) and + phi.definesAt(pragma[only_bind_into](v), bb1, i) and AdjacentSsaRefs::adjacentRefPhi(bb1, i, input, bb2, v) and - phi2.definesAt(pragma[only_bind_into](v), bb2, _, _) and + phi2.definesAt(pragma[only_bind_into](v), bb2, _) and if relevantPhiInputNode(phi2, input) then relevant = true else relevant = false ) } @@ -1626,7 +1653,7 @@ module Make Input> { */ private predicate phiStepsToRef(SsaPhiExt phi, BasicBlock bb, int i, boolean isUse) { exists(SourceVariable v, BasicBlock bb1, int i1 | - phi.definesAt(v, bb1, i1, _) and + phi.definesAt(v, bb1, i1) and AdjacentSsaRefs::adjacentRefRead(bb1, i1, bb, i, v) | isUse = true and @@ -1660,13 +1687,13 @@ module Make Input> { private newtype TNode = TWriteDefSource(WriteDefinition def) { DfInput::ssaDefHasSource(def) } or TExprNode(DfInput::Expr e, Boolean isPost) { e = DfInput::getARead(_) } or - TSsaDefinitionNode(DefinitionExt def) { + TSsaDefinitionNode(DefinitionExt_ def) { not phiHasUniqNextNode(def) and if DfInput::includeWriteDefsInFlowStep() then any() else ( def instanceof PhiNode or - def instanceof PhiReadNode or + def instanceof PhiReadNode_ or DfInput::allowFlowIntoUncertainDef(def) ) } or @@ -1792,18 +1819,18 @@ module Make Input> { /** An SSA definition, viewed as a node in a data flow graph. */ private class SsaDefinitionExtNodeImpl extends SsaNodeImpl, TSsaDefinitionNode { - private DefinitionExt def; + private DefinitionExt_ def; SsaDefinitionExtNodeImpl() { this = TSsaDefinitionNode(def) } /** Gets the corresponding `DefinitionExt`. */ - DefinitionExt getDefExt() { result = def } + DefinitionExt_ getDefExt() { result = def } deprecated override DefinitionExt getDefinitionExt() { result = def } override BasicBlock getBasicBlock() { result = def.getBasicBlock() } - override int getIndex() { def.definesAt(_, _, result, _) } + override int getIndex() { def.definesAt(_, _, result) } override SourceVariable getSourceVariable() { result = def.getSourceVariable() } @@ -1829,7 +1856,7 @@ module Make Input> { /** A node that represents a synthetic read of a source variable. */ final class SsaSynthReadNode extends SsaNode { SsaSynthReadNode() { - this.(SsaDefinitionExtNodeImpl).getDefExt() instanceof PhiReadNode or + this.(SsaDefinitionExtNodeImpl).getDefExt() instanceof PhiReadNode_ or this instanceof SsaInputNodeImpl } } @@ -1876,7 +1903,7 @@ module Make Input> { SsaInputNodeImpl() { this = TSsaInputNode(def_, input_) } /** Holds if this node represents input into SSA definition `def` via basic block `input`. */ - predicate isInputInto(DefinitionExt def, BasicBlock input) { + predicate isInputInto(DefinitionExt_ def, BasicBlock input) { def = def_ and input = input_ } @@ -1907,9 +1934,9 @@ module Make Input> { private predicate flowOutOf( Node nodeFrom, SourceVariable v, BasicBlock bb, int i, boolean isUseStep ) { - exists(DefinitionExt def | + exists(DefinitionExt_ def | nodeFrom.(SsaDefinitionExtNodeImpl).getDefExt() = def and - def.definesAt(v, bb, i, _) and + def.definesAt(v, bb, i) and isUseStep = false ) or @@ -1935,9 +1962,9 @@ module Make Input> { ) or // Flow from definition/read to phi input - exists(BasicBlock input, BasicBlock bbPhi, DefinitionExt phi | + exists(BasicBlock input, BasicBlock bbPhi, DefinitionExt_ phi | AdjacentSsaRefs::adjacentRefPhi(bb1, i1, input, bbPhi, v) and - phi.definesAt(v, bbPhi, -1, _) + phi.definesAt(v, bbPhi, -1) | if relevantPhiInputNode(phi, input) then nodeTo = TSsaInputNode(phi, input) @@ -1945,8 +1972,10 @@ module Make Input> { ) } - private predicate flowIntoPhi(DefinitionExt phi, SourceVariable v, BasicBlock bbPhi, Node nodeTo) { - phi.definesAt(v, bbPhi, -1, _) and + private predicate flowIntoPhi( + DefinitionExt_ phi, SourceVariable v, BasicBlock bbPhi, Node nodeTo + ) { + phi.definesAt(v, bbPhi, -1) and if phiHasUniqNextNode(phi) then flowFromRefToNode(v, bbPhi, -1, nodeTo) else nodeTo.(SsaDefinitionExtNodeImpl).getDefExt() = phi @@ -1981,7 +2010,7 @@ module Make Input> { ) or // Flow from input node to def - exists(DefinitionExt phi | + exists(DefinitionExt_ phi | phi = nodeFrom.(SsaInputNodeImpl).getPhi() and isUseStep = false and nodeFrom != nodeTo and @@ -2001,7 +2030,7 @@ module Make Input> { ) or // Flow from SSA definition to read - exists(DefinitionExt def | + exists(DefinitionExt_ def | nodeFrom.(SsaDefinitionExtNodeImpl).getDefExt() = def and nodeTo.(ExprNode).getExpr() = DfInput::getARead(def) and v = def.getSourceVariable() From 6ac4cb71cba9fc2da0063f49f07d790de9e932f4 Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Thu, 3 Apr 2025 09:57:48 +0200 Subject: [PATCH 200/409] SSA: Add change note. --- .../ssa/change-notes/2025-04-03-definitionext-deprecation.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 shared/ssa/change-notes/2025-04-03-definitionext-deprecation.md diff --git a/shared/ssa/change-notes/2025-04-03-definitionext-deprecation.md b/shared/ssa/change-notes/2025-04-03-definitionext-deprecation.md new file mode 100644 index 00000000000..0f0db7c81a1 --- /dev/null +++ b/shared/ssa/change-notes/2025-04-03-definitionext-deprecation.md @@ -0,0 +1,4 @@ +--- +category: deprecated +--- +* All references to the `DefinitionExt` and `PhiReadNode` classes in the SSA library have been deprecated. The concept of phi-read nodes is now strictly an internal implementation detail. Their sole use-case is to improve the structure of the use-use flow relation for data flow, and this use-case remains supported by the `DataFlowIntegration` module. From 533f1a93e2d500bd63dd5915c0408526c0ebb97f Mon Sep 17 00:00:00 2001 From: Napalys Date: Wed, 2 Apr 2025 14:50:44 +0200 Subject: [PATCH 201/409] JS: Added test cases for `mkdirp`. --- .../CWE-022/TaintedPath/TaintedPath.expected | 13 +++++++++++ .../Security/CWE-022/TaintedPath/mkdirp.js | 22 +++++++++++++++++++ 2 files changed, 35 insertions(+) create mode 100644 javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/mkdirp.js diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected index 99be2545b8e..28cbc6908d6 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected @@ -52,6 +52,8 @@ | handlebars.js:11:32:11:39 | filePath | handlebars.js:29:46:29:60 | req.params.path | handlebars.js:11:32:11:39 | filePath | This path depends on a $@. | handlebars.js:29:46:29:60 | req.params.path | user-provided value | | handlebars.js:15:25:15:32 | filePath | handlebars.js:43:15:43:29 | req.params.path | handlebars.js:15:25:15:32 | filePath | This path depends on a $@. | handlebars.js:43:15:43:29 | req.params.path | user-provided value | | hapi.js:15:44:15:51 | filepath | hapi.js:14:30:14:51 | request ... ilepath | hapi.js:15:44:15:51 | filepath | This path depends on a $@. | hapi.js:14:30:14:51 | request ... ilepath | user-provided value | +| mkdirp.js:11:12:11:18 | dirPath | mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:11:12:11:18 | dirPath | This path depends on a $@. | mkdirp.js:9:42:9:59 | req.query.filename | user-provided value | +| mkdirp.js:12:17:12:23 | dirPath | mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:12:17:12:23 | dirPath | This path depends on a $@. | mkdirp.js:9:42:9:59 | req.query.filename | user-provided value | | more-fs-extra.js:10:15:10:22 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:10:15:10:22 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value | | more-fs-extra.js:11:11:11:18 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:11:11:11:18 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value | | more-fs-extra.js:12:14:12:21 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:12:14:12:21 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value | @@ -390,6 +392,11 @@ edges | handlebars.js:43:15:43:29 | req.params.path | handlebars.js:13:73:13:80 | filePath | provenance | | | hapi.js:14:19:14:51 | filepath | hapi.js:15:44:15:51 | filepath | provenance | | | hapi.js:14:30:14:51 | request ... ilepath | hapi.js:14:19:14:51 | filepath | provenance | | +| mkdirp.js:9:11:9:76 | dirPath | mkdirp.js:11:12:11:18 | dirPath | provenance | | +| mkdirp.js:9:11:9:76 | dirPath | mkdirp.js:12:17:12:23 | dirPath | provenance | | +| mkdirp.js:9:21:9:76 | path.jo ... ltDir') | mkdirp.js:9:11:9:76 | dirPath | provenance | | +| mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:9:42:9:75 | req.que ... ultDir' | provenance | | +| mkdirp.js:9:42:9:75 | req.que ... ultDir' | mkdirp.js:9:21:9:76 | path.jo ... ltDir') | provenance | Config | | more-fs-extra.js:8:11:8:22 | { filename } | more-fs-extra.js:8:13:8:20 | filename | provenance | Config | | more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:10:15:10:22 | filename | provenance | | | more-fs-extra.js:8:11:8:33 | filename | more-fs-extra.js:11:11:11:18 | filename | provenance | | @@ -919,6 +926,12 @@ nodes | hapi.js:14:19:14:51 | filepath | semmle.label | filepath | | hapi.js:14:30:14:51 | request ... ilepath | semmle.label | request ... ilepath | | hapi.js:15:44:15:51 | filepath | semmle.label | filepath | +| mkdirp.js:9:11:9:76 | dirPath | semmle.label | dirPath | +| mkdirp.js:9:21:9:76 | path.jo ... ltDir') | semmle.label | path.jo ... ltDir') | +| mkdirp.js:9:42:9:59 | req.query.filename | semmle.label | req.query.filename | +| mkdirp.js:9:42:9:75 | req.que ... ultDir' | semmle.label | req.que ... ultDir' | +| mkdirp.js:11:12:11:18 | dirPath | semmle.label | dirPath | +| mkdirp.js:12:17:12:23 | dirPath | semmle.label | dirPath | | more-fs-extra.js:8:11:8:22 | { filename } | semmle.label | { filename } | | more-fs-extra.js:8:11:8:33 | filename | semmle.label | filename | | more-fs-extra.js:8:13:8:20 | filename | semmle.label | filename | diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/mkdirp.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/mkdirp.js new file mode 100644 index 00000000000..06518acbc0c --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/mkdirp.js @@ -0,0 +1,22 @@ +const express = require('express'); +const mkdirp = require('mkdirp'); +const path = require('path'); + +const app = express(); +app.use(express.json()); + +app.post('/foo', async (req, res) => { + const dirPath = path.join(__dirname, req.query.filename || 'defaultDir'); // $ Source + + mkdirp(dirPath); // $ Alert + mkdirp.sync(dirPath); // $ Alert + mkdirp.nativeSync(dirPath); // $ MISSING: Alert + mkdirp.native(dirPath); // $ MISSING: Alert + mkdirp.manual(dirPath); // $ MISSING: Alert + mkdirp.manualSync(dirPath); // $ MISSING: Alert + mkdirp.mkdirpNative(dirPath); // $ MISSING: Alert + mkdirp.mkdirpManual(dirPath); // $ MISSING: Alert + mkdirp.mkdirpManualSync(dirPath); // $ MISSING: Alert + mkdirp.mkdirpNativeSync(dirPath); // $ MISSING: Alert + mkdirp.mkdirpSync(dirPath); // $ MISSING: Alert +}); From 3fa24d60261f4ee0945d66ac889ba19f182aac10 Mon Sep 17 00:00:00 2001 From: Napalys Date: Wed, 2 Apr 2025 16:29:18 +0200 Subject: [PATCH 202/409] Add sink model for `mkdirp` and update tests for path injection alerts. --- javascript/ql/lib/ext/mkdirp.model.yml | 6 +++++ .../CWE-022/TaintedPath/TaintedPath.expected | 27 +++++++++++++++++++ .../Security/CWE-022/TaintedPath/mkdirp.js | 18 ++++++------- 3 files changed, 42 insertions(+), 9 deletions(-) create mode 100644 javascript/ql/lib/ext/mkdirp.model.yml diff --git a/javascript/ql/lib/ext/mkdirp.model.yml b/javascript/ql/lib/ext/mkdirp.model.yml new file mode 100644 index 00000000000..488b46e2ee2 --- /dev/null +++ b/javascript/ql/lib/ext/mkdirp.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/javascript-all + extensible: sinkModel + data: + - ["mkdirp", "Member[nativeSync,native,manual,manualSync,mkdirpNative,mkdirpManual,mkdirpManualSync,mkdirpNativeSync,mkdirpSync].Argument[0]", "path-injection"] diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected index 28cbc6908d6..b486ca5e663 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected @@ -54,6 +54,15 @@ | hapi.js:15:44:15:51 | filepath | hapi.js:14:30:14:51 | request ... ilepath | hapi.js:15:44:15:51 | filepath | This path depends on a $@. | hapi.js:14:30:14:51 | request ... ilepath | user-provided value | | mkdirp.js:11:12:11:18 | dirPath | mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:11:12:11:18 | dirPath | This path depends on a $@. | mkdirp.js:9:42:9:59 | req.query.filename | user-provided value | | mkdirp.js:12:17:12:23 | dirPath | mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:12:17:12:23 | dirPath | This path depends on a $@. | mkdirp.js:9:42:9:59 | req.query.filename | user-provided value | +| mkdirp.js:13:23:13:29 | dirPath | mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:13:23:13:29 | dirPath | This path depends on a $@. | mkdirp.js:9:42:9:59 | req.query.filename | user-provided value | +| mkdirp.js:14:19:14:25 | dirPath | mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:14:19:14:25 | dirPath | This path depends on a $@. | mkdirp.js:9:42:9:59 | req.query.filename | user-provided value | +| mkdirp.js:15:19:15:25 | dirPath | mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:15:19:15:25 | dirPath | This path depends on a $@. | mkdirp.js:9:42:9:59 | req.query.filename | user-provided value | +| mkdirp.js:16:23:16:29 | dirPath | mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:16:23:16:29 | dirPath | This path depends on a $@. | mkdirp.js:9:42:9:59 | req.query.filename | user-provided value | +| mkdirp.js:17:25:17:31 | dirPath | mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:17:25:17:31 | dirPath | This path depends on a $@. | mkdirp.js:9:42:9:59 | req.query.filename | user-provided value | +| mkdirp.js:18:25:18:31 | dirPath | mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:18:25:18:31 | dirPath | This path depends on a $@. | mkdirp.js:9:42:9:59 | req.query.filename | user-provided value | +| mkdirp.js:19:29:19:35 | dirPath | mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:19:29:19:35 | dirPath | This path depends on a $@. | mkdirp.js:9:42:9:59 | req.query.filename | user-provided value | +| mkdirp.js:20:29:20:35 | dirPath | mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:20:29:20:35 | dirPath | This path depends on a $@. | mkdirp.js:9:42:9:59 | req.query.filename | user-provided value | +| mkdirp.js:21:23:21:29 | dirPath | mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:21:23:21:29 | dirPath | This path depends on a $@. | mkdirp.js:9:42:9:59 | req.query.filename | user-provided value | | more-fs-extra.js:10:15:10:22 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:10:15:10:22 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value | | more-fs-extra.js:11:11:11:18 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:11:11:11:18 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value | | more-fs-extra.js:12:14:12:21 | filename | more-fs-extra.js:8:26:8:33 | req.body | more-fs-extra.js:12:14:12:21 | filename | This path depends on a $@. | more-fs-extra.js:8:26:8:33 | req.body | user-provided value | @@ -394,6 +403,15 @@ edges | hapi.js:14:30:14:51 | request ... ilepath | hapi.js:14:19:14:51 | filepath | provenance | | | mkdirp.js:9:11:9:76 | dirPath | mkdirp.js:11:12:11:18 | dirPath | provenance | | | mkdirp.js:9:11:9:76 | dirPath | mkdirp.js:12:17:12:23 | dirPath | provenance | | +| mkdirp.js:9:11:9:76 | dirPath | mkdirp.js:13:23:13:29 | dirPath | provenance | | +| mkdirp.js:9:11:9:76 | dirPath | mkdirp.js:14:19:14:25 | dirPath | provenance | | +| mkdirp.js:9:11:9:76 | dirPath | mkdirp.js:15:19:15:25 | dirPath | provenance | | +| mkdirp.js:9:11:9:76 | dirPath | mkdirp.js:16:23:16:29 | dirPath | provenance | | +| mkdirp.js:9:11:9:76 | dirPath | mkdirp.js:17:25:17:31 | dirPath | provenance | | +| mkdirp.js:9:11:9:76 | dirPath | mkdirp.js:18:25:18:31 | dirPath | provenance | | +| mkdirp.js:9:11:9:76 | dirPath | mkdirp.js:19:29:19:35 | dirPath | provenance | | +| mkdirp.js:9:11:9:76 | dirPath | mkdirp.js:20:29:20:35 | dirPath | provenance | | +| mkdirp.js:9:11:9:76 | dirPath | mkdirp.js:21:23:21:29 | dirPath | provenance | | | mkdirp.js:9:21:9:76 | path.jo ... ltDir') | mkdirp.js:9:11:9:76 | dirPath | provenance | | | mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:9:42:9:75 | req.que ... ultDir' | provenance | | | mkdirp.js:9:42:9:75 | req.que ... ultDir' | mkdirp.js:9:21:9:76 | path.jo ... ltDir') | provenance | Config | @@ -932,6 +950,15 @@ nodes | mkdirp.js:9:42:9:75 | req.que ... ultDir' | semmle.label | req.que ... ultDir' | | mkdirp.js:11:12:11:18 | dirPath | semmle.label | dirPath | | mkdirp.js:12:17:12:23 | dirPath | semmle.label | dirPath | +| mkdirp.js:13:23:13:29 | dirPath | semmle.label | dirPath | +| mkdirp.js:14:19:14:25 | dirPath | semmle.label | dirPath | +| mkdirp.js:15:19:15:25 | dirPath | semmle.label | dirPath | +| mkdirp.js:16:23:16:29 | dirPath | semmle.label | dirPath | +| mkdirp.js:17:25:17:31 | dirPath | semmle.label | dirPath | +| mkdirp.js:18:25:18:31 | dirPath | semmle.label | dirPath | +| mkdirp.js:19:29:19:35 | dirPath | semmle.label | dirPath | +| mkdirp.js:20:29:20:35 | dirPath | semmle.label | dirPath | +| mkdirp.js:21:23:21:29 | dirPath | semmle.label | dirPath | | more-fs-extra.js:8:11:8:22 | { filename } | semmle.label | { filename } | | more-fs-extra.js:8:11:8:33 | filename | semmle.label | filename | | more-fs-extra.js:8:13:8:20 | filename | semmle.label | filename | diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/mkdirp.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/mkdirp.js index 06518acbc0c..975c46df2cc 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/mkdirp.js +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/mkdirp.js @@ -10,13 +10,13 @@ app.post('/foo', async (req, res) => { mkdirp(dirPath); // $ Alert mkdirp.sync(dirPath); // $ Alert - mkdirp.nativeSync(dirPath); // $ MISSING: Alert - mkdirp.native(dirPath); // $ MISSING: Alert - mkdirp.manual(dirPath); // $ MISSING: Alert - mkdirp.manualSync(dirPath); // $ MISSING: Alert - mkdirp.mkdirpNative(dirPath); // $ MISSING: Alert - mkdirp.mkdirpManual(dirPath); // $ MISSING: Alert - mkdirp.mkdirpManualSync(dirPath); // $ MISSING: Alert - mkdirp.mkdirpNativeSync(dirPath); // $ MISSING: Alert - mkdirp.mkdirpSync(dirPath); // $ MISSING: Alert + mkdirp.nativeSync(dirPath); // $ Alert + mkdirp.native(dirPath); // $ Alert + mkdirp.manual(dirPath); // $ Alert + mkdirp.manualSync(dirPath); // $ Alert + mkdirp.mkdirpNative(dirPath); // $ Alert + mkdirp.mkdirpManual(dirPath); // $ Alert + mkdirp.mkdirpManualSync(dirPath); // $ Alert + mkdirp.mkdirpNativeSync(dirPath); // $ Alert + mkdirp.mkdirpSync(dirPath); // $ Alert }); From 04a39eb735f7e97288f647453a29890e56bd149e Mon Sep 17 00:00:00 2001 From: Napalys Date: Wed, 2 Apr 2025 16:33:02 +0200 Subject: [PATCH 203/409] Removed old `mkdirp` modeling and replaced it with `MaD`. --- javascript/ql/lib/ext/mkdirp.model.yml | 3 ++- .../ql/lib/semmle/javascript/frameworks/Files.qll | 13 ------------- 2 files changed, 2 insertions(+), 14 deletions(-) diff --git a/javascript/ql/lib/ext/mkdirp.model.yml b/javascript/ql/lib/ext/mkdirp.model.yml index 488b46e2ee2..1a3bcce767c 100644 --- a/javascript/ql/lib/ext/mkdirp.model.yml +++ b/javascript/ql/lib/ext/mkdirp.model.yml @@ -3,4 +3,5 @@ extensions: pack: codeql/javascript-all extensible: sinkModel data: - - ["mkdirp", "Member[nativeSync,native,manual,manualSync,mkdirpNative,mkdirpManual,mkdirpManualSync,mkdirpNativeSync,mkdirpSync].Argument[0]", "path-injection"] + - ["mkdirp", "Member[nativeSync,native,manual,manualSync,mkdirpNative,mkdirpManual,mkdirpManualSync,mkdirpNativeSync,mkdirpSync,sync].Argument[0]", "path-injection"] + - ["mkdirp", "Argument[0]", "path-injection"] diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Files.qll b/javascript/ql/lib/semmle/javascript/frameworks/Files.qll index 853d122b301..30f07396dcc 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/Files.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/Files.qll @@ -427,16 +427,3 @@ class Chokidar extends FileNameProducer, FileSystemAccess, API::CallNode { ) } } - -/** - * A call to the [`mkdirp`](https://www.npmjs.com/package/mkdirp) library. - */ -private class Mkdirp extends FileSystemAccess, API::CallNode { - Mkdirp() { - this = API::moduleImport("mkdirp").getACall() - or - this = API::moduleImport("mkdirp").getMember("sync").getACall() - } - - override DataFlow::Node getAPathArgument() { result = this.getArgument(0) } -} From 0e7bff0f81bfc2321023d6f09b62582aeae2319f Mon Sep 17 00:00:00 2001 From: Napalys Date: Wed, 2 Apr 2025 16:34:06 +0200 Subject: [PATCH 204/409] Added change note. --- javascript/ql/lib/change-notes/2025-04-02-mkdirp.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 javascript/ql/lib/change-notes/2025-04-02-mkdirp.md diff --git a/javascript/ql/lib/change-notes/2025-04-02-mkdirp.md b/javascript/ql/lib/change-notes/2025-04-02-mkdirp.md new file mode 100644 index 00000000000..132bbf0cbe4 --- /dev/null +++ b/javascript/ql/lib/change-notes/2025-04-02-mkdirp.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Added support for additional `mkdirp` methods as sinks in path-injection queries. From db2720ea5bad641b76c416e5a11c53193a3e1099 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 2 Apr 2025 13:50:41 +0200 Subject: [PATCH 205/409] JS: Initial model of Response --- javascript/ql/lib/javascript.qll | 1 + .../javascript/frameworks/WebResponse.qll | 96 +++++++++++++++++++ .../ReflectedXss/ReflectedXss.expected | 42 ++++++++ .../ReflectedXssWithCustomSanitizer.expected | 13 +++ .../CWE-079/ReflectedXss/response-object.js | 28 +++--- 5 files changed, 166 insertions(+), 14 deletions(-) create mode 100644 javascript/ql/lib/semmle/javascript/frameworks/WebResponse.qll diff --git a/javascript/ql/lib/javascript.qll b/javascript/ql/lib/javascript.qll index cc4d15158b9..d75eed29b8e 100644 --- a/javascript/ql/lib/javascript.qll +++ b/javascript/ql/lib/javascript.qll @@ -136,6 +136,7 @@ import semmle.javascript.frameworks.UriLibraries import semmle.javascript.frameworks.Vue import semmle.javascript.frameworks.Vuex import semmle.javascript.frameworks.Webix +import semmle.javascript.frameworks.WebResponse import semmle.javascript.frameworks.WebSocket import semmle.javascript.frameworks.XmlParsers import semmle.javascript.frameworks.xUnit diff --git a/javascript/ql/lib/semmle/javascript/frameworks/WebResponse.qll b/javascript/ql/lib/semmle/javascript/frameworks/WebResponse.qll new file mode 100644 index 00000000000..613e189fcfe --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/frameworks/WebResponse.qll @@ -0,0 +1,96 @@ +/** + * Models the `Request` and `Response` objects from the Web standards. + */ + +private import javascript + +/** Treats `Response` as an entry point for API graphs. */ +private class ResponseEntryPoint extends API::EntryPoint { + ResponseEntryPoint() { this = "global.Response" } + + override DataFlow::SourceNode getASource() { result = DataFlow::globalVarRef("Response") } +} + +/** Treats `Headers` as an entry point for API graphs. */ +private class HeadersEntryPoint extends API::EntryPoint { + HeadersEntryPoint() { this = "global.Headers" } + + override DataFlow::SourceNode getASource() { result = DataFlow::globalVarRef("Headers") } +} + +/** + * A call to the `Response` constructor. + */ +private class ResponseCall extends API::InvokeNode { + ResponseCall() { this = any(ResponseEntryPoint e).getANode().getAnInstantiation() } +} + +/** + * A call to the `Headers` constructor. + */ +private class HeadersCall extends API::InvokeNode { + HeadersCall() { this = any(HeadersEntryPoint e).getANode().getAnInstantiation() } +} + +/** + * The `headers` in `new Response(body, { headers })` + */ +private class ResponseArgumentHeaders extends Http::HeaderDefinition { + private ResponseCall response; + private API::Node headerNode; + + ResponseArgumentHeaders() { + headerNode = response.getParameter(1).getMember("headers") and + this = headerNode.asSink() + } + + ResponseCall getResponse() { result = response } + + /** + * Gets a call to `new Headers()` that is passed as the headers to this call. + */ + private HeadersCall getHeadersCall() { headerNode.refersTo(result.getReturn()) } + + /** + * Gets an object whose properties are interpreted as headers, such as `{'content-type': 'foo'}`. + */ + private API::Node getAPlainHeaderObject() { + // new Response(body, {...}) + result = headerNode + or + // new Response(body, new Headers({...})) + result = this.getHeadersCall().getParameter(0) + } + + private API::Node getHeaderNode(string headerName) { + exists(string prop | + result = this.getAPlainHeaderObject().getMember(prop) and + headerName = prop.toLowerCase() + ) + or + exists(API::CallNode append | + append = this.getHeadersCall().getReturn().getMember(["append", "set"]).getACall() and + headerName = append.getArgument(0).getStringValue().toLowerCase() and + result = append.getParameter(1) + ) + } + + override predicate defines(string headerName, string headerValue) { + this.getHeaderNode(headerName).getAValueReachingSink().getStringValue() = headerValue + } + + override string getAHeaderName() { exists(this.getHeaderNode(result)) } + + override Http::RouteHandler getRouteHandler() { none() } +} + +/** + * Data passed as the body in `new Response(body, ...)`. + */ +private class ResponseSink extends Http::ResponseSendArgument { + private ResponseCall response; + + ResponseSink() { this = response.getArgument(0) } + + override Http::RouteHandler getRouteHandler() { none() } +} diff --git a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected index d85a90e4026..9fc3e08fdb0 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected @@ -40,6 +40,19 @@ | partial.js:28:14:28:18 | x + y | partial.js:31:47:31:53 | req.url | partial.js:28:14:28:18 | x + y | Cross-site scripting vulnerability due to a $@. | partial.js:31:47:31:53 | req.url | user-provided value | | partial.js:37:14:37:18 | x + y | partial.js:40:43:40:49 | req.url | partial.js:37:14:37:18 | x + y | Cross-site scripting vulnerability due to a $@. | partial.js:40:43:40:49 | req.url | user-provided value | | promises.js:6:25:6:25 | x | promises.js:5:44:5:57 | req.query.data | promises.js:6:25:6:25 | x | Cross-site scripting vulnerability due to a $@. | promises.js:5:44:5:57 | req.query.data | user-provided value | +| response-object.js:9:18:9:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:9:18:9:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | +| response-object.js:10:18:10:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:10:18:10:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | +| response-object.js:11:18:11:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:11:18:11:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | +| response-object.js:13:18:13:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:13:18:13:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | +| response-object.js:14:18:14:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:14:18:14:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | +| response-object.js:16:18:16:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:16:18:16:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | +| response-object.js:17:18:17:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:17:18:17:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | +| response-object.js:20:18:20:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:20:18:20:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | +| response-object.js:23:18:23:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:23:18:23:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | +| response-object.js:26:18:26:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:26:18:26:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | +| response-object.js:30:18:30:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:30:18:30:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | +| response-object.js:34:18:34:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:34:18:34:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | +| response-object.js:38:18:38:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:38:18:38:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | | tst2.js:7:12:7:12 | p | tst2.js:6:9:6:9 | p | tst2.js:7:12:7:12 | p | Cross-site scripting vulnerability due to a $@. | tst2.js:6:9:6:9 | p | user-provided value | | tst2.js:8:12:8:12 | r | tst2.js:6:12:6:15 | q: r | tst2.js:8:12:8:12 | r | Cross-site scripting vulnerability due to a $@. | tst2.js:6:12:6:15 | q: r | user-provided value | | tst2.js:18:12:18:12 | p | tst2.js:14:9:14:9 | p | tst2.js:18:12:18:12 | p | Cross-site scripting vulnerability due to a $@. | tst2.js:14:9:14:9 | p | user-provided value | @@ -149,6 +162,20 @@ edges | promises.js:5:36:5:42 | [post update] resolve [resolve-value] | promises.js:5:16:5:22 | resolve [Return] [resolve-value] | provenance | | | promises.js:5:44:5:57 | req.query.data | promises.js:5:36:5:42 | [post update] resolve [resolve-value] | provenance | | | promises.js:6:11:6:11 | x | promises.js:6:25:6:25 | x | provenance | | +| response-object.js:7:11:7:25 | data | response-object.js:9:18:9:21 | data | provenance | | +| response-object.js:7:11:7:25 | data | response-object.js:10:18:10:21 | data | provenance | | +| response-object.js:7:11:7:25 | data | response-object.js:11:18:11:21 | data | provenance | | +| response-object.js:7:11:7:25 | data | response-object.js:13:18:13:21 | data | provenance | | +| response-object.js:7:11:7:25 | data | response-object.js:14:18:14:21 | data | provenance | | +| response-object.js:7:11:7:25 | data | response-object.js:16:18:16:21 | data | provenance | | +| response-object.js:7:11:7:25 | data | response-object.js:17:18:17:21 | data | provenance | | +| response-object.js:7:11:7:25 | data | response-object.js:20:18:20:21 | data | provenance | | +| response-object.js:7:11:7:25 | data | response-object.js:23:18:23:21 | data | provenance | | +| response-object.js:7:11:7:25 | data | response-object.js:26:18:26:21 | data | provenance | | +| response-object.js:7:11:7:25 | data | response-object.js:30:18:30:21 | data | provenance | | +| response-object.js:7:11:7:25 | data | response-object.js:34:18:34:21 | data | provenance | | +| response-object.js:7:11:7:25 | data | response-object.js:38:18:38:21 | data | provenance | | +| response-object.js:7:18:7:25 | req.body | response-object.js:7:11:7:25 | data | provenance | | | tst2.js:6:7:6:30 | p | tst2.js:7:12:7:12 | p | provenance | | | tst2.js:6:7:6:30 | r | tst2.js:8:12:8:12 | r | provenance | | | tst2.js:6:9:6:9 | p | tst2.js:6:7:6:30 | p | provenance | | @@ -332,6 +359,21 @@ nodes | promises.js:5:44:5:57 | req.query.data | semmle.label | req.query.data | | promises.js:6:11:6:11 | x | semmle.label | x | | promises.js:6:25:6:25 | x | semmle.label | x | +| response-object.js:7:11:7:25 | data | semmle.label | data | +| response-object.js:7:18:7:25 | req.body | semmle.label | req.body | +| response-object.js:9:18:9:21 | data | semmle.label | data | +| response-object.js:10:18:10:21 | data | semmle.label | data | +| response-object.js:11:18:11:21 | data | semmle.label | data | +| response-object.js:13:18:13:21 | data | semmle.label | data | +| response-object.js:14:18:14:21 | data | semmle.label | data | +| response-object.js:16:18:16:21 | data | semmle.label | data | +| response-object.js:17:18:17:21 | data | semmle.label | data | +| response-object.js:20:18:20:21 | data | semmle.label | data | +| response-object.js:23:18:23:21 | data | semmle.label | data | +| response-object.js:26:18:26:21 | data | semmle.label | data | +| response-object.js:30:18:30:21 | data | semmle.label | data | +| response-object.js:34:18:34:21 | data | semmle.label | data | +| response-object.js:38:18:38:21 | data | semmle.label | data | | tst2.js:6:7:6:30 | p | semmle.label | p | | tst2.js:6:7:6:30 | r | semmle.label | r | | tst2.js:6:9:6:9 | p | semmle.label | p | diff --git a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.expected b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.expected index fb0748b3acd..dff0741ec88 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.expected @@ -38,6 +38,19 @@ | partial.js:28:14:28:18 | x + y | Cross-site scripting vulnerability due to $@. | partial.js:31:47:31:53 | req.url | user-provided value | | partial.js:37:14:37:18 | x + y | Cross-site scripting vulnerability due to $@. | partial.js:40:43:40:49 | req.url | user-provided value | | promises.js:6:25:6:25 | x | Cross-site scripting vulnerability due to $@. | promises.js:5:44:5:57 | req.query.data | user-provided value | +| response-object.js:9:18:9:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | +| response-object.js:10:18:10:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | +| response-object.js:11:18:11:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | +| response-object.js:13:18:13:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | +| response-object.js:14:18:14:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | +| response-object.js:16:18:16:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | +| response-object.js:17:18:17:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | +| response-object.js:20:18:20:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | +| response-object.js:23:18:23:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | +| response-object.js:26:18:26:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | +| response-object.js:30:18:30:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | +| response-object.js:34:18:34:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | +| response-object.js:38:18:38:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | | tst2.js:7:12:7:12 | p | Cross-site scripting vulnerability due to $@. | tst2.js:6:9:6:9 | p | user-provided value | | tst2.js:8:12:8:12 | r | Cross-site scripting vulnerability due to $@. | tst2.js:6:12:6:15 | q: r | user-provided value | | tst2.js:18:12:18:12 | p | Cross-site scripting vulnerability due to $@. | tst2.js:14:9:14:9 | p | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/response-object.js b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/response-object.js index 7dbeb14d30d..eaadaeaba07 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/response-object.js +++ b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/response-object.js @@ -4,36 +4,36 @@ const express = require('express'); // in isolation from the more complicated http frameworks. express().get('/foo', (req) => { - const data = req.body; // $ MISSING: Source + const data = req.body; // $ Source - new Response(data); // $ MISSING: Alert - new Response(data, {}); // $ MISSING: Alert - new Response(data, { headers: null }); // $ MISSING: Alert + new Response(data); // $ Alert + new Response(data, {}); // $ Alert + new Response(data, { headers: null }); // $ Alert - new Response(data, { headers: { 'content-type': 'text/plain'}}); - new Response(data, { headers: { 'content-type': 'text/html'}}); // $ MISSING: Alert + new Response(data, { headers: { 'content-type': 'text/plain'}}); // $ SPURIOUS: Alert + new Response(data, { headers: { 'content-type': 'text/html'}}); // $ Alert - new Response(data, { headers: { 'Content-Type': 'text/plain'}}); - new Response(data, { headers: { 'Content-Type': 'text/html'}}); // $ MISSING: Alert + new Response(data, { headers: { 'Content-Type': 'text/plain'}}); // $ SPURIOUS: Alert + new Response(data, { headers: { 'Content-Type': 'text/html'}}); // $ Alert const headers1 = new Headers({ 'content-type': 'text/plain'}); - new Response(data, { headers: headers1 }); + new Response(data, { headers: headers1 }); // $ SPURIOUS: Alert const headers2 = new Headers({ 'content-type': 'text/html'}); - new Response(data, { headers: headers2 }); // $ MISSING: Alert + new Response(data, { headers: headers2 }); // $ Alert const headers3 = new Headers(); - new Response(data, { headers: headers3 }); // $ MISSING: Alert + new Response(data, { headers: headers3 }); // $ Alert const headers4 = new Headers(); headers4.set('content-type', 'text/plain'); - new Response(data, { headers: headers4 }); + new Response(data, { headers: headers4 }); // $ SPURIOUS: Alert const headers5 = new Headers(); headers5.set('content-type', 'text/html'); - new Response(data, { headers: headers5 }); // $ MISSING: Alert + new Response(data, { headers: headers5 }); // $ Alert const headers6 = new Headers(); headers6.set('unrelated-header', 'text/plain'); - new Response(data, { headers: headers6 }); // $ MISSING: Alert + new Response(data, { headers: headers6 }); // $ Alert }); From 6c33013788e7a3c551c1a8a9268471fa65fe3334 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 2 Apr 2025 13:52:55 +0200 Subject: [PATCH 206/409] JS: Enable association with headers without needing a route handler Previously it was not possible to associate a ResponseSendArgument with its header definitions if they did not have the same route handler. But for calls like `new Response(body, { headers })` the headers are fairly obvious whereas the route handler is unnecessarily hard to find. So we use the direct and obvious association between 'body' and 'headers' in the call. --- .../lib/semmle/javascript/frameworks/HTTP.qll | 6 ++++ .../javascript/frameworks/WebResponse.qll | 4 +++ .../dataflow/ReflectedXssCustomizations.qll | 30 ++++++++++++------- .../ReflectedXss/ReflectedXss.expected | 12 -------- .../ReflectedXssWithCustomSanitizer.expected | 4 --- .../CWE-079/ReflectedXss/response-object.js | 8 ++--- 6 files changed, 33 insertions(+), 31 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/HTTP.qll b/javascript/ql/lib/semmle/javascript/frameworks/HTTP.qll index 61770cdb9ba..2d068d6b4bf 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/HTTP.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/HTTP.qll @@ -108,6 +108,12 @@ module Http { * Gets the route handler that sends this expression. */ abstract RouteHandler getRouteHandler(); + + /** + * Gets a header definition associated with this response body, if it they are provided + * by the same call. + */ + HeaderDefinition getAnAssociatedHeaderDefinition() { none() } } /** diff --git a/javascript/ql/lib/semmle/javascript/frameworks/WebResponse.qll b/javascript/ql/lib/semmle/javascript/frameworks/WebResponse.qll index 613e189fcfe..0e3f93d8099 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/WebResponse.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/WebResponse.qll @@ -93,4 +93,8 @@ private class ResponseSink extends Http::ResponseSendArgument { ResponseSink() { this = response.getArgument(0) } override Http::RouteHandler getRouteHandler() { none() } + + override ResponseArgumentHeaders getAnAssociatedHeaderDefinition() { + result.getResponse() = response + } } diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/ReflectedXssCustomizations.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/ReflectedXssCustomizations.qll index 6ddedd4f727..70b2685d90d 100644 --- a/javascript/ql/lib/semmle/javascript/security/dataflow/ReflectedXssCustomizations.qll +++ b/javascript/ql/lib/semmle/javascript/security/dataflow/ReflectedXssCustomizations.qll @@ -32,11 +32,11 @@ module ReflectedXss { * Gets a HeaderDefinition that defines a XSS safe content-type for `send`. */ Http::HeaderDefinition getAXssSafeHeaderDefinition(Http::ResponseSendArgument send) { - exists(Http::RouteHandler h | - send.getRouteHandler() = h and - result = xssSafeContentTypeHeader(h) - | - // The HeaderDefinition affects a response sent at `send`. + isSafeContentTypeHeader(result) and + ( + result = send.getAnAssociatedHeaderDefinition() + or + result = send.getRouteHandler().getAResponseHeader("content-type") and headerAffects(result, send) ) } @@ -54,16 +54,22 @@ module ReflectedXss { ] } - /** - * Holds if `h` may send a response with a content type that is safe for XSS. - */ - Http::HeaderDefinition xssSafeContentTypeHeader(Http::RouteHandler h) { - result = h.getAResponseHeader("content-type") and - not exists(string tp | result.defines("content-type", tp) | + private predicate isSafeContentTypeHeader(Http::HeaderDefinition header) { + header.getAHeaderName() = "content-type" and + not exists(string tp | header.defines("content-type", tp) | tp.toLowerCase().matches(xssUnsafeContentType() + "%") ) } + /** + * DEPRECATED. Use `getAXssSafeHeaderDefinition` instead. + * Holds if `h` may send a response with a content type that is safe for XSS. + */ + deprecated Http::HeaderDefinition xssSafeContentTypeHeader(Http::RouteHandler h) { + result = h.getAResponseHeader("content-type") and + isSafeContentTypeHeader(result) + } + /** * Holds if a header set in `header` is likely to affect a response sent at `sender`. */ @@ -80,6 +86,8 @@ module ReflectedXss { dominatingHeader.getBasicBlock().(ReachableBasicBlock).dominates(sender.getBasicBlock()) ) ) + or + header = sender.getAnAssociatedHeaderDefinition() } bindingset[headerBlock] diff --git a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected index 9fc3e08fdb0..75bef3e1b3b 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected @@ -43,14 +43,10 @@ | response-object.js:9:18:9:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:9:18:9:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | | response-object.js:10:18:10:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:10:18:10:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | | response-object.js:11:18:11:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:11:18:11:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | -| response-object.js:13:18:13:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:13:18:13:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | | response-object.js:14:18:14:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:14:18:14:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | -| response-object.js:16:18:16:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:16:18:16:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | | response-object.js:17:18:17:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:17:18:17:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | -| response-object.js:20:18:20:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:20:18:20:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | | response-object.js:23:18:23:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:23:18:23:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | | response-object.js:26:18:26:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:26:18:26:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | -| response-object.js:30:18:30:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:30:18:30:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | | response-object.js:34:18:34:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:34:18:34:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | | response-object.js:38:18:38:21 | data | response-object.js:7:18:7:25 | req.body | response-object.js:38:18:38:21 | data | Cross-site scripting vulnerability due to a $@. | response-object.js:7:18:7:25 | req.body | user-provided value | | tst2.js:7:12:7:12 | p | tst2.js:6:9:6:9 | p | tst2.js:7:12:7:12 | p | Cross-site scripting vulnerability due to a $@. | tst2.js:6:9:6:9 | p | user-provided value | @@ -165,14 +161,10 @@ edges | response-object.js:7:11:7:25 | data | response-object.js:9:18:9:21 | data | provenance | | | response-object.js:7:11:7:25 | data | response-object.js:10:18:10:21 | data | provenance | | | response-object.js:7:11:7:25 | data | response-object.js:11:18:11:21 | data | provenance | | -| response-object.js:7:11:7:25 | data | response-object.js:13:18:13:21 | data | provenance | | | response-object.js:7:11:7:25 | data | response-object.js:14:18:14:21 | data | provenance | | -| response-object.js:7:11:7:25 | data | response-object.js:16:18:16:21 | data | provenance | | | response-object.js:7:11:7:25 | data | response-object.js:17:18:17:21 | data | provenance | | -| response-object.js:7:11:7:25 | data | response-object.js:20:18:20:21 | data | provenance | | | response-object.js:7:11:7:25 | data | response-object.js:23:18:23:21 | data | provenance | | | response-object.js:7:11:7:25 | data | response-object.js:26:18:26:21 | data | provenance | | -| response-object.js:7:11:7:25 | data | response-object.js:30:18:30:21 | data | provenance | | | response-object.js:7:11:7:25 | data | response-object.js:34:18:34:21 | data | provenance | | | response-object.js:7:11:7:25 | data | response-object.js:38:18:38:21 | data | provenance | | | response-object.js:7:18:7:25 | req.body | response-object.js:7:11:7:25 | data | provenance | | @@ -364,14 +356,10 @@ nodes | response-object.js:9:18:9:21 | data | semmle.label | data | | response-object.js:10:18:10:21 | data | semmle.label | data | | response-object.js:11:18:11:21 | data | semmle.label | data | -| response-object.js:13:18:13:21 | data | semmle.label | data | | response-object.js:14:18:14:21 | data | semmle.label | data | -| response-object.js:16:18:16:21 | data | semmle.label | data | | response-object.js:17:18:17:21 | data | semmle.label | data | -| response-object.js:20:18:20:21 | data | semmle.label | data | | response-object.js:23:18:23:21 | data | semmle.label | data | | response-object.js:26:18:26:21 | data | semmle.label | data | -| response-object.js:30:18:30:21 | data | semmle.label | data | | response-object.js:34:18:34:21 | data | semmle.label | data | | response-object.js:38:18:38:21 | data | semmle.label | data | | tst2.js:6:7:6:30 | p | semmle.label | p | diff --git a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.expected b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.expected index dff0741ec88..5532af3cf11 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.expected @@ -41,14 +41,10 @@ | response-object.js:9:18:9:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | | response-object.js:10:18:10:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | | response-object.js:11:18:11:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | -| response-object.js:13:18:13:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | | response-object.js:14:18:14:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | -| response-object.js:16:18:16:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | | response-object.js:17:18:17:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | -| response-object.js:20:18:20:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | | response-object.js:23:18:23:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | | response-object.js:26:18:26:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | -| response-object.js:30:18:30:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | | response-object.js:34:18:34:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | | response-object.js:38:18:38:21 | data | Cross-site scripting vulnerability due to $@. | response-object.js:7:18:7:25 | req.body | user-provided value | | tst2.js:7:12:7:12 | p | Cross-site scripting vulnerability due to $@. | tst2.js:6:9:6:9 | p | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/response-object.js b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/response-object.js index eaadaeaba07..030cff46733 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/response-object.js +++ b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/response-object.js @@ -10,14 +10,14 @@ express().get('/foo', (req) => { new Response(data, {}); // $ Alert new Response(data, { headers: null }); // $ Alert - new Response(data, { headers: { 'content-type': 'text/plain'}}); // $ SPURIOUS: Alert + new Response(data, { headers: { 'content-type': 'text/plain'}}); new Response(data, { headers: { 'content-type': 'text/html'}}); // $ Alert - new Response(data, { headers: { 'Content-Type': 'text/plain'}}); // $ SPURIOUS: Alert + new Response(data, { headers: { 'Content-Type': 'text/plain'}}); new Response(data, { headers: { 'Content-Type': 'text/html'}}); // $ Alert const headers1 = new Headers({ 'content-type': 'text/plain'}); - new Response(data, { headers: headers1 }); // $ SPURIOUS: Alert + new Response(data, { headers: headers1 }); const headers2 = new Headers({ 'content-type': 'text/html'}); new Response(data, { headers: headers2 }); // $ Alert @@ -27,7 +27,7 @@ express().get('/foo', (req) => { const headers4 = new Headers(); headers4.set('content-type', 'text/plain'); - new Response(data, { headers: headers4 }); // $ SPURIOUS: Alert + new Response(data, { headers: headers4 }); const headers5 = new Headers(); headers5.set('content-type', 'text/html'); From 1ed8fbd811d700125d7e72fc4493115cdec36de7 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com> Date: Thu, 3 Apr 2025 11:19:14 +0100 Subject: [PATCH 207/409] Delete commented out code --- go/ql/lib/semmle/go/frameworks/Bun.qll | 28 -------------------------- 1 file changed, 28 deletions(-) diff --git a/go/ql/lib/semmle/go/frameworks/Bun.qll b/go/ql/lib/semmle/go/frameworks/Bun.qll index 65c524f9fde..5be82d2cacc 100644 --- a/go/ql/lib/semmle/go/frameworks/Bun.qll +++ b/go/ql/lib/semmle/go/frameworks/Bun.qll @@ -59,32 +59,4 @@ private module Bun { input = inp and output = outp } } - // private class BuilderScan extends TaintTracking::FunctionModel, Method { - // FunctionInput inp; - // FunctionOutput outp; - // BuilderScan() { - // // signature: func (b {Insert,Delete,Select,Update}Builder) Scan(dest ...interface{}) error - // this.hasQualifiedName(packagePath(), - // ["DeleteBuilder", "InsertBuilder", "SelectBuilder", "UpdateBuilder"], "Scan") and - // inp.isReceiver() and - // outp.isParameter(_) - // } - // override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) { - // input = inp and output = outp - // } - // } - // private class BuilderScanContext extends TaintTracking::FunctionModel, Method { - // FunctionInput inp; - // FunctionOutput outp; - // BuilderScanContext() { - // // signature: func (b {Insert,Delete,Select,Update}Builder) ScanContext(ctx context.Context, dest ...interface{}) error - // this.hasQualifiedName(packagePath(), - // ["DeleteBuilder", "InsertBuilder", "SelectBuilder", "UpdateBuilder"], "ScanContext") and - // inp.isReceiver() and - // exists(int i | i > 0 | outp.isParameter(i)) - // } - // override predicate hasTaintFlow(FunctionInput input, FunctionOutput output) { - // input = inp and output = outp - // } - // } } From b0c40111e78f341ea212c9cae6bdbb390cfad489 Mon Sep 17 00:00:00 2001 From: Simon Friis Vindum Date: Thu, 3 Apr 2025 12:45:08 +0200 Subject: [PATCH 208/409] Rust: Tweaks to stringification --- .../elements/internal/MethodCallExprImpl.qll | 20 +- rust/ql/lib/codeql/rust/internal/Type.qll | 4 +- .../PathResolutionConsistency.expected | 4 +- .../canonical_path/canonical_paths.expected | 10 +- .../PathResolutionConsistency.expected | 4 +- .../canonical_paths.expected | 10 +- .../CONSISTENCY/AstConsistency.expected | 4 +- .../library-tests/controlflow/Cfg.expected | 8 +- .../dataflow/global/inline-flow.expected | 22 +- .../dataflow/global/viableCallable.expected | 8 +- .../dataflow/local/DataFlowStep.expected | 78 +- .../dataflow/local/inline-flow.expected | 30 +- .../dataflow/modeled/inline-flow.expected | 52 +- .../dataflow/pointers/inline-flow.expected | 48 +- .../strings/inline-taint-flow.expected | 12 +- .../type-inference/type-inference.expected | 1406 ++++++++--------- .../test/library-tests/variables/Cfg.expected | 16 +- .../security/CWE-022/TaintedPath.expected | 10 +- .../security/CWE-089/SqlInjection.expected | 64 +- .../CWE-311/CleartextTransmission.expected | 6 +- .../CWE-312/CleartextLogging.expected | 30 +- 21 files changed, 928 insertions(+), 918 deletions(-) diff --git a/rust/ql/lib/codeql/rust/elements/internal/MethodCallExprImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/MethodCallExprImpl.qll index 30106d67d1a..fb7bcfbdaa4 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/MethodCallExprImpl.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/MethodCallExprImpl.qll @@ -42,12 +42,22 @@ module Impl { ) } + private string toStringPart(int index) { + index = 0 and + result = this.getReceiver().toAbbreviatedString() + or + index = 1 and + (if this.getReceiver().toAbbreviatedString() = "..." then result = " ." else result = ".") + or + index = 2 and + result = this.getIdentifier().toStringImpl() + or + index = 3 and + if this.getArgList().getNumberOfArgs() = 0 then result = "()" else result = "(...)" + } + override string toStringImpl() { - exists(string base, string separator | - base = this.getReceiver().toAbbreviatedString() and - (if base = "..." then separator = " ." else separator = ".") and - result = base + separator + this.getIdentifier().toStringImpl() + "(...)" - ) + result = strictconcat(int i | | this.toStringPart(i) order by i) } } } diff --git a/rust/ql/lib/codeql/rust/internal/Type.qll b/rust/ql/lib/codeql/rust/internal/Type.qll index 86abcb638f8..ef311fae6c8 100644 --- a/rust/ql/lib/codeql/rust/internal/Type.qll +++ b/rust/ql/lib/codeql/rust/internal/Type.qll @@ -104,7 +104,7 @@ class StructType extends StructOrEnumType, TStruct { result = TTypeParamTypeParameter(struct.getGenericParamList().getTypeParam(i)) } - override string toString() { result = struct.toString() } + override string toString() { result = struct.getName().getText() } override Location getLocation() { result = struct.getLocation() } } @@ -125,7 +125,7 @@ class EnumType extends StructOrEnumType, TEnum { result = TTypeParamTypeParameter(enum.getGenericParamList().getTypeParam(i)) } - override string toString() { result = enum.toString() } + override string toString() { result = enum.getName().getText() } override Location getLocation() { result = enum.getLocation() } } diff --git a/rust/ql/test/extractor-tests/canonical_path/CONSISTENCY/PathResolutionConsistency.expected b/rust/ql/test/extractor-tests/canonical_path/CONSISTENCY/PathResolutionConsistency.expected index 15c7cfcb410..2c09f55800f 100644 --- a/rust/ql/test/extractor-tests/canonical_path/CONSISTENCY/PathResolutionConsistency.expected +++ b/rust/ql/test/extractor-tests/canonical_path/CONSISTENCY/PathResolutionConsistency.expected @@ -1,3 +1,3 @@ multipleStaticCallTargets -| regular.rs:29:5:29:9 | s.g(...) | anonymous.rs:15:9:15:22 | fn g | -| regular.rs:29:5:29:9 | s.g(...) | regular.rs:13:5:13:18 | fn g | +| regular.rs:29:5:29:9 | s.g() | anonymous.rs:15:9:15:22 | fn g | +| regular.rs:29:5:29:9 | s.g() | regular.rs:13:5:13:18 | fn g | diff --git a/rust/ql/test/extractor-tests/canonical_path/canonical_paths.expected b/rust/ql/test/extractor-tests/canonical_path/canonical_paths.expected index c7f85fb86f8..8395c20a00a 100644 --- a/rust/ql/test/extractor-tests/canonical_path/canonical_paths.expected +++ b/rust/ql/test/extractor-tests/canonical_path/canonical_paths.expected @@ -38,17 +38,17 @@ canonicalPaths resolvedPaths | anonymous.rs:27:17:27:30 | OtherStruct {...} | None | None | | anonymous.rs:28:9:28:9 | s | None | None | -| anonymous.rs:28:9:28:13 | s.f(...) | None | None | +| anonymous.rs:28:9:28:13 | s.f() | None | None | | anonymous.rs:29:9:29:9 | s | None | None | -| anonymous.rs:29:9:29:13 | s.g(...) | None | None | +| anonymous.rs:29:9:29:13 | s.g() | None | None | | anonymous.rs:30:9:30:14 | nested | None | None | | regular.rs:27:13:27:21 | Struct {...} | repo::test | crate::regular::Struct | | regular.rs:28:5:28:5 | s | None | None | -| regular.rs:28:5:28:9 | s.f(...) | repo::test | ::f | +| regular.rs:28:5:28:9 | s.f() | repo::test | ::f | | regular.rs:29:5:29:5 | s | None | None | -| regular.rs:29:5:29:9 | s.g(...) | repo::test | ::g | +| regular.rs:29:5:29:9 | s.g() | repo::test | ::g | | regular.rs:30:5:30:5 | s | None | None | -| regular.rs:30:5:30:9 | s.h(...) | repo::test | <_ as crate::regular::TraitWithBlanketImpl>::h | +| regular.rs:30:5:30:9 | s.h() | repo::test | <_ as crate::regular::TraitWithBlanketImpl>::h | | regular.rs:31:5:31:8 | free | repo::test | crate::regular::free | | regular.rs:41:9:41:26 | ...::None::<...> | lang:core | crate::option::Option::None | | regular.rs:42:9:42:20 | ...::Some | lang:core | crate::option::Option::Some | diff --git a/rust/ql/test/extractor-tests/canonical_path_disabled/CONSISTENCY/PathResolutionConsistency.expected b/rust/ql/test/extractor-tests/canonical_path_disabled/CONSISTENCY/PathResolutionConsistency.expected index 0a1a09d5c70..e66b1b5ee2e 100644 --- a/rust/ql/test/extractor-tests/canonical_path_disabled/CONSISTENCY/PathResolutionConsistency.expected +++ b/rust/ql/test/extractor-tests/canonical_path_disabled/CONSISTENCY/PathResolutionConsistency.expected @@ -1,3 +1,3 @@ multipleStaticCallTargets -| regular.rs:32:5:32:9 | s.g(...) | anonymous.rs:18:9:18:22 | fn g | -| regular.rs:32:5:32:9 | s.g(...) | regular.rs:16:5:16:18 | fn g | +| regular.rs:32:5:32:9 | s.g() | anonymous.rs:18:9:18:22 | fn g | +| regular.rs:32:5:32:9 | s.g() | regular.rs:16:5:16:18 | fn g | diff --git a/rust/ql/test/extractor-tests/canonical_path_disabled/canonical_paths.expected b/rust/ql/test/extractor-tests/canonical_path_disabled/canonical_paths.expected index ec6b4bad150..878cb1fc7c9 100644 --- a/rust/ql/test/extractor-tests/canonical_path_disabled/canonical_paths.expected +++ b/rust/ql/test/extractor-tests/canonical_path_disabled/canonical_paths.expected @@ -38,17 +38,17 @@ canonicalPaths resolvedPaths | anonymous.rs:30:17:30:30 | OtherStruct {...} | None | None | | anonymous.rs:31:9:31:9 | s | None | None | -| anonymous.rs:31:9:31:13 | s.f(...) | None | None | +| anonymous.rs:31:9:31:13 | s.f() | None | None | | anonymous.rs:32:9:32:9 | s | None | None | -| anonymous.rs:32:9:32:13 | s.g(...) | None | None | +| anonymous.rs:32:9:32:13 | s.g() | None | None | | anonymous.rs:33:9:33:14 | nested | None | None | | regular.rs:30:13:30:21 | Struct {...} | None | None | | regular.rs:31:5:31:5 | s | None | None | -| regular.rs:31:5:31:9 | s.f(...) | None | None | +| regular.rs:31:5:31:9 | s.f() | None | None | | regular.rs:32:5:32:5 | s | None | None | -| regular.rs:32:5:32:9 | s.g(...) | None | None | +| regular.rs:32:5:32:9 | s.g() | None | None | | regular.rs:33:5:33:5 | s | None | None | -| regular.rs:33:5:33:9 | s.h(...) | None | None | +| regular.rs:33:5:33:9 | s.h() | None | None | | regular.rs:34:5:34:8 | free | None | None | | regular.rs:44:9:44:26 | ...::None::<...> | None | None | | regular.rs:45:9:45:20 | ...::Some | None | None | diff --git a/rust/ql/test/extractor-tests/generated/MacroItems/CONSISTENCY/AstConsistency.expected b/rust/ql/test/extractor-tests/generated/MacroItems/CONSISTENCY/AstConsistency.expected index 1e47287a293..807f782967d 100644 --- a/rust/ql/test/extractor-tests/generated/MacroItems/CONSISTENCY/AstConsistency.expected +++ b/rust/ql/test/extractor-tests/generated/MacroItems/CONSISTENCY/AstConsistency.expected @@ -1,5 +1,5 @@ noLocation -| file://:0:0:0:0 | ... .unwrap(...) | +| file://:0:0:0:0 | ... .unwrap() | | file://:0:0:0:0 | ...: ... | | file://:0:0:0:0 | ...::Path | | file://:0:0:0:0 | ...::Path | @@ -32,7 +32,7 @@ noLocation | file://:0:0:0:0 | path | | file://:0:0:0:0 | path | | file://:0:0:0:0 | path | -| file://:0:0:0:0 | path.parent(...) | +| file://:0:0:0:0 | path.parent() | | file://:0:0:0:0 | std | | file://:0:0:0:0 | std | | file://:0:0:0:0 | std | diff --git a/rust/ql/test/library-tests/controlflow/Cfg.expected b/rust/ql/test/library-tests/controlflow/Cfg.expected index dbb77ca9416..40348a474e5 100644 --- a/rust/ql/test/library-tests/controlflow/Cfg.expected +++ b/rust/ql/test/library-tests/controlflow/Cfg.expected @@ -205,8 +205,8 @@ edges | test.rs:99:19:99:25 | Some(...) | test.rs:99:24:99:24 | x | match | | test.rs:99:24:99:24 | x | test.rs:99:24:99:24 | x | | | test.rs:99:24:99:24 | x | test.rs:100:17:100:17 | x | match | -| test.rs:99:29:99:32 | iter | test.rs:99:29:99:39 | iter.next(...) | | -| test.rs:99:29:99:39 | iter.next(...) | test.rs:99:19:99:25 | Some(...) | | +| test.rs:99:29:99:32 | iter | test.rs:99:29:99:39 | iter.next() | | +| test.rs:99:29:99:39 | iter.next() | test.rs:99:19:99:25 | Some(...) | | | test.rs:99:41:103:9 | { ... } | test.rs:99:15:99:39 | let ... = ... | | | test.rs:100:13:102:13 | if ... {...} | test.rs:99:41:103:9 | { ... } | | | test.rs:100:17:100:17 | x | test.rs:100:22:100:22 | 5 | | @@ -760,8 +760,8 @@ edges | test.rs:311:87:313:5 | { ... } | test.rs:311:5:313:5 | exit fn test_question_mark_operator_1 (normal) | | | test.rs:312:9:312:10 | Ok | test.rs:312:12:312:12 | s | | | test.rs:312:9:312:33 | Ok(...) | test.rs:311:87:313:5 | { ... } | | -| test.rs:312:12:312:12 | s | test.rs:312:12:312:27 | s.parse(...) | | -| test.rs:312:12:312:27 | s.parse(...) | test.rs:312:12:312:28 | TryExpr | | +| test.rs:312:12:312:12 | s | test.rs:312:12:312:27 | s.parse() | | +| test.rs:312:12:312:27 | s.parse() | test.rs:312:12:312:28 | TryExpr | | | test.rs:312:12:312:28 | TryExpr | test.rs:311:5:313:5 | exit fn test_question_mark_operator_1 (normal) | return | | test.rs:312:12:312:28 | TryExpr | test.rs:312:32:312:32 | 4 | match | | test.rs:312:12:312:32 | ... + ... | test.rs:312:9:312:33 | Ok(...) | | diff --git a/rust/ql/test/library-tests/dataflow/global/inline-flow.expected b/rust/ql/test/library-tests/dataflow/global/inline-flow.expected index 291d43d1a62..068da53e28e 100644 --- a/rust/ql/test/library-tests/dataflow/global/inline-flow.expected +++ b/rust/ql/test/library-tests/dataflow/global/inline-flow.expected @@ -17,13 +17,13 @@ edges | main.rs:38:23:38:31 | source(...) | main.rs:26:28:26:33 | ...: i64 | provenance | | | main.rs:38:23:38:31 | source(...) | main.rs:38:6:38:11 | [post] &mut a [&ref, MyStruct] | provenance | | | main.rs:39:10:39:10 | a [MyStruct] | main.rs:30:17:30:21 | SelfParam [&ref, MyStruct] | provenance | | -| main.rs:39:10:39:10 | a [MyStruct] | main.rs:39:10:39:21 | a.get_data(...) | provenance | | +| main.rs:39:10:39:10 | a [MyStruct] | main.rs:39:10:39:21 | a.get_data() | provenance | | | main.rs:44:12:44:17 | [post] &mut a [&ref, MyStruct] | main.rs:44:17:44:17 | [post] a [MyStruct] | provenance | | | main.rs:44:17:44:17 | [post] a [MyStruct] | main.rs:45:10:45:10 | a [MyStruct] | provenance | | | main.rs:44:30:44:38 | source(...) | main.rs:26:28:26:33 | ...: i64 | provenance | | | main.rs:44:30:44:38 | source(...) | main.rs:44:12:44:17 | [post] &mut a [&ref, MyStruct] | provenance | | | main.rs:45:10:45:10 | a [MyStruct] | main.rs:30:17:30:21 | SelfParam [&ref, MyStruct] | provenance | | -| main.rs:45:10:45:10 | a [MyStruct] | main.rs:45:10:45:21 | a.get_data(...) | provenance | | +| main.rs:45:10:45:10 | a [MyStruct] | main.rs:45:10:45:21 | a.get_data() | provenance | | | main.rs:48:12:48:17 | ...: i64 | main.rs:49:10:49:10 | n | provenance | | | main.rs:53:9:53:9 | a | main.rs:54:13:54:13 | a | provenance | | | main.rs:53:13:53:21 | source(...) | main.rs:53:9:53:9 | a | provenance | | @@ -48,11 +48,11 @@ edges | main.rs:82:26:82:26 | a | main.rs:78:21:78:26 | ...: i64 | provenance | | | main.rs:82:26:82:26 | a | main.rs:82:13:82:27 | pass_through(...) | provenance | | | main.rs:94:22:94:27 | ...: i64 | main.rs:95:14:95:14 | n | provenance | | -| main.rs:98:30:104:5 | { ... } | main.rs:117:13:117:25 | mn.get_data(...) | provenance | | +| main.rs:98:30:104:5 | { ... } | main.rs:117:13:117:25 | mn.get_data() | provenance | | | main.rs:102:13:102:21 | source(...) | main.rs:98:30:104:5 | { ... } | provenance | | | main.rs:106:27:106:32 | ...: i64 | main.rs:106:42:112:5 | { ... } | provenance | | | main.rs:117:9:117:9 | a | main.rs:118:10:118:10 | a | provenance | | -| main.rs:117:13:117:25 | mn.get_data(...) | main.rs:117:9:117:9 | a | provenance | | +| main.rs:117:13:117:25 | mn.get_data() | main.rs:117:9:117:9 | a | provenance | | | main.rs:123:9:123:9 | a | main.rs:124:16:124:16 | a | provenance | | | main.rs:123:13:123:21 | source(...) | main.rs:123:9:123:9 | a | provenance | | | main.rs:124:16:124:16 | a | main.rs:94:22:94:27 | ...: i64 | provenance | | @@ -115,12 +115,12 @@ nodes | main.rs:38:11:38:11 | [post] a [MyStruct] | semmle.label | [post] a [MyStruct] | | main.rs:38:23:38:31 | source(...) | semmle.label | source(...) | | main.rs:39:10:39:10 | a [MyStruct] | semmle.label | a [MyStruct] | -| main.rs:39:10:39:21 | a.get_data(...) | semmle.label | a.get_data(...) | +| main.rs:39:10:39:21 | a.get_data() | semmle.label | a.get_data() | | main.rs:44:12:44:17 | [post] &mut a [&ref, MyStruct] | semmle.label | [post] &mut a [&ref, MyStruct] | | main.rs:44:17:44:17 | [post] a [MyStruct] | semmle.label | [post] a [MyStruct] | | main.rs:44:30:44:38 | source(...) | semmle.label | source(...) | | main.rs:45:10:45:10 | a [MyStruct] | semmle.label | a [MyStruct] | -| main.rs:45:10:45:21 | a.get_data(...) | semmle.label | a.get_data(...) | +| main.rs:45:10:45:21 | a.get_data() | semmle.label | a.get_data() | | main.rs:48:12:48:17 | ...: i64 | semmle.label | ...: i64 | | main.rs:49:10:49:10 | n | semmle.label | n | | main.rs:53:9:53:9 | a | semmle.label | a | @@ -154,7 +154,7 @@ nodes | main.rs:106:27:106:32 | ...: i64 | semmle.label | ...: i64 | | main.rs:106:42:112:5 | { ... } | semmle.label | { ... } | | main.rs:117:9:117:9 | a | semmle.label | a | -| main.rs:117:13:117:25 | mn.get_data(...) | semmle.label | mn.get_data(...) | +| main.rs:117:13:117:25 | mn.get_data() | semmle.label | mn.get_data() | | main.rs:118:10:118:10 | a | semmle.label | a | | main.rs:123:9:123:9 | a | semmle.label | a | | main.rs:123:13:123:21 | source(...) | semmle.label | source(...) | @@ -204,9 +204,9 @@ nodes | main.rs:239:14:239:14 | c | semmle.label | c | subpaths | main.rs:38:23:38:31 | source(...) | main.rs:26:28:26:33 | ...: i64 | main.rs:26:17:26:25 | SelfParam [Return] [&ref, MyStruct] | main.rs:38:6:38:11 | [post] &mut a [&ref, MyStruct] | -| main.rs:39:10:39:10 | a [MyStruct] | main.rs:30:17:30:21 | SelfParam [&ref, MyStruct] | main.rs:30:31:32:5 | { ... } | main.rs:39:10:39:21 | a.get_data(...) | +| main.rs:39:10:39:10 | a [MyStruct] | main.rs:30:17:30:21 | SelfParam [&ref, MyStruct] | main.rs:30:31:32:5 | { ... } | main.rs:39:10:39:21 | a.get_data() | | main.rs:44:30:44:38 | source(...) | main.rs:26:28:26:33 | ...: i64 | main.rs:26:17:26:25 | SelfParam [Return] [&ref, MyStruct] | main.rs:44:12:44:17 | [post] &mut a [&ref, MyStruct] | -| main.rs:45:10:45:10 | a [MyStruct] | main.rs:30:17:30:21 | SelfParam [&ref, MyStruct] | main.rs:30:31:32:5 | { ... } | main.rs:45:10:45:21 | a.get_data(...) | +| main.rs:45:10:45:10 | a [MyStruct] | main.rs:30:17:30:21 | SelfParam [&ref, MyStruct] | main.rs:30:31:32:5 | { ... } | main.rs:45:10:45:21 | a.get_data() | | main.rs:63:26:63:26 | a | main.rs:57:17:57:22 | ...: i64 | main.rs:57:32:59:1 | { ... } | main.rs:63:13:63:27 | pass_through(...) | | main.rs:68:26:71:5 | { ... } | main.rs:57:17:57:22 | ...: i64 | main.rs:57:32:59:1 | { ... } | main.rs:68:13:71:6 | pass_through(...) | | main.rs:82:26:82:26 | a | main.rs:78:21:78:26 | ...: i64 | main.rs:78:36:80:5 | { ... } | main.rs:82:13:82:27 | pass_through(...) | @@ -217,8 +217,8 @@ subpaths testFailures #select | main.rs:18:10:18:10 | a | main.rs:13:5:13:13 | source(...) | main.rs:18:10:18:10 | a | $@ | main.rs:13:5:13:13 | source(...) | source(...) | -| main.rs:39:10:39:21 | a.get_data(...) | main.rs:38:23:38:31 | source(...) | main.rs:39:10:39:21 | a.get_data(...) | $@ | main.rs:38:23:38:31 | source(...) | source(...) | -| main.rs:45:10:45:21 | a.get_data(...) | main.rs:44:30:44:38 | source(...) | main.rs:45:10:45:21 | a.get_data(...) | $@ | main.rs:44:30:44:38 | source(...) | source(...) | +| main.rs:39:10:39:21 | a.get_data() | main.rs:38:23:38:31 | source(...) | main.rs:39:10:39:21 | a.get_data() | $@ | main.rs:38:23:38:31 | source(...) | source(...) | +| main.rs:45:10:45:21 | a.get_data() | main.rs:44:30:44:38 | source(...) | main.rs:45:10:45:21 | a.get_data() | $@ | main.rs:44:30:44:38 | source(...) | source(...) | | main.rs:49:10:49:10 | n | main.rs:53:13:53:21 | source(...) | main.rs:49:10:49:10 | n | $@ | main.rs:53:13:53:21 | source(...) | source(...) | | main.rs:64:10:64:10 | b | main.rs:62:13:62:21 | source(...) | main.rs:64:10:64:10 | b | $@ | main.rs:62:13:62:21 | source(...) | source(...) | | main.rs:72:10:72:10 | a | main.rs:70:9:70:18 | source(...) | main.rs:72:10:72:10 | a | $@ | main.rs:70:9:70:18 | source(...) | source(...) | diff --git a/rust/ql/test/library-tests/dataflow/global/viableCallable.expected b/rust/ql/test/library-tests/dataflow/global/viableCallable.expected index c861feaa017..cd1accbe489 100644 --- a/rust/ql/test/library-tests/dataflow/global/viableCallable.expected +++ b/rust/ql/test/library-tests/dataflow/global/viableCallable.expected @@ -2,15 +2,15 @@ | main.rs:17:13:17:23 | get_data(...) | main.rs:12:1:14:1 | fn get_data | | main.rs:18:5:18:11 | sink(...) | main.rs:5:1:7:1 | fn sink | | main.rs:37:5:37:22 | sink(...) | main.rs:5:1:7:1 | fn sink | -| main.rs:37:10:37:21 | a.get_data(...) | main.rs:30:5:32:5 | fn get_data | +| main.rs:37:10:37:21 | a.get_data() | main.rs:30:5:32:5 | fn get_data | | main.rs:38:5:38:32 | ... .set_data(...) | main.rs:26:5:28:5 | fn set_data | | main.rs:38:23:38:31 | source(...) | main.rs:1:1:3:1 | fn source | | main.rs:39:5:39:22 | sink(...) | main.rs:5:1:7:1 | fn sink | -| main.rs:39:10:39:21 | a.get_data(...) | main.rs:30:5:32:5 | fn get_data | +| main.rs:39:10:39:21 | a.get_data() | main.rs:30:5:32:5 | fn get_data | | main.rs:44:5:44:39 | ... .set_data(...) | main.rs:26:5:28:5 | fn set_data | | main.rs:44:30:44:38 | source(...) | main.rs:1:1:3:1 | fn source | | main.rs:45:5:45:22 | sink(...) | main.rs:5:1:7:1 | fn sink | -| main.rs:45:10:45:21 | a.get_data(...) | main.rs:30:5:32:5 | fn get_data | +| main.rs:45:10:45:21 | a.get_data() | main.rs:30:5:32:5 | fn get_data | | main.rs:49:5:49:11 | sink(...) | main.rs:5:1:7:1 | fn sink | | main.rs:53:13:53:21 | source(...) | main.rs:1:1:3:1 | fn source | | main.rs:54:5:54:14 | data_in(...) | main.rs:48:1:50:1 | fn data_in | @@ -25,7 +25,7 @@ | main.rs:83:5:83:11 | sink(...) | main.rs:5:1:7:1 | fn sink | | main.rs:95:9:95:15 | sink(...) | main.rs:5:1:7:1 | fn sink | | main.rs:102:13:102:21 | source(...) | main.rs:1:1:3:1 | fn source | -| main.rs:117:13:117:25 | mn.get_data(...) | main.rs:98:5:104:5 | fn get_data | +| main.rs:117:13:117:25 | mn.get_data() | main.rs:98:5:104:5 | fn get_data | | main.rs:118:5:118:11 | sink(...) | main.rs:5:1:7:1 | fn sink | | main.rs:123:13:123:21 | source(...) | main.rs:1:1:3:1 | fn source | | main.rs:124:5:124:17 | mn.data_in(...) | main.rs:94:5:96:5 | fn data_in | diff --git a/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected b/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected index 7fd8c3fe8a8..9676fd3f2af 100644 --- a/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected +++ b/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected @@ -330,13 +330,13 @@ localStep | main.rs:271:29:271:30 | [post] receiver for r1 | main.rs:271:29:271:30 | [post] r1 | | main.rs:271:29:271:30 | r1 | main.rs:271:29:271:30 | receiver for r1 | | main.rs:271:29:271:30 | r1 | main.rs:272:29:272:30 | r1 | -| main.rs:271:29:271:35 | r1.ok(...) | main.rs:271:9:271:11 | o1a | +| main.rs:271:29:271:35 | r1.ok() | main.rs:271:9:271:11 | o1a | | main.rs:272:9:272:11 | [SSA] o1b | main.rs:274:10:274:12 | o1b | | main.rs:272:9:272:11 | o1b | main.rs:272:9:272:11 | [SSA] o1b | | main.rs:272:9:272:11 | o1b | main.rs:272:9:272:11 | o1b | | main.rs:272:29:272:30 | [post] receiver for r1 | main.rs:272:29:272:30 | [post] r1 | | main.rs:272:29:272:30 | r1 | main.rs:272:29:272:30 | receiver for r1 | -| main.rs:272:29:272:36 | r1.err(...) | main.rs:272:9:272:11 | o1b | +| main.rs:272:29:272:36 | r1.err() | main.rs:272:9:272:11 | o1b | | main.rs:273:10:273:12 | [post] receiver for o1a | main.rs:273:10:273:12 | [post] o1a | | main.rs:273:10:273:12 | o1a | main.rs:273:10:273:12 | receiver for o1a | | main.rs:274:10:274:12 | [post] receiver for o1b | main.rs:274:10:274:12 | [post] o1b | @@ -352,13 +352,13 @@ localStep | main.rs:277:29:277:30 | [post] receiver for r2 | main.rs:277:29:277:30 | [post] r2 | | main.rs:277:29:277:30 | r2 | main.rs:277:29:277:30 | receiver for r2 | | main.rs:277:29:277:30 | r2 | main.rs:278:29:278:30 | r2 | -| main.rs:277:29:277:35 | r2.ok(...) | main.rs:277:9:277:11 | o2a | +| main.rs:277:29:277:35 | r2.ok() | main.rs:277:9:277:11 | o2a | | main.rs:278:9:278:11 | [SSA] o2b | main.rs:280:10:280:12 | o2b | | main.rs:278:9:278:11 | o2b | main.rs:278:9:278:11 | [SSA] o2b | | main.rs:278:9:278:11 | o2b | main.rs:278:9:278:11 | o2b | | main.rs:278:29:278:30 | [post] receiver for r2 | main.rs:278:29:278:30 | [post] r2 | | main.rs:278:29:278:30 | r2 | main.rs:278:29:278:30 | receiver for r2 | -| main.rs:278:29:278:36 | r2.err(...) | main.rs:278:9:278:11 | o2b | +| main.rs:278:29:278:36 | r2.err() | main.rs:278:9:278:11 | o2b | | main.rs:279:10:279:12 | [post] receiver for o2a | main.rs:279:10:279:12 | [post] o2a | | main.rs:279:10:279:12 | o2a | main.rs:279:10:279:12 | receiver for o2a | | main.rs:280:10:280:12 | [post] receiver for o2b | main.rs:280:10:280:12 | [post] o2b | @@ -646,8 +646,8 @@ localStep | main.rs:441:9:441:20 | default_name | main.rs:441:9:441:20 | default_name | | main.rs:441:24:441:33 | [post] receiver for source(...) | main.rs:441:24:441:33 | [post] source(...) | | main.rs:441:24:441:33 | source(...) | main.rs:441:24:441:33 | receiver for source(...) | -| main.rs:441:24:441:45 | ... .to_string(...) | main.rs:441:9:441:20 | default_name | -| main.rs:441:24:441:45 | ... .to_string(...) | main.rs:442:9:442:20 | SSA phi read(default_name) | +| main.rs:441:24:441:45 | ... .to_string() | main.rs:441:9:441:20 | default_name | +| main.rs:441:24:441:45 | ... .to_string() | main.rs:442:9:442:20 | SSA phi read(default_name) | | main.rs:442:5:448:5 | for ... in ... { ... } | main.rs:440:75:449:1 | { ... } | | main.rs:442:9:442:20 | SSA phi read(default_name) | main.rs:444:41:444:67 | default_name | | main.rs:442:10:442:13 | [SSA] cond | main.rs:443:12:443:15 | cond | @@ -692,7 +692,7 @@ localStep | main.rs:468:13:468:13 | [post] receiver for a | main.rs:468:13:468:13 | [post] a | | main.rs:468:13:468:13 | a | main.rs:468:13:468:13 | receiver for a | | main.rs:468:13:468:13 | a | main.rs:472:10:472:10 | a | -| main.rs:468:13:468:25 | a.to_string(...) | main.rs:468:9:468:9 | b | +| main.rs:468:13:468:25 | a.to_string() | main.rs:468:9:468:9 | b | | main.rs:469:9:469:9 | [SSA] c | main.rs:474:10:474:10 | c | | main.rs:469:9:469:9 | c | main.rs:469:9:469:9 | [SSA] c | | main.rs:469:9:469:9 | c | main.rs:469:9:469:9 | c | @@ -700,9 +700,9 @@ localStep | main.rs:469:13:469:13 | [post] receiver for b | main.rs:469:13:469:13 | [post] b | | main.rs:469:13:469:13 | b | main.rs:469:13:469:13 | receiver for b | | main.rs:469:13:469:13 | b | main.rs:470:19:470:19 | b | -| main.rs:469:13:469:28 | [post] receiver for b.parse(...) | main.rs:469:13:469:28 | [post] b.parse(...) | -| main.rs:469:13:469:28 | b.parse(...) | main.rs:469:13:469:28 | receiver for b.parse(...) | -| main.rs:469:13:469:37 | ... .unwrap(...) | main.rs:469:9:469:9 | c | +| main.rs:469:13:469:28 | [post] receiver for b.parse() | main.rs:469:13:469:28 | [post] b.parse() | +| main.rs:469:13:469:28 | b.parse() | main.rs:469:13:469:28 | receiver for b.parse() | +| main.rs:469:13:469:37 | ... .unwrap() | main.rs:469:9:469:9 | c | | main.rs:470:9:470:9 | [SSA] d | main.rs:475:10:475:10 | d | | main.rs:470:9:470:9 | d | main.rs:470:9:470:9 | [SSA] d | | main.rs:470:9:470:9 | d | main.rs:470:9:470:9 | d | @@ -710,9 +710,9 @@ localStep | main.rs:470:19:470:19 | [post] receiver for b | main.rs:470:19:470:19 | [post] b | | main.rs:470:19:470:19 | b | main.rs:470:19:470:19 | receiver for b | | main.rs:470:19:470:19 | b | main.rs:473:17:473:17 | b | -| main.rs:470:19:470:27 | [post] receiver for b.parse(...) | main.rs:470:19:470:27 | [post] b.parse(...) | -| main.rs:470:19:470:27 | b.parse(...) | main.rs:470:19:470:27 | receiver for b.parse(...) | -| main.rs:470:19:470:36 | ... .unwrap(...) | main.rs:470:9:470:9 | d | +| main.rs:470:19:470:27 | [post] receiver for b.parse() | main.rs:470:19:470:27 | [post] b.parse() | +| main.rs:470:19:470:27 | b.parse() | main.rs:470:19:470:27 | receiver for b.parse() | +| main.rs:470:19:470:36 | ... .unwrap() | main.rs:470:9:470:9 | d | | main.rs:479:9:479:10 | [SSA] vs | main.rs:481:10:481:11 | vs | | main.rs:479:9:479:10 | vs | main.rs:479:9:479:10 | [SSA] vs | | main.rs:479:9:479:10 | vs | main.rs:479:9:479:10 | vs | @@ -723,16 +723,16 @@ localStep | main.rs:482:11:482:12 | [post] vs | main.rs:483:11:483:12 | vs | | main.rs:482:11:482:12 | vs | main.rs:482:11:482:12 | receiver for vs | | main.rs:482:11:482:12 | vs | main.rs:483:11:483:12 | vs | -| main.rs:482:11:482:19 | [post] receiver for vs.iter(...) | main.rs:482:11:482:19 | [post] vs.iter(...) | -| main.rs:482:11:482:19 | vs.iter(...) | main.rs:482:11:482:19 | receiver for vs.iter(...) | -| main.rs:482:11:482:26 | ... .next(...) | main.rs:482:11:482:26 | receiver for ... .next(...) | -| main.rs:482:11:482:26 | [post] receiver for ... .next(...) | main.rs:482:11:482:26 | [post] ... .next(...) | +| main.rs:482:11:482:19 | [post] receiver for vs.iter() | main.rs:482:11:482:19 | [post] vs.iter() | +| main.rs:482:11:482:19 | vs.iter() | main.rs:482:11:482:19 | receiver for vs.iter() | +| main.rs:482:11:482:26 | ... .next() | main.rs:482:11:482:26 | receiver for ... .next() | +| main.rs:482:11:482:26 | [post] receiver for ... .next() | main.rs:482:11:482:26 | [post] ... .next() | | main.rs:483:11:483:12 | [post] receiver for vs | main.rs:483:11:483:12 | [post] vs | | main.rs:483:11:483:12 | [post] vs | main.rs:485:14:485:15 | vs | | main.rs:483:11:483:12 | vs | main.rs:483:11:483:12 | receiver for vs | | main.rs:483:11:483:12 | vs | main.rs:485:14:485:15 | vs | -| main.rs:483:11:483:19 | [post] receiver for vs.iter(...) | main.rs:483:11:483:19 | [post] vs.iter(...) | -| main.rs:483:11:483:19 | vs.iter(...) | main.rs:483:11:483:19 | receiver for vs.iter(...) | +| main.rs:483:11:483:19 | [post] receiver for vs.iter() | main.rs:483:11:483:19 | [post] vs.iter() | +| main.rs:483:11:483:19 | vs.iter() | main.rs:483:11:483:19 | receiver for vs.iter() | | main.rs:483:11:483:26 | ... .nth(...) | main.rs:483:11:483:26 | receiver for ... .nth(...) | | main.rs:483:11:483:26 | [post] receiver for ... .nth(...) | main.rs:483:11:483:26 | [post] ... .nth(...) | | main.rs:485:9:485:9 | [SSA] v | main.rs:486:14:486:14 | v | @@ -753,9 +753,9 @@ localStep | main.rs:492:27:492:28 | [post] vs | main.rs:497:5:497:6 | vs | | main.rs:492:27:492:28 | vs | main.rs:492:27:492:28 | receiver for vs | | main.rs:492:27:492:28 | vs | main.rs:497:5:497:6 | vs | -| main.rs:492:27:492:35 | [post] receiver for vs.iter(...) | main.rs:492:27:492:35 | [post] vs.iter(...) | -| main.rs:492:27:492:35 | vs.iter(...) | main.rs:492:27:492:35 | receiver for vs.iter(...) | -| main.rs:492:27:492:45 | ... .collect(...) | main.rs:492:9:492:11 | vs2 | +| main.rs:492:27:492:35 | [post] receiver for vs.iter() | main.rs:492:27:492:35 | [post] vs.iter() | +| main.rs:492:27:492:35 | vs.iter() | main.rs:492:27:492:35 | receiver for vs.iter() | +| main.rs:492:27:492:45 | ... .collect() | main.rs:492:9:492:11 | vs2 | | main.rs:493:10:493:10 | [SSA] v | main.rs:494:14:494:14 | v | | main.rs:493:10:493:10 | v | main.rs:493:10:493:10 | [SSA] v | | main.rs:493:10:493:10 | v | main.rs:493:10:493:10 | v | @@ -763,8 +763,8 @@ localStep | main.rs:497:5:497:6 | [post] vs | main.rs:498:5:498:6 | vs | | main.rs:497:5:497:6 | vs | main.rs:497:5:497:6 | receiver for vs | | main.rs:497:5:497:6 | vs | main.rs:498:5:498:6 | vs | -| main.rs:497:5:497:13 | [post] receiver for vs.iter(...) | main.rs:497:5:497:13 | [post] vs.iter(...) | -| main.rs:497:5:497:13 | vs.iter(...) | main.rs:497:5:497:13 | receiver for vs.iter(...) | +| main.rs:497:5:497:13 | [post] receiver for vs.iter() | main.rs:497:5:497:13 | [post] vs.iter() | +| main.rs:497:5:497:13 | vs.iter() | main.rs:497:5:497:13 | receiver for vs.iter() | | main.rs:497:20:497:20 | ... | main.rs:497:20:497:20 | x | | main.rs:497:20:497:20 | [SSA] x | main.rs:497:29:497:29 | x | | main.rs:497:20:497:20 | x | main.rs:497:20:497:20 | [SSA] x | @@ -773,8 +773,8 @@ localStep | main.rs:498:5:498:6 | [post] vs | main.rs:500:14:500:15 | vs | | main.rs:498:5:498:6 | vs | main.rs:498:5:498:6 | receiver for vs | | main.rs:498:5:498:6 | vs | main.rs:500:14:500:15 | vs | -| main.rs:498:5:498:13 | [post] receiver for vs.iter(...) | main.rs:498:5:498:13 | [post] vs.iter(...) | -| main.rs:498:5:498:13 | vs.iter(...) | main.rs:498:5:498:13 | receiver for vs.iter(...) | +| main.rs:498:5:498:13 | [post] receiver for vs.iter() | main.rs:498:5:498:13 | [post] vs.iter() | +| main.rs:498:5:498:13 | vs.iter() | main.rs:498:5:498:13 | receiver for vs.iter() | | main.rs:498:25:498:25 | ... | main.rs:498:25:498:25 | x | | main.rs:498:25:498:25 | [SSA] x | main.rs:498:34:498:34 | x | | main.rs:498:25:498:25 | x | main.rs:498:25:498:25 | [SSA] x | @@ -800,17 +800,17 @@ localStep | main.rs:507:11:507:16 | vs_mut | main.rs:507:11:507:16 | receiver for vs_mut | | main.rs:507:11:507:16 | vs_mut | main.rs:508:11:508:16 | [SSA] vs_mut | | main.rs:507:11:507:16 | vs_mut | main.rs:508:11:508:16 | vs_mut | -| main.rs:507:11:507:23 | [post] receiver for vs_mut.iter(...) | main.rs:507:11:507:23 | [post] vs_mut.iter(...) | -| main.rs:507:11:507:23 | vs_mut.iter(...) | main.rs:507:11:507:23 | receiver for vs_mut.iter(...) | -| main.rs:507:11:507:30 | ... .next(...) | main.rs:507:11:507:30 | receiver for ... .next(...) | -| main.rs:507:11:507:30 | [post] receiver for ... .next(...) | main.rs:507:11:507:30 | [post] ... .next(...) | +| main.rs:507:11:507:23 | [post] receiver for vs_mut.iter() | main.rs:507:11:507:23 | [post] vs_mut.iter() | +| main.rs:507:11:507:23 | vs_mut.iter() | main.rs:507:11:507:23 | receiver for vs_mut.iter() | +| main.rs:507:11:507:30 | ... .next() | main.rs:507:11:507:30 | receiver for ... .next() | +| main.rs:507:11:507:30 | [post] receiver for ... .next() | main.rs:507:11:507:30 | [post] ... .next() | | main.rs:508:11:508:16 | [SSA] vs_mut | main.rs:510:19:510:24 | vs_mut | | main.rs:508:11:508:16 | [post] receiver for vs_mut | main.rs:508:11:508:16 | [post] vs_mut | | main.rs:508:11:508:16 | [post] vs_mut | main.rs:510:19:510:24 | vs_mut | | main.rs:508:11:508:16 | vs_mut | main.rs:508:11:508:16 | receiver for vs_mut | | main.rs:508:11:508:16 | vs_mut | main.rs:510:19:510:24 | vs_mut | -| main.rs:508:11:508:23 | [post] receiver for vs_mut.iter(...) | main.rs:508:11:508:23 | [post] vs_mut.iter(...) | -| main.rs:508:11:508:23 | vs_mut.iter(...) | main.rs:508:11:508:23 | receiver for vs_mut.iter(...) | +| main.rs:508:11:508:23 | [post] receiver for vs_mut.iter() | main.rs:508:11:508:23 | [post] vs_mut.iter() | +| main.rs:508:11:508:23 | vs_mut.iter() | main.rs:508:11:508:23 | receiver for vs_mut.iter() | | main.rs:508:11:508:30 | ... .nth(...) | main.rs:508:11:508:30 | receiver for ... .nth(...) | | main.rs:508:11:508:30 | [post] receiver for ... .nth(...) | main.rs:508:11:508:30 | [post] ... .nth(...) | | main.rs:510:5:512:5 | for ... in ... { ... } | main.rs:478:16:513:1 | { ... } | @@ -3037,13 +3037,13 @@ readStep | main.rs:470:19:470:19 | b | &ref | main.rs:470:19:470:19 | receiver for b | | main.rs:481:10:481:11 | vs | element | main.rs:481:10:481:14 | vs[0] | | main.rs:482:11:482:12 | vs | &ref | main.rs:482:11:482:12 | receiver for vs | -| main.rs:482:11:482:35 | ... .unwrap(...) | &ref | main.rs:482:10:482:35 | * ... | +| main.rs:482:11:482:35 | ... .unwrap() | &ref | main.rs:482:10:482:35 | * ... | | main.rs:483:11:483:12 | vs | &ref | main.rs:483:11:483:12 | receiver for vs | -| main.rs:483:11:483:35 | ... .unwrap(...) | &ref | main.rs:483:10:483:35 | * ... | +| main.rs:483:11:483:35 | ... .unwrap() | &ref | main.rs:483:10:483:35 | * ... | | main.rs:485:14:485:15 | vs | element | main.rs:485:9:485:9 | v | | main.rs:488:9:488:10 | &... | &ref | main.rs:488:10:488:10 | v | | main.rs:488:15:488:16 | vs | &ref | main.rs:488:15:488:16 | receiver for vs | -| main.rs:488:15:488:23 | vs.iter(...) | element | main.rs:488:9:488:10 | &... | +| main.rs:488:15:488:23 | vs.iter() | element | main.rs:488:9:488:10 | &... | | main.rs:492:27:492:28 | vs | &ref | main.rs:492:27:492:28 | receiver for vs | | main.rs:493:9:493:10 | &... | &ref | main.rs:493:10:493:10 | v | | main.rs:493:15:493:17 | vs2 | element | main.rs:493:9:493:10 | &... | @@ -3052,15 +3052,15 @@ readStep | main.rs:498:5:498:6 | vs | &ref | main.rs:498:5:498:6 | receiver for vs | | main.rs:498:34:498:34 | x | &ref | main.rs:498:33:498:34 | * ... | | main.rs:500:14:500:15 | vs | &ref | main.rs:500:14:500:15 | receiver for vs | -| main.rs:500:14:500:27 | vs.into_iter(...) | element | main.rs:500:9:500:9 | v | +| main.rs:500:14:500:27 | vs.into_iter() | element | main.rs:500:9:500:9 | v | | main.rs:506:10:506:15 | vs_mut | element | main.rs:506:10:506:18 | vs_mut[0] | | main.rs:507:11:507:16 | vs_mut | &ref | main.rs:507:11:507:16 | receiver for vs_mut | -| main.rs:507:11:507:39 | ... .unwrap(...) | &ref | main.rs:507:10:507:39 | * ... | +| main.rs:507:11:507:39 | ... .unwrap() | &ref | main.rs:507:10:507:39 | * ... | | main.rs:508:11:508:16 | vs_mut | &ref | main.rs:508:11:508:16 | receiver for vs_mut | -| main.rs:508:11:508:39 | ... .unwrap(...) | &ref | main.rs:508:10:508:39 | * ... | +| main.rs:508:11:508:39 | ... .unwrap() | &ref | main.rs:508:10:508:39 | * ... | | main.rs:510:9:510:14 | &mut ... | &ref | main.rs:510:14:510:14 | v | | main.rs:510:19:510:24 | vs_mut | &ref | main.rs:510:19:510:24 | receiver for vs_mut | -| main.rs:510:19:510:35 | vs_mut.iter_mut(...) | element | main.rs:510:9:510:14 | &mut ... | +| main.rs:510:19:510:35 | vs_mut.iter_mut() | element | main.rs:510:9:510:14 | &mut ... | | main.rs:524:11:524:15 | c_ref | &ref | main.rs:524:10:524:15 | * ... | | main.rs:531:10:531:10 | a | &ref | main.rs:531:10:531:10 | receiver for a | | main.rs:537:10:537:10 | b | &ref | main.rs:537:10:537:10 | receiver for b | diff --git a/rust/ql/test/library-tests/dataflow/local/inline-flow.expected b/rust/ql/test/library-tests/dataflow/local/inline-flow.expected index b69ba66b625..80469e0b399 100644 --- a/rust/ql/test/library-tests/dataflow/local/inline-flow.expected +++ b/rust/ql/test/library-tests/dataflow/local/inline-flow.expected @@ -95,7 +95,7 @@ edges | main.rs:229:11:229:12 | s1 [Some] | main.rs:230:9:230:15 | Some(...) [Some] | provenance | | | main.rs:230:9:230:15 | Some(...) [Some] | main.rs:230:14:230:14 | n | provenance | | | main.rs:230:14:230:14 | n | main.rs:230:25:230:25 | n | provenance | | -| main.rs:240:9:240:10 | s1 [Some] | main.rs:241:10:241:20 | s1.unwrap(...) | provenance | MaD:2 | +| main.rs:240:9:240:10 | s1 [Some] | main.rs:241:10:241:20 | s1.unwrap() | provenance | MaD:2 | | main.rs:240:14:240:29 | Some(...) [Some] | main.rs:240:9:240:10 | s1 [Some] | provenance | | | main.rs:240:19:240:28 | source(...) | main.rs:240:14:240:29 | Some(...) [Some] | provenance | | | main.rs:245:9:245:10 | s1 [Some] | main.rs:246:10:246:24 | s1.unwrap_or(...) | provenance | MaD:4 | @@ -112,16 +112,16 @@ edges | main.rs:263:9:263:10 | i1 | main.rs:264:10:264:11 | i1 | provenance | | | main.rs:263:14:263:15 | s1 [Some] | main.rs:263:14:263:16 | TryExpr | provenance | | | main.rs:263:14:263:16 | TryExpr | main.rs:263:9:263:10 | i1 | provenance | | -| main.rs:270:9:270:10 | r1 [Ok] | main.rs:271:29:271:35 | r1.ok(...) [Some] | provenance | MaD:10 | +| main.rs:270:9:270:10 | r1 [Ok] | main.rs:271:29:271:35 | r1.ok() [Some] | provenance | MaD:10 | | main.rs:270:33:270:46 | Ok(...) [Ok] | main.rs:270:9:270:10 | r1 [Ok] | provenance | | | main.rs:270:36:270:45 | source(...) | main.rs:270:33:270:46 | Ok(...) [Ok] | provenance | | -| main.rs:271:9:271:11 | o1a [Some] | main.rs:273:10:273:21 | o1a.unwrap(...) | provenance | MaD:2 | -| main.rs:271:29:271:35 | r1.ok(...) [Some] | main.rs:271:9:271:11 | o1a [Some] | provenance | | -| main.rs:276:9:276:10 | r2 [Err] | main.rs:278:29:278:36 | r2.err(...) [Some] | provenance | MaD:7 | +| main.rs:271:9:271:11 | o1a [Some] | main.rs:273:10:273:21 | o1a.unwrap() | provenance | MaD:2 | +| main.rs:271:29:271:35 | r1.ok() [Some] | main.rs:271:9:271:11 | o1a [Some] | provenance | | +| main.rs:276:9:276:10 | r2 [Err] | main.rs:278:29:278:36 | r2.err() [Some] | provenance | MaD:7 | | main.rs:276:33:276:47 | Err(...) [Err] | main.rs:276:9:276:10 | r2 [Err] | provenance | | | main.rs:276:37:276:46 | source(...) | main.rs:276:33:276:47 | Err(...) [Err] | provenance | | -| main.rs:278:9:278:11 | o2b [Some] | main.rs:280:10:280:21 | o2b.unwrap(...) | provenance | MaD:2 | -| main.rs:278:29:278:36 | r2.err(...) [Some] | main.rs:278:9:278:11 | o2b [Some] | provenance | | +| main.rs:278:9:278:11 | o2b [Some] | main.rs:280:10:280:21 | o2b.unwrap() | provenance | MaD:2 | +| main.rs:278:29:278:36 | r2.err() [Some] | main.rs:278:9:278:11 | o2b [Some] | provenance | | | main.rs:284:9:284:10 | s1 [Ok] | main.rs:287:14:287:15 | s1 [Ok] | provenance | | | main.rs:284:32:284:45 | Ok(...) [Ok] | main.rs:284:9:284:10 | s1 [Ok] | provenance | | | main.rs:284:35:284:44 | source(...) | main.rs:284:32:284:45 | Ok(...) [Ok] | provenance | | @@ -342,7 +342,7 @@ nodes | main.rs:240:9:240:10 | s1 [Some] | semmle.label | s1 [Some] | | main.rs:240:14:240:29 | Some(...) [Some] | semmle.label | Some(...) [Some] | | main.rs:240:19:240:28 | source(...) | semmle.label | source(...) | -| main.rs:241:10:241:20 | s1.unwrap(...) | semmle.label | s1.unwrap(...) | +| main.rs:241:10:241:20 | s1.unwrap() | semmle.label | s1.unwrap() | | main.rs:245:9:245:10 | s1 [Some] | semmle.label | s1 [Some] | | main.rs:245:14:245:29 | Some(...) [Some] | semmle.label | Some(...) [Some] | | main.rs:245:19:245:28 | source(...) | semmle.label | source(...) | @@ -366,14 +366,14 @@ nodes | main.rs:270:33:270:46 | Ok(...) [Ok] | semmle.label | Ok(...) [Ok] | | main.rs:270:36:270:45 | source(...) | semmle.label | source(...) | | main.rs:271:9:271:11 | o1a [Some] | semmle.label | o1a [Some] | -| main.rs:271:29:271:35 | r1.ok(...) [Some] | semmle.label | r1.ok(...) [Some] | -| main.rs:273:10:273:21 | o1a.unwrap(...) | semmle.label | o1a.unwrap(...) | +| main.rs:271:29:271:35 | r1.ok() [Some] | semmle.label | r1.ok() [Some] | +| main.rs:273:10:273:21 | o1a.unwrap() | semmle.label | o1a.unwrap() | | main.rs:276:9:276:10 | r2 [Err] | semmle.label | r2 [Err] | | main.rs:276:33:276:47 | Err(...) [Err] | semmle.label | Err(...) [Err] | | main.rs:276:37:276:46 | source(...) | semmle.label | source(...) | | main.rs:278:9:278:11 | o2b [Some] | semmle.label | o2b [Some] | -| main.rs:278:29:278:36 | r2.err(...) [Some] | semmle.label | r2.err(...) [Some] | -| main.rs:280:10:280:21 | o2b.unwrap(...) | semmle.label | o2b.unwrap(...) | +| main.rs:278:29:278:36 | r2.err() [Some] | semmle.label | r2.err() [Some] | +| main.rs:280:10:280:21 | o2b.unwrap() | semmle.label | o2b.unwrap() | | main.rs:284:9:284:10 | s1 [Ok] | semmle.label | s1 [Ok] | | main.rs:284:32:284:45 | Ok(...) [Ok] | semmle.label | Ok(...) [Ok] | | main.rs:284:35:284:44 | source(...) | semmle.label | source(...) | @@ -528,14 +528,14 @@ testFailures | main.rs:204:18:204:18 | x | main.rs:198:27:198:36 | source(...) | main.rs:204:18:204:18 | x | $@ | main.rs:198:27:198:36 | source(...) | source(...) | | main.rs:217:33:217:33 | n | main.rs:214:27:214:36 | source(...) | main.rs:217:33:217:33 | n | $@ | main.rs:214:27:214:36 | source(...) | source(...) | | main.rs:230:25:230:25 | n | main.rs:227:19:227:28 | source(...) | main.rs:230:25:230:25 | n | $@ | main.rs:227:19:227:28 | source(...) | source(...) | -| main.rs:241:10:241:20 | s1.unwrap(...) | main.rs:240:19:240:28 | source(...) | main.rs:241:10:241:20 | s1.unwrap(...) | $@ | main.rs:240:19:240:28 | source(...) | source(...) | +| main.rs:241:10:241:20 | s1.unwrap() | main.rs:240:19:240:28 | source(...) | main.rs:241:10:241:20 | s1.unwrap() | $@ | main.rs:240:19:240:28 | source(...) | source(...) | | main.rs:246:10:246:24 | s1.unwrap_or(...) | main.rs:245:19:245:28 | source(...) | main.rs:246:10:246:24 | s1.unwrap_or(...) | $@ | main.rs:245:19:245:28 | source(...) | source(...) | | main.rs:249:10:249:33 | s2.unwrap_or(...) | main.rs:249:23:249:32 | source(...) | main.rs:249:10:249:33 | s2.unwrap_or(...) | $@ | main.rs:249:23:249:32 | source(...) | source(...) | | main.rs:254:10:254:32 | s1.unwrap_or_else(...) | main.rs:253:19:253:28 | source(...) | main.rs:254:10:254:32 | s1.unwrap_or_else(...) | $@ | main.rs:253:19:253:28 | source(...) | source(...) | | main.rs:257:10:257:41 | s2.unwrap_or_else(...) | main.rs:257:31:257:40 | source(...) | main.rs:257:10:257:41 | s2.unwrap_or_else(...) | $@ | main.rs:257:31:257:40 | source(...) | source(...) | | main.rs:264:10:264:11 | i1 | main.rs:261:19:261:28 | source(...) | main.rs:264:10:264:11 | i1 | $@ | main.rs:261:19:261:28 | source(...) | source(...) | -| main.rs:273:10:273:21 | o1a.unwrap(...) | main.rs:270:36:270:45 | source(...) | main.rs:273:10:273:21 | o1a.unwrap(...) | $@ | main.rs:270:36:270:45 | source(...) | source(...) | -| main.rs:280:10:280:21 | o2b.unwrap(...) | main.rs:276:37:276:46 | source(...) | main.rs:280:10:280:21 | o2b.unwrap(...) | $@ | main.rs:276:37:276:46 | source(...) | source(...) | +| main.rs:273:10:273:21 | o1a.unwrap() | main.rs:270:36:270:45 | source(...) | main.rs:273:10:273:21 | o1a.unwrap() | $@ | main.rs:270:36:270:45 | source(...) | source(...) | +| main.rs:280:10:280:21 | o2b.unwrap() | main.rs:276:37:276:46 | source(...) | main.rs:280:10:280:21 | o2b.unwrap() | $@ | main.rs:276:37:276:46 | source(...) | source(...) | | main.rs:289:10:289:11 | i1 | main.rs:284:35:284:44 | source(...) | main.rs:289:10:289:11 | i1 | $@ | main.rs:284:35:284:44 | source(...) | source(...) | | main.rs:298:10:298:22 | s1.expect(...) | main.rs:297:35:297:44 | source(...) | main.rs:298:10:298:22 | s1.expect(...) | $@ | main.rs:297:35:297:44 | source(...) | source(...) | | main.rs:303:10:303:26 | s2.expect_err(...) | main.rs:301:36:301:45 | source(...) | main.rs:303:10:303:26 | s2.expect_err(...) | $@ | main.rs:301:36:301:45 | source(...) | source(...) | diff --git a/rust/ql/test/library-tests/dataflow/modeled/inline-flow.expected b/rust/ql/test/library-tests/dataflow/modeled/inline-flow.expected index 2bfeb4dea73..a7d350ee5ac 100644 --- a/rust/ql/test/library-tests/dataflow/modeled/inline-flow.expected +++ b/rust/ql/test/library-tests/dataflow/modeled/inline-flow.expected @@ -7,34 +7,34 @@ models | 6 | Summary: lang:core; crate::ptr::read; Argument[0].Reference; ReturnValue; value | | 7 | Summary: lang:core; crate::ptr::write; Argument[1]; Argument[0].Reference; value | edges -| main.rs:12:9:12:9 | a [Some] | main.rs:13:10:13:19 | a.unwrap(...) | provenance | MaD:2 | -| main.rs:12:9:12:9 | a [Some] | main.rs:14:13:14:21 | a.clone(...) [Some] | provenance | MaD:1 | -| main.rs:12:9:12:9 | a [Some] | main.rs:14:13:14:21 | a.clone(...) [Some] | provenance | generated | +| main.rs:12:9:12:9 | a [Some] | main.rs:13:10:13:19 | a.unwrap() | provenance | MaD:2 | +| main.rs:12:9:12:9 | a [Some] | main.rs:14:13:14:21 | a.clone() [Some] | provenance | MaD:1 | +| main.rs:12:9:12:9 | a [Some] | main.rs:14:13:14:21 | a.clone() [Some] | provenance | generated | | main.rs:12:13:12:28 | Some(...) [Some] | main.rs:12:9:12:9 | a [Some] | provenance | | | main.rs:12:18:12:27 | source(...) | main.rs:12:13:12:28 | Some(...) [Some] | provenance | | -| main.rs:14:9:14:9 | b [Some] | main.rs:15:10:15:19 | b.unwrap(...) | provenance | MaD:2 | -| main.rs:14:13:14:21 | a.clone(...) [Some] | main.rs:14:9:14:9 | b [Some] | provenance | | -| main.rs:19:9:19:9 | a [Ok] | main.rs:20:10:20:19 | a.unwrap(...) | provenance | MaD:5 | -| main.rs:19:9:19:9 | a [Ok] | main.rs:21:13:21:21 | a.clone(...) [Ok] | provenance | MaD:4 | -| main.rs:19:9:19:9 | a [Ok] | main.rs:21:13:21:21 | a.clone(...) [Ok] | provenance | generated | +| main.rs:14:9:14:9 | b [Some] | main.rs:15:10:15:19 | b.unwrap() | provenance | MaD:2 | +| main.rs:14:13:14:21 | a.clone() [Some] | main.rs:14:9:14:9 | b [Some] | provenance | | +| main.rs:19:9:19:9 | a [Ok] | main.rs:20:10:20:19 | a.unwrap() | provenance | MaD:5 | +| main.rs:19:9:19:9 | a [Ok] | main.rs:21:13:21:21 | a.clone() [Ok] | provenance | MaD:4 | +| main.rs:19:9:19:9 | a [Ok] | main.rs:21:13:21:21 | a.clone() [Ok] | provenance | generated | | main.rs:19:31:19:44 | Ok(...) [Ok] | main.rs:19:9:19:9 | a [Ok] | provenance | | | main.rs:19:34:19:43 | source(...) | main.rs:19:31:19:44 | Ok(...) [Ok] | provenance | | -| main.rs:21:9:21:9 | b [Ok] | main.rs:22:10:22:19 | b.unwrap(...) | provenance | MaD:5 | -| main.rs:21:13:21:21 | a.clone(...) [Ok] | main.rs:21:9:21:9 | b [Ok] | provenance | | +| main.rs:21:9:21:9 | b [Ok] | main.rs:22:10:22:19 | b.unwrap() | provenance | MaD:5 | +| main.rs:21:13:21:21 | a.clone() [Ok] | main.rs:21:9:21:9 | b [Ok] | provenance | | | main.rs:26:9:26:9 | a | main.rs:27:10:27:10 | a | provenance | | -| main.rs:26:9:26:9 | a | main.rs:28:13:28:21 | a.clone(...) | provenance | generated | +| main.rs:26:9:26:9 | a | main.rs:28:13:28:21 | a.clone() | provenance | generated | | main.rs:26:13:26:22 | source(...) | main.rs:26:9:26:9 | a | provenance | | | main.rs:28:9:28:9 | b | main.rs:29:10:29:10 | b | provenance | | -| main.rs:28:13:28:21 | a.clone(...) | main.rs:28:9:28:9 | b | provenance | | +| main.rs:28:13:28:21 | a.clone() | main.rs:28:9:28:9 | b | provenance | | | main.rs:41:13:41:13 | w [Wrapper] | main.rs:42:15:42:15 | w [Wrapper] | provenance | | | main.rs:41:17:41:41 | Wrapper {...} [Wrapper] | main.rs:41:13:41:13 | w [Wrapper] | provenance | | | main.rs:41:30:41:39 | source(...) | main.rs:41:17:41:41 | Wrapper {...} [Wrapper] | provenance | | | main.rs:42:15:42:15 | w [Wrapper] | main.rs:43:13:43:28 | Wrapper {...} [Wrapper] | provenance | | -| main.rs:42:15:42:15 | w [Wrapper] | main.rs:45:17:45:25 | w.clone(...) [Wrapper] | provenance | generated | +| main.rs:42:15:42:15 | w [Wrapper] | main.rs:45:17:45:25 | w.clone() [Wrapper] | provenance | generated | | main.rs:43:13:43:28 | Wrapper {...} [Wrapper] | main.rs:43:26:43:26 | n | provenance | | | main.rs:43:26:43:26 | n | main.rs:43:38:43:38 | n | provenance | | | main.rs:45:13:45:13 | u [Wrapper] | main.rs:46:15:46:15 | u [Wrapper] | provenance | | -| main.rs:45:17:45:25 | w.clone(...) [Wrapper] | main.rs:45:13:45:13 | u [Wrapper] | provenance | | +| main.rs:45:17:45:25 | w.clone() [Wrapper] | main.rs:45:13:45:13 | u [Wrapper] | provenance | | | main.rs:46:15:46:15 | u [Wrapper] | main.rs:47:13:47:28 | Wrapper {...} [Wrapper] | provenance | | | main.rs:47:13:47:28 | Wrapper {...} [Wrapper] | main.rs:47:26:47:26 | n | provenance | | | main.rs:47:26:47:26 | n | main.rs:47:38:47:38 | n | provenance | | @@ -55,22 +55,22 @@ nodes | main.rs:12:9:12:9 | a [Some] | semmle.label | a [Some] | | main.rs:12:13:12:28 | Some(...) [Some] | semmle.label | Some(...) [Some] | | main.rs:12:18:12:27 | source(...) | semmle.label | source(...) | -| main.rs:13:10:13:19 | a.unwrap(...) | semmle.label | a.unwrap(...) | +| main.rs:13:10:13:19 | a.unwrap() | semmle.label | a.unwrap() | | main.rs:14:9:14:9 | b [Some] | semmle.label | b [Some] | -| main.rs:14:13:14:21 | a.clone(...) [Some] | semmle.label | a.clone(...) [Some] | -| main.rs:15:10:15:19 | b.unwrap(...) | semmle.label | b.unwrap(...) | +| main.rs:14:13:14:21 | a.clone() [Some] | semmle.label | a.clone() [Some] | +| main.rs:15:10:15:19 | b.unwrap() | semmle.label | b.unwrap() | | main.rs:19:9:19:9 | a [Ok] | semmle.label | a [Ok] | | main.rs:19:31:19:44 | Ok(...) [Ok] | semmle.label | Ok(...) [Ok] | | main.rs:19:34:19:43 | source(...) | semmle.label | source(...) | -| main.rs:20:10:20:19 | a.unwrap(...) | semmle.label | a.unwrap(...) | +| main.rs:20:10:20:19 | a.unwrap() | semmle.label | a.unwrap() | | main.rs:21:9:21:9 | b [Ok] | semmle.label | b [Ok] | -| main.rs:21:13:21:21 | a.clone(...) [Ok] | semmle.label | a.clone(...) [Ok] | -| main.rs:22:10:22:19 | b.unwrap(...) | semmle.label | b.unwrap(...) | +| main.rs:21:13:21:21 | a.clone() [Ok] | semmle.label | a.clone() [Ok] | +| main.rs:22:10:22:19 | b.unwrap() | semmle.label | b.unwrap() | | main.rs:26:9:26:9 | a | semmle.label | a | | main.rs:26:13:26:22 | source(...) | semmle.label | source(...) | | main.rs:27:10:27:10 | a | semmle.label | a | | main.rs:28:9:28:9 | b | semmle.label | b | -| main.rs:28:13:28:21 | a.clone(...) | semmle.label | a.clone(...) | +| main.rs:28:13:28:21 | a.clone() | semmle.label | a.clone() | | main.rs:29:10:29:10 | b | semmle.label | b | | main.rs:41:13:41:13 | w [Wrapper] | semmle.label | w [Wrapper] | | main.rs:41:17:41:41 | Wrapper {...} [Wrapper] | semmle.label | Wrapper {...} [Wrapper] | @@ -80,7 +80,7 @@ nodes | main.rs:43:26:43:26 | n | semmle.label | n | | main.rs:43:38:43:38 | n | semmle.label | n | | main.rs:45:13:45:13 | u [Wrapper] | semmle.label | u [Wrapper] | -| main.rs:45:17:45:25 | w.clone(...) [Wrapper] | semmle.label | w.clone(...) [Wrapper] | +| main.rs:45:17:45:25 | w.clone() [Wrapper] | semmle.label | w.clone() [Wrapper] | | main.rs:46:15:46:15 | u [Wrapper] | semmle.label | u [Wrapper] | | main.rs:47:13:47:28 | Wrapper {...} [Wrapper] | semmle.label | Wrapper {...} [Wrapper] | | main.rs:47:26:47:26 | n | semmle.label | n | @@ -103,10 +103,10 @@ nodes subpaths testFailures #select -| main.rs:13:10:13:19 | a.unwrap(...) | main.rs:12:18:12:27 | source(...) | main.rs:13:10:13:19 | a.unwrap(...) | $@ | main.rs:12:18:12:27 | source(...) | source(...) | -| main.rs:15:10:15:19 | b.unwrap(...) | main.rs:12:18:12:27 | source(...) | main.rs:15:10:15:19 | b.unwrap(...) | $@ | main.rs:12:18:12:27 | source(...) | source(...) | -| main.rs:20:10:20:19 | a.unwrap(...) | main.rs:19:34:19:43 | source(...) | main.rs:20:10:20:19 | a.unwrap(...) | $@ | main.rs:19:34:19:43 | source(...) | source(...) | -| main.rs:22:10:22:19 | b.unwrap(...) | main.rs:19:34:19:43 | source(...) | main.rs:22:10:22:19 | b.unwrap(...) | $@ | main.rs:19:34:19:43 | source(...) | source(...) | +| main.rs:13:10:13:19 | a.unwrap() | main.rs:12:18:12:27 | source(...) | main.rs:13:10:13:19 | a.unwrap() | $@ | main.rs:12:18:12:27 | source(...) | source(...) | +| main.rs:15:10:15:19 | b.unwrap() | main.rs:12:18:12:27 | source(...) | main.rs:15:10:15:19 | b.unwrap() | $@ | main.rs:12:18:12:27 | source(...) | source(...) | +| main.rs:20:10:20:19 | a.unwrap() | main.rs:19:34:19:43 | source(...) | main.rs:20:10:20:19 | a.unwrap() | $@ | main.rs:19:34:19:43 | source(...) | source(...) | +| main.rs:22:10:22:19 | b.unwrap() | main.rs:19:34:19:43 | source(...) | main.rs:22:10:22:19 | b.unwrap() | $@ | main.rs:19:34:19:43 | source(...) | source(...) | | main.rs:27:10:27:10 | a | main.rs:26:13:26:22 | source(...) | main.rs:27:10:27:10 | a | $@ | main.rs:26:13:26:22 | source(...) | source(...) | | main.rs:29:10:29:10 | b | main.rs:26:13:26:22 | source(...) | main.rs:29:10:29:10 | b | $@ | main.rs:26:13:26:22 | source(...) | source(...) | | main.rs:43:38:43:38 | n | main.rs:41:30:41:39 | source(...) | main.rs:43:38:43:38 | n | $@ | main.rs:41:30:41:39 | source(...) | source(...) | diff --git a/rust/ql/test/library-tests/dataflow/pointers/inline-flow.expected b/rust/ql/test/library-tests/dataflow/pointers/inline-flow.expected index 450d33d3998..8da24883ea7 100644 --- a/rust/ql/test/library-tests/dataflow/pointers/inline-flow.expected +++ b/rust/ql/test/library-tests/dataflow/pointers/inline-flow.expected @@ -61,26 +61,26 @@ edges | main.rs:164:14:164:39 | ...::MyNumber(...) [MyNumber] | main.rs:164:33:164:38 | number | provenance | | | main.rs:164:33:164:38 | number | main.rs:162:26:166:5 | { ... } | provenance | | | main.rs:174:13:174:21 | my_number [MyNumber] | main.rs:156:18:156:21 | SelfParam [MyNumber] | provenance | | -| main.rs:174:13:174:21 | my_number [MyNumber] | main.rs:175:14:175:34 | my_number.to_number(...) | provenance | | +| main.rs:174:13:174:21 | my_number [MyNumber] | main.rs:175:14:175:34 | my_number.to_number() | provenance | | | main.rs:174:25:174:54 | ...::MyNumber(...) [MyNumber] | main.rs:174:13:174:21 | my_number [MyNumber] | provenance | | | main.rs:174:44:174:53 | source(...) | main.rs:174:25:174:54 | ...::MyNumber(...) [MyNumber] | provenance | | | main.rs:179:13:179:21 | my_number [MyNumber] | main.rs:180:16:180:24 | my_number [MyNumber] | provenance | | | main.rs:179:25:179:54 | ...::MyNumber(...) [MyNumber] | main.rs:179:13:179:21 | my_number [MyNumber] | provenance | | | main.rs:179:44:179:53 | source(...) | main.rs:179:25:179:54 | ...::MyNumber(...) [MyNumber] | provenance | | | main.rs:180:15:180:24 | &my_number [&ref, MyNumber] | main.rs:162:12:162:16 | SelfParam [&ref, MyNumber] | provenance | | -| main.rs:180:15:180:24 | &my_number [&ref, MyNumber] | main.rs:180:14:180:31 | ... .get(...) | provenance | | +| main.rs:180:15:180:24 | &my_number [&ref, MyNumber] | main.rs:180:14:180:31 | ... .get() | provenance | | | main.rs:180:16:180:24 | my_number [MyNumber] | main.rs:180:15:180:24 | &my_number [&ref, MyNumber] | provenance | | | main.rs:184:13:184:21 | my_number [MyNumber] | main.rs:186:14:186:22 | my_number [MyNumber] | provenance | | | main.rs:184:25:184:54 | ...::MyNumber(...) [MyNumber] | main.rs:184:13:184:21 | my_number [MyNumber] | provenance | | | main.rs:184:44:184:53 | source(...) | main.rs:184:25:184:54 | ...::MyNumber(...) [MyNumber] | provenance | | | main.rs:186:14:186:22 | my_number [MyNumber] | main.rs:162:12:162:16 | SelfParam [&ref, MyNumber] | provenance | | -| main.rs:186:14:186:22 | my_number [MyNumber] | main.rs:186:14:186:28 | my_number.get(...) | provenance | | +| main.rs:186:14:186:22 | my_number [MyNumber] | main.rs:186:14:186:28 | my_number.get() | provenance | | | main.rs:190:13:190:21 | my_number [&ref, MyNumber] | main.rs:192:14:192:22 | my_number [&ref, MyNumber] | provenance | | | main.rs:190:25:190:55 | &... [&ref, MyNumber] | main.rs:190:13:190:21 | my_number [&ref, MyNumber] | provenance | | | main.rs:190:26:190:55 | ...::MyNumber(...) [MyNumber] | main.rs:190:25:190:55 | &... [&ref, MyNumber] | provenance | | | main.rs:190:45:190:54 | source(...) | main.rs:190:26:190:55 | ...::MyNumber(...) [MyNumber] | provenance | | | main.rs:192:14:192:22 | my_number [&ref, MyNumber] | main.rs:156:18:156:21 | SelfParam [MyNumber] | provenance | | -| main.rs:192:14:192:22 | my_number [&ref, MyNumber] | main.rs:192:14:192:34 | my_number.to_number(...) | provenance | | +| main.rs:192:14:192:22 | my_number [&ref, MyNumber] | main.rs:192:14:192:34 | my_number.to_number() | provenance | | | main.rs:200:29:200:38 | ...: i64 | main.rs:201:14:201:18 | value | provenance | | | main.rs:201:10:201:10 | [post] n [&ref] | main.rs:200:16:200:26 | ...: ... [Return] [&ref] | provenance | | | main.rs:201:14:201:18 | value | main.rs:201:10:201:10 | [post] n [&ref] | provenance | | @@ -106,9 +106,9 @@ edges | main.rs:234:36:234:45 | source(...) | main.rs:228:37:228:47 | ...: i64 | provenance | | | main.rs:234:36:234:45 | source(...) | main.rs:234:20:234:33 | [post] &mut my_number [&ref, MyNumber] | provenance | | | main.rs:235:14:235:22 | my_number [MyNumber] | main.rs:162:12:162:16 | SelfParam [&ref, MyNumber] | provenance | | -| main.rs:235:14:235:22 | my_number [MyNumber] | main.rs:235:14:235:28 | my_number.get(...) | provenance | | +| main.rs:235:14:235:22 | my_number [MyNumber] | main.rs:235:14:235:28 | my_number.get() | provenance | | | main.rs:237:14:237:22 | my_number [MyNumber] | main.rs:162:12:162:16 | SelfParam [&ref, MyNumber] | provenance | | -| main.rs:237:14:237:22 | my_number [MyNumber] | main.rs:237:14:237:28 | my_number.get(...) | provenance | | +| main.rs:237:14:237:22 | my_number [MyNumber] | main.rs:237:14:237:28 | my_number.get() | provenance | | | main.rs:243:9:243:17 | [post] my_number [MyNumber] | main.rs:244:24:244:32 | my_number [MyNumber] | provenance | | | main.rs:243:9:243:17 | [post] my_number [MyNumber] | main.rs:246:24:246:32 | my_number [MyNumber] | provenance | | | main.rs:243:23:243:32 | source(...) | main.rs:223:27:223:37 | ...: i64 | provenance | | @@ -201,24 +201,24 @@ nodes | main.rs:174:13:174:21 | my_number [MyNumber] | semmle.label | my_number [MyNumber] | | main.rs:174:25:174:54 | ...::MyNumber(...) [MyNumber] | semmle.label | ...::MyNumber(...) [MyNumber] | | main.rs:174:44:174:53 | source(...) | semmle.label | source(...) | -| main.rs:175:14:175:34 | my_number.to_number(...) | semmle.label | my_number.to_number(...) | +| main.rs:175:14:175:34 | my_number.to_number() | semmle.label | my_number.to_number() | | main.rs:179:13:179:21 | my_number [MyNumber] | semmle.label | my_number [MyNumber] | | main.rs:179:25:179:54 | ...::MyNumber(...) [MyNumber] | semmle.label | ...::MyNumber(...) [MyNumber] | | main.rs:179:44:179:53 | source(...) | semmle.label | source(...) | -| main.rs:180:14:180:31 | ... .get(...) | semmle.label | ... .get(...) | +| main.rs:180:14:180:31 | ... .get() | semmle.label | ... .get() | | main.rs:180:15:180:24 | &my_number [&ref, MyNumber] | semmle.label | &my_number [&ref, MyNumber] | | main.rs:180:16:180:24 | my_number [MyNumber] | semmle.label | my_number [MyNumber] | | main.rs:184:13:184:21 | my_number [MyNumber] | semmle.label | my_number [MyNumber] | | main.rs:184:25:184:54 | ...::MyNumber(...) [MyNumber] | semmle.label | ...::MyNumber(...) [MyNumber] | | main.rs:184:44:184:53 | source(...) | semmle.label | source(...) | | main.rs:186:14:186:22 | my_number [MyNumber] | semmle.label | my_number [MyNumber] | -| main.rs:186:14:186:28 | my_number.get(...) | semmle.label | my_number.get(...) | +| main.rs:186:14:186:28 | my_number.get() | semmle.label | my_number.get() | | main.rs:190:13:190:21 | my_number [&ref, MyNumber] | semmle.label | my_number [&ref, MyNumber] | | main.rs:190:25:190:55 | &... [&ref, MyNumber] | semmle.label | &... [&ref, MyNumber] | | main.rs:190:26:190:55 | ...::MyNumber(...) [MyNumber] | semmle.label | ...::MyNumber(...) [MyNumber] | | main.rs:190:45:190:54 | source(...) | semmle.label | source(...) | | main.rs:192:14:192:22 | my_number [&ref, MyNumber] | semmle.label | my_number [&ref, MyNumber] | -| main.rs:192:14:192:34 | my_number.to_number(...) | semmle.label | my_number.to_number(...) | +| main.rs:192:14:192:34 | my_number.to_number() | semmle.label | my_number.to_number() | | main.rs:200:16:200:26 | ...: ... [Return] [&ref] | semmle.label | ...: ... [Return] [&ref] | | main.rs:200:29:200:38 | ...: i64 | semmle.label | ...: i64 | | main.rs:201:10:201:10 | [post] n [&ref] | semmle.label | [post] n [&ref] | @@ -245,9 +245,9 @@ nodes | main.rs:234:25:234:33 | [post] my_number [MyNumber] | semmle.label | [post] my_number [MyNumber] | | main.rs:234:36:234:45 | source(...) | semmle.label | source(...) | | main.rs:235:14:235:22 | my_number [MyNumber] | semmle.label | my_number [MyNumber] | -| main.rs:235:14:235:28 | my_number.get(...) | semmle.label | my_number.get(...) | +| main.rs:235:14:235:28 | my_number.get() | semmle.label | my_number.get() | | main.rs:237:14:237:22 | my_number [MyNumber] | semmle.label | my_number [MyNumber] | -| main.rs:237:14:237:28 | my_number.get(...) | semmle.label | my_number.get(...) | +| main.rs:237:14:237:28 | my_number.get() | semmle.label | my_number.get() | | main.rs:243:9:243:17 | [post] my_number [MyNumber] | semmle.label | [post] my_number [MyNumber] | | main.rs:243:23:243:32 | source(...) | semmle.label | source(...) | | main.rs:244:14:244:33 | to_number(...) | semmle.label | to_number(...) | @@ -262,15 +262,15 @@ nodes | main.rs:255:14:255:33 | to_number(...) | semmle.label | to_number(...) | | main.rs:255:24:255:32 | my_number [MyNumber] | semmle.label | my_number [MyNumber] | subpaths -| main.rs:174:13:174:21 | my_number [MyNumber] | main.rs:156:18:156:21 | SelfParam [MyNumber] | main.rs:156:31:160:5 | { ... } | main.rs:175:14:175:34 | my_number.to_number(...) | -| main.rs:180:15:180:24 | &my_number [&ref, MyNumber] | main.rs:162:12:162:16 | SelfParam [&ref, MyNumber] | main.rs:162:26:166:5 | { ... } | main.rs:180:14:180:31 | ... .get(...) | -| main.rs:186:14:186:22 | my_number [MyNumber] | main.rs:162:12:162:16 | SelfParam [&ref, MyNumber] | main.rs:162:26:166:5 | { ... } | main.rs:186:14:186:28 | my_number.get(...) | -| main.rs:192:14:192:22 | my_number [&ref, MyNumber] | main.rs:156:18:156:21 | SelfParam [MyNumber] | main.rs:156:31:160:5 | { ... } | main.rs:192:14:192:34 | my_number.to_number(...) | +| main.rs:174:13:174:21 | my_number [MyNumber] | main.rs:156:18:156:21 | SelfParam [MyNumber] | main.rs:156:31:160:5 | { ... } | main.rs:175:14:175:34 | my_number.to_number() | +| main.rs:180:15:180:24 | &my_number [&ref, MyNumber] | main.rs:162:12:162:16 | SelfParam [&ref, MyNumber] | main.rs:162:26:166:5 | { ... } | main.rs:180:14:180:31 | ... .get() | +| main.rs:186:14:186:22 | my_number [MyNumber] | main.rs:162:12:162:16 | SelfParam [&ref, MyNumber] | main.rs:162:26:166:5 | { ... } | main.rs:186:14:186:28 | my_number.get() | +| main.rs:192:14:192:22 | my_number [&ref, MyNumber] | main.rs:156:18:156:21 | SelfParam [MyNumber] | main.rs:156:31:160:5 | { ... } | main.rs:192:14:192:34 | my_number.to_number() | | main.rs:210:20:210:29 | source(...) | main.rs:200:29:200:38 | ...: i64 | main.rs:200:16:200:26 | ...: ... [Return] [&ref] | main.rs:210:17:210:17 | [post] p [&ref] | | main.rs:218:25:218:34 | source(...) | main.rs:200:29:200:38 | ...: i64 | main.rs:200:16:200:26 | ...: ... [Return] [&ref] | main.rs:218:17:218:22 | [post] &mut n [&ref] | | main.rs:234:36:234:45 | source(...) | main.rs:228:37:228:47 | ...: i64 | main.rs:228:19:228:34 | ...: ... [Return] [&ref, MyNumber] | main.rs:234:20:234:33 | [post] &mut my_number [&ref, MyNumber] | -| main.rs:235:14:235:22 | my_number [MyNumber] | main.rs:162:12:162:16 | SelfParam [&ref, MyNumber] | main.rs:162:26:166:5 | { ... } | main.rs:235:14:235:28 | my_number.get(...) | -| main.rs:237:14:237:22 | my_number [MyNumber] | main.rs:162:12:162:16 | SelfParam [&ref, MyNumber] | main.rs:162:26:166:5 | { ... } | main.rs:237:14:237:28 | my_number.get(...) | +| main.rs:235:14:235:22 | my_number [MyNumber] | main.rs:162:12:162:16 | SelfParam [&ref, MyNumber] | main.rs:162:26:166:5 | { ... } | main.rs:235:14:235:28 | my_number.get() | +| main.rs:237:14:237:22 | my_number [MyNumber] | main.rs:162:12:162:16 | SelfParam [&ref, MyNumber] | main.rs:162:26:166:5 | { ... } | main.rs:237:14:237:28 | my_number.get() | | main.rs:243:23:243:32 | source(...) | main.rs:223:27:223:37 | ...: i64 | main.rs:223:16:223:24 | SelfParam [Return] [&ref, MyNumber] | main.rs:243:9:243:17 | [post] my_number [MyNumber] | | main.rs:244:24:244:32 | my_number [MyNumber] | main.rs:149:14:149:24 | ...: MyNumber [MyNumber] | main.rs:149:34:153:1 | { ... } | main.rs:244:14:244:33 | to_number(...) | | main.rs:246:24:246:32 | my_number [MyNumber] | main.rs:149:14:149:24 | ...: MyNumber [MyNumber] | main.rs:149:34:153:1 | { ... } | main.rs:246:14:246:33 | to_number(...) | @@ -287,14 +287,14 @@ testFailures | main.rs:74:14:74:15 | * ... | main.rs:73:14:73:23 | source(...) | main.rs:74:14:74:15 | * ... | $@ | main.rs:73:14:73:23 | source(...) | source(...) | | main.rs:106:14:106:15 | * ... | main.rs:105:14:105:23 | source(...) | main.rs:106:14:106:15 | * ... | $@ | main.rs:105:14:105:23 | source(...) | source(...) | | main.rs:113:14:113:15 | * ... | main.rs:112:25:112:34 | source(...) | main.rs:113:14:113:15 | * ... | $@ | main.rs:112:25:112:34 | source(...) | source(...) | -| main.rs:175:14:175:34 | my_number.to_number(...) | main.rs:174:44:174:53 | source(...) | main.rs:175:14:175:34 | my_number.to_number(...) | $@ | main.rs:174:44:174:53 | source(...) | source(...) | -| main.rs:180:14:180:31 | ... .get(...) | main.rs:179:44:179:53 | source(...) | main.rs:180:14:180:31 | ... .get(...) | $@ | main.rs:179:44:179:53 | source(...) | source(...) | -| main.rs:186:14:186:28 | my_number.get(...) | main.rs:184:44:184:53 | source(...) | main.rs:186:14:186:28 | my_number.get(...) | $@ | main.rs:184:44:184:53 | source(...) | source(...) | -| main.rs:192:14:192:34 | my_number.to_number(...) | main.rs:190:45:190:54 | source(...) | main.rs:192:14:192:34 | my_number.to_number(...) | $@ | main.rs:190:45:190:54 | source(...) | source(...) | +| main.rs:175:14:175:34 | my_number.to_number() | main.rs:174:44:174:53 | source(...) | main.rs:175:14:175:34 | my_number.to_number() | $@ | main.rs:174:44:174:53 | source(...) | source(...) | +| main.rs:180:14:180:31 | ... .get() | main.rs:179:44:179:53 | source(...) | main.rs:180:14:180:31 | ... .get() | $@ | main.rs:179:44:179:53 | source(...) | source(...) | +| main.rs:186:14:186:28 | my_number.get() | main.rs:184:44:184:53 | source(...) | main.rs:186:14:186:28 | my_number.get() | $@ | main.rs:184:44:184:53 | source(...) | source(...) | +| main.rs:192:14:192:34 | my_number.to_number() | main.rs:190:45:190:54 | source(...) | main.rs:192:14:192:34 | my_number.to_number() | $@ | main.rs:190:45:190:54 | source(...) | source(...) | | main.rs:211:14:211:15 | * ... | main.rs:210:20:210:29 | source(...) | main.rs:211:14:211:15 | * ... | $@ | main.rs:210:20:210:29 | source(...) | source(...) | | main.rs:219:14:219:14 | n | main.rs:218:25:218:34 | source(...) | main.rs:219:14:219:14 | n | $@ | main.rs:218:25:218:34 | source(...) | source(...) | -| main.rs:235:14:235:28 | my_number.get(...) | main.rs:234:36:234:45 | source(...) | main.rs:235:14:235:28 | my_number.get(...) | $@ | main.rs:234:36:234:45 | source(...) | source(...) | -| main.rs:237:14:237:28 | my_number.get(...) | main.rs:234:36:234:45 | source(...) | main.rs:237:14:237:28 | my_number.get(...) | $@ | main.rs:234:36:234:45 | source(...) | source(...) | +| main.rs:235:14:235:28 | my_number.get() | main.rs:234:36:234:45 | source(...) | main.rs:235:14:235:28 | my_number.get() | $@ | main.rs:234:36:234:45 | source(...) | source(...) | +| main.rs:237:14:237:28 | my_number.get() | main.rs:234:36:234:45 | source(...) | main.rs:237:14:237:28 | my_number.get() | $@ | main.rs:234:36:234:45 | source(...) | source(...) | | main.rs:244:14:244:33 | to_number(...) | main.rs:243:23:243:32 | source(...) | main.rs:244:14:244:33 | to_number(...) | $@ | main.rs:243:23:243:32 | source(...) | source(...) | | main.rs:246:14:246:33 | to_number(...) | main.rs:243:23:243:32 | source(...) | main.rs:246:14:246:33 | to_number(...) | $@ | main.rs:243:23:243:32 | source(...) | source(...) | | main.rs:253:14:253:33 | to_number(...) | main.rs:252:30:252:39 | source(...) | main.rs:253:14:253:33 | to_number(...) | $@ | main.rs:252:30:252:39 | source(...) | source(...) | diff --git a/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected b/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected index fc23e6254d5..08c883f1ec1 100644 --- a/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected +++ b/rust/ql/test/library-tests/dataflow/strings/inline-taint-flow.expected @@ -18,11 +18,11 @@ edges | main.rs:52:6:52:7 | s2 | main.rs:53:7:53:8 | s2 | provenance | | | main.rs:52:11:52:26 | ...::from(...) | main.rs:52:6:52:7 | s2 | provenance | | | main.rs:52:24:52:25 | s1 | main.rs:52:11:52:26 | ...::from(...) | provenance | MaD:2 | -| main.rs:57:6:57:7 | s1 | main.rs:58:11:58:24 | s1.to_string(...) | provenance | MaD:1 | +| main.rs:57:6:57:7 | s1 | main.rs:58:11:58:24 | s1.to_string() | provenance | MaD:1 | | main.rs:57:11:57:26 | source_slice(...) | main.rs:57:6:57:7 | s1 | provenance | | | main.rs:58:6:58:7 | s2 | main.rs:59:7:59:8 | s2 | provenance | | -| main.rs:58:11:58:24 | s1.to_string(...) | main.rs:58:6:58:7 | s2 | provenance | | -| main.rs:63:9:63:9 | s | main.rs:64:16:64:25 | s.as_str(...) | provenance | MaD:3 | +| main.rs:58:11:58:24 | s1.to_string() | main.rs:58:6:58:7 | s2 | provenance | | +| main.rs:63:9:63:9 | s | main.rs:64:16:64:25 | s.as_str() | provenance | MaD:3 | | main.rs:63:13:63:22 | source(...) | main.rs:63:9:63:9 | s | provenance | | | main.rs:68:9:68:9 | s | main.rs:70:34:70:61 | MacroExpr | provenance | | | main.rs:68:9:68:9 | s | main.rs:73:34:73:59 | MacroExpr | provenance | | @@ -71,11 +71,11 @@ nodes | main.rs:57:6:57:7 | s1 | semmle.label | s1 | | main.rs:57:11:57:26 | source_slice(...) | semmle.label | source_slice(...) | | main.rs:58:6:58:7 | s2 | semmle.label | s2 | -| main.rs:58:11:58:24 | s1.to_string(...) | semmle.label | s1.to_string(...) | +| main.rs:58:11:58:24 | s1.to_string() | semmle.label | s1.to_string() | | main.rs:59:7:59:8 | s2 | semmle.label | s2 | | main.rs:63:9:63:9 | s | semmle.label | s | | main.rs:63:13:63:22 | source(...) | semmle.label | source(...) | -| main.rs:64:16:64:25 | s.as_str(...) | semmle.label | s.as_str(...) | +| main.rs:64:16:64:25 | s.as_str() | semmle.label | s.as_str() | | main.rs:68:9:68:9 | s | semmle.label | s | | main.rs:68:13:68:22 | source(...) | semmle.label | source(...) | | main.rs:70:9:70:18 | formatted1 | semmle.label | formatted1 | @@ -113,7 +113,7 @@ testFailures | main.rs:38:10:38:11 | s4 | main.rs:32:14:32:23 | source(...) | main.rs:38:10:38:11 | s4 | $@ | main.rs:32:14:32:23 | source(...) | source(...) | | main.rs:53:7:53:8 | s2 | main.rs:51:11:51:26 | source_slice(...) | main.rs:53:7:53:8 | s2 | $@ | main.rs:51:11:51:26 | source_slice(...) | source_slice(...) | | main.rs:59:7:59:8 | s2 | main.rs:57:11:57:26 | source_slice(...) | main.rs:59:7:59:8 | s2 | $@ | main.rs:57:11:57:26 | source_slice(...) | source_slice(...) | -| main.rs:64:16:64:25 | s.as_str(...) | main.rs:63:13:63:22 | source(...) | main.rs:64:16:64:25 | s.as_str(...) | $@ | main.rs:63:13:63:22 | source(...) | source(...) | +| main.rs:64:16:64:25 | s.as_str() | main.rs:63:13:63:22 | source(...) | main.rs:64:16:64:25 | s.as_str() | $@ | main.rs:63:13:63:22 | source(...) | source(...) | | main.rs:71:10:71:19 | formatted1 | main.rs:68:13:68:22 | source(...) | main.rs:71:10:71:19 | formatted1 | $@ | main.rs:68:13:68:22 | source(...) | source(...) | | main.rs:74:10:74:19 | formatted2 | main.rs:68:13:68:22 | source(...) | main.rs:74:10:74:19 | formatted2 | $@ | main.rs:68:13:68:22 | source(...) | source(...) | | main.rs:78:10:78:19 | formatted3 | main.rs:76:17:76:32 | source_usize(...) | main.rs:78:10:78:19 | formatted3 | $@ | main.rs:76:17:76:32 | source_usize(...) | source_usize(...) | diff --git a/rust/ql/test/library-tests/type-inference/type-inference.expected b/rust/ql/test/library-tests/type-inference/type-inference.expected index e7788f014ca..7e8d0e4e73c 100644 --- a/rust/ql/test/library-tests/type-inference/type-inference.expected +++ b/rust/ql/test/library-tests/type-inference/type-inference.expected @@ -2,140 +2,140 @@ inferType | loop/main.rs:7:12:7:15 | SelfParam | | loop/main.rs:6:1:8:1 | Self [trait T1] | | loop/main.rs:11:12:11:15 | SelfParam | | loop/main.rs:10:1:14:1 | Self [trait T2] | | loop/main.rs:12:9:12:12 | self | | loop/main.rs:10:1:14:1 | Self [trait T2] | -| main.rs:26:13:26:13 | x | | main.rs:5:5:8:5 | struct MyThing | -| main.rs:26:17:26:32 | MyThing {...} | | main.rs:5:5:8:5 | struct MyThing | -| main.rs:26:30:26:30 | S | | main.rs:2:5:3:13 | struct S | -| main.rs:27:26:27:26 | x | | main.rs:5:5:8:5 | struct MyThing | -| main.rs:27:26:27:28 | x.a | | main.rs:2:5:3:13 | struct S | -| main.rs:32:13:32:13 | x | | main.rs:16:5:19:5 | struct GenericThing | -| main.rs:32:13:32:13 | x | A | main.rs:2:5:3:13 | struct S | -| main.rs:32:17:32:42 | GenericThing::<...> {...} | | main.rs:16:5:19:5 | struct GenericThing | -| main.rs:32:17:32:42 | GenericThing::<...> {...} | A | main.rs:2:5:3:13 | struct S | -| main.rs:32:40:32:40 | S | | main.rs:2:5:3:13 | struct S | -| main.rs:33:26:33:26 | x | | main.rs:16:5:19:5 | struct GenericThing | -| main.rs:33:26:33:26 | x | A | main.rs:2:5:3:13 | struct S | -| main.rs:33:26:33:28 | x.a | | main.rs:2:5:3:13 | struct S | -| main.rs:36:13:36:13 | y | | main.rs:16:5:19:5 | struct GenericThing | -| main.rs:36:13:36:13 | y | A | main.rs:2:5:3:13 | struct S | -| main.rs:36:17:36:37 | GenericThing {...} | | main.rs:16:5:19:5 | struct GenericThing | -| main.rs:36:17:36:37 | GenericThing {...} | A | main.rs:2:5:3:13 | struct S | -| main.rs:36:35:36:35 | S | | main.rs:2:5:3:13 | struct S | -| main.rs:37:26:37:26 | x | | main.rs:16:5:19:5 | struct GenericThing | -| main.rs:37:26:37:26 | x | A | main.rs:2:5:3:13 | struct S | -| main.rs:37:26:37:28 | x.a | | main.rs:2:5:3:13 | struct S | -| main.rs:41:13:41:13 | x | | main.rs:21:5:23:5 | struct OptionS | -| main.rs:41:17:43:9 | OptionS {...} | | main.rs:21:5:23:5 | struct OptionS | -| main.rs:42:16:42:33 | ...::MyNone(...) | | main.rs:10:5:14:5 | enum MyOption | -| main.rs:42:16:42:33 | ...::MyNone(...) | T | main.rs:2:5:3:13 | struct S | -| main.rs:44:26:44:26 | x | | main.rs:21:5:23:5 | struct OptionS | -| main.rs:44:26:44:28 | x.a | | main.rs:10:5:14:5 | enum MyOption | -| main.rs:44:26:44:28 | x.a | T | main.rs:2:5:3:13 | struct S | -| main.rs:47:13:47:13 | x | | main.rs:16:5:19:5 | struct GenericThing | -| main.rs:47:13:47:13 | x | A | main.rs:10:5:14:5 | enum MyOption | -| main.rs:47:13:47:13 | x | A.T | main.rs:2:5:3:13 | struct S | -| main.rs:47:17:49:9 | GenericThing::<...> {...} | | main.rs:16:5:19:5 | struct GenericThing | -| main.rs:47:17:49:9 | GenericThing::<...> {...} | A | main.rs:10:5:14:5 | enum MyOption | -| main.rs:47:17:49:9 | GenericThing::<...> {...} | A.T | main.rs:2:5:3:13 | struct S | -| main.rs:48:16:48:33 | ...::MyNone(...) | | main.rs:10:5:14:5 | enum MyOption | -| main.rs:48:16:48:33 | ...::MyNone(...) | T | main.rs:2:5:3:13 | struct S | -| main.rs:50:26:50:26 | x | | main.rs:16:5:19:5 | struct GenericThing | -| main.rs:50:26:50:26 | x | A | main.rs:10:5:14:5 | enum MyOption | -| main.rs:50:26:50:26 | x | A.T | main.rs:2:5:3:13 | struct S | -| main.rs:50:26:50:28 | x.a | | main.rs:10:5:14:5 | enum MyOption | -| main.rs:50:26:50:28 | x.a | T | main.rs:2:5:3:13 | struct S | -| main.rs:52:13:52:17 | mut x | | main.rs:16:5:19:5 | struct GenericThing | -| main.rs:52:13:52:17 | mut x | A | main.rs:10:5:14:5 | enum MyOption | -| main.rs:52:13:52:17 | mut x | A.T | main.rs:2:5:3:13 | struct S | -| main.rs:52:21:54:9 | GenericThing {...} | | main.rs:16:5:19:5 | struct GenericThing | -| main.rs:52:21:54:9 | GenericThing {...} | A | main.rs:10:5:14:5 | enum MyOption | -| main.rs:52:21:54:9 | GenericThing {...} | A.T | main.rs:2:5:3:13 | struct S | -| main.rs:53:16:53:33 | ...::MyNone(...) | | main.rs:10:5:14:5 | enum MyOption | -| main.rs:53:16:53:33 | ...::MyNone(...) | T | main.rs:2:5:3:13 | struct S | -| main.rs:56:13:56:13 | a | | main.rs:10:5:14:5 | enum MyOption | -| main.rs:56:13:56:13 | a | T | main.rs:2:5:3:13 | struct S | -| main.rs:56:30:56:30 | x | | main.rs:16:5:19:5 | struct GenericThing | -| main.rs:56:30:56:30 | x | A | main.rs:10:5:14:5 | enum MyOption | -| main.rs:56:30:56:30 | x | A.T | main.rs:2:5:3:13 | struct S | -| main.rs:56:30:56:32 | x.a | | main.rs:10:5:14:5 | enum MyOption | -| main.rs:56:30:56:32 | x.a | T | main.rs:2:5:3:13 | struct S | -| main.rs:57:26:57:26 | a | | main.rs:10:5:14:5 | enum MyOption | -| main.rs:57:26:57:26 | a | T | main.rs:2:5:3:13 | struct S | -| main.rs:70:19:70:22 | SelfParam | | main.rs:67:5:67:21 | struct Foo | -| main.rs:70:33:72:9 | { ... } | | main.rs:67:5:67:21 | struct Foo | -| main.rs:71:13:71:16 | self | | main.rs:67:5:67:21 | struct Foo | -| main.rs:74:19:74:22 | SelfParam | | main.rs:67:5:67:21 | struct Foo | -| main.rs:74:32:76:9 | { ... } | | main.rs:67:5:67:21 | struct Foo | -| main.rs:75:13:75:16 | self | | main.rs:67:5:67:21 | struct Foo | -| main.rs:79:23:84:5 | { ... } | | main.rs:67:5:67:21 | struct Foo | -| main.rs:81:13:81:13 | x | | main.rs:67:5:67:21 | struct Foo | -| main.rs:81:17:81:22 | Foo {...} | | main.rs:67:5:67:21 | struct Foo | -| main.rs:82:13:82:13 | y | | main.rs:67:5:67:21 | struct Foo | -| main.rs:82:20:82:25 | Foo {...} | | main.rs:67:5:67:21 | struct Foo | -| main.rs:83:9:83:9 | x | | main.rs:67:5:67:21 | struct Foo | -| main.rs:86:14:86:14 | x | | main.rs:67:5:67:21 | struct Foo | -| main.rs:86:22:86:22 | y | | main.rs:67:5:67:21 | struct Foo | -| main.rs:86:37:90:5 | { ... } | | main.rs:67:5:67:21 | struct Foo | -| main.rs:88:9:88:9 | x | | main.rs:67:5:67:21 | struct Foo | -| main.rs:88:9:88:14 | x.m1(...) | | main.rs:67:5:67:21 | struct Foo | -| main.rs:89:9:89:9 | y | | main.rs:67:5:67:21 | struct Foo | -| main.rs:89:9:89:14 | y.m2(...) | | main.rs:67:5:67:21 | struct Foo | -| main.rs:105:15:105:18 | SelfParam | | main.rs:94:5:97:5 | struct MyThing | -| main.rs:105:15:105:18 | SelfParam | A | main.rs:99:5:100:14 | struct S1 | -| main.rs:105:27:107:9 | { ... } | | main.rs:99:5:100:14 | struct S1 | -| main.rs:106:13:106:16 | self | | main.rs:94:5:97:5 | struct MyThing | -| main.rs:106:13:106:16 | self | A | main.rs:99:5:100:14 | struct S1 | -| main.rs:106:13:106:18 | self.a | | main.rs:99:5:100:14 | struct S1 | -| main.rs:111:15:111:18 | SelfParam | | main.rs:94:5:97:5 | struct MyThing | -| main.rs:111:15:111:18 | SelfParam | A | main.rs:101:5:102:14 | struct S2 | -| main.rs:111:29:113:9 | { ... } | | main.rs:94:5:97:5 | struct MyThing | -| main.rs:111:29:113:9 | { ... } | A | main.rs:101:5:102:14 | struct S2 | -| main.rs:112:13:112:30 | Self {...} | | main.rs:94:5:97:5 | struct MyThing | -| main.rs:112:13:112:30 | Self {...} | A | main.rs:101:5:102:14 | struct S2 | -| main.rs:112:23:112:26 | self | | main.rs:94:5:97:5 | struct MyThing | -| main.rs:112:23:112:26 | self | A | main.rs:101:5:102:14 | struct S2 | -| main.rs:112:23:112:28 | self.a | | main.rs:101:5:102:14 | struct S2 | -| main.rs:117:15:117:18 | SelfParam | | main.rs:94:5:97:5 | struct MyThing | +| main.rs:26:13:26:13 | x | | main.rs:5:5:8:5 | MyThing | +| main.rs:26:17:26:32 | MyThing {...} | | main.rs:5:5:8:5 | MyThing | +| main.rs:26:30:26:30 | S | | main.rs:2:5:3:13 | S | +| main.rs:27:26:27:26 | x | | main.rs:5:5:8:5 | MyThing | +| main.rs:27:26:27:28 | x.a | | main.rs:2:5:3:13 | S | +| main.rs:32:13:32:13 | x | | main.rs:16:5:19:5 | GenericThing | +| main.rs:32:13:32:13 | x | A | main.rs:2:5:3:13 | S | +| main.rs:32:17:32:42 | GenericThing::<...> {...} | | main.rs:16:5:19:5 | GenericThing | +| main.rs:32:17:32:42 | GenericThing::<...> {...} | A | main.rs:2:5:3:13 | S | +| main.rs:32:40:32:40 | S | | main.rs:2:5:3:13 | S | +| main.rs:33:26:33:26 | x | | main.rs:16:5:19:5 | GenericThing | +| main.rs:33:26:33:26 | x | A | main.rs:2:5:3:13 | S | +| main.rs:33:26:33:28 | x.a | | main.rs:2:5:3:13 | S | +| main.rs:36:13:36:13 | y | | main.rs:16:5:19:5 | GenericThing | +| main.rs:36:13:36:13 | y | A | main.rs:2:5:3:13 | S | +| main.rs:36:17:36:37 | GenericThing {...} | | main.rs:16:5:19:5 | GenericThing | +| main.rs:36:17:36:37 | GenericThing {...} | A | main.rs:2:5:3:13 | S | +| main.rs:36:35:36:35 | S | | main.rs:2:5:3:13 | S | +| main.rs:37:26:37:26 | x | | main.rs:16:5:19:5 | GenericThing | +| main.rs:37:26:37:26 | x | A | main.rs:2:5:3:13 | S | +| main.rs:37:26:37:28 | x.a | | main.rs:2:5:3:13 | S | +| main.rs:41:13:41:13 | x | | main.rs:21:5:23:5 | OptionS | +| main.rs:41:17:43:9 | OptionS {...} | | main.rs:21:5:23:5 | OptionS | +| main.rs:42:16:42:33 | ...::MyNone(...) | | main.rs:10:5:14:5 | MyOption | +| main.rs:42:16:42:33 | ...::MyNone(...) | T | main.rs:2:5:3:13 | S | +| main.rs:44:26:44:26 | x | | main.rs:21:5:23:5 | OptionS | +| main.rs:44:26:44:28 | x.a | | main.rs:10:5:14:5 | MyOption | +| main.rs:44:26:44:28 | x.a | T | main.rs:2:5:3:13 | S | +| main.rs:47:13:47:13 | x | | main.rs:16:5:19:5 | GenericThing | +| main.rs:47:13:47:13 | x | A | main.rs:10:5:14:5 | MyOption | +| main.rs:47:13:47:13 | x | A.T | main.rs:2:5:3:13 | S | +| main.rs:47:17:49:9 | GenericThing::<...> {...} | | main.rs:16:5:19:5 | GenericThing | +| main.rs:47:17:49:9 | GenericThing::<...> {...} | A | main.rs:10:5:14:5 | MyOption | +| main.rs:47:17:49:9 | GenericThing::<...> {...} | A.T | main.rs:2:5:3:13 | S | +| main.rs:48:16:48:33 | ...::MyNone(...) | | main.rs:10:5:14:5 | MyOption | +| main.rs:48:16:48:33 | ...::MyNone(...) | T | main.rs:2:5:3:13 | S | +| main.rs:50:26:50:26 | x | | main.rs:16:5:19:5 | GenericThing | +| main.rs:50:26:50:26 | x | A | main.rs:10:5:14:5 | MyOption | +| main.rs:50:26:50:26 | x | A.T | main.rs:2:5:3:13 | S | +| main.rs:50:26:50:28 | x.a | | main.rs:10:5:14:5 | MyOption | +| main.rs:50:26:50:28 | x.a | T | main.rs:2:5:3:13 | S | +| main.rs:52:13:52:17 | mut x | | main.rs:16:5:19:5 | GenericThing | +| main.rs:52:13:52:17 | mut x | A | main.rs:10:5:14:5 | MyOption | +| main.rs:52:13:52:17 | mut x | A.T | main.rs:2:5:3:13 | S | +| main.rs:52:21:54:9 | GenericThing {...} | | main.rs:16:5:19:5 | GenericThing | +| main.rs:52:21:54:9 | GenericThing {...} | A | main.rs:10:5:14:5 | MyOption | +| main.rs:52:21:54:9 | GenericThing {...} | A.T | main.rs:2:5:3:13 | S | +| main.rs:53:16:53:33 | ...::MyNone(...) | | main.rs:10:5:14:5 | MyOption | +| main.rs:53:16:53:33 | ...::MyNone(...) | T | main.rs:2:5:3:13 | S | +| main.rs:56:13:56:13 | a | | main.rs:10:5:14:5 | MyOption | +| main.rs:56:13:56:13 | a | T | main.rs:2:5:3:13 | S | +| main.rs:56:30:56:30 | x | | main.rs:16:5:19:5 | GenericThing | +| main.rs:56:30:56:30 | x | A | main.rs:10:5:14:5 | MyOption | +| main.rs:56:30:56:30 | x | A.T | main.rs:2:5:3:13 | S | +| main.rs:56:30:56:32 | x.a | | main.rs:10:5:14:5 | MyOption | +| main.rs:56:30:56:32 | x.a | T | main.rs:2:5:3:13 | S | +| main.rs:57:26:57:26 | a | | main.rs:10:5:14:5 | MyOption | +| main.rs:57:26:57:26 | a | T | main.rs:2:5:3:13 | S | +| main.rs:70:19:70:22 | SelfParam | | main.rs:67:5:67:21 | Foo | +| main.rs:70:33:72:9 | { ... } | | main.rs:67:5:67:21 | Foo | +| main.rs:71:13:71:16 | self | | main.rs:67:5:67:21 | Foo | +| main.rs:74:19:74:22 | SelfParam | | main.rs:67:5:67:21 | Foo | +| main.rs:74:32:76:9 | { ... } | | main.rs:67:5:67:21 | Foo | +| main.rs:75:13:75:16 | self | | main.rs:67:5:67:21 | Foo | +| main.rs:79:23:84:5 | { ... } | | main.rs:67:5:67:21 | Foo | +| main.rs:81:13:81:13 | x | | main.rs:67:5:67:21 | Foo | +| main.rs:81:17:81:22 | Foo {...} | | main.rs:67:5:67:21 | Foo | +| main.rs:82:13:82:13 | y | | main.rs:67:5:67:21 | Foo | +| main.rs:82:20:82:25 | Foo {...} | | main.rs:67:5:67:21 | Foo | +| main.rs:83:9:83:9 | x | | main.rs:67:5:67:21 | Foo | +| main.rs:86:14:86:14 | x | | main.rs:67:5:67:21 | Foo | +| main.rs:86:22:86:22 | y | | main.rs:67:5:67:21 | Foo | +| main.rs:86:37:90:5 | { ... } | | main.rs:67:5:67:21 | Foo | +| main.rs:88:9:88:9 | x | | main.rs:67:5:67:21 | Foo | +| main.rs:88:9:88:14 | x.m1() | | main.rs:67:5:67:21 | Foo | +| main.rs:89:9:89:9 | y | | main.rs:67:5:67:21 | Foo | +| main.rs:89:9:89:14 | y.m2() | | main.rs:67:5:67:21 | Foo | +| main.rs:105:15:105:18 | SelfParam | | main.rs:94:5:97:5 | MyThing | +| main.rs:105:15:105:18 | SelfParam | A | main.rs:99:5:100:14 | S1 | +| main.rs:105:27:107:9 | { ... } | | main.rs:99:5:100:14 | S1 | +| main.rs:106:13:106:16 | self | | main.rs:94:5:97:5 | MyThing | +| main.rs:106:13:106:16 | self | A | main.rs:99:5:100:14 | S1 | +| main.rs:106:13:106:18 | self.a | | main.rs:99:5:100:14 | S1 | +| main.rs:111:15:111:18 | SelfParam | | main.rs:94:5:97:5 | MyThing | +| main.rs:111:15:111:18 | SelfParam | A | main.rs:101:5:102:14 | S2 | +| main.rs:111:29:113:9 | { ... } | | main.rs:94:5:97:5 | MyThing | +| main.rs:111:29:113:9 | { ... } | A | main.rs:101:5:102:14 | S2 | +| main.rs:112:13:112:30 | Self {...} | | main.rs:94:5:97:5 | MyThing | +| main.rs:112:13:112:30 | Self {...} | A | main.rs:101:5:102:14 | S2 | +| main.rs:112:23:112:26 | self | | main.rs:94:5:97:5 | MyThing | +| main.rs:112:23:112:26 | self | A | main.rs:101:5:102:14 | S2 | +| main.rs:112:23:112:28 | self.a | | main.rs:101:5:102:14 | S2 | +| main.rs:117:15:117:18 | SelfParam | | main.rs:94:5:97:5 | MyThing | | main.rs:117:15:117:18 | SelfParam | A | main.rs:116:10:116:10 | T | | main.rs:117:26:119:9 | { ... } | | main.rs:116:10:116:10 | T | -| main.rs:118:13:118:16 | self | | main.rs:94:5:97:5 | struct MyThing | +| main.rs:118:13:118:16 | self | | main.rs:94:5:97:5 | MyThing | | main.rs:118:13:118:16 | self | A | main.rs:116:10:116:10 | T | | main.rs:118:13:118:18 | self.a | | main.rs:116:10:116:10 | T | -| main.rs:123:13:123:13 | x | | main.rs:94:5:97:5 | struct MyThing | -| main.rs:123:13:123:13 | x | A | main.rs:99:5:100:14 | struct S1 | -| main.rs:123:17:123:33 | MyThing {...} | | main.rs:94:5:97:5 | struct MyThing | -| main.rs:123:17:123:33 | MyThing {...} | A | main.rs:99:5:100:14 | struct S1 | -| main.rs:123:30:123:31 | S1 | | main.rs:99:5:100:14 | struct S1 | -| main.rs:124:13:124:13 | y | | main.rs:94:5:97:5 | struct MyThing | -| main.rs:124:13:124:13 | y | A | main.rs:101:5:102:14 | struct S2 | -| main.rs:124:17:124:33 | MyThing {...} | | main.rs:94:5:97:5 | struct MyThing | -| main.rs:124:17:124:33 | MyThing {...} | A | main.rs:101:5:102:14 | struct S2 | -| main.rs:124:30:124:31 | S2 | | main.rs:101:5:102:14 | struct S2 | -| main.rs:127:26:127:26 | x | | main.rs:94:5:97:5 | struct MyThing | -| main.rs:127:26:127:26 | x | A | main.rs:99:5:100:14 | struct S1 | -| main.rs:127:26:127:28 | x.a | | main.rs:99:5:100:14 | struct S1 | -| main.rs:128:26:128:26 | y | | main.rs:94:5:97:5 | struct MyThing | -| main.rs:128:26:128:26 | y | A | main.rs:101:5:102:14 | struct S2 | -| main.rs:128:26:128:28 | y.a | | main.rs:101:5:102:14 | struct S2 | -| main.rs:130:26:130:26 | x | | main.rs:94:5:97:5 | struct MyThing | -| main.rs:130:26:130:26 | x | A | main.rs:99:5:100:14 | struct S1 | -| main.rs:131:26:131:26 | y | | main.rs:94:5:97:5 | struct MyThing | -| main.rs:131:26:131:26 | y | A | main.rs:101:5:102:14 | struct S2 | -| main.rs:133:13:133:13 | x | | main.rs:94:5:97:5 | struct MyThing | -| main.rs:133:13:133:13 | x | A | main.rs:99:5:100:14 | struct S1 | -| main.rs:133:17:133:33 | MyThing {...} | | main.rs:94:5:97:5 | struct MyThing | -| main.rs:133:17:133:33 | MyThing {...} | A | main.rs:99:5:100:14 | struct S1 | -| main.rs:133:30:133:31 | S1 | | main.rs:99:5:100:14 | struct S1 | -| main.rs:134:13:134:13 | y | | main.rs:94:5:97:5 | struct MyThing | -| main.rs:134:13:134:13 | y | A | main.rs:101:5:102:14 | struct S2 | -| main.rs:134:17:134:33 | MyThing {...} | | main.rs:94:5:97:5 | struct MyThing | -| main.rs:134:17:134:33 | MyThing {...} | A | main.rs:101:5:102:14 | struct S2 | -| main.rs:134:30:134:31 | S2 | | main.rs:101:5:102:14 | struct S2 | -| main.rs:136:26:136:26 | x | | main.rs:94:5:97:5 | struct MyThing | -| main.rs:136:26:136:26 | x | A | main.rs:99:5:100:14 | struct S1 | -| main.rs:136:26:136:31 | x.m2(...) | | main.rs:99:5:100:14 | struct S1 | -| main.rs:137:26:137:26 | y | | main.rs:94:5:97:5 | struct MyThing | -| main.rs:137:26:137:26 | y | A | main.rs:101:5:102:14 | struct S2 | -| main.rs:137:26:137:31 | y.m2(...) | | main.rs:101:5:102:14 | struct S2 | +| main.rs:123:13:123:13 | x | | main.rs:94:5:97:5 | MyThing | +| main.rs:123:13:123:13 | x | A | main.rs:99:5:100:14 | S1 | +| main.rs:123:17:123:33 | MyThing {...} | | main.rs:94:5:97:5 | MyThing | +| main.rs:123:17:123:33 | MyThing {...} | A | main.rs:99:5:100:14 | S1 | +| main.rs:123:30:123:31 | S1 | | main.rs:99:5:100:14 | S1 | +| main.rs:124:13:124:13 | y | | main.rs:94:5:97:5 | MyThing | +| main.rs:124:13:124:13 | y | A | main.rs:101:5:102:14 | S2 | +| main.rs:124:17:124:33 | MyThing {...} | | main.rs:94:5:97:5 | MyThing | +| main.rs:124:17:124:33 | MyThing {...} | A | main.rs:101:5:102:14 | S2 | +| main.rs:124:30:124:31 | S2 | | main.rs:101:5:102:14 | S2 | +| main.rs:127:26:127:26 | x | | main.rs:94:5:97:5 | MyThing | +| main.rs:127:26:127:26 | x | A | main.rs:99:5:100:14 | S1 | +| main.rs:127:26:127:28 | x.a | | main.rs:99:5:100:14 | S1 | +| main.rs:128:26:128:26 | y | | main.rs:94:5:97:5 | MyThing | +| main.rs:128:26:128:26 | y | A | main.rs:101:5:102:14 | S2 | +| main.rs:128:26:128:28 | y.a | | main.rs:101:5:102:14 | S2 | +| main.rs:130:26:130:26 | x | | main.rs:94:5:97:5 | MyThing | +| main.rs:130:26:130:26 | x | A | main.rs:99:5:100:14 | S1 | +| main.rs:131:26:131:26 | y | | main.rs:94:5:97:5 | MyThing | +| main.rs:131:26:131:26 | y | A | main.rs:101:5:102:14 | S2 | +| main.rs:133:13:133:13 | x | | main.rs:94:5:97:5 | MyThing | +| main.rs:133:13:133:13 | x | A | main.rs:99:5:100:14 | S1 | +| main.rs:133:17:133:33 | MyThing {...} | | main.rs:94:5:97:5 | MyThing | +| main.rs:133:17:133:33 | MyThing {...} | A | main.rs:99:5:100:14 | S1 | +| main.rs:133:30:133:31 | S1 | | main.rs:99:5:100:14 | S1 | +| main.rs:134:13:134:13 | y | | main.rs:94:5:97:5 | MyThing | +| main.rs:134:13:134:13 | y | A | main.rs:101:5:102:14 | S2 | +| main.rs:134:17:134:33 | MyThing {...} | | main.rs:94:5:97:5 | MyThing | +| main.rs:134:17:134:33 | MyThing {...} | A | main.rs:101:5:102:14 | S2 | +| main.rs:134:30:134:31 | S2 | | main.rs:101:5:102:14 | S2 | +| main.rs:136:26:136:26 | x | | main.rs:94:5:97:5 | MyThing | +| main.rs:136:26:136:26 | x | A | main.rs:99:5:100:14 | S1 | +| main.rs:136:26:136:31 | x.m2() | | main.rs:99:5:100:14 | S1 | +| main.rs:137:26:137:26 | y | | main.rs:94:5:97:5 | MyThing | +| main.rs:137:26:137:26 | y | A | main.rs:101:5:102:14 | S2 | +| main.rs:137:26:137:31 | y.m2() | | main.rs:101:5:102:14 | S2 | | main.rs:153:15:153:18 | SelfParam | | main.rs:152:5:161:5 | Self [trait MyTrait] | | main.rs:155:15:155:18 | SelfParam | | main.rs:152:5:161:5 | Self [trait MyTrait] | | main.rs:158:9:160:9 | { ... } | | main.rs:152:5:161:5 | Self [trait MyTrait] | @@ -143,235 +143,235 @@ inferType | main.rs:163:43:163:43 | x | | main.rs:163:26:163:40 | T2 | | main.rs:163:56:165:5 | { ... } | | main.rs:163:22:163:23 | T1 | | main.rs:164:9:164:9 | x | | main.rs:163:26:163:40 | T2 | -| main.rs:164:9:164:14 | x.m1(...) | | main.rs:163:22:163:23 | T1 | -| main.rs:168:15:168:18 | SelfParam | | main.rs:142:5:145:5 | struct MyThing | -| main.rs:168:15:168:18 | SelfParam | A | main.rs:147:5:148:14 | struct S1 | -| main.rs:168:27:170:9 | { ... } | | main.rs:147:5:148:14 | struct S1 | -| main.rs:169:13:169:16 | self | | main.rs:142:5:145:5 | struct MyThing | -| main.rs:169:13:169:16 | self | A | main.rs:147:5:148:14 | struct S1 | -| main.rs:169:13:169:18 | self.a | | main.rs:147:5:148:14 | struct S1 | -| main.rs:174:15:174:18 | SelfParam | | main.rs:142:5:145:5 | struct MyThing | -| main.rs:174:15:174:18 | SelfParam | A | main.rs:149:5:150:14 | struct S2 | -| main.rs:174:29:176:9 | { ... } | | main.rs:142:5:145:5 | struct MyThing | -| main.rs:174:29:176:9 | { ... } | A | main.rs:149:5:150:14 | struct S2 | -| main.rs:175:13:175:30 | Self {...} | | main.rs:142:5:145:5 | struct MyThing | -| main.rs:175:13:175:30 | Self {...} | A | main.rs:149:5:150:14 | struct S2 | -| main.rs:175:23:175:26 | self | | main.rs:142:5:145:5 | struct MyThing | -| main.rs:175:23:175:26 | self | A | main.rs:149:5:150:14 | struct S2 | -| main.rs:175:23:175:28 | self.a | | main.rs:149:5:150:14 | struct S2 | -| main.rs:180:13:180:13 | x | | main.rs:142:5:145:5 | struct MyThing | -| main.rs:180:13:180:13 | x | A | main.rs:147:5:148:14 | struct S1 | -| main.rs:180:17:180:33 | MyThing {...} | | main.rs:142:5:145:5 | struct MyThing | -| main.rs:180:17:180:33 | MyThing {...} | A | main.rs:147:5:148:14 | struct S1 | -| main.rs:180:30:180:31 | S1 | | main.rs:147:5:148:14 | struct S1 | -| main.rs:181:13:181:13 | y | | main.rs:142:5:145:5 | struct MyThing | -| main.rs:181:13:181:13 | y | A | main.rs:149:5:150:14 | struct S2 | -| main.rs:181:17:181:33 | MyThing {...} | | main.rs:142:5:145:5 | struct MyThing | -| main.rs:181:17:181:33 | MyThing {...} | A | main.rs:149:5:150:14 | struct S2 | -| main.rs:181:30:181:31 | S2 | | main.rs:149:5:150:14 | struct S2 | -| main.rs:183:26:183:26 | x | | main.rs:142:5:145:5 | struct MyThing | -| main.rs:183:26:183:26 | x | A | main.rs:147:5:148:14 | struct S1 | -| main.rs:184:26:184:26 | y | | main.rs:142:5:145:5 | struct MyThing | -| main.rs:184:26:184:26 | y | A | main.rs:149:5:150:14 | struct S2 | -| main.rs:186:13:186:13 | x | | main.rs:142:5:145:5 | struct MyThing | -| main.rs:186:13:186:13 | x | A | main.rs:147:5:148:14 | struct S1 | -| main.rs:186:17:186:33 | MyThing {...} | | main.rs:142:5:145:5 | struct MyThing | -| main.rs:186:17:186:33 | MyThing {...} | A | main.rs:147:5:148:14 | struct S1 | -| main.rs:186:30:186:31 | S1 | | main.rs:147:5:148:14 | struct S1 | -| main.rs:187:13:187:13 | y | | main.rs:142:5:145:5 | struct MyThing | -| main.rs:187:13:187:13 | y | A | main.rs:149:5:150:14 | struct S2 | -| main.rs:187:17:187:33 | MyThing {...} | | main.rs:142:5:145:5 | struct MyThing | -| main.rs:187:17:187:33 | MyThing {...} | A | main.rs:149:5:150:14 | struct S2 | -| main.rs:187:30:187:31 | S2 | | main.rs:149:5:150:14 | struct S2 | -| main.rs:189:40:189:40 | x | | main.rs:142:5:145:5 | struct MyThing | -| main.rs:189:40:189:40 | x | A | main.rs:147:5:148:14 | struct S1 | -| main.rs:190:40:190:40 | y | | main.rs:142:5:145:5 | struct MyThing | -| main.rs:190:40:190:40 | y | A | main.rs:149:5:150:14 | struct S2 | +| main.rs:164:9:164:14 | x.m1() | | main.rs:163:22:163:23 | T1 | +| main.rs:168:15:168:18 | SelfParam | | main.rs:142:5:145:5 | MyThing | +| main.rs:168:15:168:18 | SelfParam | A | main.rs:147:5:148:14 | S1 | +| main.rs:168:27:170:9 | { ... } | | main.rs:147:5:148:14 | S1 | +| main.rs:169:13:169:16 | self | | main.rs:142:5:145:5 | MyThing | +| main.rs:169:13:169:16 | self | A | main.rs:147:5:148:14 | S1 | +| main.rs:169:13:169:18 | self.a | | main.rs:147:5:148:14 | S1 | +| main.rs:174:15:174:18 | SelfParam | | main.rs:142:5:145:5 | MyThing | +| main.rs:174:15:174:18 | SelfParam | A | main.rs:149:5:150:14 | S2 | +| main.rs:174:29:176:9 | { ... } | | main.rs:142:5:145:5 | MyThing | +| main.rs:174:29:176:9 | { ... } | A | main.rs:149:5:150:14 | S2 | +| main.rs:175:13:175:30 | Self {...} | | main.rs:142:5:145:5 | MyThing | +| main.rs:175:13:175:30 | Self {...} | A | main.rs:149:5:150:14 | S2 | +| main.rs:175:23:175:26 | self | | main.rs:142:5:145:5 | MyThing | +| main.rs:175:23:175:26 | self | A | main.rs:149:5:150:14 | S2 | +| main.rs:175:23:175:28 | self.a | | main.rs:149:5:150:14 | S2 | +| main.rs:180:13:180:13 | x | | main.rs:142:5:145:5 | MyThing | +| main.rs:180:13:180:13 | x | A | main.rs:147:5:148:14 | S1 | +| main.rs:180:17:180:33 | MyThing {...} | | main.rs:142:5:145:5 | MyThing | +| main.rs:180:17:180:33 | MyThing {...} | A | main.rs:147:5:148:14 | S1 | +| main.rs:180:30:180:31 | S1 | | main.rs:147:5:148:14 | S1 | +| main.rs:181:13:181:13 | y | | main.rs:142:5:145:5 | MyThing | +| main.rs:181:13:181:13 | y | A | main.rs:149:5:150:14 | S2 | +| main.rs:181:17:181:33 | MyThing {...} | | main.rs:142:5:145:5 | MyThing | +| main.rs:181:17:181:33 | MyThing {...} | A | main.rs:149:5:150:14 | S2 | +| main.rs:181:30:181:31 | S2 | | main.rs:149:5:150:14 | S2 | +| main.rs:183:26:183:26 | x | | main.rs:142:5:145:5 | MyThing | +| main.rs:183:26:183:26 | x | A | main.rs:147:5:148:14 | S1 | +| main.rs:184:26:184:26 | y | | main.rs:142:5:145:5 | MyThing | +| main.rs:184:26:184:26 | y | A | main.rs:149:5:150:14 | S2 | +| main.rs:186:13:186:13 | x | | main.rs:142:5:145:5 | MyThing | +| main.rs:186:13:186:13 | x | A | main.rs:147:5:148:14 | S1 | +| main.rs:186:17:186:33 | MyThing {...} | | main.rs:142:5:145:5 | MyThing | +| main.rs:186:17:186:33 | MyThing {...} | A | main.rs:147:5:148:14 | S1 | +| main.rs:186:30:186:31 | S1 | | main.rs:147:5:148:14 | S1 | +| main.rs:187:13:187:13 | y | | main.rs:142:5:145:5 | MyThing | +| main.rs:187:13:187:13 | y | A | main.rs:149:5:150:14 | S2 | +| main.rs:187:17:187:33 | MyThing {...} | | main.rs:142:5:145:5 | MyThing | +| main.rs:187:17:187:33 | MyThing {...} | A | main.rs:149:5:150:14 | S2 | +| main.rs:187:30:187:31 | S2 | | main.rs:149:5:150:14 | S2 | +| main.rs:189:40:189:40 | x | | main.rs:142:5:145:5 | MyThing | +| main.rs:189:40:189:40 | x | A | main.rs:147:5:148:14 | S1 | +| main.rs:190:40:190:40 | y | | main.rs:142:5:145:5 | MyThing | +| main.rs:190:40:190:40 | y | A | main.rs:149:5:150:14 | S2 | | main.rs:206:19:206:22 | SelfParam | | main.rs:205:5:207:5 | Self [trait FirstTrait] | | main.rs:210:19:210:22 | SelfParam | | main.rs:209:5:211:5 | Self [trait SecondTrait] | | main.rs:213:64:213:64 | x | | main.rs:213:45:213:61 | T | | main.rs:215:13:215:14 | s1 | | main.rs:213:35:213:42 | I | | main.rs:215:18:215:18 | x | | main.rs:213:45:213:61 | T | -| main.rs:215:18:215:27 | x.method(...) | | main.rs:213:35:213:42 | I | +| main.rs:215:18:215:27 | x.method() | | main.rs:213:35:213:42 | I | | main.rs:216:26:216:27 | s1 | | main.rs:213:35:213:42 | I | | main.rs:219:65:219:65 | x | | main.rs:219:46:219:62 | T | | main.rs:221:13:221:14 | s2 | | main.rs:219:36:219:43 | I | | main.rs:221:18:221:18 | x | | main.rs:219:46:219:62 | T | -| main.rs:221:18:221:27 | x.method(...) | | main.rs:219:36:219:43 | I | +| main.rs:221:18:221:27 | x.method() | | main.rs:219:36:219:43 | I | | main.rs:222:26:222:27 | s2 | | main.rs:219:36:219:43 | I | | main.rs:225:49:225:49 | x | | main.rs:225:30:225:46 | T | -| main.rs:226:13:226:13 | s | | main.rs:197:5:198:14 | struct S1 | +| main.rs:226:13:226:13 | s | | main.rs:197:5:198:14 | S1 | | main.rs:226:17:226:17 | x | | main.rs:225:30:225:46 | T | -| main.rs:226:17:226:26 | x.method(...) | | main.rs:197:5:198:14 | struct S1 | -| main.rs:227:26:227:26 | s | | main.rs:197:5:198:14 | struct S1 | +| main.rs:226:17:226:26 | x.method() | | main.rs:197:5:198:14 | S1 | +| main.rs:227:26:227:26 | s | | main.rs:197:5:198:14 | S1 | | main.rs:230:53:230:53 | x | | main.rs:230:34:230:50 | T | -| main.rs:231:13:231:13 | s | | main.rs:197:5:198:14 | struct S1 | +| main.rs:231:13:231:13 | s | | main.rs:197:5:198:14 | S1 | | main.rs:231:17:231:17 | x | | main.rs:230:34:230:50 | T | -| main.rs:231:17:231:26 | x.method(...) | | main.rs:197:5:198:14 | struct S1 | -| main.rs:232:26:232:26 | s | | main.rs:197:5:198:14 | struct S1 | +| main.rs:231:17:231:26 | x.method() | | main.rs:197:5:198:14 | S1 | +| main.rs:232:26:232:26 | s | | main.rs:197:5:198:14 | S1 | | main.rs:236:16:236:19 | SelfParam | | main.rs:235:5:239:5 | Self [trait Pair] | | main.rs:238:16:238:19 | SelfParam | | main.rs:235:5:239:5 | Self [trait Pair] | | main.rs:241:58:241:58 | x | | main.rs:241:41:241:55 | T | | main.rs:241:64:241:64 | y | | main.rs:241:41:241:55 | T | -| main.rs:243:13:243:14 | s1 | | main.rs:197:5:198:14 | struct S1 | +| main.rs:243:13:243:14 | s1 | | main.rs:197:5:198:14 | S1 | | main.rs:243:18:243:18 | x | | main.rs:241:41:241:55 | T | -| main.rs:243:18:243:24 | x.fst(...) | | main.rs:197:5:198:14 | struct S1 | -| main.rs:244:13:244:14 | s2 | | main.rs:200:5:201:14 | struct S2 | +| main.rs:243:18:243:24 | x.fst() | | main.rs:197:5:198:14 | S1 | +| main.rs:244:13:244:14 | s2 | | main.rs:200:5:201:14 | S2 | | main.rs:244:18:244:18 | y | | main.rs:241:41:241:55 | T | -| main.rs:244:18:244:24 | y.snd(...) | | main.rs:200:5:201:14 | struct S2 | -| main.rs:245:32:245:33 | s1 | | main.rs:197:5:198:14 | struct S1 | -| main.rs:245:36:245:37 | s2 | | main.rs:200:5:201:14 | struct S2 | +| main.rs:244:18:244:24 | y.snd() | | main.rs:200:5:201:14 | S2 | +| main.rs:245:32:245:33 | s1 | | main.rs:197:5:198:14 | S1 | +| main.rs:245:36:245:37 | s2 | | main.rs:200:5:201:14 | S2 | | main.rs:248:69:248:69 | x | | main.rs:248:52:248:66 | T | | main.rs:248:75:248:75 | y | | main.rs:248:52:248:66 | T | -| main.rs:250:13:250:14 | s1 | | main.rs:197:5:198:14 | struct S1 | +| main.rs:250:13:250:14 | s1 | | main.rs:197:5:198:14 | S1 | | main.rs:250:18:250:18 | x | | main.rs:248:52:248:66 | T | -| main.rs:250:18:250:24 | x.fst(...) | | main.rs:197:5:198:14 | struct S1 | +| main.rs:250:18:250:24 | x.fst() | | main.rs:197:5:198:14 | S1 | | main.rs:251:13:251:14 | s2 | | main.rs:248:41:248:49 | T2 | | main.rs:251:18:251:18 | y | | main.rs:248:52:248:66 | T | -| main.rs:251:18:251:24 | y.snd(...) | | main.rs:248:41:248:49 | T2 | -| main.rs:252:32:252:33 | s1 | | main.rs:197:5:198:14 | struct S1 | +| main.rs:251:18:251:24 | y.snd() | | main.rs:248:41:248:49 | T2 | +| main.rs:252:32:252:33 | s1 | | main.rs:197:5:198:14 | S1 | | main.rs:252:36:252:37 | s2 | | main.rs:248:41:248:49 | T2 | | main.rs:268:15:268:18 | SelfParam | | main.rs:267:5:276:5 | Self [trait MyTrait] | | main.rs:270:15:270:18 | SelfParam | | main.rs:267:5:276:5 | Self [trait MyTrait] | | main.rs:273:9:275:9 | { ... } | | main.rs:267:19:267:19 | A | | main.rs:274:13:274:16 | self | | main.rs:267:5:276:5 | Self [trait MyTrait] | -| main.rs:274:13:274:21 | self.m1(...) | | main.rs:267:19:267:19 | A | +| main.rs:274:13:274:21 | self.m1() | | main.rs:267:19:267:19 | A | | main.rs:279:43:279:43 | x | | main.rs:279:26:279:40 | T2 | | main.rs:279:56:281:5 | { ... } | | main.rs:279:22:279:23 | T1 | | main.rs:280:9:280:9 | x | | main.rs:279:26:279:40 | T2 | -| main.rs:280:9:280:14 | x.m1(...) | | main.rs:279:22:279:23 | T1 | -| main.rs:284:49:284:49 | x | | main.rs:257:5:260:5 | struct MyThing | +| main.rs:280:9:280:14 | x.m1() | | main.rs:279:22:279:23 | T1 | +| main.rs:284:49:284:49 | x | | main.rs:257:5:260:5 | MyThing | | main.rs:284:49:284:49 | x | T | main.rs:284:32:284:46 | T2 | | main.rs:284:71:286:5 | { ... } | | main.rs:284:28:284:29 | T1 | -| main.rs:285:9:285:9 | x | | main.rs:257:5:260:5 | struct MyThing | +| main.rs:285:9:285:9 | x | | main.rs:257:5:260:5 | MyThing | | main.rs:285:9:285:9 | x | T | main.rs:284:32:284:46 | T2 | | main.rs:285:9:285:11 | x.a | | main.rs:284:32:284:46 | T2 | -| main.rs:285:9:285:16 | ... .m1(...) | | main.rs:284:28:284:29 | T1 | -| main.rs:289:15:289:18 | SelfParam | | main.rs:257:5:260:5 | struct MyThing | +| main.rs:285:9:285:16 | ... .m1() | | main.rs:284:28:284:29 | T1 | +| main.rs:289:15:289:18 | SelfParam | | main.rs:257:5:260:5 | MyThing | | main.rs:289:15:289:18 | SelfParam | T | main.rs:288:10:288:10 | T | | main.rs:289:26:291:9 | { ... } | | main.rs:288:10:288:10 | T | -| main.rs:290:13:290:16 | self | | main.rs:257:5:260:5 | struct MyThing | +| main.rs:290:13:290:16 | self | | main.rs:257:5:260:5 | MyThing | | main.rs:290:13:290:16 | self | T | main.rs:288:10:288:10 | T | | main.rs:290:13:290:18 | self.a | | main.rs:288:10:288:10 | T | -| main.rs:295:13:295:13 | x | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:295:13:295:13 | x | T | main.rs:262:5:263:14 | struct S1 | -| main.rs:295:17:295:33 | MyThing {...} | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:295:17:295:33 | MyThing {...} | T | main.rs:262:5:263:14 | struct S1 | -| main.rs:295:30:295:31 | S1 | | main.rs:262:5:263:14 | struct S1 | -| main.rs:296:13:296:13 | y | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:296:13:296:13 | y | T | main.rs:264:5:265:14 | struct S2 | -| main.rs:296:17:296:33 | MyThing {...} | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:296:17:296:33 | MyThing {...} | T | main.rs:264:5:265:14 | struct S2 | -| main.rs:296:30:296:31 | S2 | | main.rs:264:5:265:14 | struct S2 | -| main.rs:298:26:298:26 | x | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:298:26:298:26 | x | T | main.rs:262:5:263:14 | struct S1 | -| main.rs:298:26:298:31 | x.m1(...) | | main.rs:262:5:263:14 | struct S1 | -| main.rs:299:26:299:26 | y | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:299:26:299:26 | y | T | main.rs:264:5:265:14 | struct S2 | -| main.rs:299:26:299:31 | y.m1(...) | | main.rs:264:5:265:14 | struct S2 | -| main.rs:301:13:301:13 | x | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:301:13:301:13 | x | T | main.rs:262:5:263:14 | struct S1 | -| main.rs:301:17:301:33 | MyThing {...} | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:301:17:301:33 | MyThing {...} | T | main.rs:262:5:263:14 | struct S1 | -| main.rs:301:30:301:31 | S1 | | main.rs:262:5:263:14 | struct S1 | -| main.rs:302:13:302:13 | y | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:302:13:302:13 | y | T | main.rs:264:5:265:14 | struct S2 | -| main.rs:302:17:302:33 | MyThing {...} | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:302:17:302:33 | MyThing {...} | T | main.rs:264:5:265:14 | struct S2 | -| main.rs:302:30:302:31 | S2 | | main.rs:264:5:265:14 | struct S2 | -| main.rs:304:26:304:26 | x | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:304:26:304:26 | x | T | main.rs:262:5:263:14 | struct S1 | -| main.rs:304:26:304:31 | x.m2(...) | | main.rs:262:5:263:14 | struct S1 | -| main.rs:305:26:305:26 | y | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:305:26:305:26 | y | T | main.rs:264:5:265:14 | struct S2 | -| main.rs:305:26:305:31 | y.m2(...) | | main.rs:264:5:265:14 | struct S2 | -| main.rs:307:13:307:14 | x2 | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:307:13:307:14 | x2 | T | main.rs:262:5:263:14 | struct S1 | -| main.rs:307:18:307:34 | MyThing {...} | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:307:18:307:34 | MyThing {...} | T | main.rs:262:5:263:14 | struct S1 | -| main.rs:307:31:307:32 | S1 | | main.rs:262:5:263:14 | struct S1 | -| main.rs:308:13:308:14 | y2 | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:308:13:308:14 | y2 | T | main.rs:264:5:265:14 | struct S2 | -| main.rs:308:18:308:34 | MyThing {...} | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:308:18:308:34 | MyThing {...} | T | main.rs:264:5:265:14 | struct S2 | -| main.rs:308:31:308:32 | S2 | | main.rs:264:5:265:14 | struct S2 | -| main.rs:310:26:310:42 | call_trait_m1(...) | | main.rs:262:5:263:14 | struct S1 | -| main.rs:310:40:310:41 | x2 | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:310:40:310:41 | x2 | T | main.rs:262:5:263:14 | struct S1 | -| main.rs:311:26:311:42 | call_trait_m1(...) | | main.rs:264:5:265:14 | struct S2 | -| main.rs:311:40:311:41 | y2 | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:311:40:311:41 | y2 | T | main.rs:264:5:265:14 | struct S2 | -| main.rs:313:13:313:14 | x3 | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:313:13:313:14 | x3 | T | main.rs:257:5:260:5 | struct MyThing | -| main.rs:313:13:313:14 | x3 | T.T | main.rs:262:5:263:14 | struct S1 | -| main.rs:313:18:315:9 | MyThing {...} | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:313:18:315:9 | MyThing {...} | T | main.rs:257:5:260:5 | struct MyThing | -| main.rs:313:18:315:9 | MyThing {...} | T.T | main.rs:262:5:263:14 | struct S1 | -| main.rs:314:16:314:32 | MyThing {...} | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:314:16:314:32 | MyThing {...} | T | main.rs:262:5:263:14 | struct S1 | -| main.rs:314:29:314:30 | S1 | | main.rs:262:5:263:14 | struct S1 | -| main.rs:316:13:316:14 | y3 | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:316:13:316:14 | y3 | T | main.rs:257:5:260:5 | struct MyThing | -| main.rs:316:13:316:14 | y3 | T.T | main.rs:264:5:265:14 | struct S2 | -| main.rs:316:18:318:9 | MyThing {...} | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:316:18:318:9 | MyThing {...} | T | main.rs:257:5:260:5 | struct MyThing | -| main.rs:316:18:318:9 | MyThing {...} | T.T | main.rs:264:5:265:14 | struct S2 | -| main.rs:317:16:317:32 | MyThing {...} | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:317:16:317:32 | MyThing {...} | T | main.rs:264:5:265:14 | struct S2 | -| main.rs:317:29:317:30 | S2 | | main.rs:264:5:265:14 | struct S2 | -| main.rs:320:26:320:48 | call_trait_thing_m1(...) | | main.rs:262:5:263:14 | struct S1 | -| main.rs:320:46:320:47 | x3 | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:320:46:320:47 | x3 | T | main.rs:257:5:260:5 | struct MyThing | -| main.rs:320:46:320:47 | x3 | T.T | main.rs:262:5:263:14 | struct S1 | -| main.rs:321:26:321:48 | call_trait_thing_m1(...) | | main.rs:264:5:265:14 | struct S2 | -| main.rs:321:46:321:47 | y3 | | main.rs:257:5:260:5 | struct MyThing | -| main.rs:321:46:321:47 | y3 | T | main.rs:257:5:260:5 | struct MyThing | -| main.rs:321:46:321:47 | y3 | T.T | main.rs:264:5:265:14 | struct S2 | +| main.rs:295:13:295:13 | x | | main.rs:257:5:260:5 | MyThing | +| main.rs:295:13:295:13 | x | T | main.rs:262:5:263:14 | S1 | +| main.rs:295:17:295:33 | MyThing {...} | | main.rs:257:5:260:5 | MyThing | +| main.rs:295:17:295:33 | MyThing {...} | T | main.rs:262:5:263:14 | S1 | +| main.rs:295:30:295:31 | S1 | | main.rs:262:5:263:14 | S1 | +| main.rs:296:13:296:13 | y | | main.rs:257:5:260:5 | MyThing | +| main.rs:296:13:296:13 | y | T | main.rs:264:5:265:14 | S2 | +| main.rs:296:17:296:33 | MyThing {...} | | main.rs:257:5:260:5 | MyThing | +| main.rs:296:17:296:33 | MyThing {...} | T | main.rs:264:5:265:14 | S2 | +| main.rs:296:30:296:31 | S2 | | main.rs:264:5:265:14 | S2 | +| main.rs:298:26:298:26 | x | | main.rs:257:5:260:5 | MyThing | +| main.rs:298:26:298:26 | x | T | main.rs:262:5:263:14 | S1 | +| main.rs:298:26:298:31 | x.m1() | | main.rs:262:5:263:14 | S1 | +| main.rs:299:26:299:26 | y | | main.rs:257:5:260:5 | MyThing | +| main.rs:299:26:299:26 | y | T | main.rs:264:5:265:14 | S2 | +| main.rs:299:26:299:31 | y.m1() | | main.rs:264:5:265:14 | S2 | +| main.rs:301:13:301:13 | x | | main.rs:257:5:260:5 | MyThing | +| main.rs:301:13:301:13 | x | T | main.rs:262:5:263:14 | S1 | +| main.rs:301:17:301:33 | MyThing {...} | | main.rs:257:5:260:5 | MyThing | +| main.rs:301:17:301:33 | MyThing {...} | T | main.rs:262:5:263:14 | S1 | +| main.rs:301:30:301:31 | S1 | | main.rs:262:5:263:14 | S1 | +| main.rs:302:13:302:13 | y | | main.rs:257:5:260:5 | MyThing | +| main.rs:302:13:302:13 | y | T | main.rs:264:5:265:14 | S2 | +| main.rs:302:17:302:33 | MyThing {...} | | main.rs:257:5:260:5 | MyThing | +| main.rs:302:17:302:33 | MyThing {...} | T | main.rs:264:5:265:14 | S2 | +| main.rs:302:30:302:31 | S2 | | main.rs:264:5:265:14 | S2 | +| main.rs:304:26:304:26 | x | | main.rs:257:5:260:5 | MyThing | +| main.rs:304:26:304:26 | x | T | main.rs:262:5:263:14 | S1 | +| main.rs:304:26:304:31 | x.m2() | | main.rs:262:5:263:14 | S1 | +| main.rs:305:26:305:26 | y | | main.rs:257:5:260:5 | MyThing | +| main.rs:305:26:305:26 | y | T | main.rs:264:5:265:14 | S2 | +| main.rs:305:26:305:31 | y.m2() | | main.rs:264:5:265:14 | S2 | +| main.rs:307:13:307:14 | x2 | | main.rs:257:5:260:5 | MyThing | +| main.rs:307:13:307:14 | x2 | T | main.rs:262:5:263:14 | S1 | +| main.rs:307:18:307:34 | MyThing {...} | | main.rs:257:5:260:5 | MyThing | +| main.rs:307:18:307:34 | MyThing {...} | T | main.rs:262:5:263:14 | S1 | +| main.rs:307:31:307:32 | S1 | | main.rs:262:5:263:14 | S1 | +| main.rs:308:13:308:14 | y2 | | main.rs:257:5:260:5 | MyThing | +| main.rs:308:13:308:14 | y2 | T | main.rs:264:5:265:14 | S2 | +| main.rs:308:18:308:34 | MyThing {...} | | main.rs:257:5:260:5 | MyThing | +| main.rs:308:18:308:34 | MyThing {...} | T | main.rs:264:5:265:14 | S2 | +| main.rs:308:31:308:32 | S2 | | main.rs:264:5:265:14 | S2 | +| main.rs:310:26:310:42 | call_trait_m1(...) | | main.rs:262:5:263:14 | S1 | +| main.rs:310:40:310:41 | x2 | | main.rs:257:5:260:5 | MyThing | +| main.rs:310:40:310:41 | x2 | T | main.rs:262:5:263:14 | S1 | +| main.rs:311:26:311:42 | call_trait_m1(...) | | main.rs:264:5:265:14 | S2 | +| main.rs:311:40:311:41 | y2 | | main.rs:257:5:260:5 | MyThing | +| main.rs:311:40:311:41 | y2 | T | main.rs:264:5:265:14 | S2 | +| main.rs:313:13:313:14 | x3 | | main.rs:257:5:260:5 | MyThing | +| main.rs:313:13:313:14 | x3 | T | main.rs:257:5:260:5 | MyThing | +| main.rs:313:13:313:14 | x3 | T.T | main.rs:262:5:263:14 | S1 | +| main.rs:313:18:315:9 | MyThing {...} | | main.rs:257:5:260:5 | MyThing | +| main.rs:313:18:315:9 | MyThing {...} | T | main.rs:257:5:260:5 | MyThing | +| main.rs:313:18:315:9 | MyThing {...} | T.T | main.rs:262:5:263:14 | S1 | +| main.rs:314:16:314:32 | MyThing {...} | | main.rs:257:5:260:5 | MyThing | +| main.rs:314:16:314:32 | MyThing {...} | T | main.rs:262:5:263:14 | S1 | +| main.rs:314:29:314:30 | S1 | | main.rs:262:5:263:14 | S1 | +| main.rs:316:13:316:14 | y3 | | main.rs:257:5:260:5 | MyThing | +| main.rs:316:13:316:14 | y3 | T | main.rs:257:5:260:5 | MyThing | +| main.rs:316:13:316:14 | y3 | T.T | main.rs:264:5:265:14 | S2 | +| main.rs:316:18:318:9 | MyThing {...} | | main.rs:257:5:260:5 | MyThing | +| main.rs:316:18:318:9 | MyThing {...} | T | main.rs:257:5:260:5 | MyThing | +| main.rs:316:18:318:9 | MyThing {...} | T.T | main.rs:264:5:265:14 | S2 | +| main.rs:317:16:317:32 | MyThing {...} | | main.rs:257:5:260:5 | MyThing | +| main.rs:317:16:317:32 | MyThing {...} | T | main.rs:264:5:265:14 | S2 | +| main.rs:317:29:317:30 | S2 | | main.rs:264:5:265:14 | S2 | +| main.rs:320:26:320:48 | call_trait_thing_m1(...) | | main.rs:262:5:263:14 | S1 | +| main.rs:320:46:320:47 | x3 | | main.rs:257:5:260:5 | MyThing | +| main.rs:320:46:320:47 | x3 | T | main.rs:257:5:260:5 | MyThing | +| main.rs:320:46:320:47 | x3 | T.T | main.rs:262:5:263:14 | S1 | +| main.rs:321:26:321:48 | call_trait_thing_m1(...) | | main.rs:264:5:265:14 | S2 | +| main.rs:321:46:321:47 | y3 | | main.rs:257:5:260:5 | MyThing | +| main.rs:321:46:321:47 | y3 | T | main.rs:257:5:260:5 | MyThing | +| main.rs:321:46:321:47 | y3 | T.T | main.rs:264:5:265:14 | S2 | | main.rs:329:15:329:18 | SelfParam | | main.rs:326:5:338:5 | Self [trait MyTrait] | | main.rs:331:15:331:18 | SelfParam | | main.rs:326:5:338:5 | Self [trait MyTrait] | -| main.rs:346:15:346:18 | SelfParam | | main.rs:340:5:341:13 | struct S | -| main.rs:346:45:348:9 | { ... } | | main.rs:340:5:341:13 | struct S | -| main.rs:347:13:347:13 | S | | main.rs:340:5:341:13 | struct S | -| main.rs:352:13:352:13 | x | | main.rs:340:5:341:13 | struct S | -| main.rs:352:17:352:17 | S | | main.rs:340:5:341:13 | struct S | -| main.rs:353:26:353:26 | x | | main.rs:340:5:341:13 | struct S | -| main.rs:353:26:353:31 | x.m1(...) | | main.rs:340:5:341:13 | struct S | -| main.rs:355:13:355:13 | x | | main.rs:340:5:341:13 | struct S | -| main.rs:355:17:355:17 | S | | main.rs:340:5:341:13 | struct S | -| main.rs:356:26:356:26 | x | | main.rs:340:5:341:13 | struct S | -| main.rs:373:15:373:18 | SelfParam | | main.rs:361:5:365:5 | enum MyEnum | +| main.rs:346:15:346:18 | SelfParam | | main.rs:340:5:341:13 | S | +| main.rs:346:45:348:9 | { ... } | | main.rs:340:5:341:13 | S | +| main.rs:347:13:347:13 | S | | main.rs:340:5:341:13 | S | +| main.rs:352:13:352:13 | x | | main.rs:340:5:341:13 | S | +| main.rs:352:17:352:17 | S | | main.rs:340:5:341:13 | S | +| main.rs:353:26:353:26 | x | | main.rs:340:5:341:13 | S | +| main.rs:353:26:353:31 | x.m1() | | main.rs:340:5:341:13 | S | +| main.rs:355:13:355:13 | x | | main.rs:340:5:341:13 | S | +| main.rs:355:17:355:17 | S | | main.rs:340:5:341:13 | S | +| main.rs:356:26:356:26 | x | | main.rs:340:5:341:13 | S | +| main.rs:373:15:373:18 | SelfParam | | main.rs:361:5:365:5 | MyEnum | | main.rs:373:15:373:18 | SelfParam | A | main.rs:372:10:372:10 | T | | main.rs:373:26:378:9 | { ... } | | main.rs:372:10:372:10 | T | | main.rs:374:13:377:13 | match self { ... } | | main.rs:372:10:372:10 | T | -| main.rs:374:19:374:22 | self | | main.rs:361:5:365:5 | enum MyEnum | +| main.rs:374:19:374:22 | self | | main.rs:361:5:365:5 | MyEnum | | main.rs:374:19:374:22 | self | A | main.rs:372:10:372:10 | T | | main.rs:375:28:375:28 | a | | main.rs:372:10:372:10 | T | | main.rs:375:34:375:34 | a | | main.rs:372:10:372:10 | T | | main.rs:376:30:376:30 | a | | main.rs:372:10:372:10 | T | | main.rs:376:37:376:37 | a | | main.rs:372:10:372:10 | T | -| main.rs:382:13:382:13 | x | | main.rs:361:5:365:5 | enum MyEnum | -| main.rs:382:13:382:13 | x | A | main.rs:367:5:368:14 | struct S1 | -| main.rs:382:17:382:30 | ...::C1(...) | | main.rs:361:5:365:5 | enum MyEnum | -| main.rs:382:17:382:30 | ...::C1(...) | A | main.rs:367:5:368:14 | struct S1 | -| main.rs:382:28:382:29 | S1 | | main.rs:367:5:368:14 | struct S1 | -| main.rs:383:13:383:13 | y | | main.rs:361:5:365:5 | enum MyEnum | -| main.rs:383:13:383:13 | y | A | main.rs:369:5:370:14 | struct S2 | -| main.rs:383:17:383:36 | ...::C2 {...} | | main.rs:361:5:365:5 | enum MyEnum | -| main.rs:383:17:383:36 | ...::C2 {...} | A | main.rs:369:5:370:14 | struct S2 | -| main.rs:383:33:383:34 | S2 | | main.rs:369:5:370:14 | struct S2 | -| main.rs:385:26:385:26 | x | | main.rs:361:5:365:5 | enum MyEnum | -| main.rs:385:26:385:26 | x | A | main.rs:367:5:368:14 | struct S1 | -| main.rs:385:26:385:31 | x.m1(...) | | main.rs:367:5:368:14 | struct S1 | -| main.rs:386:26:386:26 | y | | main.rs:361:5:365:5 | enum MyEnum | -| main.rs:386:26:386:26 | y | A | main.rs:369:5:370:14 | struct S2 | -| main.rs:386:26:386:31 | y.m1(...) | | main.rs:369:5:370:14 | struct S2 | +| main.rs:382:13:382:13 | x | | main.rs:361:5:365:5 | MyEnum | +| main.rs:382:13:382:13 | x | A | main.rs:367:5:368:14 | S1 | +| main.rs:382:17:382:30 | ...::C1(...) | | main.rs:361:5:365:5 | MyEnum | +| main.rs:382:17:382:30 | ...::C1(...) | A | main.rs:367:5:368:14 | S1 | +| main.rs:382:28:382:29 | S1 | | main.rs:367:5:368:14 | S1 | +| main.rs:383:13:383:13 | y | | main.rs:361:5:365:5 | MyEnum | +| main.rs:383:13:383:13 | y | A | main.rs:369:5:370:14 | S2 | +| main.rs:383:17:383:36 | ...::C2 {...} | | main.rs:361:5:365:5 | MyEnum | +| main.rs:383:17:383:36 | ...::C2 {...} | A | main.rs:369:5:370:14 | S2 | +| main.rs:383:33:383:34 | S2 | | main.rs:369:5:370:14 | S2 | +| main.rs:385:26:385:26 | x | | main.rs:361:5:365:5 | MyEnum | +| main.rs:385:26:385:26 | x | A | main.rs:367:5:368:14 | S1 | +| main.rs:385:26:385:31 | x.m1() | | main.rs:367:5:368:14 | S1 | +| main.rs:386:26:386:26 | y | | main.rs:361:5:365:5 | MyEnum | +| main.rs:386:26:386:26 | y | A | main.rs:369:5:370:14 | S2 | +| main.rs:386:26:386:31 | y.m1() | | main.rs:369:5:370:14 | S2 | | main.rs:407:15:407:18 | SelfParam | | main.rs:406:5:408:5 | Self [trait MyTrait1] | | main.rs:411:15:411:18 | SelfParam | | main.rs:410:5:421:5 | Self [trait MyTrait2] | | main.rs:414:9:420:9 | { ... } | | main.rs:410:20:410:22 | Tr2 | | main.rs:415:13:419:13 | if ... {...} else {...} | | main.rs:410:20:410:22 | Tr2 | | main.rs:415:26:417:13 | { ... } | | main.rs:410:20:410:22 | Tr2 | | main.rs:416:17:416:20 | self | | main.rs:410:5:421:5 | Self [trait MyTrait2] | -| main.rs:416:17:416:25 | self.m1(...) | | main.rs:410:20:410:22 | Tr2 | +| main.rs:416:17:416:25 | self.m1() | | main.rs:410:20:410:22 | Tr2 | | main.rs:417:20:419:13 | { ... } | | main.rs:410:20:410:22 | Tr2 | | main.rs:418:17:418:30 | ...::m1(...) | | main.rs:410:20:410:22 | Tr2 | | main.rs:418:26:418:29 | self | | main.rs:410:5:421:5 | Self [trait MyTrait2] | @@ -380,147 +380,147 @@ inferType | main.rs:428:13:432:13 | if ... {...} else {...} | | main.rs:423:20:423:22 | Tr3 | | main.rs:428:26:430:13 | { ... } | | main.rs:423:20:423:22 | Tr3 | | main.rs:429:17:429:20 | self | | main.rs:423:5:434:5 | Self [trait MyTrait3] | -| main.rs:429:17:429:25 | self.m2(...) | | main.rs:391:5:394:5 | struct MyThing | -| main.rs:429:17:429:25 | self.m2(...) | A | main.rs:423:20:423:22 | Tr3 | +| main.rs:429:17:429:25 | self.m2() | | main.rs:391:5:394:5 | MyThing | +| main.rs:429:17:429:25 | self.m2() | A | main.rs:423:20:423:22 | Tr3 | | main.rs:429:17:429:27 | ... .a | | main.rs:423:20:423:22 | Tr3 | | main.rs:430:20:432:13 | { ... } | | main.rs:423:20:423:22 | Tr3 | -| main.rs:431:17:431:30 | ...::m2(...) | | main.rs:391:5:394:5 | struct MyThing | +| main.rs:431:17:431:30 | ...::m2(...) | | main.rs:391:5:394:5 | MyThing | | main.rs:431:17:431:30 | ...::m2(...) | A | main.rs:423:20:423:22 | Tr3 | | main.rs:431:17:431:32 | ... .a | | main.rs:423:20:423:22 | Tr3 | | main.rs:431:26:431:29 | self | | main.rs:423:5:434:5 | Self [trait MyTrait3] | -| main.rs:437:15:437:18 | SelfParam | | main.rs:391:5:394:5 | struct MyThing | +| main.rs:437:15:437:18 | SelfParam | | main.rs:391:5:394:5 | MyThing | | main.rs:437:15:437:18 | SelfParam | A | main.rs:436:10:436:10 | T | | main.rs:437:26:439:9 | { ... } | | main.rs:436:10:436:10 | T | -| main.rs:438:13:438:16 | self | | main.rs:391:5:394:5 | struct MyThing | +| main.rs:438:13:438:16 | self | | main.rs:391:5:394:5 | MyThing | | main.rs:438:13:438:16 | self | A | main.rs:436:10:436:10 | T | | main.rs:438:13:438:18 | self.a | | main.rs:436:10:436:10 | T | -| main.rs:445:15:445:18 | SelfParam | | main.rs:396:5:399:5 | struct MyThing2 | +| main.rs:445:15:445:18 | SelfParam | | main.rs:396:5:399:5 | MyThing2 | | main.rs:445:15:445:18 | SelfParam | A | main.rs:444:10:444:10 | T | -| main.rs:445:35:447:9 | { ... } | | main.rs:391:5:394:5 | struct MyThing | +| main.rs:445:35:447:9 | { ... } | | main.rs:391:5:394:5 | MyThing | | main.rs:445:35:447:9 | { ... } | A | main.rs:444:10:444:10 | T | -| main.rs:446:13:446:33 | MyThing {...} | | main.rs:391:5:394:5 | struct MyThing | +| main.rs:446:13:446:33 | MyThing {...} | | main.rs:391:5:394:5 | MyThing | | main.rs:446:13:446:33 | MyThing {...} | A | main.rs:444:10:444:10 | T | -| main.rs:446:26:446:29 | self | | main.rs:396:5:399:5 | struct MyThing2 | +| main.rs:446:26:446:29 | self | | main.rs:396:5:399:5 | MyThing2 | | main.rs:446:26:446:29 | self | A | main.rs:444:10:444:10 | T | | main.rs:446:26:446:31 | self.a | | main.rs:444:10:444:10 | T | -| main.rs:455:13:455:13 | x | | main.rs:391:5:394:5 | struct MyThing | -| main.rs:455:13:455:13 | x | A | main.rs:401:5:402:14 | struct S1 | -| main.rs:455:17:455:33 | MyThing {...} | | main.rs:391:5:394:5 | struct MyThing | -| main.rs:455:17:455:33 | MyThing {...} | A | main.rs:401:5:402:14 | struct S1 | -| main.rs:455:30:455:31 | S1 | | main.rs:401:5:402:14 | struct S1 | -| main.rs:456:13:456:13 | y | | main.rs:391:5:394:5 | struct MyThing | -| main.rs:456:13:456:13 | y | A | main.rs:403:5:404:14 | struct S2 | -| main.rs:456:17:456:33 | MyThing {...} | | main.rs:391:5:394:5 | struct MyThing | -| main.rs:456:17:456:33 | MyThing {...} | A | main.rs:403:5:404:14 | struct S2 | -| main.rs:456:30:456:31 | S2 | | main.rs:403:5:404:14 | struct S2 | -| main.rs:458:26:458:26 | x | | main.rs:391:5:394:5 | struct MyThing | -| main.rs:458:26:458:26 | x | A | main.rs:401:5:402:14 | struct S1 | -| main.rs:458:26:458:31 | x.m1(...) | | main.rs:401:5:402:14 | struct S1 | -| main.rs:459:26:459:26 | y | | main.rs:391:5:394:5 | struct MyThing | -| main.rs:459:26:459:26 | y | A | main.rs:403:5:404:14 | struct S2 | -| main.rs:459:26:459:31 | y.m1(...) | | main.rs:403:5:404:14 | struct S2 | -| main.rs:461:13:461:13 | x | | main.rs:391:5:394:5 | struct MyThing | -| main.rs:461:13:461:13 | x | A | main.rs:401:5:402:14 | struct S1 | -| main.rs:461:17:461:33 | MyThing {...} | | main.rs:391:5:394:5 | struct MyThing | -| main.rs:461:17:461:33 | MyThing {...} | A | main.rs:401:5:402:14 | struct S1 | -| main.rs:461:30:461:31 | S1 | | main.rs:401:5:402:14 | struct S1 | -| main.rs:462:13:462:13 | y | | main.rs:391:5:394:5 | struct MyThing | -| main.rs:462:13:462:13 | y | A | main.rs:403:5:404:14 | struct S2 | -| main.rs:462:17:462:33 | MyThing {...} | | main.rs:391:5:394:5 | struct MyThing | -| main.rs:462:17:462:33 | MyThing {...} | A | main.rs:403:5:404:14 | struct S2 | -| main.rs:462:30:462:31 | S2 | | main.rs:403:5:404:14 | struct S2 | -| main.rs:464:26:464:26 | x | | main.rs:391:5:394:5 | struct MyThing | -| main.rs:464:26:464:26 | x | A | main.rs:401:5:402:14 | struct S1 | -| main.rs:464:26:464:31 | x.m2(...) | | main.rs:401:5:402:14 | struct S1 | -| main.rs:465:26:465:26 | y | | main.rs:391:5:394:5 | struct MyThing | -| main.rs:465:26:465:26 | y | A | main.rs:403:5:404:14 | struct S2 | -| main.rs:465:26:465:31 | y.m2(...) | | main.rs:403:5:404:14 | struct S2 | -| main.rs:467:13:467:13 | x | | main.rs:396:5:399:5 | struct MyThing2 | -| main.rs:467:13:467:13 | x | A | main.rs:401:5:402:14 | struct S1 | -| main.rs:467:17:467:34 | MyThing2 {...} | | main.rs:396:5:399:5 | struct MyThing2 | -| main.rs:467:17:467:34 | MyThing2 {...} | A | main.rs:401:5:402:14 | struct S1 | -| main.rs:467:31:467:32 | S1 | | main.rs:401:5:402:14 | struct S1 | -| main.rs:468:13:468:13 | y | | main.rs:396:5:399:5 | struct MyThing2 | -| main.rs:468:13:468:13 | y | A | main.rs:403:5:404:14 | struct S2 | -| main.rs:468:17:468:34 | MyThing2 {...} | | main.rs:396:5:399:5 | struct MyThing2 | -| main.rs:468:17:468:34 | MyThing2 {...} | A | main.rs:403:5:404:14 | struct S2 | -| main.rs:468:31:468:32 | S2 | | main.rs:403:5:404:14 | struct S2 | -| main.rs:470:26:470:26 | x | | main.rs:396:5:399:5 | struct MyThing2 | -| main.rs:470:26:470:26 | x | A | main.rs:401:5:402:14 | struct S1 | -| main.rs:470:26:470:31 | x.m3(...) | | main.rs:401:5:402:14 | struct S1 | -| main.rs:471:26:471:26 | y | | main.rs:396:5:399:5 | struct MyThing2 | -| main.rs:471:26:471:26 | y | A | main.rs:403:5:404:14 | struct S2 | -| main.rs:471:26:471:31 | y.m3(...) | | main.rs:403:5:404:14 | struct S2 | +| main.rs:455:13:455:13 | x | | main.rs:391:5:394:5 | MyThing | +| main.rs:455:13:455:13 | x | A | main.rs:401:5:402:14 | S1 | +| main.rs:455:17:455:33 | MyThing {...} | | main.rs:391:5:394:5 | MyThing | +| main.rs:455:17:455:33 | MyThing {...} | A | main.rs:401:5:402:14 | S1 | +| main.rs:455:30:455:31 | S1 | | main.rs:401:5:402:14 | S1 | +| main.rs:456:13:456:13 | y | | main.rs:391:5:394:5 | MyThing | +| main.rs:456:13:456:13 | y | A | main.rs:403:5:404:14 | S2 | +| main.rs:456:17:456:33 | MyThing {...} | | main.rs:391:5:394:5 | MyThing | +| main.rs:456:17:456:33 | MyThing {...} | A | main.rs:403:5:404:14 | S2 | +| main.rs:456:30:456:31 | S2 | | main.rs:403:5:404:14 | S2 | +| main.rs:458:26:458:26 | x | | main.rs:391:5:394:5 | MyThing | +| main.rs:458:26:458:26 | x | A | main.rs:401:5:402:14 | S1 | +| main.rs:458:26:458:31 | x.m1() | | main.rs:401:5:402:14 | S1 | +| main.rs:459:26:459:26 | y | | main.rs:391:5:394:5 | MyThing | +| main.rs:459:26:459:26 | y | A | main.rs:403:5:404:14 | S2 | +| main.rs:459:26:459:31 | y.m1() | | main.rs:403:5:404:14 | S2 | +| main.rs:461:13:461:13 | x | | main.rs:391:5:394:5 | MyThing | +| main.rs:461:13:461:13 | x | A | main.rs:401:5:402:14 | S1 | +| main.rs:461:17:461:33 | MyThing {...} | | main.rs:391:5:394:5 | MyThing | +| main.rs:461:17:461:33 | MyThing {...} | A | main.rs:401:5:402:14 | S1 | +| main.rs:461:30:461:31 | S1 | | main.rs:401:5:402:14 | S1 | +| main.rs:462:13:462:13 | y | | main.rs:391:5:394:5 | MyThing | +| main.rs:462:13:462:13 | y | A | main.rs:403:5:404:14 | S2 | +| main.rs:462:17:462:33 | MyThing {...} | | main.rs:391:5:394:5 | MyThing | +| main.rs:462:17:462:33 | MyThing {...} | A | main.rs:403:5:404:14 | S2 | +| main.rs:462:30:462:31 | S2 | | main.rs:403:5:404:14 | S2 | +| main.rs:464:26:464:26 | x | | main.rs:391:5:394:5 | MyThing | +| main.rs:464:26:464:26 | x | A | main.rs:401:5:402:14 | S1 | +| main.rs:464:26:464:31 | x.m2() | | main.rs:401:5:402:14 | S1 | +| main.rs:465:26:465:26 | y | | main.rs:391:5:394:5 | MyThing | +| main.rs:465:26:465:26 | y | A | main.rs:403:5:404:14 | S2 | +| main.rs:465:26:465:31 | y.m2() | | main.rs:403:5:404:14 | S2 | +| main.rs:467:13:467:13 | x | | main.rs:396:5:399:5 | MyThing2 | +| main.rs:467:13:467:13 | x | A | main.rs:401:5:402:14 | S1 | +| main.rs:467:17:467:34 | MyThing2 {...} | | main.rs:396:5:399:5 | MyThing2 | +| main.rs:467:17:467:34 | MyThing2 {...} | A | main.rs:401:5:402:14 | S1 | +| main.rs:467:31:467:32 | S1 | | main.rs:401:5:402:14 | S1 | +| main.rs:468:13:468:13 | y | | main.rs:396:5:399:5 | MyThing2 | +| main.rs:468:13:468:13 | y | A | main.rs:403:5:404:14 | S2 | +| main.rs:468:17:468:34 | MyThing2 {...} | | main.rs:396:5:399:5 | MyThing2 | +| main.rs:468:17:468:34 | MyThing2 {...} | A | main.rs:403:5:404:14 | S2 | +| main.rs:468:31:468:32 | S2 | | main.rs:403:5:404:14 | S2 | +| main.rs:470:26:470:26 | x | | main.rs:396:5:399:5 | MyThing2 | +| main.rs:470:26:470:26 | x | A | main.rs:401:5:402:14 | S1 | +| main.rs:470:26:470:31 | x.m3() | | main.rs:401:5:402:14 | S1 | +| main.rs:471:26:471:26 | y | | main.rs:396:5:399:5 | MyThing2 | +| main.rs:471:26:471:26 | y | A | main.rs:403:5:404:14 | S2 | +| main.rs:471:26:471:31 | y.m3() | | main.rs:403:5:404:14 | S2 | | main.rs:489:22:489:22 | x | | file://:0:0:0:0 | & | | main.rs:489:22:489:22 | x | &T | main.rs:489:11:489:19 | T | | main.rs:489:35:491:5 | { ... } | | file://:0:0:0:0 | & | | main.rs:489:35:491:5 | { ... } | &T | main.rs:489:11:489:19 | T | | main.rs:490:9:490:9 | x | | file://:0:0:0:0 | & | | main.rs:490:9:490:9 | x | &T | main.rs:489:11:489:19 | T | -| main.rs:494:17:494:20 | SelfParam | | main.rs:479:5:480:14 | struct S1 | -| main.rs:494:29:496:9 | { ... } | | main.rs:482:5:483:14 | struct S2 | -| main.rs:495:13:495:14 | S2 | | main.rs:482:5:483:14 | struct S2 | +| main.rs:494:17:494:20 | SelfParam | | main.rs:479:5:480:14 | S1 | +| main.rs:494:29:496:9 | { ... } | | main.rs:482:5:483:14 | S2 | +| main.rs:495:13:495:14 | S2 | | main.rs:482:5:483:14 | S2 | | main.rs:499:21:499:21 | x | | main.rs:499:13:499:14 | T1 | | main.rs:502:5:504:5 | { ... } | | main.rs:499:17:499:18 | T2 | | main.rs:503:9:503:9 | x | | main.rs:499:13:499:14 | T1 | -| main.rs:503:9:503:16 | x.into(...) | | main.rs:499:17:499:18 | T2 | -| main.rs:507:13:507:13 | x | | main.rs:479:5:480:14 | struct S1 | -| main.rs:507:17:507:18 | S1 | | main.rs:479:5:480:14 | struct S1 | +| main.rs:503:9:503:16 | x.into() | | main.rs:499:17:499:18 | T2 | +| main.rs:507:13:507:13 | x | | main.rs:479:5:480:14 | S1 | +| main.rs:507:17:507:18 | S1 | | main.rs:479:5:480:14 | S1 | | main.rs:508:26:508:31 | id(...) | | file://:0:0:0:0 | & | -| main.rs:508:26:508:31 | id(...) | &T | main.rs:479:5:480:14 | struct S1 | +| main.rs:508:26:508:31 | id(...) | &T | main.rs:479:5:480:14 | S1 | | main.rs:508:29:508:30 | &x | | file://:0:0:0:0 | & | -| main.rs:508:29:508:30 | &x | &T | main.rs:479:5:480:14 | struct S1 | -| main.rs:508:30:508:30 | x | | main.rs:479:5:480:14 | struct S1 | -| main.rs:510:13:510:13 | x | | main.rs:479:5:480:14 | struct S1 | -| main.rs:510:17:510:18 | S1 | | main.rs:479:5:480:14 | struct S1 | +| main.rs:508:29:508:30 | &x | &T | main.rs:479:5:480:14 | S1 | +| main.rs:508:30:508:30 | x | | main.rs:479:5:480:14 | S1 | +| main.rs:510:13:510:13 | x | | main.rs:479:5:480:14 | S1 | +| main.rs:510:17:510:18 | S1 | | main.rs:479:5:480:14 | S1 | | main.rs:511:26:511:37 | id::<...>(...) | | file://:0:0:0:0 | & | -| main.rs:511:26:511:37 | id::<...>(...) | &T | main.rs:479:5:480:14 | struct S1 | +| main.rs:511:26:511:37 | id::<...>(...) | &T | main.rs:479:5:480:14 | S1 | | main.rs:511:35:511:36 | &x | | file://:0:0:0:0 | & | -| main.rs:511:35:511:36 | &x | &T | main.rs:479:5:480:14 | struct S1 | -| main.rs:511:36:511:36 | x | | main.rs:479:5:480:14 | struct S1 | -| main.rs:513:13:513:13 | x | | main.rs:479:5:480:14 | struct S1 | -| main.rs:513:17:513:18 | S1 | | main.rs:479:5:480:14 | struct S1 | +| main.rs:511:35:511:36 | &x | &T | main.rs:479:5:480:14 | S1 | +| main.rs:511:36:511:36 | x | | main.rs:479:5:480:14 | S1 | +| main.rs:513:13:513:13 | x | | main.rs:479:5:480:14 | S1 | +| main.rs:513:17:513:18 | S1 | | main.rs:479:5:480:14 | S1 | | main.rs:514:26:514:44 | id::<...>(...) | | file://:0:0:0:0 | & | -| main.rs:514:26:514:44 | id::<...>(...) | &T | main.rs:479:5:480:14 | struct S1 | +| main.rs:514:26:514:44 | id::<...>(...) | &T | main.rs:479:5:480:14 | S1 | | main.rs:514:42:514:43 | &x | | file://:0:0:0:0 | & | -| main.rs:514:42:514:43 | &x | &T | main.rs:479:5:480:14 | struct S1 | -| main.rs:514:43:514:43 | x | | main.rs:479:5:480:14 | struct S1 | -| main.rs:516:13:516:13 | x | | main.rs:479:5:480:14 | struct S1 | -| main.rs:516:17:516:18 | S1 | | main.rs:479:5:480:14 | struct S1 | -| main.rs:517:9:517:25 | into::<...>(...) | | main.rs:482:5:483:14 | struct S2 | -| main.rs:517:24:517:24 | x | | main.rs:479:5:480:14 | struct S1 | -| main.rs:519:13:519:13 | x | | main.rs:479:5:480:14 | struct S1 | -| main.rs:519:17:519:18 | S1 | | main.rs:479:5:480:14 | struct S1 | -| main.rs:520:13:520:13 | y | | main.rs:482:5:483:14 | struct S2 | -| main.rs:520:21:520:27 | into(...) | | main.rs:482:5:483:14 | struct S2 | -| main.rs:520:26:520:26 | x | | main.rs:479:5:480:14 | struct S1 | -| main.rs:550:13:550:14 | p1 | | main.rs:525:5:531:5 | enum PairOption | -| main.rs:550:13:550:14 | p1 | Fst | main.rs:533:5:534:14 | struct S1 | -| main.rs:550:13:550:14 | p1 | Snd | main.rs:536:5:537:14 | struct S2 | -| main.rs:550:26:550:53 | ...::PairBoth(...) | | main.rs:525:5:531:5 | enum PairOption | -| main.rs:550:26:550:53 | ...::PairBoth(...) | Fst | main.rs:533:5:534:14 | struct S1 | -| main.rs:550:26:550:53 | ...::PairBoth(...) | Snd | main.rs:536:5:537:14 | struct S2 | -| main.rs:550:47:550:48 | S1 | | main.rs:533:5:534:14 | struct S1 | -| main.rs:550:51:550:52 | S2 | | main.rs:536:5:537:14 | struct S2 | -| main.rs:551:26:551:27 | p1 | | main.rs:525:5:531:5 | enum PairOption | -| main.rs:551:26:551:27 | p1 | Fst | main.rs:533:5:534:14 | struct S1 | -| main.rs:551:26:551:27 | p1 | Snd | main.rs:536:5:537:14 | struct S2 | -| main.rs:554:13:554:14 | p2 | | main.rs:525:5:531:5 | enum PairOption | -| main.rs:554:26:554:47 | ...::PairNone(...) | | main.rs:525:5:531:5 | enum PairOption | -| main.rs:555:26:555:27 | p2 | | main.rs:525:5:531:5 | enum PairOption | -| main.rs:558:13:558:14 | p3 | | main.rs:525:5:531:5 | enum PairOption | -| main.rs:558:13:558:14 | p3 | Snd | main.rs:539:5:540:14 | struct S3 | -| main.rs:558:34:558:56 | ...::PairSnd(...) | | main.rs:525:5:531:5 | enum PairOption | -| main.rs:558:34:558:56 | ...::PairSnd(...) | Snd | main.rs:539:5:540:14 | struct S3 | -| main.rs:558:54:558:55 | S3 | | main.rs:539:5:540:14 | struct S3 | -| main.rs:559:26:559:27 | p3 | | main.rs:525:5:531:5 | enum PairOption | -| main.rs:559:26:559:27 | p3 | Snd | main.rs:539:5:540:14 | struct S3 | -| main.rs:562:13:562:14 | p3 | | main.rs:525:5:531:5 | enum PairOption | -| main.rs:562:13:562:14 | p3 | Fst | main.rs:539:5:540:14 | struct S3 | -| main.rs:562:35:562:56 | ...::PairNone(...) | | main.rs:525:5:531:5 | enum PairOption | -| main.rs:562:35:562:56 | ...::PairNone(...) | Fst | main.rs:539:5:540:14 | struct S3 | -| main.rs:563:26:563:27 | p3 | | main.rs:525:5:531:5 | enum PairOption | -| main.rs:563:26:563:27 | p3 | Fst | main.rs:539:5:540:14 | struct S3 | +| main.rs:514:42:514:43 | &x | &T | main.rs:479:5:480:14 | S1 | +| main.rs:514:43:514:43 | x | | main.rs:479:5:480:14 | S1 | +| main.rs:516:13:516:13 | x | | main.rs:479:5:480:14 | S1 | +| main.rs:516:17:516:18 | S1 | | main.rs:479:5:480:14 | S1 | +| main.rs:517:9:517:25 | into::<...>(...) | | main.rs:482:5:483:14 | S2 | +| main.rs:517:24:517:24 | x | | main.rs:479:5:480:14 | S1 | +| main.rs:519:13:519:13 | x | | main.rs:479:5:480:14 | S1 | +| main.rs:519:17:519:18 | S1 | | main.rs:479:5:480:14 | S1 | +| main.rs:520:13:520:13 | y | | main.rs:482:5:483:14 | S2 | +| main.rs:520:21:520:27 | into(...) | | main.rs:482:5:483:14 | S2 | +| main.rs:520:26:520:26 | x | | main.rs:479:5:480:14 | S1 | +| main.rs:550:13:550:14 | p1 | | main.rs:525:5:531:5 | PairOption | +| main.rs:550:13:550:14 | p1 | Fst | main.rs:533:5:534:14 | S1 | +| main.rs:550:13:550:14 | p1 | Snd | main.rs:536:5:537:14 | S2 | +| main.rs:550:26:550:53 | ...::PairBoth(...) | | main.rs:525:5:531:5 | PairOption | +| main.rs:550:26:550:53 | ...::PairBoth(...) | Fst | main.rs:533:5:534:14 | S1 | +| main.rs:550:26:550:53 | ...::PairBoth(...) | Snd | main.rs:536:5:537:14 | S2 | +| main.rs:550:47:550:48 | S1 | | main.rs:533:5:534:14 | S1 | +| main.rs:550:51:550:52 | S2 | | main.rs:536:5:537:14 | S2 | +| main.rs:551:26:551:27 | p1 | | main.rs:525:5:531:5 | PairOption | +| main.rs:551:26:551:27 | p1 | Fst | main.rs:533:5:534:14 | S1 | +| main.rs:551:26:551:27 | p1 | Snd | main.rs:536:5:537:14 | S2 | +| main.rs:554:13:554:14 | p2 | | main.rs:525:5:531:5 | PairOption | +| main.rs:554:26:554:47 | ...::PairNone(...) | | main.rs:525:5:531:5 | PairOption | +| main.rs:555:26:555:27 | p2 | | main.rs:525:5:531:5 | PairOption | +| main.rs:558:13:558:14 | p3 | | main.rs:525:5:531:5 | PairOption | +| main.rs:558:13:558:14 | p3 | Snd | main.rs:539:5:540:14 | S3 | +| main.rs:558:34:558:56 | ...::PairSnd(...) | | main.rs:525:5:531:5 | PairOption | +| main.rs:558:34:558:56 | ...::PairSnd(...) | Snd | main.rs:539:5:540:14 | S3 | +| main.rs:558:54:558:55 | S3 | | main.rs:539:5:540:14 | S3 | +| main.rs:559:26:559:27 | p3 | | main.rs:525:5:531:5 | PairOption | +| main.rs:559:26:559:27 | p3 | Snd | main.rs:539:5:540:14 | S3 | +| main.rs:562:13:562:14 | p3 | | main.rs:525:5:531:5 | PairOption | +| main.rs:562:13:562:14 | p3 | Fst | main.rs:539:5:540:14 | S3 | +| main.rs:562:35:562:56 | ...::PairNone(...) | | main.rs:525:5:531:5 | PairOption | +| main.rs:562:35:562:56 | ...::PairNone(...) | Fst | main.rs:539:5:540:14 | S3 | +| main.rs:563:26:563:27 | p3 | | main.rs:525:5:531:5 | PairOption | +| main.rs:563:26:563:27 | p3 | Fst | main.rs:539:5:540:14 | S3 | | main.rs:575:16:575:24 | SelfParam | | file://:0:0:0:0 | & | | main.rs:575:16:575:24 | SelfParam | &T | main.rs:574:5:580:5 | Self [trait MyTrait] | | main.rs:575:27:575:31 | value | | main.rs:574:19:574:19 | S | @@ -531,240 +531,240 @@ inferType | main.rs:578:13:578:16 | self | &T | main.rs:574:5:580:5 | Self [trait MyTrait] | | main.rs:578:22:578:26 | value | | main.rs:574:19:574:19 | S | | main.rs:583:16:583:24 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:583:16:583:24 | SelfParam | &T | main.rs:568:5:572:5 | enum MyOption | +| main.rs:583:16:583:24 | SelfParam | &T | main.rs:568:5:572:5 | MyOption | | main.rs:583:16:583:24 | SelfParam | &T.T | main.rs:582:10:582:10 | T | | main.rs:583:27:583:31 | value | | main.rs:582:10:582:10 | T | -| main.rs:587:26:589:9 | { ... } | | main.rs:568:5:572:5 | enum MyOption | +| main.rs:587:26:589:9 | { ... } | | main.rs:568:5:572:5 | MyOption | | main.rs:587:26:589:9 | { ... } | T | main.rs:586:10:586:10 | T | -| main.rs:588:13:588:30 | ...::MyNone(...) | | main.rs:568:5:572:5 | enum MyOption | +| main.rs:588:13:588:30 | ...::MyNone(...) | | main.rs:568:5:572:5 | MyOption | | main.rs:588:13:588:30 | ...::MyNone(...) | T | main.rs:586:10:586:10 | T | -| main.rs:593:20:593:23 | SelfParam | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:593:20:593:23 | SelfParam | T | main.rs:568:5:572:5 | enum MyOption | +| main.rs:593:20:593:23 | SelfParam | | main.rs:568:5:572:5 | MyOption | +| main.rs:593:20:593:23 | SelfParam | T | main.rs:568:5:572:5 | MyOption | | main.rs:593:20:593:23 | SelfParam | T.T | main.rs:592:10:592:10 | T | -| main.rs:593:41:598:9 | { ... } | | main.rs:568:5:572:5 | enum MyOption | +| main.rs:593:41:598:9 | { ... } | | main.rs:568:5:572:5 | MyOption | | main.rs:593:41:598:9 | { ... } | T | main.rs:592:10:592:10 | T | -| main.rs:594:13:597:13 | match self { ... } | | main.rs:568:5:572:5 | enum MyOption | +| main.rs:594:13:597:13 | match self { ... } | | main.rs:568:5:572:5 | MyOption | | main.rs:594:13:597:13 | match self { ... } | T | main.rs:592:10:592:10 | T | -| main.rs:594:19:594:22 | self | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:594:19:594:22 | self | T | main.rs:568:5:572:5 | enum MyOption | +| main.rs:594:19:594:22 | self | | main.rs:568:5:572:5 | MyOption | +| main.rs:594:19:594:22 | self | T | main.rs:568:5:572:5 | MyOption | | main.rs:594:19:594:22 | self | T.T | main.rs:592:10:592:10 | T | -| main.rs:595:39:595:56 | ...::MyNone(...) | | main.rs:568:5:572:5 | enum MyOption | +| main.rs:595:39:595:56 | ...::MyNone(...) | | main.rs:568:5:572:5 | MyOption | | main.rs:595:39:595:56 | ...::MyNone(...) | T | main.rs:592:10:592:10 | T | -| main.rs:596:34:596:34 | x | | main.rs:568:5:572:5 | enum MyOption | +| main.rs:596:34:596:34 | x | | main.rs:568:5:572:5 | MyOption | | main.rs:596:34:596:34 | x | T | main.rs:592:10:592:10 | T | -| main.rs:596:40:596:40 | x | | main.rs:568:5:572:5 | enum MyOption | +| main.rs:596:40:596:40 | x | | main.rs:568:5:572:5 | MyOption | | main.rs:596:40:596:40 | x | T | main.rs:592:10:592:10 | T | -| main.rs:605:13:605:14 | x1 | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:605:18:605:37 | ...::new(...) | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:606:26:606:27 | x1 | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:608:13:608:18 | mut x2 | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:608:13:608:18 | mut x2 | T | main.rs:601:5:602:13 | struct S | -| main.rs:608:22:608:36 | ...::new(...) | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:608:22:608:36 | ...::new(...) | T | main.rs:601:5:602:13 | struct S | -| main.rs:609:9:609:10 | x2 | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:609:9:609:10 | x2 | T | main.rs:601:5:602:13 | struct S | -| main.rs:609:16:609:16 | S | | main.rs:601:5:602:13 | struct S | -| main.rs:610:26:610:27 | x2 | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:610:26:610:27 | x2 | T | main.rs:601:5:602:13 | struct S | -| main.rs:612:13:612:18 | mut x3 | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:612:22:612:36 | ...::new(...) | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:613:9:613:10 | x3 | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:613:21:613:21 | S | | main.rs:601:5:602:13 | struct S | -| main.rs:614:26:614:27 | x3 | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:616:13:616:18 | mut x4 | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:616:13:616:18 | mut x4 | T | main.rs:601:5:602:13 | struct S | -| main.rs:616:22:616:36 | ...::new(...) | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:616:22:616:36 | ...::new(...) | T | main.rs:601:5:602:13 | struct S | +| main.rs:605:13:605:14 | x1 | | main.rs:568:5:572:5 | MyOption | +| main.rs:605:18:605:37 | ...::new(...) | | main.rs:568:5:572:5 | MyOption | +| main.rs:606:26:606:27 | x1 | | main.rs:568:5:572:5 | MyOption | +| main.rs:608:13:608:18 | mut x2 | | main.rs:568:5:572:5 | MyOption | +| main.rs:608:13:608:18 | mut x2 | T | main.rs:601:5:602:13 | S | +| main.rs:608:22:608:36 | ...::new(...) | | main.rs:568:5:572:5 | MyOption | +| main.rs:608:22:608:36 | ...::new(...) | T | main.rs:601:5:602:13 | S | +| main.rs:609:9:609:10 | x2 | | main.rs:568:5:572:5 | MyOption | +| main.rs:609:9:609:10 | x2 | T | main.rs:601:5:602:13 | S | +| main.rs:609:16:609:16 | S | | main.rs:601:5:602:13 | S | +| main.rs:610:26:610:27 | x2 | | main.rs:568:5:572:5 | MyOption | +| main.rs:610:26:610:27 | x2 | T | main.rs:601:5:602:13 | S | +| main.rs:612:13:612:18 | mut x3 | | main.rs:568:5:572:5 | MyOption | +| main.rs:612:22:612:36 | ...::new(...) | | main.rs:568:5:572:5 | MyOption | +| main.rs:613:9:613:10 | x3 | | main.rs:568:5:572:5 | MyOption | +| main.rs:613:21:613:21 | S | | main.rs:601:5:602:13 | S | +| main.rs:614:26:614:27 | x3 | | main.rs:568:5:572:5 | MyOption | +| main.rs:616:13:616:18 | mut x4 | | main.rs:568:5:572:5 | MyOption | +| main.rs:616:13:616:18 | mut x4 | T | main.rs:601:5:602:13 | S | +| main.rs:616:22:616:36 | ...::new(...) | | main.rs:568:5:572:5 | MyOption | +| main.rs:616:22:616:36 | ...::new(...) | T | main.rs:601:5:602:13 | S | | main.rs:617:23:617:29 | &mut x4 | | file://:0:0:0:0 | & | -| main.rs:617:23:617:29 | &mut x4 | &T | main.rs:568:5:572:5 | enum MyOption | -| main.rs:617:23:617:29 | &mut x4 | &T.T | main.rs:601:5:602:13 | struct S | -| main.rs:617:28:617:29 | x4 | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:617:28:617:29 | x4 | T | main.rs:601:5:602:13 | struct S | -| main.rs:617:32:617:32 | S | | main.rs:601:5:602:13 | struct S | -| main.rs:618:26:618:27 | x4 | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:618:26:618:27 | x4 | T | main.rs:601:5:602:13 | struct S | -| main.rs:620:13:620:14 | x5 | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:620:13:620:14 | x5 | T | main.rs:568:5:572:5 | enum MyOption | -| main.rs:620:13:620:14 | x5 | T.T | main.rs:601:5:602:13 | struct S | -| main.rs:620:18:620:58 | ...::MySome(...) | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:620:18:620:58 | ...::MySome(...) | T | main.rs:568:5:572:5 | enum MyOption | -| main.rs:620:18:620:58 | ...::MySome(...) | T.T | main.rs:601:5:602:13 | struct S | -| main.rs:620:35:620:57 | ...::MyNone(...) | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:620:35:620:57 | ...::MyNone(...) | T | main.rs:601:5:602:13 | struct S | -| main.rs:621:26:621:27 | x5 | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:621:26:621:27 | x5 | T | main.rs:568:5:572:5 | enum MyOption | -| main.rs:621:26:621:27 | x5 | T.T | main.rs:601:5:602:13 | struct S | -| main.rs:623:13:623:14 | x6 | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:623:13:623:14 | x6 | T | main.rs:568:5:572:5 | enum MyOption | -| main.rs:623:13:623:14 | x6 | T.T | main.rs:601:5:602:13 | struct S | -| main.rs:623:18:623:58 | ...::MySome(...) | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:623:18:623:58 | ...::MySome(...) | T | main.rs:568:5:572:5 | enum MyOption | -| main.rs:623:18:623:58 | ...::MySome(...) | T.T | main.rs:601:5:602:13 | struct S | -| main.rs:623:35:623:57 | ...::MyNone(...) | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:623:35:623:57 | ...::MyNone(...) | T | main.rs:601:5:602:13 | struct S | -| main.rs:624:26:624:61 | ...::flatten(...) | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:624:26:624:61 | ...::flatten(...) | T | main.rs:601:5:602:13 | struct S | -| main.rs:624:59:624:60 | x6 | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:624:59:624:60 | x6 | T | main.rs:568:5:572:5 | enum MyOption | -| main.rs:624:59:624:60 | x6 | T.T | main.rs:601:5:602:13 | struct S | -| main.rs:626:13:626:19 | from_if | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:626:13:626:19 | from_if | T | main.rs:601:5:602:13 | struct S | -| main.rs:626:23:630:9 | if ... {...} else {...} | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:626:23:630:9 | if ... {...} else {...} | T | main.rs:601:5:602:13 | struct S | -| main.rs:626:36:628:9 | { ... } | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:626:36:628:9 | { ... } | T | main.rs:601:5:602:13 | struct S | -| main.rs:627:13:627:30 | ...::MyNone(...) | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:627:13:627:30 | ...::MyNone(...) | T | main.rs:601:5:602:13 | struct S | -| main.rs:628:16:630:9 | { ... } | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:628:16:630:9 | { ... } | T | main.rs:601:5:602:13 | struct S | -| main.rs:629:13:629:31 | ...::MySome(...) | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:629:13:629:31 | ...::MySome(...) | T | main.rs:601:5:602:13 | struct S | -| main.rs:629:30:629:30 | S | | main.rs:601:5:602:13 | struct S | -| main.rs:631:26:631:32 | from_if | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:631:26:631:32 | from_if | T | main.rs:601:5:602:13 | struct S | -| main.rs:633:13:633:22 | from_match | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:633:13:633:22 | from_match | T | main.rs:601:5:602:13 | struct S | -| main.rs:633:26:636:9 | match ... { ... } | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:633:26:636:9 | match ... { ... } | T | main.rs:601:5:602:13 | struct S | -| main.rs:634:21:634:38 | ...::MyNone(...) | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:634:21:634:38 | ...::MyNone(...) | T | main.rs:601:5:602:13 | struct S | -| main.rs:635:22:635:40 | ...::MySome(...) | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:635:22:635:40 | ...::MySome(...) | T | main.rs:601:5:602:13 | struct S | -| main.rs:635:39:635:39 | S | | main.rs:601:5:602:13 | struct S | -| main.rs:637:26:637:35 | from_match | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:637:26:637:35 | from_match | T | main.rs:601:5:602:13 | struct S | -| main.rs:639:13:639:21 | from_loop | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:639:13:639:21 | from_loop | T | main.rs:601:5:602:13 | struct S | -| main.rs:639:25:644:9 | loop { ... } | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:639:25:644:9 | loop { ... } | T | main.rs:601:5:602:13 | struct S | -| main.rs:641:23:641:40 | ...::MyNone(...) | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:641:23:641:40 | ...::MyNone(...) | T | main.rs:601:5:602:13 | struct S | -| main.rs:643:19:643:37 | ...::MySome(...) | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:643:19:643:37 | ...::MySome(...) | T | main.rs:601:5:602:13 | struct S | -| main.rs:643:36:643:36 | S | | main.rs:601:5:602:13 | struct S | -| main.rs:645:26:645:34 | from_loop | | main.rs:568:5:572:5 | enum MyOption | -| main.rs:645:26:645:34 | from_loop | T | main.rs:601:5:602:13 | struct S | -| main.rs:658:15:658:18 | SelfParam | | main.rs:651:5:652:19 | struct S | +| main.rs:617:23:617:29 | &mut x4 | &T | main.rs:568:5:572:5 | MyOption | +| main.rs:617:23:617:29 | &mut x4 | &T.T | main.rs:601:5:602:13 | S | +| main.rs:617:28:617:29 | x4 | | main.rs:568:5:572:5 | MyOption | +| main.rs:617:28:617:29 | x4 | T | main.rs:601:5:602:13 | S | +| main.rs:617:32:617:32 | S | | main.rs:601:5:602:13 | S | +| main.rs:618:26:618:27 | x4 | | main.rs:568:5:572:5 | MyOption | +| main.rs:618:26:618:27 | x4 | T | main.rs:601:5:602:13 | S | +| main.rs:620:13:620:14 | x5 | | main.rs:568:5:572:5 | MyOption | +| main.rs:620:13:620:14 | x5 | T | main.rs:568:5:572:5 | MyOption | +| main.rs:620:13:620:14 | x5 | T.T | main.rs:601:5:602:13 | S | +| main.rs:620:18:620:58 | ...::MySome(...) | | main.rs:568:5:572:5 | MyOption | +| main.rs:620:18:620:58 | ...::MySome(...) | T | main.rs:568:5:572:5 | MyOption | +| main.rs:620:18:620:58 | ...::MySome(...) | T.T | main.rs:601:5:602:13 | S | +| main.rs:620:35:620:57 | ...::MyNone(...) | | main.rs:568:5:572:5 | MyOption | +| main.rs:620:35:620:57 | ...::MyNone(...) | T | main.rs:601:5:602:13 | S | +| main.rs:621:26:621:27 | x5 | | main.rs:568:5:572:5 | MyOption | +| main.rs:621:26:621:27 | x5 | T | main.rs:568:5:572:5 | MyOption | +| main.rs:621:26:621:27 | x5 | T.T | main.rs:601:5:602:13 | S | +| main.rs:623:13:623:14 | x6 | | main.rs:568:5:572:5 | MyOption | +| main.rs:623:13:623:14 | x6 | T | main.rs:568:5:572:5 | MyOption | +| main.rs:623:13:623:14 | x6 | T.T | main.rs:601:5:602:13 | S | +| main.rs:623:18:623:58 | ...::MySome(...) | | main.rs:568:5:572:5 | MyOption | +| main.rs:623:18:623:58 | ...::MySome(...) | T | main.rs:568:5:572:5 | MyOption | +| main.rs:623:18:623:58 | ...::MySome(...) | T.T | main.rs:601:5:602:13 | S | +| main.rs:623:35:623:57 | ...::MyNone(...) | | main.rs:568:5:572:5 | MyOption | +| main.rs:623:35:623:57 | ...::MyNone(...) | T | main.rs:601:5:602:13 | S | +| main.rs:624:26:624:61 | ...::flatten(...) | | main.rs:568:5:572:5 | MyOption | +| main.rs:624:26:624:61 | ...::flatten(...) | T | main.rs:601:5:602:13 | S | +| main.rs:624:59:624:60 | x6 | | main.rs:568:5:572:5 | MyOption | +| main.rs:624:59:624:60 | x6 | T | main.rs:568:5:572:5 | MyOption | +| main.rs:624:59:624:60 | x6 | T.T | main.rs:601:5:602:13 | S | +| main.rs:626:13:626:19 | from_if | | main.rs:568:5:572:5 | MyOption | +| main.rs:626:13:626:19 | from_if | T | main.rs:601:5:602:13 | S | +| main.rs:626:23:630:9 | if ... {...} else {...} | | main.rs:568:5:572:5 | MyOption | +| main.rs:626:23:630:9 | if ... {...} else {...} | T | main.rs:601:5:602:13 | S | +| main.rs:626:36:628:9 | { ... } | | main.rs:568:5:572:5 | MyOption | +| main.rs:626:36:628:9 | { ... } | T | main.rs:601:5:602:13 | S | +| main.rs:627:13:627:30 | ...::MyNone(...) | | main.rs:568:5:572:5 | MyOption | +| main.rs:627:13:627:30 | ...::MyNone(...) | T | main.rs:601:5:602:13 | S | +| main.rs:628:16:630:9 | { ... } | | main.rs:568:5:572:5 | MyOption | +| main.rs:628:16:630:9 | { ... } | T | main.rs:601:5:602:13 | S | +| main.rs:629:13:629:31 | ...::MySome(...) | | main.rs:568:5:572:5 | MyOption | +| main.rs:629:13:629:31 | ...::MySome(...) | T | main.rs:601:5:602:13 | S | +| main.rs:629:30:629:30 | S | | main.rs:601:5:602:13 | S | +| main.rs:631:26:631:32 | from_if | | main.rs:568:5:572:5 | MyOption | +| main.rs:631:26:631:32 | from_if | T | main.rs:601:5:602:13 | S | +| main.rs:633:13:633:22 | from_match | | main.rs:568:5:572:5 | MyOption | +| main.rs:633:13:633:22 | from_match | T | main.rs:601:5:602:13 | S | +| main.rs:633:26:636:9 | match ... { ... } | | main.rs:568:5:572:5 | MyOption | +| main.rs:633:26:636:9 | match ... { ... } | T | main.rs:601:5:602:13 | S | +| main.rs:634:21:634:38 | ...::MyNone(...) | | main.rs:568:5:572:5 | MyOption | +| main.rs:634:21:634:38 | ...::MyNone(...) | T | main.rs:601:5:602:13 | S | +| main.rs:635:22:635:40 | ...::MySome(...) | | main.rs:568:5:572:5 | MyOption | +| main.rs:635:22:635:40 | ...::MySome(...) | T | main.rs:601:5:602:13 | S | +| main.rs:635:39:635:39 | S | | main.rs:601:5:602:13 | S | +| main.rs:637:26:637:35 | from_match | | main.rs:568:5:572:5 | MyOption | +| main.rs:637:26:637:35 | from_match | T | main.rs:601:5:602:13 | S | +| main.rs:639:13:639:21 | from_loop | | main.rs:568:5:572:5 | MyOption | +| main.rs:639:13:639:21 | from_loop | T | main.rs:601:5:602:13 | S | +| main.rs:639:25:644:9 | loop { ... } | | main.rs:568:5:572:5 | MyOption | +| main.rs:639:25:644:9 | loop { ... } | T | main.rs:601:5:602:13 | S | +| main.rs:641:23:641:40 | ...::MyNone(...) | | main.rs:568:5:572:5 | MyOption | +| main.rs:641:23:641:40 | ...::MyNone(...) | T | main.rs:601:5:602:13 | S | +| main.rs:643:19:643:37 | ...::MySome(...) | | main.rs:568:5:572:5 | MyOption | +| main.rs:643:19:643:37 | ...::MySome(...) | T | main.rs:601:5:602:13 | S | +| main.rs:643:36:643:36 | S | | main.rs:601:5:602:13 | S | +| main.rs:645:26:645:34 | from_loop | | main.rs:568:5:572:5 | MyOption | +| main.rs:645:26:645:34 | from_loop | T | main.rs:601:5:602:13 | S | +| main.rs:658:15:658:18 | SelfParam | | main.rs:651:5:652:19 | S | | main.rs:658:15:658:18 | SelfParam | T | main.rs:657:10:657:10 | T | | main.rs:658:26:660:9 | { ... } | | main.rs:657:10:657:10 | T | -| main.rs:659:13:659:16 | self | | main.rs:651:5:652:19 | struct S | +| main.rs:659:13:659:16 | self | | main.rs:651:5:652:19 | S | | main.rs:659:13:659:16 | self | T | main.rs:657:10:657:10 | T | | main.rs:659:13:659:18 | self.0 | | main.rs:657:10:657:10 | T | | main.rs:662:15:662:19 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:662:15:662:19 | SelfParam | &T | main.rs:651:5:652:19 | struct S | +| main.rs:662:15:662:19 | SelfParam | &T | main.rs:651:5:652:19 | S | | main.rs:662:15:662:19 | SelfParam | &T.T | main.rs:657:10:657:10 | T | | main.rs:662:28:664:9 | { ... } | | file://:0:0:0:0 | & | | main.rs:662:28:664:9 | { ... } | &T | main.rs:657:10:657:10 | T | | main.rs:663:13:663:19 | &... | | file://:0:0:0:0 | & | | main.rs:663:13:663:19 | &... | &T | main.rs:657:10:657:10 | T | | main.rs:663:14:663:17 | self | | file://:0:0:0:0 | & | -| main.rs:663:14:663:17 | self | &T | main.rs:651:5:652:19 | struct S | +| main.rs:663:14:663:17 | self | &T | main.rs:651:5:652:19 | S | | main.rs:663:14:663:17 | self | &T.T | main.rs:657:10:657:10 | T | | main.rs:663:14:663:19 | self.0 | | main.rs:657:10:657:10 | T | | main.rs:666:15:666:25 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:666:15:666:25 | SelfParam | &T | main.rs:651:5:652:19 | struct S | +| main.rs:666:15:666:25 | SelfParam | &T | main.rs:651:5:652:19 | S | | main.rs:666:15:666:25 | SelfParam | &T.T | main.rs:657:10:657:10 | T | | main.rs:666:34:668:9 | { ... } | | file://:0:0:0:0 | & | | main.rs:666:34:668:9 | { ... } | &T | main.rs:657:10:657:10 | T | | main.rs:667:13:667:19 | &... | | file://:0:0:0:0 | & | | main.rs:667:13:667:19 | &... | &T | main.rs:657:10:657:10 | T | | main.rs:667:14:667:17 | self | | file://:0:0:0:0 | & | -| main.rs:667:14:667:17 | self | &T | main.rs:651:5:652:19 | struct S | +| main.rs:667:14:667:17 | self | &T | main.rs:651:5:652:19 | S | | main.rs:667:14:667:17 | self | &T.T | main.rs:657:10:657:10 | T | | main.rs:667:14:667:19 | self.0 | | main.rs:657:10:657:10 | T | -| main.rs:672:13:672:14 | x1 | | main.rs:651:5:652:19 | struct S | -| main.rs:672:13:672:14 | x1 | T | main.rs:654:5:655:14 | struct S2 | -| main.rs:672:18:672:22 | S(...) | | main.rs:651:5:652:19 | struct S | -| main.rs:672:18:672:22 | S(...) | T | main.rs:654:5:655:14 | struct S2 | -| main.rs:672:20:672:21 | S2 | | main.rs:654:5:655:14 | struct S2 | -| main.rs:673:26:673:27 | x1 | | main.rs:651:5:652:19 | struct S | -| main.rs:673:26:673:27 | x1 | T | main.rs:654:5:655:14 | struct S2 | -| main.rs:673:26:673:32 | x1.m1(...) | | main.rs:654:5:655:14 | struct S2 | -| main.rs:675:13:675:14 | x2 | | main.rs:651:5:652:19 | struct S | -| main.rs:675:13:675:14 | x2 | T | main.rs:654:5:655:14 | struct S2 | -| main.rs:675:18:675:22 | S(...) | | main.rs:651:5:652:19 | struct S | -| main.rs:675:18:675:22 | S(...) | T | main.rs:654:5:655:14 | struct S2 | -| main.rs:675:20:675:21 | S2 | | main.rs:654:5:655:14 | struct S2 | -| main.rs:677:26:677:27 | x2 | | main.rs:651:5:652:19 | struct S | -| main.rs:677:26:677:27 | x2 | T | main.rs:654:5:655:14 | struct S2 | -| main.rs:677:26:677:32 | x2.m2(...) | | file://:0:0:0:0 | & | -| main.rs:677:26:677:32 | x2.m2(...) | &T | main.rs:654:5:655:14 | struct S2 | -| main.rs:678:26:678:27 | x2 | | main.rs:651:5:652:19 | struct S | -| main.rs:678:26:678:27 | x2 | T | main.rs:654:5:655:14 | struct S2 | -| main.rs:678:26:678:32 | x2.m3(...) | | file://:0:0:0:0 | & | -| main.rs:678:26:678:32 | x2.m3(...) | &T | main.rs:654:5:655:14 | struct S2 | -| main.rs:680:13:680:14 | x3 | | main.rs:651:5:652:19 | struct S | -| main.rs:680:13:680:14 | x3 | T | main.rs:654:5:655:14 | struct S2 | -| main.rs:680:18:680:22 | S(...) | | main.rs:651:5:652:19 | struct S | -| main.rs:680:18:680:22 | S(...) | T | main.rs:654:5:655:14 | struct S2 | -| main.rs:680:20:680:21 | S2 | | main.rs:654:5:655:14 | struct S2 | +| main.rs:672:13:672:14 | x1 | | main.rs:651:5:652:19 | S | +| main.rs:672:13:672:14 | x1 | T | main.rs:654:5:655:14 | S2 | +| main.rs:672:18:672:22 | S(...) | | main.rs:651:5:652:19 | S | +| main.rs:672:18:672:22 | S(...) | T | main.rs:654:5:655:14 | S2 | +| main.rs:672:20:672:21 | S2 | | main.rs:654:5:655:14 | S2 | +| main.rs:673:26:673:27 | x1 | | main.rs:651:5:652:19 | S | +| main.rs:673:26:673:27 | x1 | T | main.rs:654:5:655:14 | S2 | +| main.rs:673:26:673:32 | x1.m1() | | main.rs:654:5:655:14 | S2 | +| main.rs:675:13:675:14 | x2 | | main.rs:651:5:652:19 | S | +| main.rs:675:13:675:14 | x2 | T | main.rs:654:5:655:14 | S2 | +| main.rs:675:18:675:22 | S(...) | | main.rs:651:5:652:19 | S | +| main.rs:675:18:675:22 | S(...) | T | main.rs:654:5:655:14 | S2 | +| main.rs:675:20:675:21 | S2 | | main.rs:654:5:655:14 | S2 | +| main.rs:677:26:677:27 | x2 | | main.rs:651:5:652:19 | S | +| main.rs:677:26:677:27 | x2 | T | main.rs:654:5:655:14 | S2 | +| main.rs:677:26:677:32 | x2.m2() | | file://:0:0:0:0 | & | +| main.rs:677:26:677:32 | x2.m2() | &T | main.rs:654:5:655:14 | S2 | +| main.rs:678:26:678:27 | x2 | | main.rs:651:5:652:19 | S | +| main.rs:678:26:678:27 | x2 | T | main.rs:654:5:655:14 | S2 | +| main.rs:678:26:678:32 | x2.m3() | | file://:0:0:0:0 | & | +| main.rs:678:26:678:32 | x2.m3() | &T | main.rs:654:5:655:14 | S2 | +| main.rs:680:13:680:14 | x3 | | main.rs:651:5:652:19 | S | +| main.rs:680:13:680:14 | x3 | T | main.rs:654:5:655:14 | S2 | +| main.rs:680:18:680:22 | S(...) | | main.rs:651:5:652:19 | S | +| main.rs:680:18:680:22 | S(...) | T | main.rs:654:5:655:14 | S2 | +| main.rs:680:20:680:21 | S2 | | main.rs:654:5:655:14 | S2 | | main.rs:682:26:682:41 | ...::m2(...) | | file://:0:0:0:0 | & | -| main.rs:682:26:682:41 | ...::m2(...) | &T | main.rs:654:5:655:14 | struct S2 | +| main.rs:682:26:682:41 | ...::m2(...) | &T | main.rs:654:5:655:14 | S2 | | main.rs:682:38:682:40 | &x3 | | file://:0:0:0:0 | & | -| main.rs:682:38:682:40 | &x3 | &T | main.rs:651:5:652:19 | struct S | -| main.rs:682:38:682:40 | &x3 | &T.T | main.rs:654:5:655:14 | struct S2 | -| main.rs:682:39:682:40 | x3 | | main.rs:651:5:652:19 | struct S | -| main.rs:682:39:682:40 | x3 | T | main.rs:654:5:655:14 | struct S2 | +| main.rs:682:38:682:40 | &x3 | &T | main.rs:651:5:652:19 | S | +| main.rs:682:38:682:40 | &x3 | &T.T | main.rs:654:5:655:14 | S2 | +| main.rs:682:39:682:40 | x3 | | main.rs:651:5:652:19 | S | +| main.rs:682:39:682:40 | x3 | T | main.rs:654:5:655:14 | S2 | | main.rs:683:26:683:41 | ...::m3(...) | | file://:0:0:0:0 | & | -| main.rs:683:26:683:41 | ...::m3(...) | &T | main.rs:654:5:655:14 | struct S2 | +| main.rs:683:26:683:41 | ...::m3(...) | &T | main.rs:654:5:655:14 | S2 | | main.rs:683:38:683:40 | &x3 | | file://:0:0:0:0 | & | -| main.rs:683:38:683:40 | &x3 | &T | main.rs:651:5:652:19 | struct S | -| main.rs:683:38:683:40 | &x3 | &T.T | main.rs:654:5:655:14 | struct S2 | -| main.rs:683:39:683:40 | x3 | | main.rs:651:5:652:19 | struct S | -| main.rs:683:39:683:40 | x3 | T | main.rs:654:5:655:14 | struct S2 | +| main.rs:683:38:683:40 | &x3 | &T | main.rs:651:5:652:19 | S | +| main.rs:683:38:683:40 | &x3 | &T.T | main.rs:654:5:655:14 | S2 | +| main.rs:683:39:683:40 | x3 | | main.rs:651:5:652:19 | S | +| main.rs:683:39:683:40 | x3 | T | main.rs:654:5:655:14 | S2 | | main.rs:685:13:685:14 | x4 | | file://:0:0:0:0 | & | -| main.rs:685:13:685:14 | x4 | &T | main.rs:651:5:652:19 | struct S | -| main.rs:685:13:685:14 | x4 | &T.T | main.rs:654:5:655:14 | struct S2 | +| main.rs:685:13:685:14 | x4 | &T | main.rs:651:5:652:19 | S | +| main.rs:685:13:685:14 | x4 | &T.T | main.rs:654:5:655:14 | S2 | | main.rs:685:18:685:23 | &... | | file://:0:0:0:0 | & | -| main.rs:685:18:685:23 | &... | &T | main.rs:651:5:652:19 | struct S | -| main.rs:685:18:685:23 | &... | &T.T | main.rs:654:5:655:14 | struct S2 | -| main.rs:685:19:685:23 | S(...) | | main.rs:651:5:652:19 | struct S | -| main.rs:685:19:685:23 | S(...) | T | main.rs:654:5:655:14 | struct S2 | -| main.rs:685:21:685:22 | S2 | | main.rs:654:5:655:14 | struct S2 | +| main.rs:685:18:685:23 | &... | &T | main.rs:651:5:652:19 | S | +| main.rs:685:18:685:23 | &... | &T.T | main.rs:654:5:655:14 | S2 | +| main.rs:685:19:685:23 | S(...) | | main.rs:651:5:652:19 | S | +| main.rs:685:19:685:23 | S(...) | T | main.rs:654:5:655:14 | S2 | +| main.rs:685:21:685:22 | S2 | | main.rs:654:5:655:14 | S2 | | main.rs:687:26:687:27 | x4 | | file://:0:0:0:0 | & | -| main.rs:687:26:687:27 | x4 | &T | main.rs:651:5:652:19 | struct S | -| main.rs:687:26:687:27 | x4 | &T.T | main.rs:654:5:655:14 | struct S2 | -| main.rs:687:26:687:32 | x4.m2(...) | | file://:0:0:0:0 | & | -| main.rs:687:26:687:32 | x4.m2(...) | &T | main.rs:654:5:655:14 | struct S2 | +| main.rs:687:26:687:27 | x4 | &T | main.rs:651:5:652:19 | S | +| main.rs:687:26:687:27 | x4 | &T.T | main.rs:654:5:655:14 | S2 | +| main.rs:687:26:687:32 | x4.m2() | | file://:0:0:0:0 | & | +| main.rs:687:26:687:32 | x4.m2() | &T | main.rs:654:5:655:14 | S2 | | main.rs:688:26:688:27 | x4 | | file://:0:0:0:0 | & | -| main.rs:688:26:688:27 | x4 | &T | main.rs:651:5:652:19 | struct S | -| main.rs:688:26:688:27 | x4 | &T.T | main.rs:654:5:655:14 | struct S2 | -| main.rs:688:26:688:32 | x4.m3(...) | | file://:0:0:0:0 | & | -| main.rs:688:26:688:32 | x4.m3(...) | &T | main.rs:654:5:655:14 | struct S2 | +| main.rs:688:26:688:27 | x4 | &T | main.rs:651:5:652:19 | S | +| main.rs:688:26:688:27 | x4 | &T.T | main.rs:654:5:655:14 | S2 | +| main.rs:688:26:688:32 | x4.m3() | | file://:0:0:0:0 | & | +| main.rs:688:26:688:32 | x4.m3() | &T | main.rs:654:5:655:14 | S2 | | main.rs:690:13:690:14 | x5 | | file://:0:0:0:0 | & | -| main.rs:690:13:690:14 | x5 | &T | main.rs:651:5:652:19 | struct S | -| main.rs:690:13:690:14 | x5 | &T.T | main.rs:654:5:655:14 | struct S2 | +| main.rs:690:13:690:14 | x5 | &T | main.rs:651:5:652:19 | S | +| main.rs:690:13:690:14 | x5 | &T.T | main.rs:654:5:655:14 | S2 | | main.rs:690:18:690:23 | &... | | file://:0:0:0:0 | & | -| main.rs:690:18:690:23 | &... | &T | main.rs:651:5:652:19 | struct S | -| main.rs:690:18:690:23 | &... | &T.T | main.rs:654:5:655:14 | struct S2 | -| main.rs:690:19:690:23 | S(...) | | main.rs:651:5:652:19 | struct S | -| main.rs:690:19:690:23 | S(...) | T | main.rs:654:5:655:14 | struct S2 | -| main.rs:690:21:690:22 | S2 | | main.rs:654:5:655:14 | struct S2 | +| main.rs:690:18:690:23 | &... | &T | main.rs:651:5:652:19 | S | +| main.rs:690:18:690:23 | &... | &T.T | main.rs:654:5:655:14 | S2 | +| main.rs:690:19:690:23 | S(...) | | main.rs:651:5:652:19 | S | +| main.rs:690:19:690:23 | S(...) | T | main.rs:654:5:655:14 | S2 | +| main.rs:690:21:690:22 | S2 | | main.rs:654:5:655:14 | S2 | | main.rs:692:26:692:27 | x5 | | file://:0:0:0:0 | & | -| main.rs:692:26:692:27 | x5 | &T | main.rs:651:5:652:19 | struct S | -| main.rs:692:26:692:27 | x5 | &T.T | main.rs:654:5:655:14 | struct S2 | -| main.rs:692:26:692:32 | x5.m1(...) | | main.rs:654:5:655:14 | struct S2 | +| main.rs:692:26:692:27 | x5 | &T | main.rs:651:5:652:19 | S | +| main.rs:692:26:692:27 | x5 | &T.T | main.rs:654:5:655:14 | S2 | +| main.rs:692:26:692:32 | x5.m1() | | main.rs:654:5:655:14 | S2 | | main.rs:693:26:693:27 | x5 | | file://:0:0:0:0 | & | -| main.rs:693:26:693:27 | x5 | &T | main.rs:651:5:652:19 | struct S | -| main.rs:693:26:693:27 | x5 | &T.T | main.rs:654:5:655:14 | struct S2 | -| main.rs:693:26:693:29 | x5.0 | | main.rs:654:5:655:14 | struct S2 | +| main.rs:693:26:693:27 | x5 | &T | main.rs:651:5:652:19 | S | +| main.rs:693:26:693:27 | x5 | &T.T | main.rs:654:5:655:14 | S2 | +| main.rs:693:26:693:29 | x5.0 | | main.rs:654:5:655:14 | S2 | | main.rs:695:13:695:14 | x6 | | file://:0:0:0:0 | & | -| main.rs:695:13:695:14 | x6 | &T | main.rs:651:5:652:19 | struct S | -| main.rs:695:13:695:14 | x6 | &T.T | main.rs:654:5:655:14 | struct S2 | +| main.rs:695:13:695:14 | x6 | &T | main.rs:651:5:652:19 | S | +| main.rs:695:13:695:14 | x6 | &T.T | main.rs:654:5:655:14 | S2 | | main.rs:695:18:695:23 | &... | | file://:0:0:0:0 | & | -| main.rs:695:18:695:23 | &... | &T | main.rs:651:5:652:19 | struct S | -| main.rs:695:18:695:23 | &... | &T.T | main.rs:654:5:655:14 | struct S2 | -| main.rs:695:19:695:23 | S(...) | | main.rs:651:5:652:19 | struct S | -| main.rs:695:19:695:23 | S(...) | T | main.rs:654:5:655:14 | struct S2 | -| main.rs:695:21:695:22 | S2 | | main.rs:654:5:655:14 | struct S2 | -| main.rs:697:26:697:30 | (...) | | main.rs:651:5:652:19 | struct S | -| main.rs:697:26:697:30 | (...) | T | main.rs:654:5:655:14 | struct S2 | -| main.rs:697:26:697:35 | ... .m1(...) | | main.rs:654:5:655:14 | struct S2 | -| main.rs:697:27:697:29 | * ... | | main.rs:651:5:652:19 | struct S | -| main.rs:697:27:697:29 | * ... | T | main.rs:654:5:655:14 | struct S2 | +| main.rs:695:18:695:23 | &... | &T | main.rs:651:5:652:19 | S | +| main.rs:695:18:695:23 | &... | &T.T | main.rs:654:5:655:14 | S2 | +| main.rs:695:19:695:23 | S(...) | | main.rs:651:5:652:19 | S | +| main.rs:695:19:695:23 | S(...) | T | main.rs:654:5:655:14 | S2 | +| main.rs:695:21:695:22 | S2 | | main.rs:654:5:655:14 | S2 | +| main.rs:697:26:697:30 | (...) | | main.rs:651:5:652:19 | S | +| main.rs:697:26:697:30 | (...) | T | main.rs:654:5:655:14 | S2 | +| main.rs:697:26:697:35 | ... .m1() | | main.rs:654:5:655:14 | S2 | +| main.rs:697:27:697:29 | * ... | | main.rs:651:5:652:19 | S | +| main.rs:697:27:697:29 | * ... | T | main.rs:654:5:655:14 | S2 | | main.rs:697:28:697:29 | x6 | | file://:0:0:0:0 | & | -| main.rs:697:28:697:29 | x6 | &T | main.rs:651:5:652:19 | struct S | -| main.rs:697:28:697:29 | x6 | &T.T | main.rs:654:5:655:14 | struct S2 | +| main.rs:697:28:697:29 | x6 | &T | main.rs:651:5:652:19 | S | +| main.rs:697:28:697:29 | x6 | &T.T | main.rs:654:5:655:14 | S2 | | main.rs:703:16:703:20 | SelfParam | | file://:0:0:0:0 | & | | main.rs:703:16:703:20 | SelfParam | &T | main.rs:702:5:708:5 | Self [trait MyTrait] | | main.rs:705:16:705:20 | SelfParam | | file://:0:0:0:0 | & | @@ -773,146 +773,146 @@ inferType | main.rs:705:32:707:9 | { ... } | &T | main.rs:702:5:708:5 | Self [trait MyTrait] | | main.rs:706:13:706:16 | self | | file://:0:0:0:0 | & | | main.rs:706:13:706:16 | self | &T | main.rs:702:5:708:5 | Self [trait MyTrait] | -| main.rs:706:13:706:22 | self.foo(...) | | file://:0:0:0:0 | & | -| main.rs:706:13:706:22 | self.foo(...) | &T | main.rs:702:5:708:5 | Self [trait MyTrait] | +| main.rs:706:13:706:22 | self.foo() | | file://:0:0:0:0 | & | +| main.rs:706:13:706:22 | self.foo() | &T | main.rs:702:5:708:5 | Self [trait MyTrait] | | main.rs:713:16:713:20 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:713:16:713:20 | SelfParam | &T | main.rs:710:5:710:20 | struct MyStruct | +| main.rs:713:16:713:20 | SelfParam | &T | main.rs:710:5:710:20 | MyStruct | | main.rs:713:36:715:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:713:36:715:9 | { ... } | &T | main.rs:710:5:710:20 | struct MyStruct | +| main.rs:713:36:715:9 | { ... } | &T | main.rs:710:5:710:20 | MyStruct | | main.rs:714:13:714:16 | self | | file://:0:0:0:0 | & | -| main.rs:714:13:714:16 | self | &T | main.rs:710:5:710:20 | struct MyStruct | -| main.rs:719:13:719:13 | x | | main.rs:710:5:710:20 | struct MyStruct | -| main.rs:719:17:719:24 | MyStruct | | main.rs:710:5:710:20 | struct MyStruct | -| main.rs:720:9:720:9 | x | | main.rs:710:5:710:20 | struct MyStruct | -| main.rs:720:9:720:15 | x.bar(...) | | file://:0:0:0:0 | & | -| main.rs:720:9:720:15 | x.bar(...) | &T | main.rs:710:5:710:20 | struct MyStruct | +| main.rs:714:13:714:16 | self | &T | main.rs:710:5:710:20 | MyStruct | +| main.rs:719:13:719:13 | x | | main.rs:710:5:710:20 | MyStruct | +| main.rs:719:17:719:24 | MyStruct | | main.rs:710:5:710:20 | MyStruct | +| main.rs:720:9:720:9 | x | | main.rs:710:5:710:20 | MyStruct | +| main.rs:720:9:720:15 | x.bar() | | file://:0:0:0:0 | & | +| main.rs:720:9:720:15 | x.bar() | &T | main.rs:710:5:710:20 | MyStruct | | main.rs:730:16:730:20 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:730:16:730:20 | SelfParam | &T | main.rs:727:5:727:26 | struct MyStruct | +| main.rs:730:16:730:20 | SelfParam | &T | main.rs:727:5:727:26 | MyStruct | | main.rs:730:16:730:20 | SelfParam | &T.T | main.rs:729:10:729:10 | T | | main.rs:730:32:732:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:730:32:732:9 | { ... } | &T | main.rs:727:5:727:26 | struct MyStruct | +| main.rs:730:32:732:9 | { ... } | &T | main.rs:727:5:727:26 | MyStruct | | main.rs:730:32:732:9 | { ... } | &T.T | main.rs:729:10:729:10 | T | | main.rs:731:13:731:16 | self | | file://:0:0:0:0 | & | -| main.rs:731:13:731:16 | self | &T | main.rs:727:5:727:26 | struct MyStruct | +| main.rs:731:13:731:16 | self | &T | main.rs:727:5:727:26 | MyStruct | | main.rs:731:13:731:16 | self | &T.T | main.rs:729:10:729:10 | T | -| main.rs:736:13:736:13 | x | | main.rs:727:5:727:26 | struct MyStruct | -| main.rs:736:13:736:13 | x | T | main.rs:725:5:725:13 | struct S | -| main.rs:736:17:736:27 | MyStruct(...) | | main.rs:727:5:727:26 | struct MyStruct | -| main.rs:736:17:736:27 | MyStruct(...) | T | main.rs:725:5:725:13 | struct S | -| main.rs:736:26:736:26 | S | | main.rs:725:5:725:13 | struct S | -| main.rs:737:9:737:9 | x | | main.rs:727:5:727:26 | struct MyStruct | -| main.rs:737:9:737:9 | x | T | main.rs:725:5:725:13 | struct S | -| main.rs:737:9:737:15 | x.foo(...) | | file://:0:0:0:0 | & | -| main.rs:737:9:737:15 | x.foo(...) | &T | main.rs:727:5:727:26 | struct MyStruct | -| main.rs:737:9:737:15 | x.foo(...) | &T.T | main.rs:725:5:725:13 | struct S | +| main.rs:736:13:736:13 | x | | main.rs:727:5:727:26 | MyStruct | +| main.rs:736:13:736:13 | x | T | main.rs:725:5:725:13 | S | +| main.rs:736:17:736:27 | MyStruct(...) | | main.rs:727:5:727:26 | MyStruct | +| main.rs:736:17:736:27 | MyStruct(...) | T | main.rs:725:5:725:13 | S | +| main.rs:736:26:736:26 | S | | main.rs:725:5:725:13 | S | +| main.rs:737:9:737:9 | x | | main.rs:727:5:727:26 | MyStruct | +| main.rs:737:9:737:9 | x | T | main.rs:725:5:725:13 | S | +| main.rs:737:9:737:15 | x.foo() | | file://:0:0:0:0 | & | +| main.rs:737:9:737:15 | x.foo() | &T | main.rs:727:5:727:26 | MyStruct | +| main.rs:737:9:737:15 | x.foo() | &T.T | main.rs:725:5:725:13 | S | | main.rs:745:15:745:19 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:745:15:745:19 | SelfParam | &T | main.rs:742:5:742:13 | struct S | +| main.rs:745:15:745:19 | SelfParam | &T | main.rs:742:5:742:13 | S | | main.rs:745:31:747:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:745:31:747:9 | { ... } | &T | main.rs:742:5:742:13 | struct S | +| main.rs:745:31:747:9 | { ... } | &T | main.rs:742:5:742:13 | S | | main.rs:746:13:746:19 | &... | | file://:0:0:0:0 | & | -| main.rs:746:13:746:19 | &... | &T | main.rs:742:5:742:13 | struct S | +| main.rs:746:13:746:19 | &... | &T | main.rs:742:5:742:13 | S | | main.rs:746:14:746:19 | &... | | file://:0:0:0:0 | & | -| main.rs:746:14:746:19 | &... | &T | main.rs:742:5:742:13 | struct S | +| main.rs:746:14:746:19 | &... | &T | main.rs:742:5:742:13 | S | | main.rs:746:15:746:19 | &self | | file://:0:0:0:0 | & | -| main.rs:746:15:746:19 | &self | &T | main.rs:742:5:742:13 | struct S | +| main.rs:746:15:746:19 | &self | &T | main.rs:742:5:742:13 | S | | main.rs:746:16:746:19 | self | | file://:0:0:0:0 | & | -| main.rs:746:16:746:19 | self | &T | main.rs:742:5:742:13 | struct S | +| main.rs:746:16:746:19 | self | &T | main.rs:742:5:742:13 | S | | main.rs:749:15:749:25 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:749:15:749:25 | SelfParam | &T | main.rs:742:5:742:13 | struct S | +| main.rs:749:15:749:25 | SelfParam | &T | main.rs:742:5:742:13 | S | | main.rs:749:37:751:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:749:37:751:9 | { ... } | &T | main.rs:742:5:742:13 | struct S | +| main.rs:749:37:751:9 | { ... } | &T | main.rs:742:5:742:13 | S | | main.rs:750:13:750:19 | &... | | file://:0:0:0:0 | & | -| main.rs:750:13:750:19 | &... | &T | main.rs:742:5:742:13 | struct S | +| main.rs:750:13:750:19 | &... | &T | main.rs:742:5:742:13 | S | | main.rs:750:14:750:19 | &... | | file://:0:0:0:0 | & | -| main.rs:750:14:750:19 | &... | &T | main.rs:742:5:742:13 | struct S | +| main.rs:750:14:750:19 | &... | &T | main.rs:742:5:742:13 | S | | main.rs:750:15:750:19 | &self | | file://:0:0:0:0 | & | -| main.rs:750:15:750:19 | &self | &T | main.rs:742:5:742:13 | struct S | +| main.rs:750:15:750:19 | &self | &T | main.rs:742:5:742:13 | S | | main.rs:750:16:750:19 | self | | file://:0:0:0:0 | & | -| main.rs:750:16:750:19 | self | &T | main.rs:742:5:742:13 | struct S | +| main.rs:750:16:750:19 | self | &T | main.rs:742:5:742:13 | S | | main.rs:753:15:753:15 | x | | file://:0:0:0:0 | & | -| main.rs:753:15:753:15 | x | &T | main.rs:742:5:742:13 | struct S | +| main.rs:753:15:753:15 | x | &T | main.rs:742:5:742:13 | S | | main.rs:753:34:755:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:753:34:755:9 | { ... } | &T | main.rs:742:5:742:13 | struct S | +| main.rs:753:34:755:9 | { ... } | &T | main.rs:742:5:742:13 | S | | main.rs:754:13:754:13 | x | | file://:0:0:0:0 | & | -| main.rs:754:13:754:13 | x | &T | main.rs:742:5:742:13 | struct S | +| main.rs:754:13:754:13 | x | &T | main.rs:742:5:742:13 | S | | main.rs:757:15:757:15 | x | | file://:0:0:0:0 | & | -| main.rs:757:15:757:15 | x | &T | main.rs:742:5:742:13 | struct S | +| main.rs:757:15:757:15 | x | &T | main.rs:742:5:742:13 | S | | main.rs:757:34:759:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:757:34:759:9 | { ... } | &T | main.rs:742:5:742:13 | struct S | +| main.rs:757:34:759:9 | { ... } | &T | main.rs:742:5:742:13 | S | | main.rs:758:13:758:16 | &... | | file://:0:0:0:0 | & | -| main.rs:758:13:758:16 | &... | &T | main.rs:742:5:742:13 | struct S | +| main.rs:758:13:758:16 | &... | &T | main.rs:742:5:742:13 | S | | main.rs:758:14:758:16 | &... | | file://:0:0:0:0 | & | -| main.rs:758:14:758:16 | &... | &T | main.rs:742:5:742:13 | struct S | +| main.rs:758:14:758:16 | &... | &T | main.rs:742:5:742:13 | S | | main.rs:758:15:758:16 | &x | | file://:0:0:0:0 | & | -| main.rs:758:15:758:16 | &x | &T | main.rs:742:5:742:13 | struct S | +| main.rs:758:15:758:16 | &x | &T | main.rs:742:5:742:13 | S | | main.rs:758:16:758:16 | x | | file://:0:0:0:0 | & | -| main.rs:758:16:758:16 | x | &T | main.rs:742:5:742:13 | struct S | -| main.rs:763:13:763:13 | x | | main.rs:742:5:742:13 | struct S | -| main.rs:763:17:763:20 | S {...} | | main.rs:742:5:742:13 | struct S | -| main.rs:764:9:764:9 | x | | main.rs:742:5:742:13 | struct S | -| main.rs:764:9:764:14 | x.f1(...) | | file://:0:0:0:0 | & | -| main.rs:764:9:764:14 | x.f1(...) | &T | main.rs:742:5:742:13 | struct S | -| main.rs:765:9:765:9 | x | | main.rs:742:5:742:13 | struct S | -| main.rs:765:9:765:14 | x.f2(...) | | file://:0:0:0:0 | & | -| main.rs:765:9:765:14 | x.f2(...) | &T | main.rs:742:5:742:13 | struct S | +| main.rs:758:16:758:16 | x | &T | main.rs:742:5:742:13 | S | +| main.rs:763:13:763:13 | x | | main.rs:742:5:742:13 | S | +| main.rs:763:17:763:20 | S {...} | | main.rs:742:5:742:13 | S | +| main.rs:764:9:764:9 | x | | main.rs:742:5:742:13 | S | +| main.rs:764:9:764:14 | x.f1() | | file://:0:0:0:0 | & | +| main.rs:764:9:764:14 | x.f1() | &T | main.rs:742:5:742:13 | S | +| main.rs:765:9:765:9 | x | | main.rs:742:5:742:13 | S | +| main.rs:765:9:765:14 | x.f2() | | file://:0:0:0:0 | & | +| main.rs:765:9:765:14 | x.f2() | &T | main.rs:742:5:742:13 | S | | main.rs:766:9:766:17 | ...::f3(...) | | file://:0:0:0:0 | & | -| main.rs:766:9:766:17 | ...::f3(...) | &T | main.rs:742:5:742:13 | struct S | +| main.rs:766:9:766:17 | ...::f3(...) | &T | main.rs:742:5:742:13 | S | | main.rs:766:15:766:16 | &x | | file://:0:0:0:0 | & | -| main.rs:766:15:766:16 | &x | &T | main.rs:742:5:742:13 | struct S | -| main.rs:766:16:766:16 | x | | main.rs:742:5:742:13 | struct S | -| main.rs:772:5:772:20 | ...::f(...) | | main.rs:67:5:67:21 | struct Foo | -| main.rs:773:5:773:60 | ...::g(...) | | main.rs:67:5:67:21 | struct Foo | -| main.rs:773:20:773:38 | ...::Foo {...} | | main.rs:67:5:67:21 | struct Foo | -| main.rs:773:41:773:59 | ...::Foo {...} | | main.rs:67:5:67:21 | struct Foo | +| main.rs:766:15:766:16 | &x | &T | main.rs:742:5:742:13 | S | +| main.rs:766:16:766:16 | x | | main.rs:742:5:742:13 | S | +| main.rs:772:5:772:20 | ...::f(...) | | main.rs:67:5:67:21 | Foo | +| main.rs:773:5:773:60 | ...::g(...) | | main.rs:67:5:67:21 | Foo | +| main.rs:773:20:773:38 | ...::Foo {...} | | main.rs:67:5:67:21 | Foo | +| main.rs:773:41:773:59 | ...::Foo {...} | | main.rs:67:5:67:21 | Foo | resolveMethodCallExpr -| loop/main.rs:12:9:12:18 | self.foo(...) | loop/main.rs:7:5:7:19 | fn foo | -| main.rs:88:9:88:14 | x.m1(...) | main.rs:70:9:72:9 | fn m1 | -| main.rs:89:9:89:14 | y.m2(...) | main.rs:74:9:76:9 | fn m2 | -| main.rs:136:26:136:31 | x.m2(...) | main.rs:117:9:119:9 | fn m2 | -| main.rs:137:26:137:31 | y.m2(...) | main.rs:117:9:119:9 | fn m2 | -| main.rs:164:9:164:14 | x.m1(...) | main.rs:153:9:153:25 | fn m1 | -| main.rs:215:18:215:27 | x.method(...) | main.rs:210:9:210:30 | fn method | -| main.rs:221:18:221:27 | x.method(...) | main.rs:210:9:210:30 | fn method | -| main.rs:226:17:226:26 | x.method(...) | main.rs:206:9:206:30 | fn method | -| main.rs:231:17:231:26 | x.method(...) | main.rs:206:9:206:30 | fn method | -| main.rs:243:18:243:24 | x.fst(...) | main.rs:236:9:236:27 | fn fst | -| main.rs:244:18:244:24 | y.snd(...) | main.rs:238:9:238:27 | fn snd | -| main.rs:250:18:250:24 | x.fst(...) | main.rs:236:9:236:27 | fn fst | -| main.rs:251:18:251:24 | y.snd(...) | main.rs:238:9:238:27 | fn snd | -| main.rs:274:13:274:21 | self.m1(...) | main.rs:268:9:268:25 | fn m1 | -| main.rs:280:9:280:14 | x.m1(...) | main.rs:268:9:268:25 | fn m1 | -| main.rs:285:9:285:16 | ... .m1(...) | main.rs:268:9:268:25 | fn m1 | -| main.rs:298:26:298:31 | x.m1(...) | main.rs:289:9:291:9 | fn m1 | -| main.rs:299:26:299:31 | y.m1(...) | main.rs:289:9:291:9 | fn m1 | -| main.rs:304:26:304:31 | x.m2(...) | main.rs:270:9:275:9 | fn m2 | -| main.rs:305:26:305:31 | y.m2(...) | main.rs:270:9:275:9 | fn m2 | -| main.rs:353:26:353:31 | x.m1(...) | main.rs:346:9:348:9 | fn m1 | -| main.rs:356:26:356:31 | x.m2(...) | main.rs:331:9:337:9 | fn m2 | -| main.rs:385:26:385:31 | x.m1(...) | main.rs:373:9:378:9 | fn m1 | -| main.rs:386:26:386:31 | y.m1(...) | main.rs:373:9:378:9 | fn m1 | -| main.rs:416:17:416:25 | self.m1(...) | main.rs:407:9:407:27 | fn m1 | -| main.rs:429:17:429:25 | self.m2(...) | main.rs:411:9:420:9 | fn m2 | -| main.rs:458:26:458:31 | x.m1(...) | main.rs:437:9:439:9 | fn m1 | -| main.rs:459:26:459:31 | y.m1(...) | main.rs:437:9:439:9 | fn m1 | -| main.rs:464:26:464:31 | x.m2(...) | main.rs:411:9:420:9 | fn m2 | -| main.rs:465:26:465:31 | y.m2(...) | main.rs:411:9:420:9 | fn m2 | -| main.rs:470:26:470:31 | x.m3(...) | main.rs:424:9:433:9 | fn m3 | -| main.rs:471:26:471:31 | y.m3(...) | main.rs:424:9:433:9 | fn m3 | +| loop/main.rs:12:9:12:18 | self.foo() | loop/main.rs:7:5:7:19 | fn foo | +| main.rs:88:9:88:14 | x.m1() | main.rs:70:9:72:9 | fn m1 | +| main.rs:89:9:89:14 | y.m2() | main.rs:74:9:76:9 | fn m2 | +| main.rs:136:26:136:31 | x.m2() | main.rs:117:9:119:9 | fn m2 | +| main.rs:137:26:137:31 | y.m2() | main.rs:117:9:119:9 | fn m2 | +| main.rs:164:9:164:14 | x.m1() | main.rs:153:9:153:25 | fn m1 | +| main.rs:215:18:215:27 | x.method() | main.rs:210:9:210:30 | fn method | +| main.rs:221:18:221:27 | x.method() | main.rs:210:9:210:30 | fn method | +| main.rs:226:17:226:26 | x.method() | main.rs:206:9:206:30 | fn method | +| main.rs:231:17:231:26 | x.method() | main.rs:206:9:206:30 | fn method | +| main.rs:243:18:243:24 | x.fst() | main.rs:236:9:236:27 | fn fst | +| main.rs:244:18:244:24 | y.snd() | main.rs:238:9:238:27 | fn snd | +| main.rs:250:18:250:24 | x.fst() | main.rs:236:9:236:27 | fn fst | +| main.rs:251:18:251:24 | y.snd() | main.rs:238:9:238:27 | fn snd | +| main.rs:274:13:274:21 | self.m1() | main.rs:268:9:268:25 | fn m1 | +| main.rs:280:9:280:14 | x.m1() | main.rs:268:9:268:25 | fn m1 | +| main.rs:285:9:285:16 | ... .m1() | main.rs:268:9:268:25 | fn m1 | +| main.rs:298:26:298:31 | x.m1() | main.rs:289:9:291:9 | fn m1 | +| main.rs:299:26:299:31 | y.m1() | main.rs:289:9:291:9 | fn m1 | +| main.rs:304:26:304:31 | x.m2() | main.rs:270:9:275:9 | fn m2 | +| main.rs:305:26:305:31 | y.m2() | main.rs:270:9:275:9 | fn m2 | +| main.rs:353:26:353:31 | x.m1() | main.rs:346:9:348:9 | fn m1 | +| main.rs:356:26:356:31 | x.m2() | main.rs:331:9:337:9 | fn m2 | +| main.rs:385:26:385:31 | x.m1() | main.rs:373:9:378:9 | fn m1 | +| main.rs:386:26:386:31 | y.m1() | main.rs:373:9:378:9 | fn m1 | +| main.rs:416:17:416:25 | self.m1() | main.rs:407:9:407:27 | fn m1 | +| main.rs:429:17:429:25 | self.m2() | main.rs:411:9:420:9 | fn m2 | +| main.rs:458:26:458:31 | x.m1() | main.rs:437:9:439:9 | fn m1 | +| main.rs:459:26:459:31 | y.m1() | main.rs:437:9:439:9 | fn m1 | +| main.rs:464:26:464:31 | x.m2() | main.rs:411:9:420:9 | fn m2 | +| main.rs:465:26:465:31 | y.m2() | main.rs:411:9:420:9 | fn m2 | +| main.rs:470:26:470:31 | x.m3() | main.rs:424:9:433:9 | fn m3 | +| main.rs:471:26:471:31 | y.m3() | main.rs:424:9:433:9 | fn m3 | | main.rs:578:13:578:27 | self.set(...) | main.rs:575:9:575:36 | fn set | | main.rs:609:9:609:17 | x2.set(...) | main.rs:583:9:583:38 | fn set | | main.rs:613:9:613:22 | x3.call_set(...) | main.rs:577:9:579:9 | fn call_set | -| main.rs:673:26:673:32 | x1.m1(...) | main.rs:658:9:660:9 | fn m1 | -| main.rs:677:26:677:32 | x2.m2(...) | main.rs:662:9:664:9 | fn m2 | -| main.rs:678:26:678:32 | x2.m3(...) | main.rs:666:9:668:9 | fn m3 | -| main.rs:687:26:687:32 | x4.m2(...) | main.rs:662:9:664:9 | fn m2 | -| main.rs:688:26:688:32 | x4.m3(...) | main.rs:666:9:668:9 | fn m3 | -| main.rs:692:26:692:32 | x5.m1(...) | main.rs:658:9:660:9 | fn m1 | -| main.rs:697:26:697:35 | ... .m1(...) | main.rs:658:9:660:9 | fn m1 | -| main.rs:706:13:706:22 | self.foo(...) | main.rs:703:9:703:31 | fn foo | -| main.rs:720:9:720:15 | x.bar(...) | main.rs:705:9:707:9 | fn bar | -| main.rs:737:9:737:15 | x.foo(...) | main.rs:730:9:732:9 | fn foo | -| main.rs:764:9:764:14 | x.f1(...) | main.rs:745:9:747:9 | fn f1 | -| main.rs:765:9:765:14 | x.f2(...) | main.rs:749:9:751:9 | fn f2 | +| main.rs:673:26:673:32 | x1.m1() | main.rs:658:9:660:9 | fn m1 | +| main.rs:677:26:677:32 | x2.m2() | main.rs:662:9:664:9 | fn m2 | +| main.rs:678:26:678:32 | x2.m3() | main.rs:666:9:668:9 | fn m3 | +| main.rs:687:26:687:32 | x4.m2() | main.rs:662:9:664:9 | fn m2 | +| main.rs:688:26:688:32 | x4.m3() | main.rs:666:9:668:9 | fn m3 | +| main.rs:692:26:692:32 | x5.m1() | main.rs:658:9:660:9 | fn m1 | +| main.rs:697:26:697:35 | ... .m1() | main.rs:658:9:660:9 | fn m1 | +| main.rs:706:13:706:22 | self.foo() | main.rs:703:9:703:31 | fn foo | +| main.rs:720:9:720:15 | x.bar() | main.rs:705:9:707:9 | fn bar | +| main.rs:737:9:737:15 | x.foo() | main.rs:730:9:732:9 | fn foo | +| main.rs:764:9:764:14 | x.f1() | main.rs:745:9:747:9 | fn f1 | +| main.rs:765:9:765:14 | x.f2() | main.rs:749:9:751:9 | fn f2 | resolveFieldExpr | main.rs:27:26:27:28 | x.a | main.rs:7:9:7:12 | StructField | | main.rs:33:26:33:28 | x.a | main.rs:18:9:18:12 | StructField | diff --git a/rust/ql/test/library-tests/variables/Cfg.expected b/rust/ql/test/library-tests/variables/Cfg.expected index 1f25c751eaf..2f3d9927710 100644 --- a/rust/ql/test/library-tests/variables/Cfg.expected +++ b/rust/ql/test/library-tests/variables/Cfg.expected @@ -1312,8 +1312,8 @@ edges | main.rs:532:5:532:13 | print_i64 | main.rs:532:15:532:15 | a | | | main.rs:532:5:532:25 | print_i64(...) | main.rs:533:5:533:14 | ExprStmt | | | main.rs:532:5:532:26 | ExprStmt | main.rs:532:5:532:13 | print_i64 | | -| main.rs:532:15:532:15 | a | main.rs:532:15:532:24 | a.my_get(...) | | -| main.rs:532:15:532:24 | a.my_get(...) | main.rs:532:5:532:25 | print_i64(...) | | +| main.rs:532:15:532:15 | a | main.rs:532:15:532:24 | a.my_get() | | +| main.rs:532:15:532:24 | a.my_get() | main.rs:532:5:532:25 | print_i64(...) | | | main.rs:533:5:533:5 | a | main.rs:533:5:533:9 | a.val | | | main.rs:533:5:533:9 | a.val | main.rs:533:13:533:13 | 5 | | | main.rs:533:5:533:13 | ... = ... | main.rs:534:5:534:26 | ExprStmt | | @@ -1322,8 +1322,8 @@ edges | main.rs:534:5:534:13 | print_i64 | main.rs:534:15:534:15 | a | | | main.rs:534:5:534:25 | print_i64(...) | main.rs:535:5:535:28 | ExprStmt | | | main.rs:534:5:534:26 | ExprStmt | main.rs:534:5:534:13 | print_i64 | | -| main.rs:534:15:534:15 | a | main.rs:534:15:534:24 | a.my_get(...) | | -| main.rs:534:15:534:24 | a.my_get(...) | main.rs:534:5:534:25 | print_i64(...) | | +| main.rs:534:15:534:15 | a | main.rs:534:15:534:24 | a.my_get() | | +| main.rs:534:15:534:24 | a.my_get() | main.rs:534:5:534:25 | print_i64(...) | | | main.rs:535:5:535:5 | a | main.rs:535:25:535:25 | 2 | | | main.rs:535:5:535:27 | ... = ... | main.rs:536:5:536:26 | ExprStmt | | | main.rs:535:5:535:28 | ExprStmt | main.rs:535:5:535:5 | a | | @@ -1332,8 +1332,8 @@ edges | main.rs:536:5:536:13 | print_i64 | main.rs:536:15:536:15 | a | | | main.rs:536:5:536:25 | print_i64(...) | main.rs:530:14:537:1 | { ... } | | | main.rs:536:5:536:26 | ExprStmt | main.rs:536:5:536:13 | print_i64 | | -| main.rs:536:15:536:15 | a | main.rs:536:15:536:24 | a.my_get(...) | | -| main.rs:536:15:536:24 | a.my_get(...) | main.rs:536:5:536:25 | print_i64(...) | | +| main.rs:536:15:536:15 | a | main.rs:536:15:536:24 | a.my_get() | | +| main.rs:536:15:536:24 | a.my_get() | main.rs:536:5:536:25 | print_i64(...) | | | main.rs:539:1:546:1 | enter fn arrays | main.rs:540:5:540:26 | let ... = ... | | | main.rs:539:1:546:1 | exit fn arrays (normal) | main.rs:539:1:546:1 | exit fn arrays | | | main.rs:539:13:546:1 | { ... } | main.rs:539:1:546:1 | exit fn arrays (normal) | | @@ -1419,8 +1419,8 @@ edges | main.rs:568:11:568:11 | a | main.rs:568:7:568:11 | mut a | | | main.rs:568:15:568:33 | MyStruct {...} | main.rs:568:11:568:11 | a | | | main.rs:568:31:568:31 | 1 | main.rs:568:15:568:33 | MyStruct {...} | | -| main.rs:569:3:569:3 | a | main.rs:569:3:569:9 | a.bar(...) | | -| main.rs:569:3:569:9 | a.bar(...) | main.rs:571:3:571:19 | ExprStmt | | +| main.rs:569:3:569:3 | a | main.rs:569:3:569:9 | a.bar() | | +| main.rs:569:3:569:9 | a.bar() | main.rs:571:3:571:19 | ExprStmt | | | main.rs:569:3:569:10 | ExprStmt | main.rs:569:3:569:3 | a | | | main.rs:571:3:571:11 | print_i64 | main.rs:571:13:571:13 | a | | | main.rs:571:3:571:18 | print_i64(...) | main.rs:567:30:572:1 | { ... } | | diff --git a/rust/ql/test/query-tests/security/CWE-022/TaintedPath.expected b/rust/ql/test/query-tests/security/CWE-022/TaintedPath.expected index d85eed692f6..69f922e27bb 100644 --- a/rust/ql/test/query-tests/security/CWE-022/TaintedPath.expected +++ b/rust/ql/test/query-tests/security/CWE-022/TaintedPath.expected @@ -15,13 +15,13 @@ edges | src/main.rs:40:52:40:60 | file_path | src/main.rs:40:38:40:61 | ...::from(...) | provenance | MaD:4 | | src/main.rs:45:24:45:32 | file_path | src/main.rs:45:5:45:22 | ...::read_to_string | provenance | MaD:1 Sink:MaD:1 | | src/main.rs:50:11:50:19 | file_path | src/main.rs:53:52:53:60 | file_path | provenance | | -| src/main.rs:53:9:53:17 | file_path | src/main.rs:54:21:54:44 | file_path.canonicalize(...) [Ok] | provenance | Config | +| src/main.rs:53:9:53:17 | file_path | src/main.rs:54:21:54:44 | file_path.canonicalize() [Ok] | provenance | Config | | src/main.rs:53:21:53:62 | public_path.join(...) | src/main.rs:53:9:53:17 | file_path | provenance | | | src/main.rs:53:38:53:61 | ...::from(...) | src/main.rs:53:21:53:62 | public_path.join(...) | provenance | MaD:3 | | src/main.rs:53:52:53:60 | file_path | src/main.rs:53:38:53:61 | ...::from(...) | provenance | MaD:4 | | src/main.rs:54:9:54:17 | file_path | src/main.rs:59:24:59:32 | file_path | provenance | | -| src/main.rs:54:21:54:44 | file_path.canonicalize(...) [Ok] | src/main.rs:54:21:54:53 | ... .unwrap(...) | provenance | MaD:2 | -| src/main.rs:54:21:54:53 | ... .unwrap(...) | src/main.rs:54:9:54:17 | file_path | provenance | | +| src/main.rs:54:21:54:44 | file_path.canonicalize() [Ok] | src/main.rs:54:21:54:53 | ... .unwrap() | provenance | MaD:2 | +| src/main.rs:54:21:54:53 | ... .unwrap() | src/main.rs:54:9:54:17 | file_path | provenance | | | src/main.rs:59:24:59:32 | file_path | src/main.rs:59:5:59:22 | ...::read_to_string | provenance | MaD:1 Sink:MaD:1 | models | 1 | Sink: lang:std; crate::fs::read_to_string; path-injection; Argument[0] | @@ -48,8 +48,8 @@ nodes | src/main.rs:53:38:53:61 | ...::from(...) | semmle.label | ...::from(...) | | src/main.rs:53:52:53:60 | file_path | semmle.label | file_path | | src/main.rs:54:9:54:17 | file_path | semmle.label | file_path | -| src/main.rs:54:21:54:44 | file_path.canonicalize(...) [Ok] | semmle.label | file_path.canonicalize(...) [Ok] | -| src/main.rs:54:21:54:53 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| src/main.rs:54:21:54:44 | file_path.canonicalize() [Ok] | semmle.label | file_path.canonicalize() [Ok] | +| src/main.rs:54:21:54:53 | ... .unwrap() | semmle.label | ... .unwrap() | | src/main.rs:59:5:59:22 | ...::read_to_string | semmle.label | ...::read_to_string | | src/main.rs:59:24:59:32 | file_path | semmle.label | file_path | subpaths diff --git a/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected b/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected index 0d6f031a18f..f2b9d39fd16 100644 --- a/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected +++ b/rust/ql/test/query-tests/security/CWE-089/SqlInjection.expected @@ -1,31 +1,31 @@ #select -| sqlx.rs:62:26:62:46 | safe_query_3.as_str(...) | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:62:26:62:46 | safe_query_3.as_str(...) | This query depends on a $@. | sqlx.rs:48:25:48:46 | ...::get | user-provided value | -| sqlx.rs:63:26:63:48 | unsafe_query_1.as_str(...) | sqlx.rs:47:22:47:35 | ...::args | sqlx.rs:63:26:63:48 | unsafe_query_1.as_str(...) | This query depends on a $@. | sqlx.rs:47:22:47:35 | ...::args | user-provided value | -| sqlx.rs:65:30:65:52 | unsafe_query_2.as_str(...) | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:65:30:65:52 | unsafe_query_2.as_str(...) | This query depends on a $@. | sqlx.rs:48:25:48:46 | ...::get | user-provided value | -| sqlx.rs:67:30:67:52 | unsafe_query_4.as_str(...) | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:67:30:67:52 | unsafe_query_4.as_str(...) | This query depends on a $@. | sqlx.rs:48:25:48:46 | ...::get | user-provided value | -| sqlx.rs:73:25:73:45 | safe_query_3.as_str(...) | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:73:25:73:45 | safe_query_3.as_str(...) | This query depends on a $@. | sqlx.rs:48:25:48:46 | ...::get | user-provided value | -| sqlx.rs:74:25:74:47 | unsafe_query_1.as_str(...) | sqlx.rs:47:22:47:35 | ...::args | sqlx.rs:74:25:74:47 | unsafe_query_1.as_str(...) | This query depends on a $@. | sqlx.rs:47:22:47:35 | ...::args | user-provided value | -| sqlx.rs:76:29:76:51 | unsafe_query_2.as_str(...) | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:76:29:76:51 | unsafe_query_2.as_str(...) | This query depends on a $@. | sqlx.rs:48:25:48:46 | ...::get | user-provided value | -| sqlx.rs:78:29:78:51 | unsafe_query_4.as_str(...) | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:78:29:78:51 | unsafe_query_4.as_str(...) | This query depends on a $@. | sqlx.rs:48:25:48:46 | ...::get | user-provided value | +| sqlx.rs:62:26:62:46 | safe_query_3.as_str() | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:62:26:62:46 | safe_query_3.as_str() | This query depends on a $@. | sqlx.rs:48:25:48:46 | ...::get | user-provided value | +| sqlx.rs:63:26:63:48 | unsafe_query_1.as_str() | sqlx.rs:47:22:47:35 | ...::args | sqlx.rs:63:26:63:48 | unsafe_query_1.as_str() | This query depends on a $@. | sqlx.rs:47:22:47:35 | ...::args | user-provided value | +| sqlx.rs:65:30:65:52 | unsafe_query_2.as_str() | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:65:30:65:52 | unsafe_query_2.as_str() | This query depends on a $@. | sqlx.rs:48:25:48:46 | ...::get | user-provided value | +| sqlx.rs:67:30:67:52 | unsafe_query_4.as_str() | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:67:30:67:52 | unsafe_query_4.as_str() | This query depends on a $@. | sqlx.rs:48:25:48:46 | ...::get | user-provided value | +| sqlx.rs:73:25:73:45 | safe_query_3.as_str() | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:73:25:73:45 | safe_query_3.as_str() | This query depends on a $@. | sqlx.rs:48:25:48:46 | ...::get | user-provided value | +| sqlx.rs:74:25:74:47 | unsafe_query_1.as_str() | sqlx.rs:47:22:47:35 | ...::args | sqlx.rs:74:25:74:47 | unsafe_query_1.as_str() | This query depends on a $@. | sqlx.rs:47:22:47:35 | ...::args | user-provided value | +| sqlx.rs:76:29:76:51 | unsafe_query_2.as_str() | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:76:29:76:51 | unsafe_query_2.as_str() | This query depends on a $@. | sqlx.rs:48:25:48:46 | ...::get | user-provided value | +| sqlx.rs:78:29:78:51 | unsafe_query_4.as_str() | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:78:29:78:51 | unsafe_query_4.as_str() | This query depends on a $@. | sqlx.rs:48:25:48:46 | ...::get | user-provided value | edges | sqlx.rs:47:9:47:18 | arg_string | sqlx.rs:53:27:53:36 | arg_string | provenance | | | sqlx.rs:47:22:47:35 | ...::args | sqlx.rs:47:22:47:37 | ...::args(...) [element] | provenance | Src:MaD:1 | | sqlx.rs:47:22:47:37 | ...::args(...) [element] | sqlx.rs:47:22:47:44 | ... .nth(...) [Some] | provenance | MaD:10 | | sqlx.rs:47:22:47:44 | ... .nth(...) [Some] | sqlx.rs:47:22:47:77 | ... .unwrap_or(...) | provenance | MaD:5 | | sqlx.rs:47:22:47:77 | ... .unwrap_or(...) | sqlx.rs:47:9:47:18 | arg_string | provenance | | -| sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:49:25:49:52 | remote_string.parse(...) [Ok] | provenance | MaD:8 | +| sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:49:25:49:52 | remote_string.parse() [Ok] | provenance | MaD:8 | | sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:54:27:54:39 | remote_string | provenance | | | sqlx.rs:48:9:48:21 | remote_string | sqlx.rs:56:34:56:89 | MacroExpr | provenance | | | sqlx.rs:48:25:48:46 | ...::get | sqlx.rs:48:25:48:69 | ...::get(...) [Ok] | provenance | Src:MaD:2 | -| sqlx.rs:48:25:48:69 | ...::get(...) [Ok] | sqlx.rs:48:25:48:78 | ... .unwrap(...) | provenance | MaD:6 | -| sqlx.rs:48:25:48:78 | ... .unwrap(...) | sqlx.rs:48:25:48:85 | ... .text(...) [Ok] | provenance | MaD:11 | -| sqlx.rs:48:25:48:85 | ... .text(...) [Ok] | sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | provenance | MaD:7 | +| sqlx.rs:48:25:48:69 | ...::get(...) [Ok] | sqlx.rs:48:25:48:78 | ... .unwrap() | provenance | MaD:6 | +| sqlx.rs:48:25:48:78 | ... .unwrap() | sqlx.rs:48:25:48:85 | ... .text() [Ok] | provenance | MaD:11 | +| sqlx.rs:48:25:48:85 | ... .text() [Ok] | sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | provenance | MaD:7 | | sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | sqlx.rs:48:9:48:21 | remote_string | provenance | | | sqlx.rs:49:9:49:21 | remote_number | sqlx.rs:52:32:52:87 | MacroExpr | provenance | | -| sqlx.rs:49:25:49:52 | remote_string.parse(...) [Ok] | sqlx.rs:49:25:49:65 | ... .unwrap_or(...) | provenance | MaD:7 | +| sqlx.rs:49:25:49:52 | remote_string.parse() [Ok] | sqlx.rs:49:25:49:65 | ... .unwrap_or(...) | provenance | MaD:7 | | sqlx.rs:49:25:49:65 | ... .unwrap_or(...) | sqlx.rs:49:9:49:21 | remote_number | provenance | | -| sqlx.rs:52:9:52:20 | safe_query_3 | sqlx.rs:62:26:62:46 | safe_query_3.as_str(...) | provenance | MaD:3 | -| sqlx.rs:52:9:52:20 | safe_query_3 | sqlx.rs:73:25:73:45 | safe_query_3.as_str(...) | provenance | MaD:3 | +| sqlx.rs:52:9:52:20 | safe_query_3 | sqlx.rs:62:26:62:46 | safe_query_3.as_str() | provenance | MaD:3 | +| sqlx.rs:52:9:52:20 | safe_query_3 | sqlx.rs:73:25:73:45 | safe_query_3.as_str() | provenance | MaD:3 | | sqlx.rs:52:24:52:88 | res | sqlx.rs:52:32:52:87 | { ... } | provenance | | | sqlx.rs:52:32:52:87 | ...::format(...) | sqlx.rs:52:24:52:88 | res | provenance | | | sqlx.rs:52:32:52:87 | ...::must_use(...) | sqlx.rs:52:9:52:20 | safe_query_3 | provenance | | @@ -39,17 +39,17 @@ edges | sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | sqlx.rs:76:29:76:42 | unsafe_query_2 [&ref] | provenance | | | sqlx.rs:54:26:54:39 | &remote_string [&ref] | sqlx.rs:54:9:54:22 | unsafe_query_2 [&ref] | provenance | | | sqlx.rs:54:27:54:39 | remote_string | sqlx.rs:54:26:54:39 | &remote_string [&ref] | provenance | | -| sqlx.rs:56:9:56:22 | unsafe_query_4 | sqlx.rs:67:30:67:52 | unsafe_query_4.as_str(...) | provenance | MaD:3 | -| sqlx.rs:56:9:56:22 | unsafe_query_4 | sqlx.rs:78:29:78:51 | unsafe_query_4.as_str(...) | provenance | MaD:3 | +| sqlx.rs:56:9:56:22 | unsafe_query_4 | sqlx.rs:67:30:67:52 | unsafe_query_4.as_str() | provenance | MaD:3 | +| sqlx.rs:56:9:56:22 | unsafe_query_4 | sqlx.rs:78:29:78:51 | unsafe_query_4.as_str() | provenance | MaD:3 | | sqlx.rs:56:26:56:90 | res | sqlx.rs:56:34:56:89 | { ... } | provenance | | | sqlx.rs:56:34:56:89 | ...::format(...) | sqlx.rs:56:26:56:90 | res | provenance | | | sqlx.rs:56:34:56:89 | ...::must_use(...) | sqlx.rs:56:9:56:22 | unsafe_query_4 | provenance | | | sqlx.rs:56:34:56:89 | MacroExpr | sqlx.rs:56:34:56:89 | ...::format(...) | provenance | MaD:4 | | sqlx.rs:56:34:56:89 | { ... } | sqlx.rs:56:34:56:89 | ...::must_use(...) | provenance | MaD:9 | -| sqlx.rs:63:26:63:39 | unsafe_query_1 [&ref] | sqlx.rs:63:26:63:48 | unsafe_query_1.as_str(...) | provenance | MaD:3 | -| sqlx.rs:65:30:65:43 | unsafe_query_2 [&ref] | sqlx.rs:65:30:65:52 | unsafe_query_2.as_str(...) | provenance | MaD:3 | -| sqlx.rs:74:25:74:38 | unsafe_query_1 [&ref] | sqlx.rs:74:25:74:47 | unsafe_query_1.as_str(...) | provenance | MaD:3 | -| sqlx.rs:76:29:76:42 | unsafe_query_2 [&ref] | sqlx.rs:76:29:76:51 | unsafe_query_2.as_str(...) | provenance | MaD:3 | +| sqlx.rs:63:26:63:39 | unsafe_query_1 [&ref] | sqlx.rs:63:26:63:48 | unsafe_query_1.as_str() | provenance | MaD:3 | +| sqlx.rs:65:30:65:43 | unsafe_query_2 [&ref] | sqlx.rs:65:30:65:52 | unsafe_query_2.as_str() | provenance | MaD:3 | +| sqlx.rs:74:25:74:38 | unsafe_query_1 [&ref] | sqlx.rs:74:25:74:47 | unsafe_query_1.as_str() | provenance | MaD:3 | +| sqlx.rs:76:29:76:42 | unsafe_query_2 [&ref] | sqlx.rs:76:29:76:51 | unsafe_query_2.as_str() | provenance | MaD:3 | models | 1 | Source: lang:std; crate::env::args; command-line-source; ReturnValue.Element | | 2 | Source: repo:https://github.com/seanmonstar/reqwest:reqwest; crate::blocking::get; remote; ReturnValue.Field[crate::result::Result::Ok(0)] | @@ -71,11 +71,11 @@ nodes | sqlx.rs:48:9:48:21 | remote_string | semmle.label | remote_string | | sqlx.rs:48:25:48:46 | ...::get | semmle.label | ...::get | | sqlx.rs:48:25:48:69 | ...::get(...) [Ok] | semmle.label | ...::get(...) [Ok] | -| sqlx.rs:48:25:48:78 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| sqlx.rs:48:25:48:85 | ... .text(...) [Ok] | semmle.label | ... .text(...) [Ok] | +| sqlx.rs:48:25:48:78 | ... .unwrap() | semmle.label | ... .unwrap() | +| sqlx.rs:48:25:48:85 | ... .text() [Ok] | semmle.label | ... .text() [Ok] | | sqlx.rs:48:25:48:118 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) | | sqlx.rs:49:9:49:21 | remote_number | semmle.label | remote_number | -| sqlx.rs:49:25:49:52 | remote_string.parse(...) [Ok] | semmle.label | remote_string.parse(...) [Ok] | +| sqlx.rs:49:25:49:52 | remote_string.parse() [Ok] | semmle.label | remote_string.parse() [Ok] | | sqlx.rs:49:25:49:65 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) | | sqlx.rs:52:9:52:20 | safe_query_3 | semmle.label | safe_query_3 | | sqlx.rs:52:24:52:88 | res | semmle.label | res | @@ -95,16 +95,16 @@ nodes | sqlx.rs:56:34:56:89 | ...::must_use(...) | semmle.label | ...::must_use(...) | | sqlx.rs:56:34:56:89 | MacroExpr | semmle.label | MacroExpr | | sqlx.rs:56:34:56:89 | { ... } | semmle.label | { ... } | -| sqlx.rs:62:26:62:46 | safe_query_3.as_str(...) | semmle.label | safe_query_3.as_str(...) | +| sqlx.rs:62:26:62:46 | safe_query_3.as_str() | semmle.label | safe_query_3.as_str() | | sqlx.rs:63:26:63:39 | unsafe_query_1 [&ref] | semmle.label | unsafe_query_1 [&ref] | -| sqlx.rs:63:26:63:48 | unsafe_query_1.as_str(...) | semmle.label | unsafe_query_1.as_str(...) | +| sqlx.rs:63:26:63:48 | unsafe_query_1.as_str() | semmle.label | unsafe_query_1.as_str() | | sqlx.rs:65:30:65:43 | unsafe_query_2 [&ref] | semmle.label | unsafe_query_2 [&ref] | -| sqlx.rs:65:30:65:52 | unsafe_query_2.as_str(...) | semmle.label | unsafe_query_2.as_str(...) | -| sqlx.rs:67:30:67:52 | unsafe_query_4.as_str(...) | semmle.label | unsafe_query_4.as_str(...) | -| sqlx.rs:73:25:73:45 | safe_query_3.as_str(...) | semmle.label | safe_query_3.as_str(...) | +| sqlx.rs:65:30:65:52 | unsafe_query_2.as_str() | semmle.label | unsafe_query_2.as_str() | +| sqlx.rs:67:30:67:52 | unsafe_query_4.as_str() | semmle.label | unsafe_query_4.as_str() | +| sqlx.rs:73:25:73:45 | safe_query_3.as_str() | semmle.label | safe_query_3.as_str() | | sqlx.rs:74:25:74:38 | unsafe_query_1 [&ref] | semmle.label | unsafe_query_1 [&ref] | -| sqlx.rs:74:25:74:47 | unsafe_query_1.as_str(...) | semmle.label | unsafe_query_1.as_str(...) | +| sqlx.rs:74:25:74:47 | unsafe_query_1.as_str() | semmle.label | unsafe_query_1.as_str() | | sqlx.rs:76:29:76:42 | unsafe_query_2 [&ref] | semmle.label | unsafe_query_2 [&ref] | -| sqlx.rs:76:29:76:51 | unsafe_query_2.as_str(...) | semmle.label | unsafe_query_2.as_str(...) | -| sqlx.rs:78:29:78:51 | unsafe_query_4.as_str(...) | semmle.label | unsafe_query_4.as_str(...) | +| sqlx.rs:76:29:76:51 | unsafe_query_2.as_str() | semmle.label | unsafe_query_2.as_str() | +| sqlx.rs:78:29:78:51 | unsafe_query_4.as_str() | semmle.label | unsafe_query_4.as_str() | subpaths diff --git a/rust/ql/test/query-tests/security/CWE-311/CleartextTransmission.expected b/rust/ql/test/query-tests/security/CWE-311/CleartextTransmission.expected index 763558a9c16..689a333ef71 100644 --- a/rust/ql/test/query-tests/security/CWE-311/CleartextTransmission.expected +++ b/rust/ql/test/query-tests/security/CWE-311/CleartextTransmission.expected @@ -21,8 +21,8 @@ edges | main.rs:12:27:12:59 | { ... } | main.rs:12:27:12:59 | ...::must_use(...) | provenance | MaD:7 | | main.rs:12:50:12:57 | password | main.rs:12:27:12:59 | MacroExpr | provenance | | | main.rs:13:9:13:11 | url | main.rs:14:28:14:30 | url | provenance | | -| main.rs:13:15:13:34 | ...::parse(...) [Ok] | main.rs:13:15:13:43 | ... .unwrap(...) | provenance | MaD:6 | -| main.rs:13:15:13:43 | ... .unwrap(...) | main.rs:13:9:13:11 | url | provenance | | +| main.rs:13:15:13:34 | ...::parse(...) [Ok] | main.rs:13:15:13:43 | ... .unwrap() | provenance | MaD:6 | +| main.rs:13:15:13:43 | ... .unwrap() | main.rs:13:9:13:11 | url | provenance | | | main.rs:13:26:13:33 | &address [&ref] | main.rs:13:15:13:34 | ...::parse(...) [Ok] | provenance | MaD:8 | | main.rs:13:27:13:33 | address | main.rs:13:26:13:33 | &address [&ref] | provenance | | | main.rs:14:28:14:30 | url | main.rs:14:5:14:26 | ...::get | provenance | MaD:4 Sink:MaD:4 | @@ -78,7 +78,7 @@ nodes | main.rs:12:50:12:57 | password | semmle.label | password | | main.rs:13:9:13:11 | url | semmle.label | url | | main.rs:13:15:13:34 | ...::parse(...) [Ok] | semmle.label | ...::parse(...) [Ok] | -| main.rs:13:15:13:43 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:13:15:13:43 | ... .unwrap() | semmle.label | ... .unwrap() | | main.rs:13:26:13:33 | &address [&ref] | semmle.label | &address [&ref] | | main.rs:13:27:13:33 | address | semmle.label | address | | main.rs:14:5:14:26 | ...::get | semmle.label | ...::get | diff --git a/rust/ql/test/query-tests/security/CWE-312/CleartextLogging.expected b/rust/ql/test/query-tests/security/CWE-312/CleartextLogging.expected index c085f429058..92ba9448e38 100644 --- a/rust/ql/test/query-tests/security/CWE-312/CleartextLogging.expected +++ b/rust/ql/test/query-tests/security/CWE-312/CleartextLogging.expected @@ -181,37 +181,37 @@ edges | test_logging.rs:167:40:167:63 | MacroExpr | test_logging.rs:167:40:167:63 | ...::Some(...) [Some] | provenance | | | test_logging.rs:167:56:167:63 | password | test_logging.rs:167:40:167:63 | MacroExpr | provenance | | | test_logging.rs:168:34:168:66 | res | test_logging.rs:168:42:168:65 | { ... } | provenance | | -| test_logging.rs:168:34:168:75 | ... .as_str(...) | test_logging.rs:168:27:168:32 | expect | provenance | MaD:1 Sink:MaD:1 | +| test_logging.rs:168:34:168:75 | ... .as_str() | test_logging.rs:168:27:168:32 | expect | provenance | MaD:1 Sink:MaD:1 | | test_logging.rs:168:42:168:65 | ...::format(...) | test_logging.rs:168:34:168:66 | res | provenance | | -| test_logging.rs:168:42:168:65 | ...::must_use(...) | test_logging.rs:168:34:168:75 | ... .as_str(...) | provenance | MaD:12 | +| test_logging.rs:168:42:168:65 | ...::must_use(...) | test_logging.rs:168:34:168:75 | ... .as_str() | provenance | MaD:12 | | test_logging.rs:168:42:168:65 | MacroExpr | test_logging.rs:168:42:168:65 | ...::format(...) | provenance | MaD:13 | | test_logging.rs:168:42:168:65 | { ... } | test_logging.rs:168:42:168:65 | ...::must_use(...) | provenance | MaD:14 | | test_logging.rs:168:58:168:65 | password | test_logging.rs:168:42:168:65 | MacroExpr | provenance | | | test_logging.rs:174:36:174:70 | res | test_logging.rs:174:44:174:69 | { ... } | provenance | | -| test_logging.rs:174:36:174:81 | ... .as_bytes(...) | test_logging.rs:174:30:174:34 | write | provenance | MaD:5 Sink:MaD:5 | +| test_logging.rs:174:36:174:81 | ... .as_bytes() | test_logging.rs:174:30:174:34 | write | provenance | MaD:5 Sink:MaD:5 | | test_logging.rs:174:44:174:69 | ...::format(...) | test_logging.rs:174:36:174:70 | res | provenance | | -| test_logging.rs:174:44:174:69 | ...::must_use(...) | test_logging.rs:174:36:174:81 | ... .as_bytes(...) | provenance | MaD:11 | +| test_logging.rs:174:44:174:69 | ...::must_use(...) | test_logging.rs:174:36:174:81 | ... .as_bytes() | provenance | MaD:11 | | test_logging.rs:174:44:174:69 | MacroExpr | test_logging.rs:174:44:174:69 | ...::format(...) | provenance | MaD:13 | | test_logging.rs:174:44:174:69 | { ... } | test_logging.rs:174:44:174:69 | ...::must_use(...) | provenance | MaD:14 | | test_logging.rs:174:62:174:69 | password | test_logging.rs:174:44:174:69 | MacroExpr | provenance | | | test_logging.rs:175:40:175:74 | res | test_logging.rs:175:48:175:73 | { ... } | provenance | | -| test_logging.rs:175:40:175:85 | ... .as_bytes(...) | test_logging.rs:175:30:175:38 | write_all | provenance | MaD:6 Sink:MaD:6 | +| test_logging.rs:175:40:175:85 | ... .as_bytes() | test_logging.rs:175:30:175:38 | write_all | provenance | MaD:6 Sink:MaD:6 | | test_logging.rs:175:48:175:73 | ...::format(...) | test_logging.rs:175:40:175:74 | res | provenance | | -| test_logging.rs:175:48:175:73 | ...::must_use(...) | test_logging.rs:175:40:175:85 | ... .as_bytes(...) | provenance | MaD:11 | +| test_logging.rs:175:48:175:73 | ...::must_use(...) | test_logging.rs:175:40:175:85 | ... .as_bytes() | provenance | MaD:11 | | test_logging.rs:175:48:175:73 | MacroExpr | test_logging.rs:175:48:175:73 | ...::format(...) | provenance | MaD:13 | | test_logging.rs:175:48:175:73 | { ... } | test_logging.rs:175:48:175:73 | ...::must_use(...) | provenance | MaD:14 | | test_logging.rs:175:66:175:73 | password | test_logging.rs:175:48:175:73 | MacroExpr | provenance | | | test_logging.rs:178:15:178:49 | res | test_logging.rs:178:23:178:48 | { ... } | provenance | | -| test_logging.rs:178:15:178:60 | ... .as_bytes(...) | test_logging.rs:178:9:178:13 | write | provenance | MaD:5 Sink:MaD:5 | +| test_logging.rs:178:15:178:60 | ... .as_bytes() | test_logging.rs:178:9:178:13 | write | provenance | MaD:5 Sink:MaD:5 | | test_logging.rs:178:23:178:48 | ...::format(...) | test_logging.rs:178:15:178:49 | res | provenance | | -| test_logging.rs:178:23:178:48 | ...::must_use(...) | test_logging.rs:178:15:178:60 | ... .as_bytes(...) | provenance | MaD:11 | +| test_logging.rs:178:23:178:48 | ...::must_use(...) | test_logging.rs:178:15:178:60 | ... .as_bytes() | provenance | MaD:11 | | test_logging.rs:178:23:178:48 | MacroExpr | test_logging.rs:178:23:178:48 | ...::format(...) | provenance | MaD:13 | | test_logging.rs:178:23:178:48 | { ... } | test_logging.rs:178:23:178:48 | ...::must_use(...) | provenance | MaD:14 | | test_logging.rs:178:41:178:48 | password | test_logging.rs:178:23:178:48 | MacroExpr | provenance | | | test_logging.rs:181:15:181:49 | res | test_logging.rs:181:23:181:48 | { ... } | provenance | | -| test_logging.rs:181:15:181:60 | ... .as_bytes(...) | test_logging.rs:181:9:181:13 | write | provenance | MaD:4 Sink:MaD:4 | +| test_logging.rs:181:15:181:60 | ... .as_bytes() | test_logging.rs:181:9:181:13 | write | provenance | MaD:4 Sink:MaD:4 | | test_logging.rs:181:23:181:48 | ...::format(...) | test_logging.rs:181:15:181:49 | res | provenance | | -| test_logging.rs:181:23:181:48 | ...::must_use(...) | test_logging.rs:181:15:181:60 | ... .as_bytes(...) | provenance | MaD:11 | +| test_logging.rs:181:23:181:48 | ...::must_use(...) | test_logging.rs:181:15:181:60 | ... .as_bytes() | provenance | MaD:11 | | test_logging.rs:181:23:181:48 | MacroExpr | test_logging.rs:181:23:181:48 | ...::format(...) | provenance | MaD:13 | | test_logging.rs:181:23:181:48 | { ... } | test_logging.rs:181:23:181:48 | ...::must_use(...) | provenance | MaD:14 | | test_logging.rs:181:41:181:48 | password | test_logging.rs:181:23:181:48 | MacroExpr | provenance | | @@ -400,7 +400,7 @@ nodes | test_logging.rs:167:56:167:63 | password | semmle.label | password | | test_logging.rs:168:27:168:32 | expect | semmle.label | expect | | test_logging.rs:168:34:168:66 | res | semmle.label | res | -| test_logging.rs:168:34:168:75 | ... .as_str(...) | semmle.label | ... .as_str(...) | +| test_logging.rs:168:34:168:75 | ... .as_str() | semmle.label | ... .as_str() | | test_logging.rs:168:42:168:65 | ...::format(...) | semmle.label | ...::format(...) | | test_logging.rs:168:42:168:65 | ...::must_use(...) | semmle.label | ...::must_use(...) | | test_logging.rs:168:42:168:65 | MacroExpr | semmle.label | MacroExpr | @@ -408,7 +408,7 @@ nodes | test_logging.rs:168:58:168:65 | password | semmle.label | password | | test_logging.rs:174:30:174:34 | write | semmle.label | write | | test_logging.rs:174:36:174:70 | res | semmle.label | res | -| test_logging.rs:174:36:174:81 | ... .as_bytes(...) | semmle.label | ... .as_bytes(...) | +| test_logging.rs:174:36:174:81 | ... .as_bytes() | semmle.label | ... .as_bytes() | | test_logging.rs:174:44:174:69 | ...::format(...) | semmle.label | ...::format(...) | | test_logging.rs:174:44:174:69 | ...::must_use(...) | semmle.label | ...::must_use(...) | | test_logging.rs:174:44:174:69 | MacroExpr | semmle.label | MacroExpr | @@ -416,7 +416,7 @@ nodes | test_logging.rs:174:62:174:69 | password | semmle.label | password | | test_logging.rs:175:30:175:38 | write_all | semmle.label | write_all | | test_logging.rs:175:40:175:74 | res | semmle.label | res | -| test_logging.rs:175:40:175:85 | ... .as_bytes(...) | semmle.label | ... .as_bytes(...) | +| test_logging.rs:175:40:175:85 | ... .as_bytes() | semmle.label | ... .as_bytes() | | test_logging.rs:175:48:175:73 | ...::format(...) | semmle.label | ...::format(...) | | test_logging.rs:175:48:175:73 | ...::must_use(...) | semmle.label | ...::must_use(...) | | test_logging.rs:175:48:175:73 | MacroExpr | semmle.label | MacroExpr | @@ -424,7 +424,7 @@ nodes | test_logging.rs:175:66:175:73 | password | semmle.label | password | | test_logging.rs:178:9:178:13 | write | semmle.label | write | | test_logging.rs:178:15:178:49 | res | semmle.label | res | -| test_logging.rs:178:15:178:60 | ... .as_bytes(...) | semmle.label | ... .as_bytes(...) | +| test_logging.rs:178:15:178:60 | ... .as_bytes() | semmle.label | ... .as_bytes() | | test_logging.rs:178:23:178:48 | ...::format(...) | semmle.label | ...::format(...) | | test_logging.rs:178:23:178:48 | ...::must_use(...) | semmle.label | ...::must_use(...) | | test_logging.rs:178:23:178:48 | MacroExpr | semmle.label | MacroExpr | @@ -432,7 +432,7 @@ nodes | test_logging.rs:178:41:178:48 | password | semmle.label | password | | test_logging.rs:181:9:181:13 | write | semmle.label | write | | test_logging.rs:181:15:181:49 | res | semmle.label | res | -| test_logging.rs:181:15:181:60 | ... .as_bytes(...) | semmle.label | ... .as_bytes(...) | +| test_logging.rs:181:15:181:60 | ... .as_bytes() | semmle.label | ... .as_bytes() | | test_logging.rs:181:23:181:48 | ...::format(...) | semmle.label | ...::format(...) | | test_logging.rs:181:23:181:48 | ...::must_use(...) | semmle.label | ...::must_use(...) | | test_logging.rs:181:23:181:48 | MacroExpr | semmle.label | MacroExpr | From d5d61dd8b3a2149588ee1f7d84139eefbfbb7164 Mon Sep 17 00:00:00 2001 From: Simon Friis Vindum Date: Thu, 3 Apr 2025 12:49:34 +0200 Subject: [PATCH 209/409] Rust: Add inline expectations test for type inference --- .../rust/elements/internal/FunctionImpl.qll | 18 + rust/ql/lib/utils/test/InlineMadTest.qll | 11 +- .../library-tests/type-inference/loop/main.rs | 2 +- .../test/library-tests/type-inference/main.rs | 171 +- .../type-inference/type-inference.expected | 1644 ++++++++--------- .../type-inference/type-inference.ql | 56 +- 6 files changed, 948 insertions(+), 954 deletions(-) diff --git a/rust/ql/lib/codeql/rust/elements/internal/FunctionImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/FunctionImpl.qll index ca019bd01e2..594dbaa0bf5 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/FunctionImpl.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/FunctionImpl.qll @@ -5,6 +5,7 @@ */ private import codeql.rust.elements.internal.generated.Function +private import codeql.rust.elements.Comment /** * INTERNAL: This module contains the customizable definition of `Function` and should not @@ -26,5 +27,22 @@ module Impl { */ class Function extends Generated::Function { override string toStringImpl() { result = "fn " + this.getName().getText() } + + /** + * Gets a comment preceding this function. + * + * A comment is considered preceding if it occurs immediately before this + * function or if only other comments occur between the comment and this + * function. + */ + Comment getPrecedingComment() { + result.getLocation().getFile() = this.getLocation().getFile() and + // When a function is preceded by comments its start line is the line of + // the first comment. Hence all relevant comments are found by including + // comments from the start line and up to the line with the function + // name. + this.getLocation().getStartLine() <= result.getLocation().getStartLine() and + result.getLocation().getStartLine() <= this.getName().getLocation().getStartLine() + } } } diff --git a/rust/ql/lib/utils/test/InlineMadTest.qll b/rust/ql/lib/utils/test/InlineMadTest.qll index b79818ad0e9..00000060ab6 100644 --- a/rust/ql/lib/utils/test/InlineMadTest.qll +++ b/rust/ql/lib/utils/test/InlineMadTest.qll @@ -5,16 +5,7 @@ private module InlineMadTestLang implements InlineMadTestLangSig { class Callable = R::Function; string getComment(R::Function callable) { - exists(R::Comment comment | - result = comment.getCommentText() and - comment.getLocation().getFile() = callable.getLocation().getFile() and - // When a function is preceded by comments its start line is the line of - // the first comment. Hence all relevant comments are found by including - // comments from the start line and up to the line with the function - // name. - callable.getLocation().getStartLine() <= comment.getLocation().getStartLine() and - comment.getLocation().getStartLine() <= callable.getName().getLocation().getStartLine() - ) + result = callable.getPrecedingComment().getCommentText() } } diff --git a/rust/ql/test/library-tests/type-inference/loop/main.rs b/rust/ql/test/library-tests/type-inference/loop/main.rs index da1d19e3f62..cee32b0da99 100644 --- a/rust/ql/test/library-tests/type-inference/loop/main.rs +++ b/rust/ql/test/library-tests/type-inference/loop/main.rs @@ -9,6 +9,6 @@ trait T1: T2> { trait T2: T1> { fn bar(self) { - self.foo() + self.foo() // $ method=foo } } diff --git a/rust/ql/test/library-tests/type-inference/main.rs b/rust/ql/test/library-tests/type-inference/main.rs index 287dbeb29c2..2a432d50b8d 100644 --- a/rust/ql/test/library-tests/type-inference/main.rs +++ b/rust/ql/test/library-tests/type-inference/main.rs @@ -24,36 +24,36 @@ mod field_access { fn simple_field_access() { let x = MyThing { a: S }; - println!("{:?}", x.a); + println!("{:?}", x.a); // $ fieldof=MyThing } fn generic_field_access() { // Explicit type argument - let x = GenericThing:: { a: S }; - println!("{:?}", x.a); + let x = GenericThing:: { a: S }; // $ type=x:A.S + println!("{:?}", x.a); // $ fieldof=GenericThing // Implicit type argument let y = GenericThing { a: S }; - println!("{:?}", x.a); + println!("{:?}", x.a); // $ fieldof=GenericThing // The type of the field `a` can only be inferred from the concrete type // in the struct declaration. let x = OptionS { a: MyOption::MyNone(), }; - println!("{:?}", x.a); + println!("{:?}", x.a); // $ fieldof=OptionS // The type of the field `a` can only be inferred from the type argument let x = GenericThing::> { a: MyOption::MyNone(), }; - println!("{:?}", x.a); + println!("{:?}", x.a); // $ fieldof=GenericThing let mut x = GenericThing { a: MyOption::MyNone(), }; // Only after this access can we infer the type parameter of `x` - let a: MyOption = x.a; + let a: MyOption = x.a; // $ fieldof=GenericThing println!("{:?}", a); } @@ -85,8 +85,8 @@ mod method_impl { pub fn g(x: Foo, y: Foo) -> Foo { println!("main.rs::m1::g"); - x.m1(); - y.m2() + x.m1(); // $ method=m1 + y.m2() // $ method=m2 } } @@ -102,20 +102,22 @@ mod method_non_parametric_impl { struct S2; impl MyThing { + // MyThing::m1 fn m1(self) -> S1 { - self.a + self.a // $ fieldof=MyThing } } impl MyThing { + // MyThing::m1 fn m1(self) -> Self { - Self { a: self.a } + Self { a: self.a } // $ fieldof=MyThing } } impl MyThing { fn m2(self) -> T { - self.a + self.a // $ fieldof=MyThing } } @@ -124,17 +126,17 @@ mod method_non_parametric_impl { let y = MyThing { a: S2 }; // simple field access - println!("{:?}", x.a); - println!("{:?}", y.a); + println!("{:?}", x.a); // $ fieldof=MyThing + println!("{:?}", y.a); // $ fieldof=MyThing - println!("{:?}", x.m1()); // missing call target - println!("{:?}", y.m1().a); // missing call target + println!("{:?}", x.m1()); // $ MISSING: method=MyThing::m1 + println!("{:?}", y.m1().a); // $ MISSING: method=MyThing::m1, field=MyThing let x = MyThing { a: S1 }; let y = MyThing { a: S2 }; - println!("{:?}", x.m2()); - println!("{:?}", y.m2()); + println!("{:?}", x.m2()); // $ method=m2 + println!("{:?}", y.m2()); // $ method=m2 } } @@ -161,18 +163,20 @@ mod method_non_parametric_trait_impl { } fn call_trait_m1>(x: T2) -> T1 { - x.m1() + x.m1() // $ method=m1 } impl MyTrait for MyThing { + // MyThing::m1 fn m1(self) -> S1 { - self.a + self.a // $ fieldof=MyThing } } impl MyTrait for MyThing { + // MyThing::m1 fn m1(self) -> Self { - Self { a: self.a } + Self { a: self.a } // $ fieldof=MyThing } } @@ -180,14 +184,14 @@ mod method_non_parametric_trait_impl { let x = MyThing { a: S1 }; let y = MyThing { a: S2 }; - println!("{:?}", x.m1()); // missing call target - println!("{:?}", y.m1().a); // missing call target + println!("{:?}", x.m1()); // $ MISSING: method=MyThing::m1 + println!("{:?}", y.m1().a); // $ MISSING: method=MyThing::m1, field=MyThing let x = MyThing { a: S1 }; let y = MyThing { a: S2 }; - println!("{:?}", call_trait_m1(x)); // missing - println!("{:?}", call_trait_m1(y).a); // missing + println!("{:?}", call_trait_m1(x)); // MISSING: type=call_trait_m1(...):S1 + println!("{:?}", call_trait_m1(y).a); // MISSING: field=MyThing } } @@ -203,32 +207,34 @@ mod type_parameter_bounds { // Two traits with the same method name. trait FirstTrait { + // FirstTrait::method fn method(self) -> FT; } trait SecondTrait { + // SecondTrait::method fn method(self) -> ST; } fn call_first_trait_per_bound>(x: T) { // The type parameter bound determines which method this call is resolved to. - let s1 = x.method(); + let s1 = x.method(); // $ method=SecondTrait::method println!("{:?}", s1); } fn call_second_trait_per_bound>(x: T) { // The type parameter bound determines which method this call is resolved to. - let s2 = x.method(); + let s2 = x.method(); // $ method=SecondTrait::method println!("{:?}", s2); } fn trait_bound_with_type>(x: T) { - let s = x.method(); - println!("{:?}", s); + let s = x.method(); // $ method=FirstTrait::method + println!("{:?}", s); // $ type=s:S1 } fn trait_per_bound_with_type>(x: T) { - let s = x.method(); + let s = x.method(); // $ method=FirstTrait::method println!("{:?}", s); } @@ -240,15 +246,15 @@ mod type_parameter_bounds { fn call_trait_per_bound_with_type_1>(x: T, y: T) { // The type in the type parameter bound determines the return type. - let s1 = x.fst(); - let s2 = y.snd(); + let s1 = x.fst(); // $ method=fst + let s2 = y.snd(); // $ method=snd println!("{:?}, {:?}", s1, s2); } fn call_trait_per_bound_with_type_2>(x: T, y: T) { // The type in the type parameter bound determines the return type. - let s1 = x.fst(); - let s2 = y.snd(); + let s1 = x.fst(); // $ method=fst + let s2 = y.snd(); // $ method=snd println!("{:?}, {:?}", s1, s2); } } @@ -271,23 +277,23 @@ mod function_trait_bounds { where Self: Sized, { - self.m1() + self.m1() // $ method=m1 } } // Type parameter with bound occurs in the root of a parameter type. fn call_trait_m1>(x: T2) -> T1 { - x.m1() + x.m1() // $ method=m1 type=x.m1():T1 } // Type parameter with bound occurs nested within another type. fn call_trait_thing_m1>(x: MyThing) -> T1 { - x.a.m1() + x.a.m1() // $ fieldof=MyThing method=m1 } impl MyTrait for MyThing { fn m1(self) -> T { - self.a + self.a // $ fieldof=MyThing } } @@ -295,14 +301,14 @@ mod function_trait_bounds { let x = MyThing { a: S1 }; let y = MyThing { a: S2 }; - println!("{:?}", x.m1()); - println!("{:?}", y.m1()); + println!("{:?}", x.m1()); // $ method=m1 + println!("{:?}", y.m1()); // $ method=m1 let x = MyThing { a: S1 }; let y = MyThing { a: S2 }; - println!("{:?}", x.m2()); - println!("{:?}", y.m2()); + println!("{:?}", x.m2()); // $ method=m2 + println!("{:?}", y.m2()); // $ method=m2 let x2 = MyThing { a: S1 }; let y2 = MyThing { a: S2 }; @@ -343,6 +349,7 @@ mod trait_associated_type { impl MyTrait for S { type AssociatedType = S; + // S::m1 fn m1(self) -> Self::AssociatedType { S } @@ -350,10 +357,10 @@ mod trait_associated_type { pub fn f() { let x = S; - println!("{:?}", x.m1()); + println!("{:?}", x.m1()); // $ method=S::m1 let x = S; - println!("{:?}", x.m2()); // missing + println!("{:?}", x.m2()); // $ method=m2 } } @@ -382,8 +389,8 @@ mod generic_enum { let x = MyEnum::C1(S1); let y = MyEnum::C2 { a: S2 }; - println!("{:?}", x.m1()); - println!("{:?}", y.m1()); + println!("{:?}", x.m1()); // $ method=m1 + println!("{:?}", y.m1()); // $ method=m1 } } @@ -404,6 +411,7 @@ mod method_supertraits { struct S2; trait MyTrait1 { + // MyTrait1::m1 fn m1(self) -> Tr1; } @@ -413,7 +421,7 @@ mod method_supertraits { Self: Sized, { if 1 + 1 > 2 { - self.m1() + self.m1() // $ method=MyTrait1::m1 } else { Self::m1(self) } @@ -426,24 +434,26 @@ mod method_supertraits { Self: Sized, { if 1 + 1 > 2 { - self.m2().a + self.m2().a // $ method=m2 $ fieldof=MyThing } else { - Self::m2(self).a + Self::m2(self).a // $ fieldof=MyThing } } } impl MyTrait1 for MyThing { + // MyThing::m1 fn m1(self) -> T { - self.a + self.a // $ fieldof=MyThing } } impl MyTrait2 for MyThing {} impl MyTrait1> for MyThing2 { + // MyThing2::m1 fn m1(self) -> MyThing { - MyThing { a: self.a } + MyThing { a: self.a } // $ fieldof=MyThing2 } } @@ -455,20 +465,20 @@ mod method_supertraits { let x = MyThing { a: S1 }; let y = MyThing { a: S2 }; - println!("{:?}", x.m1()); - println!("{:?}", y.m1()); + println!("{:?}", x.m1()); // $ method=MyThing::m1 + println!("{:?}", y.m1()); // $ method=MyThing::m1 let x = MyThing { a: S1 }; let y = MyThing { a: S2 }; - println!("{:?}", x.m2()); - println!("{:?}", y.m2()); + println!("{:?}", x.m2()); // $ method=m2 + println!("{:?}", y.m2()); // $ method=m2 let x = MyThing2 { a: S1 }; let y = MyThing2 { a: S2 }; - println!("{:?}", x.m3()); - println!("{:?}", y.m3()); + println!("{:?}", x.m3()); // $ method=m3 + println!("{:?}", y.m3()); // $ method=m3 } } @@ -572,14 +582,16 @@ mod option_methods { } trait MyTrait { + // MyTrait::set fn set(&mut self, value: S); fn call_set(&mut self, value: S) { - self.set(value); + self.set(value); // $ method=MyTrait::set } } impl MyTrait for MyOption { + // MyOption::set fn set(&mut self, value: T) {} } @@ -602,15 +614,15 @@ mod option_methods { struct S; pub fn f() { - let x1 = MyOption::::new(); // `::new` missing type `S` + let x1 = MyOption::::new(); // $ MISSING: type=x1:T.S println!("{:?}", x1); let mut x2 = MyOption::new(); - x2.set(S); + x2.set(S); // $ method=MyOption::set println!("{:?}", x2); let mut x3 = MyOption::new(); // missing type `S` from `MyOption` (but can resolve `MyTrait`) - x3.call_set(S); + x3.call_set(S); // $ method=call_set println!("{:?}", x3); let mut x4 = MyOption::new(); @@ -618,7 +630,7 @@ mod option_methods { println!("{:?}", x4); let x5 = MyOption::MySome(MyOption::::MyNone()); - println!("{:?}", x5.flatten()); // missing call target + println!("{:?}", x5.flatten()); // MISSING: method=flatten let x6 = MyOption::MySome(MyOption::::MyNone()); println!("{:?}", MyOption::>::flatten(x6)); @@ -656,26 +668,26 @@ mod method_call_type_conversion { impl S { fn m1(self) -> T { - self.0 + self.0 // $ fieldof=S } fn m2(&self) -> &T { - &self.0 + &self.0 // $ fieldof=S } fn m3(self: &S) -> &T { - &self.0 + &self.0 // $ fieldof=S } } pub fn f() { let x1 = S(S2); - println!("{:?}", x1.m1()); + println!("{:?}", x1.m1()); // $ method=m1 let x2 = S(S2); // implicit borrow - println!("{:?}", x2.m2()); - println!("{:?}", x2.m3()); + println!("{:?}", x2.m2()); // $ method=m2 + println!("{:?}", x2.m3()); // $ method=m3 let x3 = S(S2); // explicit borrow @@ -684,32 +696,35 @@ mod method_call_type_conversion { let x4 = &S(S2); // explicit borrow - println!("{:?}", x4.m2()); - println!("{:?}", x4.m3()); + println!("{:?}", x4.m2()); // $ method=m2 + println!("{:?}", x4.m3()); // $ method=m3 let x5 = &S(S2); // implicit dereference - println!("{:?}", x5.m1()); - println!("{:?}", x5.0); + println!("{:?}", x5.m1()); // $ method=m1 + println!("{:?}", x5.0); // $ fieldof=S let x6 = &S(S2); // explicit dereference - println!("{:?}", (*x6).m1()); + println!("{:?}", (*x6).m1()); // $ method=m1 } } mod trait_implicit_self_borrow { trait MyTrait { + // MyTrait::foo fn foo(&self) -> &Self; + // MyTrait::bar fn bar(&self) -> &Self { - self.foo() + self.foo() // $ method=MyTrait::foo } } struct MyStruct; impl MyTrait for MyStruct { + // MyStruct::foo fn foo(&self) -> &MyStruct { self } @@ -717,7 +732,7 @@ mod trait_implicit_self_borrow { pub fn f() { let x = MyStruct; - x.bar(); + x.bar(); // $ method=MyTrait::bar } } @@ -734,7 +749,7 @@ mod implicit_self_borrow { pub fn f() { let x = MyStruct(S); - x.foo(); + x.foo(); // $ method=foo } } @@ -761,8 +776,8 @@ mod borrowed_typed { pub fn f() { let x = S {}; - x.f1(); - x.f2(); + x.f1(); // $ method=f1 + x.f2(); // $ method=f2 S::f3(&x); } } diff --git a/rust/ql/test/library-tests/type-inference/type-inference.expected b/rust/ql/test/library-tests/type-inference/type-inference.expected index 7e8d0e4e73c..d8164f4be81 100644 --- a/rust/ql/test/library-tests/type-inference/type-inference.expected +++ b/rust/ql/test/library-tests/type-inference/type-inference.expected @@ -1,3 +1,4 @@ +testFailures inferType | loop/main.rs:7:12:7:15 | SelfParam | | loop/main.rs:6:1:8:1 | Self [trait T1] | | loop/main.rs:11:12:11:15 | SelfParam | | loop/main.rs:10:1:14:1 | Self [trait T2] | @@ -79,861 +80,788 @@ inferType | main.rs:88:9:88:14 | x.m1() | | main.rs:67:5:67:21 | Foo | | main.rs:89:9:89:9 | y | | main.rs:67:5:67:21 | Foo | | main.rs:89:9:89:14 | y.m2() | | main.rs:67:5:67:21 | Foo | -| main.rs:105:15:105:18 | SelfParam | | main.rs:94:5:97:5 | MyThing | -| main.rs:105:15:105:18 | SelfParam | A | main.rs:99:5:100:14 | S1 | -| main.rs:105:27:107:9 | { ... } | | main.rs:99:5:100:14 | S1 | -| main.rs:106:13:106:16 | self | | main.rs:94:5:97:5 | MyThing | -| main.rs:106:13:106:16 | self | A | main.rs:99:5:100:14 | S1 | -| main.rs:106:13:106:18 | self.a | | main.rs:99:5:100:14 | S1 | -| main.rs:111:15:111:18 | SelfParam | | main.rs:94:5:97:5 | MyThing | -| main.rs:111:15:111:18 | SelfParam | A | main.rs:101:5:102:14 | S2 | -| main.rs:111:29:113:9 | { ... } | | main.rs:94:5:97:5 | MyThing | -| main.rs:111:29:113:9 | { ... } | A | main.rs:101:5:102:14 | S2 | -| main.rs:112:13:112:30 | Self {...} | | main.rs:94:5:97:5 | MyThing | -| main.rs:112:13:112:30 | Self {...} | A | main.rs:101:5:102:14 | S2 | -| main.rs:112:23:112:26 | self | | main.rs:94:5:97:5 | MyThing | -| main.rs:112:23:112:26 | self | A | main.rs:101:5:102:14 | S2 | -| main.rs:112:23:112:28 | self.a | | main.rs:101:5:102:14 | S2 | -| main.rs:117:15:117:18 | SelfParam | | main.rs:94:5:97:5 | MyThing | -| main.rs:117:15:117:18 | SelfParam | A | main.rs:116:10:116:10 | T | -| main.rs:117:26:119:9 | { ... } | | main.rs:116:10:116:10 | T | -| main.rs:118:13:118:16 | self | | main.rs:94:5:97:5 | MyThing | -| main.rs:118:13:118:16 | self | A | main.rs:116:10:116:10 | T | -| main.rs:118:13:118:18 | self.a | | main.rs:116:10:116:10 | T | -| main.rs:123:13:123:13 | x | | main.rs:94:5:97:5 | MyThing | -| main.rs:123:13:123:13 | x | A | main.rs:99:5:100:14 | S1 | -| main.rs:123:17:123:33 | MyThing {...} | | main.rs:94:5:97:5 | MyThing | -| main.rs:123:17:123:33 | MyThing {...} | A | main.rs:99:5:100:14 | S1 | -| main.rs:123:30:123:31 | S1 | | main.rs:99:5:100:14 | S1 | -| main.rs:124:13:124:13 | y | | main.rs:94:5:97:5 | MyThing | -| main.rs:124:13:124:13 | y | A | main.rs:101:5:102:14 | S2 | -| main.rs:124:17:124:33 | MyThing {...} | | main.rs:94:5:97:5 | MyThing | -| main.rs:124:17:124:33 | MyThing {...} | A | main.rs:101:5:102:14 | S2 | -| main.rs:124:30:124:31 | S2 | | main.rs:101:5:102:14 | S2 | -| main.rs:127:26:127:26 | x | | main.rs:94:5:97:5 | MyThing | -| main.rs:127:26:127:26 | x | A | main.rs:99:5:100:14 | S1 | -| main.rs:127:26:127:28 | x.a | | main.rs:99:5:100:14 | S1 | -| main.rs:128:26:128:26 | y | | main.rs:94:5:97:5 | MyThing | -| main.rs:128:26:128:26 | y | A | main.rs:101:5:102:14 | S2 | -| main.rs:128:26:128:28 | y.a | | main.rs:101:5:102:14 | S2 | -| main.rs:130:26:130:26 | x | | main.rs:94:5:97:5 | MyThing | -| main.rs:130:26:130:26 | x | A | main.rs:99:5:100:14 | S1 | -| main.rs:131:26:131:26 | y | | main.rs:94:5:97:5 | MyThing | -| main.rs:131:26:131:26 | y | A | main.rs:101:5:102:14 | S2 | -| main.rs:133:13:133:13 | x | | main.rs:94:5:97:5 | MyThing | -| main.rs:133:13:133:13 | x | A | main.rs:99:5:100:14 | S1 | -| main.rs:133:17:133:33 | MyThing {...} | | main.rs:94:5:97:5 | MyThing | -| main.rs:133:17:133:33 | MyThing {...} | A | main.rs:99:5:100:14 | S1 | -| main.rs:133:30:133:31 | S1 | | main.rs:99:5:100:14 | S1 | -| main.rs:134:13:134:13 | y | | main.rs:94:5:97:5 | MyThing | -| main.rs:134:13:134:13 | y | A | main.rs:101:5:102:14 | S2 | -| main.rs:134:17:134:33 | MyThing {...} | | main.rs:94:5:97:5 | MyThing | -| main.rs:134:17:134:33 | MyThing {...} | A | main.rs:101:5:102:14 | S2 | -| main.rs:134:30:134:31 | S2 | | main.rs:101:5:102:14 | S2 | -| main.rs:136:26:136:26 | x | | main.rs:94:5:97:5 | MyThing | -| main.rs:136:26:136:26 | x | A | main.rs:99:5:100:14 | S1 | -| main.rs:136:26:136:31 | x.m2() | | main.rs:99:5:100:14 | S1 | -| main.rs:137:26:137:26 | y | | main.rs:94:5:97:5 | MyThing | -| main.rs:137:26:137:26 | y | A | main.rs:101:5:102:14 | S2 | -| main.rs:137:26:137:31 | y.m2() | | main.rs:101:5:102:14 | S2 | -| main.rs:153:15:153:18 | SelfParam | | main.rs:152:5:161:5 | Self [trait MyTrait] | -| main.rs:155:15:155:18 | SelfParam | | main.rs:152:5:161:5 | Self [trait MyTrait] | -| main.rs:158:9:160:9 | { ... } | | main.rs:152:5:161:5 | Self [trait MyTrait] | -| main.rs:159:13:159:16 | self | | main.rs:152:5:161:5 | Self [trait MyTrait] | -| main.rs:163:43:163:43 | x | | main.rs:163:26:163:40 | T2 | -| main.rs:163:56:165:5 | { ... } | | main.rs:163:22:163:23 | T1 | -| main.rs:164:9:164:9 | x | | main.rs:163:26:163:40 | T2 | -| main.rs:164:9:164:14 | x.m1() | | main.rs:163:22:163:23 | T1 | -| main.rs:168:15:168:18 | SelfParam | | main.rs:142:5:145:5 | MyThing | -| main.rs:168:15:168:18 | SelfParam | A | main.rs:147:5:148:14 | S1 | -| main.rs:168:27:170:9 | { ... } | | main.rs:147:5:148:14 | S1 | -| main.rs:169:13:169:16 | self | | main.rs:142:5:145:5 | MyThing | -| main.rs:169:13:169:16 | self | A | main.rs:147:5:148:14 | S1 | -| main.rs:169:13:169:18 | self.a | | main.rs:147:5:148:14 | S1 | -| main.rs:174:15:174:18 | SelfParam | | main.rs:142:5:145:5 | MyThing | -| main.rs:174:15:174:18 | SelfParam | A | main.rs:149:5:150:14 | S2 | -| main.rs:174:29:176:9 | { ... } | | main.rs:142:5:145:5 | MyThing | -| main.rs:174:29:176:9 | { ... } | A | main.rs:149:5:150:14 | S2 | -| main.rs:175:13:175:30 | Self {...} | | main.rs:142:5:145:5 | MyThing | -| main.rs:175:13:175:30 | Self {...} | A | main.rs:149:5:150:14 | S2 | -| main.rs:175:23:175:26 | self | | main.rs:142:5:145:5 | MyThing | -| main.rs:175:23:175:26 | self | A | main.rs:149:5:150:14 | S2 | -| main.rs:175:23:175:28 | self.a | | main.rs:149:5:150:14 | S2 | -| main.rs:180:13:180:13 | x | | main.rs:142:5:145:5 | MyThing | -| main.rs:180:13:180:13 | x | A | main.rs:147:5:148:14 | S1 | -| main.rs:180:17:180:33 | MyThing {...} | | main.rs:142:5:145:5 | MyThing | -| main.rs:180:17:180:33 | MyThing {...} | A | main.rs:147:5:148:14 | S1 | -| main.rs:180:30:180:31 | S1 | | main.rs:147:5:148:14 | S1 | -| main.rs:181:13:181:13 | y | | main.rs:142:5:145:5 | MyThing | -| main.rs:181:13:181:13 | y | A | main.rs:149:5:150:14 | S2 | -| main.rs:181:17:181:33 | MyThing {...} | | main.rs:142:5:145:5 | MyThing | -| main.rs:181:17:181:33 | MyThing {...} | A | main.rs:149:5:150:14 | S2 | -| main.rs:181:30:181:31 | S2 | | main.rs:149:5:150:14 | S2 | -| main.rs:183:26:183:26 | x | | main.rs:142:5:145:5 | MyThing | -| main.rs:183:26:183:26 | x | A | main.rs:147:5:148:14 | S1 | -| main.rs:184:26:184:26 | y | | main.rs:142:5:145:5 | MyThing | -| main.rs:184:26:184:26 | y | A | main.rs:149:5:150:14 | S2 | -| main.rs:186:13:186:13 | x | | main.rs:142:5:145:5 | MyThing | -| main.rs:186:13:186:13 | x | A | main.rs:147:5:148:14 | S1 | -| main.rs:186:17:186:33 | MyThing {...} | | main.rs:142:5:145:5 | MyThing | -| main.rs:186:17:186:33 | MyThing {...} | A | main.rs:147:5:148:14 | S1 | -| main.rs:186:30:186:31 | S1 | | main.rs:147:5:148:14 | S1 | -| main.rs:187:13:187:13 | y | | main.rs:142:5:145:5 | MyThing | -| main.rs:187:13:187:13 | y | A | main.rs:149:5:150:14 | S2 | -| main.rs:187:17:187:33 | MyThing {...} | | main.rs:142:5:145:5 | MyThing | -| main.rs:187:17:187:33 | MyThing {...} | A | main.rs:149:5:150:14 | S2 | -| main.rs:187:30:187:31 | S2 | | main.rs:149:5:150:14 | S2 | -| main.rs:189:40:189:40 | x | | main.rs:142:5:145:5 | MyThing | -| main.rs:189:40:189:40 | x | A | main.rs:147:5:148:14 | S1 | -| main.rs:190:40:190:40 | y | | main.rs:142:5:145:5 | MyThing | -| main.rs:190:40:190:40 | y | A | main.rs:149:5:150:14 | S2 | -| main.rs:206:19:206:22 | SelfParam | | main.rs:205:5:207:5 | Self [trait FirstTrait] | -| main.rs:210:19:210:22 | SelfParam | | main.rs:209:5:211:5 | Self [trait SecondTrait] | -| main.rs:213:64:213:64 | x | | main.rs:213:45:213:61 | T | -| main.rs:215:13:215:14 | s1 | | main.rs:213:35:213:42 | I | -| main.rs:215:18:215:18 | x | | main.rs:213:45:213:61 | T | -| main.rs:215:18:215:27 | x.method() | | main.rs:213:35:213:42 | I | -| main.rs:216:26:216:27 | s1 | | main.rs:213:35:213:42 | I | -| main.rs:219:65:219:65 | x | | main.rs:219:46:219:62 | T | -| main.rs:221:13:221:14 | s2 | | main.rs:219:36:219:43 | I | -| main.rs:221:18:221:18 | x | | main.rs:219:46:219:62 | T | -| main.rs:221:18:221:27 | x.method() | | main.rs:219:36:219:43 | I | -| main.rs:222:26:222:27 | s2 | | main.rs:219:36:219:43 | I | -| main.rs:225:49:225:49 | x | | main.rs:225:30:225:46 | T | -| main.rs:226:13:226:13 | s | | main.rs:197:5:198:14 | S1 | -| main.rs:226:17:226:17 | x | | main.rs:225:30:225:46 | T | -| main.rs:226:17:226:26 | x.method() | | main.rs:197:5:198:14 | S1 | -| main.rs:227:26:227:26 | s | | main.rs:197:5:198:14 | S1 | -| main.rs:230:53:230:53 | x | | main.rs:230:34:230:50 | T | -| main.rs:231:13:231:13 | s | | main.rs:197:5:198:14 | S1 | -| main.rs:231:17:231:17 | x | | main.rs:230:34:230:50 | T | -| main.rs:231:17:231:26 | x.method() | | main.rs:197:5:198:14 | S1 | -| main.rs:232:26:232:26 | s | | main.rs:197:5:198:14 | S1 | -| main.rs:236:16:236:19 | SelfParam | | main.rs:235:5:239:5 | Self [trait Pair] | -| main.rs:238:16:238:19 | SelfParam | | main.rs:235:5:239:5 | Self [trait Pair] | -| main.rs:241:58:241:58 | x | | main.rs:241:41:241:55 | T | -| main.rs:241:64:241:64 | y | | main.rs:241:41:241:55 | T | -| main.rs:243:13:243:14 | s1 | | main.rs:197:5:198:14 | S1 | -| main.rs:243:18:243:18 | x | | main.rs:241:41:241:55 | T | -| main.rs:243:18:243:24 | x.fst() | | main.rs:197:5:198:14 | S1 | -| main.rs:244:13:244:14 | s2 | | main.rs:200:5:201:14 | S2 | -| main.rs:244:18:244:18 | y | | main.rs:241:41:241:55 | T | -| main.rs:244:18:244:24 | y.snd() | | main.rs:200:5:201:14 | S2 | -| main.rs:245:32:245:33 | s1 | | main.rs:197:5:198:14 | S1 | -| main.rs:245:36:245:37 | s2 | | main.rs:200:5:201:14 | S2 | -| main.rs:248:69:248:69 | x | | main.rs:248:52:248:66 | T | -| main.rs:248:75:248:75 | y | | main.rs:248:52:248:66 | T | -| main.rs:250:13:250:14 | s1 | | main.rs:197:5:198:14 | S1 | -| main.rs:250:18:250:18 | x | | main.rs:248:52:248:66 | T | -| main.rs:250:18:250:24 | x.fst() | | main.rs:197:5:198:14 | S1 | -| main.rs:251:13:251:14 | s2 | | main.rs:248:41:248:49 | T2 | -| main.rs:251:18:251:18 | y | | main.rs:248:52:248:66 | T | -| main.rs:251:18:251:24 | y.snd() | | main.rs:248:41:248:49 | T2 | -| main.rs:252:32:252:33 | s1 | | main.rs:197:5:198:14 | S1 | -| main.rs:252:36:252:37 | s2 | | main.rs:248:41:248:49 | T2 | -| main.rs:268:15:268:18 | SelfParam | | main.rs:267:5:276:5 | Self [trait MyTrait] | -| main.rs:270:15:270:18 | SelfParam | | main.rs:267:5:276:5 | Self [trait MyTrait] | -| main.rs:273:9:275:9 | { ... } | | main.rs:267:19:267:19 | A | -| main.rs:274:13:274:16 | self | | main.rs:267:5:276:5 | Self [trait MyTrait] | -| main.rs:274:13:274:21 | self.m1() | | main.rs:267:19:267:19 | A | -| main.rs:279:43:279:43 | x | | main.rs:279:26:279:40 | T2 | -| main.rs:279:56:281:5 | { ... } | | main.rs:279:22:279:23 | T1 | -| main.rs:280:9:280:9 | x | | main.rs:279:26:279:40 | T2 | -| main.rs:280:9:280:14 | x.m1() | | main.rs:279:22:279:23 | T1 | -| main.rs:284:49:284:49 | x | | main.rs:257:5:260:5 | MyThing | -| main.rs:284:49:284:49 | x | T | main.rs:284:32:284:46 | T2 | -| main.rs:284:71:286:5 | { ... } | | main.rs:284:28:284:29 | T1 | -| main.rs:285:9:285:9 | x | | main.rs:257:5:260:5 | MyThing | -| main.rs:285:9:285:9 | x | T | main.rs:284:32:284:46 | T2 | -| main.rs:285:9:285:11 | x.a | | main.rs:284:32:284:46 | T2 | -| main.rs:285:9:285:16 | ... .m1() | | main.rs:284:28:284:29 | T1 | -| main.rs:289:15:289:18 | SelfParam | | main.rs:257:5:260:5 | MyThing | -| main.rs:289:15:289:18 | SelfParam | T | main.rs:288:10:288:10 | T | -| main.rs:289:26:291:9 | { ... } | | main.rs:288:10:288:10 | T | -| main.rs:290:13:290:16 | self | | main.rs:257:5:260:5 | MyThing | -| main.rs:290:13:290:16 | self | T | main.rs:288:10:288:10 | T | -| main.rs:290:13:290:18 | self.a | | main.rs:288:10:288:10 | T | -| main.rs:295:13:295:13 | x | | main.rs:257:5:260:5 | MyThing | -| main.rs:295:13:295:13 | x | T | main.rs:262:5:263:14 | S1 | -| main.rs:295:17:295:33 | MyThing {...} | | main.rs:257:5:260:5 | MyThing | -| main.rs:295:17:295:33 | MyThing {...} | T | main.rs:262:5:263:14 | S1 | -| main.rs:295:30:295:31 | S1 | | main.rs:262:5:263:14 | S1 | -| main.rs:296:13:296:13 | y | | main.rs:257:5:260:5 | MyThing | -| main.rs:296:13:296:13 | y | T | main.rs:264:5:265:14 | S2 | -| main.rs:296:17:296:33 | MyThing {...} | | main.rs:257:5:260:5 | MyThing | -| main.rs:296:17:296:33 | MyThing {...} | T | main.rs:264:5:265:14 | S2 | -| main.rs:296:30:296:31 | S2 | | main.rs:264:5:265:14 | S2 | -| main.rs:298:26:298:26 | x | | main.rs:257:5:260:5 | MyThing | -| main.rs:298:26:298:26 | x | T | main.rs:262:5:263:14 | S1 | -| main.rs:298:26:298:31 | x.m1() | | main.rs:262:5:263:14 | S1 | -| main.rs:299:26:299:26 | y | | main.rs:257:5:260:5 | MyThing | -| main.rs:299:26:299:26 | y | T | main.rs:264:5:265:14 | S2 | -| main.rs:299:26:299:31 | y.m1() | | main.rs:264:5:265:14 | S2 | -| main.rs:301:13:301:13 | x | | main.rs:257:5:260:5 | MyThing | -| main.rs:301:13:301:13 | x | T | main.rs:262:5:263:14 | S1 | -| main.rs:301:17:301:33 | MyThing {...} | | main.rs:257:5:260:5 | MyThing | -| main.rs:301:17:301:33 | MyThing {...} | T | main.rs:262:5:263:14 | S1 | -| main.rs:301:30:301:31 | S1 | | main.rs:262:5:263:14 | S1 | -| main.rs:302:13:302:13 | y | | main.rs:257:5:260:5 | MyThing | -| main.rs:302:13:302:13 | y | T | main.rs:264:5:265:14 | S2 | -| main.rs:302:17:302:33 | MyThing {...} | | main.rs:257:5:260:5 | MyThing | -| main.rs:302:17:302:33 | MyThing {...} | T | main.rs:264:5:265:14 | S2 | -| main.rs:302:30:302:31 | S2 | | main.rs:264:5:265:14 | S2 | -| main.rs:304:26:304:26 | x | | main.rs:257:5:260:5 | MyThing | -| main.rs:304:26:304:26 | x | T | main.rs:262:5:263:14 | S1 | -| main.rs:304:26:304:31 | x.m2() | | main.rs:262:5:263:14 | S1 | -| main.rs:305:26:305:26 | y | | main.rs:257:5:260:5 | MyThing | -| main.rs:305:26:305:26 | y | T | main.rs:264:5:265:14 | S2 | -| main.rs:305:26:305:31 | y.m2() | | main.rs:264:5:265:14 | S2 | -| main.rs:307:13:307:14 | x2 | | main.rs:257:5:260:5 | MyThing | -| main.rs:307:13:307:14 | x2 | T | main.rs:262:5:263:14 | S1 | -| main.rs:307:18:307:34 | MyThing {...} | | main.rs:257:5:260:5 | MyThing | -| main.rs:307:18:307:34 | MyThing {...} | T | main.rs:262:5:263:14 | S1 | -| main.rs:307:31:307:32 | S1 | | main.rs:262:5:263:14 | S1 | -| main.rs:308:13:308:14 | y2 | | main.rs:257:5:260:5 | MyThing | -| main.rs:308:13:308:14 | y2 | T | main.rs:264:5:265:14 | S2 | -| main.rs:308:18:308:34 | MyThing {...} | | main.rs:257:5:260:5 | MyThing | -| main.rs:308:18:308:34 | MyThing {...} | T | main.rs:264:5:265:14 | S2 | -| main.rs:308:31:308:32 | S2 | | main.rs:264:5:265:14 | S2 | -| main.rs:310:26:310:42 | call_trait_m1(...) | | main.rs:262:5:263:14 | S1 | -| main.rs:310:40:310:41 | x2 | | main.rs:257:5:260:5 | MyThing | -| main.rs:310:40:310:41 | x2 | T | main.rs:262:5:263:14 | S1 | -| main.rs:311:26:311:42 | call_trait_m1(...) | | main.rs:264:5:265:14 | S2 | -| main.rs:311:40:311:41 | y2 | | main.rs:257:5:260:5 | MyThing | -| main.rs:311:40:311:41 | y2 | T | main.rs:264:5:265:14 | S2 | -| main.rs:313:13:313:14 | x3 | | main.rs:257:5:260:5 | MyThing | -| main.rs:313:13:313:14 | x3 | T | main.rs:257:5:260:5 | MyThing | -| main.rs:313:13:313:14 | x3 | T.T | main.rs:262:5:263:14 | S1 | -| main.rs:313:18:315:9 | MyThing {...} | | main.rs:257:5:260:5 | MyThing | -| main.rs:313:18:315:9 | MyThing {...} | T | main.rs:257:5:260:5 | MyThing | -| main.rs:313:18:315:9 | MyThing {...} | T.T | main.rs:262:5:263:14 | S1 | -| main.rs:314:16:314:32 | MyThing {...} | | main.rs:257:5:260:5 | MyThing | -| main.rs:314:16:314:32 | MyThing {...} | T | main.rs:262:5:263:14 | S1 | -| main.rs:314:29:314:30 | S1 | | main.rs:262:5:263:14 | S1 | -| main.rs:316:13:316:14 | y3 | | main.rs:257:5:260:5 | MyThing | -| main.rs:316:13:316:14 | y3 | T | main.rs:257:5:260:5 | MyThing | -| main.rs:316:13:316:14 | y3 | T.T | main.rs:264:5:265:14 | S2 | -| main.rs:316:18:318:9 | MyThing {...} | | main.rs:257:5:260:5 | MyThing | -| main.rs:316:18:318:9 | MyThing {...} | T | main.rs:257:5:260:5 | MyThing | -| main.rs:316:18:318:9 | MyThing {...} | T.T | main.rs:264:5:265:14 | S2 | -| main.rs:317:16:317:32 | MyThing {...} | | main.rs:257:5:260:5 | MyThing | -| main.rs:317:16:317:32 | MyThing {...} | T | main.rs:264:5:265:14 | S2 | -| main.rs:317:29:317:30 | S2 | | main.rs:264:5:265:14 | S2 | -| main.rs:320:26:320:48 | call_trait_thing_m1(...) | | main.rs:262:5:263:14 | S1 | -| main.rs:320:46:320:47 | x3 | | main.rs:257:5:260:5 | MyThing | -| main.rs:320:46:320:47 | x3 | T | main.rs:257:5:260:5 | MyThing | -| main.rs:320:46:320:47 | x3 | T.T | main.rs:262:5:263:14 | S1 | -| main.rs:321:26:321:48 | call_trait_thing_m1(...) | | main.rs:264:5:265:14 | S2 | -| main.rs:321:46:321:47 | y3 | | main.rs:257:5:260:5 | MyThing | -| main.rs:321:46:321:47 | y3 | T | main.rs:257:5:260:5 | MyThing | -| main.rs:321:46:321:47 | y3 | T.T | main.rs:264:5:265:14 | S2 | -| main.rs:329:15:329:18 | SelfParam | | main.rs:326:5:338:5 | Self [trait MyTrait] | -| main.rs:331:15:331:18 | SelfParam | | main.rs:326:5:338:5 | Self [trait MyTrait] | -| main.rs:346:15:346:18 | SelfParam | | main.rs:340:5:341:13 | S | -| main.rs:346:45:348:9 | { ... } | | main.rs:340:5:341:13 | S | -| main.rs:347:13:347:13 | S | | main.rs:340:5:341:13 | S | -| main.rs:352:13:352:13 | x | | main.rs:340:5:341:13 | S | -| main.rs:352:17:352:17 | S | | main.rs:340:5:341:13 | S | -| main.rs:353:26:353:26 | x | | main.rs:340:5:341:13 | S | -| main.rs:353:26:353:31 | x.m1() | | main.rs:340:5:341:13 | S | -| main.rs:355:13:355:13 | x | | main.rs:340:5:341:13 | S | -| main.rs:355:17:355:17 | S | | main.rs:340:5:341:13 | S | -| main.rs:356:26:356:26 | x | | main.rs:340:5:341:13 | S | -| main.rs:373:15:373:18 | SelfParam | | main.rs:361:5:365:5 | MyEnum | -| main.rs:373:15:373:18 | SelfParam | A | main.rs:372:10:372:10 | T | -| main.rs:373:26:378:9 | { ... } | | main.rs:372:10:372:10 | T | -| main.rs:374:13:377:13 | match self { ... } | | main.rs:372:10:372:10 | T | -| main.rs:374:19:374:22 | self | | main.rs:361:5:365:5 | MyEnum | -| main.rs:374:19:374:22 | self | A | main.rs:372:10:372:10 | T | -| main.rs:375:28:375:28 | a | | main.rs:372:10:372:10 | T | -| main.rs:375:34:375:34 | a | | main.rs:372:10:372:10 | T | -| main.rs:376:30:376:30 | a | | main.rs:372:10:372:10 | T | -| main.rs:376:37:376:37 | a | | main.rs:372:10:372:10 | T | -| main.rs:382:13:382:13 | x | | main.rs:361:5:365:5 | MyEnum | -| main.rs:382:13:382:13 | x | A | main.rs:367:5:368:14 | S1 | -| main.rs:382:17:382:30 | ...::C1(...) | | main.rs:361:5:365:5 | MyEnum | -| main.rs:382:17:382:30 | ...::C1(...) | A | main.rs:367:5:368:14 | S1 | -| main.rs:382:28:382:29 | S1 | | main.rs:367:5:368:14 | S1 | -| main.rs:383:13:383:13 | y | | main.rs:361:5:365:5 | MyEnum | -| main.rs:383:13:383:13 | y | A | main.rs:369:5:370:14 | S2 | -| main.rs:383:17:383:36 | ...::C2 {...} | | main.rs:361:5:365:5 | MyEnum | -| main.rs:383:17:383:36 | ...::C2 {...} | A | main.rs:369:5:370:14 | S2 | -| main.rs:383:33:383:34 | S2 | | main.rs:369:5:370:14 | S2 | -| main.rs:385:26:385:26 | x | | main.rs:361:5:365:5 | MyEnum | -| main.rs:385:26:385:26 | x | A | main.rs:367:5:368:14 | S1 | -| main.rs:385:26:385:31 | x.m1() | | main.rs:367:5:368:14 | S1 | -| main.rs:386:26:386:26 | y | | main.rs:361:5:365:5 | MyEnum | -| main.rs:386:26:386:26 | y | A | main.rs:369:5:370:14 | S2 | -| main.rs:386:26:386:31 | y.m1() | | main.rs:369:5:370:14 | S2 | -| main.rs:407:15:407:18 | SelfParam | | main.rs:406:5:408:5 | Self [trait MyTrait1] | -| main.rs:411:15:411:18 | SelfParam | | main.rs:410:5:421:5 | Self [trait MyTrait2] | -| main.rs:414:9:420:9 | { ... } | | main.rs:410:20:410:22 | Tr2 | -| main.rs:415:13:419:13 | if ... {...} else {...} | | main.rs:410:20:410:22 | Tr2 | -| main.rs:415:26:417:13 | { ... } | | main.rs:410:20:410:22 | Tr2 | -| main.rs:416:17:416:20 | self | | main.rs:410:5:421:5 | Self [trait MyTrait2] | -| main.rs:416:17:416:25 | self.m1() | | main.rs:410:20:410:22 | Tr2 | -| main.rs:417:20:419:13 | { ... } | | main.rs:410:20:410:22 | Tr2 | -| main.rs:418:17:418:30 | ...::m1(...) | | main.rs:410:20:410:22 | Tr2 | -| main.rs:418:26:418:29 | self | | main.rs:410:5:421:5 | Self [trait MyTrait2] | -| main.rs:424:15:424:18 | SelfParam | | main.rs:423:5:434:5 | Self [trait MyTrait3] | -| main.rs:427:9:433:9 | { ... } | | main.rs:423:20:423:22 | Tr3 | -| main.rs:428:13:432:13 | if ... {...} else {...} | | main.rs:423:20:423:22 | Tr3 | -| main.rs:428:26:430:13 | { ... } | | main.rs:423:20:423:22 | Tr3 | -| main.rs:429:17:429:20 | self | | main.rs:423:5:434:5 | Self [trait MyTrait3] | -| main.rs:429:17:429:25 | self.m2() | | main.rs:391:5:394:5 | MyThing | -| main.rs:429:17:429:25 | self.m2() | A | main.rs:423:20:423:22 | Tr3 | -| main.rs:429:17:429:27 | ... .a | | main.rs:423:20:423:22 | Tr3 | -| main.rs:430:20:432:13 | { ... } | | main.rs:423:20:423:22 | Tr3 | -| main.rs:431:17:431:30 | ...::m2(...) | | main.rs:391:5:394:5 | MyThing | -| main.rs:431:17:431:30 | ...::m2(...) | A | main.rs:423:20:423:22 | Tr3 | -| main.rs:431:17:431:32 | ... .a | | main.rs:423:20:423:22 | Tr3 | -| main.rs:431:26:431:29 | self | | main.rs:423:5:434:5 | Self [trait MyTrait3] | -| main.rs:437:15:437:18 | SelfParam | | main.rs:391:5:394:5 | MyThing | -| main.rs:437:15:437:18 | SelfParam | A | main.rs:436:10:436:10 | T | -| main.rs:437:26:439:9 | { ... } | | main.rs:436:10:436:10 | T | -| main.rs:438:13:438:16 | self | | main.rs:391:5:394:5 | MyThing | -| main.rs:438:13:438:16 | self | A | main.rs:436:10:436:10 | T | -| main.rs:438:13:438:18 | self.a | | main.rs:436:10:436:10 | T | -| main.rs:445:15:445:18 | SelfParam | | main.rs:396:5:399:5 | MyThing2 | -| main.rs:445:15:445:18 | SelfParam | A | main.rs:444:10:444:10 | T | -| main.rs:445:35:447:9 | { ... } | | main.rs:391:5:394:5 | MyThing | -| main.rs:445:35:447:9 | { ... } | A | main.rs:444:10:444:10 | T | -| main.rs:446:13:446:33 | MyThing {...} | | main.rs:391:5:394:5 | MyThing | -| main.rs:446:13:446:33 | MyThing {...} | A | main.rs:444:10:444:10 | T | -| main.rs:446:26:446:29 | self | | main.rs:396:5:399:5 | MyThing2 | -| main.rs:446:26:446:29 | self | A | main.rs:444:10:444:10 | T | -| main.rs:446:26:446:31 | self.a | | main.rs:444:10:444:10 | T | -| main.rs:455:13:455:13 | x | | main.rs:391:5:394:5 | MyThing | -| main.rs:455:13:455:13 | x | A | main.rs:401:5:402:14 | S1 | -| main.rs:455:17:455:33 | MyThing {...} | | main.rs:391:5:394:5 | MyThing | -| main.rs:455:17:455:33 | MyThing {...} | A | main.rs:401:5:402:14 | S1 | -| main.rs:455:30:455:31 | S1 | | main.rs:401:5:402:14 | S1 | -| main.rs:456:13:456:13 | y | | main.rs:391:5:394:5 | MyThing | -| main.rs:456:13:456:13 | y | A | main.rs:403:5:404:14 | S2 | -| main.rs:456:17:456:33 | MyThing {...} | | main.rs:391:5:394:5 | MyThing | -| main.rs:456:17:456:33 | MyThing {...} | A | main.rs:403:5:404:14 | S2 | -| main.rs:456:30:456:31 | S2 | | main.rs:403:5:404:14 | S2 | -| main.rs:458:26:458:26 | x | | main.rs:391:5:394:5 | MyThing | -| main.rs:458:26:458:26 | x | A | main.rs:401:5:402:14 | S1 | -| main.rs:458:26:458:31 | x.m1() | | main.rs:401:5:402:14 | S1 | -| main.rs:459:26:459:26 | y | | main.rs:391:5:394:5 | MyThing | -| main.rs:459:26:459:26 | y | A | main.rs:403:5:404:14 | S2 | -| main.rs:459:26:459:31 | y.m1() | | main.rs:403:5:404:14 | S2 | -| main.rs:461:13:461:13 | x | | main.rs:391:5:394:5 | MyThing | -| main.rs:461:13:461:13 | x | A | main.rs:401:5:402:14 | S1 | -| main.rs:461:17:461:33 | MyThing {...} | | main.rs:391:5:394:5 | MyThing | -| main.rs:461:17:461:33 | MyThing {...} | A | main.rs:401:5:402:14 | S1 | -| main.rs:461:30:461:31 | S1 | | main.rs:401:5:402:14 | S1 | -| main.rs:462:13:462:13 | y | | main.rs:391:5:394:5 | MyThing | -| main.rs:462:13:462:13 | y | A | main.rs:403:5:404:14 | S2 | -| main.rs:462:17:462:33 | MyThing {...} | | main.rs:391:5:394:5 | MyThing | -| main.rs:462:17:462:33 | MyThing {...} | A | main.rs:403:5:404:14 | S2 | -| main.rs:462:30:462:31 | S2 | | main.rs:403:5:404:14 | S2 | -| main.rs:464:26:464:26 | x | | main.rs:391:5:394:5 | MyThing | -| main.rs:464:26:464:26 | x | A | main.rs:401:5:402:14 | S1 | -| main.rs:464:26:464:31 | x.m2() | | main.rs:401:5:402:14 | S1 | -| main.rs:465:26:465:26 | y | | main.rs:391:5:394:5 | MyThing | -| main.rs:465:26:465:26 | y | A | main.rs:403:5:404:14 | S2 | -| main.rs:465:26:465:31 | y.m2() | | main.rs:403:5:404:14 | S2 | -| main.rs:467:13:467:13 | x | | main.rs:396:5:399:5 | MyThing2 | -| main.rs:467:13:467:13 | x | A | main.rs:401:5:402:14 | S1 | -| main.rs:467:17:467:34 | MyThing2 {...} | | main.rs:396:5:399:5 | MyThing2 | -| main.rs:467:17:467:34 | MyThing2 {...} | A | main.rs:401:5:402:14 | S1 | -| main.rs:467:31:467:32 | S1 | | main.rs:401:5:402:14 | S1 | -| main.rs:468:13:468:13 | y | | main.rs:396:5:399:5 | MyThing2 | -| main.rs:468:13:468:13 | y | A | main.rs:403:5:404:14 | S2 | -| main.rs:468:17:468:34 | MyThing2 {...} | | main.rs:396:5:399:5 | MyThing2 | -| main.rs:468:17:468:34 | MyThing2 {...} | A | main.rs:403:5:404:14 | S2 | -| main.rs:468:31:468:32 | S2 | | main.rs:403:5:404:14 | S2 | -| main.rs:470:26:470:26 | x | | main.rs:396:5:399:5 | MyThing2 | -| main.rs:470:26:470:26 | x | A | main.rs:401:5:402:14 | S1 | -| main.rs:470:26:470:31 | x.m3() | | main.rs:401:5:402:14 | S1 | -| main.rs:471:26:471:26 | y | | main.rs:396:5:399:5 | MyThing2 | -| main.rs:471:26:471:26 | y | A | main.rs:403:5:404:14 | S2 | -| main.rs:471:26:471:31 | y.m3() | | main.rs:403:5:404:14 | S2 | -| main.rs:489:22:489:22 | x | | file://:0:0:0:0 | & | -| main.rs:489:22:489:22 | x | &T | main.rs:489:11:489:19 | T | -| main.rs:489:35:491:5 | { ... } | | file://:0:0:0:0 | & | -| main.rs:489:35:491:5 | { ... } | &T | main.rs:489:11:489:19 | T | -| main.rs:490:9:490:9 | x | | file://:0:0:0:0 | & | -| main.rs:490:9:490:9 | x | &T | main.rs:489:11:489:19 | T | -| main.rs:494:17:494:20 | SelfParam | | main.rs:479:5:480:14 | S1 | -| main.rs:494:29:496:9 | { ... } | | main.rs:482:5:483:14 | S2 | -| main.rs:495:13:495:14 | S2 | | main.rs:482:5:483:14 | S2 | -| main.rs:499:21:499:21 | x | | main.rs:499:13:499:14 | T1 | -| main.rs:502:5:504:5 | { ... } | | main.rs:499:17:499:18 | T2 | -| main.rs:503:9:503:9 | x | | main.rs:499:13:499:14 | T1 | -| main.rs:503:9:503:16 | x.into() | | main.rs:499:17:499:18 | T2 | -| main.rs:507:13:507:13 | x | | main.rs:479:5:480:14 | S1 | -| main.rs:507:17:507:18 | S1 | | main.rs:479:5:480:14 | S1 | -| main.rs:508:26:508:31 | id(...) | | file://:0:0:0:0 | & | -| main.rs:508:26:508:31 | id(...) | &T | main.rs:479:5:480:14 | S1 | -| main.rs:508:29:508:30 | &x | | file://:0:0:0:0 | & | -| main.rs:508:29:508:30 | &x | &T | main.rs:479:5:480:14 | S1 | -| main.rs:508:30:508:30 | x | | main.rs:479:5:480:14 | S1 | -| main.rs:510:13:510:13 | x | | main.rs:479:5:480:14 | S1 | -| main.rs:510:17:510:18 | S1 | | main.rs:479:5:480:14 | S1 | -| main.rs:511:26:511:37 | id::<...>(...) | | file://:0:0:0:0 | & | -| main.rs:511:26:511:37 | id::<...>(...) | &T | main.rs:479:5:480:14 | S1 | -| main.rs:511:35:511:36 | &x | | file://:0:0:0:0 | & | -| main.rs:511:35:511:36 | &x | &T | main.rs:479:5:480:14 | S1 | -| main.rs:511:36:511:36 | x | | main.rs:479:5:480:14 | S1 | -| main.rs:513:13:513:13 | x | | main.rs:479:5:480:14 | S1 | -| main.rs:513:17:513:18 | S1 | | main.rs:479:5:480:14 | S1 | -| main.rs:514:26:514:44 | id::<...>(...) | | file://:0:0:0:0 | & | -| main.rs:514:26:514:44 | id::<...>(...) | &T | main.rs:479:5:480:14 | S1 | -| main.rs:514:42:514:43 | &x | | file://:0:0:0:0 | & | -| main.rs:514:42:514:43 | &x | &T | main.rs:479:5:480:14 | S1 | -| main.rs:514:43:514:43 | x | | main.rs:479:5:480:14 | S1 | -| main.rs:516:13:516:13 | x | | main.rs:479:5:480:14 | S1 | -| main.rs:516:17:516:18 | S1 | | main.rs:479:5:480:14 | S1 | -| main.rs:517:9:517:25 | into::<...>(...) | | main.rs:482:5:483:14 | S2 | -| main.rs:517:24:517:24 | x | | main.rs:479:5:480:14 | S1 | -| main.rs:519:13:519:13 | x | | main.rs:479:5:480:14 | S1 | -| main.rs:519:17:519:18 | S1 | | main.rs:479:5:480:14 | S1 | -| main.rs:520:13:520:13 | y | | main.rs:482:5:483:14 | S2 | -| main.rs:520:21:520:27 | into(...) | | main.rs:482:5:483:14 | S2 | -| main.rs:520:26:520:26 | x | | main.rs:479:5:480:14 | S1 | -| main.rs:550:13:550:14 | p1 | | main.rs:525:5:531:5 | PairOption | -| main.rs:550:13:550:14 | p1 | Fst | main.rs:533:5:534:14 | S1 | -| main.rs:550:13:550:14 | p1 | Snd | main.rs:536:5:537:14 | S2 | -| main.rs:550:26:550:53 | ...::PairBoth(...) | | main.rs:525:5:531:5 | PairOption | -| main.rs:550:26:550:53 | ...::PairBoth(...) | Fst | main.rs:533:5:534:14 | S1 | -| main.rs:550:26:550:53 | ...::PairBoth(...) | Snd | main.rs:536:5:537:14 | S2 | -| main.rs:550:47:550:48 | S1 | | main.rs:533:5:534:14 | S1 | -| main.rs:550:51:550:52 | S2 | | main.rs:536:5:537:14 | S2 | -| main.rs:551:26:551:27 | p1 | | main.rs:525:5:531:5 | PairOption | -| main.rs:551:26:551:27 | p1 | Fst | main.rs:533:5:534:14 | S1 | -| main.rs:551:26:551:27 | p1 | Snd | main.rs:536:5:537:14 | S2 | -| main.rs:554:13:554:14 | p2 | | main.rs:525:5:531:5 | PairOption | -| main.rs:554:26:554:47 | ...::PairNone(...) | | main.rs:525:5:531:5 | PairOption | -| main.rs:555:26:555:27 | p2 | | main.rs:525:5:531:5 | PairOption | -| main.rs:558:13:558:14 | p3 | | main.rs:525:5:531:5 | PairOption | -| main.rs:558:13:558:14 | p3 | Snd | main.rs:539:5:540:14 | S3 | -| main.rs:558:34:558:56 | ...::PairSnd(...) | | main.rs:525:5:531:5 | PairOption | -| main.rs:558:34:558:56 | ...::PairSnd(...) | Snd | main.rs:539:5:540:14 | S3 | -| main.rs:558:54:558:55 | S3 | | main.rs:539:5:540:14 | S3 | -| main.rs:559:26:559:27 | p3 | | main.rs:525:5:531:5 | PairOption | -| main.rs:559:26:559:27 | p3 | Snd | main.rs:539:5:540:14 | S3 | -| main.rs:562:13:562:14 | p3 | | main.rs:525:5:531:5 | PairOption | -| main.rs:562:13:562:14 | p3 | Fst | main.rs:539:5:540:14 | S3 | -| main.rs:562:35:562:56 | ...::PairNone(...) | | main.rs:525:5:531:5 | PairOption | -| main.rs:562:35:562:56 | ...::PairNone(...) | Fst | main.rs:539:5:540:14 | S3 | -| main.rs:563:26:563:27 | p3 | | main.rs:525:5:531:5 | PairOption | -| main.rs:563:26:563:27 | p3 | Fst | main.rs:539:5:540:14 | S3 | -| main.rs:575:16:575:24 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:575:16:575:24 | SelfParam | &T | main.rs:574:5:580:5 | Self [trait MyTrait] | -| main.rs:575:27:575:31 | value | | main.rs:574:19:574:19 | S | -| main.rs:577:21:577:29 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:577:21:577:29 | SelfParam | &T | main.rs:574:5:580:5 | Self [trait MyTrait] | -| main.rs:577:32:577:36 | value | | main.rs:574:19:574:19 | S | -| main.rs:578:13:578:16 | self | | file://:0:0:0:0 | & | -| main.rs:578:13:578:16 | self | &T | main.rs:574:5:580:5 | Self [trait MyTrait] | -| main.rs:578:22:578:26 | value | | main.rs:574:19:574:19 | S | -| main.rs:583:16:583:24 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:583:16:583:24 | SelfParam | &T | main.rs:568:5:572:5 | MyOption | -| main.rs:583:16:583:24 | SelfParam | &T.T | main.rs:582:10:582:10 | T | -| main.rs:583:27:583:31 | value | | main.rs:582:10:582:10 | T | -| main.rs:587:26:589:9 | { ... } | | main.rs:568:5:572:5 | MyOption | -| main.rs:587:26:589:9 | { ... } | T | main.rs:586:10:586:10 | T | -| main.rs:588:13:588:30 | ...::MyNone(...) | | main.rs:568:5:572:5 | MyOption | -| main.rs:588:13:588:30 | ...::MyNone(...) | T | main.rs:586:10:586:10 | T | -| main.rs:593:20:593:23 | SelfParam | | main.rs:568:5:572:5 | MyOption | -| main.rs:593:20:593:23 | SelfParam | T | main.rs:568:5:572:5 | MyOption | -| main.rs:593:20:593:23 | SelfParam | T.T | main.rs:592:10:592:10 | T | -| main.rs:593:41:598:9 | { ... } | | main.rs:568:5:572:5 | MyOption | -| main.rs:593:41:598:9 | { ... } | T | main.rs:592:10:592:10 | T | -| main.rs:594:13:597:13 | match self { ... } | | main.rs:568:5:572:5 | MyOption | -| main.rs:594:13:597:13 | match self { ... } | T | main.rs:592:10:592:10 | T | -| main.rs:594:19:594:22 | self | | main.rs:568:5:572:5 | MyOption | -| main.rs:594:19:594:22 | self | T | main.rs:568:5:572:5 | MyOption | -| main.rs:594:19:594:22 | self | T.T | main.rs:592:10:592:10 | T | -| main.rs:595:39:595:56 | ...::MyNone(...) | | main.rs:568:5:572:5 | MyOption | -| main.rs:595:39:595:56 | ...::MyNone(...) | T | main.rs:592:10:592:10 | T | -| main.rs:596:34:596:34 | x | | main.rs:568:5:572:5 | MyOption | -| main.rs:596:34:596:34 | x | T | main.rs:592:10:592:10 | T | -| main.rs:596:40:596:40 | x | | main.rs:568:5:572:5 | MyOption | -| main.rs:596:40:596:40 | x | T | main.rs:592:10:592:10 | T | -| main.rs:605:13:605:14 | x1 | | main.rs:568:5:572:5 | MyOption | -| main.rs:605:18:605:37 | ...::new(...) | | main.rs:568:5:572:5 | MyOption | -| main.rs:606:26:606:27 | x1 | | main.rs:568:5:572:5 | MyOption | -| main.rs:608:13:608:18 | mut x2 | | main.rs:568:5:572:5 | MyOption | -| main.rs:608:13:608:18 | mut x2 | T | main.rs:601:5:602:13 | S | -| main.rs:608:22:608:36 | ...::new(...) | | main.rs:568:5:572:5 | MyOption | -| main.rs:608:22:608:36 | ...::new(...) | T | main.rs:601:5:602:13 | S | -| main.rs:609:9:609:10 | x2 | | main.rs:568:5:572:5 | MyOption | -| main.rs:609:9:609:10 | x2 | T | main.rs:601:5:602:13 | S | -| main.rs:609:16:609:16 | S | | main.rs:601:5:602:13 | S | -| main.rs:610:26:610:27 | x2 | | main.rs:568:5:572:5 | MyOption | -| main.rs:610:26:610:27 | x2 | T | main.rs:601:5:602:13 | S | -| main.rs:612:13:612:18 | mut x3 | | main.rs:568:5:572:5 | MyOption | -| main.rs:612:22:612:36 | ...::new(...) | | main.rs:568:5:572:5 | MyOption | -| main.rs:613:9:613:10 | x3 | | main.rs:568:5:572:5 | MyOption | -| main.rs:613:21:613:21 | S | | main.rs:601:5:602:13 | S | -| main.rs:614:26:614:27 | x3 | | main.rs:568:5:572:5 | MyOption | -| main.rs:616:13:616:18 | mut x4 | | main.rs:568:5:572:5 | MyOption | -| main.rs:616:13:616:18 | mut x4 | T | main.rs:601:5:602:13 | S | -| main.rs:616:22:616:36 | ...::new(...) | | main.rs:568:5:572:5 | MyOption | -| main.rs:616:22:616:36 | ...::new(...) | T | main.rs:601:5:602:13 | S | -| main.rs:617:23:617:29 | &mut x4 | | file://:0:0:0:0 | & | -| main.rs:617:23:617:29 | &mut x4 | &T | main.rs:568:5:572:5 | MyOption | -| main.rs:617:23:617:29 | &mut x4 | &T.T | main.rs:601:5:602:13 | S | -| main.rs:617:28:617:29 | x4 | | main.rs:568:5:572:5 | MyOption | -| main.rs:617:28:617:29 | x4 | T | main.rs:601:5:602:13 | S | -| main.rs:617:32:617:32 | S | | main.rs:601:5:602:13 | S | -| main.rs:618:26:618:27 | x4 | | main.rs:568:5:572:5 | MyOption | -| main.rs:618:26:618:27 | x4 | T | main.rs:601:5:602:13 | S | -| main.rs:620:13:620:14 | x5 | | main.rs:568:5:572:5 | MyOption | -| main.rs:620:13:620:14 | x5 | T | main.rs:568:5:572:5 | MyOption | -| main.rs:620:13:620:14 | x5 | T.T | main.rs:601:5:602:13 | S | -| main.rs:620:18:620:58 | ...::MySome(...) | | main.rs:568:5:572:5 | MyOption | -| main.rs:620:18:620:58 | ...::MySome(...) | T | main.rs:568:5:572:5 | MyOption | -| main.rs:620:18:620:58 | ...::MySome(...) | T.T | main.rs:601:5:602:13 | S | -| main.rs:620:35:620:57 | ...::MyNone(...) | | main.rs:568:5:572:5 | MyOption | -| main.rs:620:35:620:57 | ...::MyNone(...) | T | main.rs:601:5:602:13 | S | -| main.rs:621:26:621:27 | x5 | | main.rs:568:5:572:5 | MyOption | -| main.rs:621:26:621:27 | x5 | T | main.rs:568:5:572:5 | MyOption | -| main.rs:621:26:621:27 | x5 | T.T | main.rs:601:5:602:13 | S | -| main.rs:623:13:623:14 | x6 | | main.rs:568:5:572:5 | MyOption | -| main.rs:623:13:623:14 | x6 | T | main.rs:568:5:572:5 | MyOption | -| main.rs:623:13:623:14 | x6 | T.T | main.rs:601:5:602:13 | S | -| main.rs:623:18:623:58 | ...::MySome(...) | | main.rs:568:5:572:5 | MyOption | -| main.rs:623:18:623:58 | ...::MySome(...) | T | main.rs:568:5:572:5 | MyOption | -| main.rs:623:18:623:58 | ...::MySome(...) | T.T | main.rs:601:5:602:13 | S | -| main.rs:623:35:623:57 | ...::MyNone(...) | | main.rs:568:5:572:5 | MyOption | -| main.rs:623:35:623:57 | ...::MyNone(...) | T | main.rs:601:5:602:13 | S | -| main.rs:624:26:624:61 | ...::flatten(...) | | main.rs:568:5:572:5 | MyOption | -| main.rs:624:26:624:61 | ...::flatten(...) | T | main.rs:601:5:602:13 | S | -| main.rs:624:59:624:60 | x6 | | main.rs:568:5:572:5 | MyOption | -| main.rs:624:59:624:60 | x6 | T | main.rs:568:5:572:5 | MyOption | -| main.rs:624:59:624:60 | x6 | T.T | main.rs:601:5:602:13 | S | -| main.rs:626:13:626:19 | from_if | | main.rs:568:5:572:5 | MyOption | -| main.rs:626:13:626:19 | from_if | T | main.rs:601:5:602:13 | S | -| main.rs:626:23:630:9 | if ... {...} else {...} | | main.rs:568:5:572:5 | MyOption | -| main.rs:626:23:630:9 | if ... {...} else {...} | T | main.rs:601:5:602:13 | S | -| main.rs:626:36:628:9 | { ... } | | main.rs:568:5:572:5 | MyOption | -| main.rs:626:36:628:9 | { ... } | T | main.rs:601:5:602:13 | S | -| main.rs:627:13:627:30 | ...::MyNone(...) | | main.rs:568:5:572:5 | MyOption | -| main.rs:627:13:627:30 | ...::MyNone(...) | T | main.rs:601:5:602:13 | S | -| main.rs:628:16:630:9 | { ... } | | main.rs:568:5:572:5 | MyOption | -| main.rs:628:16:630:9 | { ... } | T | main.rs:601:5:602:13 | S | -| main.rs:629:13:629:31 | ...::MySome(...) | | main.rs:568:5:572:5 | MyOption | -| main.rs:629:13:629:31 | ...::MySome(...) | T | main.rs:601:5:602:13 | S | -| main.rs:629:30:629:30 | S | | main.rs:601:5:602:13 | S | -| main.rs:631:26:631:32 | from_if | | main.rs:568:5:572:5 | MyOption | -| main.rs:631:26:631:32 | from_if | T | main.rs:601:5:602:13 | S | -| main.rs:633:13:633:22 | from_match | | main.rs:568:5:572:5 | MyOption | -| main.rs:633:13:633:22 | from_match | T | main.rs:601:5:602:13 | S | -| main.rs:633:26:636:9 | match ... { ... } | | main.rs:568:5:572:5 | MyOption | -| main.rs:633:26:636:9 | match ... { ... } | T | main.rs:601:5:602:13 | S | -| main.rs:634:21:634:38 | ...::MyNone(...) | | main.rs:568:5:572:5 | MyOption | -| main.rs:634:21:634:38 | ...::MyNone(...) | T | main.rs:601:5:602:13 | S | -| main.rs:635:22:635:40 | ...::MySome(...) | | main.rs:568:5:572:5 | MyOption | -| main.rs:635:22:635:40 | ...::MySome(...) | T | main.rs:601:5:602:13 | S | -| main.rs:635:39:635:39 | S | | main.rs:601:5:602:13 | S | -| main.rs:637:26:637:35 | from_match | | main.rs:568:5:572:5 | MyOption | -| main.rs:637:26:637:35 | from_match | T | main.rs:601:5:602:13 | S | -| main.rs:639:13:639:21 | from_loop | | main.rs:568:5:572:5 | MyOption | -| main.rs:639:13:639:21 | from_loop | T | main.rs:601:5:602:13 | S | -| main.rs:639:25:644:9 | loop { ... } | | main.rs:568:5:572:5 | MyOption | -| main.rs:639:25:644:9 | loop { ... } | T | main.rs:601:5:602:13 | S | -| main.rs:641:23:641:40 | ...::MyNone(...) | | main.rs:568:5:572:5 | MyOption | -| main.rs:641:23:641:40 | ...::MyNone(...) | T | main.rs:601:5:602:13 | S | -| main.rs:643:19:643:37 | ...::MySome(...) | | main.rs:568:5:572:5 | MyOption | -| main.rs:643:19:643:37 | ...::MySome(...) | T | main.rs:601:5:602:13 | S | -| main.rs:643:36:643:36 | S | | main.rs:601:5:602:13 | S | -| main.rs:645:26:645:34 | from_loop | | main.rs:568:5:572:5 | MyOption | -| main.rs:645:26:645:34 | from_loop | T | main.rs:601:5:602:13 | S | -| main.rs:658:15:658:18 | SelfParam | | main.rs:651:5:652:19 | S | -| main.rs:658:15:658:18 | SelfParam | T | main.rs:657:10:657:10 | T | -| main.rs:658:26:660:9 | { ... } | | main.rs:657:10:657:10 | T | -| main.rs:659:13:659:16 | self | | main.rs:651:5:652:19 | S | -| main.rs:659:13:659:16 | self | T | main.rs:657:10:657:10 | T | -| main.rs:659:13:659:18 | self.0 | | main.rs:657:10:657:10 | T | -| main.rs:662:15:662:19 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:662:15:662:19 | SelfParam | &T | main.rs:651:5:652:19 | S | -| main.rs:662:15:662:19 | SelfParam | &T.T | main.rs:657:10:657:10 | T | -| main.rs:662:28:664:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:662:28:664:9 | { ... } | &T | main.rs:657:10:657:10 | T | -| main.rs:663:13:663:19 | &... | | file://:0:0:0:0 | & | -| main.rs:663:13:663:19 | &... | &T | main.rs:657:10:657:10 | T | -| main.rs:663:14:663:17 | self | | file://:0:0:0:0 | & | -| main.rs:663:14:663:17 | self | &T | main.rs:651:5:652:19 | S | -| main.rs:663:14:663:17 | self | &T.T | main.rs:657:10:657:10 | T | -| main.rs:663:14:663:19 | self.0 | | main.rs:657:10:657:10 | T | -| main.rs:666:15:666:25 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:666:15:666:25 | SelfParam | &T | main.rs:651:5:652:19 | S | -| main.rs:666:15:666:25 | SelfParam | &T.T | main.rs:657:10:657:10 | T | -| main.rs:666:34:668:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:666:34:668:9 | { ... } | &T | main.rs:657:10:657:10 | T | -| main.rs:667:13:667:19 | &... | | file://:0:0:0:0 | & | -| main.rs:667:13:667:19 | &... | &T | main.rs:657:10:657:10 | T | -| main.rs:667:14:667:17 | self | | file://:0:0:0:0 | & | -| main.rs:667:14:667:17 | self | &T | main.rs:651:5:652:19 | S | -| main.rs:667:14:667:17 | self | &T.T | main.rs:657:10:657:10 | T | -| main.rs:667:14:667:19 | self.0 | | main.rs:657:10:657:10 | T | -| main.rs:672:13:672:14 | x1 | | main.rs:651:5:652:19 | S | -| main.rs:672:13:672:14 | x1 | T | main.rs:654:5:655:14 | S2 | -| main.rs:672:18:672:22 | S(...) | | main.rs:651:5:652:19 | S | -| main.rs:672:18:672:22 | S(...) | T | main.rs:654:5:655:14 | S2 | -| main.rs:672:20:672:21 | S2 | | main.rs:654:5:655:14 | S2 | -| main.rs:673:26:673:27 | x1 | | main.rs:651:5:652:19 | S | -| main.rs:673:26:673:27 | x1 | T | main.rs:654:5:655:14 | S2 | -| main.rs:673:26:673:32 | x1.m1() | | main.rs:654:5:655:14 | S2 | -| main.rs:675:13:675:14 | x2 | | main.rs:651:5:652:19 | S | -| main.rs:675:13:675:14 | x2 | T | main.rs:654:5:655:14 | S2 | -| main.rs:675:18:675:22 | S(...) | | main.rs:651:5:652:19 | S | -| main.rs:675:18:675:22 | S(...) | T | main.rs:654:5:655:14 | S2 | -| main.rs:675:20:675:21 | S2 | | main.rs:654:5:655:14 | S2 | -| main.rs:677:26:677:27 | x2 | | main.rs:651:5:652:19 | S | -| main.rs:677:26:677:27 | x2 | T | main.rs:654:5:655:14 | S2 | -| main.rs:677:26:677:32 | x2.m2() | | file://:0:0:0:0 | & | -| main.rs:677:26:677:32 | x2.m2() | &T | main.rs:654:5:655:14 | S2 | -| main.rs:678:26:678:27 | x2 | | main.rs:651:5:652:19 | S | -| main.rs:678:26:678:27 | x2 | T | main.rs:654:5:655:14 | S2 | -| main.rs:678:26:678:32 | x2.m3() | | file://:0:0:0:0 | & | -| main.rs:678:26:678:32 | x2.m3() | &T | main.rs:654:5:655:14 | S2 | -| main.rs:680:13:680:14 | x3 | | main.rs:651:5:652:19 | S | -| main.rs:680:13:680:14 | x3 | T | main.rs:654:5:655:14 | S2 | -| main.rs:680:18:680:22 | S(...) | | main.rs:651:5:652:19 | S | -| main.rs:680:18:680:22 | S(...) | T | main.rs:654:5:655:14 | S2 | -| main.rs:680:20:680:21 | S2 | | main.rs:654:5:655:14 | S2 | -| main.rs:682:26:682:41 | ...::m2(...) | | file://:0:0:0:0 | & | -| main.rs:682:26:682:41 | ...::m2(...) | &T | main.rs:654:5:655:14 | S2 | -| main.rs:682:38:682:40 | &x3 | | file://:0:0:0:0 | & | -| main.rs:682:38:682:40 | &x3 | &T | main.rs:651:5:652:19 | S | -| main.rs:682:38:682:40 | &x3 | &T.T | main.rs:654:5:655:14 | S2 | -| main.rs:682:39:682:40 | x3 | | main.rs:651:5:652:19 | S | -| main.rs:682:39:682:40 | x3 | T | main.rs:654:5:655:14 | S2 | -| main.rs:683:26:683:41 | ...::m3(...) | | file://:0:0:0:0 | & | -| main.rs:683:26:683:41 | ...::m3(...) | &T | main.rs:654:5:655:14 | S2 | -| main.rs:683:38:683:40 | &x3 | | file://:0:0:0:0 | & | -| main.rs:683:38:683:40 | &x3 | &T | main.rs:651:5:652:19 | S | -| main.rs:683:38:683:40 | &x3 | &T.T | main.rs:654:5:655:14 | S2 | -| main.rs:683:39:683:40 | x3 | | main.rs:651:5:652:19 | S | -| main.rs:683:39:683:40 | x3 | T | main.rs:654:5:655:14 | S2 | -| main.rs:685:13:685:14 | x4 | | file://:0:0:0:0 | & | -| main.rs:685:13:685:14 | x4 | &T | main.rs:651:5:652:19 | S | -| main.rs:685:13:685:14 | x4 | &T.T | main.rs:654:5:655:14 | S2 | -| main.rs:685:18:685:23 | &... | | file://:0:0:0:0 | & | -| main.rs:685:18:685:23 | &... | &T | main.rs:651:5:652:19 | S | -| main.rs:685:18:685:23 | &... | &T.T | main.rs:654:5:655:14 | S2 | -| main.rs:685:19:685:23 | S(...) | | main.rs:651:5:652:19 | S | -| main.rs:685:19:685:23 | S(...) | T | main.rs:654:5:655:14 | S2 | -| main.rs:685:21:685:22 | S2 | | main.rs:654:5:655:14 | S2 | -| main.rs:687:26:687:27 | x4 | | file://:0:0:0:0 | & | -| main.rs:687:26:687:27 | x4 | &T | main.rs:651:5:652:19 | S | -| main.rs:687:26:687:27 | x4 | &T.T | main.rs:654:5:655:14 | S2 | -| main.rs:687:26:687:32 | x4.m2() | | file://:0:0:0:0 | & | -| main.rs:687:26:687:32 | x4.m2() | &T | main.rs:654:5:655:14 | S2 | -| main.rs:688:26:688:27 | x4 | | file://:0:0:0:0 | & | -| main.rs:688:26:688:27 | x4 | &T | main.rs:651:5:652:19 | S | -| main.rs:688:26:688:27 | x4 | &T.T | main.rs:654:5:655:14 | S2 | -| main.rs:688:26:688:32 | x4.m3() | | file://:0:0:0:0 | & | -| main.rs:688:26:688:32 | x4.m3() | &T | main.rs:654:5:655:14 | S2 | -| main.rs:690:13:690:14 | x5 | | file://:0:0:0:0 | & | -| main.rs:690:13:690:14 | x5 | &T | main.rs:651:5:652:19 | S | -| main.rs:690:13:690:14 | x5 | &T.T | main.rs:654:5:655:14 | S2 | -| main.rs:690:18:690:23 | &... | | file://:0:0:0:0 | & | -| main.rs:690:18:690:23 | &... | &T | main.rs:651:5:652:19 | S | -| main.rs:690:18:690:23 | &... | &T.T | main.rs:654:5:655:14 | S2 | -| main.rs:690:19:690:23 | S(...) | | main.rs:651:5:652:19 | S | -| main.rs:690:19:690:23 | S(...) | T | main.rs:654:5:655:14 | S2 | -| main.rs:690:21:690:22 | S2 | | main.rs:654:5:655:14 | S2 | -| main.rs:692:26:692:27 | x5 | | file://:0:0:0:0 | & | -| main.rs:692:26:692:27 | x5 | &T | main.rs:651:5:652:19 | S | -| main.rs:692:26:692:27 | x5 | &T.T | main.rs:654:5:655:14 | S2 | -| main.rs:692:26:692:32 | x5.m1() | | main.rs:654:5:655:14 | S2 | -| main.rs:693:26:693:27 | x5 | | file://:0:0:0:0 | & | -| main.rs:693:26:693:27 | x5 | &T | main.rs:651:5:652:19 | S | -| main.rs:693:26:693:27 | x5 | &T.T | main.rs:654:5:655:14 | S2 | -| main.rs:693:26:693:29 | x5.0 | | main.rs:654:5:655:14 | S2 | -| main.rs:695:13:695:14 | x6 | | file://:0:0:0:0 | & | -| main.rs:695:13:695:14 | x6 | &T | main.rs:651:5:652:19 | S | -| main.rs:695:13:695:14 | x6 | &T.T | main.rs:654:5:655:14 | S2 | -| main.rs:695:18:695:23 | &... | | file://:0:0:0:0 | & | -| main.rs:695:18:695:23 | &... | &T | main.rs:651:5:652:19 | S | -| main.rs:695:18:695:23 | &... | &T.T | main.rs:654:5:655:14 | S2 | -| main.rs:695:19:695:23 | S(...) | | main.rs:651:5:652:19 | S | -| main.rs:695:19:695:23 | S(...) | T | main.rs:654:5:655:14 | S2 | -| main.rs:695:21:695:22 | S2 | | main.rs:654:5:655:14 | S2 | -| main.rs:697:26:697:30 | (...) | | main.rs:651:5:652:19 | S | -| main.rs:697:26:697:30 | (...) | T | main.rs:654:5:655:14 | S2 | -| main.rs:697:26:697:35 | ... .m1() | | main.rs:654:5:655:14 | S2 | -| main.rs:697:27:697:29 | * ... | | main.rs:651:5:652:19 | S | -| main.rs:697:27:697:29 | * ... | T | main.rs:654:5:655:14 | S2 | -| main.rs:697:28:697:29 | x6 | | file://:0:0:0:0 | & | -| main.rs:697:28:697:29 | x6 | &T | main.rs:651:5:652:19 | S | -| main.rs:697:28:697:29 | x6 | &T.T | main.rs:654:5:655:14 | S2 | -| main.rs:703:16:703:20 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:703:16:703:20 | SelfParam | &T | main.rs:702:5:708:5 | Self [trait MyTrait] | -| main.rs:705:16:705:20 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:705:16:705:20 | SelfParam | &T | main.rs:702:5:708:5 | Self [trait MyTrait] | -| main.rs:705:32:707:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:705:32:707:9 | { ... } | &T | main.rs:702:5:708:5 | Self [trait MyTrait] | -| main.rs:706:13:706:16 | self | | file://:0:0:0:0 | & | -| main.rs:706:13:706:16 | self | &T | main.rs:702:5:708:5 | Self [trait MyTrait] | -| main.rs:706:13:706:22 | self.foo() | | file://:0:0:0:0 | & | -| main.rs:706:13:706:22 | self.foo() | &T | main.rs:702:5:708:5 | Self [trait MyTrait] | -| main.rs:713:16:713:20 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:713:16:713:20 | SelfParam | &T | main.rs:710:5:710:20 | MyStruct | -| main.rs:713:36:715:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:713:36:715:9 | { ... } | &T | main.rs:710:5:710:20 | MyStruct | -| main.rs:714:13:714:16 | self | | file://:0:0:0:0 | & | -| main.rs:714:13:714:16 | self | &T | main.rs:710:5:710:20 | MyStruct | -| main.rs:719:13:719:13 | x | | main.rs:710:5:710:20 | MyStruct | -| main.rs:719:17:719:24 | MyStruct | | main.rs:710:5:710:20 | MyStruct | -| main.rs:720:9:720:9 | x | | main.rs:710:5:710:20 | MyStruct | -| main.rs:720:9:720:15 | x.bar() | | file://:0:0:0:0 | & | -| main.rs:720:9:720:15 | x.bar() | &T | main.rs:710:5:710:20 | MyStruct | -| main.rs:730:16:730:20 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:730:16:730:20 | SelfParam | &T | main.rs:727:5:727:26 | MyStruct | -| main.rs:730:16:730:20 | SelfParam | &T.T | main.rs:729:10:729:10 | T | -| main.rs:730:32:732:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:730:32:732:9 | { ... } | &T | main.rs:727:5:727:26 | MyStruct | -| main.rs:730:32:732:9 | { ... } | &T.T | main.rs:729:10:729:10 | T | -| main.rs:731:13:731:16 | self | | file://:0:0:0:0 | & | -| main.rs:731:13:731:16 | self | &T | main.rs:727:5:727:26 | MyStruct | -| main.rs:731:13:731:16 | self | &T.T | main.rs:729:10:729:10 | T | -| main.rs:736:13:736:13 | x | | main.rs:727:5:727:26 | MyStruct | -| main.rs:736:13:736:13 | x | T | main.rs:725:5:725:13 | S | -| main.rs:736:17:736:27 | MyStruct(...) | | main.rs:727:5:727:26 | MyStruct | -| main.rs:736:17:736:27 | MyStruct(...) | T | main.rs:725:5:725:13 | S | -| main.rs:736:26:736:26 | S | | main.rs:725:5:725:13 | S | -| main.rs:737:9:737:9 | x | | main.rs:727:5:727:26 | MyStruct | -| main.rs:737:9:737:9 | x | T | main.rs:725:5:725:13 | S | -| main.rs:737:9:737:15 | x.foo() | | file://:0:0:0:0 | & | -| main.rs:737:9:737:15 | x.foo() | &T | main.rs:727:5:727:26 | MyStruct | -| main.rs:737:9:737:15 | x.foo() | &T.T | main.rs:725:5:725:13 | S | -| main.rs:745:15:745:19 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:745:15:745:19 | SelfParam | &T | main.rs:742:5:742:13 | S | -| main.rs:745:31:747:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:745:31:747:9 | { ... } | &T | main.rs:742:5:742:13 | S | -| main.rs:746:13:746:19 | &... | | file://:0:0:0:0 | & | -| main.rs:746:13:746:19 | &... | &T | main.rs:742:5:742:13 | S | -| main.rs:746:14:746:19 | &... | | file://:0:0:0:0 | & | -| main.rs:746:14:746:19 | &... | &T | main.rs:742:5:742:13 | S | -| main.rs:746:15:746:19 | &self | | file://:0:0:0:0 | & | -| main.rs:746:15:746:19 | &self | &T | main.rs:742:5:742:13 | S | -| main.rs:746:16:746:19 | self | | file://:0:0:0:0 | & | -| main.rs:746:16:746:19 | self | &T | main.rs:742:5:742:13 | S | -| main.rs:749:15:749:25 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:749:15:749:25 | SelfParam | &T | main.rs:742:5:742:13 | S | -| main.rs:749:37:751:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:749:37:751:9 | { ... } | &T | main.rs:742:5:742:13 | S | -| main.rs:750:13:750:19 | &... | | file://:0:0:0:0 | & | -| main.rs:750:13:750:19 | &... | &T | main.rs:742:5:742:13 | S | -| main.rs:750:14:750:19 | &... | | file://:0:0:0:0 | & | -| main.rs:750:14:750:19 | &... | &T | main.rs:742:5:742:13 | S | -| main.rs:750:15:750:19 | &self | | file://:0:0:0:0 | & | -| main.rs:750:15:750:19 | &self | &T | main.rs:742:5:742:13 | S | -| main.rs:750:16:750:19 | self | | file://:0:0:0:0 | & | -| main.rs:750:16:750:19 | self | &T | main.rs:742:5:742:13 | S | -| main.rs:753:15:753:15 | x | | file://:0:0:0:0 | & | -| main.rs:753:15:753:15 | x | &T | main.rs:742:5:742:13 | S | -| main.rs:753:34:755:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:753:34:755:9 | { ... } | &T | main.rs:742:5:742:13 | S | -| main.rs:754:13:754:13 | x | | file://:0:0:0:0 | & | -| main.rs:754:13:754:13 | x | &T | main.rs:742:5:742:13 | S | -| main.rs:757:15:757:15 | x | | file://:0:0:0:0 | & | -| main.rs:757:15:757:15 | x | &T | main.rs:742:5:742:13 | S | -| main.rs:757:34:759:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:757:34:759:9 | { ... } | &T | main.rs:742:5:742:13 | S | -| main.rs:758:13:758:16 | &... | | file://:0:0:0:0 | & | -| main.rs:758:13:758:16 | &... | &T | main.rs:742:5:742:13 | S | -| main.rs:758:14:758:16 | &... | | file://:0:0:0:0 | & | -| main.rs:758:14:758:16 | &... | &T | main.rs:742:5:742:13 | S | -| main.rs:758:15:758:16 | &x | | file://:0:0:0:0 | & | -| main.rs:758:15:758:16 | &x | &T | main.rs:742:5:742:13 | S | -| main.rs:758:16:758:16 | x | | file://:0:0:0:0 | & | -| main.rs:758:16:758:16 | x | &T | main.rs:742:5:742:13 | S | -| main.rs:763:13:763:13 | x | | main.rs:742:5:742:13 | S | -| main.rs:763:17:763:20 | S {...} | | main.rs:742:5:742:13 | S | -| main.rs:764:9:764:9 | x | | main.rs:742:5:742:13 | S | -| main.rs:764:9:764:14 | x.f1() | | file://:0:0:0:0 | & | -| main.rs:764:9:764:14 | x.f1() | &T | main.rs:742:5:742:13 | S | -| main.rs:765:9:765:9 | x | | main.rs:742:5:742:13 | S | -| main.rs:765:9:765:14 | x.f2() | | file://:0:0:0:0 | & | -| main.rs:765:9:765:14 | x.f2() | &T | main.rs:742:5:742:13 | S | -| main.rs:766:9:766:17 | ...::f3(...) | | file://:0:0:0:0 | & | -| main.rs:766:9:766:17 | ...::f3(...) | &T | main.rs:742:5:742:13 | S | -| main.rs:766:15:766:16 | &x | | file://:0:0:0:0 | & | -| main.rs:766:15:766:16 | &x | &T | main.rs:742:5:742:13 | S | -| main.rs:766:16:766:16 | x | | main.rs:742:5:742:13 | S | -| main.rs:772:5:772:20 | ...::f(...) | | main.rs:67:5:67:21 | Foo | -| main.rs:773:5:773:60 | ...::g(...) | | main.rs:67:5:67:21 | Foo | -| main.rs:773:20:773:38 | ...::Foo {...} | | main.rs:67:5:67:21 | Foo | -| main.rs:773:41:773:59 | ...::Foo {...} | | main.rs:67:5:67:21 | Foo | -resolveMethodCallExpr -| loop/main.rs:12:9:12:18 | self.foo() | loop/main.rs:7:5:7:19 | fn foo | -| main.rs:88:9:88:14 | x.m1() | main.rs:70:9:72:9 | fn m1 | -| main.rs:89:9:89:14 | y.m2() | main.rs:74:9:76:9 | fn m2 | -| main.rs:136:26:136:31 | x.m2() | main.rs:117:9:119:9 | fn m2 | -| main.rs:137:26:137:31 | y.m2() | main.rs:117:9:119:9 | fn m2 | -| main.rs:164:9:164:14 | x.m1() | main.rs:153:9:153:25 | fn m1 | -| main.rs:215:18:215:27 | x.method() | main.rs:210:9:210:30 | fn method | -| main.rs:221:18:221:27 | x.method() | main.rs:210:9:210:30 | fn method | -| main.rs:226:17:226:26 | x.method() | main.rs:206:9:206:30 | fn method | -| main.rs:231:17:231:26 | x.method() | main.rs:206:9:206:30 | fn method | -| main.rs:243:18:243:24 | x.fst() | main.rs:236:9:236:27 | fn fst | -| main.rs:244:18:244:24 | y.snd() | main.rs:238:9:238:27 | fn snd | -| main.rs:250:18:250:24 | x.fst() | main.rs:236:9:236:27 | fn fst | -| main.rs:251:18:251:24 | y.snd() | main.rs:238:9:238:27 | fn snd | -| main.rs:274:13:274:21 | self.m1() | main.rs:268:9:268:25 | fn m1 | -| main.rs:280:9:280:14 | x.m1() | main.rs:268:9:268:25 | fn m1 | -| main.rs:285:9:285:16 | ... .m1() | main.rs:268:9:268:25 | fn m1 | -| main.rs:298:26:298:31 | x.m1() | main.rs:289:9:291:9 | fn m1 | -| main.rs:299:26:299:31 | y.m1() | main.rs:289:9:291:9 | fn m1 | -| main.rs:304:26:304:31 | x.m2() | main.rs:270:9:275:9 | fn m2 | -| main.rs:305:26:305:31 | y.m2() | main.rs:270:9:275:9 | fn m2 | -| main.rs:353:26:353:31 | x.m1() | main.rs:346:9:348:9 | fn m1 | -| main.rs:356:26:356:31 | x.m2() | main.rs:331:9:337:9 | fn m2 | -| main.rs:385:26:385:31 | x.m1() | main.rs:373:9:378:9 | fn m1 | -| main.rs:386:26:386:31 | y.m1() | main.rs:373:9:378:9 | fn m1 | -| main.rs:416:17:416:25 | self.m1() | main.rs:407:9:407:27 | fn m1 | -| main.rs:429:17:429:25 | self.m2() | main.rs:411:9:420:9 | fn m2 | -| main.rs:458:26:458:31 | x.m1() | main.rs:437:9:439:9 | fn m1 | -| main.rs:459:26:459:31 | y.m1() | main.rs:437:9:439:9 | fn m1 | -| main.rs:464:26:464:31 | x.m2() | main.rs:411:9:420:9 | fn m2 | -| main.rs:465:26:465:31 | y.m2() | main.rs:411:9:420:9 | fn m2 | -| main.rs:470:26:470:31 | x.m3() | main.rs:424:9:433:9 | fn m3 | -| main.rs:471:26:471:31 | y.m3() | main.rs:424:9:433:9 | fn m3 | -| main.rs:578:13:578:27 | self.set(...) | main.rs:575:9:575:36 | fn set | -| main.rs:609:9:609:17 | x2.set(...) | main.rs:583:9:583:38 | fn set | -| main.rs:613:9:613:22 | x3.call_set(...) | main.rs:577:9:579:9 | fn call_set | -| main.rs:673:26:673:32 | x1.m1() | main.rs:658:9:660:9 | fn m1 | -| main.rs:677:26:677:32 | x2.m2() | main.rs:662:9:664:9 | fn m2 | -| main.rs:678:26:678:32 | x2.m3() | main.rs:666:9:668:9 | fn m3 | -| main.rs:687:26:687:32 | x4.m2() | main.rs:662:9:664:9 | fn m2 | -| main.rs:688:26:688:32 | x4.m3() | main.rs:666:9:668:9 | fn m3 | -| main.rs:692:26:692:32 | x5.m1() | main.rs:658:9:660:9 | fn m1 | -| main.rs:697:26:697:35 | ... .m1() | main.rs:658:9:660:9 | fn m1 | -| main.rs:706:13:706:22 | self.foo() | main.rs:703:9:703:31 | fn foo | -| main.rs:720:9:720:15 | x.bar() | main.rs:705:9:707:9 | fn bar | -| main.rs:737:9:737:15 | x.foo() | main.rs:730:9:732:9 | fn foo | -| main.rs:764:9:764:14 | x.f1() | main.rs:745:9:747:9 | fn f1 | -| main.rs:765:9:765:14 | x.f2() | main.rs:749:9:751:9 | fn f2 | -resolveFieldExpr -| main.rs:27:26:27:28 | x.a | main.rs:7:9:7:12 | StructField | -| main.rs:33:26:33:28 | x.a | main.rs:18:9:18:12 | StructField | -| main.rs:37:26:37:28 | x.a | main.rs:18:9:18:12 | StructField | -| main.rs:44:26:44:28 | x.a | main.rs:22:9:22:22 | StructField | -| main.rs:50:26:50:28 | x.a | main.rs:18:9:18:12 | StructField | -| main.rs:56:30:56:32 | x.a | main.rs:18:9:18:12 | StructField | -| main.rs:106:13:106:18 | self.a | main.rs:96:9:96:12 | StructField | -| main.rs:112:23:112:28 | self.a | main.rs:96:9:96:12 | StructField | -| main.rs:118:13:118:18 | self.a | main.rs:96:9:96:12 | StructField | -| main.rs:127:26:127:28 | x.a | main.rs:96:9:96:12 | StructField | -| main.rs:128:26:128:28 | y.a | main.rs:96:9:96:12 | StructField | -| main.rs:169:13:169:18 | self.a | main.rs:144:9:144:12 | StructField | -| main.rs:175:23:175:28 | self.a | main.rs:144:9:144:12 | StructField | -| main.rs:285:9:285:11 | x.a | main.rs:259:9:259:12 | StructField | -| main.rs:290:13:290:18 | self.a | main.rs:259:9:259:12 | StructField | -| main.rs:429:17:429:27 | ... .a | main.rs:393:9:393:12 | StructField | -| main.rs:431:17:431:32 | ... .a | main.rs:393:9:393:12 | StructField | -| main.rs:438:13:438:18 | self.a | main.rs:393:9:393:12 | StructField | -| main.rs:446:26:446:31 | self.a | main.rs:398:9:398:12 | StructField | -| main.rs:659:13:659:18 | self.0 | main.rs:652:17:652:17 | TupleField | -| main.rs:663:14:663:19 | self.0 | main.rs:652:17:652:17 | TupleField | -| main.rs:667:14:667:19 | self.0 | main.rs:652:17:652:17 | TupleField | -| main.rs:693:26:693:29 | x5.0 | main.rs:652:17:652:17 | TupleField | +| main.rs:106:15:106:18 | SelfParam | | main.rs:94:5:97:5 | MyThing | +| main.rs:106:15:106:18 | SelfParam | A | main.rs:99:5:100:14 | S1 | +| main.rs:106:27:108:9 | { ... } | | main.rs:99:5:100:14 | S1 | +| main.rs:107:13:107:16 | self | | main.rs:94:5:97:5 | MyThing | +| main.rs:107:13:107:16 | self | A | main.rs:99:5:100:14 | S1 | +| main.rs:107:13:107:18 | self.a | | main.rs:99:5:100:14 | S1 | +| main.rs:113:15:113:18 | SelfParam | | main.rs:94:5:97:5 | MyThing | +| main.rs:113:15:113:18 | SelfParam | A | main.rs:101:5:102:14 | S2 | +| main.rs:113:29:115:9 | { ... } | | main.rs:94:5:97:5 | MyThing | +| main.rs:113:29:115:9 | { ... } | A | main.rs:101:5:102:14 | S2 | +| main.rs:114:13:114:30 | Self {...} | | main.rs:94:5:97:5 | MyThing | +| main.rs:114:13:114:30 | Self {...} | A | main.rs:101:5:102:14 | S2 | +| main.rs:114:23:114:26 | self | | main.rs:94:5:97:5 | MyThing | +| main.rs:114:23:114:26 | self | A | main.rs:101:5:102:14 | S2 | +| main.rs:114:23:114:28 | self.a | | main.rs:101:5:102:14 | S2 | +| main.rs:119:15:119:18 | SelfParam | | main.rs:94:5:97:5 | MyThing | +| main.rs:119:15:119:18 | SelfParam | A | main.rs:118:10:118:10 | T | +| main.rs:119:26:121:9 | { ... } | | main.rs:118:10:118:10 | T | +| main.rs:120:13:120:16 | self | | main.rs:94:5:97:5 | MyThing | +| main.rs:120:13:120:16 | self | A | main.rs:118:10:118:10 | T | +| main.rs:120:13:120:18 | self.a | | main.rs:118:10:118:10 | T | +| main.rs:125:13:125:13 | x | | main.rs:94:5:97:5 | MyThing | +| main.rs:125:13:125:13 | x | A | main.rs:99:5:100:14 | S1 | +| main.rs:125:17:125:33 | MyThing {...} | | main.rs:94:5:97:5 | MyThing | +| main.rs:125:17:125:33 | MyThing {...} | A | main.rs:99:5:100:14 | S1 | +| main.rs:125:30:125:31 | S1 | | main.rs:99:5:100:14 | S1 | +| main.rs:126:13:126:13 | y | | main.rs:94:5:97:5 | MyThing | +| main.rs:126:13:126:13 | y | A | main.rs:101:5:102:14 | S2 | +| main.rs:126:17:126:33 | MyThing {...} | | main.rs:94:5:97:5 | MyThing | +| main.rs:126:17:126:33 | MyThing {...} | A | main.rs:101:5:102:14 | S2 | +| main.rs:126:30:126:31 | S2 | | main.rs:101:5:102:14 | S2 | +| main.rs:129:26:129:26 | x | | main.rs:94:5:97:5 | MyThing | +| main.rs:129:26:129:26 | x | A | main.rs:99:5:100:14 | S1 | +| main.rs:129:26:129:28 | x.a | | main.rs:99:5:100:14 | S1 | +| main.rs:130:26:130:26 | y | | main.rs:94:5:97:5 | MyThing | +| main.rs:130:26:130:26 | y | A | main.rs:101:5:102:14 | S2 | +| main.rs:130:26:130:28 | y.a | | main.rs:101:5:102:14 | S2 | +| main.rs:132:26:132:26 | x | | main.rs:94:5:97:5 | MyThing | +| main.rs:132:26:132:26 | x | A | main.rs:99:5:100:14 | S1 | +| main.rs:133:26:133:26 | y | | main.rs:94:5:97:5 | MyThing | +| main.rs:133:26:133:26 | y | A | main.rs:101:5:102:14 | S2 | +| main.rs:135:13:135:13 | x | | main.rs:94:5:97:5 | MyThing | +| main.rs:135:13:135:13 | x | A | main.rs:99:5:100:14 | S1 | +| main.rs:135:17:135:33 | MyThing {...} | | main.rs:94:5:97:5 | MyThing | +| main.rs:135:17:135:33 | MyThing {...} | A | main.rs:99:5:100:14 | S1 | +| main.rs:135:30:135:31 | S1 | | main.rs:99:5:100:14 | S1 | +| main.rs:136:13:136:13 | y | | main.rs:94:5:97:5 | MyThing | +| main.rs:136:13:136:13 | y | A | main.rs:101:5:102:14 | S2 | +| main.rs:136:17:136:33 | MyThing {...} | | main.rs:94:5:97:5 | MyThing | +| main.rs:136:17:136:33 | MyThing {...} | A | main.rs:101:5:102:14 | S2 | +| main.rs:136:30:136:31 | S2 | | main.rs:101:5:102:14 | S2 | +| main.rs:138:26:138:26 | x | | main.rs:94:5:97:5 | MyThing | +| main.rs:138:26:138:26 | x | A | main.rs:99:5:100:14 | S1 | +| main.rs:138:26:138:31 | x.m2() | | main.rs:99:5:100:14 | S1 | +| main.rs:139:26:139:26 | y | | main.rs:94:5:97:5 | MyThing | +| main.rs:139:26:139:26 | y | A | main.rs:101:5:102:14 | S2 | +| main.rs:139:26:139:31 | y.m2() | | main.rs:101:5:102:14 | S2 | +| main.rs:155:15:155:18 | SelfParam | | main.rs:154:5:163:5 | Self [trait MyTrait] | +| main.rs:157:15:157:18 | SelfParam | | main.rs:154:5:163:5 | Self [trait MyTrait] | +| main.rs:160:9:162:9 | { ... } | | main.rs:154:5:163:5 | Self [trait MyTrait] | +| main.rs:161:13:161:16 | self | | main.rs:154:5:163:5 | Self [trait MyTrait] | +| main.rs:165:43:165:43 | x | | main.rs:165:26:165:40 | T2 | +| main.rs:165:56:167:5 | { ... } | | main.rs:165:22:165:23 | T1 | +| main.rs:166:9:166:9 | x | | main.rs:165:26:165:40 | T2 | +| main.rs:166:9:166:14 | x.m1() | | main.rs:165:22:165:23 | T1 | +| main.rs:171:15:171:18 | SelfParam | | main.rs:144:5:147:5 | MyThing | +| main.rs:171:15:171:18 | SelfParam | A | main.rs:149:5:150:14 | S1 | +| main.rs:171:27:173:9 | { ... } | | main.rs:149:5:150:14 | S1 | +| main.rs:172:13:172:16 | self | | main.rs:144:5:147:5 | MyThing | +| main.rs:172:13:172:16 | self | A | main.rs:149:5:150:14 | S1 | +| main.rs:172:13:172:18 | self.a | | main.rs:149:5:150:14 | S1 | +| main.rs:178:15:178:18 | SelfParam | | main.rs:144:5:147:5 | MyThing | +| main.rs:178:15:178:18 | SelfParam | A | main.rs:151:5:152:14 | S2 | +| main.rs:178:29:180:9 | { ... } | | main.rs:144:5:147:5 | MyThing | +| main.rs:178:29:180:9 | { ... } | A | main.rs:151:5:152:14 | S2 | +| main.rs:179:13:179:30 | Self {...} | | main.rs:144:5:147:5 | MyThing | +| main.rs:179:13:179:30 | Self {...} | A | main.rs:151:5:152:14 | S2 | +| main.rs:179:23:179:26 | self | | main.rs:144:5:147:5 | MyThing | +| main.rs:179:23:179:26 | self | A | main.rs:151:5:152:14 | S2 | +| main.rs:179:23:179:28 | self.a | | main.rs:151:5:152:14 | S2 | +| main.rs:184:13:184:13 | x | | main.rs:144:5:147:5 | MyThing | +| main.rs:184:13:184:13 | x | A | main.rs:149:5:150:14 | S1 | +| main.rs:184:17:184:33 | MyThing {...} | | main.rs:144:5:147:5 | MyThing | +| main.rs:184:17:184:33 | MyThing {...} | A | main.rs:149:5:150:14 | S1 | +| main.rs:184:30:184:31 | S1 | | main.rs:149:5:150:14 | S1 | +| main.rs:185:13:185:13 | y | | main.rs:144:5:147:5 | MyThing | +| main.rs:185:13:185:13 | y | A | main.rs:151:5:152:14 | S2 | +| main.rs:185:17:185:33 | MyThing {...} | | main.rs:144:5:147:5 | MyThing | +| main.rs:185:17:185:33 | MyThing {...} | A | main.rs:151:5:152:14 | S2 | +| main.rs:185:30:185:31 | S2 | | main.rs:151:5:152:14 | S2 | +| main.rs:187:26:187:26 | x | | main.rs:144:5:147:5 | MyThing | +| main.rs:187:26:187:26 | x | A | main.rs:149:5:150:14 | S1 | +| main.rs:188:26:188:26 | y | | main.rs:144:5:147:5 | MyThing | +| main.rs:188:26:188:26 | y | A | main.rs:151:5:152:14 | S2 | +| main.rs:190:13:190:13 | x | | main.rs:144:5:147:5 | MyThing | +| main.rs:190:13:190:13 | x | A | main.rs:149:5:150:14 | S1 | +| main.rs:190:17:190:33 | MyThing {...} | | main.rs:144:5:147:5 | MyThing | +| main.rs:190:17:190:33 | MyThing {...} | A | main.rs:149:5:150:14 | S1 | +| main.rs:190:30:190:31 | S1 | | main.rs:149:5:150:14 | S1 | +| main.rs:191:13:191:13 | y | | main.rs:144:5:147:5 | MyThing | +| main.rs:191:13:191:13 | y | A | main.rs:151:5:152:14 | S2 | +| main.rs:191:17:191:33 | MyThing {...} | | main.rs:144:5:147:5 | MyThing | +| main.rs:191:17:191:33 | MyThing {...} | A | main.rs:151:5:152:14 | S2 | +| main.rs:191:30:191:31 | S2 | | main.rs:151:5:152:14 | S2 | +| main.rs:193:40:193:40 | x | | main.rs:144:5:147:5 | MyThing | +| main.rs:193:40:193:40 | x | A | main.rs:149:5:150:14 | S1 | +| main.rs:194:40:194:40 | y | | main.rs:144:5:147:5 | MyThing | +| main.rs:194:40:194:40 | y | A | main.rs:151:5:152:14 | S2 | +| main.rs:211:19:211:22 | SelfParam | | main.rs:209:5:212:5 | Self [trait FirstTrait] | +| main.rs:216:19:216:22 | SelfParam | | main.rs:214:5:217:5 | Self [trait SecondTrait] | +| main.rs:219:64:219:64 | x | | main.rs:219:45:219:61 | T | +| main.rs:221:13:221:14 | s1 | | main.rs:219:35:219:42 | I | +| main.rs:221:18:221:18 | x | | main.rs:219:45:219:61 | T | +| main.rs:221:18:221:27 | x.method() | | main.rs:219:35:219:42 | I | +| main.rs:222:26:222:27 | s1 | | main.rs:219:35:219:42 | I | +| main.rs:225:65:225:65 | x | | main.rs:225:46:225:62 | T | +| main.rs:227:13:227:14 | s2 | | main.rs:225:36:225:43 | I | +| main.rs:227:18:227:18 | x | | main.rs:225:46:225:62 | T | +| main.rs:227:18:227:27 | x.method() | | main.rs:225:36:225:43 | I | +| main.rs:228:26:228:27 | s2 | | main.rs:225:36:225:43 | I | +| main.rs:231:49:231:49 | x | | main.rs:231:30:231:46 | T | +| main.rs:232:13:232:13 | s | | main.rs:201:5:202:14 | S1 | +| main.rs:232:17:232:17 | x | | main.rs:231:30:231:46 | T | +| main.rs:232:17:232:26 | x.method() | | main.rs:201:5:202:14 | S1 | +| main.rs:233:26:233:26 | s | | main.rs:201:5:202:14 | S1 | +| main.rs:236:53:236:53 | x | | main.rs:236:34:236:50 | T | +| main.rs:237:13:237:13 | s | | main.rs:201:5:202:14 | S1 | +| main.rs:237:17:237:17 | x | | main.rs:236:34:236:50 | T | +| main.rs:237:17:237:26 | x.method() | | main.rs:201:5:202:14 | S1 | +| main.rs:238:26:238:26 | s | | main.rs:201:5:202:14 | S1 | +| main.rs:242:16:242:19 | SelfParam | | main.rs:241:5:245:5 | Self [trait Pair] | +| main.rs:244:16:244:19 | SelfParam | | main.rs:241:5:245:5 | Self [trait Pair] | +| main.rs:247:58:247:58 | x | | main.rs:247:41:247:55 | T | +| main.rs:247:64:247:64 | y | | main.rs:247:41:247:55 | T | +| main.rs:249:13:249:14 | s1 | | main.rs:201:5:202:14 | S1 | +| main.rs:249:18:249:18 | x | | main.rs:247:41:247:55 | T | +| main.rs:249:18:249:24 | x.fst() | | main.rs:201:5:202:14 | S1 | +| main.rs:250:13:250:14 | s2 | | main.rs:204:5:205:14 | S2 | +| main.rs:250:18:250:18 | y | | main.rs:247:41:247:55 | T | +| main.rs:250:18:250:24 | y.snd() | | main.rs:204:5:205:14 | S2 | +| main.rs:251:32:251:33 | s1 | | main.rs:201:5:202:14 | S1 | +| main.rs:251:36:251:37 | s2 | | main.rs:204:5:205:14 | S2 | +| main.rs:254:69:254:69 | x | | main.rs:254:52:254:66 | T | +| main.rs:254:75:254:75 | y | | main.rs:254:52:254:66 | T | +| main.rs:256:13:256:14 | s1 | | main.rs:201:5:202:14 | S1 | +| main.rs:256:18:256:18 | x | | main.rs:254:52:254:66 | T | +| main.rs:256:18:256:24 | x.fst() | | main.rs:201:5:202:14 | S1 | +| main.rs:257:13:257:14 | s2 | | main.rs:254:41:254:49 | T2 | +| main.rs:257:18:257:18 | y | | main.rs:254:52:254:66 | T | +| main.rs:257:18:257:24 | y.snd() | | main.rs:254:41:254:49 | T2 | +| main.rs:258:32:258:33 | s1 | | main.rs:201:5:202:14 | S1 | +| main.rs:258:36:258:37 | s2 | | main.rs:254:41:254:49 | T2 | +| main.rs:274:15:274:18 | SelfParam | | main.rs:273:5:282:5 | Self [trait MyTrait] | +| main.rs:276:15:276:18 | SelfParam | | main.rs:273:5:282:5 | Self [trait MyTrait] | +| main.rs:279:9:281:9 | { ... } | | main.rs:273:19:273:19 | A | +| main.rs:280:13:280:16 | self | | main.rs:273:5:282:5 | Self [trait MyTrait] | +| main.rs:280:13:280:21 | self.m1() | | main.rs:273:19:273:19 | A | +| main.rs:285:43:285:43 | x | | main.rs:285:26:285:40 | T2 | +| main.rs:285:56:287:5 | { ... } | | main.rs:285:22:285:23 | T1 | +| main.rs:286:9:286:9 | x | | main.rs:285:26:285:40 | T2 | +| main.rs:286:9:286:14 | x.m1() | | main.rs:285:22:285:23 | T1 | +| main.rs:290:49:290:49 | x | | main.rs:263:5:266:5 | MyThing | +| main.rs:290:49:290:49 | x | T | main.rs:290:32:290:46 | T2 | +| main.rs:290:71:292:5 | { ... } | | main.rs:290:28:290:29 | T1 | +| main.rs:291:9:291:9 | x | | main.rs:263:5:266:5 | MyThing | +| main.rs:291:9:291:9 | x | T | main.rs:290:32:290:46 | T2 | +| main.rs:291:9:291:11 | x.a | | main.rs:290:32:290:46 | T2 | +| main.rs:291:9:291:16 | ... .m1() | | main.rs:290:28:290:29 | T1 | +| main.rs:295:15:295:18 | SelfParam | | main.rs:263:5:266:5 | MyThing | +| main.rs:295:15:295:18 | SelfParam | T | main.rs:294:10:294:10 | T | +| main.rs:295:26:297:9 | { ... } | | main.rs:294:10:294:10 | T | +| main.rs:296:13:296:16 | self | | main.rs:263:5:266:5 | MyThing | +| main.rs:296:13:296:16 | self | T | main.rs:294:10:294:10 | T | +| main.rs:296:13:296:18 | self.a | | main.rs:294:10:294:10 | T | +| main.rs:301:13:301:13 | x | | main.rs:263:5:266:5 | MyThing | +| main.rs:301:13:301:13 | x | T | main.rs:268:5:269:14 | S1 | +| main.rs:301:17:301:33 | MyThing {...} | | main.rs:263:5:266:5 | MyThing | +| main.rs:301:17:301:33 | MyThing {...} | T | main.rs:268:5:269:14 | S1 | +| main.rs:301:30:301:31 | S1 | | main.rs:268:5:269:14 | S1 | +| main.rs:302:13:302:13 | y | | main.rs:263:5:266:5 | MyThing | +| main.rs:302:13:302:13 | y | T | main.rs:270:5:271:14 | S2 | +| main.rs:302:17:302:33 | MyThing {...} | | main.rs:263:5:266:5 | MyThing | +| main.rs:302:17:302:33 | MyThing {...} | T | main.rs:270:5:271:14 | S2 | +| main.rs:302:30:302:31 | S2 | | main.rs:270:5:271:14 | S2 | +| main.rs:304:26:304:26 | x | | main.rs:263:5:266:5 | MyThing | +| main.rs:304:26:304:26 | x | T | main.rs:268:5:269:14 | S1 | +| main.rs:304:26:304:31 | x.m1() | | main.rs:268:5:269:14 | S1 | +| main.rs:305:26:305:26 | y | | main.rs:263:5:266:5 | MyThing | +| main.rs:305:26:305:26 | y | T | main.rs:270:5:271:14 | S2 | +| main.rs:305:26:305:31 | y.m1() | | main.rs:270:5:271:14 | S2 | +| main.rs:307:13:307:13 | x | | main.rs:263:5:266:5 | MyThing | +| main.rs:307:13:307:13 | x | T | main.rs:268:5:269:14 | S1 | +| main.rs:307:17:307:33 | MyThing {...} | | main.rs:263:5:266:5 | MyThing | +| main.rs:307:17:307:33 | MyThing {...} | T | main.rs:268:5:269:14 | S1 | +| main.rs:307:30:307:31 | S1 | | main.rs:268:5:269:14 | S1 | +| main.rs:308:13:308:13 | y | | main.rs:263:5:266:5 | MyThing | +| main.rs:308:13:308:13 | y | T | main.rs:270:5:271:14 | S2 | +| main.rs:308:17:308:33 | MyThing {...} | | main.rs:263:5:266:5 | MyThing | +| main.rs:308:17:308:33 | MyThing {...} | T | main.rs:270:5:271:14 | S2 | +| main.rs:308:30:308:31 | S2 | | main.rs:270:5:271:14 | S2 | +| main.rs:310:26:310:26 | x | | main.rs:263:5:266:5 | MyThing | +| main.rs:310:26:310:26 | x | T | main.rs:268:5:269:14 | S1 | +| main.rs:310:26:310:31 | x.m2() | | main.rs:268:5:269:14 | S1 | +| main.rs:311:26:311:26 | y | | main.rs:263:5:266:5 | MyThing | +| main.rs:311:26:311:26 | y | T | main.rs:270:5:271:14 | S2 | +| main.rs:311:26:311:31 | y.m2() | | main.rs:270:5:271:14 | S2 | +| main.rs:313:13:313:14 | x2 | | main.rs:263:5:266:5 | MyThing | +| main.rs:313:13:313:14 | x2 | T | main.rs:268:5:269:14 | S1 | +| main.rs:313:18:313:34 | MyThing {...} | | main.rs:263:5:266:5 | MyThing | +| main.rs:313:18:313:34 | MyThing {...} | T | main.rs:268:5:269:14 | S1 | +| main.rs:313:31:313:32 | S1 | | main.rs:268:5:269:14 | S1 | +| main.rs:314:13:314:14 | y2 | | main.rs:263:5:266:5 | MyThing | +| main.rs:314:13:314:14 | y2 | T | main.rs:270:5:271:14 | S2 | +| main.rs:314:18:314:34 | MyThing {...} | | main.rs:263:5:266:5 | MyThing | +| main.rs:314:18:314:34 | MyThing {...} | T | main.rs:270:5:271:14 | S2 | +| main.rs:314:31:314:32 | S2 | | main.rs:270:5:271:14 | S2 | +| main.rs:316:26:316:42 | call_trait_m1(...) | | main.rs:268:5:269:14 | S1 | +| main.rs:316:40:316:41 | x2 | | main.rs:263:5:266:5 | MyThing | +| main.rs:316:40:316:41 | x2 | T | main.rs:268:5:269:14 | S1 | +| main.rs:317:26:317:42 | call_trait_m1(...) | | main.rs:270:5:271:14 | S2 | +| main.rs:317:40:317:41 | y2 | | main.rs:263:5:266:5 | MyThing | +| main.rs:317:40:317:41 | y2 | T | main.rs:270:5:271:14 | S2 | +| main.rs:319:13:319:14 | x3 | | main.rs:263:5:266:5 | MyThing | +| main.rs:319:13:319:14 | x3 | T | main.rs:263:5:266:5 | MyThing | +| main.rs:319:13:319:14 | x3 | T.T | main.rs:268:5:269:14 | S1 | +| main.rs:319:18:321:9 | MyThing {...} | | main.rs:263:5:266:5 | MyThing | +| main.rs:319:18:321:9 | MyThing {...} | T | main.rs:263:5:266:5 | MyThing | +| main.rs:319:18:321:9 | MyThing {...} | T.T | main.rs:268:5:269:14 | S1 | +| main.rs:320:16:320:32 | MyThing {...} | | main.rs:263:5:266:5 | MyThing | +| main.rs:320:16:320:32 | MyThing {...} | T | main.rs:268:5:269:14 | S1 | +| main.rs:320:29:320:30 | S1 | | main.rs:268:5:269:14 | S1 | +| main.rs:322:13:322:14 | y3 | | main.rs:263:5:266:5 | MyThing | +| main.rs:322:13:322:14 | y3 | T | main.rs:263:5:266:5 | MyThing | +| main.rs:322:13:322:14 | y3 | T.T | main.rs:270:5:271:14 | S2 | +| main.rs:322:18:324:9 | MyThing {...} | | main.rs:263:5:266:5 | MyThing | +| main.rs:322:18:324:9 | MyThing {...} | T | main.rs:263:5:266:5 | MyThing | +| main.rs:322:18:324:9 | MyThing {...} | T.T | main.rs:270:5:271:14 | S2 | +| main.rs:323:16:323:32 | MyThing {...} | | main.rs:263:5:266:5 | MyThing | +| main.rs:323:16:323:32 | MyThing {...} | T | main.rs:270:5:271:14 | S2 | +| main.rs:323:29:323:30 | S2 | | main.rs:270:5:271:14 | S2 | +| main.rs:326:26:326:48 | call_trait_thing_m1(...) | | main.rs:268:5:269:14 | S1 | +| main.rs:326:46:326:47 | x3 | | main.rs:263:5:266:5 | MyThing | +| main.rs:326:46:326:47 | x3 | T | main.rs:263:5:266:5 | MyThing | +| main.rs:326:46:326:47 | x3 | T.T | main.rs:268:5:269:14 | S1 | +| main.rs:327:26:327:48 | call_trait_thing_m1(...) | | main.rs:270:5:271:14 | S2 | +| main.rs:327:46:327:47 | y3 | | main.rs:263:5:266:5 | MyThing | +| main.rs:327:46:327:47 | y3 | T | main.rs:263:5:266:5 | MyThing | +| main.rs:327:46:327:47 | y3 | T.T | main.rs:270:5:271:14 | S2 | +| main.rs:335:15:335:18 | SelfParam | | main.rs:332:5:344:5 | Self [trait MyTrait] | +| main.rs:337:15:337:18 | SelfParam | | main.rs:332:5:344:5 | Self [trait MyTrait] | +| main.rs:353:15:353:18 | SelfParam | | main.rs:346:5:347:13 | S | +| main.rs:353:45:355:9 | { ... } | | main.rs:346:5:347:13 | S | +| main.rs:354:13:354:13 | S | | main.rs:346:5:347:13 | S | +| main.rs:359:13:359:13 | x | | main.rs:346:5:347:13 | S | +| main.rs:359:17:359:17 | S | | main.rs:346:5:347:13 | S | +| main.rs:360:26:360:26 | x | | main.rs:346:5:347:13 | S | +| main.rs:360:26:360:31 | x.m1() | | main.rs:346:5:347:13 | S | +| main.rs:362:13:362:13 | x | | main.rs:346:5:347:13 | S | +| main.rs:362:17:362:17 | S | | main.rs:346:5:347:13 | S | +| main.rs:363:26:363:26 | x | | main.rs:346:5:347:13 | S | +| main.rs:380:15:380:18 | SelfParam | | main.rs:368:5:372:5 | MyEnum | +| main.rs:380:15:380:18 | SelfParam | A | main.rs:379:10:379:10 | T | +| main.rs:380:26:385:9 | { ... } | | main.rs:379:10:379:10 | T | +| main.rs:381:13:384:13 | match self { ... } | | main.rs:379:10:379:10 | T | +| main.rs:381:19:381:22 | self | | main.rs:368:5:372:5 | MyEnum | +| main.rs:381:19:381:22 | self | A | main.rs:379:10:379:10 | T | +| main.rs:382:28:382:28 | a | | main.rs:379:10:379:10 | T | +| main.rs:382:34:382:34 | a | | main.rs:379:10:379:10 | T | +| main.rs:383:30:383:30 | a | | main.rs:379:10:379:10 | T | +| main.rs:383:37:383:37 | a | | main.rs:379:10:379:10 | T | +| main.rs:389:13:389:13 | x | | main.rs:368:5:372:5 | MyEnum | +| main.rs:389:13:389:13 | x | A | main.rs:374:5:375:14 | S1 | +| main.rs:389:17:389:30 | ...::C1(...) | | main.rs:368:5:372:5 | MyEnum | +| main.rs:389:17:389:30 | ...::C1(...) | A | main.rs:374:5:375:14 | S1 | +| main.rs:389:28:389:29 | S1 | | main.rs:374:5:375:14 | S1 | +| main.rs:390:13:390:13 | y | | main.rs:368:5:372:5 | MyEnum | +| main.rs:390:13:390:13 | y | A | main.rs:376:5:377:14 | S2 | +| main.rs:390:17:390:36 | ...::C2 {...} | | main.rs:368:5:372:5 | MyEnum | +| main.rs:390:17:390:36 | ...::C2 {...} | A | main.rs:376:5:377:14 | S2 | +| main.rs:390:33:390:34 | S2 | | main.rs:376:5:377:14 | S2 | +| main.rs:392:26:392:26 | x | | main.rs:368:5:372:5 | MyEnum | +| main.rs:392:26:392:26 | x | A | main.rs:374:5:375:14 | S1 | +| main.rs:392:26:392:31 | x.m1() | | main.rs:374:5:375:14 | S1 | +| main.rs:393:26:393:26 | y | | main.rs:368:5:372:5 | MyEnum | +| main.rs:393:26:393:26 | y | A | main.rs:376:5:377:14 | S2 | +| main.rs:393:26:393:31 | y.m1() | | main.rs:376:5:377:14 | S2 | +| main.rs:415:15:415:18 | SelfParam | | main.rs:413:5:416:5 | Self [trait MyTrait1] | +| main.rs:419:15:419:18 | SelfParam | | main.rs:418:5:429:5 | Self [trait MyTrait2] | +| main.rs:422:9:428:9 | { ... } | | main.rs:418:20:418:22 | Tr2 | +| main.rs:423:13:427:13 | if ... {...} else {...} | | main.rs:418:20:418:22 | Tr2 | +| main.rs:423:26:425:13 | { ... } | | main.rs:418:20:418:22 | Tr2 | +| main.rs:424:17:424:20 | self | | main.rs:418:5:429:5 | Self [trait MyTrait2] | +| main.rs:424:17:424:25 | self.m1() | | main.rs:418:20:418:22 | Tr2 | +| main.rs:425:20:427:13 | { ... } | | main.rs:418:20:418:22 | Tr2 | +| main.rs:426:17:426:30 | ...::m1(...) | | main.rs:418:20:418:22 | Tr2 | +| main.rs:426:26:426:29 | self | | main.rs:418:5:429:5 | Self [trait MyTrait2] | +| main.rs:432:15:432:18 | SelfParam | | main.rs:431:5:442:5 | Self [trait MyTrait3] | +| main.rs:435:9:441:9 | { ... } | | main.rs:431:20:431:22 | Tr3 | +| main.rs:436:13:440:13 | if ... {...} else {...} | | main.rs:431:20:431:22 | Tr3 | +| main.rs:436:26:438:13 | { ... } | | main.rs:431:20:431:22 | Tr3 | +| main.rs:437:17:437:20 | self | | main.rs:431:5:442:5 | Self [trait MyTrait3] | +| main.rs:437:17:437:25 | self.m2() | | main.rs:398:5:401:5 | MyThing | +| main.rs:437:17:437:25 | self.m2() | A | main.rs:431:20:431:22 | Tr3 | +| main.rs:437:17:437:27 | ... .a | | main.rs:431:20:431:22 | Tr3 | +| main.rs:438:20:440:13 | { ... } | | main.rs:431:20:431:22 | Tr3 | +| main.rs:439:17:439:30 | ...::m2(...) | | main.rs:398:5:401:5 | MyThing | +| main.rs:439:17:439:30 | ...::m2(...) | A | main.rs:431:20:431:22 | Tr3 | +| main.rs:439:17:439:32 | ... .a | | main.rs:431:20:431:22 | Tr3 | +| main.rs:439:26:439:29 | self | | main.rs:431:5:442:5 | Self [trait MyTrait3] | +| main.rs:446:15:446:18 | SelfParam | | main.rs:398:5:401:5 | MyThing | +| main.rs:446:15:446:18 | SelfParam | A | main.rs:444:10:444:10 | T | +| main.rs:446:26:448:9 | { ... } | | main.rs:444:10:444:10 | T | +| main.rs:447:13:447:16 | self | | main.rs:398:5:401:5 | MyThing | +| main.rs:447:13:447:16 | self | A | main.rs:444:10:444:10 | T | +| main.rs:447:13:447:18 | self.a | | main.rs:444:10:444:10 | T | +| main.rs:455:15:455:18 | SelfParam | | main.rs:403:5:406:5 | MyThing2 | +| main.rs:455:15:455:18 | SelfParam | A | main.rs:453:10:453:10 | T | +| main.rs:455:35:457:9 | { ... } | | main.rs:398:5:401:5 | MyThing | +| main.rs:455:35:457:9 | { ... } | A | main.rs:453:10:453:10 | T | +| main.rs:456:13:456:33 | MyThing {...} | | main.rs:398:5:401:5 | MyThing | +| main.rs:456:13:456:33 | MyThing {...} | A | main.rs:453:10:453:10 | T | +| main.rs:456:26:456:29 | self | | main.rs:403:5:406:5 | MyThing2 | +| main.rs:456:26:456:29 | self | A | main.rs:453:10:453:10 | T | +| main.rs:456:26:456:31 | self.a | | main.rs:453:10:453:10 | T | +| main.rs:465:13:465:13 | x | | main.rs:398:5:401:5 | MyThing | +| main.rs:465:13:465:13 | x | A | main.rs:408:5:409:14 | S1 | +| main.rs:465:17:465:33 | MyThing {...} | | main.rs:398:5:401:5 | MyThing | +| main.rs:465:17:465:33 | MyThing {...} | A | main.rs:408:5:409:14 | S1 | +| main.rs:465:30:465:31 | S1 | | main.rs:408:5:409:14 | S1 | +| main.rs:466:13:466:13 | y | | main.rs:398:5:401:5 | MyThing | +| main.rs:466:13:466:13 | y | A | main.rs:410:5:411:14 | S2 | +| main.rs:466:17:466:33 | MyThing {...} | | main.rs:398:5:401:5 | MyThing | +| main.rs:466:17:466:33 | MyThing {...} | A | main.rs:410:5:411:14 | S2 | +| main.rs:466:30:466:31 | S2 | | main.rs:410:5:411:14 | S2 | +| main.rs:468:26:468:26 | x | | main.rs:398:5:401:5 | MyThing | +| main.rs:468:26:468:26 | x | A | main.rs:408:5:409:14 | S1 | +| main.rs:468:26:468:31 | x.m1() | | main.rs:408:5:409:14 | S1 | +| main.rs:469:26:469:26 | y | | main.rs:398:5:401:5 | MyThing | +| main.rs:469:26:469:26 | y | A | main.rs:410:5:411:14 | S2 | +| main.rs:469:26:469:31 | y.m1() | | main.rs:410:5:411:14 | S2 | +| main.rs:471:13:471:13 | x | | main.rs:398:5:401:5 | MyThing | +| main.rs:471:13:471:13 | x | A | main.rs:408:5:409:14 | S1 | +| main.rs:471:17:471:33 | MyThing {...} | | main.rs:398:5:401:5 | MyThing | +| main.rs:471:17:471:33 | MyThing {...} | A | main.rs:408:5:409:14 | S1 | +| main.rs:471:30:471:31 | S1 | | main.rs:408:5:409:14 | S1 | +| main.rs:472:13:472:13 | y | | main.rs:398:5:401:5 | MyThing | +| main.rs:472:13:472:13 | y | A | main.rs:410:5:411:14 | S2 | +| main.rs:472:17:472:33 | MyThing {...} | | main.rs:398:5:401:5 | MyThing | +| main.rs:472:17:472:33 | MyThing {...} | A | main.rs:410:5:411:14 | S2 | +| main.rs:472:30:472:31 | S2 | | main.rs:410:5:411:14 | S2 | +| main.rs:474:26:474:26 | x | | main.rs:398:5:401:5 | MyThing | +| main.rs:474:26:474:26 | x | A | main.rs:408:5:409:14 | S1 | +| main.rs:474:26:474:31 | x.m2() | | main.rs:408:5:409:14 | S1 | +| main.rs:475:26:475:26 | y | | main.rs:398:5:401:5 | MyThing | +| main.rs:475:26:475:26 | y | A | main.rs:410:5:411:14 | S2 | +| main.rs:475:26:475:31 | y.m2() | | main.rs:410:5:411:14 | S2 | +| main.rs:477:13:477:13 | x | | main.rs:403:5:406:5 | MyThing2 | +| main.rs:477:13:477:13 | x | A | main.rs:408:5:409:14 | S1 | +| main.rs:477:17:477:34 | MyThing2 {...} | | main.rs:403:5:406:5 | MyThing2 | +| main.rs:477:17:477:34 | MyThing2 {...} | A | main.rs:408:5:409:14 | S1 | +| main.rs:477:31:477:32 | S1 | | main.rs:408:5:409:14 | S1 | +| main.rs:478:13:478:13 | y | | main.rs:403:5:406:5 | MyThing2 | +| main.rs:478:13:478:13 | y | A | main.rs:410:5:411:14 | S2 | +| main.rs:478:17:478:34 | MyThing2 {...} | | main.rs:403:5:406:5 | MyThing2 | +| main.rs:478:17:478:34 | MyThing2 {...} | A | main.rs:410:5:411:14 | S2 | +| main.rs:478:31:478:32 | S2 | | main.rs:410:5:411:14 | S2 | +| main.rs:480:26:480:26 | x | | main.rs:403:5:406:5 | MyThing2 | +| main.rs:480:26:480:26 | x | A | main.rs:408:5:409:14 | S1 | +| main.rs:480:26:480:31 | x.m3() | | main.rs:408:5:409:14 | S1 | +| main.rs:481:26:481:26 | y | | main.rs:403:5:406:5 | MyThing2 | +| main.rs:481:26:481:26 | y | A | main.rs:410:5:411:14 | S2 | +| main.rs:481:26:481:31 | y.m3() | | main.rs:410:5:411:14 | S2 | +| main.rs:499:22:499:22 | x | | file://:0:0:0:0 | & | +| main.rs:499:22:499:22 | x | &T | main.rs:499:11:499:19 | T | +| main.rs:499:35:501:5 | { ... } | | file://:0:0:0:0 | & | +| main.rs:499:35:501:5 | { ... } | &T | main.rs:499:11:499:19 | T | +| main.rs:500:9:500:9 | x | | file://:0:0:0:0 | & | +| main.rs:500:9:500:9 | x | &T | main.rs:499:11:499:19 | T | +| main.rs:504:17:504:20 | SelfParam | | main.rs:489:5:490:14 | S1 | +| main.rs:504:29:506:9 | { ... } | | main.rs:492:5:493:14 | S2 | +| main.rs:505:13:505:14 | S2 | | main.rs:492:5:493:14 | S2 | +| main.rs:509:21:509:21 | x | | main.rs:509:13:509:14 | T1 | +| main.rs:512:5:514:5 | { ... } | | main.rs:509:17:509:18 | T2 | +| main.rs:513:9:513:9 | x | | main.rs:509:13:509:14 | T1 | +| main.rs:513:9:513:16 | x.into() | | main.rs:509:17:509:18 | T2 | +| main.rs:517:13:517:13 | x | | main.rs:489:5:490:14 | S1 | +| main.rs:517:17:517:18 | S1 | | main.rs:489:5:490:14 | S1 | +| main.rs:518:26:518:31 | id(...) | | file://:0:0:0:0 | & | +| main.rs:518:26:518:31 | id(...) | &T | main.rs:489:5:490:14 | S1 | +| main.rs:518:29:518:30 | &x | | file://:0:0:0:0 | & | +| main.rs:518:29:518:30 | &x | &T | main.rs:489:5:490:14 | S1 | +| main.rs:518:30:518:30 | x | | main.rs:489:5:490:14 | S1 | +| main.rs:520:13:520:13 | x | | main.rs:489:5:490:14 | S1 | +| main.rs:520:17:520:18 | S1 | | main.rs:489:5:490:14 | S1 | +| main.rs:521:26:521:37 | id::<...>(...) | | file://:0:0:0:0 | & | +| main.rs:521:26:521:37 | id::<...>(...) | &T | main.rs:489:5:490:14 | S1 | +| main.rs:521:35:521:36 | &x | | file://:0:0:0:0 | & | +| main.rs:521:35:521:36 | &x | &T | main.rs:489:5:490:14 | S1 | +| main.rs:521:36:521:36 | x | | main.rs:489:5:490:14 | S1 | +| main.rs:523:13:523:13 | x | | main.rs:489:5:490:14 | S1 | +| main.rs:523:17:523:18 | S1 | | main.rs:489:5:490:14 | S1 | +| main.rs:524:26:524:44 | id::<...>(...) | | file://:0:0:0:0 | & | +| main.rs:524:26:524:44 | id::<...>(...) | &T | main.rs:489:5:490:14 | S1 | +| main.rs:524:42:524:43 | &x | | file://:0:0:0:0 | & | +| main.rs:524:42:524:43 | &x | &T | main.rs:489:5:490:14 | S1 | +| main.rs:524:43:524:43 | x | | main.rs:489:5:490:14 | S1 | +| main.rs:526:13:526:13 | x | | main.rs:489:5:490:14 | S1 | +| main.rs:526:17:526:18 | S1 | | main.rs:489:5:490:14 | S1 | +| main.rs:527:9:527:25 | into::<...>(...) | | main.rs:492:5:493:14 | S2 | +| main.rs:527:24:527:24 | x | | main.rs:489:5:490:14 | S1 | +| main.rs:529:13:529:13 | x | | main.rs:489:5:490:14 | S1 | +| main.rs:529:17:529:18 | S1 | | main.rs:489:5:490:14 | S1 | +| main.rs:530:13:530:13 | y | | main.rs:492:5:493:14 | S2 | +| main.rs:530:21:530:27 | into(...) | | main.rs:492:5:493:14 | S2 | +| main.rs:530:26:530:26 | x | | main.rs:489:5:490:14 | S1 | +| main.rs:560:13:560:14 | p1 | | main.rs:535:5:541:5 | PairOption | +| main.rs:560:13:560:14 | p1 | Fst | main.rs:543:5:544:14 | S1 | +| main.rs:560:13:560:14 | p1 | Snd | main.rs:546:5:547:14 | S2 | +| main.rs:560:26:560:53 | ...::PairBoth(...) | | main.rs:535:5:541:5 | PairOption | +| main.rs:560:26:560:53 | ...::PairBoth(...) | Fst | main.rs:543:5:544:14 | S1 | +| main.rs:560:26:560:53 | ...::PairBoth(...) | Snd | main.rs:546:5:547:14 | S2 | +| main.rs:560:47:560:48 | S1 | | main.rs:543:5:544:14 | S1 | +| main.rs:560:51:560:52 | S2 | | main.rs:546:5:547:14 | S2 | +| main.rs:561:26:561:27 | p1 | | main.rs:535:5:541:5 | PairOption | +| main.rs:561:26:561:27 | p1 | Fst | main.rs:543:5:544:14 | S1 | +| main.rs:561:26:561:27 | p1 | Snd | main.rs:546:5:547:14 | S2 | +| main.rs:564:13:564:14 | p2 | | main.rs:535:5:541:5 | PairOption | +| main.rs:564:26:564:47 | ...::PairNone(...) | | main.rs:535:5:541:5 | PairOption | +| main.rs:565:26:565:27 | p2 | | main.rs:535:5:541:5 | PairOption | +| main.rs:568:13:568:14 | p3 | | main.rs:535:5:541:5 | PairOption | +| main.rs:568:13:568:14 | p3 | Snd | main.rs:549:5:550:14 | S3 | +| main.rs:568:34:568:56 | ...::PairSnd(...) | | main.rs:535:5:541:5 | PairOption | +| main.rs:568:34:568:56 | ...::PairSnd(...) | Snd | main.rs:549:5:550:14 | S3 | +| main.rs:568:54:568:55 | S3 | | main.rs:549:5:550:14 | S3 | +| main.rs:569:26:569:27 | p3 | | main.rs:535:5:541:5 | PairOption | +| main.rs:569:26:569:27 | p3 | Snd | main.rs:549:5:550:14 | S3 | +| main.rs:572:13:572:14 | p3 | | main.rs:535:5:541:5 | PairOption | +| main.rs:572:13:572:14 | p3 | Fst | main.rs:549:5:550:14 | S3 | +| main.rs:572:35:572:56 | ...::PairNone(...) | | main.rs:535:5:541:5 | PairOption | +| main.rs:572:35:572:56 | ...::PairNone(...) | Fst | main.rs:549:5:550:14 | S3 | +| main.rs:573:26:573:27 | p3 | | main.rs:535:5:541:5 | PairOption | +| main.rs:573:26:573:27 | p3 | Fst | main.rs:549:5:550:14 | S3 | +| main.rs:586:16:586:24 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:586:16:586:24 | SelfParam | &T | main.rs:584:5:591:5 | Self [trait MyTrait] | +| main.rs:586:27:586:31 | value | | main.rs:584:19:584:19 | S | +| main.rs:588:21:588:29 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:588:21:588:29 | SelfParam | &T | main.rs:584:5:591:5 | Self [trait MyTrait] | +| main.rs:588:32:588:36 | value | | main.rs:584:19:584:19 | S | +| main.rs:589:13:589:16 | self | | file://:0:0:0:0 | & | +| main.rs:589:13:589:16 | self | &T | main.rs:584:5:591:5 | Self [trait MyTrait] | +| main.rs:589:22:589:26 | value | | main.rs:584:19:584:19 | S | +| main.rs:595:16:595:24 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:595:16:595:24 | SelfParam | &T | main.rs:578:5:582:5 | MyOption | +| main.rs:595:16:595:24 | SelfParam | &T.T | main.rs:593:10:593:10 | T | +| main.rs:595:27:595:31 | value | | main.rs:593:10:593:10 | T | +| main.rs:599:26:601:9 | { ... } | | main.rs:578:5:582:5 | MyOption | +| main.rs:599:26:601:9 | { ... } | T | main.rs:598:10:598:10 | T | +| main.rs:600:13:600:30 | ...::MyNone(...) | | main.rs:578:5:582:5 | MyOption | +| main.rs:600:13:600:30 | ...::MyNone(...) | T | main.rs:598:10:598:10 | T | +| main.rs:605:20:605:23 | SelfParam | | main.rs:578:5:582:5 | MyOption | +| main.rs:605:20:605:23 | SelfParam | T | main.rs:578:5:582:5 | MyOption | +| main.rs:605:20:605:23 | SelfParam | T.T | main.rs:604:10:604:10 | T | +| main.rs:605:41:610:9 | { ... } | | main.rs:578:5:582:5 | MyOption | +| main.rs:605:41:610:9 | { ... } | T | main.rs:604:10:604:10 | T | +| main.rs:606:13:609:13 | match self { ... } | | main.rs:578:5:582:5 | MyOption | +| main.rs:606:13:609:13 | match self { ... } | T | main.rs:604:10:604:10 | T | +| main.rs:606:19:606:22 | self | | main.rs:578:5:582:5 | MyOption | +| main.rs:606:19:606:22 | self | T | main.rs:578:5:582:5 | MyOption | +| main.rs:606:19:606:22 | self | T.T | main.rs:604:10:604:10 | T | +| main.rs:607:39:607:56 | ...::MyNone(...) | | main.rs:578:5:582:5 | MyOption | +| main.rs:607:39:607:56 | ...::MyNone(...) | T | main.rs:604:10:604:10 | T | +| main.rs:608:34:608:34 | x | | main.rs:578:5:582:5 | MyOption | +| main.rs:608:34:608:34 | x | T | main.rs:604:10:604:10 | T | +| main.rs:608:40:608:40 | x | | main.rs:578:5:582:5 | MyOption | +| main.rs:608:40:608:40 | x | T | main.rs:604:10:604:10 | T | +| main.rs:617:13:617:14 | x1 | | main.rs:578:5:582:5 | MyOption | +| main.rs:617:18:617:37 | ...::new(...) | | main.rs:578:5:582:5 | MyOption | +| main.rs:618:26:618:27 | x1 | | main.rs:578:5:582:5 | MyOption | +| main.rs:620:13:620:18 | mut x2 | | main.rs:578:5:582:5 | MyOption | +| main.rs:620:13:620:18 | mut x2 | T | main.rs:613:5:614:13 | S | +| main.rs:620:22:620:36 | ...::new(...) | | main.rs:578:5:582:5 | MyOption | +| main.rs:620:22:620:36 | ...::new(...) | T | main.rs:613:5:614:13 | S | +| main.rs:621:9:621:10 | x2 | | main.rs:578:5:582:5 | MyOption | +| main.rs:621:9:621:10 | x2 | T | main.rs:613:5:614:13 | S | +| main.rs:621:16:621:16 | S | | main.rs:613:5:614:13 | S | +| main.rs:622:26:622:27 | x2 | | main.rs:578:5:582:5 | MyOption | +| main.rs:622:26:622:27 | x2 | T | main.rs:613:5:614:13 | S | +| main.rs:624:13:624:18 | mut x3 | | main.rs:578:5:582:5 | MyOption | +| main.rs:624:22:624:36 | ...::new(...) | | main.rs:578:5:582:5 | MyOption | +| main.rs:625:9:625:10 | x3 | | main.rs:578:5:582:5 | MyOption | +| main.rs:625:21:625:21 | S | | main.rs:613:5:614:13 | S | +| main.rs:626:26:626:27 | x3 | | main.rs:578:5:582:5 | MyOption | +| main.rs:628:13:628:18 | mut x4 | | main.rs:578:5:582:5 | MyOption | +| main.rs:628:13:628:18 | mut x4 | T | main.rs:613:5:614:13 | S | +| main.rs:628:22:628:36 | ...::new(...) | | main.rs:578:5:582:5 | MyOption | +| main.rs:628:22:628:36 | ...::new(...) | T | main.rs:613:5:614:13 | S | +| main.rs:629:23:629:29 | &mut x4 | | file://:0:0:0:0 | & | +| main.rs:629:23:629:29 | &mut x4 | &T | main.rs:578:5:582:5 | MyOption | +| main.rs:629:23:629:29 | &mut x4 | &T.T | main.rs:613:5:614:13 | S | +| main.rs:629:28:629:29 | x4 | | main.rs:578:5:582:5 | MyOption | +| main.rs:629:28:629:29 | x4 | T | main.rs:613:5:614:13 | S | +| main.rs:629:32:629:32 | S | | main.rs:613:5:614:13 | S | +| main.rs:630:26:630:27 | x4 | | main.rs:578:5:582:5 | MyOption | +| main.rs:630:26:630:27 | x4 | T | main.rs:613:5:614:13 | S | +| main.rs:632:13:632:14 | x5 | | main.rs:578:5:582:5 | MyOption | +| main.rs:632:13:632:14 | x5 | T | main.rs:578:5:582:5 | MyOption | +| main.rs:632:13:632:14 | x5 | T.T | main.rs:613:5:614:13 | S | +| main.rs:632:18:632:58 | ...::MySome(...) | | main.rs:578:5:582:5 | MyOption | +| main.rs:632:18:632:58 | ...::MySome(...) | T | main.rs:578:5:582:5 | MyOption | +| main.rs:632:18:632:58 | ...::MySome(...) | T.T | main.rs:613:5:614:13 | S | +| main.rs:632:35:632:57 | ...::MyNone(...) | | main.rs:578:5:582:5 | MyOption | +| main.rs:632:35:632:57 | ...::MyNone(...) | T | main.rs:613:5:614:13 | S | +| main.rs:633:26:633:27 | x5 | | main.rs:578:5:582:5 | MyOption | +| main.rs:633:26:633:27 | x5 | T | main.rs:578:5:582:5 | MyOption | +| main.rs:633:26:633:27 | x5 | T.T | main.rs:613:5:614:13 | S | +| main.rs:635:13:635:14 | x6 | | main.rs:578:5:582:5 | MyOption | +| main.rs:635:13:635:14 | x6 | T | main.rs:578:5:582:5 | MyOption | +| main.rs:635:13:635:14 | x6 | T.T | main.rs:613:5:614:13 | S | +| main.rs:635:18:635:58 | ...::MySome(...) | | main.rs:578:5:582:5 | MyOption | +| main.rs:635:18:635:58 | ...::MySome(...) | T | main.rs:578:5:582:5 | MyOption | +| main.rs:635:18:635:58 | ...::MySome(...) | T.T | main.rs:613:5:614:13 | S | +| main.rs:635:35:635:57 | ...::MyNone(...) | | main.rs:578:5:582:5 | MyOption | +| main.rs:635:35:635:57 | ...::MyNone(...) | T | main.rs:613:5:614:13 | S | +| main.rs:636:26:636:61 | ...::flatten(...) | | main.rs:578:5:582:5 | MyOption | +| main.rs:636:26:636:61 | ...::flatten(...) | T | main.rs:613:5:614:13 | S | +| main.rs:636:59:636:60 | x6 | | main.rs:578:5:582:5 | MyOption | +| main.rs:636:59:636:60 | x6 | T | main.rs:578:5:582:5 | MyOption | +| main.rs:636:59:636:60 | x6 | T.T | main.rs:613:5:614:13 | S | +| main.rs:638:13:638:19 | from_if | | main.rs:578:5:582:5 | MyOption | +| main.rs:638:13:638:19 | from_if | T | main.rs:613:5:614:13 | S | +| main.rs:638:23:642:9 | if ... {...} else {...} | | main.rs:578:5:582:5 | MyOption | +| main.rs:638:23:642:9 | if ... {...} else {...} | T | main.rs:613:5:614:13 | S | +| main.rs:638:36:640:9 | { ... } | | main.rs:578:5:582:5 | MyOption | +| main.rs:638:36:640:9 | { ... } | T | main.rs:613:5:614:13 | S | +| main.rs:639:13:639:30 | ...::MyNone(...) | | main.rs:578:5:582:5 | MyOption | +| main.rs:639:13:639:30 | ...::MyNone(...) | T | main.rs:613:5:614:13 | S | +| main.rs:640:16:642:9 | { ... } | | main.rs:578:5:582:5 | MyOption | +| main.rs:640:16:642:9 | { ... } | T | main.rs:613:5:614:13 | S | +| main.rs:641:13:641:31 | ...::MySome(...) | | main.rs:578:5:582:5 | MyOption | +| main.rs:641:13:641:31 | ...::MySome(...) | T | main.rs:613:5:614:13 | S | +| main.rs:641:30:641:30 | S | | main.rs:613:5:614:13 | S | +| main.rs:643:26:643:32 | from_if | | main.rs:578:5:582:5 | MyOption | +| main.rs:643:26:643:32 | from_if | T | main.rs:613:5:614:13 | S | +| main.rs:645:13:645:22 | from_match | | main.rs:578:5:582:5 | MyOption | +| main.rs:645:13:645:22 | from_match | T | main.rs:613:5:614:13 | S | +| main.rs:645:26:648:9 | match ... { ... } | | main.rs:578:5:582:5 | MyOption | +| main.rs:645:26:648:9 | match ... { ... } | T | main.rs:613:5:614:13 | S | +| main.rs:646:21:646:38 | ...::MyNone(...) | | main.rs:578:5:582:5 | MyOption | +| main.rs:646:21:646:38 | ...::MyNone(...) | T | main.rs:613:5:614:13 | S | +| main.rs:647:22:647:40 | ...::MySome(...) | | main.rs:578:5:582:5 | MyOption | +| main.rs:647:22:647:40 | ...::MySome(...) | T | main.rs:613:5:614:13 | S | +| main.rs:647:39:647:39 | S | | main.rs:613:5:614:13 | S | +| main.rs:649:26:649:35 | from_match | | main.rs:578:5:582:5 | MyOption | +| main.rs:649:26:649:35 | from_match | T | main.rs:613:5:614:13 | S | +| main.rs:651:13:651:21 | from_loop | | main.rs:578:5:582:5 | MyOption | +| main.rs:651:13:651:21 | from_loop | T | main.rs:613:5:614:13 | S | +| main.rs:651:25:656:9 | loop { ... } | | main.rs:578:5:582:5 | MyOption | +| main.rs:651:25:656:9 | loop { ... } | T | main.rs:613:5:614:13 | S | +| main.rs:653:23:653:40 | ...::MyNone(...) | | main.rs:578:5:582:5 | MyOption | +| main.rs:653:23:653:40 | ...::MyNone(...) | T | main.rs:613:5:614:13 | S | +| main.rs:655:19:655:37 | ...::MySome(...) | | main.rs:578:5:582:5 | MyOption | +| main.rs:655:19:655:37 | ...::MySome(...) | T | main.rs:613:5:614:13 | S | +| main.rs:655:36:655:36 | S | | main.rs:613:5:614:13 | S | +| main.rs:657:26:657:34 | from_loop | | main.rs:578:5:582:5 | MyOption | +| main.rs:657:26:657:34 | from_loop | T | main.rs:613:5:614:13 | S | +| main.rs:670:15:670:18 | SelfParam | | main.rs:663:5:664:19 | S | +| main.rs:670:15:670:18 | SelfParam | T | main.rs:669:10:669:10 | T | +| main.rs:670:26:672:9 | { ... } | | main.rs:669:10:669:10 | T | +| main.rs:671:13:671:16 | self | | main.rs:663:5:664:19 | S | +| main.rs:671:13:671:16 | self | T | main.rs:669:10:669:10 | T | +| main.rs:671:13:671:18 | self.0 | | main.rs:669:10:669:10 | T | +| main.rs:674:15:674:19 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:674:15:674:19 | SelfParam | &T | main.rs:663:5:664:19 | S | +| main.rs:674:15:674:19 | SelfParam | &T.T | main.rs:669:10:669:10 | T | +| main.rs:674:28:676:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:674:28:676:9 | { ... } | &T | main.rs:669:10:669:10 | T | +| main.rs:675:13:675:19 | &... | | file://:0:0:0:0 | & | +| main.rs:675:13:675:19 | &... | &T | main.rs:669:10:669:10 | T | +| main.rs:675:14:675:17 | self | | file://:0:0:0:0 | & | +| main.rs:675:14:675:17 | self | &T | main.rs:663:5:664:19 | S | +| main.rs:675:14:675:17 | self | &T.T | main.rs:669:10:669:10 | T | +| main.rs:675:14:675:19 | self.0 | | main.rs:669:10:669:10 | T | +| main.rs:678:15:678:25 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:678:15:678:25 | SelfParam | &T | main.rs:663:5:664:19 | S | +| main.rs:678:15:678:25 | SelfParam | &T.T | main.rs:669:10:669:10 | T | +| main.rs:678:34:680:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:678:34:680:9 | { ... } | &T | main.rs:669:10:669:10 | T | +| main.rs:679:13:679:19 | &... | | file://:0:0:0:0 | & | +| main.rs:679:13:679:19 | &... | &T | main.rs:669:10:669:10 | T | +| main.rs:679:14:679:17 | self | | file://:0:0:0:0 | & | +| main.rs:679:14:679:17 | self | &T | main.rs:663:5:664:19 | S | +| main.rs:679:14:679:17 | self | &T.T | main.rs:669:10:669:10 | T | +| main.rs:679:14:679:19 | self.0 | | main.rs:669:10:669:10 | T | +| main.rs:684:13:684:14 | x1 | | main.rs:663:5:664:19 | S | +| main.rs:684:13:684:14 | x1 | T | main.rs:666:5:667:14 | S2 | +| main.rs:684:18:684:22 | S(...) | | main.rs:663:5:664:19 | S | +| main.rs:684:18:684:22 | S(...) | T | main.rs:666:5:667:14 | S2 | +| main.rs:684:20:684:21 | S2 | | main.rs:666:5:667:14 | S2 | +| main.rs:685:26:685:27 | x1 | | main.rs:663:5:664:19 | S | +| main.rs:685:26:685:27 | x1 | T | main.rs:666:5:667:14 | S2 | +| main.rs:685:26:685:32 | x1.m1() | | main.rs:666:5:667:14 | S2 | +| main.rs:687:13:687:14 | x2 | | main.rs:663:5:664:19 | S | +| main.rs:687:13:687:14 | x2 | T | main.rs:666:5:667:14 | S2 | +| main.rs:687:18:687:22 | S(...) | | main.rs:663:5:664:19 | S | +| main.rs:687:18:687:22 | S(...) | T | main.rs:666:5:667:14 | S2 | +| main.rs:687:20:687:21 | S2 | | main.rs:666:5:667:14 | S2 | +| main.rs:689:26:689:27 | x2 | | main.rs:663:5:664:19 | S | +| main.rs:689:26:689:27 | x2 | T | main.rs:666:5:667:14 | S2 | +| main.rs:689:26:689:32 | x2.m2() | | file://:0:0:0:0 | & | +| main.rs:689:26:689:32 | x2.m2() | &T | main.rs:666:5:667:14 | S2 | +| main.rs:690:26:690:27 | x2 | | main.rs:663:5:664:19 | S | +| main.rs:690:26:690:27 | x2 | T | main.rs:666:5:667:14 | S2 | +| main.rs:690:26:690:32 | x2.m3() | | file://:0:0:0:0 | & | +| main.rs:690:26:690:32 | x2.m3() | &T | main.rs:666:5:667:14 | S2 | +| main.rs:692:13:692:14 | x3 | | main.rs:663:5:664:19 | S | +| main.rs:692:13:692:14 | x3 | T | main.rs:666:5:667:14 | S2 | +| main.rs:692:18:692:22 | S(...) | | main.rs:663:5:664:19 | S | +| main.rs:692:18:692:22 | S(...) | T | main.rs:666:5:667:14 | S2 | +| main.rs:692:20:692:21 | S2 | | main.rs:666:5:667:14 | S2 | +| main.rs:694:26:694:41 | ...::m2(...) | | file://:0:0:0:0 | & | +| main.rs:694:26:694:41 | ...::m2(...) | &T | main.rs:666:5:667:14 | S2 | +| main.rs:694:38:694:40 | &x3 | | file://:0:0:0:0 | & | +| main.rs:694:38:694:40 | &x3 | &T | main.rs:663:5:664:19 | S | +| main.rs:694:38:694:40 | &x3 | &T.T | main.rs:666:5:667:14 | S2 | +| main.rs:694:39:694:40 | x3 | | main.rs:663:5:664:19 | S | +| main.rs:694:39:694:40 | x3 | T | main.rs:666:5:667:14 | S2 | +| main.rs:695:26:695:41 | ...::m3(...) | | file://:0:0:0:0 | & | +| main.rs:695:26:695:41 | ...::m3(...) | &T | main.rs:666:5:667:14 | S2 | +| main.rs:695:38:695:40 | &x3 | | file://:0:0:0:0 | & | +| main.rs:695:38:695:40 | &x3 | &T | main.rs:663:5:664:19 | S | +| main.rs:695:38:695:40 | &x3 | &T.T | main.rs:666:5:667:14 | S2 | +| main.rs:695:39:695:40 | x3 | | main.rs:663:5:664:19 | S | +| main.rs:695:39:695:40 | x3 | T | main.rs:666:5:667:14 | S2 | +| main.rs:697:13:697:14 | x4 | | file://:0:0:0:0 | & | +| main.rs:697:13:697:14 | x4 | &T | main.rs:663:5:664:19 | S | +| main.rs:697:13:697:14 | x4 | &T.T | main.rs:666:5:667:14 | S2 | +| main.rs:697:18:697:23 | &... | | file://:0:0:0:0 | & | +| main.rs:697:18:697:23 | &... | &T | main.rs:663:5:664:19 | S | +| main.rs:697:18:697:23 | &... | &T.T | main.rs:666:5:667:14 | S2 | +| main.rs:697:19:697:23 | S(...) | | main.rs:663:5:664:19 | S | +| main.rs:697:19:697:23 | S(...) | T | main.rs:666:5:667:14 | S2 | +| main.rs:697:21:697:22 | S2 | | main.rs:666:5:667:14 | S2 | +| main.rs:699:26:699:27 | x4 | | file://:0:0:0:0 | & | +| main.rs:699:26:699:27 | x4 | &T | main.rs:663:5:664:19 | S | +| main.rs:699:26:699:27 | x4 | &T.T | main.rs:666:5:667:14 | S2 | +| main.rs:699:26:699:32 | x4.m2() | | file://:0:0:0:0 | & | +| main.rs:699:26:699:32 | x4.m2() | &T | main.rs:666:5:667:14 | S2 | +| main.rs:700:26:700:27 | x4 | | file://:0:0:0:0 | & | +| main.rs:700:26:700:27 | x4 | &T | main.rs:663:5:664:19 | S | +| main.rs:700:26:700:27 | x4 | &T.T | main.rs:666:5:667:14 | S2 | +| main.rs:700:26:700:32 | x4.m3() | | file://:0:0:0:0 | & | +| main.rs:700:26:700:32 | x4.m3() | &T | main.rs:666:5:667:14 | S2 | +| main.rs:702:13:702:14 | x5 | | file://:0:0:0:0 | & | +| main.rs:702:13:702:14 | x5 | &T | main.rs:663:5:664:19 | S | +| main.rs:702:13:702:14 | x5 | &T.T | main.rs:666:5:667:14 | S2 | +| main.rs:702:18:702:23 | &... | | file://:0:0:0:0 | & | +| main.rs:702:18:702:23 | &... | &T | main.rs:663:5:664:19 | S | +| main.rs:702:18:702:23 | &... | &T.T | main.rs:666:5:667:14 | S2 | +| main.rs:702:19:702:23 | S(...) | | main.rs:663:5:664:19 | S | +| main.rs:702:19:702:23 | S(...) | T | main.rs:666:5:667:14 | S2 | +| main.rs:702:21:702:22 | S2 | | main.rs:666:5:667:14 | S2 | +| main.rs:704:26:704:27 | x5 | | file://:0:0:0:0 | & | +| main.rs:704:26:704:27 | x5 | &T | main.rs:663:5:664:19 | S | +| main.rs:704:26:704:27 | x5 | &T.T | main.rs:666:5:667:14 | S2 | +| main.rs:704:26:704:32 | x5.m1() | | main.rs:666:5:667:14 | S2 | +| main.rs:705:26:705:27 | x5 | | file://:0:0:0:0 | & | +| main.rs:705:26:705:27 | x5 | &T | main.rs:663:5:664:19 | S | +| main.rs:705:26:705:27 | x5 | &T.T | main.rs:666:5:667:14 | S2 | +| main.rs:705:26:705:29 | x5.0 | | main.rs:666:5:667:14 | S2 | +| main.rs:707:13:707:14 | x6 | | file://:0:0:0:0 | & | +| main.rs:707:13:707:14 | x6 | &T | main.rs:663:5:664:19 | S | +| main.rs:707:13:707:14 | x6 | &T.T | main.rs:666:5:667:14 | S2 | +| main.rs:707:18:707:23 | &... | | file://:0:0:0:0 | & | +| main.rs:707:18:707:23 | &... | &T | main.rs:663:5:664:19 | S | +| main.rs:707:18:707:23 | &... | &T.T | main.rs:666:5:667:14 | S2 | +| main.rs:707:19:707:23 | S(...) | | main.rs:663:5:664:19 | S | +| main.rs:707:19:707:23 | S(...) | T | main.rs:666:5:667:14 | S2 | +| main.rs:707:21:707:22 | S2 | | main.rs:666:5:667:14 | S2 | +| main.rs:709:26:709:30 | (...) | | main.rs:663:5:664:19 | S | +| main.rs:709:26:709:30 | (...) | T | main.rs:666:5:667:14 | S2 | +| main.rs:709:26:709:35 | ... .m1() | | main.rs:666:5:667:14 | S2 | +| main.rs:709:27:709:29 | * ... | | main.rs:663:5:664:19 | S | +| main.rs:709:27:709:29 | * ... | T | main.rs:666:5:667:14 | S2 | +| main.rs:709:28:709:29 | x6 | | file://:0:0:0:0 | & | +| main.rs:709:28:709:29 | x6 | &T | main.rs:663:5:664:19 | S | +| main.rs:709:28:709:29 | x6 | &T.T | main.rs:666:5:667:14 | S2 | +| main.rs:716:16:716:20 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:716:16:716:20 | SelfParam | &T | main.rs:714:5:722:5 | Self [trait MyTrait] | +| main.rs:719:16:719:20 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:719:16:719:20 | SelfParam | &T | main.rs:714:5:722:5 | Self [trait MyTrait] | +| main.rs:719:32:721:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:719:32:721:9 | { ... } | &T | main.rs:714:5:722:5 | Self [trait MyTrait] | +| main.rs:720:13:720:16 | self | | file://:0:0:0:0 | & | +| main.rs:720:13:720:16 | self | &T | main.rs:714:5:722:5 | Self [trait MyTrait] | +| main.rs:720:13:720:22 | self.foo() | | file://:0:0:0:0 | & | +| main.rs:720:13:720:22 | self.foo() | &T | main.rs:714:5:722:5 | Self [trait MyTrait] | +| main.rs:728:16:728:20 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:728:16:728:20 | SelfParam | &T | main.rs:724:5:724:20 | MyStruct | +| main.rs:728:36:730:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:728:36:730:9 | { ... } | &T | main.rs:724:5:724:20 | MyStruct | +| main.rs:729:13:729:16 | self | | file://:0:0:0:0 | & | +| main.rs:729:13:729:16 | self | &T | main.rs:724:5:724:20 | MyStruct | +| main.rs:734:13:734:13 | x | | main.rs:724:5:724:20 | MyStruct | +| main.rs:734:17:734:24 | MyStruct | | main.rs:724:5:724:20 | MyStruct | +| main.rs:735:9:735:9 | x | | main.rs:724:5:724:20 | MyStruct | +| main.rs:735:9:735:15 | x.bar() | | file://:0:0:0:0 | & | +| main.rs:735:9:735:15 | x.bar() | &T | main.rs:724:5:724:20 | MyStruct | +| main.rs:745:16:745:20 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:745:16:745:20 | SelfParam | &T | main.rs:742:5:742:26 | MyStruct | +| main.rs:745:16:745:20 | SelfParam | &T.T | main.rs:744:10:744:10 | T | +| main.rs:745:32:747:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:745:32:747:9 | { ... } | &T | main.rs:742:5:742:26 | MyStruct | +| main.rs:745:32:747:9 | { ... } | &T.T | main.rs:744:10:744:10 | T | +| main.rs:746:13:746:16 | self | | file://:0:0:0:0 | & | +| main.rs:746:13:746:16 | self | &T | main.rs:742:5:742:26 | MyStruct | +| main.rs:746:13:746:16 | self | &T.T | main.rs:744:10:744:10 | T | +| main.rs:751:13:751:13 | x | | main.rs:742:5:742:26 | MyStruct | +| main.rs:751:13:751:13 | x | T | main.rs:740:5:740:13 | S | +| main.rs:751:17:751:27 | MyStruct(...) | | main.rs:742:5:742:26 | MyStruct | +| main.rs:751:17:751:27 | MyStruct(...) | T | main.rs:740:5:740:13 | S | +| main.rs:751:26:751:26 | S | | main.rs:740:5:740:13 | S | +| main.rs:752:9:752:9 | x | | main.rs:742:5:742:26 | MyStruct | +| main.rs:752:9:752:9 | x | T | main.rs:740:5:740:13 | S | +| main.rs:752:9:752:15 | x.foo() | | file://:0:0:0:0 | & | +| main.rs:752:9:752:15 | x.foo() | &T | main.rs:742:5:742:26 | MyStruct | +| main.rs:752:9:752:15 | x.foo() | &T.T | main.rs:740:5:740:13 | S | +| main.rs:760:15:760:19 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:760:15:760:19 | SelfParam | &T | main.rs:757:5:757:13 | S | +| main.rs:760:31:762:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:760:31:762:9 | { ... } | &T | main.rs:757:5:757:13 | S | +| main.rs:761:13:761:19 | &... | | file://:0:0:0:0 | & | +| main.rs:761:13:761:19 | &... | &T | main.rs:757:5:757:13 | S | +| main.rs:761:14:761:19 | &... | | file://:0:0:0:0 | & | +| main.rs:761:14:761:19 | &... | &T | main.rs:757:5:757:13 | S | +| main.rs:761:15:761:19 | &self | | file://:0:0:0:0 | & | +| main.rs:761:15:761:19 | &self | &T | main.rs:757:5:757:13 | S | +| main.rs:761:16:761:19 | self | | file://:0:0:0:0 | & | +| main.rs:761:16:761:19 | self | &T | main.rs:757:5:757:13 | S | +| main.rs:764:15:764:25 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:764:15:764:25 | SelfParam | &T | main.rs:757:5:757:13 | S | +| main.rs:764:37:766:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:764:37:766:9 | { ... } | &T | main.rs:757:5:757:13 | S | +| main.rs:765:13:765:19 | &... | | file://:0:0:0:0 | & | +| main.rs:765:13:765:19 | &... | &T | main.rs:757:5:757:13 | S | +| main.rs:765:14:765:19 | &... | | file://:0:0:0:0 | & | +| main.rs:765:14:765:19 | &... | &T | main.rs:757:5:757:13 | S | +| main.rs:765:15:765:19 | &self | | file://:0:0:0:0 | & | +| main.rs:765:15:765:19 | &self | &T | main.rs:757:5:757:13 | S | +| main.rs:765:16:765:19 | self | | file://:0:0:0:0 | & | +| main.rs:765:16:765:19 | self | &T | main.rs:757:5:757:13 | S | +| main.rs:768:15:768:15 | x | | file://:0:0:0:0 | & | +| main.rs:768:15:768:15 | x | &T | main.rs:757:5:757:13 | S | +| main.rs:768:34:770:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:768:34:770:9 | { ... } | &T | main.rs:757:5:757:13 | S | +| main.rs:769:13:769:13 | x | | file://:0:0:0:0 | & | +| main.rs:769:13:769:13 | x | &T | main.rs:757:5:757:13 | S | +| main.rs:772:15:772:15 | x | | file://:0:0:0:0 | & | +| main.rs:772:15:772:15 | x | &T | main.rs:757:5:757:13 | S | +| main.rs:772:34:774:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:772:34:774:9 | { ... } | &T | main.rs:757:5:757:13 | S | +| main.rs:773:13:773:16 | &... | | file://:0:0:0:0 | & | +| main.rs:773:13:773:16 | &... | &T | main.rs:757:5:757:13 | S | +| main.rs:773:14:773:16 | &... | | file://:0:0:0:0 | & | +| main.rs:773:14:773:16 | &... | &T | main.rs:757:5:757:13 | S | +| main.rs:773:15:773:16 | &x | | file://:0:0:0:0 | & | +| main.rs:773:15:773:16 | &x | &T | main.rs:757:5:757:13 | S | +| main.rs:773:16:773:16 | x | | file://:0:0:0:0 | & | +| main.rs:773:16:773:16 | x | &T | main.rs:757:5:757:13 | S | +| main.rs:778:13:778:13 | x | | main.rs:757:5:757:13 | S | +| main.rs:778:17:778:20 | S {...} | | main.rs:757:5:757:13 | S | +| main.rs:779:9:779:9 | x | | main.rs:757:5:757:13 | S | +| main.rs:779:9:779:14 | x.f1() | | file://:0:0:0:0 | & | +| main.rs:779:9:779:14 | x.f1() | &T | main.rs:757:5:757:13 | S | +| main.rs:780:9:780:9 | x | | main.rs:757:5:757:13 | S | +| main.rs:780:9:780:14 | x.f2() | | file://:0:0:0:0 | & | +| main.rs:780:9:780:14 | x.f2() | &T | main.rs:757:5:757:13 | S | +| main.rs:781:9:781:17 | ...::f3(...) | | file://:0:0:0:0 | & | +| main.rs:781:9:781:17 | ...::f3(...) | &T | main.rs:757:5:757:13 | S | +| main.rs:781:15:781:16 | &x | | file://:0:0:0:0 | & | +| main.rs:781:15:781:16 | &x | &T | main.rs:757:5:757:13 | S | +| main.rs:781:16:781:16 | x | | main.rs:757:5:757:13 | S | +| main.rs:787:5:787:20 | ...::f(...) | | main.rs:67:5:67:21 | Foo | +| main.rs:788:5:788:60 | ...::g(...) | | main.rs:67:5:67:21 | Foo | +| main.rs:788:20:788:38 | ...::Foo {...} | | main.rs:67:5:67:21 | Foo | +| main.rs:788:41:788:59 | ...::Foo {...} | | main.rs:67:5:67:21 | Foo | diff --git a/rust/ql/test/library-tests/type-inference/type-inference.ql b/rust/ql/test/library-tests/type-inference/type-inference.ql index 67f02c96cfa..b0e47e7f574 100644 --- a/rust/ql/test/library-tests/type-inference/type-inference.ql +++ b/rust/ql/test/library-tests/type-inference/type-inference.ql @@ -1,18 +1,60 @@ import rust +import utils.test.InlineExpectationsTest import codeql.rust.internal.TypeInference as TypeInference import TypeInference -import utils.test.InlineExpectationsTest query predicate inferType(AstNode n, TypePath path, Type t) { t = TypeInference::inferType(n, path) } -query predicate resolveMethodCallExpr(MethodCallExpr mce, Function f) { - f = resolveMethodCallExpr(mce) +module ResolveTest implements TestSig { + string getARelevantTag() { result = ["method", "fieldof"] } + + private predicate functionHasValue(Function f, string value) { + f.getPrecedingComment().getCommentText() = value + or + not exists(f.getPrecedingComment()) and + value = f.getName().getText() + } + + predicate hasActualResult(Location location, string element, string tag, string value) { + exists(AstNode source, AstNode target | + location = source.getLocation() and + element = source.toString() + | + target = resolveMethodCallExpr(source) and + functionHasValue(target, value) and + tag = "method" + or + target = resolveStructFieldExpr(source) and + any(Struct s | s.getStructField(_) = target).getName().getText() = value and + tag = "fieldof" + or + target = resolveTupleFieldExpr(source) and + any(Struct s | s.getTupleField(_) = target).getName().getText() = value and + tag = "fieldof" + ) + } } -query predicate resolveFieldExpr(FieldExpr fe, AstNode target) { - target = resolveStructFieldExpr(fe) - or - target = resolveTupleFieldExpr(fe) +module TypeTest implements TestSig { + string getARelevantTag() { result = "type" } + + predicate tagIsOptional(string expectedTag) { expectedTag = "type" } + + predicate hasActualResult(Location location, string element, string tag, string value) { none() } + + predicate hasOptionalResult(Location location, string element, string tag, string value) { + tag = "type" and + exists(AstNode n, TypePath path, Type t | + t = TypeInference::inferType(n, path) and + location = n.getLocation() and + element = n.toString() and + if path.isEmpty() + then value = element + ":" + t + else value = element + ":" + path.toString() + "." + t.toString() + ) + } } + +import MakeTest> From c49ffa01eebc42df13a904d9fa1e2d972d0a0a0d Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 3 Apr 2025 12:27:42 +0200 Subject: [PATCH 210/409] JS: Enable post-processed inline expectations for query predicates --- .../util/test/InlineExpectationsTest.qll | 49 ++++++++++++++++--- 1 file changed, 41 insertions(+), 8 deletions(-) diff --git a/shared/util/codeql/util/test/InlineExpectationsTest.qll b/shared/util/codeql/util/test/InlineExpectationsTest.qll index f67f54da937..5fe8932808c 100644 --- a/shared/util/codeql/util/test/InlineExpectationsTest.qll +++ b/shared/util/codeql/util/test/InlineExpectationsTest.qll @@ -858,17 +858,26 @@ module TestPostProcessing { bindingset[result] string getARelevantTag() { any() } - predicate tagMatches = PathProblemSourceTestInput::tagMatches/2; + bindingset[expectedTag, actualTag] + predicate tagMatches(string expectedTag, string actualTag) { + PathProblemSourceTestInput::tagMatches(expectedTag, actualTag) + or + not exists(getQueryKind()) and + expectedTag = actualTag + } bindingset[expectedTag] predicate tagIsOptional(string expectedTag) { - // ignore irrelevant tags - not expectedTag.regexpMatch(getTagRegex()) - or - // ignore tags annotated with a query ID that does not match the current query ID - exists(string queryId | - queryId = expectedTag.regexpCapture(getTagRegex(), 3) and - queryId != getQueryId() + exists(getQueryKind()) and + ( + // ignore irrelevant tags + not expectedTag.regexpMatch(getTagRegex()) + or + // ignore tags annotated with a query ID that does not match the current query ID + exists(string queryId | + queryId = expectedTag.regexpCapture(getTagRegex(), 3) and + queryId != getQueryId() + ) ) } @@ -911,6 +920,28 @@ module TestPostProcessing { not hasPathProblemSink(row, location, _, _) } + /** + * Holds if a custom query predicate implies `tag=value` at the given `location`. + * + * Such query predicates are only allowed in kind-less queries, usually in the form + * of a `.ql` file in a test folder, with a same-named `.qlref` file to enable + * post-processing for that test. + */ + private predicate hasCustomQueryPredicateResult( + int row, TestLocation location, string element, string tag, string value + ) { + not exists(getQueryKind()) and + queryResults(tag, row, 0, location.getRelativeUrl()) and + queryResults(tag, row, 1, element) and + ( + queryResults(tag, row, 2, value) and + not queryResults(tag, row, 3, _) // ignore if arity is greater than expected + or + not queryResults(tag, row, 2, _) and + value = "" // allow value-less expectations for unary predicates + ) + } + /** * Gets the expected value for result row `row`, if any. This value must * match the value at the corresponding path-problem source (if it is @@ -939,6 +970,8 @@ module TestPostProcessing { or value = getValue(row) ) + or + hasCustomQueryPredicateResult(_, location, element, tag, value) } } From 14c5495b4c48b9d53f1e6e38c9d2e386bdca623e Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 3 Apr 2025 13:21:26 +0200 Subject: [PATCH 211/409] JS: Use in SensitiveActions test as an example --- .../SensitiveActions/tests.expected | 22 ++++++++-------- .../library-tests/SensitiveActions/tests.ql | 2 +- .../SensitiveActions/tests.qlref | 2 ++ .../library-tests/SensitiveActions/tst.js | 26 +++++++++---------- 4 files changed, 27 insertions(+), 25 deletions(-) create mode 100644 javascript/ql/test/library-tests/SensitiveActions/tests.qlref diff --git a/javascript/ql/test/library-tests/SensitiveActions/tests.expected b/javascript/ql/test/library-tests/SensitiveActions/tests.expected index 2c0dfff14f7..cbbe7c1a0db 100644 --- a/javascript/ql/test/library-tests/SensitiveActions/tests.expected +++ b/javascript/ql/test/library-tests/SensitiveActions/tests.expected @@ -31,14 +31,14 @@ sensitiveAction | tst.js:23:1:23:25 | require ... .exit() | | tst.js:24:1:24:21 | global. ... .exit() | sensitiveExpr -| tst.js:1:1:1:8 | password | -| tst.js:2:1:2:8 | PassWord | -| tst.js:3:1:3:21 | myPassw ... eartext | -| tst.js:4:1:4:10 | x.password | -| tst.js:5:1:5:11 | getPassword | -| tst.js:5:1:5:13 | getPassword() | -| tst.js:6:1:6:13 | x.getPassword | -| tst.js:6:1:6:15 | x.getPassword() | -| tst.js:7:1:7:15 | get("password") | -| tst.js:8:1:8:17 | x.get("password") | -| tst.js:21:1:21:6 | secret | +| tst.js:1:1:1:8 | password | password | +| tst.js:2:1:2:8 | PassWord | password | +| tst.js:3:1:3:21 | myPassw ... eartext | password | +| tst.js:4:1:4:10 | x.password | password | +| tst.js:5:1:5:11 | getPassword | password | +| tst.js:5:1:5:13 | getPassword() | password | +| tst.js:6:1:6:13 | x.getPassword | password | +| tst.js:6:1:6:15 | x.getPassword() | password | +| tst.js:7:1:7:15 | get("password") | password | +| tst.js:8:1:8:17 | x.get("password") | password | +| tst.js:21:1:21:6 | secret | secret | diff --git a/javascript/ql/test/library-tests/SensitiveActions/tests.ql b/javascript/ql/test/library-tests/SensitiveActions/tests.ql index e1cd2cbd095..d7273fe13b7 100644 --- a/javascript/ql/test/library-tests/SensitiveActions/tests.ql +++ b/javascript/ql/test/library-tests/SensitiveActions/tests.ql @@ -20,4 +20,4 @@ query predicate processTermination(NodeJSLib::ProcessTermination term) { any() } query predicate sensitiveAction(SensitiveAction ac) { any() } -query predicate sensitiveExpr(SensitiveNode e) { any() } +query predicate sensitiveExpr(SensitiveNode e, string kind) { kind = e.getClassification() } diff --git a/javascript/ql/test/library-tests/SensitiveActions/tests.qlref b/javascript/ql/test/library-tests/SensitiveActions/tests.qlref new file mode 100644 index 00000000000..8581a3f8b74 --- /dev/null +++ b/javascript/ql/test/library-tests/SensitiveActions/tests.qlref @@ -0,0 +1,2 @@ +query: tests.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/javascript/ql/test/library-tests/SensitiveActions/tst.js b/javascript/ql/test/library-tests/SensitiveActions/tst.js index c4a627b742c..c6fa5aa873b 100644 --- a/javascript/ql/test/library-tests/SensitiveActions/tst.js +++ b/javascript/ql/test/library-tests/SensitiveActions/tst.js @@ -1,11 +1,11 @@ -password; -PassWord; -myPasswordInCleartext; -x.password; -getPassword(); -x.getPassword(); -get("password"); -x.get("password"); +password; // $ cleartextPasswordExpr sensitiveExpr=password +PassWord; // $ cleartextPasswordExpr sensitiveExpr=password +myPasswordInCleartext; // $ cleartextPasswordExpr sensitiveExpr=password +x.password; // $ cleartextPasswordExpr sensitiveExpr=password +getPassword(); // $ cleartextPasswordExpr sensitiveExpr=password +x.getPassword(); // $ cleartextPasswordExpr sensitiveExpr=password +get("password"); // $ cleartextPasswordExpr sensitiveExpr=password +x.get("password"); // $ cleartextPasswordExpr sensitiveExpr=password hashed_password; password_hashed; @@ -15,13 +15,13 @@ hashedPassword; var exit = require('exit'); var e = process.exit; -e(); -exit(); +e(); // $ processTermination sensitiveAction +exit(); // $ processTermination sensitiveAction -secret; +secret; // $ sensitiveExpr=secret -require("process").exit(); -global.process.exit(); +require("process").exit(); // $ processTermination sensitiveAction +global.process.exit(); // $ processTermination sensitiveAction get("https://example.com/news?password=true") get("https://username:password@example.com") From a53f664e85e82b8da1cc916fcf36006228399c91 Mon Sep 17 00:00:00 2001 From: Simon Friis Vindum Date: Thu, 3 Apr 2025 14:33:02 +0200 Subject: [PATCH 212/409] Rust: Fix bad join --- .../rust/elements/internal/FunctionImpl.qll | 25 +++++++++++++++++++ rust/ql/lib/utils/test/InlineMadTest.qll | 2 +- .../type-inference/type-inference.ql | 4 +-- 3 files changed, 28 insertions(+), 3 deletions(-) diff --git a/rust/ql/lib/codeql/rust/elements/internal/FunctionImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/FunctionImpl.qll index 594dbaa0bf5..67bd0a4eee9 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/FunctionImpl.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/FunctionImpl.qll @@ -4,6 +4,7 @@ * INTERNAL: Do not use. */ +private import codeql.files.FileSystem private import codeql.rust.elements.internal.generated.Function private import codeql.rust.elements.Comment @@ -28,6 +29,30 @@ module Impl { class Function extends Generated::Function { override string toStringImpl() { result = "fn " + this.getName().getText() } + pragma[nomagic] + private predicate hasPotentialCommentAt(File f, int line) { + f = this.getLocation().getFile() and + // When a function is preceded by comments its start line is the line of + // the first comment. Hence all relevant comments are found by including + // comments from the start line and up to the line with the function + // name. + line in [this.getLocation().getStartLine() .. this.getName().getLocation().getStartLine()] + } + + /** + * Gets a comment preceding this function. + * + * A comment is considered preceding if it occurs immediately before this + * function or if only other comments occur between the comment and this + * function. + */ + Comment getAPrecedingComment() { + exists(File f, int line | + this.hasPotentialCommentAt(f, line) and + result.getLocation().hasLocationFileInfo(f, line, _, _, _) + ) + } + /** * Gets a comment preceding this function. * diff --git a/rust/ql/lib/utils/test/InlineMadTest.qll b/rust/ql/lib/utils/test/InlineMadTest.qll index 00000060ab6..ed21ab1f8b1 100644 --- a/rust/ql/lib/utils/test/InlineMadTest.qll +++ b/rust/ql/lib/utils/test/InlineMadTest.qll @@ -5,7 +5,7 @@ private module InlineMadTestLang implements InlineMadTestLangSig { class Callable = R::Function; string getComment(R::Function callable) { - result = callable.getPrecedingComment().getCommentText() + result = callable.getAPrecedingComment().getCommentText() } } diff --git a/rust/ql/test/library-tests/type-inference/type-inference.ql b/rust/ql/test/library-tests/type-inference/type-inference.ql index b0e47e7f574..d683e7d75d8 100644 --- a/rust/ql/test/library-tests/type-inference/type-inference.ql +++ b/rust/ql/test/library-tests/type-inference/type-inference.ql @@ -11,9 +11,9 @@ module ResolveTest implements TestSig { string getARelevantTag() { result = ["method", "fieldof"] } private predicate functionHasValue(Function f, string value) { - f.getPrecedingComment().getCommentText() = value + f.getAPrecedingComment().getCommentText() = value or - not exists(f.getPrecedingComment()) and + not exists(f.getAPrecedingComment()) and value = f.getName().getText() } From e6c7ad8ee0b3ff9a94e73588d77779cdef811b7b Mon Sep 17 00:00:00 2001 From: Simon Friis Vindum Date: Thu, 3 Apr 2025 14:34:23 +0200 Subject: [PATCH 213/409] Rust: Add comment as suggested in review --- rust/ql/test/library-tests/type-inference/type-inference.ql | 1 + 1 file changed, 1 insertion(+) diff --git a/rust/ql/test/library-tests/type-inference/type-inference.ql b/rust/ql/test/library-tests/type-inference/type-inference.ql index d683e7d75d8..d83900e5840 100644 --- a/rust/ql/test/library-tests/type-inference/type-inference.ql +++ b/rust/ql/test/library-tests/type-inference/type-inference.ql @@ -14,6 +14,7 @@ module ResolveTest implements TestSig { f.getAPrecedingComment().getCommentText() = value or not exists(f.getAPrecedingComment()) and + // TODO: Default to canonical path once that is available value = f.getName().getText() } From e7027f0979b8ea3925c7820cf025856653297609 Mon Sep 17 00:00:00 2001 From: Simon Friis Vindum Date: Fri, 28 Mar 2025 10:18:38 +0100 Subject: [PATCH 214/409] Rust: Add type inference tests for type aliases --- .../test/library-tests/type-inference/main.rs | 32 +- .../type-inference/type-inference.expected | 765 +++++++++--------- 2 files changed, 423 insertions(+), 374 deletions(-) diff --git a/rust/ql/test/library-tests/type-inference/main.rs b/rust/ql/test/library-tests/type-inference/main.rs index 2a432d50b8d..2774332761e 100644 --- a/rust/ql/test/library-tests/type-inference/main.rs +++ b/rust/ql/test/library-tests/type-inference/main.rs @@ -540,6 +540,17 @@ mod type_aliases { PairBoth(Fst, Snd), } + impl PairOption { + fn unwrapSnd(self) -> Snd { + match self { + PairOption::PairNone() => panic!("PairNone has no second element"), + PairOption::PairFst(_) => panic!("PairFst has no second element"), + PairOption::PairSnd(snd) => snd, + PairOption::PairBoth(_, snd) => snd, + } + } + } + #[derive(Debug)] struct S1; @@ -553,7 +564,18 @@ mod type_aliases { type MyPair = PairOption; // Generic type alias that partially applies the generic type - type AnotherPair = PairOption; + type AnotherPair = PairOption; + + // Alias to another alias + type AliasToAlias = AnotherPair; + + // Alias that appears nested withing another alias + type NestedAlias = AnotherPair>; + + fn g(t: NestedAlias) { + let x = t.unwrapSnd().unwrapSnd(); // $ method=unwrapSnd MISSING: type=x:S3 + println!("{:?}", x); + } pub fn f() { // Type can be inferred from the constructor @@ -561,16 +583,18 @@ mod type_aliases { println!("{:?}", p1); // Type can be only inferred from the type alias - let p2: MyPair = PairOption::PairNone(); // types for `Fst` and `Snd` missing + let p2: MyPair = PairOption::PairNone(); // $ MISSING: type=p2:Fst.S1 MISSING: type=p2:Snd.S2 println!("{:?}", p2); // First type from alias, second from constructor - let p3: AnotherPair<_> = PairOption::PairSnd(S3); // type for `Fst` missing + let p3: AnotherPair<_> = PairOption::PairSnd(S3); // $ MISSING: type=p3:Fst.S2 println!("{:?}", p3); // First type from alias definition, second from argument to alias - let p3: AnotherPair = PairOption::PairNone(); // type for `Snd` missing, spurious `S3` for `Fst` + let p3: AnotherPair = PairOption::PairNone(); // $ SPURIOUS: type=p3:Fst.S3 MISSING: type=p3:Snd.S3 println!("{:?}", p3); + + g(PairOption::PairSnd(PairOption::PairSnd(S3))); } } diff --git a/rust/ql/test/library-tests/type-inference/type-inference.expected b/rust/ql/test/library-tests/type-inference/type-inference.expected index d8164f4be81..af1dac9c43f 100644 --- a/rust/ql/test/library-tests/type-inference/type-inference.expected +++ b/rust/ql/test/library-tests/type-inference/type-inference.expected @@ -495,373 +495,398 @@ inferType | main.rs:530:13:530:13 | y | | main.rs:492:5:493:14 | S2 | | main.rs:530:21:530:27 | into(...) | | main.rs:492:5:493:14 | S2 | | main.rs:530:26:530:26 | x | | main.rs:489:5:490:14 | S1 | -| main.rs:560:13:560:14 | p1 | | main.rs:535:5:541:5 | PairOption | -| main.rs:560:13:560:14 | p1 | Fst | main.rs:543:5:544:14 | S1 | -| main.rs:560:13:560:14 | p1 | Snd | main.rs:546:5:547:14 | S2 | -| main.rs:560:26:560:53 | ...::PairBoth(...) | | main.rs:535:5:541:5 | PairOption | -| main.rs:560:26:560:53 | ...::PairBoth(...) | Fst | main.rs:543:5:544:14 | S1 | -| main.rs:560:26:560:53 | ...::PairBoth(...) | Snd | main.rs:546:5:547:14 | S2 | -| main.rs:560:47:560:48 | S1 | | main.rs:543:5:544:14 | S1 | -| main.rs:560:51:560:52 | S2 | | main.rs:546:5:547:14 | S2 | -| main.rs:561:26:561:27 | p1 | | main.rs:535:5:541:5 | PairOption | -| main.rs:561:26:561:27 | p1 | Fst | main.rs:543:5:544:14 | S1 | -| main.rs:561:26:561:27 | p1 | Snd | main.rs:546:5:547:14 | S2 | -| main.rs:564:13:564:14 | p2 | | main.rs:535:5:541:5 | PairOption | -| main.rs:564:26:564:47 | ...::PairNone(...) | | main.rs:535:5:541:5 | PairOption | -| main.rs:565:26:565:27 | p2 | | main.rs:535:5:541:5 | PairOption | -| main.rs:568:13:568:14 | p3 | | main.rs:535:5:541:5 | PairOption | -| main.rs:568:13:568:14 | p3 | Snd | main.rs:549:5:550:14 | S3 | -| main.rs:568:34:568:56 | ...::PairSnd(...) | | main.rs:535:5:541:5 | PairOption | -| main.rs:568:34:568:56 | ...::PairSnd(...) | Snd | main.rs:549:5:550:14 | S3 | -| main.rs:568:54:568:55 | S3 | | main.rs:549:5:550:14 | S3 | -| main.rs:569:26:569:27 | p3 | | main.rs:535:5:541:5 | PairOption | -| main.rs:569:26:569:27 | p3 | Snd | main.rs:549:5:550:14 | S3 | -| main.rs:572:13:572:14 | p3 | | main.rs:535:5:541:5 | PairOption | -| main.rs:572:13:572:14 | p3 | Fst | main.rs:549:5:550:14 | S3 | -| main.rs:572:35:572:56 | ...::PairNone(...) | | main.rs:535:5:541:5 | PairOption | -| main.rs:572:35:572:56 | ...::PairNone(...) | Fst | main.rs:549:5:550:14 | S3 | -| main.rs:573:26:573:27 | p3 | | main.rs:535:5:541:5 | PairOption | -| main.rs:573:26:573:27 | p3 | Fst | main.rs:549:5:550:14 | S3 | -| main.rs:586:16:586:24 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:586:16:586:24 | SelfParam | &T | main.rs:584:5:591:5 | Self [trait MyTrait] | -| main.rs:586:27:586:31 | value | | main.rs:584:19:584:19 | S | -| main.rs:588:21:588:29 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:588:21:588:29 | SelfParam | &T | main.rs:584:5:591:5 | Self [trait MyTrait] | -| main.rs:588:32:588:36 | value | | main.rs:584:19:584:19 | S | -| main.rs:589:13:589:16 | self | | file://:0:0:0:0 | & | -| main.rs:589:13:589:16 | self | &T | main.rs:584:5:591:5 | Self [trait MyTrait] | -| main.rs:589:22:589:26 | value | | main.rs:584:19:584:19 | S | -| main.rs:595:16:595:24 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:595:16:595:24 | SelfParam | &T | main.rs:578:5:582:5 | MyOption | -| main.rs:595:16:595:24 | SelfParam | &T.T | main.rs:593:10:593:10 | T | -| main.rs:595:27:595:31 | value | | main.rs:593:10:593:10 | T | -| main.rs:599:26:601:9 | { ... } | | main.rs:578:5:582:5 | MyOption | -| main.rs:599:26:601:9 | { ... } | T | main.rs:598:10:598:10 | T | -| main.rs:600:13:600:30 | ...::MyNone(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:600:13:600:30 | ...::MyNone(...) | T | main.rs:598:10:598:10 | T | -| main.rs:605:20:605:23 | SelfParam | | main.rs:578:5:582:5 | MyOption | -| main.rs:605:20:605:23 | SelfParam | T | main.rs:578:5:582:5 | MyOption | -| main.rs:605:20:605:23 | SelfParam | T.T | main.rs:604:10:604:10 | T | -| main.rs:605:41:610:9 | { ... } | | main.rs:578:5:582:5 | MyOption | -| main.rs:605:41:610:9 | { ... } | T | main.rs:604:10:604:10 | T | -| main.rs:606:13:609:13 | match self { ... } | | main.rs:578:5:582:5 | MyOption | -| main.rs:606:13:609:13 | match self { ... } | T | main.rs:604:10:604:10 | T | -| main.rs:606:19:606:22 | self | | main.rs:578:5:582:5 | MyOption | -| main.rs:606:19:606:22 | self | T | main.rs:578:5:582:5 | MyOption | -| main.rs:606:19:606:22 | self | T.T | main.rs:604:10:604:10 | T | -| main.rs:607:39:607:56 | ...::MyNone(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:607:39:607:56 | ...::MyNone(...) | T | main.rs:604:10:604:10 | T | -| main.rs:608:34:608:34 | x | | main.rs:578:5:582:5 | MyOption | -| main.rs:608:34:608:34 | x | T | main.rs:604:10:604:10 | T | -| main.rs:608:40:608:40 | x | | main.rs:578:5:582:5 | MyOption | -| main.rs:608:40:608:40 | x | T | main.rs:604:10:604:10 | T | -| main.rs:617:13:617:14 | x1 | | main.rs:578:5:582:5 | MyOption | -| main.rs:617:18:617:37 | ...::new(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:618:26:618:27 | x1 | | main.rs:578:5:582:5 | MyOption | -| main.rs:620:13:620:18 | mut x2 | | main.rs:578:5:582:5 | MyOption | -| main.rs:620:13:620:18 | mut x2 | T | main.rs:613:5:614:13 | S | -| main.rs:620:22:620:36 | ...::new(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:620:22:620:36 | ...::new(...) | T | main.rs:613:5:614:13 | S | -| main.rs:621:9:621:10 | x2 | | main.rs:578:5:582:5 | MyOption | -| main.rs:621:9:621:10 | x2 | T | main.rs:613:5:614:13 | S | -| main.rs:621:16:621:16 | S | | main.rs:613:5:614:13 | S | -| main.rs:622:26:622:27 | x2 | | main.rs:578:5:582:5 | MyOption | -| main.rs:622:26:622:27 | x2 | T | main.rs:613:5:614:13 | S | -| main.rs:624:13:624:18 | mut x3 | | main.rs:578:5:582:5 | MyOption | -| main.rs:624:22:624:36 | ...::new(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:625:9:625:10 | x3 | | main.rs:578:5:582:5 | MyOption | -| main.rs:625:21:625:21 | S | | main.rs:613:5:614:13 | S | -| main.rs:626:26:626:27 | x3 | | main.rs:578:5:582:5 | MyOption | -| main.rs:628:13:628:18 | mut x4 | | main.rs:578:5:582:5 | MyOption | -| main.rs:628:13:628:18 | mut x4 | T | main.rs:613:5:614:13 | S | -| main.rs:628:22:628:36 | ...::new(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:628:22:628:36 | ...::new(...) | T | main.rs:613:5:614:13 | S | -| main.rs:629:23:629:29 | &mut x4 | | file://:0:0:0:0 | & | -| main.rs:629:23:629:29 | &mut x4 | &T | main.rs:578:5:582:5 | MyOption | -| main.rs:629:23:629:29 | &mut x4 | &T.T | main.rs:613:5:614:13 | S | -| main.rs:629:28:629:29 | x4 | | main.rs:578:5:582:5 | MyOption | -| main.rs:629:28:629:29 | x4 | T | main.rs:613:5:614:13 | S | -| main.rs:629:32:629:32 | S | | main.rs:613:5:614:13 | S | -| main.rs:630:26:630:27 | x4 | | main.rs:578:5:582:5 | MyOption | -| main.rs:630:26:630:27 | x4 | T | main.rs:613:5:614:13 | S | -| main.rs:632:13:632:14 | x5 | | main.rs:578:5:582:5 | MyOption | -| main.rs:632:13:632:14 | x5 | T | main.rs:578:5:582:5 | MyOption | -| main.rs:632:13:632:14 | x5 | T.T | main.rs:613:5:614:13 | S | -| main.rs:632:18:632:58 | ...::MySome(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:632:18:632:58 | ...::MySome(...) | T | main.rs:578:5:582:5 | MyOption | -| main.rs:632:18:632:58 | ...::MySome(...) | T.T | main.rs:613:5:614:13 | S | -| main.rs:632:35:632:57 | ...::MyNone(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:632:35:632:57 | ...::MyNone(...) | T | main.rs:613:5:614:13 | S | -| main.rs:633:26:633:27 | x5 | | main.rs:578:5:582:5 | MyOption | -| main.rs:633:26:633:27 | x5 | T | main.rs:578:5:582:5 | MyOption | -| main.rs:633:26:633:27 | x5 | T.T | main.rs:613:5:614:13 | S | -| main.rs:635:13:635:14 | x6 | | main.rs:578:5:582:5 | MyOption | -| main.rs:635:13:635:14 | x6 | T | main.rs:578:5:582:5 | MyOption | -| main.rs:635:13:635:14 | x6 | T.T | main.rs:613:5:614:13 | S | -| main.rs:635:18:635:58 | ...::MySome(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:635:18:635:58 | ...::MySome(...) | T | main.rs:578:5:582:5 | MyOption | -| main.rs:635:18:635:58 | ...::MySome(...) | T.T | main.rs:613:5:614:13 | S | -| main.rs:635:35:635:57 | ...::MyNone(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:635:35:635:57 | ...::MyNone(...) | T | main.rs:613:5:614:13 | S | -| main.rs:636:26:636:61 | ...::flatten(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:636:26:636:61 | ...::flatten(...) | T | main.rs:613:5:614:13 | S | -| main.rs:636:59:636:60 | x6 | | main.rs:578:5:582:5 | MyOption | -| main.rs:636:59:636:60 | x6 | T | main.rs:578:5:582:5 | MyOption | -| main.rs:636:59:636:60 | x6 | T.T | main.rs:613:5:614:13 | S | -| main.rs:638:13:638:19 | from_if | | main.rs:578:5:582:5 | MyOption | -| main.rs:638:13:638:19 | from_if | T | main.rs:613:5:614:13 | S | -| main.rs:638:23:642:9 | if ... {...} else {...} | | main.rs:578:5:582:5 | MyOption | -| main.rs:638:23:642:9 | if ... {...} else {...} | T | main.rs:613:5:614:13 | S | -| main.rs:638:36:640:9 | { ... } | | main.rs:578:5:582:5 | MyOption | -| main.rs:638:36:640:9 | { ... } | T | main.rs:613:5:614:13 | S | -| main.rs:639:13:639:30 | ...::MyNone(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:639:13:639:30 | ...::MyNone(...) | T | main.rs:613:5:614:13 | S | -| main.rs:640:16:642:9 | { ... } | | main.rs:578:5:582:5 | MyOption | -| main.rs:640:16:642:9 | { ... } | T | main.rs:613:5:614:13 | S | -| main.rs:641:13:641:31 | ...::MySome(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:641:13:641:31 | ...::MySome(...) | T | main.rs:613:5:614:13 | S | -| main.rs:641:30:641:30 | S | | main.rs:613:5:614:13 | S | -| main.rs:643:26:643:32 | from_if | | main.rs:578:5:582:5 | MyOption | -| main.rs:643:26:643:32 | from_if | T | main.rs:613:5:614:13 | S | -| main.rs:645:13:645:22 | from_match | | main.rs:578:5:582:5 | MyOption | -| main.rs:645:13:645:22 | from_match | T | main.rs:613:5:614:13 | S | -| main.rs:645:26:648:9 | match ... { ... } | | main.rs:578:5:582:5 | MyOption | -| main.rs:645:26:648:9 | match ... { ... } | T | main.rs:613:5:614:13 | S | -| main.rs:646:21:646:38 | ...::MyNone(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:646:21:646:38 | ...::MyNone(...) | T | main.rs:613:5:614:13 | S | -| main.rs:647:22:647:40 | ...::MySome(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:647:22:647:40 | ...::MySome(...) | T | main.rs:613:5:614:13 | S | -| main.rs:647:39:647:39 | S | | main.rs:613:5:614:13 | S | -| main.rs:649:26:649:35 | from_match | | main.rs:578:5:582:5 | MyOption | -| main.rs:649:26:649:35 | from_match | T | main.rs:613:5:614:13 | S | -| main.rs:651:13:651:21 | from_loop | | main.rs:578:5:582:5 | MyOption | -| main.rs:651:13:651:21 | from_loop | T | main.rs:613:5:614:13 | S | -| main.rs:651:25:656:9 | loop { ... } | | main.rs:578:5:582:5 | MyOption | -| main.rs:651:25:656:9 | loop { ... } | T | main.rs:613:5:614:13 | S | -| main.rs:653:23:653:40 | ...::MyNone(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:653:23:653:40 | ...::MyNone(...) | T | main.rs:613:5:614:13 | S | -| main.rs:655:19:655:37 | ...::MySome(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:655:19:655:37 | ...::MySome(...) | T | main.rs:613:5:614:13 | S | -| main.rs:655:36:655:36 | S | | main.rs:613:5:614:13 | S | -| main.rs:657:26:657:34 | from_loop | | main.rs:578:5:582:5 | MyOption | -| main.rs:657:26:657:34 | from_loop | T | main.rs:613:5:614:13 | S | -| main.rs:670:15:670:18 | SelfParam | | main.rs:663:5:664:19 | S | -| main.rs:670:15:670:18 | SelfParam | T | main.rs:669:10:669:10 | T | -| main.rs:670:26:672:9 | { ... } | | main.rs:669:10:669:10 | T | -| main.rs:671:13:671:16 | self | | main.rs:663:5:664:19 | S | -| main.rs:671:13:671:16 | self | T | main.rs:669:10:669:10 | T | -| main.rs:671:13:671:18 | self.0 | | main.rs:669:10:669:10 | T | -| main.rs:674:15:674:19 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:674:15:674:19 | SelfParam | &T | main.rs:663:5:664:19 | S | -| main.rs:674:15:674:19 | SelfParam | &T.T | main.rs:669:10:669:10 | T | -| main.rs:674:28:676:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:674:28:676:9 | { ... } | &T | main.rs:669:10:669:10 | T | -| main.rs:675:13:675:19 | &... | | file://:0:0:0:0 | & | -| main.rs:675:13:675:19 | &... | &T | main.rs:669:10:669:10 | T | -| main.rs:675:14:675:17 | self | | file://:0:0:0:0 | & | -| main.rs:675:14:675:17 | self | &T | main.rs:663:5:664:19 | S | -| main.rs:675:14:675:17 | self | &T.T | main.rs:669:10:669:10 | T | -| main.rs:675:14:675:19 | self.0 | | main.rs:669:10:669:10 | T | -| main.rs:678:15:678:25 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:678:15:678:25 | SelfParam | &T | main.rs:663:5:664:19 | S | -| main.rs:678:15:678:25 | SelfParam | &T.T | main.rs:669:10:669:10 | T | -| main.rs:678:34:680:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:678:34:680:9 | { ... } | &T | main.rs:669:10:669:10 | T | -| main.rs:679:13:679:19 | &... | | file://:0:0:0:0 | & | -| main.rs:679:13:679:19 | &... | &T | main.rs:669:10:669:10 | T | -| main.rs:679:14:679:17 | self | | file://:0:0:0:0 | & | -| main.rs:679:14:679:17 | self | &T | main.rs:663:5:664:19 | S | -| main.rs:679:14:679:17 | self | &T.T | main.rs:669:10:669:10 | T | -| main.rs:679:14:679:19 | self.0 | | main.rs:669:10:669:10 | T | -| main.rs:684:13:684:14 | x1 | | main.rs:663:5:664:19 | S | -| main.rs:684:13:684:14 | x1 | T | main.rs:666:5:667:14 | S2 | -| main.rs:684:18:684:22 | S(...) | | main.rs:663:5:664:19 | S | -| main.rs:684:18:684:22 | S(...) | T | main.rs:666:5:667:14 | S2 | -| main.rs:684:20:684:21 | S2 | | main.rs:666:5:667:14 | S2 | -| main.rs:685:26:685:27 | x1 | | main.rs:663:5:664:19 | S | -| main.rs:685:26:685:27 | x1 | T | main.rs:666:5:667:14 | S2 | -| main.rs:685:26:685:32 | x1.m1() | | main.rs:666:5:667:14 | S2 | -| main.rs:687:13:687:14 | x2 | | main.rs:663:5:664:19 | S | -| main.rs:687:13:687:14 | x2 | T | main.rs:666:5:667:14 | S2 | -| main.rs:687:18:687:22 | S(...) | | main.rs:663:5:664:19 | S | -| main.rs:687:18:687:22 | S(...) | T | main.rs:666:5:667:14 | S2 | -| main.rs:687:20:687:21 | S2 | | main.rs:666:5:667:14 | S2 | -| main.rs:689:26:689:27 | x2 | | main.rs:663:5:664:19 | S | -| main.rs:689:26:689:27 | x2 | T | main.rs:666:5:667:14 | S2 | -| main.rs:689:26:689:32 | x2.m2() | | file://:0:0:0:0 | & | -| main.rs:689:26:689:32 | x2.m2() | &T | main.rs:666:5:667:14 | S2 | -| main.rs:690:26:690:27 | x2 | | main.rs:663:5:664:19 | S | -| main.rs:690:26:690:27 | x2 | T | main.rs:666:5:667:14 | S2 | -| main.rs:690:26:690:32 | x2.m3() | | file://:0:0:0:0 | & | -| main.rs:690:26:690:32 | x2.m3() | &T | main.rs:666:5:667:14 | S2 | -| main.rs:692:13:692:14 | x3 | | main.rs:663:5:664:19 | S | -| main.rs:692:13:692:14 | x3 | T | main.rs:666:5:667:14 | S2 | -| main.rs:692:18:692:22 | S(...) | | main.rs:663:5:664:19 | S | -| main.rs:692:18:692:22 | S(...) | T | main.rs:666:5:667:14 | S2 | -| main.rs:692:20:692:21 | S2 | | main.rs:666:5:667:14 | S2 | -| main.rs:694:26:694:41 | ...::m2(...) | | file://:0:0:0:0 | & | -| main.rs:694:26:694:41 | ...::m2(...) | &T | main.rs:666:5:667:14 | S2 | -| main.rs:694:38:694:40 | &x3 | | file://:0:0:0:0 | & | -| main.rs:694:38:694:40 | &x3 | &T | main.rs:663:5:664:19 | S | -| main.rs:694:38:694:40 | &x3 | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:694:39:694:40 | x3 | | main.rs:663:5:664:19 | S | -| main.rs:694:39:694:40 | x3 | T | main.rs:666:5:667:14 | S2 | -| main.rs:695:26:695:41 | ...::m3(...) | | file://:0:0:0:0 | & | -| main.rs:695:26:695:41 | ...::m3(...) | &T | main.rs:666:5:667:14 | S2 | -| main.rs:695:38:695:40 | &x3 | | file://:0:0:0:0 | & | -| main.rs:695:38:695:40 | &x3 | &T | main.rs:663:5:664:19 | S | -| main.rs:695:38:695:40 | &x3 | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:695:39:695:40 | x3 | | main.rs:663:5:664:19 | S | -| main.rs:695:39:695:40 | x3 | T | main.rs:666:5:667:14 | S2 | -| main.rs:697:13:697:14 | x4 | | file://:0:0:0:0 | & | -| main.rs:697:13:697:14 | x4 | &T | main.rs:663:5:664:19 | S | -| main.rs:697:13:697:14 | x4 | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:697:18:697:23 | &... | | file://:0:0:0:0 | & | -| main.rs:697:18:697:23 | &... | &T | main.rs:663:5:664:19 | S | -| main.rs:697:18:697:23 | &... | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:697:19:697:23 | S(...) | | main.rs:663:5:664:19 | S | -| main.rs:697:19:697:23 | S(...) | T | main.rs:666:5:667:14 | S2 | -| main.rs:697:21:697:22 | S2 | | main.rs:666:5:667:14 | S2 | -| main.rs:699:26:699:27 | x4 | | file://:0:0:0:0 | & | -| main.rs:699:26:699:27 | x4 | &T | main.rs:663:5:664:19 | S | -| main.rs:699:26:699:27 | x4 | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:699:26:699:32 | x4.m2() | | file://:0:0:0:0 | & | -| main.rs:699:26:699:32 | x4.m2() | &T | main.rs:666:5:667:14 | S2 | -| main.rs:700:26:700:27 | x4 | | file://:0:0:0:0 | & | -| main.rs:700:26:700:27 | x4 | &T | main.rs:663:5:664:19 | S | -| main.rs:700:26:700:27 | x4 | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:700:26:700:32 | x4.m3() | | file://:0:0:0:0 | & | -| main.rs:700:26:700:32 | x4.m3() | &T | main.rs:666:5:667:14 | S2 | -| main.rs:702:13:702:14 | x5 | | file://:0:0:0:0 | & | -| main.rs:702:13:702:14 | x5 | &T | main.rs:663:5:664:19 | S | -| main.rs:702:13:702:14 | x5 | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:702:18:702:23 | &... | | file://:0:0:0:0 | & | -| main.rs:702:18:702:23 | &... | &T | main.rs:663:5:664:19 | S | -| main.rs:702:18:702:23 | &... | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:702:19:702:23 | S(...) | | main.rs:663:5:664:19 | S | -| main.rs:702:19:702:23 | S(...) | T | main.rs:666:5:667:14 | S2 | -| main.rs:702:21:702:22 | S2 | | main.rs:666:5:667:14 | S2 | -| main.rs:704:26:704:27 | x5 | | file://:0:0:0:0 | & | -| main.rs:704:26:704:27 | x5 | &T | main.rs:663:5:664:19 | S | -| main.rs:704:26:704:27 | x5 | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:704:26:704:32 | x5.m1() | | main.rs:666:5:667:14 | S2 | -| main.rs:705:26:705:27 | x5 | | file://:0:0:0:0 | & | -| main.rs:705:26:705:27 | x5 | &T | main.rs:663:5:664:19 | S | -| main.rs:705:26:705:27 | x5 | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:705:26:705:29 | x5.0 | | main.rs:666:5:667:14 | S2 | -| main.rs:707:13:707:14 | x6 | | file://:0:0:0:0 | & | -| main.rs:707:13:707:14 | x6 | &T | main.rs:663:5:664:19 | S | -| main.rs:707:13:707:14 | x6 | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:707:18:707:23 | &... | | file://:0:0:0:0 | & | -| main.rs:707:18:707:23 | &... | &T | main.rs:663:5:664:19 | S | -| main.rs:707:18:707:23 | &... | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:707:19:707:23 | S(...) | | main.rs:663:5:664:19 | S | -| main.rs:707:19:707:23 | S(...) | T | main.rs:666:5:667:14 | S2 | -| main.rs:707:21:707:22 | S2 | | main.rs:666:5:667:14 | S2 | -| main.rs:709:26:709:30 | (...) | | main.rs:663:5:664:19 | S | -| main.rs:709:26:709:30 | (...) | T | main.rs:666:5:667:14 | S2 | -| main.rs:709:26:709:35 | ... .m1() | | main.rs:666:5:667:14 | S2 | -| main.rs:709:27:709:29 | * ... | | main.rs:663:5:664:19 | S | -| main.rs:709:27:709:29 | * ... | T | main.rs:666:5:667:14 | S2 | -| main.rs:709:28:709:29 | x6 | | file://:0:0:0:0 | & | -| main.rs:709:28:709:29 | x6 | &T | main.rs:663:5:664:19 | S | -| main.rs:709:28:709:29 | x6 | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:716:16:716:20 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:716:16:716:20 | SelfParam | &T | main.rs:714:5:722:5 | Self [trait MyTrait] | -| main.rs:719:16:719:20 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:719:16:719:20 | SelfParam | &T | main.rs:714:5:722:5 | Self [trait MyTrait] | -| main.rs:719:32:721:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:719:32:721:9 | { ... } | &T | main.rs:714:5:722:5 | Self [trait MyTrait] | -| main.rs:720:13:720:16 | self | | file://:0:0:0:0 | & | -| main.rs:720:13:720:16 | self | &T | main.rs:714:5:722:5 | Self [trait MyTrait] | -| main.rs:720:13:720:22 | self.foo() | | file://:0:0:0:0 | & | -| main.rs:720:13:720:22 | self.foo() | &T | main.rs:714:5:722:5 | Self [trait MyTrait] | -| main.rs:728:16:728:20 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:728:16:728:20 | SelfParam | &T | main.rs:724:5:724:20 | MyStruct | -| main.rs:728:36:730:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:728:36:730:9 | { ... } | &T | main.rs:724:5:724:20 | MyStruct | -| main.rs:729:13:729:16 | self | | file://:0:0:0:0 | & | -| main.rs:729:13:729:16 | self | &T | main.rs:724:5:724:20 | MyStruct | -| main.rs:734:13:734:13 | x | | main.rs:724:5:724:20 | MyStruct | -| main.rs:734:17:734:24 | MyStruct | | main.rs:724:5:724:20 | MyStruct | -| main.rs:735:9:735:9 | x | | main.rs:724:5:724:20 | MyStruct | -| main.rs:735:9:735:15 | x.bar() | | file://:0:0:0:0 | & | -| main.rs:735:9:735:15 | x.bar() | &T | main.rs:724:5:724:20 | MyStruct | -| main.rs:745:16:745:20 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:745:16:745:20 | SelfParam | &T | main.rs:742:5:742:26 | MyStruct | -| main.rs:745:16:745:20 | SelfParam | &T.T | main.rs:744:10:744:10 | T | -| main.rs:745:32:747:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:745:32:747:9 | { ... } | &T | main.rs:742:5:742:26 | MyStruct | -| main.rs:745:32:747:9 | { ... } | &T.T | main.rs:744:10:744:10 | T | -| main.rs:746:13:746:16 | self | | file://:0:0:0:0 | & | -| main.rs:746:13:746:16 | self | &T | main.rs:742:5:742:26 | MyStruct | -| main.rs:746:13:746:16 | self | &T.T | main.rs:744:10:744:10 | T | -| main.rs:751:13:751:13 | x | | main.rs:742:5:742:26 | MyStruct | -| main.rs:751:13:751:13 | x | T | main.rs:740:5:740:13 | S | -| main.rs:751:17:751:27 | MyStruct(...) | | main.rs:742:5:742:26 | MyStruct | -| main.rs:751:17:751:27 | MyStruct(...) | T | main.rs:740:5:740:13 | S | -| main.rs:751:26:751:26 | S | | main.rs:740:5:740:13 | S | -| main.rs:752:9:752:9 | x | | main.rs:742:5:742:26 | MyStruct | -| main.rs:752:9:752:9 | x | T | main.rs:740:5:740:13 | S | -| main.rs:752:9:752:15 | x.foo() | | file://:0:0:0:0 | & | -| main.rs:752:9:752:15 | x.foo() | &T | main.rs:742:5:742:26 | MyStruct | -| main.rs:752:9:752:15 | x.foo() | &T.T | main.rs:740:5:740:13 | S | -| main.rs:760:15:760:19 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:760:15:760:19 | SelfParam | &T | main.rs:757:5:757:13 | S | -| main.rs:760:31:762:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:760:31:762:9 | { ... } | &T | main.rs:757:5:757:13 | S | -| main.rs:761:13:761:19 | &... | | file://:0:0:0:0 | & | -| main.rs:761:13:761:19 | &... | &T | main.rs:757:5:757:13 | S | -| main.rs:761:14:761:19 | &... | | file://:0:0:0:0 | & | -| main.rs:761:14:761:19 | &... | &T | main.rs:757:5:757:13 | S | -| main.rs:761:15:761:19 | &self | | file://:0:0:0:0 | & | -| main.rs:761:15:761:19 | &self | &T | main.rs:757:5:757:13 | S | -| main.rs:761:16:761:19 | self | | file://:0:0:0:0 | & | -| main.rs:761:16:761:19 | self | &T | main.rs:757:5:757:13 | S | -| main.rs:764:15:764:25 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:764:15:764:25 | SelfParam | &T | main.rs:757:5:757:13 | S | -| main.rs:764:37:766:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:764:37:766:9 | { ... } | &T | main.rs:757:5:757:13 | S | -| main.rs:765:13:765:19 | &... | | file://:0:0:0:0 | & | -| main.rs:765:13:765:19 | &... | &T | main.rs:757:5:757:13 | S | -| main.rs:765:14:765:19 | &... | | file://:0:0:0:0 | & | -| main.rs:765:14:765:19 | &... | &T | main.rs:757:5:757:13 | S | -| main.rs:765:15:765:19 | &self | | file://:0:0:0:0 | & | -| main.rs:765:15:765:19 | &self | &T | main.rs:757:5:757:13 | S | -| main.rs:765:16:765:19 | self | | file://:0:0:0:0 | & | -| main.rs:765:16:765:19 | self | &T | main.rs:757:5:757:13 | S | -| main.rs:768:15:768:15 | x | | file://:0:0:0:0 | & | -| main.rs:768:15:768:15 | x | &T | main.rs:757:5:757:13 | S | -| main.rs:768:34:770:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:768:34:770:9 | { ... } | &T | main.rs:757:5:757:13 | S | -| main.rs:769:13:769:13 | x | | file://:0:0:0:0 | & | -| main.rs:769:13:769:13 | x | &T | main.rs:757:5:757:13 | S | -| main.rs:772:15:772:15 | x | | file://:0:0:0:0 | & | -| main.rs:772:15:772:15 | x | &T | main.rs:757:5:757:13 | S | -| main.rs:772:34:774:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:772:34:774:9 | { ... } | &T | main.rs:757:5:757:13 | S | -| main.rs:773:13:773:16 | &... | | file://:0:0:0:0 | & | -| main.rs:773:13:773:16 | &... | &T | main.rs:757:5:757:13 | S | -| main.rs:773:14:773:16 | &... | | file://:0:0:0:0 | & | -| main.rs:773:14:773:16 | &... | &T | main.rs:757:5:757:13 | S | -| main.rs:773:15:773:16 | &x | | file://:0:0:0:0 | & | -| main.rs:773:15:773:16 | &x | &T | main.rs:757:5:757:13 | S | -| main.rs:773:16:773:16 | x | | file://:0:0:0:0 | & | -| main.rs:773:16:773:16 | x | &T | main.rs:757:5:757:13 | S | -| main.rs:778:13:778:13 | x | | main.rs:757:5:757:13 | S | -| main.rs:778:17:778:20 | S {...} | | main.rs:757:5:757:13 | S | -| main.rs:779:9:779:9 | x | | main.rs:757:5:757:13 | S | -| main.rs:779:9:779:14 | x.f1() | | file://:0:0:0:0 | & | -| main.rs:779:9:779:14 | x.f1() | &T | main.rs:757:5:757:13 | S | -| main.rs:780:9:780:9 | x | | main.rs:757:5:757:13 | S | -| main.rs:780:9:780:14 | x.f2() | | file://:0:0:0:0 | & | -| main.rs:780:9:780:14 | x.f2() | &T | main.rs:757:5:757:13 | S | -| main.rs:781:9:781:17 | ...::f3(...) | | file://:0:0:0:0 | & | -| main.rs:781:9:781:17 | ...::f3(...) | &T | main.rs:757:5:757:13 | S | -| main.rs:781:15:781:16 | &x | | file://:0:0:0:0 | & | -| main.rs:781:15:781:16 | &x | &T | main.rs:757:5:757:13 | S | -| main.rs:781:16:781:16 | x | | main.rs:757:5:757:13 | S | -| main.rs:787:5:787:20 | ...::f(...) | | main.rs:67:5:67:21 | Foo | -| main.rs:788:5:788:60 | ...::g(...) | | main.rs:67:5:67:21 | Foo | -| main.rs:788:20:788:38 | ...::Foo {...} | | main.rs:67:5:67:21 | Foo | -| main.rs:788:41:788:59 | ...::Foo {...} | | main.rs:67:5:67:21 | Foo | +| main.rs:544:22:544:25 | SelfParam | | main.rs:535:5:541:5 | PairOption | +| main.rs:544:22:544:25 | SelfParam | Fst | main.rs:543:10:543:12 | Fst | +| main.rs:544:22:544:25 | SelfParam | Snd | main.rs:543:15:543:17 | Snd | +| main.rs:544:35:551:9 | { ... } | | main.rs:543:15:543:17 | Snd | +| main.rs:545:13:550:13 | match self { ... } | | main.rs:543:15:543:17 | Snd | +| main.rs:545:19:545:22 | self | | main.rs:535:5:541:5 | PairOption | +| main.rs:545:19:545:22 | self | Fst | main.rs:543:10:543:12 | Fst | +| main.rs:545:19:545:22 | self | Snd | main.rs:543:15:543:17 | Snd | +| main.rs:546:43:546:82 | MacroExpr | | main.rs:543:15:543:17 | Snd | +| main.rs:547:43:547:81 | MacroExpr | | main.rs:543:15:543:17 | Snd | +| main.rs:548:37:548:39 | snd | | main.rs:543:15:543:17 | Snd | +| main.rs:548:45:548:47 | snd | | main.rs:543:15:543:17 | Snd | +| main.rs:549:41:549:43 | snd | | main.rs:543:15:543:17 | Snd | +| main.rs:549:49:549:51 | snd | | main.rs:543:15:543:17 | Snd | +| main.rs:575:10:575:10 | t | | main.rs:535:5:541:5 | PairOption | +| main.rs:575:10:575:10 | t | Fst | main.rs:560:5:561:14 | S3 | +| main.rs:576:17:576:17 | t | | main.rs:535:5:541:5 | PairOption | +| main.rs:576:17:576:17 | t | Fst | main.rs:560:5:561:14 | S3 | +| main.rs:582:13:582:14 | p1 | | main.rs:535:5:541:5 | PairOption | +| main.rs:582:13:582:14 | p1 | Fst | main.rs:554:5:555:14 | S1 | +| main.rs:582:13:582:14 | p1 | Snd | main.rs:557:5:558:14 | S2 | +| main.rs:582:26:582:53 | ...::PairBoth(...) | | main.rs:535:5:541:5 | PairOption | +| main.rs:582:26:582:53 | ...::PairBoth(...) | Fst | main.rs:554:5:555:14 | S1 | +| main.rs:582:26:582:53 | ...::PairBoth(...) | Snd | main.rs:557:5:558:14 | S2 | +| main.rs:582:47:582:48 | S1 | | main.rs:554:5:555:14 | S1 | +| main.rs:582:51:582:52 | S2 | | main.rs:557:5:558:14 | S2 | +| main.rs:583:26:583:27 | p1 | | main.rs:535:5:541:5 | PairOption | +| main.rs:583:26:583:27 | p1 | Fst | main.rs:554:5:555:14 | S1 | +| main.rs:583:26:583:27 | p1 | Snd | main.rs:557:5:558:14 | S2 | +| main.rs:586:13:586:14 | p2 | | main.rs:535:5:541:5 | PairOption | +| main.rs:586:26:586:47 | ...::PairNone(...) | | main.rs:535:5:541:5 | PairOption | +| main.rs:587:26:587:27 | p2 | | main.rs:535:5:541:5 | PairOption | +| main.rs:590:13:590:14 | p3 | | main.rs:535:5:541:5 | PairOption | +| main.rs:590:13:590:14 | p3 | Snd | main.rs:560:5:561:14 | S3 | +| main.rs:590:34:590:56 | ...::PairSnd(...) | | main.rs:535:5:541:5 | PairOption | +| main.rs:590:34:590:56 | ...::PairSnd(...) | Snd | main.rs:560:5:561:14 | S3 | +| main.rs:590:54:590:55 | S3 | | main.rs:560:5:561:14 | S3 | +| main.rs:591:26:591:27 | p3 | | main.rs:535:5:541:5 | PairOption | +| main.rs:591:26:591:27 | p3 | Snd | main.rs:560:5:561:14 | S3 | +| main.rs:594:13:594:14 | p3 | | main.rs:535:5:541:5 | PairOption | +| main.rs:594:13:594:14 | p3 | Fst | main.rs:560:5:561:14 | S3 | +| main.rs:594:35:594:56 | ...::PairNone(...) | | main.rs:535:5:541:5 | PairOption | +| main.rs:594:35:594:56 | ...::PairNone(...) | Fst | main.rs:560:5:561:14 | S3 | +| main.rs:595:26:595:27 | p3 | | main.rs:535:5:541:5 | PairOption | +| main.rs:595:26:595:27 | p3 | Fst | main.rs:560:5:561:14 | S3 | +| main.rs:597:11:597:54 | ...::PairSnd(...) | | main.rs:535:5:541:5 | PairOption | +| main.rs:597:11:597:54 | ...::PairSnd(...) | Fst | main.rs:560:5:561:14 | S3 | +| main.rs:597:11:597:54 | ...::PairSnd(...) | Snd | main.rs:535:5:541:5 | PairOption | +| main.rs:597:11:597:54 | ...::PairSnd(...) | Snd.Snd | main.rs:560:5:561:14 | S3 | +| main.rs:597:31:597:53 | ...::PairSnd(...) | | main.rs:535:5:541:5 | PairOption | +| main.rs:597:31:597:53 | ...::PairSnd(...) | Snd | main.rs:560:5:561:14 | S3 | +| main.rs:597:51:597:52 | S3 | | main.rs:560:5:561:14 | S3 | +| main.rs:610:16:610:24 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:610:16:610:24 | SelfParam | &T | main.rs:608:5:615:5 | Self [trait MyTrait] | +| main.rs:610:27:610:31 | value | | main.rs:608:19:608:19 | S | +| main.rs:612:21:612:29 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:612:21:612:29 | SelfParam | &T | main.rs:608:5:615:5 | Self [trait MyTrait] | +| main.rs:612:32:612:36 | value | | main.rs:608:19:608:19 | S | +| main.rs:613:13:613:16 | self | | file://:0:0:0:0 | & | +| main.rs:613:13:613:16 | self | &T | main.rs:608:5:615:5 | Self [trait MyTrait] | +| main.rs:613:22:613:26 | value | | main.rs:608:19:608:19 | S | +| main.rs:619:16:619:24 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:619:16:619:24 | SelfParam | &T | main.rs:602:5:606:5 | MyOption | +| main.rs:619:16:619:24 | SelfParam | &T.T | main.rs:617:10:617:10 | T | +| main.rs:619:27:619:31 | value | | main.rs:617:10:617:10 | T | +| main.rs:623:26:625:9 | { ... } | | main.rs:602:5:606:5 | MyOption | +| main.rs:623:26:625:9 | { ... } | T | main.rs:622:10:622:10 | T | +| main.rs:624:13:624:30 | ...::MyNone(...) | | main.rs:602:5:606:5 | MyOption | +| main.rs:624:13:624:30 | ...::MyNone(...) | T | main.rs:622:10:622:10 | T | +| main.rs:629:20:629:23 | SelfParam | | main.rs:602:5:606:5 | MyOption | +| main.rs:629:20:629:23 | SelfParam | T | main.rs:602:5:606:5 | MyOption | +| main.rs:629:20:629:23 | SelfParam | T.T | main.rs:628:10:628:10 | T | +| main.rs:629:41:634:9 | { ... } | | main.rs:602:5:606:5 | MyOption | +| main.rs:629:41:634:9 | { ... } | T | main.rs:628:10:628:10 | T | +| main.rs:630:13:633:13 | match self { ... } | | main.rs:602:5:606:5 | MyOption | +| main.rs:630:13:633:13 | match self { ... } | T | main.rs:628:10:628:10 | T | +| main.rs:630:19:630:22 | self | | main.rs:602:5:606:5 | MyOption | +| main.rs:630:19:630:22 | self | T | main.rs:602:5:606:5 | MyOption | +| main.rs:630:19:630:22 | self | T.T | main.rs:628:10:628:10 | T | +| main.rs:631:39:631:56 | ...::MyNone(...) | | main.rs:602:5:606:5 | MyOption | +| main.rs:631:39:631:56 | ...::MyNone(...) | T | main.rs:628:10:628:10 | T | +| main.rs:632:34:632:34 | x | | main.rs:602:5:606:5 | MyOption | +| main.rs:632:34:632:34 | x | T | main.rs:628:10:628:10 | T | +| main.rs:632:40:632:40 | x | | main.rs:602:5:606:5 | MyOption | +| main.rs:632:40:632:40 | x | T | main.rs:628:10:628:10 | T | +| main.rs:641:13:641:14 | x1 | | main.rs:602:5:606:5 | MyOption | +| main.rs:641:18:641:37 | ...::new(...) | | main.rs:602:5:606:5 | MyOption | +| main.rs:642:26:642:27 | x1 | | main.rs:602:5:606:5 | MyOption | +| main.rs:644:13:644:18 | mut x2 | | main.rs:602:5:606:5 | MyOption | +| main.rs:644:13:644:18 | mut x2 | T | main.rs:637:5:638:13 | S | +| main.rs:644:22:644:36 | ...::new(...) | | main.rs:602:5:606:5 | MyOption | +| main.rs:644:22:644:36 | ...::new(...) | T | main.rs:637:5:638:13 | S | +| main.rs:645:9:645:10 | x2 | | main.rs:602:5:606:5 | MyOption | +| main.rs:645:9:645:10 | x2 | T | main.rs:637:5:638:13 | S | +| main.rs:645:16:645:16 | S | | main.rs:637:5:638:13 | S | +| main.rs:646:26:646:27 | x2 | | main.rs:602:5:606:5 | MyOption | +| main.rs:646:26:646:27 | x2 | T | main.rs:637:5:638:13 | S | +| main.rs:648:13:648:18 | mut x3 | | main.rs:602:5:606:5 | MyOption | +| main.rs:648:22:648:36 | ...::new(...) | | main.rs:602:5:606:5 | MyOption | +| main.rs:649:9:649:10 | x3 | | main.rs:602:5:606:5 | MyOption | +| main.rs:649:21:649:21 | S | | main.rs:637:5:638:13 | S | +| main.rs:650:26:650:27 | x3 | | main.rs:602:5:606:5 | MyOption | +| main.rs:652:13:652:18 | mut x4 | | main.rs:602:5:606:5 | MyOption | +| main.rs:652:13:652:18 | mut x4 | T | main.rs:637:5:638:13 | S | +| main.rs:652:22:652:36 | ...::new(...) | | main.rs:602:5:606:5 | MyOption | +| main.rs:652:22:652:36 | ...::new(...) | T | main.rs:637:5:638:13 | S | +| main.rs:653:23:653:29 | &mut x4 | | file://:0:0:0:0 | & | +| main.rs:653:23:653:29 | &mut x4 | &T | main.rs:602:5:606:5 | MyOption | +| main.rs:653:23:653:29 | &mut x4 | &T.T | main.rs:637:5:638:13 | S | +| main.rs:653:28:653:29 | x4 | | main.rs:602:5:606:5 | MyOption | +| main.rs:653:28:653:29 | x4 | T | main.rs:637:5:638:13 | S | +| main.rs:653:32:653:32 | S | | main.rs:637:5:638:13 | S | +| main.rs:654:26:654:27 | x4 | | main.rs:602:5:606:5 | MyOption | +| main.rs:654:26:654:27 | x4 | T | main.rs:637:5:638:13 | S | +| main.rs:656:13:656:14 | x5 | | main.rs:602:5:606:5 | MyOption | +| main.rs:656:13:656:14 | x5 | T | main.rs:602:5:606:5 | MyOption | +| main.rs:656:13:656:14 | x5 | T.T | main.rs:637:5:638:13 | S | +| main.rs:656:18:656:58 | ...::MySome(...) | | main.rs:602:5:606:5 | MyOption | +| main.rs:656:18:656:58 | ...::MySome(...) | T | main.rs:602:5:606:5 | MyOption | +| main.rs:656:18:656:58 | ...::MySome(...) | T.T | main.rs:637:5:638:13 | S | +| main.rs:656:35:656:57 | ...::MyNone(...) | | main.rs:602:5:606:5 | MyOption | +| main.rs:656:35:656:57 | ...::MyNone(...) | T | main.rs:637:5:638:13 | S | +| main.rs:657:26:657:27 | x5 | | main.rs:602:5:606:5 | MyOption | +| main.rs:657:26:657:27 | x5 | T | main.rs:602:5:606:5 | MyOption | +| main.rs:657:26:657:27 | x5 | T.T | main.rs:637:5:638:13 | S | +| main.rs:659:13:659:14 | x6 | | main.rs:602:5:606:5 | MyOption | +| main.rs:659:13:659:14 | x6 | T | main.rs:602:5:606:5 | MyOption | +| main.rs:659:13:659:14 | x6 | T.T | main.rs:637:5:638:13 | S | +| main.rs:659:18:659:58 | ...::MySome(...) | | main.rs:602:5:606:5 | MyOption | +| main.rs:659:18:659:58 | ...::MySome(...) | T | main.rs:602:5:606:5 | MyOption | +| main.rs:659:18:659:58 | ...::MySome(...) | T.T | main.rs:637:5:638:13 | S | +| main.rs:659:35:659:57 | ...::MyNone(...) | | main.rs:602:5:606:5 | MyOption | +| main.rs:659:35:659:57 | ...::MyNone(...) | T | main.rs:637:5:638:13 | S | +| main.rs:660:26:660:61 | ...::flatten(...) | | main.rs:602:5:606:5 | MyOption | +| main.rs:660:26:660:61 | ...::flatten(...) | T | main.rs:637:5:638:13 | S | +| main.rs:660:59:660:60 | x6 | | main.rs:602:5:606:5 | MyOption | +| main.rs:660:59:660:60 | x6 | T | main.rs:602:5:606:5 | MyOption | +| main.rs:660:59:660:60 | x6 | T.T | main.rs:637:5:638:13 | S | +| main.rs:662:13:662:19 | from_if | | main.rs:602:5:606:5 | MyOption | +| main.rs:662:13:662:19 | from_if | T | main.rs:637:5:638:13 | S | +| main.rs:662:23:666:9 | if ... {...} else {...} | | main.rs:602:5:606:5 | MyOption | +| main.rs:662:23:666:9 | if ... {...} else {...} | T | main.rs:637:5:638:13 | S | +| main.rs:662:36:664:9 | { ... } | | main.rs:602:5:606:5 | MyOption | +| main.rs:662:36:664:9 | { ... } | T | main.rs:637:5:638:13 | S | +| main.rs:663:13:663:30 | ...::MyNone(...) | | main.rs:602:5:606:5 | MyOption | +| main.rs:663:13:663:30 | ...::MyNone(...) | T | main.rs:637:5:638:13 | S | +| main.rs:664:16:666:9 | { ... } | | main.rs:602:5:606:5 | MyOption | +| main.rs:664:16:666:9 | { ... } | T | main.rs:637:5:638:13 | S | +| main.rs:665:13:665:31 | ...::MySome(...) | | main.rs:602:5:606:5 | MyOption | +| main.rs:665:13:665:31 | ...::MySome(...) | T | main.rs:637:5:638:13 | S | +| main.rs:665:30:665:30 | S | | main.rs:637:5:638:13 | S | +| main.rs:667:26:667:32 | from_if | | main.rs:602:5:606:5 | MyOption | +| main.rs:667:26:667:32 | from_if | T | main.rs:637:5:638:13 | S | +| main.rs:669:13:669:22 | from_match | | main.rs:602:5:606:5 | MyOption | +| main.rs:669:13:669:22 | from_match | T | main.rs:637:5:638:13 | S | +| main.rs:669:26:672:9 | match ... { ... } | | main.rs:602:5:606:5 | MyOption | +| main.rs:669:26:672:9 | match ... { ... } | T | main.rs:637:5:638:13 | S | +| main.rs:670:21:670:38 | ...::MyNone(...) | | main.rs:602:5:606:5 | MyOption | +| main.rs:670:21:670:38 | ...::MyNone(...) | T | main.rs:637:5:638:13 | S | +| main.rs:671:22:671:40 | ...::MySome(...) | | main.rs:602:5:606:5 | MyOption | +| main.rs:671:22:671:40 | ...::MySome(...) | T | main.rs:637:5:638:13 | S | +| main.rs:671:39:671:39 | S | | main.rs:637:5:638:13 | S | +| main.rs:673:26:673:35 | from_match | | main.rs:602:5:606:5 | MyOption | +| main.rs:673:26:673:35 | from_match | T | main.rs:637:5:638:13 | S | +| main.rs:675:13:675:21 | from_loop | | main.rs:602:5:606:5 | MyOption | +| main.rs:675:13:675:21 | from_loop | T | main.rs:637:5:638:13 | S | +| main.rs:675:25:680:9 | loop { ... } | | main.rs:602:5:606:5 | MyOption | +| main.rs:675:25:680:9 | loop { ... } | T | main.rs:637:5:638:13 | S | +| main.rs:677:23:677:40 | ...::MyNone(...) | | main.rs:602:5:606:5 | MyOption | +| main.rs:677:23:677:40 | ...::MyNone(...) | T | main.rs:637:5:638:13 | S | +| main.rs:679:19:679:37 | ...::MySome(...) | | main.rs:602:5:606:5 | MyOption | +| main.rs:679:19:679:37 | ...::MySome(...) | T | main.rs:637:5:638:13 | S | +| main.rs:679:36:679:36 | S | | main.rs:637:5:638:13 | S | +| main.rs:681:26:681:34 | from_loop | | main.rs:602:5:606:5 | MyOption | +| main.rs:681:26:681:34 | from_loop | T | main.rs:637:5:638:13 | S | +| main.rs:694:15:694:18 | SelfParam | | main.rs:687:5:688:19 | S | +| main.rs:694:15:694:18 | SelfParam | T | main.rs:693:10:693:10 | T | +| main.rs:694:26:696:9 | { ... } | | main.rs:693:10:693:10 | T | +| main.rs:695:13:695:16 | self | | main.rs:687:5:688:19 | S | +| main.rs:695:13:695:16 | self | T | main.rs:693:10:693:10 | T | +| main.rs:695:13:695:18 | self.0 | | main.rs:693:10:693:10 | T | +| main.rs:698:15:698:19 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:698:15:698:19 | SelfParam | &T | main.rs:687:5:688:19 | S | +| main.rs:698:15:698:19 | SelfParam | &T.T | main.rs:693:10:693:10 | T | +| main.rs:698:28:700:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:698:28:700:9 | { ... } | &T | main.rs:693:10:693:10 | T | +| main.rs:699:13:699:19 | &... | | file://:0:0:0:0 | & | +| main.rs:699:13:699:19 | &... | &T | main.rs:693:10:693:10 | T | +| main.rs:699:14:699:17 | self | | file://:0:0:0:0 | & | +| main.rs:699:14:699:17 | self | &T | main.rs:687:5:688:19 | S | +| main.rs:699:14:699:17 | self | &T.T | main.rs:693:10:693:10 | T | +| main.rs:699:14:699:19 | self.0 | | main.rs:693:10:693:10 | T | +| main.rs:702:15:702:25 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:702:15:702:25 | SelfParam | &T | main.rs:687:5:688:19 | S | +| main.rs:702:15:702:25 | SelfParam | &T.T | main.rs:693:10:693:10 | T | +| main.rs:702:34:704:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:702:34:704:9 | { ... } | &T | main.rs:693:10:693:10 | T | +| main.rs:703:13:703:19 | &... | | file://:0:0:0:0 | & | +| main.rs:703:13:703:19 | &... | &T | main.rs:693:10:693:10 | T | +| main.rs:703:14:703:17 | self | | file://:0:0:0:0 | & | +| main.rs:703:14:703:17 | self | &T | main.rs:687:5:688:19 | S | +| main.rs:703:14:703:17 | self | &T.T | main.rs:693:10:693:10 | T | +| main.rs:703:14:703:19 | self.0 | | main.rs:693:10:693:10 | T | +| main.rs:708:13:708:14 | x1 | | main.rs:687:5:688:19 | S | +| main.rs:708:13:708:14 | x1 | T | main.rs:690:5:691:14 | S2 | +| main.rs:708:18:708:22 | S(...) | | main.rs:687:5:688:19 | S | +| main.rs:708:18:708:22 | S(...) | T | main.rs:690:5:691:14 | S2 | +| main.rs:708:20:708:21 | S2 | | main.rs:690:5:691:14 | S2 | +| main.rs:709:26:709:27 | x1 | | main.rs:687:5:688:19 | S | +| main.rs:709:26:709:27 | x1 | T | main.rs:690:5:691:14 | S2 | +| main.rs:709:26:709:32 | x1.m1() | | main.rs:690:5:691:14 | S2 | +| main.rs:711:13:711:14 | x2 | | main.rs:687:5:688:19 | S | +| main.rs:711:13:711:14 | x2 | T | main.rs:690:5:691:14 | S2 | +| main.rs:711:18:711:22 | S(...) | | main.rs:687:5:688:19 | S | +| main.rs:711:18:711:22 | S(...) | T | main.rs:690:5:691:14 | S2 | +| main.rs:711:20:711:21 | S2 | | main.rs:690:5:691:14 | S2 | +| main.rs:713:26:713:27 | x2 | | main.rs:687:5:688:19 | S | +| main.rs:713:26:713:27 | x2 | T | main.rs:690:5:691:14 | S2 | +| main.rs:713:26:713:32 | x2.m2() | | file://:0:0:0:0 | & | +| main.rs:713:26:713:32 | x2.m2() | &T | main.rs:690:5:691:14 | S2 | +| main.rs:714:26:714:27 | x2 | | main.rs:687:5:688:19 | S | +| main.rs:714:26:714:27 | x2 | T | main.rs:690:5:691:14 | S2 | +| main.rs:714:26:714:32 | x2.m3() | | file://:0:0:0:0 | & | +| main.rs:714:26:714:32 | x2.m3() | &T | main.rs:690:5:691:14 | S2 | +| main.rs:716:13:716:14 | x3 | | main.rs:687:5:688:19 | S | +| main.rs:716:13:716:14 | x3 | T | main.rs:690:5:691:14 | S2 | +| main.rs:716:18:716:22 | S(...) | | main.rs:687:5:688:19 | S | +| main.rs:716:18:716:22 | S(...) | T | main.rs:690:5:691:14 | S2 | +| main.rs:716:20:716:21 | S2 | | main.rs:690:5:691:14 | S2 | +| main.rs:718:26:718:41 | ...::m2(...) | | file://:0:0:0:0 | & | +| main.rs:718:26:718:41 | ...::m2(...) | &T | main.rs:690:5:691:14 | S2 | +| main.rs:718:38:718:40 | &x3 | | file://:0:0:0:0 | & | +| main.rs:718:38:718:40 | &x3 | &T | main.rs:687:5:688:19 | S | +| main.rs:718:38:718:40 | &x3 | &T.T | main.rs:690:5:691:14 | S2 | +| main.rs:718:39:718:40 | x3 | | main.rs:687:5:688:19 | S | +| main.rs:718:39:718:40 | x3 | T | main.rs:690:5:691:14 | S2 | +| main.rs:719:26:719:41 | ...::m3(...) | | file://:0:0:0:0 | & | +| main.rs:719:26:719:41 | ...::m3(...) | &T | main.rs:690:5:691:14 | S2 | +| main.rs:719:38:719:40 | &x3 | | file://:0:0:0:0 | & | +| main.rs:719:38:719:40 | &x3 | &T | main.rs:687:5:688:19 | S | +| main.rs:719:38:719:40 | &x3 | &T.T | main.rs:690:5:691:14 | S2 | +| main.rs:719:39:719:40 | x3 | | main.rs:687:5:688:19 | S | +| main.rs:719:39:719:40 | x3 | T | main.rs:690:5:691:14 | S2 | +| main.rs:721:13:721:14 | x4 | | file://:0:0:0:0 | & | +| main.rs:721:13:721:14 | x4 | &T | main.rs:687:5:688:19 | S | +| main.rs:721:13:721:14 | x4 | &T.T | main.rs:690:5:691:14 | S2 | +| main.rs:721:18:721:23 | &... | | file://:0:0:0:0 | & | +| main.rs:721:18:721:23 | &... | &T | main.rs:687:5:688:19 | S | +| main.rs:721:18:721:23 | &... | &T.T | main.rs:690:5:691:14 | S2 | +| main.rs:721:19:721:23 | S(...) | | main.rs:687:5:688:19 | S | +| main.rs:721:19:721:23 | S(...) | T | main.rs:690:5:691:14 | S2 | +| main.rs:721:21:721:22 | S2 | | main.rs:690:5:691:14 | S2 | +| main.rs:723:26:723:27 | x4 | | file://:0:0:0:0 | & | +| main.rs:723:26:723:27 | x4 | &T | main.rs:687:5:688:19 | S | +| main.rs:723:26:723:27 | x4 | &T.T | main.rs:690:5:691:14 | S2 | +| main.rs:723:26:723:32 | x4.m2() | | file://:0:0:0:0 | & | +| main.rs:723:26:723:32 | x4.m2() | &T | main.rs:690:5:691:14 | S2 | +| main.rs:724:26:724:27 | x4 | | file://:0:0:0:0 | & | +| main.rs:724:26:724:27 | x4 | &T | main.rs:687:5:688:19 | S | +| main.rs:724:26:724:27 | x4 | &T.T | main.rs:690:5:691:14 | S2 | +| main.rs:724:26:724:32 | x4.m3() | | file://:0:0:0:0 | & | +| main.rs:724:26:724:32 | x4.m3() | &T | main.rs:690:5:691:14 | S2 | +| main.rs:726:13:726:14 | x5 | | file://:0:0:0:0 | & | +| main.rs:726:13:726:14 | x5 | &T | main.rs:687:5:688:19 | S | +| main.rs:726:13:726:14 | x5 | &T.T | main.rs:690:5:691:14 | S2 | +| main.rs:726:18:726:23 | &... | | file://:0:0:0:0 | & | +| main.rs:726:18:726:23 | &... | &T | main.rs:687:5:688:19 | S | +| main.rs:726:18:726:23 | &... | &T.T | main.rs:690:5:691:14 | S2 | +| main.rs:726:19:726:23 | S(...) | | main.rs:687:5:688:19 | S | +| main.rs:726:19:726:23 | S(...) | T | main.rs:690:5:691:14 | S2 | +| main.rs:726:21:726:22 | S2 | | main.rs:690:5:691:14 | S2 | +| main.rs:728:26:728:27 | x5 | | file://:0:0:0:0 | & | +| main.rs:728:26:728:27 | x5 | &T | main.rs:687:5:688:19 | S | +| main.rs:728:26:728:27 | x5 | &T.T | main.rs:690:5:691:14 | S2 | +| main.rs:728:26:728:32 | x5.m1() | | main.rs:690:5:691:14 | S2 | +| main.rs:729:26:729:27 | x5 | | file://:0:0:0:0 | & | +| main.rs:729:26:729:27 | x5 | &T | main.rs:687:5:688:19 | S | +| main.rs:729:26:729:27 | x5 | &T.T | main.rs:690:5:691:14 | S2 | +| main.rs:729:26:729:29 | x5.0 | | main.rs:690:5:691:14 | S2 | +| main.rs:731:13:731:14 | x6 | | file://:0:0:0:0 | & | +| main.rs:731:13:731:14 | x6 | &T | main.rs:687:5:688:19 | S | +| main.rs:731:13:731:14 | x6 | &T.T | main.rs:690:5:691:14 | S2 | +| main.rs:731:18:731:23 | &... | | file://:0:0:0:0 | & | +| main.rs:731:18:731:23 | &... | &T | main.rs:687:5:688:19 | S | +| main.rs:731:18:731:23 | &... | &T.T | main.rs:690:5:691:14 | S2 | +| main.rs:731:19:731:23 | S(...) | | main.rs:687:5:688:19 | S | +| main.rs:731:19:731:23 | S(...) | T | main.rs:690:5:691:14 | S2 | +| main.rs:731:21:731:22 | S2 | | main.rs:690:5:691:14 | S2 | +| main.rs:733:26:733:30 | (...) | | main.rs:687:5:688:19 | S | +| main.rs:733:26:733:30 | (...) | T | main.rs:690:5:691:14 | S2 | +| main.rs:733:26:733:35 | ... .m1() | | main.rs:690:5:691:14 | S2 | +| main.rs:733:27:733:29 | * ... | | main.rs:687:5:688:19 | S | +| main.rs:733:27:733:29 | * ... | T | main.rs:690:5:691:14 | S2 | +| main.rs:733:28:733:29 | x6 | | file://:0:0:0:0 | & | +| main.rs:733:28:733:29 | x6 | &T | main.rs:687:5:688:19 | S | +| main.rs:733:28:733:29 | x6 | &T.T | main.rs:690:5:691:14 | S2 | +| main.rs:740:16:740:20 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:740:16:740:20 | SelfParam | &T | main.rs:738:5:746:5 | Self [trait MyTrait] | +| main.rs:743:16:743:20 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:743:16:743:20 | SelfParam | &T | main.rs:738:5:746:5 | Self [trait MyTrait] | +| main.rs:743:32:745:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:743:32:745:9 | { ... } | &T | main.rs:738:5:746:5 | Self [trait MyTrait] | +| main.rs:744:13:744:16 | self | | file://:0:0:0:0 | & | +| main.rs:744:13:744:16 | self | &T | main.rs:738:5:746:5 | Self [trait MyTrait] | +| main.rs:744:13:744:22 | self.foo() | | file://:0:0:0:0 | & | +| main.rs:744:13:744:22 | self.foo() | &T | main.rs:738:5:746:5 | Self [trait MyTrait] | +| main.rs:752:16:752:20 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:752:16:752:20 | SelfParam | &T | main.rs:748:5:748:20 | MyStruct | +| main.rs:752:36:754:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:752:36:754:9 | { ... } | &T | main.rs:748:5:748:20 | MyStruct | +| main.rs:753:13:753:16 | self | | file://:0:0:0:0 | & | +| main.rs:753:13:753:16 | self | &T | main.rs:748:5:748:20 | MyStruct | +| main.rs:758:13:758:13 | x | | main.rs:748:5:748:20 | MyStruct | +| main.rs:758:17:758:24 | MyStruct | | main.rs:748:5:748:20 | MyStruct | +| main.rs:759:9:759:9 | x | | main.rs:748:5:748:20 | MyStruct | +| main.rs:759:9:759:15 | x.bar() | | file://:0:0:0:0 | & | +| main.rs:759:9:759:15 | x.bar() | &T | main.rs:748:5:748:20 | MyStruct | +| main.rs:769:16:769:20 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:769:16:769:20 | SelfParam | &T | main.rs:766:5:766:26 | MyStruct | +| main.rs:769:16:769:20 | SelfParam | &T.T | main.rs:768:10:768:10 | T | +| main.rs:769:32:771:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:769:32:771:9 | { ... } | &T | main.rs:766:5:766:26 | MyStruct | +| main.rs:769:32:771:9 | { ... } | &T.T | main.rs:768:10:768:10 | T | +| main.rs:770:13:770:16 | self | | file://:0:0:0:0 | & | +| main.rs:770:13:770:16 | self | &T | main.rs:766:5:766:26 | MyStruct | +| main.rs:770:13:770:16 | self | &T.T | main.rs:768:10:768:10 | T | +| main.rs:775:13:775:13 | x | | main.rs:766:5:766:26 | MyStruct | +| main.rs:775:13:775:13 | x | T | main.rs:764:5:764:13 | S | +| main.rs:775:17:775:27 | MyStruct(...) | | main.rs:766:5:766:26 | MyStruct | +| main.rs:775:17:775:27 | MyStruct(...) | T | main.rs:764:5:764:13 | S | +| main.rs:775:26:775:26 | S | | main.rs:764:5:764:13 | S | +| main.rs:776:9:776:9 | x | | main.rs:766:5:766:26 | MyStruct | +| main.rs:776:9:776:9 | x | T | main.rs:764:5:764:13 | S | +| main.rs:776:9:776:15 | x.foo() | | file://:0:0:0:0 | & | +| main.rs:776:9:776:15 | x.foo() | &T | main.rs:766:5:766:26 | MyStruct | +| main.rs:776:9:776:15 | x.foo() | &T.T | main.rs:764:5:764:13 | S | +| main.rs:784:15:784:19 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:784:15:784:19 | SelfParam | &T | main.rs:781:5:781:13 | S | +| main.rs:784:31:786:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:784:31:786:9 | { ... } | &T | main.rs:781:5:781:13 | S | +| main.rs:785:13:785:19 | &... | | file://:0:0:0:0 | & | +| main.rs:785:13:785:19 | &... | &T | main.rs:781:5:781:13 | S | +| main.rs:785:14:785:19 | &... | | file://:0:0:0:0 | & | +| main.rs:785:14:785:19 | &... | &T | main.rs:781:5:781:13 | S | +| main.rs:785:15:785:19 | &self | | file://:0:0:0:0 | & | +| main.rs:785:15:785:19 | &self | &T | main.rs:781:5:781:13 | S | +| main.rs:785:16:785:19 | self | | file://:0:0:0:0 | & | +| main.rs:785:16:785:19 | self | &T | main.rs:781:5:781:13 | S | +| main.rs:788:15:788:25 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:788:15:788:25 | SelfParam | &T | main.rs:781:5:781:13 | S | +| main.rs:788:37:790:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:788:37:790:9 | { ... } | &T | main.rs:781:5:781:13 | S | +| main.rs:789:13:789:19 | &... | | file://:0:0:0:0 | & | +| main.rs:789:13:789:19 | &... | &T | main.rs:781:5:781:13 | S | +| main.rs:789:14:789:19 | &... | | file://:0:0:0:0 | & | +| main.rs:789:14:789:19 | &... | &T | main.rs:781:5:781:13 | S | +| main.rs:789:15:789:19 | &self | | file://:0:0:0:0 | & | +| main.rs:789:15:789:19 | &self | &T | main.rs:781:5:781:13 | S | +| main.rs:789:16:789:19 | self | | file://:0:0:0:0 | & | +| main.rs:789:16:789:19 | self | &T | main.rs:781:5:781:13 | S | +| main.rs:792:15:792:15 | x | | file://:0:0:0:0 | & | +| main.rs:792:15:792:15 | x | &T | main.rs:781:5:781:13 | S | +| main.rs:792:34:794:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:792:34:794:9 | { ... } | &T | main.rs:781:5:781:13 | S | +| main.rs:793:13:793:13 | x | | file://:0:0:0:0 | & | +| main.rs:793:13:793:13 | x | &T | main.rs:781:5:781:13 | S | +| main.rs:796:15:796:15 | x | | file://:0:0:0:0 | & | +| main.rs:796:15:796:15 | x | &T | main.rs:781:5:781:13 | S | +| main.rs:796:34:798:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:796:34:798:9 | { ... } | &T | main.rs:781:5:781:13 | S | +| main.rs:797:13:797:16 | &... | | file://:0:0:0:0 | & | +| main.rs:797:13:797:16 | &... | &T | main.rs:781:5:781:13 | S | +| main.rs:797:14:797:16 | &... | | file://:0:0:0:0 | & | +| main.rs:797:14:797:16 | &... | &T | main.rs:781:5:781:13 | S | +| main.rs:797:15:797:16 | &x | | file://:0:0:0:0 | & | +| main.rs:797:15:797:16 | &x | &T | main.rs:781:5:781:13 | S | +| main.rs:797:16:797:16 | x | | file://:0:0:0:0 | & | +| main.rs:797:16:797:16 | x | &T | main.rs:781:5:781:13 | S | +| main.rs:802:13:802:13 | x | | main.rs:781:5:781:13 | S | +| main.rs:802:17:802:20 | S {...} | | main.rs:781:5:781:13 | S | +| main.rs:803:9:803:9 | x | | main.rs:781:5:781:13 | S | +| main.rs:803:9:803:14 | x.f1() | | file://:0:0:0:0 | & | +| main.rs:803:9:803:14 | x.f1() | &T | main.rs:781:5:781:13 | S | +| main.rs:804:9:804:9 | x | | main.rs:781:5:781:13 | S | +| main.rs:804:9:804:14 | x.f2() | | file://:0:0:0:0 | & | +| main.rs:804:9:804:14 | x.f2() | &T | main.rs:781:5:781:13 | S | +| main.rs:805:9:805:17 | ...::f3(...) | | file://:0:0:0:0 | & | +| main.rs:805:9:805:17 | ...::f3(...) | &T | main.rs:781:5:781:13 | S | +| main.rs:805:15:805:16 | &x | | file://:0:0:0:0 | & | +| main.rs:805:15:805:16 | &x | &T | main.rs:781:5:781:13 | S | +| main.rs:805:16:805:16 | x | | main.rs:781:5:781:13 | S | +| main.rs:811:5:811:20 | ...::f(...) | | main.rs:67:5:67:21 | Foo | +| main.rs:812:5:812:60 | ...::g(...) | | main.rs:67:5:67:21 | Foo | +| main.rs:812:20:812:38 | ...::Foo {...} | | main.rs:67:5:67:21 | Foo | +| main.rs:812:41:812:59 | ...::Foo {...} | | main.rs:67:5:67:21 | Foo | From a1d36c05017903a8454647f42be59788b77bada0 Mon Sep 17 00:00:00 2001 From: Simon Friis Vindum Date: Fri, 28 Mar 2025 11:06:49 +0100 Subject: [PATCH 215/409] Rust: Implement support for inference of type aliases --- .../lib/codeql/rust/internal/TypeMention.qll | 49 ++++++++++++++++++- .../test/library-tests/type-inference/main.rs | 10 ++-- .../type-inference/type-inference.expected | 38 +++++++++++--- 3 files changed, 85 insertions(+), 12 deletions(-) diff --git a/rust/ql/lib/codeql/rust/internal/TypeMention.qll b/rust/ql/lib/codeql/rust/internal/TypeMention.qll index a5e696313a3..2fd50b974c9 100644 --- a/rust/ql/lib/codeql/rust/internal/TypeMention.qll +++ b/rust/ql/lib/codeql/rust/internal/TypeMention.qll @@ -53,9 +53,25 @@ class TypeReprMention extends TypeMention, TypeRepr { or result = this.(PathTypeRepr).getPath().(PathMention).resolveType() } + + override Type resolveTypeAt(TypePath path) { + result = this.(PathTypeRepr).getPath().(PathMention).resolveTypeAt(path) + or + not exists(this.(PathTypeRepr).getPath()) and + result = super.resolveTypeAt(path) + } } -class PathMention extends TypeMention, Path { +/** Holds if `path` resolves the type alias `alias` with the definition `rhs`. */ +private predicate resolvePathAlias(Path path, TypeAlias alias, TypeReprMention rhs) { + alias = resolvePath(path) and rhs = alias.getTypeRepr() +} + +abstract class PathMention extends TypeMention, Path { } + +class NonAliasPathMention extends PathMention { + NonAliasPathMention() { not resolvePathAlias(this, _, _) } + override TypeMention getTypeArgument(int i) { result = this.getSegment().getGenericArgList().getTypeArg(i) or @@ -98,6 +114,37 @@ class PathMention extends TypeMention, Path { } } +class AliasPathMention extends PathMention { + TypeAlias alias; + TypeReprMention rhs; + + AliasPathMention() { resolvePathAlias(this, alias, rhs) } + + override TypeMention getTypeArgument(int i) { + result = this.getSegment().getGenericArgList().getTypeArg(i) + } + + /** Get the `i`th type parameter of the alias itself. */ + private TypeParameter getTypeParameter(int i) { + result = TTypeParamTypeParameter(alias.getGenericParamList().getTypeParam(i)) + } + + override Type resolveType() { result = rhs.resolveType() } + + override Type resolveTypeAt(TypePath path) { + result = rhs.resolveTypeAt(path) and + not result = this.getTypeParameter(_) + or + exists(TypeParameter tp, TypeMention arg, TypePath prefix, TypePath suffix, int i | + tp = rhs.resolveTypeAt(prefix) and + tp = this.getTypeParameter(i) and + arg = this.getTypeArgument(i) and + result = arg.resolveTypeAt(suffix) and + path = prefix.append(suffix) + ) + } +} + // Used to represent implicit `Self` type arguments in traits and `impl` blocks, // see `PathMention` for details. class TypeParamMention extends TypeMention, TypeParam { diff --git a/rust/ql/test/library-tests/type-inference/main.rs b/rust/ql/test/library-tests/type-inference/main.rs index 2774332761e..23a5fbaaa4d 100644 --- a/rust/ql/test/library-tests/type-inference/main.rs +++ b/rust/ql/test/library-tests/type-inference/main.rs @@ -569,11 +569,11 @@ mod type_aliases { // Alias to another alias type AliasToAlias = AnotherPair; - // Alias that appears nested withing another alias + // Alias that appears nested within another alias type NestedAlias = AnotherPair>; fn g(t: NestedAlias) { - let x = t.unwrapSnd().unwrapSnd(); // $ method=unwrapSnd MISSING: type=x:S3 + let x = t.unwrapSnd().unwrapSnd(); // $ method=unwrapSnd type=x:S3 println!("{:?}", x); } @@ -583,15 +583,15 @@ mod type_aliases { println!("{:?}", p1); // Type can be only inferred from the type alias - let p2: MyPair = PairOption::PairNone(); // $ MISSING: type=p2:Fst.S1 MISSING: type=p2:Snd.S2 + let p2: MyPair = PairOption::PairNone(); // $ type=p2:Fst.S1 type=p2:Snd.S2 println!("{:?}", p2); // First type from alias, second from constructor - let p3: AnotherPair<_> = PairOption::PairSnd(S3); // $ MISSING: type=p3:Fst.S2 + let p3: AnotherPair<_> = PairOption::PairSnd(S3); // $ type=p3:Fst.S2 println!("{:?}", p3); // First type from alias definition, second from argument to alias - let p3: AnotherPair = PairOption::PairNone(); // $ SPURIOUS: type=p3:Fst.S3 MISSING: type=p3:Snd.S3 + let p3: AnotherPair = PairOption::PairNone(); // $ type=p3:Fst.S2 type=p3:Snd.S3 println!("{:?}", p3); g(PairOption::PairSnd(PairOption::PairSnd(S3))); diff --git a/rust/ql/test/library-tests/type-inference/type-inference.expected b/rust/ql/test/library-tests/type-inference/type-inference.expected index af1dac9c43f..ebe21ec7266 100644 --- a/rust/ql/test/library-tests/type-inference/type-inference.expected +++ b/rust/ql/test/library-tests/type-inference/type-inference.expected @@ -510,9 +510,21 @@ inferType | main.rs:549:41:549:43 | snd | | main.rs:543:15:543:17 | Snd | | main.rs:549:49:549:51 | snd | | main.rs:543:15:543:17 | Snd | | main.rs:575:10:575:10 | t | | main.rs:535:5:541:5 | PairOption | -| main.rs:575:10:575:10 | t | Fst | main.rs:560:5:561:14 | S3 | +| main.rs:575:10:575:10 | t | Fst | main.rs:557:5:558:14 | S2 | +| main.rs:575:10:575:10 | t | Snd | main.rs:535:5:541:5 | PairOption | +| main.rs:575:10:575:10 | t | Snd.Fst | main.rs:557:5:558:14 | S2 | +| main.rs:575:10:575:10 | t | Snd.Snd | main.rs:560:5:561:14 | S3 | +| main.rs:576:13:576:13 | x | | main.rs:560:5:561:14 | S3 | | main.rs:576:17:576:17 | t | | main.rs:535:5:541:5 | PairOption | -| main.rs:576:17:576:17 | t | Fst | main.rs:560:5:561:14 | S3 | +| main.rs:576:17:576:17 | t | Fst | main.rs:557:5:558:14 | S2 | +| main.rs:576:17:576:17 | t | Snd | main.rs:535:5:541:5 | PairOption | +| main.rs:576:17:576:17 | t | Snd.Fst | main.rs:557:5:558:14 | S2 | +| main.rs:576:17:576:17 | t | Snd.Snd | main.rs:560:5:561:14 | S3 | +| main.rs:576:17:576:29 | t.unwrapSnd() | | main.rs:535:5:541:5 | PairOption | +| main.rs:576:17:576:29 | t.unwrapSnd() | Fst | main.rs:557:5:558:14 | S2 | +| main.rs:576:17:576:29 | t.unwrapSnd() | Snd | main.rs:560:5:561:14 | S3 | +| main.rs:576:17:576:41 | ... .unwrapSnd() | | main.rs:560:5:561:14 | S3 | +| main.rs:577:26:577:26 | x | | main.rs:560:5:561:14 | S3 | | main.rs:582:13:582:14 | p1 | | main.rs:535:5:541:5 | PairOption | | main.rs:582:13:582:14 | p1 | Fst | main.rs:554:5:555:14 | S1 | | main.rs:582:13:582:14 | p1 | Snd | main.rs:557:5:558:14 | S2 | @@ -525,26 +537,40 @@ inferType | main.rs:583:26:583:27 | p1 | Fst | main.rs:554:5:555:14 | S1 | | main.rs:583:26:583:27 | p1 | Snd | main.rs:557:5:558:14 | S2 | | main.rs:586:13:586:14 | p2 | | main.rs:535:5:541:5 | PairOption | +| main.rs:586:13:586:14 | p2 | Fst | main.rs:554:5:555:14 | S1 | +| main.rs:586:13:586:14 | p2 | Snd | main.rs:557:5:558:14 | S2 | | main.rs:586:26:586:47 | ...::PairNone(...) | | main.rs:535:5:541:5 | PairOption | +| main.rs:586:26:586:47 | ...::PairNone(...) | Fst | main.rs:554:5:555:14 | S1 | +| main.rs:586:26:586:47 | ...::PairNone(...) | Snd | main.rs:557:5:558:14 | S2 | | main.rs:587:26:587:27 | p2 | | main.rs:535:5:541:5 | PairOption | +| main.rs:587:26:587:27 | p2 | Fst | main.rs:554:5:555:14 | S1 | +| main.rs:587:26:587:27 | p2 | Snd | main.rs:557:5:558:14 | S2 | | main.rs:590:13:590:14 | p3 | | main.rs:535:5:541:5 | PairOption | +| main.rs:590:13:590:14 | p3 | Fst | main.rs:557:5:558:14 | S2 | | main.rs:590:13:590:14 | p3 | Snd | main.rs:560:5:561:14 | S3 | | main.rs:590:34:590:56 | ...::PairSnd(...) | | main.rs:535:5:541:5 | PairOption | +| main.rs:590:34:590:56 | ...::PairSnd(...) | Fst | main.rs:557:5:558:14 | S2 | | main.rs:590:34:590:56 | ...::PairSnd(...) | Snd | main.rs:560:5:561:14 | S3 | | main.rs:590:54:590:55 | S3 | | main.rs:560:5:561:14 | S3 | | main.rs:591:26:591:27 | p3 | | main.rs:535:5:541:5 | PairOption | +| main.rs:591:26:591:27 | p3 | Fst | main.rs:557:5:558:14 | S2 | | main.rs:591:26:591:27 | p3 | Snd | main.rs:560:5:561:14 | S3 | | main.rs:594:13:594:14 | p3 | | main.rs:535:5:541:5 | PairOption | -| main.rs:594:13:594:14 | p3 | Fst | main.rs:560:5:561:14 | S3 | +| main.rs:594:13:594:14 | p3 | Fst | main.rs:557:5:558:14 | S2 | +| main.rs:594:13:594:14 | p3 | Snd | main.rs:560:5:561:14 | S3 | | main.rs:594:35:594:56 | ...::PairNone(...) | | main.rs:535:5:541:5 | PairOption | -| main.rs:594:35:594:56 | ...::PairNone(...) | Fst | main.rs:560:5:561:14 | S3 | +| main.rs:594:35:594:56 | ...::PairNone(...) | Fst | main.rs:557:5:558:14 | S2 | +| main.rs:594:35:594:56 | ...::PairNone(...) | Snd | main.rs:560:5:561:14 | S3 | | main.rs:595:26:595:27 | p3 | | main.rs:535:5:541:5 | PairOption | -| main.rs:595:26:595:27 | p3 | Fst | main.rs:560:5:561:14 | S3 | +| main.rs:595:26:595:27 | p3 | Fst | main.rs:557:5:558:14 | S2 | +| main.rs:595:26:595:27 | p3 | Snd | main.rs:560:5:561:14 | S3 | | main.rs:597:11:597:54 | ...::PairSnd(...) | | main.rs:535:5:541:5 | PairOption | -| main.rs:597:11:597:54 | ...::PairSnd(...) | Fst | main.rs:560:5:561:14 | S3 | +| main.rs:597:11:597:54 | ...::PairSnd(...) | Fst | main.rs:557:5:558:14 | S2 | | main.rs:597:11:597:54 | ...::PairSnd(...) | Snd | main.rs:535:5:541:5 | PairOption | +| main.rs:597:11:597:54 | ...::PairSnd(...) | Snd.Fst | main.rs:557:5:558:14 | S2 | | main.rs:597:11:597:54 | ...::PairSnd(...) | Snd.Snd | main.rs:560:5:561:14 | S3 | | main.rs:597:31:597:53 | ...::PairSnd(...) | | main.rs:535:5:541:5 | PairOption | +| main.rs:597:31:597:53 | ...::PairSnd(...) | Fst | main.rs:557:5:558:14 | S2 | | main.rs:597:31:597:53 | ...::PairSnd(...) | Snd | main.rs:560:5:561:14 | S3 | | main.rs:597:51:597:52 | S3 | | main.rs:560:5:561:14 | S3 | | main.rs:610:16:610:24 | SelfParam | | file://:0:0:0:0 | & | From 3bfb4fbd8dd323d26253a7fcfc69b537b0d62bf6 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Mon, 31 Mar 2025 10:59:48 +0200 Subject: [PATCH 216/409] Rust: More path resolution tests --- .../library-tests/path-resolution/main.rs | 27 ++++ .../path-resolution/path-resolution.expected | 129 ++++++++++-------- 2 files changed, 97 insertions(+), 59 deletions(-) diff --git a/rust/ql/test/library-tests/path-resolution/main.rs b/rust/ql/test/library-tests/path-resolution/main.rs index 374f290b00e..c6235ae780e 100644 --- a/rust/ql/test/library-tests/path-resolution/main.rs +++ b/rust/ql/test/library-tests/path-resolution/main.rs @@ -493,6 +493,33 @@ mod m18 { } } +mod m21 { + mod m22 { + pub enum MyEnum { + A, // I104 + } // I105 + + pub struct MyStruct; // I106 + } // I107 + + mod m33 { + #[rustfmt::skip] + use super::m22::MyEnum::{ // $ item=I105 + self // $ MISSING: item=I105 $ SPURIOUS: item=I107 + }; + + #[rustfmt::skip] + use super::m22::MyStruct::{ // $ item=I106 + self // $ MISSING: item=I106 $ SPURIOUS: item=I107 + }; + + fn f() { + let _ = MyEnum::A; // $ MISSING: item=I104 + let _ = MyStruct {}; // $ MISSING: item=I106 + } + } +} + fn main() { my::nested::nested1::nested2::f(); // $ item=I4 my::f(); // $ item=I38 diff --git a/rust/ql/test/library-tests/path-resolution/path-resolution.expected b/rust/ql/test/library-tests/path-resolution/path-resolution.expected index 235ad7451c5..4fdb0d7843b 100644 --- a/rust/ql/test/library-tests/path-resolution/path-resolution.expected +++ b/rust/ql/test/library-tests/path-resolution/path-resolution.expected @@ -24,6 +24,9 @@ mod | main.rs:476:1:494:1 | mod m18 | | main.rs:481:5:493:5 | mod m19 | | main.rs:486:9:492:9 | mod m20 | +| main.rs:496:1:521:1 | mod m21 | +| main.rs:497:5:503:5 | mod m22 | +| main.rs:505:5:520:5 | mod m33 | | my2/mod.rs:1:1:1:16 | mod nested2 | | my2/mod.rs:12:1:12:12 | mod my3 | | my2/nested2.rs:1:1:11:1 | mod nested3 | @@ -56,7 +59,7 @@ resolvePath | main.rs:30:17:30:21 | super | main.rs:18:5:36:5 | mod m2 | | main.rs:30:17:30:24 | ...::f | main.rs:19:9:21:9 | fn f | | main.rs:33:17:33:17 | f | main.rs:19:9:21:9 | fn f | -| main.rs:40:9:40:13 | super | main.rs:1:1:523:2 | SourceFile | +| main.rs:40:9:40:13 | super | main.rs:1:1:550:2 | SourceFile | | main.rs:40:9:40:17 | ...::m1 | main.rs:13:1:37:1 | mod m1 | | main.rs:40:9:40:21 | ...::m2 | main.rs:18:5:36:5 | mod m2 | | main.rs:40:9:40:24 | ...::g | main.rs:23:9:27:9 | fn g | @@ -68,7 +71,7 @@ resolvePath | main.rs:61:17:61:19 | Foo | main.rs:59:9:59:21 | struct Foo | | main.rs:64:13:64:15 | Foo | main.rs:53:5:53:17 | struct Foo | | main.rs:66:5:66:5 | f | main.rs:55:5:62:5 | fn f | -| main.rs:68:5:68:8 | self | main.rs:1:1:523:2 | SourceFile | +| main.rs:68:5:68:8 | self | main.rs:1:1:550:2 | SourceFile | | main.rs:68:5:68:11 | ...::i | main.rs:71:1:83:1 | fn i | | main.rs:74:13:74:15 | Foo | main.rs:48:1:48:13 | struct Foo | | main.rs:81:17:81:19 | Foo | main.rs:77:9:79:9 | struct Foo | @@ -82,7 +85,7 @@ resolvePath | main.rs:87:57:87:66 | ...::g | my2/nested2.rs:7:9:9:9 | fn g | | main.rs:87:80:87:86 | nested4 | my2/nested2.rs:2:5:10:5 | mod nested4 | | main.rs:100:5:100:22 | f_defined_in_macro | main.rs:99:18:99:42 | fn f_defined_in_macro | -| main.rs:117:13:117:17 | super | main.rs:1:1:523:2 | SourceFile | +| main.rs:117:13:117:17 | super | main.rs:1:1:550:2 | SourceFile | | main.rs:117:13:117:21 | ...::m5 | main.rs:103:1:107:1 | mod m5 | | main.rs:118:9:118:9 | f | main.rs:104:5:106:5 | fn f | | main.rs:118:9:118:9 | f | main.rs:110:5:112:5 | fn f | @@ -220,61 +223,69 @@ resolvePath | main.rs:490:17:490:21 | super | main.rs:481:5:493:5 | mod m19 | | main.rs:490:17:490:28 | ...::super | main.rs:476:1:494:1 | mod m18 | | main.rs:490:17:490:31 | ...::f | main.rs:477:5:479:5 | fn f | -| main.rs:497:5:497:6 | my | main.rs:1:1:1:7 | mod my | -| main.rs:497:5:497:14 | ...::nested | my.rs:1:1:1:15 | mod nested | -| main.rs:497:5:497:23 | ...::nested1 | my/nested.rs:1:1:17:1 | mod nested1 | -| main.rs:497:5:497:32 | ...::nested2 | my/nested.rs:2:5:11:5 | mod nested2 | -| main.rs:497:5:497:35 | ...::f | my/nested.rs:3:9:5:9 | fn f | -| main.rs:498:5:498:6 | my | main.rs:1:1:1:7 | mod my | -| main.rs:498:5:498:9 | ...::f | my.rs:5:1:7:1 | fn f | -| main.rs:499:5:499:11 | nested2 | my2/mod.rs:1:1:1:16 | mod nested2 | -| main.rs:499:5:499:20 | ...::nested3 | my2/nested2.rs:1:1:11:1 | mod nested3 | -| main.rs:499:5:499:29 | ...::nested4 | my2/nested2.rs:2:5:10:5 | mod nested4 | -| main.rs:499:5:499:32 | ...::f | my2/nested2.rs:3:9:5:9 | fn f | -| main.rs:500:5:500:5 | f | my2/nested2.rs:3:9:5:9 | fn f | -| main.rs:501:5:501:5 | g | my2/nested2.rs:7:9:9:9 | fn g | -| main.rs:502:5:502:9 | crate | main.rs:0:0:0:0 | Crate(main@0.0.1) | -| main.rs:502:5:502:12 | ...::h | main.rs:50:1:69:1 | fn h | -| main.rs:503:5:503:6 | m1 | main.rs:13:1:37:1 | mod m1 | -| main.rs:503:5:503:10 | ...::m2 | main.rs:18:5:36:5 | mod m2 | -| main.rs:503:5:503:13 | ...::g | main.rs:23:9:27:9 | fn g | -| main.rs:504:5:504:6 | m1 | main.rs:13:1:37:1 | mod m1 | -| main.rs:504:5:504:10 | ...::m2 | main.rs:18:5:36:5 | mod m2 | -| main.rs:504:5:504:14 | ...::m3 | main.rs:29:9:35:9 | mod m3 | -| main.rs:504:5:504:17 | ...::h | main.rs:30:27:34:13 | fn h | -| main.rs:505:5:505:6 | m4 | main.rs:39:1:46:1 | mod m4 | -| main.rs:505:5:505:9 | ...::i | main.rs:42:5:45:5 | fn i | -| main.rs:506:5:506:5 | h | main.rs:50:1:69:1 | fn h | -| main.rs:507:5:507:11 | f_alias | my2/nested2.rs:3:9:5:9 | fn f | -| main.rs:508:5:508:11 | g_alias | my2/nested2.rs:7:9:9:9 | fn g | -| main.rs:509:5:509:5 | j | main.rs:97:1:101:1 | fn j | -| main.rs:510:5:510:6 | m6 | main.rs:109:1:120:1 | mod m6 | -| main.rs:510:5:510:9 | ...::g | main.rs:114:5:119:5 | fn g | -| main.rs:511:5:511:6 | m7 | main.rs:122:1:137:1 | mod m7 | -| main.rs:511:5:511:9 | ...::f | main.rs:129:5:136:5 | fn f | -| main.rs:512:5:512:6 | m8 | main.rs:139:1:193:1 | mod m8 | -| main.rs:512:5:512:9 | ...::g | main.rs:177:5:192:5 | fn g | -| main.rs:513:5:513:6 | m9 | main.rs:195:1:203:1 | mod m9 | -| main.rs:513:5:513:9 | ...::f | main.rs:198:5:202:5 | fn f | -| main.rs:514:5:514:7 | m11 | main.rs:226:1:263:1 | mod m11 | -| main.rs:514:5:514:10 | ...::f | main.rs:231:5:234:5 | fn f | -| main.rs:515:5:515:7 | m15 | main.rs:294:1:348:1 | mod m15 | -| main.rs:515:5:515:10 | ...::f | main.rs:335:5:347:5 | fn f | -| main.rs:516:5:516:7 | m16 | main.rs:350:1:442:1 | mod m16 | -| main.rs:516:5:516:10 | ...::f | main.rs:417:5:441:5 | fn f | -| main.rs:517:5:517:7 | m17 | main.rs:444:1:474:1 | mod m17 | -| main.rs:517:5:517:10 | ...::f | main.rs:468:5:473:5 | fn f | -| main.rs:518:5:518:11 | nested6 | my2/nested2.rs:14:5:18:5 | mod nested6 | -| main.rs:518:5:518:14 | ...::f | my2/nested2.rs:15:9:17:9 | fn f | -| main.rs:519:5:519:11 | nested8 | my2/nested2.rs:22:5:26:5 | mod nested8 | -| main.rs:519:5:519:14 | ...::f | my2/nested2.rs:23:9:25:9 | fn f | -| main.rs:520:5:520:7 | my3 | my2/mod.rs:12:1:12:12 | mod my3 | -| main.rs:520:5:520:10 | ...::f | my2/my3/mod.rs:1:1:5:1 | fn f | -| main.rs:521:5:521:12 | nested_f | my/my4/my5/mod.rs:1:1:3:1 | fn f | -| main.rs:522:5:522:7 | m18 | main.rs:476:1:494:1 | mod m18 | -| main.rs:522:5:522:12 | ...::m19 | main.rs:481:5:493:5 | mod m19 | -| main.rs:522:5:522:17 | ...::m20 | main.rs:486:9:492:9 | mod m20 | -| main.rs:522:5:522:20 | ...::g | main.rs:487:13:491:13 | fn g | +| main.rs:507:13:507:17 | super | main.rs:496:1:521:1 | mod m21 | +| main.rs:507:13:507:22 | ...::m22 | main.rs:497:5:503:5 | mod m22 | +| main.rs:507:13:507:30 | ...::MyEnum | main.rs:498:9:500:9 | enum MyEnum | +| main.rs:508:13:508:16 | self | main.rs:497:5:503:5 | mod m22 | +| main.rs:512:13:512:17 | super | main.rs:496:1:521:1 | mod m21 | +| main.rs:512:13:512:22 | ...::m22 | main.rs:497:5:503:5 | mod m22 | +| main.rs:512:13:512:32 | ...::MyStruct | main.rs:502:9:502:28 | struct MyStruct | +| main.rs:513:13:513:16 | self | main.rs:497:5:503:5 | mod m22 | +| main.rs:524:5:524:6 | my | main.rs:1:1:1:7 | mod my | +| main.rs:524:5:524:14 | ...::nested | my.rs:1:1:1:15 | mod nested | +| main.rs:524:5:524:23 | ...::nested1 | my/nested.rs:1:1:17:1 | mod nested1 | +| main.rs:524:5:524:32 | ...::nested2 | my/nested.rs:2:5:11:5 | mod nested2 | +| main.rs:524:5:524:35 | ...::f | my/nested.rs:3:9:5:9 | fn f | +| main.rs:525:5:525:6 | my | main.rs:1:1:1:7 | mod my | +| main.rs:525:5:525:9 | ...::f | my.rs:5:1:7:1 | fn f | +| main.rs:526:5:526:11 | nested2 | my2/mod.rs:1:1:1:16 | mod nested2 | +| main.rs:526:5:526:20 | ...::nested3 | my2/nested2.rs:1:1:11:1 | mod nested3 | +| main.rs:526:5:526:29 | ...::nested4 | my2/nested2.rs:2:5:10:5 | mod nested4 | +| main.rs:526:5:526:32 | ...::f | my2/nested2.rs:3:9:5:9 | fn f | +| main.rs:527:5:527:5 | f | my2/nested2.rs:3:9:5:9 | fn f | +| main.rs:528:5:528:5 | g | my2/nested2.rs:7:9:9:9 | fn g | +| main.rs:529:5:529:9 | crate | main.rs:0:0:0:0 | Crate(main@0.0.1) | +| main.rs:529:5:529:12 | ...::h | main.rs:50:1:69:1 | fn h | +| main.rs:530:5:530:6 | m1 | main.rs:13:1:37:1 | mod m1 | +| main.rs:530:5:530:10 | ...::m2 | main.rs:18:5:36:5 | mod m2 | +| main.rs:530:5:530:13 | ...::g | main.rs:23:9:27:9 | fn g | +| main.rs:531:5:531:6 | m1 | main.rs:13:1:37:1 | mod m1 | +| main.rs:531:5:531:10 | ...::m2 | main.rs:18:5:36:5 | mod m2 | +| main.rs:531:5:531:14 | ...::m3 | main.rs:29:9:35:9 | mod m3 | +| main.rs:531:5:531:17 | ...::h | main.rs:30:27:34:13 | fn h | +| main.rs:532:5:532:6 | m4 | main.rs:39:1:46:1 | mod m4 | +| main.rs:532:5:532:9 | ...::i | main.rs:42:5:45:5 | fn i | +| main.rs:533:5:533:5 | h | main.rs:50:1:69:1 | fn h | +| main.rs:534:5:534:11 | f_alias | my2/nested2.rs:3:9:5:9 | fn f | +| main.rs:535:5:535:11 | g_alias | my2/nested2.rs:7:9:9:9 | fn g | +| main.rs:536:5:536:5 | j | main.rs:97:1:101:1 | fn j | +| main.rs:537:5:537:6 | m6 | main.rs:109:1:120:1 | mod m6 | +| main.rs:537:5:537:9 | ...::g | main.rs:114:5:119:5 | fn g | +| main.rs:538:5:538:6 | m7 | main.rs:122:1:137:1 | mod m7 | +| main.rs:538:5:538:9 | ...::f | main.rs:129:5:136:5 | fn f | +| main.rs:539:5:539:6 | m8 | main.rs:139:1:193:1 | mod m8 | +| main.rs:539:5:539:9 | ...::g | main.rs:177:5:192:5 | fn g | +| main.rs:540:5:540:6 | m9 | main.rs:195:1:203:1 | mod m9 | +| main.rs:540:5:540:9 | ...::f | main.rs:198:5:202:5 | fn f | +| main.rs:541:5:541:7 | m11 | main.rs:226:1:263:1 | mod m11 | +| main.rs:541:5:541:10 | ...::f | main.rs:231:5:234:5 | fn f | +| main.rs:542:5:542:7 | m15 | main.rs:294:1:348:1 | mod m15 | +| main.rs:542:5:542:10 | ...::f | main.rs:335:5:347:5 | fn f | +| main.rs:543:5:543:7 | m16 | main.rs:350:1:442:1 | mod m16 | +| main.rs:543:5:543:10 | ...::f | main.rs:417:5:441:5 | fn f | +| main.rs:544:5:544:7 | m17 | main.rs:444:1:474:1 | mod m17 | +| main.rs:544:5:544:10 | ...::f | main.rs:468:5:473:5 | fn f | +| main.rs:545:5:545:11 | nested6 | my2/nested2.rs:14:5:18:5 | mod nested6 | +| main.rs:545:5:545:14 | ...::f | my2/nested2.rs:15:9:17:9 | fn f | +| main.rs:546:5:546:11 | nested8 | my2/nested2.rs:22:5:26:5 | mod nested8 | +| main.rs:546:5:546:14 | ...::f | my2/nested2.rs:23:9:25:9 | fn f | +| main.rs:547:5:547:7 | my3 | my2/mod.rs:12:1:12:12 | mod my3 | +| main.rs:547:5:547:10 | ...::f | my2/my3/mod.rs:1:1:5:1 | fn f | +| main.rs:548:5:548:12 | nested_f | my/my4/my5/mod.rs:1:1:3:1 | fn f | +| main.rs:549:5:549:7 | m18 | main.rs:476:1:494:1 | mod m18 | +| main.rs:549:5:549:12 | ...::m19 | main.rs:481:5:493:5 | mod m19 | +| main.rs:549:5:549:17 | ...::m20 | main.rs:486:9:492:9 | mod m20 | +| main.rs:549:5:549:20 | ...::g | main.rs:487:13:491:13 | fn g | | my2/mod.rs:5:5:5:11 | nested2 | my2/mod.rs:1:1:1:16 | mod nested2 | | my2/mod.rs:5:5:5:20 | ...::nested3 | my2/nested2.rs:1:1:11:1 | mod nested3 | | my2/mod.rs:5:5:5:29 | ...::nested4 | my2/nested2.rs:2:5:10:5 | mod nested4 | @@ -288,7 +299,7 @@ resolvePath | my2/my3/mod.rs:3:5:3:5 | g | my2/mod.rs:3:1:6:1 | fn g | | my2/my3/mod.rs:4:5:4:5 | h | main.rs:50:1:69:1 | fn h | | my2/my3/mod.rs:7:5:7:9 | super | my2/mod.rs:1:1:12:13 | SourceFile | -| my2/my3/mod.rs:7:5:7:16 | ...::super | main.rs:1:1:523:2 | SourceFile | +| my2/my3/mod.rs:7:5:7:16 | ...::super | main.rs:1:1:550:2 | SourceFile | | my2/my3/mod.rs:7:5:7:19 | ...::h | main.rs:50:1:69:1 | fn h | | my2/my3/mod.rs:8:5:8:9 | super | my2/mod.rs:1:1:12:13 | SourceFile | | my2/my3/mod.rs:8:5:8:12 | ...::g | my2/mod.rs:3:1:6:1 | fn g | From f09c3c5813f00810c76b0267e0e173e5ce53b0f1 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Mon, 31 Mar 2025 11:14:07 +0200 Subject: [PATCH 217/409] Rust: Handle `self` enum/struct uses --- rust/ql/lib/codeql/rust/internal/PathResolution.qll | 4 +++- rust/ql/test/library-tests/path-resolution/main.rs | 6 +++--- .../library-tests/path-resolution/path-resolution.expected | 6 ++++-- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/rust/ql/lib/codeql/rust/internal/PathResolution.qll b/rust/ql/lib/codeql/rust/internal/PathResolution.qll index ea4e4774d8b..9d0829f95a0 100644 --- a/rust/ql/lib/codeql/rust/internal/PathResolution.qll +++ b/rust/ql/lib/codeql/rust/internal/PathResolution.qll @@ -181,7 +181,9 @@ abstract class ItemNode extends Locatable { else result = this.getImmediateParentModule().getImmediateParentModule() or name = "self" and - if this instanceof Module then result = this else result = this.getImmediateParentModule() + if this instanceof Module or this instanceof Enum or this instanceof Struct + then result = this + else result = this.getImmediateParentModule() or name = "Self" and this = result.(ImplOrTraitItemNode).getAnItemInSelfScope() diff --git a/rust/ql/test/library-tests/path-resolution/main.rs b/rust/ql/test/library-tests/path-resolution/main.rs index c6235ae780e..bbbb7006401 100644 --- a/rust/ql/test/library-tests/path-resolution/main.rs +++ b/rust/ql/test/library-tests/path-resolution/main.rs @@ -505,17 +505,17 @@ mod m21 { mod m33 { #[rustfmt::skip] use super::m22::MyEnum::{ // $ item=I105 - self // $ MISSING: item=I105 $ SPURIOUS: item=I107 + self // $ item=I105 }; #[rustfmt::skip] use super::m22::MyStruct::{ // $ item=I106 - self // $ MISSING: item=I106 $ SPURIOUS: item=I107 + self // $ item=I106 }; fn f() { let _ = MyEnum::A; // $ MISSING: item=I104 - let _ = MyStruct {}; // $ MISSING: item=I106 + let _ = MyStruct {}; // $ item=I106 } } } diff --git a/rust/ql/test/library-tests/path-resolution/path-resolution.expected b/rust/ql/test/library-tests/path-resolution/path-resolution.expected index 4fdb0d7843b..f012a7488b8 100644 --- a/rust/ql/test/library-tests/path-resolution/path-resolution.expected +++ b/rust/ql/test/library-tests/path-resolution/path-resolution.expected @@ -226,11 +226,13 @@ resolvePath | main.rs:507:13:507:17 | super | main.rs:496:1:521:1 | mod m21 | | main.rs:507:13:507:22 | ...::m22 | main.rs:497:5:503:5 | mod m22 | | main.rs:507:13:507:30 | ...::MyEnum | main.rs:498:9:500:9 | enum MyEnum | -| main.rs:508:13:508:16 | self | main.rs:497:5:503:5 | mod m22 | +| main.rs:508:13:508:16 | self | main.rs:498:9:500:9 | enum MyEnum | | main.rs:512:13:512:17 | super | main.rs:496:1:521:1 | mod m21 | | main.rs:512:13:512:22 | ...::m22 | main.rs:497:5:503:5 | mod m22 | | main.rs:512:13:512:32 | ...::MyStruct | main.rs:502:9:502:28 | struct MyStruct | -| main.rs:513:13:513:16 | self | main.rs:497:5:503:5 | mod m22 | +| main.rs:513:13:513:16 | self | main.rs:502:9:502:28 | struct MyStruct | +| main.rs:517:21:517:26 | MyEnum | main.rs:498:9:500:9 | enum MyEnum | +| main.rs:518:21:518:28 | MyStruct | main.rs:502:9:502:28 | struct MyStruct | | main.rs:524:5:524:6 | my | main.rs:1:1:1:7 | mod my | | main.rs:524:5:524:14 | ...::nested | my.rs:1:1:1:15 | mod nested | | main.rs:524:5:524:23 | ...::nested1 | my/nested.rs:1:1:17:1 | mod nested1 | From 4b3816e14edcb4c6f70c3ae74d186c4b6e79e1d6 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Mon, 31 Mar 2025 11:20:18 +0200 Subject: [PATCH 218/409] Rust: Variants inherit visibility from their parent enum --- rust/ql/lib/codeql/rust/internal/PathResolution.qll | 2 +- rust/ql/test/library-tests/path-resolution/main.rs | 2 +- .../test/library-tests/path-resolution/path-resolution.expected | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/rust/ql/lib/codeql/rust/internal/PathResolution.qll b/rust/ql/lib/codeql/rust/internal/PathResolution.qll index 9d0829f95a0..27fa622ff70 100644 --- a/rust/ql/lib/codeql/rust/internal/PathResolution.qll +++ b/rust/ql/lib/codeql/rust/internal/PathResolution.qll @@ -321,7 +321,7 @@ private class VariantItemNode extends ItemNode instanceof Variant { result = super.getEnum().getGenericParamList().getTypeParam(i) } - override Visibility getVisibility() { result = Variant.super.getVisibility() } + override Visibility getVisibility() { result = super.getEnum().getVisibility() } } class FunctionItemNode extends AssocItemNode instanceof Function { diff --git a/rust/ql/test/library-tests/path-resolution/main.rs b/rust/ql/test/library-tests/path-resolution/main.rs index bbbb7006401..3d54b1a4b6a 100644 --- a/rust/ql/test/library-tests/path-resolution/main.rs +++ b/rust/ql/test/library-tests/path-resolution/main.rs @@ -514,7 +514,7 @@ mod m21 { }; fn f() { - let _ = MyEnum::A; // $ MISSING: item=I104 + let _ = MyEnum::A; // $ item=I104 let _ = MyStruct {}; // $ item=I106 } } diff --git a/rust/ql/test/library-tests/path-resolution/path-resolution.expected b/rust/ql/test/library-tests/path-resolution/path-resolution.expected index f012a7488b8..a7ead02db84 100644 --- a/rust/ql/test/library-tests/path-resolution/path-resolution.expected +++ b/rust/ql/test/library-tests/path-resolution/path-resolution.expected @@ -232,6 +232,7 @@ resolvePath | main.rs:512:13:512:32 | ...::MyStruct | main.rs:502:9:502:28 | struct MyStruct | | main.rs:513:13:513:16 | self | main.rs:502:9:502:28 | struct MyStruct | | main.rs:517:21:517:26 | MyEnum | main.rs:498:9:500:9 | enum MyEnum | +| main.rs:517:21:517:29 | ...::A | main.rs:499:13:499:13 | A | | main.rs:518:21:518:28 | MyStruct | main.rs:502:9:502:28 | struct MyStruct | | main.rs:524:5:524:6 | my | main.rs:1:1:1:7 | mod my | | main.rs:524:5:524:14 | ...::nested | my.rs:1:1:1:15 | mod nested | From f4e93826221c7a0bbeb4ffab81d2687d5c794961 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Mon, 31 Mar 2025 11:20:44 +0200 Subject: [PATCH 219/409] Rust: Take prelude into account when resolving paths --- .../hello-project/summary.expected | 2 +- .../hello-workspace/summary.cargo.expected | 2 +- .../summary.rust-project.expected | 2 +- .../codeql/rust/dataflow/internal/Content.qll | 2 - .../rust/dataflow/internal/DataFlowImpl.qll | 134 +----------------- .../dataflow/internal/FlowSummaryImpl.qll | 21 ++- .../rust/elements/internal/EnumImpl.qll | 9 ++ .../rust/elements/internal/PathImpl.qll | 12 ++ .../codeql/rust/frameworks/stdlib/Stdlib.qll | 45 ++++++ .../lib/codeql/rust/internal/CachedStages.qll | 35 ++++- .../codeql/rust/internal/PathResolution.qll | 120 +++++++++++++--- .../internal/PathResolutionConsistency.qll | 8 +- rust/ql/lib/codeql/rust/internal/Type.qll | 2 +- .../codeql/rust/internal/TypeInference.qll | 2 +- .../PathResolutionConsistency.expected | 2 +- .../PathResolutionConsistency.expected | 2 +- .../PathResolutionConsistency.expected | 3 - .../path-resolution/path-resolution.ql | 4 +- .../diagnostics/SummaryStats.expected | 2 +- 19 files changed, 237 insertions(+), 172 deletions(-) diff --git a/rust/ql/integration-tests/hello-project/summary.expected b/rust/ql/integration-tests/hello-project/summary.expected index 1dd49972c22..a4b0d0a1641 100644 --- a/rust/ql/integration-tests/hello-project/summary.expected +++ b/rust/ql/integration-tests/hello-project/summary.expected @@ -15,7 +15,7 @@ | Macro calls - resolved | 2 | | Macro calls - total | 2 | | Macro calls - unresolved | 0 | -| Taint edges - number of edges | 1674 | +| Taint edges - number of edges | 1691 | | Taint reach - nodes tainted | 0 | | Taint reach - per million nodes | 0 | | Taint sinks - cryptographic operations | 0 | diff --git a/rust/ql/integration-tests/hello-workspace/summary.cargo.expected b/rust/ql/integration-tests/hello-workspace/summary.cargo.expected index baaba2837e7..564cbfd7bc9 100644 --- a/rust/ql/integration-tests/hello-workspace/summary.cargo.expected +++ b/rust/ql/integration-tests/hello-workspace/summary.cargo.expected @@ -15,7 +15,7 @@ | Macro calls - resolved | 2 | | Macro calls - total | 2 | | Macro calls - unresolved | 0 | -| Taint edges - number of edges | 1674 | +| Taint edges - number of edges | 1691 | | Taint reach - nodes tainted | 0 | | Taint reach - per million nodes | 0 | | Taint sinks - cryptographic operations | 0 | diff --git a/rust/ql/integration-tests/hello-workspace/summary.rust-project.expected b/rust/ql/integration-tests/hello-workspace/summary.rust-project.expected index baaba2837e7..564cbfd7bc9 100644 --- a/rust/ql/integration-tests/hello-workspace/summary.rust-project.expected +++ b/rust/ql/integration-tests/hello-workspace/summary.rust-project.expected @@ -15,7 +15,7 @@ | Macro calls - resolved | 2 | | Macro calls - total | 2 | | Macro calls - unresolved | 0 | -| Taint edges - number of edges | 1674 | +| Taint edges - number of edges | 1691 | | Taint reach - nodes tainted | 0 | | Taint reach - per million nodes | 0 | | Taint sinks - cryptographic operations | 0 | diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/Content.qll b/rust/ql/lib/codeql/rust/dataflow/internal/Content.qll index ccdf8c763ca..95a5fa98bb4 100644 --- a/rust/ql/lib/codeql/rust/dataflow/internal/Content.qll +++ b/rust/ql/lib/codeql/rust/dataflow/internal/Content.qll @@ -255,8 +255,6 @@ cached newtype TContent = TTupleFieldContent(TupleField field) { Stages::DataFlowStage::ref() } or TStructFieldContent(StructField field) or - // TODO: Remove once library types are extracted - TVariantInLibTupleFieldContent(VariantInLib::VariantInLib v, int pos) { pos = v.getAPosition() } or TElementContent() or TFutureContent() or TTuplePositionContent(int pos) { diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll b/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll index 60aa10016be..91af72fce4e 100644 --- a/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll +++ b/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll @@ -296,125 +296,6 @@ module LocalFlow { } } -/** - * Provides temporary modeling of built-in variants, for which no source code - * `Item`s are available. - * - * TODO: Remove once library code is extracted. - */ -module VariantInLib { - private import codeql.util.Option - - private class CrateOrigin extends string { - CrateOrigin() { this = any(Resolvable r).getResolvedCrateOrigin() } - } - - private class CrateOriginOption = Option::Option; - - private CrateOriginOption langCoreCrate() { result.asSome() = "lang:core" } - - private newtype TVariantInLib = - MkVariantInLib(CrateOriginOption crate, string path, string name) { - crate = langCoreCrate() and - ( - path = "crate::option::Option" and - name = "Some" - or - path = "crate::result::Result" and - name = ["Ok", "Err"] - ) - } - - /** An enum variant from library code, represented by the enum's canonical path and the variant's name. */ - class VariantInLib extends MkVariantInLib { - CrateOriginOption crate; - string path; - string name; - - VariantInLib() { this = MkVariantInLib(crate, path, name) } - - int getAPosition() { - this = MkVariantInLib(langCoreCrate(), "crate::option::Option", "Some") and - result = 0 - or - this = MkVariantInLib(langCoreCrate(), "crate::result::Result", ["Ok", "Err"]) and - result = 0 - } - - string getExtendedCanonicalPath() { result = path + "::" + name } - - string toString() { result = name } - } - - /** A tuple variant from library code. */ - class VariantInLibTupleFieldContent extends Content, TVariantInLibTupleFieldContent { - private VariantInLib::VariantInLib v; - private int pos_; - - VariantInLibTupleFieldContent() { this = TVariantInLibTupleFieldContent(v, pos_) } - - VariantInLib::VariantInLib getVariantInLib(int pos) { result = v and pos = pos_ } - - string getExtendedCanonicalPath() { result = v.getExtendedCanonicalPath() } - - int getPosition() { result = pos_ } - - final override string toString() { - // only print indices when the arity is > 1 - if exists(TVariantInLibTupleFieldContent(v, 1)) - then result = v.toString() + "(" + pos_ + ")" - else result = v.toString() - } - - final override Location getLocation() { result instanceof EmptyLocation } - } - - pragma[nomagic] - private predicate resolveExtendedCanonicalPath(Resolvable r, CrateOriginOption crate, string path) { - path = r.getResolvedPath() and - ( - crate.asSome() = r.getResolvedCrateOrigin() - or - crate.isNone() and - not r.hasResolvedCrateOrigin() - ) - } - - /** Holds if path `p` resolves to variant `v`. */ - private predicate pathResolveToVariantInLib(PathAstNode p, VariantInLib v) { - exists(CrateOriginOption crate, string path, string name | - resolveExtendedCanonicalPath(p, pragma[only_bind_into](crate), path + "::" + name) and - v = MkVariantInLib(pragma[only_bind_into](crate), path, name) - ) - } - - /** Holds if `p` destructs an enum variant `v`. */ - pragma[nomagic] - private predicate tupleVariantCanonicalDestruction(TupleStructPat p, VariantInLib v) { - pathResolveToVariantInLib(p, v) - } - - bindingset[pos] - predicate tupleVariantCanonicalDestruction( - TupleStructPat pat, VariantInLibTupleFieldContent c, int pos - ) { - tupleVariantCanonicalDestruction(pat, c.getVariantInLib(pos)) - } - - /** Holds if `ce` constructs an enum value of type `v`. */ - pragma[nomagic] - private predicate tupleVariantCanonicalConstruction(CallExpr ce, VariantInLib v) { - pathResolveToVariantInLib(ce.getFunction().(PathExpr), v) - } - - bindingset[pos] - predicate tupleVariantCanonicalConstruction(CallExpr ce, VariantInLibTupleFieldContent c, int pos) { - tupleVariantCanonicalConstruction(ce, c.getVariantInLib(pos)) - } -} - -class VariantInLibTupleFieldContent = VariantInLib::VariantInLibTupleFieldContent; - class LambdaCallKind = Unit; /** Holds if `creation` is an expression that creates a lambda of kind `kind`. */ @@ -480,6 +361,7 @@ module RustDataFlow implements InputSig { private import Aliases private import codeql.rust.dataflow.DataFlow private import Node as Node + private import codeql.rust.frameworks.stdlib.Stdlib /** * An element, viewed as a node in a data flow graph. Either an expression @@ -665,11 +547,8 @@ module RustDataFlow implements InputSig { exists(Content c | c = cs.(SingletonContentSet).getContent() | exists(TupleStructPatCfgNode pat, int pos | pat = node1.asPat() and - node2.asPat() = pat.getField(pos) - | + node2.asPat() = pat.getField(pos) and c = TTupleFieldContent(pat.getTupleStructPat().getTupleField(pos)) - or - VariantInLib::tupleVariantCanonicalDestruction(pat.getPat(), c, pos) ) or exists(TuplePatCfgNode pat, int pos | @@ -714,8 +593,8 @@ module RustDataFlow implements InputSig { exists(TryExprCfgNode try | node1.asExpr() = try.getExpr() and node2.asExpr() = try and - c.(VariantInLibTupleFieldContent).getVariantInLib(0).getExtendedCanonicalPath() = - ["crate::option::Option::Some", "crate::result::Result::Ok"] + c.(TupleFieldContent) + .isVariantField([any(OptionEnum o).getSome(), any(ResultEnum r).getOk()], 0) ) or exists(PrefixExprCfgNode deref | @@ -791,11 +670,8 @@ module RustDataFlow implements InputSig { private predicate storeContentStep(Node node1, Content c, Node node2) { exists(CallExprCfgNode call, int pos | node1.asExpr() = call.getArgument(pragma[only_bind_into](pos)) and - node2.asExpr() = call - | + node2.asExpr() = call and c = TTupleFieldContent(call.getCallExpr().getTupleField(pragma[only_bind_into](pos))) - or - VariantInLib::tupleVariantCanonicalConstruction(call.getCallExpr(), c, pos) ) or exists(StructExprCfgNode re, string field | diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/FlowSummaryImpl.qll b/rust/ql/lib/codeql/rust/dataflow/internal/FlowSummaryImpl.qll index e1cf87397b9..62cc47dfc0d 100644 --- a/rust/ql/lib/codeql/rust/dataflow/internal/FlowSummaryImpl.qll +++ b/rust/ql/lib/codeql/rust/dataflow/internal/FlowSummaryImpl.qll @@ -11,6 +11,7 @@ private import Content module Input implements InputSig { private import codeql.rust.elements.internal.CallExprBaseImpl::Impl as CallExprBaseImpl + private import codeql.rust.frameworks.stdlib.Stdlib class SummarizedCallableBase = string; @@ -66,9 +67,20 @@ module Input implements InputSig { exists(Content c | cs = TSingletonContentSet(c) | result = "Field" and ( - exists(Addressable a, int pos | + exists(Addressable a, int pos, string prefix | // TODO: calculate in QL - arg = a.getExtendedCanonicalPath() + "(" + pos + ")" + arg = prefix + "(" + pos + ")" and + ( + prefix = a.getExtendedCanonicalPath() + or + a = any(OptionEnum o).getSome() and + prefix = "crate::option::Option::Some" + or + exists(string name | + a = any(ResultEnum r).getVariant(name) and + prefix = "crate::result::Result::" + name + ) + ) | c.(TupleFieldContent).isStructField(a, pos) or @@ -84,11 +96,6 @@ module Input implements InputSig { c.(StructFieldContent).isVariantField(a, field) ) or - c = - any(VariantInLibTupleFieldContent v | - arg = v.getExtendedCanonicalPath() + "(" + v.getPosition() + ")" - ) - or exists(int pos | c = TTuplePositionContent(pos) and arg = pos.toString() diff --git a/rust/ql/lib/codeql/rust/elements/internal/EnumImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/EnumImpl.qll index a298aa7319f..39663b6a0e0 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/EnumImpl.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/EnumImpl.qll @@ -11,6 +11,8 @@ private import codeql.rust.elements.internal.generated.Enum * be referenced directly. */ module Impl { + private import rust + // the following QLdoc is generated: if you need to edit it, do it in the schema file /** * A Enum. For example: @@ -20,5 +22,12 @@ module Impl { */ class Enum extends Generated::Enum { override string toStringImpl() { result = "enum " + this.getName().getText() } + + /** Gets the variant named `name`, if any. */ + pragma[nomagic] + Variant getVariant(string name) { + result = this.getVariantList().getAVariant() and + result.getName().getText() = name + } } } diff --git a/rust/ql/lib/codeql/rust/elements/internal/PathImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/PathImpl.qll index 92c6f25fbeb..f1450b17521 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/PathImpl.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/PathImpl.qll @@ -40,6 +40,18 @@ module Impl { */ pragma[nomagic] string getText() { result = this.getSegment().getIdentifier().getText() } + + /** + * Gets the full text of this path, including the qualifier. + * + * Should only be used for debugging purposes. + */ + string toStringDebug() { + not this.hasQualifier() and + result = this.getText() + or + result = this.getQualifier().toStringDebug() + "::" + this.getText() + } } /** A simple identifier path. */ diff --git a/rust/ql/lib/codeql/rust/frameworks/stdlib/Stdlib.qll b/rust/ql/lib/codeql/rust/frameworks/stdlib/Stdlib.qll index 9fc0e70833b..0ba90bc2e34 100644 --- a/rust/ql/lib/codeql/rust/frameworks/stdlib/Stdlib.qll +++ b/rust/ql/lib/codeql/rust/frameworks/stdlib/Stdlib.qll @@ -21,3 +21,48 @@ private class StartswithCall extends Path::SafeAccessCheck::Range, CfgNodes::Met branch = true } } + +/** + * The [`Option` enum][1]. + * + * [1]: https://doc.rust-lang.org/std/option/enum.Option.html + */ +class OptionEnum extends Enum { + OptionEnum() { + // todo: replace with canonical path, once calculated in QL + exists(Crate core, Module m | + core.getName() = "core" and + m = core.getModule().getItemList().getAnItem() and + m.getName().getText() = "option" and + this = m.getItemList().getAnItem() and + this.getName().getText() = "Option" + ) + } + + /** Gets the `Some` variant. */ + Variant getSome() { result = this.getVariant("Some") } +} + +/** + * The [`Result` enum][1]. + * + * [1]: https://doc.rust-lang.org/stable/std/result/enum.Result.html + */ +class ResultEnum extends Enum { + ResultEnum() { + // todo: replace with canonical path, once calculated in QL + exists(Crate core, Module m | + core.getName() = "core" and + m = core.getModule().getItemList().getAnItem() and + m.getName().getText() = "result" and + this = m.getItemList().getAnItem() and + this.getName().getText() = "Result" + ) + } + + /** Gets the `Ok` variant. */ + Variant getOk() { result = this.getVariant("Ok") } + + /** Gets the `Err` variant. */ + Variant getErr() { result = this.getVariant("Err") } +} diff --git a/rust/ql/lib/codeql/rust/internal/CachedStages.qll b/rust/ql/lib/codeql/rust/internal/CachedStages.qll index d9ad8e1fbc1..41e81919569 100644 --- a/rust/ql/lib/codeql/rust/internal/CachedStages.qll +++ b/rust/ql/lib/codeql/rust/internal/CachedStages.qll @@ -95,17 +95,48 @@ module Stages { } } + /** + * The path resolution stage. + */ + cached + module PathResolutionStage { + private import codeql.rust.internal.PathResolution + + /** + * Always holds. + * Ensures that a predicate is evaluated as part of the path resolution stage. + */ + cached + predicate ref() { 1 = 1 } + + /** + * DO NOT USE! + * + * Contains references to each predicate that use the above `ref` predicate. + */ + cached + predicate backref() { + 1 = 1 + or + exists(resolvePath(_)) + or + exists(any(ItemNode i).getASuccessor(_)) + or + exists(any(ItemNode i).getASuccessorRec(_)) + } + } + /** * The type inference stage. */ cached - module TypeInference { + module TypeInferenceStage { private import codeql.rust.internal.Type private import codeql.rust.internal.TypeInference /** * Always holds. - * Ensures that a predicate is evaluated as part of the CFG stage. + * Ensures that a predicate is evaluated as part of the type inference stage. */ cached predicate ref() { 1 = 1 } diff --git a/rust/ql/lib/codeql/rust/internal/PathResolution.qll b/rust/ql/lib/codeql/rust/internal/PathResolution.qll index 27fa622ff70..e5a6763525e 100644 --- a/rust/ql/lib/codeql/rust/internal/PathResolution.qll +++ b/rust/ql/lib/codeql/rust/internal/PathResolution.qll @@ -4,6 +4,7 @@ private import rust private import codeql.rust.elements.internal.generated.ParentChild +private import codeql.rust.internal.CachedStages private newtype TNamespace = TTypeNamespace() or @@ -115,8 +116,9 @@ abstract class ItemNode extends Locatable { result = this.(SourceFileItemNode).getSuper() } - pragma[nomagic] + cached ItemNode getASuccessorRec(string name) { + Stages::PathResolutionStage::ref() and sourceFileEdge(this, name, result) or this = result.getImmediateParent() and @@ -171,10 +173,13 @@ abstract class ItemNode extends Locatable { } /** Gets a successor named `name` of this item, if any. */ - pragma[nomagic] + cached ItemNode getASuccessor(string name) { + Stages::PathResolutionStage::ref() and result = this.getASuccessorRec(name) or + preludeEdge(this, name, result) + or name = "super" and if this instanceof Module or this instanceof SourceFile then result = this.getImmediateParentModule() @@ -195,6 +200,16 @@ abstract class ItemNode extends Locatable { or this = crate.getModuleNode() ) + or + // todo: implement properly + name = "$crate" and + result = + any(CrateItemNode crate | + this = crate.getASourceFile() + or + this = crate.getModuleNode() + ).(Crate).getADependency*() and + result.(CrateItemNode).isPotentialDollarCrateTarget() } /** Gets the location of this item. */ @@ -214,6 +229,16 @@ abstract private class ModuleLikeNode extends ItemNode { not mid instanceof ModuleLikeNode ) } + + /** + * Holds if this is a root module, meaning either a source file or + * the entry module of a crate. + */ + predicate isRoot() { + this instanceof SourceFileItemNode + or + this = any(CrateItemNode c).getModuleNode() + } } private class SourceFileItemNode extends ModuleLikeNode, SourceFile { @@ -269,6 +294,14 @@ class CrateItemNode extends ItemNode instanceof Crate { ) } + pragma[nomagic] + predicate isPotentialDollarCrateTarget() { + exists(string name, RelevantPath p | + p.isDollarCrateQualifiedPath(name) and + exists(this.getASuccessor(name)) + ) + } + override string getName() { result = Crate.super.getName() } override Namespace getNamespace() { @@ -488,6 +521,7 @@ class TraitItemNode extends ImplOrTraitItemNode instanceof Trait { result = super.getTypeBoundList().getABound().getTypeRepr().(PathTypeRepr).getPath() } + pragma[nomagic] ItemNode resolveABound() { result = resolvePath(this.getABoundPath()) } override AssocItemNode getAnAssocItem() { result = super.getAssocItemList().getAnAssocItem() } @@ -549,6 +583,7 @@ private class TypeParamItemNode extends ItemNode instanceof TypeParam { result = super.getTypeBoundList().getABound().getTypeRepr().(PathTypeRepr).getPath() } + pragma[nomagic] ItemNode resolveABound() { result = resolvePath(this.getABoundPath()) } /** @@ -769,7 +804,7 @@ private predicate declares(ItemNode item, Namespace ns, string name) { } /** A path that does not access a local variable. */ -private class RelevantPath extends Path { +class RelevantPath extends Path { RelevantPath() { not this = any(VariableAccess va).(PathExpr).getPath() } pragma[nomagic] @@ -778,6 +813,19 @@ private class RelevantPath extends Path { not this = any(UseTreeList list).getAUseTree().getPath() and name = this.getText() } + + pragma[nomagic] + predicate isCratePath(string name, ItemNode encl) { + name = ["crate", "$crate"] and + this.isUnqualified(name) and + encl.getADescendant() = this + } + + pragma[nomagic] + predicate isDollarCrateQualifiedPath(string name) { + this.getQualifier().(RelevantPath).isCratePath("$crate", _) and + this.getText() = name + } } /** @@ -790,7 +838,8 @@ private predicate unqualifiedPathLookup(RelevantPath p, string name, Namespace n // lookup in the immediately enclosing item p.isUnqualified(name) and encl0.getADescendant() = p and - exists(ns) + exists(ns) and + not name = ["crate", "$crate"] or // lookup in an outer scope, but only if the item is not declared in inner scope exists(ItemNode mid | @@ -800,16 +849,12 @@ private predicate unqualifiedPathLookup(RelevantPath p, string name, Namespace n not ( name = "Self" and mid = any(ImplOrTraitItemNode i).getAnItemInSelfScope() - ) and - not ( - name = "crate" and - mid = any(CrateItemNode i).getASourceFile() ) | // nested modules do not have unqualified access to items from outer modules, - // except for items declared at top-level in the source file + // except for items declared at top-level in the root module if mid instanceof Module - then encl0.(SourceFileItemNode) = mid.getImmediateParent+() + then encl0 = mid.getImmediateParent+() and encl0.(ModuleLikeNode).isRoot() else encl0 = mid.getImmediateParent() ) | @@ -827,11 +872,29 @@ private ItemNode getASuccessor(ItemNode pred, string name, Namespace ns) { ns = result.getNamespace() } +private predicate isRoot(ItemNode root) { root.(ModuleLikeNode).isRoot() } + +private predicate hasCratePath(ItemNode i) { any(RelevantPath path).isCratePath(_, i) } + +private predicate hasChild(ItemNode parent, ItemNode child) { child.getImmediateParent() = parent } + +private predicate rootHasCratePathTc(ItemNode i1, ItemNode i2) = + doublyBoundedFastTC(hasChild/2, isRoot/1, hasCratePath/1)(i1, i2) + pragma[nomagic] private ItemNode unqualifiedPathLookup(RelevantPath path, Namespace ns) { exists(ItemNode encl, string name | - unqualifiedPathLookup(path, name, ns, encl) and - result = getASuccessor(encl, name, ns) + result = getASuccessor(encl, pragma[only_bind_into](name), ns) + | + unqualifiedPathLookup(path, name, ns, encl) + or + // For `($)crate`, jump directly to the root module + exists(ItemNode i | path.isCratePath(pragma[only_bind_into](name), i) | + encl.(ModuleLikeNode).isRoot() and + encl = i + or + rootHasCratePathTc(encl, i) + ) ) } @@ -1006,7 +1069,7 @@ private predicate useImportEdge(Use use, string name, ItemNode item) { item = getASuccessor(used, name, ns) and // glob imports can be shadowed not declares(encl, ns, name) and - not name = ["super", "self", "Self", "crate"] + not name = ["super", "self", "Self", "$crate", "crate"] ) else ( item = used and @@ -1021,19 +1084,42 @@ private predicate useImportEdge(Use use, string name, ItemNode item) { ) } +/** + * Holds if `i` is available inside `f` because it is reexported in [the prelude][1]. + * + * We don't yet have access to prelude information from the extractor, so for now + * we include all the preludes for Rust 2015, 2018, 2021, and 2024. + * + * [1]: https://doc.rust-lang.org/core/prelude/index.html + */ +private predicate preludeEdge(SourceFile f, string name, ItemNode i) { + exists(Crate core, ModuleItemNode mod, ModuleItemNode prelude, ModuleItemNode rust | + f = any(Crate c0 | core = c0.getDependency(_)).getASourceFile() and + core.getName() = "core" and + mod = core.getModule() and + prelude = mod.getASuccessorRec("prelude") and + rust = prelude.getASuccessorRec(["rust_2015", "rust_2018", "rust_2021", "rust_2024"]) and + i = rust.getASuccessorRec(name) and + not i instanceof Use + ) +} + /** Provides predicates for debugging the path resolution implementation. */ private module Debug { private Locatable getRelevantLocatable() { exists(string filepath, int startline, int startcolumn, int endline, int endcolumn | result.getLocation().hasLocationInfo(filepath, startline, startcolumn, endline, endcolumn) and - filepath.matches("%/main.rs") and - startline = [1, 3] + filepath.matches("%/test_logging.rs") and + startline = 163 ) } - predicate debugUnqualifiedPathLookup(RelevantPath p, string name, Namespace ns, ItemNode encl) { + predicate debugUnqualifiedPathLookup( + RelevantPath p, string name, Namespace ns, ItemNode encl, string path + ) { p = getRelevantLocatable() and - unqualifiedPathLookup(p, name, ns, encl) + unqualifiedPathLookup(p, name, ns, encl) and + path = p.toStringDebug() } ItemNode debugResolvePath(RelevantPath path) { diff --git a/rust/ql/lib/codeql/rust/internal/PathResolutionConsistency.qll b/rust/ql/lib/codeql/rust/internal/PathResolutionConsistency.qll index 75d4ac8a6e8..a8f581aabdf 100644 --- a/rust/ql/lib/codeql/rust/internal/PathResolutionConsistency.qll +++ b/rust/ql/lib/codeql/rust/internal/PathResolutionConsistency.qll @@ -9,6 +9,8 @@ private import PathResolution query predicate multiplePathResolutions(Path p, ItemNode i) { p.fromSource() and i = resolvePath(p) and + // known limitation for `$crate` + not p.getQualifier*().(RelevantPath).isUnqualified("$crate") and // `use foo::bar` may use both a type `bar` and a value `bar` not p = any(UseTree use | @@ -19,7 +21,7 @@ query predicate multiplePathResolutions(Path p, ItemNode i) { } /** Holds if `call` has multiple static call targets including `target`. */ -query predicate multipleStaticCallTargets(CallExprBase call, Callable target) { +query predicate multipleMethodCallTargets(MethodCallExpr call, Callable target) { target = call.getStaticTarget() and strictcount(call.getStaticTarget()) > 1 } @@ -43,8 +45,8 @@ int getPathResolutionInconsistencyCounts(string type) { type = "Multiple path resolutions" and result = count(Path p | multiplePathResolutions(p, _) | p) or - type = "Multiple static call targets" and - result = count(CallExprBase call | multipleStaticCallTargets(call, _) | call) + type = "Multiple static method call targets" and + result = count(CallExprBase call | multipleMethodCallTargets(call, _) | call) or type = "Multiple record fields" and result = count(FieldExpr fe | multipleStructFields(fe, _) | fe) diff --git a/rust/ql/lib/codeql/rust/internal/Type.qll b/rust/ql/lib/codeql/rust/internal/Type.qll index ef311fae6c8..d6000c606be 100644 --- a/rust/ql/lib/codeql/rust/internal/Type.qll +++ b/rust/ql/lib/codeql/rust/internal/Type.qll @@ -8,7 +8,7 @@ private import codeql.rust.internal.CachedStages cached newtype TType = - TStruct(Struct s) { Stages::TypeInference::ref() } or + TStruct(Struct s) { Stages::TypeInferenceStage::ref() } or TEnum(Enum e) or TTrait(Trait t) or TImpl(Impl i) or diff --git a/rust/ql/lib/codeql/rust/internal/TypeInference.qll b/rust/ql/lib/codeql/rust/internal/TypeInference.qll index ed6370f1638..48fd159fc2b 100644 --- a/rust/ql/lib/codeql/rust/internal/TypeInference.qll +++ b/rust/ql/lib/codeql/rust/internal/TypeInference.qll @@ -993,7 +993,7 @@ private module Cached { */ cached Type inferType(AstNode n, TypePath path) { - Stages::TypeInference::backref() and + Stages::TypeInferenceStage::ref() and result = inferAnnotatedType(n, path) or result = inferTypeEquality(n, path) diff --git a/rust/ql/test/extractor-tests/canonical_path/CONSISTENCY/PathResolutionConsistency.expected b/rust/ql/test/extractor-tests/canonical_path/CONSISTENCY/PathResolutionConsistency.expected index 2c09f55800f..fbc771e8851 100644 --- a/rust/ql/test/extractor-tests/canonical_path/CONSISTENCY/PathResolutionConsistency.expected +++ b/rust/ql/test/extractor-tests/canonical_path/CONSISTENCY/PathResolutionConsistency.expected @@ -1,3 +1,3 @@ -multipleStaticCallTargets +multipleMethodCallTargets | regular.rs:29:5:29:9 | s.g() | anonymous.rs:15:9:15:22 | fn g | | regular.rs:29:5:29:9 | s.g() | regular.rs:13:5:13:18 | fn g | diff --git a/rust/ql/test/extractor-tests/canonical_path_disabled/CONSISTENCY/PathResolutionConsistency.expected b/rust/ql/test/extractor-tests/canonical_path_disabled/CONSISTENCY/PathResolutionConsistency.expected index e66b1b5ee2e..849d19acbf0 100644 --- a/rust/ql/test/extractor-tests/canonical_path_disabled/CONSISTENCY/PathResolutionConsistency.expected +++ b/rust/ql/test/extractor-tests/canonical_path_disabled/CONSISTENCY/PathResolutionConsistency.expected @@ -1,3 +1,3 @@ -multipleStaticCallTargets +multipleMethodCallTargets | regular.rs:32:5:32:9 | s.g() | anonymous.rs:18:9:18:22 | fn g | | regular.rs:32:5:32:9 | s.g() | regular.rs:16:5:16:18 | fn g | diff --git a/rust/ql/test/library-tests/path-resolution/CONSISTENCY/PathResolutionConsistency.expected b/rust/ql/test/library-tests/path-resolution/CONSISTENCY/PathResolutionConsistency.expected index fa8dd32840b..9d4e175192b 100644 --- a/rust/ql/test/library-tests/path-resolution/CONSISTENCY/PathResolutionConsistency.expected +++ b/rust/ql/test/library-tests/path-resolution/CONSISTENCY/PathResolutionConsistency.expected @@ -1,6 +1,3 @@ multiplePathResolutions | main.rs:118:9:118:9 | f | main.rs:104:5:106:5 | fn f | | main.rs:118:9:118:9 | f | main.rs:110:5:112:5 | fn f | -multipleStaticCallTargets -| main.rs:118:9:118:11 | f(...) | main.rs:104:5:106:5 | fn f | -| main.rs:118:9:118:11 | f(...) | main.rs:110:5:112:5 | fn f | diff --git a/rust/ql/test/library-tests/path-resolution/path-resolution.ql b/rust/ql/test/library-tests/path-resolution/path-resolution.ql index e8aebeaa0ef..4fdcf39c6c6 100644 --- a/rust/ql/test/library-tests/path-resolution/path-resolution.ql +++ b/rust/ql/test/library-tests/path-resolution/path-resolution.ql @@ -5,4 +5,6 @@ import TestUtils query predicate mod(Module m) { toBeTested(m) } -query predicate resolvePath(Path p, ItemNode i) { toBeTested(p) and i = resolvePath(p) } +query predicate resolvePath(Path p, ItemNode i) { + toBeTested(p) and not p.isInMacroExpansion() and i = resolvePath(p) +} diff --git a/rust/ql/test/query-tests/diagnostics/SummaryStats.expected b/rust/ql/test/query-tests/diagnostics/SummaryStats.expected index d34cd849069..13cbcbdf4ef 100644 --- a/rust/ql/test/query-tests/diagnostics/SummaryStats.expected +++ b/rust/ql/test/query-tests/diagnostics/SummaryStats.expected @@ -15,7 +15,7 @@ | Macro calls - resolved | 8 | | Macro calls - total | 9 | | Macro calls - unresolved | 1 | -| Taint edges - number of edges | 1674 | +| Taint edges - number of edges | 1691 | | Taint reach - nodes tainted | 0 | | Taint reach - per million nodes | 0 | | Taint sinks - cryptographic operations | 0 | From ce19972aeff42c93b9594897831e1d7b99b4dc8c Mon Sep 17 00:00:00 2001 From: Anders Schack-Mulligen Date: Thu, 3 Apr 2025 16:16:20 +0200 Subject: [PATCH 220/409] SSA: Reinstate consistency check. --- shared/ssa/codeql/ssa/Ssa.qll | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/shared/ssa/codeql/ssa/Ssa.qll b/shared/ssa/codeql/ssa/Ssa.qll index dab99df65b4..5a18d128ab6 100644 --- a/shared/ssa/codeql/ssa/Ssa.qll +++ b/shared/ssa/codeql/ssa/Ssa.qll @@ -1408,6 +1408,18 @@ module Make Input> { not uncertainWriteDefinitionInput(_, def) } + /** Holds if a read is not dominated by a definition. */ + query predicate notDominatedByDef(Definition def, SourceVariable v, BasicBlock bb, int i) { + exists(BasicBlock bbDef, int iDef | def.definesAt(v, bbDef, iDef) | + SsaDefReachesNew::ssaDefReachesReadWithinBlock(v, def, bb, i) and + (bb != bbDef or i < iDef) + or + ssaDefReachesRead(v, def, bb, i) and + not SsaDefReachesNew::ssaDefReachesReadWithinBlock(v, def, bb, i) and + not def.definesAt(v, getImmediateBasicBlockDominator*(bb), _) + ) + } + /** Holds if the end of a basic block can be reached by multiple definitions. */ query predicate nonUniqueDefReachesEndOfBlock(Definition def, SourceVariable v, BasicBlock bb) { ssaDefReachesEndOfBlock(bb, def, v) and From a572ac60d28c8a2ab1c843fcd2c2e4025e31d87c Mon Sep 17 00:00:00 2001 From: Napalys Date: Thu, 3 Apr 2025 18:31:27 +0200 Subject: [PATCH 221/409] Added inline test expectations for `WebSocket` --- .../frameworks/WebSocket/browser.js | 18 +++++----- .../frameworks/WebSocket/client.js | 8 ++--- .../frameworks/WebSocket/server.js | 10 +++--- .../frameworks/WebSocket/sockjs.js | 8 ++--- .../frameworks/WebSocket/test.expected | 34 +++++++++---------- .../frameworks/WebSocket/test.qlref | 2 ++ 6 files changed, 41 insertions(+), 39 deletions(-) create mode 100644 javascript/ql/test/library-tests/frameworks/WebSocket/test.qlref diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/browser.js b/javascript/ql/test/library-tests/frameworks/WebSocket/browser.js index e138d397c7f..7e15bb532c5 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/browser.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/browser.js @@ -1,32 +1,32 @@ (function () { - const socket = new WebSocket('ws://localhost:8080'); + const socket = new WebSocket('ws://localhost:8080'); // $clientSocket socket.addEventListener('open', function (event) { - socket.send('Hi from browser!'); + socket.send('Hi from browser!'); // $clientSend }); socket.addEventListener('message', function (event) { console.log('Message from server ', event.data); - }); + }); // $clientReceive socket.onmessage = function (event) { console.log("Message from server 2", event.data) - }; + }; // $clientReceive })(); (function () { - var sock = new SockJS('http://0.0.0.0:9999/echo'); + var sock = new SockJS('http://0.0.0.0:9999/echo'); // $clientSocket sock.onopen = function () { - sock.send('test'); + sock.send('test'); // $clientSend }; sock.onmessage = function (e) { console.log('message', e.data); sock.close(); - }; + }; // $clientReceive sock.addEventListener('message', function (event) { console.log('Using addEventListener ', event.data); - }); -}) \ No newline at end of file + }); // $clientReceive +})(); diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/client.js b/javascript/ql/test/library-tests/frameworks/WebSocket/client.js index c98c71973bf..c49df5afc3c 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/client.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/client.js @@ -1,13 +1,13 @@ (function () { const WebSocket = require('ws'); - const ws = new WebSocket('ws://example.org'); + const ws = new WebSocket('ws://example.org'); // $clientSocket ws.on('open', function open() { - ws.send('Hi from client!'); + ws.send('Hi from client!'); // $clientSend }); ws.on('message', function incoming(data) { console.log(data); - }); -})(); \ No newline at end of file + }); // $clientReceive +})(); diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/server.js b/javascript/ql/test/library-tests/frameworks/WebSocket/server.js index d135f652b45..2f9173ecfc9 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/server.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/server.js @@ -3,11 +3,11 @@ const wss = new WebSocket.Server({ port: 8080 }); - wss.on('connection', function connection(ws) { - ws.on('message', function incoming(message) { + wss.on('connection', function connection(ws) { // $serverSocket + ws.on('message', function incoming(message) { // $remoteFlow console.log('received: %s', message); - }); + }); // $serverReceive - ws.send('Hi from server!'); + ws.send('Hi from server!'); // $serverSend }); -})(); \ No newline at end of file +})(); diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/sockjs.js b/javascript/ql/test/library-tests/frameworks/WebSocket/sockjs.js index 3616caf90fd..4b599cf5fed 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/sockjs.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/sockjs.js @@ -5,11 +5,11 @@ const sockjs = require('sockjs'); const app = express(); const server = http.createServer(app); const sockjs_echo = sockjs.createServer({}); -sockjs_echo.on('connection', function (conn) { - conn.on('data', function (message) { +sockjs_echo.on('connection', function (conn) { // $serverSocket + conn.on('data', function (message) { // $remoteFlow var data = JSON.parse(message); - conn.write(JSON.stringify(eval(data.test))); - }); + conn.write(JSON.stringify(eval(data.test))); // $serverSend + }); // $serverReceive }); sockjs_echo.installHandlers(server, { prefix: '/echo' }); diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected b/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected index 96c5aedb737..0ea8e8b690b 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected @@ -1,26 +1,17 @@ -clientSocket -| browser.js:2:17:2:52 | new Web ... :8080') | -| browser.js:19:13:19:50 | new Soc ... /echo') | -| client.js:4:13:4:45 | new Web ... e.org') | -clientSend -| browser.js:5:3:5:33 | socket. ... wser!') | -| browser.js:21:3:21:19 | sock.send('test') | -| client.js:7:3:7:28 | ws.send ... ient!') | clientReceive | browser.js:8:37:10:2 | functio ... ta);\\n\\t} | | browser.js:12:21:14:2 | functio ... ata)\\n\\t} | | browser.js:24:19:27:2 | functio ... e();\\n\\t} | | browser.js:29:35:31:2 | functio ... ta);\\n\\t} | | client.js:10:19:12:2 | functio ... ta);\\n\\t} | -serverSocket -| server.js:6:43:6:44 | ws | -| sockjs.js:8:40:8:43 | conn | -serverSend -| server.js:11:3:11:28 | ws.send ... rver!') | -| sockjs.js:11:9:11:51 | conn.wr ... test))) | -serverReceive -| server.js:7:3:9:4 | ws.on(' ... );\\n\\t\\t}) | -| sockjs.js:9:5:12:6 | conn.on ... \\n }) | +clientSend +| browser.js:5:3:5:33 | socket. ... wser!') | +| browser.js:21:3:21:19 | sock.send('test') | +| client.js:7:3:7:28 | ws.send ... ient!') | +clientSocket +| browser.js:2:17:2:52 | new Web ... :8080') | +| browser.js:19:13:19:50 | new Soc ... /echo') | +| client.js:4:13:4:45 | new Web ... e.org') | flowSteps | browser.js:5:15:5:32 | 'Hi from browser!' | server.js:7:38:7:44 | message | | browser.js:21:13:21:18 | 'test' | sockjs.js:9:31:9:37 | message | @@ -33,3 +24,12 @@ flowSteps remoteFlow | server.js:7:38:7:44 | message | | sockjs.js:9:31:9:37 | message | +serverReceive +| server.js:7:3:9:4 | ws.on(' ... );\\n\\t\\t}) | +| sockjs.js:9:5:12:6 | conn.on ... \\n }) | +serverSend +| server.js:11:3:11:28 | ws.send ... rver!') | +| sockjs.js:11:9:11:51 | conn.wr ... test))) | +serverSocket +| server.js:6:43:6:44 | ws | +| sockjs.js:8:40:8:43 | conn | diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/test.qlref b/javascript/ql/test/library-tests/frameworks/WebSocket/test.qlref new file mode 100644 index 00000000000..ab6773f15f9 --- /dev/null +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/test.qlref @@ -0,0 +1,2 @@ +query: test.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql From c7fad0966478a9ed43591bbde553e6f79c2f177f Mon Sep 17 00:00:00 2001 From: Napalys Date: Fri, 4 Apr 2025 08:33:26 +0200 Subject: [PATCH 222/409] Added test cases with custom exports/imports. --- .../frameworks/WebSocket/browser-custom.js | 34 +++++++++++++++++++ .../frameworks/WebSocket/browser.js | 3 ++ .../frameworks/WebSocket/client-custom.js | 13 +++++++ .../frameworks/WebSocket/client.js | 2 ++ .../frameworks/WebSocket/server-custom.js | 13 +++++++ .../frameworks/WebSocket/server.js | 2 ++ .../frameworks/WebSocket/test.expected | 3 ++ 7 files changed, 70 insertions(+) create mode 100644 javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js create mode 100644 javascript/ql/test/library-tests/frameworks/WebSocket/client-custom.js create mode 100644 javascript/ql/test/library-tests/frameworks/WebSocket/server-custom.js diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js b/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js new file mode 100644 index 00000000000..f14f1d19fa6 --- /dev/null +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js @@ -0,0 +1,34 @@ +import { MyWebSocket, MySockJS } from './browser.js'; + +(function () { + const socket = new MyWebSocket('ws://localhost:9080'); // $ MISSING: clientSocket + + socket.addEventListener('open', function (event) { + socket.send('Hi from browser!'); // $ MISSING: clientSend + }); + + socket.addEventListener('message', function (event) { + console.log('Message from server ', event.data); + }); // $ MISSING: clientReceive + + socket.onmessage = function (event) { + console.log("Message from server 2", event.data) + }; // $ MISSING: clientReceive +})(); + + +(function () { + var sock = new MySockJS('http://0.0.0.0:9999/echo'); // $ MISSING: clientSocket + sock.onopen = function () { + sock.send('test'); // $ MISSING: clientSend + }; + + sock.onmessage = function (e) { + console.log('message', e.data); + sock.close(); + }; // $ MISSING: clientReceive + + sock.addEventListener('message', function (event) { + console.log('Using addEventListener ', event.data); + }); // $ MISSING: clientReceive +})(); diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/browser.js b/javascript/ql/test/library-tests/frameworks/WebSocket/browser.js index 7e15bb532c5..2540abaf3e7 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/browser.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/browser.js @@ -30,3 +30,6 @@ console.log('Using addEventListener ', event.data); }); // $clientReceive })(); + +export const MyWebSocket = WebSocket; +export const MySockJS = SockJS; diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/client-custom.js b/javascript/ql/test/library-tests/frameworks/WebSocket/client-custom.js new file mode 100644 index 00000000000..92db7ac339c --- /dev/null +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/client-custom.js @@ -0,0 +1,13 @@ +const { MyWebSocketWS } = require('./client.js'); + +(function () { + const ws = new MyWebSocketWS('ws://example.org'); // $ MISSING: clientSocket + + ws.on('open', function open() { + ws.send('Hi from client!'); // $ MISSING: clientSend + }); + + ws.on('message', function incoming(data) { + console.log(data); + }); // $ MISSING: clientReceive +})(); diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/client.js b/javascript/ql/test/library-tests/frameworks/WebSocket/client.js index c49df5afc3c..710bf0aa7da 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/client.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/client.js @@ -11,3 +11,5 @@ console.log(data); }); // $clientReceive })(); + +module.exports.MyWebSocketWS = require('ws'); diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/server-custom.js b/javascript/ql/test/library-tests/frameworks/WebSocket/server-custom.js new file mode 100644 index 00000000000..e01bd38d57b --- /dev/null +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/server-custom.js @@ -0,0 +1,13 @@ +const { MyWebSocketServer } = require('./client.js'); + +(function () { + const wss = new MyWebSocketServer({ port: 8080 }); + + wss.on('connection', function connection(ws) { // $ MISSING: serverSocket + ws.on('message', function incoming(message) { // $ MISSING: remoteFlow + console.log('received: %s', message); + }); // $ MISSING: serverReceive + + ws.send('Hi from server!'); // $ MISSING: serverSend + }); +})(); diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/server.js b/javascript/ql/test/library-tests/frameworks/WebSocket/server.js index 2f9173ecfc9..3e1a408a4a4 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/server.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/server.js @@ -11,3 +11,5 @@ ws.send('Hi from server!'); // $serverSend }); })(); + +module.exports.MyWebSocketServer = require('ws').Server; diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected b/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected index 0ea8e8b690b..93068e683b4 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected @@ -13,9 +13,12 @@ clientSocket | browser.js:19:13:19:50 | new Soc ... /echo') | | client.js:4:13:4:45 | new Web ... e.org') | flowSteps +| browser-custom.js:1:10:1:20 | MyWebSocket | browser-custom.js:1:10:1:20 | MyWebSocket | +| browser-custom.js:1:23:1:30 | MySockJS | browser-custom.js:1:23:1:30 | MySockJS | | browser.js:5:15:5:32 | 'Hi from browser!' | server.js:7:38:7:44 | message | | browser.js:21:13:21:18 | 'test' | sockjs.js:9:31:9:37 | message | | client.js:7:11:7:27 | 'Hi from client!' | server.js:7:38:7:44 | message | +| client.js:15:32:15:44 | require('ws') | client-custom.js:1:9:1:21 | MyWebSocketWS | | server.js:11:11:11:27 | 'Hi from server!' | browser.js:9:39:9:48 | event.data | | server.js:11:11:11:27 | 'Hi from server!' | browser.js:13:40:13:49 | event.data | | server.js:11:11:11:27 | 'Hi from server!' | client.js:10:37:10:40 | data | From e16a20e69f4d9c59955de194da5cdeb925b5b860 Mon Sep 17 00:00:00 2001 From: Napalys Date: Fri, 4 Apr 2025 08:41:47 +0200 Subject: [PATCH 223/409] Updated `SocketClass` to use API Graphs. --- .../javascript/frameworks/WebSocket.qll | 24 +++++++++++++++---- javascript/ql/src/Security/trest/test.ql | 10 ++++++++ .../frameworks/WebSocket/browser-custom.js | 16 ++++++------- .../frameworks/WebSocket/client-custom.js | 6 ++--- .../frameworks/WebSocket/server-custom.js | 2 +- .../frameworks/WebSocket/test.expected | 19 +++++++++++++++ 6 files changed, 60 insertions(+), 17 deletions(-) create mode 100644 javascript/ql/src/Security/trest/test.ql diff --git a/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll b/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll index d2fc69751d6..7437e68bda8 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll @@ -47,6 +47,20 @@ private predicate areLibrariesCompatible( (client = LibraryNames::ws() or client = LibraryNames::websocket()) } +/** Treats `WebSocket` as an entry point for API graphs. */ +private class WebSocketEntryPoint extends API::EntryPoint { + WebSocketEntryPoint() { this = "global.WebSocket" } + + override DataFlow::SourceNode getASource() { result = DataFlow::globalVarRef("WebSocket") } +} + +/** Treats `SockJS` as an entry point for API graphs. */ +private class SockJSEntryPoint extends API::EntryPoint { + SockJSEntryPoint() { this = "global.SockJS" } + + override DataFlow::SourceNode getASource() { result = DataFlow::globalVarRef("SockJS") } +} + /** * Provides classes that model WebSockets clients. */ @@ -56,19 +70,19 @@ module ClientWebSocket { /** * A class that can be used to instantiate a WebSocket instance. */ - class SocketClass extends DataFlow::SourceNode { + class SocketClass extends API::Node { LibraryName library; // the name of the WebSocket library. Can be one of the libraries defined in `LibraryNames`. SocketClass() { - this = DataFlow::globalVarRef("WebSocket") and library = websocket() + this = any(WebSocketEntryPoint e).getANode() and library = websocket() or - this = DataFlow::moduleImport("ws") and library = ws() + this = API::moduleImport("ws") and library = ws() or // the sockjs-client library:https://www.npmjs.com/package/sockjs-client library = sockjs() and ( - this = DataFlow::moduleImport("sockjs-client") or - this = DataFlow::globalVarRef("SockJS") + this = API::moduleImport("sockjs-client") or + this = any(SockJSEntryPoint e).getANode() ) } diff --git a/javascript/ql/src/Security/trest/test.ql b/javascript/ql/src/Security/trest/test.ql new file mode 100644 index 00000000000..076271d9fb6 --- /dev/null +++ b/javascript/ql/src/Security/trest/test.ql @@ -0,0 +1,10 @@ +import javascript + +API::NewNode getAWebSocketInstance() { result instanceof ClientWebSocket::ClientSocket } + +from DataFlow::Node handler +where + handler = getAWebSocketInstance().getReturn().getMember("onmessage").asSource() + or + handler = getAWebSocketInstance().getAPropertyWrite("onmessage").getRhs() +select handler, "This is a WebSocket onmessage handler." diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js b/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js index f14f1d19fa6..d3a739697d1 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js @@ -1,34 +1,34 @@ import { MyWebSocket, MySockJS } from './browser.js'; (function () { - const socket = new MyWebSocket('ws://localhost:9080'); // $ MISSING: clientSocket + const socket = new MyWebSocket('ws://localhost:9080'); // $ clientSocket socket.addEventListener('open', function (event) { - socket.send('Hi from browser!'); // $ MISSING: clientSend + socket.send('Hi from browser!'); // $ clientSend }); socket.addEventListener('message', function (event) { console.log('Message from server ', event.data); - }); // $ MISSING: clientReceive + }); // $ clientReceive socket.onmessage = function (event) { console.log("Message from server 2", event.data) - }; // $ MISSING: clientReceive + }; // $ clientReceive })(); (function () { - var sock = new MySockJS('http://0.0.0.0:9999/echo'); // $ MISSING: clientSocket + var sock = new MySockJS('http://0.0.0.0:9999/echo'); // $ clientSocket sock.onopen = function () { - sock.send('test'); // $ MISSING: clientSend + sock.send('test'); // $ clientSend }; sock.onmessage = function (e) { console.log('message', e.data); sock.close(); - }; // $ MISSING: clientReceive + }; // $ clientReceive sock.addEventListener('message', function (event) { console.log('Using addEventListener ', event.data); - }); // $ MISSING: clientReceive + }); // $ clientReceive })(); diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/client-custom.js b/javascript/ql/test/library-tests/frameworks/WebSocket/client-custom.js index 92db7ac339c..6aefeb3a07f 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/client-custom.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/client-custom.js @@ -1,13 +1,13 @@ const { MyWebSocketWS } = require('./client.js'); (function () { - const ws = new MyWebSocketWS('ws://example.org'); // $ MISSING: clientSocket + const ws = new MyWebSocketWS('ws://example.org'); // $ clientSocket ws.on('open', function open() { - ws.send('Hi from client!'); // $ MISSING: clientSend + ws.send('Hi from client!'); // $ clientSend }); ws.on('message', function incoming(data) { console.log(data); - }); // $ MISSING: clientReceive + }); // $ clientReceive })(); diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/server-custom.js b/javascript/ql/test/library-tests/frameworks/WebSocket/server-custom.js index e01bd38d57b..6911d8f8523 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/server-custom.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/server-custom.js @@ -1,4 +1,4 @@ -const { MyWebSocketServer } = require('./client.js'); +const { MyWebSocketServer } = require('./server.js'); (function () { const wss = new MyWebSocketServer({ port: 8080 }); diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected b/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected index 93068e683b4..fb5fe14793c 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected @@ -1,27 +1,46 @@ clientReceive +| browser-custom.js:10:37:12:2 | functio ... ta);\\n\\t} | +| browser-custom.js:14:21:16:2 | functio ... ata)\\n\\t} | +| browser-custom.js:26:19:29:2 | functio ... e();\\n\\t} | +| browser-custom.js:31:35:33:2 | functio ... ta);\\n\\t} | | browser.js:8:37:10:2 | functio ... ta);\\n\\t} | | browser.js:12:21:14:2 | functio ... ata)\\n\\t} | | browser.js:24:19:27:2 | functio ... e();\\n\\t} | | browser.js:29:35:31:2 | functio ... ta);\\n\\t} | +| client-custom.js:10:19:12:2 | functio ... ta);\\n\\t} | | client.js:10:19:12:2 | functio ... ta);\\n\\t} | clientSend +| browser-custom.js:7:3:7:33 | socket. ... wser!') | +| browser-custom.js:23:3:23:19 | sock.send('test') | | browser.js:5:3:5:33 | socket. ... wser!') | | browser.js:21:3:21:19 | sock.send('test') | +| client-custom.js:7:3:7:28 | ws.send ... ient!') | | client.js:7:3:7:28 | ws.send ... ient!') | clientSocket +| browser-custom.js:4:17:4:54 | new MyW ... :9080') | +| browser-custom.js:21:13:21:52 | new MyS ... /echo') | | browser.js:2:17:2:52 | new Web ... :8080') | | browser.js:19:13:19:50 | new Soc ... /echo') | +| client-custom.js:4:13:4:49 | new MyW ... e.org') | | client.js:4:13:4:45 | new Web ... e.org') | flowSteps | browser-custom.js:1:10:1:20 | MyWebSocket | browser-custom.js:1:10:1:20 | MyWebSocket | | browser-custom.js:1:23:1:30 | MySockJS | browser-custom.js:1:23:1:30 | MySockJS | +| browser-custom.js:7:15:7:32 | 'Hi from browser!' | server.js:7:38:7:44 | message | +| browser-custom.js:23:13:23:18 | 'test' | sockjs.js:9:31:9:37 | message | | browser.js:5:15:5:32 | 'Hi from browser!' | server.js:7:38:7:44 | message | | browser.js:21:13:21:18 | 'test' | sockjs.js:9:31:9:37 | message | +| client-custom.js:7:11:7:27 | 'Hi from client!' | server.js:7:38:7:44 | message | | client.js:7:11:7:27 | 'Hi from client!' | server.js:7:38:7:44 | message | | client.js:15:32:15:44 | require('ws') | client-custom.js:1:9:1:21 | MyWebSocketWS | +| server.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:11:39:11:48 | event.data | +| server.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:15:40:15:49 | event.data | | server.js:11:11:11:27 | 'Hi from server!' | browser.js:9:39:9:48 | event.data | | server.js:11:11:11:27 | 'Hi from server!' | browser.js:13:40:13:49 | event.data | +| server.js:11:11:11:27 | 'Hi from server!' | client-custom.js:10:37:10:40 | data | | server.js:11:11:11:27 | 'Hi from server!' | client.js:10:37:10:40 | data | +| sockjs.js:11:20:11:50 | JSON.st ... .test)) | browser-custom.js:27:26:27:31 | e.data | +| sockjs.js:11:20:11:50 | JSON.st ... .test)) | browser-custom.js:32:42:32:51 | event.data | | sockjs.js:11:20:11:50 | JSON.st ... .test)) | browser.js:25:26:25:31 | e.data | | sockjs.js:11:20:11:50 | JSON.st ... .test)) | browser.js:30:42:30:51 | event.data | remoteFlow From 455ce595835c963165d090956574322f5bf6d88b Mon Sep 17 00:00:00 2001 From: Napalys Date: Fri, 4 Apr 2025 08:59:19 +0200 Subject: [PATCH 224/409] Added test cases with export of an instance. --- .../frameworks/WebSocket/browser-custom.js | 33 ++++++++++++++++++- .../frameworks/WebSocket/browser.js | 2 ++ .../frameworks/WebSocket/client-custom.js | 12 ++++++- .../frameworks/WebSocket/client.js | 5 +-- .../frameworks/WebSocket/server-custom.js | 12 ++++++- .../frameworks/WebSocket/server.js | 5 +-- .../frameworks/WebSocket/test.expected | 8 +++++ 7 files changed, 70 insertions(+), 7 deletions(-) diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js b/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js index d3a739697d1..c411a90f35a 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js @@ -1,4 +1,4 @@ -import { MyWebSocket, MySockJS } from './browser.js'; +import { MyWebSocket, MySockJS, myWebSocketInstance, mySockJSInstance } from './browser.js'; (function () { const socket = new MyWebSocket('ws://localhost:9080'); // $ clientSocket @@ -32,3 +32,34 @@ import { MyWebSocket, MySockJS } from './browser.js'; console.log('Using addEventListener ', event.data); }); // $ clientReceive })(); + + +(function () { + myWebSocketInstance.addEventListener('open', function (event) { + myWebSocketInstance.send('Hi from browser!'); // $ MISSING: clientSend + }); + + myWebSocketInstance.addEventListener('message', function (event) { + console.log('Message from server ', event.data); + }); // $ MISSING: clientReceive + + myWebSocketInstance.onmessage = function (event) { + console.log("Message from server 2", event.data) + }; // $ MISSING: clientReceive +})(); + + +(function () { + mySockJSInstance.onopen = function () { + mySockJSInstance.send('test'); // $ MISSING: clientSend + }; + + mySockJSInstance.onmessage = function (e) { + console.log('message', e.data); + mySockJSInstance.close(); + }; // $ MISSING: clientReceive + + mySockJSInstance.addEventListener('message', function (event) { + console.log('Using addEventListener ', event.data); + }); // $ MISSING: clientReceive +})(); diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/browser.js b/javascript/ql/test/library-tests/frameworks/WebSocket/browser.js index 2540abaf3e7..f966879f9f2 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/browser.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/browser.js @@ -33,3 +33,5 @@ export const MyWebSocket = WebSocket; export const MySockJS = SockJS; +export const myWebSocketInstance = new WebSocket('ws://localhost:8080'); // $ clientSocket +export const mySockJSInstance = new SockJS('http://0.0.0.0:9999/echo'); // $ clientSocket diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/client-custom.js b/javascript/ql/test/library-tests/frameworks/WebSocket/client-custom.js index 6aefeb3a07f..9718bd6185c 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/client-custom.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/client-custom.js @@ -1,4 +1,4 @@ -const { MyWebSocketWS } = require('./client.js'); +const { MyWebSocketWS, myWebSocketWSInstance } = require('./client.js'); (function () { const ws = new MyWebSocketWS('ws://example.org'); // $ clientSocket @@ -11,3 +11,13 @@ const { MyWebSocketWS } = require('./client.js'); console.log(data); }); // $ clientReceive })(); + +(function () { + myWebSocketWSInstance.on('open', function open() { + myWebSocketWSInstance.send('Hi from client!'); // $ MISSING: clientSend + }); + + myWebSocketWSInstance.on('message', function incoming(data) { + console.log(data); + }); // $ MISSING: clientReceive +})(); diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/client.js b/javascript/ql/test/library-tests/frameworks/WebSocket/client.js index 710bf0aa7da..54a200f3379 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/client.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/client.js @@ -1,6 +1,6 @@ -(function () { - const WebSocket = require('ws'); +const WebSocket = require('ws'); +(function () { const ws = new WebSocket('ws://example.org'); // $clientSocket ws.on('open', function open() { @@ -13,3 +13,4 @@ })(); module.exports.MyWebSocketWS = require('ws'); +module.exports.myWebSocketWSInstance = new WebSocket('ws://example.org'); // $ clientSocket diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/server-custom.js b/javascript/ql/test/library-tests/frameworks/WebSocket/server-custom.js index 6911d8f8523..63893ba2f5c 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/server-custom.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/server-custom.js @@ -1,4 +1,4 @@ -const { MyWebSocketServer } = require('./server.js'); +const { MyWebSocketServer, myWebSocketServerInstance } = require('./server.js'); (function () { const wss = new MyWebSocketServer({ port: 8080 }); @@ -11,3 +11,13 @@ const { MyWebSocketServer } = require('./server.js'); ws.send('Hi from server!'); // $ MISSING: serverSend }); })(); + +(function () { + myWebSocketServerInstance.on('connection', function connection(ws) { // $ MISSING: serverSocket + ws.on('message', function incoming(message) { // $ MISSING: remoteFlow + console.log('received: %s', message); + }); // $ MISSING: serverReceive + + ws.send('Hi from server!'); // $ MISSING: serverSend + }); +})(); diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/server.js b/javascript/ql/test/library-tests/frameworks/WebSocket/server.js index 3e1a408a4a4..a1fd536501e 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/server.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/server.js @@ -1,6 +1,6 @@ -(function () { - const WebSocket = require('ws'); +const WebSocket = require('ws'); +(function () { const wss = new WebSocket.Server({ port: 8080 }); wss.on('connection', function connection(ws) { // $serverSocket @@ -13,3 +13,4 @@ })(); module.exports.MyWebSocketServer = require('ws').Server; +module.exports.myWebSocketServerInstance = new WebSocket.Server({ port: 8080 }); diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected b/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected index fb5fe14793c..21e9f1aae64 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected @@ -21,11 +21,16 @@ clientSocket | browser-custom.js:21:13:21:52 | new MyS ... /echo') | | browser.js:2:17:2:52 | new Web ... :8080') | | browser.js:19:13:19:50 | new Soc ... /echo') | +| browser.js:36:36:36:71 | new Web ... :8080') | +| browser.js:37:33:37:70 | new Soc ... /echo') | | client-custom.js:4:13:4:49 | new MyW ... e.org') | | client.js:4:13:4:45 | new Web ... e.org') | +| client.js:16:40:16:72 | new Web ... e.org') | flowSteps | browser-custom.js:1:10:1:20 | MyWebSocket | browser-custom.js:1:10:1:20 | MyWebSocket | | browser-custom.js:1:23:1:30 | MySockJS | browser-custom.js:1:23:1:30 | MySockJS | +| browser-custom.js:1:33:1:51 | myWebSocketInstance | browser-custom.js:1:33:1:51 | myWebSocketInstance | +| browser-custom.js:1:54:1:69 | mySockJSInstance | browser-custom.js:1:54:1:69 | mySockJSInstance | | browser-custom.js:7:15:7:32 | 'Hi from browser!' | server.js:7:38:7:44 | message | | browser-custom.js:23:13:23:18 | 'test' | sockjs.js:9:31:9:37 | message | | browser.js:5:15:5:32 | 'Hi from browser!' | server.js:7:38:7:44 | message | @@ -33,12 +38,15 @@ flowSteps | client-custom.js:7:11:7:27 | 'Hi from client!' | server.js:7:38:7:44 | message | | client.js:7:11:7:27 | 'Hi from client!' | server.js:7:38:7:44 | message | | client.js:15:32:15:44 | require('ws') | client-custom.js:1:9:1:21 | MyWebSocketWS | +| client.js:16:40:16:72 | new Web ... e.org') | client-custom.js:1:24:1:44 | myWebSo ... nstance | | server.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:11:39:11:48 | event.data | | server.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:15:40:15:49 | event.data | | server.js:11:11:11:27 | 'Hi from server!' | browser.js:9:39:9:48 | event.data | | server.js:11:11:11:27 | 'Hi from server!' | browser.js:13:40:13:49 | event.data | | server.js:11:11:11:27 | 'Hi from server!' | client-custom.js:10:37:10:40 | data | | server.js:11:11:11:27 | 'Hi from server!' | client.js:10:37:10:40 | data | +| server.js:15:36:15:55 | require('ws').Server | server-custom.js:1:9:1:25 | MyWebSocketServer | +| server.js:16:44:16:79 | new Web ... 8080 }) | server-custom.js:1:28:1:52 | myWebSo ... nstance | | sockjs.js:11:20:11:50 | JSON.st ... .test)) | browser-custom.js:27:26:27:31 | e.data | | sockjs.js:11:20:11:50 | JSON.st ... .test)) | browser-custom.js:32:42:32:51 | event.data | | sockjs.js:11:20:11:50 | JSON.st ... .test)) | browser.js:25:26:25:31 | e.data | From 0dbf9512911f4299050816a5894d25742bb7b48e Mon Sep 17 00:00:00 2001 From: Napalys Date: Fri, 4 Apr 2025 09:12:42 +0200 Subject: [PATCH 225/409] Updated `ClientSocket` and `SendNode` with API graphs. --- .../ql/lib/semmle/javascript/frameworks/WebSocket.qll | 8 ++++---- .../library-tests/frameworks/WebSocket/browser-custom.js | 4 ++-- .../library-tests/frameworks/WebSocket/client-custom.js | 2 +- .../test/library-tests/frameworks/WebSocket/test.expected | 6 ++++++ 4 files changed, 13 insertions(+), 7 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll b/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll index 7437e68bda8..09c9f98e3f0 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll @@ -95,10 +95,10 @@ module ClientWebSocket { /** * A client WebSocket instance. */ - class ClientSocket extends EventEmitter::Range, DataFlow::NewNode, ClientRequest::Range { + class ClientSocket extends EventEmitter::Range, API::NewNode, ClientRequest::Range { SocketClass socketClass; - ClientSocket() { this = socketClass.getAnInstantiation() } + ClientSocket() { this = socketClass.getAnInvocation() } /** * Gets the WebSocket library name. @@ -129,10 +129,10 @@ module ClientWebSocket { /** * A message sent from a WebSocket client. */ - class SendNode extends EventDispatch::Range, DataFlow::CallNode { + class SendNode extends EventDispatch::Range, API::CallNode { override ClientSocket emitter; - SendNode() { this = emitter.getAMemberCall("send") } + SendNode() { this = emitter.getReturn().getMember("send").getACall() } override string getChannel() { result = channelName() } diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js b/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js index c411a90f35a..11765138f55 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js @@ -36,7 +36,7 @@ import { MyWebSocket, MySockJS, myWebSocketInstance, mySockJSInstance } from './ (function () { myWebSocketInstance.addEventListener('open', function (event) { - myWebSocketInstance.send('Hi from browser!'); // $ MISSING: clientSend + myWebSocketInstance.send('Hi from browser!'); // $ clientSend }); myWebSocketInstance.addEventListener('message', function (event) { @@ -51,7 +51,7 @@ import { MyWebSocket, MySockJS, myWebSocketInstance, mySockJSInstance } from './ (function () { mySockJSInstance.onopen = function () { - mySockJSInstance.send('test'); // $ MISSING: clientSend + mySockJSInstance.send('test'); // $ clientSend }; mySockJSInstance.onmessage = function (e) { diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/client-custom.js b/javascript/ql/test/library-tests/frameworks/WebSocket/client-custom.js index 9718bd6185c..5d7ac4b564d 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/client-custom.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/client-custom.js @@ -14,7 +14,7 @@ const { MyWebSocketWS, myWebSocketWSInstance } = require('./client.js'); (function () { myWebSocketWSInstance.on('open', function open() { - myWebSocketWSInstance.send('Hi from client!'); // $ MISSING: clientSend + myWebSocketWSInstance.send('Hi from client!'); // $ clientSend }); myWebSocketWSInstance.on('message', function incoming(data) { diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected b/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected index 21e9f1aae64..4d7e33f5402 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected @@ -12,9 +12,12 @@ clientReceive clientSend | browser-custom.js:7:3:7:33 | socket. ... wser!') | | browser-custom.js:23:3:23:19 | sock.send('test') | +| browser-custom.js:39:9:39:52 | myWebSo ... wser!') | +| browser-custom.js:54:9:54:37 | mySockJ ... 'test') | | browser.js:5:3:5:33 | socket. ... wser!') | | browser.js:21:3:21:19 | sock.send('test') | | client-custom.js:7:3:7:28 | ws.send ... ient!') | +| client-custom.js:17:3:17:47 | myWebSo ... ient!') | | client.js:7:3:7:28 | ws.send ... ient!') | clientSocket | browser-custom.js:4:17:4:54 | new MyW ... :9080') | @@ -33,9 +36,12 @@ flowSteps | browser-custom.js:1:54:1:69 | mySockJSInstance | browser-custom.js:1:54:1:69 | mySockJSInstance | | browser-custom.js:7:15:7:32 | 'Hi from browser!' | server.js:7:38:7:44 | message | | browser-custom.js:23:13:23:18 | 'test' | sockjs.js:9:31:9:37 | message | +| browser-custom.js:39:34:39:51 | 'Hi from browser!' | server.js:7:38:7:44 | message | +| browser-custom.js:54:31:54:36 | 'test' | sockjs.js:9:31:9:37 | message | | browser.js:5:15:5:32 | 'Hi from browser!' | server.js:7:38:7:44 | message | | browser.js:21:13:21:18 | 'test' | sockjs.js:9:31:9:37 | message | | client-custom.js:7:11:7:27 | 'Hi from client!' | server.js:7:38:7:44 | message | +| client-custom.js:17:30:17:46 | 'Hi from client!' | server.js:7:38:7:44 | message | | client.js:7:11:7:27 | 'Hi from client!' | server.js:7:38:7:44 | message | | client.js:15:32:15:44 | require('ws') | client-custom.js:1:9:1:21 | MyWebSocketWS | | client.js:16:40:16:72 | new Web ... e.org') | client-custom.js:1:24:1:44 | myWebSo ... nstance | From 15bfeab65267eb6637e7536880a4ef33d80dfd7b Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Wed, 26 Mar 2025 09:36:15 +0100 Subject: [PATCH 226/409] Ruby: Make `getPreUpdateNode` Unique Again --- .../DataFlowConsistency.ql | 24 ++----- .../dataflow/internal/DataFlowPrivate.qll | 40 ++++++----- .../dataflow/global/Flow.expected | 66 ++++++++----------- .../dataflow/local/DataflowStep.expected | 2 + .../dataflow/local/TaintStep.expected | 2 + 5 files changed, 62 insertions(+), 72 deletions(-) diff --git a/ruby/ql/consistency-queries/DataFlowConsistency.ql b/ruby/ql/consistency-queries/DataFlowConsistency.ql index 86350eba192..24766016cbb 100644 --- a/ruby/ql/consistency-queries/DataFlowConsistency.ql +++ b/ruby/ql/consistency-queries/DataFlowConsistency.ql @@ -8,30 +8,18 @@ private import codeql.dataflow.internal.DataFlowImplConsistency private module Input implements InputSig { private import RubyDataFlow - predicate postWithInFlowExclude(Node n) { n instanceof FlowSummaryNode } + predicate postWithInFlowExclude(Node n) { + n instanceof FlowSummaryNode + or + n.(PostUpdateNode).getPreUpdateNode().asExpr() = getPostUpdateReverseStep(_) + } predicate argHasPostUpdateExclude(ArgumentNode n) { n instanceof FlowSummaryNode or n instanceof SynthHashSplatArgumentNode or - not isNonConstantExpr(getAPostUpdateNodeForArg(n.asExpr())) - } - - predicate postHasUniquePreExclude(PostUpdateNode n) { - exists(CfgNodes::ExprCfgNode e, CfgNodes::ExprCfgNode arg | - e = getAPostUpdateNodeForArg(arg) and - e != arg and - n = TExprPostUpdateNode(e) - ) - } - - predicate uniquePostUpdateExclude(Node n) { - exists(CfgNodes::ExprCfgNode e, CfgNodes::ExprCfgNode arg | - e = getAPostUpdateNodeForArg(arg) and - e != arg and - n.asExpr() = arg - ) + not isNonConstantExpr(n.asExpr()) } predicate multipleArgumentCallExclude(ArgumentNode arg, DataFlowCall call) { diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll index da0c0379717..bd1b0c4b8c8 100644 --- a/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll +++ b/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll @@ -66,10 +66,22 @@ private CfgNodes::ExprCfgNode getALastEvalNode(CfgNodes::ExprCfgNode n) { ) } -/** Gets a node for which to construct a post-update node for argument `arg`. */ -CfgNodes::ExprCfgNode getAPostUpdateNodeForArg(Argument arg) { - result = getALastEvalNode*(arg) and - not exists(getALastEvalNode(result)) +/** + * Holds if a reverse local flow step should be added from the post-update node + * for `e` to the post-update node for the result. + * + * This is needed to allow for side-effects on compound expressions to propagate + * to sub components. For example, in + * + * ```ruby + * (foo1; foo2).set_field(taint) + * ``` + * + * we add a reverse flow step from `[post] (foo1; foo2)` to `[post] foo2`, + * in order for the side-effect of `set_field` to reach `foo2`. + */ +CfgNodes::ExprCfgNode getPostUpdateReverseStep(CfgNodes::ExprCfgNode e) { + result = getALastEvalNode(e) } /** Gets the SSA definition node corresponding to parameter `p`. */ @@ -170,6 +182,9 @@ module LocalFlow { ) or nodeTo.(ImplicitBlockArgumentNode).getParameterNode(true) = nodeFrom + or + nodeTo.(PostUpdateNode).getPreUpdateNode().asExpr() = + getPostUpdateReverseStep(nodeFrom.(PostUpdateNode).getPreUpdateNode().asExpr()) } predicate flowSummaryLocalStep( @@ -486,7 +501,9 @@ private module Cached { // filter out nodes that clearly don't need post-update nodes isNonConstantExpr(n) and ( - n = getAPostUpdateNodeForArg(_) + n instanceof Argument + or + n = getPostUpdateReverseStep(any(PostUpdateNode p).getPreUpdateNode().asExpr()) or n = any(CfgNodes::ExprNodes::InstanceVariableAccessCfgNode v).getReceiver() ) @@ -2018,18 +2035,7 @@ private module PostUpdateNodes { ExprPostUpdateNode() { this = TExprPostUpdateNode(e) } - override ExprNode getPreUpdateNode() { - // For compound arguments, such as `m(if b then x else y)`, we want the leaf nodes - // `[post] x` and `[post] y` to have two pre-update nodes: (1) the compound argument, - // `if b then x else y`; and the (2) the underlying expressions; `x` and `y`, - // respectively. - // - // This ensures that we get flow out of the call into both leafs (1), while still - // maintaining the invariant that the underlying expression is a pre-update node (2). - e = getAPostUpdateNodeForArg(result.getExprNode()) - or - e = result.getExprNode() - } + override ExprNode getPreUpdateNode() { e = result.getExprNode() } override CfgScope getCfgScope() { result = e.getExpr().getCfgScope() } diff --git a/ruby/ql/test/library-tests/dataflow/global/Flow.expected b/ruby/ql/test/library-tests/dataflow/global/Flow.expected index 4ef28f2728a..f320bf8f5e9 100644 --- a/ruby/ql/test/library-tests/dataflow/global/Flow.expected +++ b/ruby/ql/test/library-tests/dataflow/global/Flow.expected @@ -197,18 +197,18 @@ edges | instance_variables.rb:70:16:70:24 | call to taint | instance_variables.rb:10:19:10:19 | x | provenance | | | instance_variables.rb:70:16:70:24 | call to taint | instance_variables.rb:70:1:70:4 | [post] foo3 : Foo [@field] | provenance | | | instance_variables.rb:71:6:71:9 | foo3 : Foo [@field] | instance_variables.rb:71:6:71:15 | call to field | provenance | | -| instance_variables.rb:78:2:78:5 | [post] foo5 : Foo [@field] | instance_variables.rb:79:6:79:9 | foo5 : Foo [@field] | provenance | | -| instance_variables.rb:78:2:78:5 | [post] foo5 : Foo [@field] | instance_variables.rb:84:6:84:9 | foo5 : Foo [@field] | provenance | | +| instance_variables.rb:78:1:78:6 | [post] ( ... ) : Foo [@field] | instance_variables.rb:79:6:79:9 | foo5 : Foo [@field] | provenance | | +| instance_variables.rb:78:1:78:6 | [post] ( ... ) : Foo [@field] | instance_variables.rb:84:6:84:9 | foo5 : Foo [@field] | provenance | | | instance_variables.rb:78:18:78:26 | call to taint | captured_variables.rb:57:19:57:19 | x | provenance | | | instance_variables.rb:78:18:78:26 | call to taint | instance_variables.rb:10:19:10:19 | x | provenance | | -| instance_variables.rb:78:18:78:26 | call to taint | instance_variables.rb:78:2:78:5 | [post] foo5 : Foo [@field] | provenance | | +| instance_variables.rb:78:18:78:26 | call to taint | instance_variables.rb:78:1:78:6 | [post] ( ... ) : Foo [@field] | provenance | | | instance_variables.rb:79:6:79:9 | foo5 : Foo [@field] | captured_variables.rb:60:5:62:7 | self in get_field : Foo [@field] | provenance | | | instance_variables.rb:79:6:79:9 | foo5 : Foo [@field] | instance_variables.rb:13:5:15:7 | self in get_field : Foo [@field] | provenance | | | instance_variables.rb:79:6:79:9 | foo5 : Foo [@field] | instance_variables.rb:79:6:79:19 | call to get_field | provenance | | -| instance_variables.rb:82:15:82:18 | [post] foo6 : Foo [@field] | instance_variables.rb:85:6:85:9 | foo6 : Foo [@field] | provenance | | +| instance_variables.rb:82:1:82:20 | [post] ( ... ) : Foo [@field] | instance_variables.rb:85:6:85:9 | foo6 : Foo [@field] | provenance | | | instance_variables.rb:82:32:82:40 | call to taint | captured_variables.rb:57:19:57:19 | x | provenance | | | instance_variables.rb:82:32:82:40 | call to taint | instance_variables.rb:10:19:10:19 | x | provenance | | -| instance_variables.rb:82:32:82:40 | call to taint | instance_variables.rb:82:15:82:18 | [post] foo6 : Foo [@field] | provenance | | +| instance_variables.rb:82:32:82:40 | call to taint | instance_variables.rb:82:1:82:20 | [post] ( ... ) : Foo [@field] | provenance | | | instance_variables.rb:83:6:83:9 | foo3 : Foo [@field] | captured_variables.rb:60:5:62:7 | self in get_field : Foo [@field] | provenance | | | instance_variables.rb:83:6:83:9 | foo3 : Foo [@field] | instance_variables.rb:13:5:15:7 | self in get_field : Foo [@field] | provenance | | | instance_variables.rb:83:6:83:9 | foo3 : Foo [@field] | instance_variables.rb:83:6:83:19 | call to get_field | provenance | | @@ -218,24 +218,22 @@ edges | instance_variables.rb:85:6:85:9 | foo6 : Foo [@field] | captured_variables.rb:60:5:62:7 | self in get_field : Foo [@field] | provenance | | | instance_variables.rb:85:6:85:9 | foo6 : Foo [@field] | instance_variables.rb:13:5:15:7 | self in get_field : Foo [@field] | provenance | | | instance_variables.rb:85:6:85:9 | foo6 : Foo [@field] | instance_variables.rb:85:6:85:19 | call to get_field | provenance | | -| instance_variables.rb:89:15:89:18 | [post] foo7 : Foo [@field] | instance_variables.rb:90:6:90:9 | foo7 : Foo [@field] | provenance | | -| instance_variables.rb:89:25:89:28 | [post] foo8 : Foo [@field] | instance_variables.rb:91:6:91:9 | foo8 : Foo [@field] | provenance | | +| instance_variables.rb:89:1:89:33 | [post] ( ... ) : Foo [@field] | instance_variables.rb:90:6:90:9 | foo7 : Foo [@field] | provenance | | +| instance_variables.rb:89:1:89:33 | [post] ( ... ) : Foo [@field] | instance_variables.rb:91:6:91:9 | foo8 : Foo [@field] | provenance | | | instance_variables.rb:89:45:89:53 | call to taint | captured_variables.rb:57:19:57:19 | x | provenance | | | instance_variables.rb:89:45:89:53 | call to taint | instance_variables.rb:10:19:10:19 | x | provenance | | -| instance_variables.rb:89:45:89:53 | call to taint | instance_variables.rb:89:15:89:18 | [post] foo7 : Foo [@field] | provenance | | -| instance_variables.rb:89:45:89:53 | call to taint | instance_variables.rb:89:25:89:28 | [post] foo8 : Foo [@field] | provenance | | +| instance_variables.rb:89:45:89:53 | call to taint | instance_variables.rb:89:1:89:33 | [post] ( ... ) : Foo [@field] | provenance | | | instance_variables.rb:90:6:90:9 | foo7 : Foo [@field] | captured_variables.rb:60:5:62:7 | self in get_field : Foo [@field] | provenance | | | instance_variables.rb:90:6:90:9 | foo7 : Foo [@field] | instance_variables.rb:13:5:15:7 | self in get_field : Foo [@field] | provenance | | | instance_variables.rb:90:6:90:9 | foo7 : Foo [@field] | instance_variables.rb:90:6:90:19 | call to get_field | provenance | | | instance_variables.rb:91:6:91:9 | foo8 : Foo [@field] | captured_variables.rb:60:5:62:7 | self in get_field : Foo [@field] | provenance | | | instance_variables.rb:91:6:91:9 | foo8 : Foo [@field] | instance_variables.rb:13:5:15:7 | self in get_field : Foo [@field] | provenance | | | instance_variables.rb:91:6:91:9 | foo8 : Foo [@field] | instance_variables.rb:91:6:91:19 | call to get_field | provenance | | -| instance_variables.rb:95:22:95:25 | [post] foo9 : Foo [@field] | instance_variables.rb:96:6:96:9 | foo9 : Foo [@field] | provenance | | -| instance_variables.rb:95:32:95:36 | [post] foo10 : Foo [@field] | instance_variables.rb:97:6:97:10 | foo10 : Foo [@field] | provenance | | +| instance_variables.rb:95:1:95:41 | [post] ( ... ) : Foo [@field] | instance_variables.rb:96:6:96:9 | foo9 : Foo [@field] | provenance | | +| instance_variables.rb:95:1:95:41 | [post] ( ... ) : Foo [@field] | instance_variables.rb:97:6:97:10 | foo10 : Foo [@field] | provenance | | | instance_variables.rb:95:53:95:61 | call to taint | captured_variables.rb:57:19:57:19 | x | provenance | | | instance_variables.rb:95:53:95:61 | call to taint | instance_variables.rb:10:19:10:19 | x | provenance | | -| instance_variables.rb:95:53:95:61 | call to taint | instance_variables.rb:95:22:95:25 | [post] foo9 : Foo [@field] | provenance | | -| instance_variables.rb:95:53:95:61 | call to taint | instance_variables.rb:95:32:95:36 | [post] foo10 : Foo [@field] | provenance | | +| instance_variables.rb:95:53:95:61 | call to taint | instance_variables.rb:95:1:95:41 | [post] ( ... ) : Foo [@field] | provenance | | | instance_variables.rb:96:6:96:9 | foo9 : Foo [@field] | captured_variables.rb:60:5:62:7 | self in get_field : Foo [@field] | provenance | | | instance_variables.rb:96:6:96:9 | foo9 : Foo [@field] | instance_variables.rb:13:5:15:7 | self in get_field : Foo [@field] | provenance | | | instance_variables.rb:96:6:96:9 | foo9 : Foo [@field] | instance_variables.rb:96:6:96:19 | call to get_field | provenance | | @@ -243,8 +241,8 @@ edges | instance_variables.rb:97:6:97:10 | foo10 : Foo [@field] | instance_variables.rb:13:5:15:7 | self in get_field : Foo [@field] | provenance | | | instance_variables.rb:97:6:97:10 | foo10 : Foo [@field] | instance_variables.rb:97:6:97:20 | call to get_field | provenance | | | instance_variables.rb:99:18:99:18 | x [Return] : Foo [@field] | instance_variables.rb:104:14:104:18 | [post] foo11 : Foo [@field] | provenance | | -| instance_variables.rb:99:18:99:18 | x [Return] : Foo [@field] | instance_variables.rb:108:15:108:19 | [post] foo12 : Foo [@field] | provenance | | -| instance_variables.rb:99:18:99:18 | x [Return] : Foo [@field] | instance_variables.rb:113:22:113:26 | [post] foo13 : Foo [@field] | provenance | | +| instance_variables.rb:99:18:99:18 | x [Return] : Foo [@field] | instance_variables.rb:108:14:108:20 | [post] ( ... ) : Foo [@field] | provenance | | +| instance_variables.rb:99:18:99:18 | x [Return] : Foo [@field] | instance_variables.rb:113:14:113:26 | [post] ... = ... : Foo [@field] | provenance | | | instance_variables.rb:100:5:100:5 | [post] x : Foo [@field] | instance_variables.rb:99:18:99:18 | x [Return] : Foo [@field] | provenance | | | instance_variables.rb:100:17:100:25 | call to taint | captured_variables.rb:57:19:57:19 | x | provenance | | | instance_variables.rb:100:17:100:25 | call to taint | instance_variables.rb:10:19:10:19 | x | provenance | | @@ -253,11 +251,11 @@ edges | instance_variables.rb:105:6:105:10 | foo11 : Foo [@field] | captured_variables.rb:60:5:62:7 | self in get_field : Foo [@field] | provenance | | | instance_variables.rb:105:6:105:10 | foo11 : Foo [@field] | instance_variables.rb:13:5:15:7 | self in get_field : Foo [@field] | provenance | | | instance_variables.rb:105:6:105:10 | foo11 : Foo [@field] | instance_variables.rb:105:6:105:20 | call to get_field | provenance | | -| instance_variables.rb:108:15:108:19 | [post] foo12 : Foo [@field] | instance_variables.rb:109:6:109:10 | foo12 : Foo [@field] | provenance | | +| instance_variables.rb:108:14:108:20 | [post] ( ... ) : Foo [@field] | instance_variables.rb:109:6:109:10 | foo12 : Foo [@field] | provenance | | | instance_variables.rb:109:6:109:10 | foo12 : Foo [@field] | captured_variables.rb:60:5:62:7 | self in get_field : Foo [@field] | provenance | | | instance_variables.rb:109:6:109:10 | foo12 : Foo [@field] | instance_variables.rb:13:5:15:7 | self in get_field : Foo [@field] | provenance | | | instance_variables.rb:109:6:109:10 | foo12 : Foo [@field] | instance_variables.rb:109:6:109:20 | call to get_field | provenance | | -| instance_variables.rb:113:22:113:26 | [post] foo13 : Foo [@field] | instance_variables.rb:114:6:114:10 | foo13 : Foo [@field] | provenance | | +| instance_variables.rb:113:14:113:26 | [post] ... = ... : Foo [@field] | instance_variables.rb:114:6:114:10 | foo13 : Foo [@field] | provenance | | | instance_variables.rb:114:6:114:10 | foo13 : Foo [@field] | captured_variables.rb:60:5:62:7 | self in get_field : Foo [@field] | provenance | | | instance_variables.rb:114:6:114:10 | foo13 : Foo [@field] | instance_variables.rb:13:5:15:7 | self in get_field : Foo [@field] | provenance | | | instance_variables.rb:114:6:114:10 | foo13 : Foo [@field] | instance_variables.rb:114:6:114:20 | call to get_field | provenance | | @@ -475,11 +473,11 @@ nodes | instance_variables.rb:70:16:70:24 | call to taint | semmle.label | call to taint | | instance_variables.rb:71:6:71:9 | foo3 : Foo [@field] | semmle.label | foo3 : Foo [@field] | | instance_variables.rb:71:6:71:15 | call to field | semmle.label | call to field | -| instance_variables.rb:78:2:78:5 | [post] foo5 : Foo [@field] | semmle.label | [post] foo5 : Foo [@field] | +| instance_variables.rb:78:1:78:6 | [post] ( ... ) : Foo [@field] | semmle.label | [post] ( ... ) : Foo [@field] | | instance_variables.rb:78:18:78:26 | call to taint | semmle.label | call to taint | | instance_variables.rb:79:6:79:9 | foo5 : Foo [@field] | semmle.label | foo5 : Foo [@field] | | instance_variables.rb:79:6:79:19 | call to get_field | semmle.label | call to get_field | -| instance_variables.rb:82:15:82:18 | [post] foo6 : Foo [@field] | semmle.label | [post] foo6 : Foo [@field] | +| instance_variables.rb:82:1:82:20 | [post] ( ... ) : Foo [@field] | semmle.label | [post] ( ... ) : Foo [@field] | | instance_variables.rb:82:32:82:40 | call to taint | semmle.label | call to taint | | instance_variables.rb:83:6:83:9 | foo3 : Foo [@field] | semmle.label | foo3 : Foo [@field] | | instance_variables.rb:83:6:83:19 | call to get_field | semmle.label | call to get_field | @@ -487,15 +485,13 @@ nodes | instance_variables.rb:84:6:84:19 | call to get_field | semmle.label | call to get_field | | instance_variables.rb:85:6:85:9 | foo6 : Foo [@field] | semmle.label | foo6 : Foo [@field] | | instance_variables.rb:85:6:85:19 | call to get_field | semmle.label | call to get_field | -| instance_variables.rb:89:15:89:18 | [post] foo7 : Foo [@field] | semmle.label | [post] foo7 : Foo [@field] | -| instance_variables.rb:89:25:89:28 | [post] foo8 : Foo [@field] | semmle.label | [post] foo8 : Foo [@field] | +| instance_variables.rb:89:1:89:33 | [post] ( ... ) : Foo [@field] | semmle.label | [post] ( ... ) : Foo [@field] | | instance_variables.rb:89:45:89:53 | call to taint | semmle.label | call to taint | | instance_variables.rb:90:6:90:9 | foo7 : Foo [@field] | semmle.label | foo7 : Foo [@field] | | instance_variables.rb:90:6:90:19 | call to get_field | semmle.label | call to get_field | | instance_variables.rb:91:6:91:9 | foo8 : Foo [@field] | semmle.label | foo8 : Foo [@field] | | instance_variables.rb:91:6:91:19 | call to get_field | semmle.label | call to get_field | -| instance_variables.rb:95:22:95:25 | [post] foo9 : Foo [@field] | semmle.label | [post] foo9 : Foo [@field] | -| instance_variables.rb:95:32:95:36 | [post] foo10 : Foo [@field] | semmle.label | [post] foo10 : Foo [@field] | +| instance_variables.rb:95:1:95:41 | [post] ( ... ) : Foo [@field] | semmle.label | [post] ( ... ) : Foo [@field] | | instance_variables.rb:95:53:95:61 | call to taint | semmle.label | call to taint | | instance_variables.rb:96:6:96:9 | foo9 : Foo [@field] | semmle.label | foo9 : Foo [@field] | | instance_variables.rb:96:6:96:19 | call to get_field | semmle.label | call to get_field | @@ -507,10 +503,10 @@ nodes | instance_variables.rb:104:14:104:18 | [post] foo11 : Foo [@field] | semmle.label | [post] foo11 : Foo [@field] | | instance_variables.rb:105:6:105:10 | foo11 : Foo [@field] | semmle.label | foo11 : Foo [@field] | | instance_variables.rb:105:6:105:20 | call to get_field | semmle.label | call to get_field | -| instance_variables.rb:108:15:108:19 | [post] foo12 : Foo [@field] | semmle.label | [post] foo12 : Foo [@field] | +| instance_variables.rb:108:14:108:20 | [post] ( ... ) : Foo [@field] | semmle.label | [post] ( ... ) : Foo [@field] | | instance_variables.rb:109:6:109:10 | foo12 : Foo [@field] | semmle.label | foo12 : Foo [@field] | | instance_variables.rb:109:6:109:20 | call to get_field | semmle.label | call to get_field | -| instance_variables.rb:113:22:113:26 | [post] foo13 : Foo [@field] | semmle.label | [post] foo13 : Foo [@field] | +| instance_variables.rb:113:14:113:26 | [post] ... = ... : Foo [@field] | semmle.label | [post] ... = ... : Foo [@field] | | instance_variables.rb:114:6:114:10 | foo13 : Foo [@field] | semmle.label | foo13 : Foo [@field] | | instance_variables.rb:114:6:114:20 | call to get_field | semmle.label | call to get_field | | instance_variables.rb:116:1:116:5 | foo15 : Foo [@field] | semmle.label | foo15 : Foo [@field] | @@ -565,30 +561,26 @@ subpaths | instance_variables.rb:67:6:67:9 | foo2 [@field] | instance_variables.rb:13:5:15:7 | self in get_field : Foo [@field] | instance_variables.rb:14:9:14:21 | return | instance_variables.rb:67:6:67:19 | call to get_field | | instance_variables.rb:70:16:70:24 | call to taint | captured_variables.rb:57:19:57:19 | x | captured_variables.rb:57:5:59:7 | self in set_field [Return] : Foo [@field] | instance_variables.rb:70:1:70:4 | [post] foo3 : Foo [@field] | | instance_variables.rb:70:16:70:24 | call to taint | instance_variables.rb:10:19:10:19 | x | instance_variables.rb:10:5:12:7 | self in set_field [Return] : Foo [@field] | instance_variables.rb:70:1:70:4 | [post] foo3 : Foo [@field] | -| instance_variables.rb:78:18:78:26 | call to taint | captured_variables.rb:57:19:57:19 | x | captured_variables.rb:57:5:59:7 | self in set_field [Return] : Foo [@field] | instance_variables.rb:78:2:78:5 | [post] foo5 : Foo [@field] | -| instance_variables.rb:78:18:78:26 | call to taint | instance_variables.rb:10:19:10:19 | x | instance_variables.rb:10:5:12:7 | self in set_field [Return] : Foo [@field] | instance_variables.rb:78:2:78:5 | [post] foo5 : Foo [@field] | +| instance_variables.rb:78:18:78:26 | call to taint | captured_variables.rb:57:19:57:19 | x | captured_variables.rb:57:5:59:7 | self in set_field [Return] : Foo [@field] | instance_variables.rb:78:1:78:6 | [post] ( ... ) : Foo [@field] | +| instance_variables.rb:78:18:78:26 | call to taint | instance_variables.rb:10:19:10:19 | x | instance_variables.rb:10:5:12:7 | self in set_field [Return] : Foo [@field] | instance_variables.rb:78:1:78:6 | [post] ( ... ) : Foo [@field] | | instance_variables.rb:79:6:79:9 | foo5 : Foo [@field] | captured_variables.rb:60:5:62:7 | self in get_field : Foo [@field] | captured_variables.rb:61:9:61:21 | return | instance_variables.rb:79:6:79:19 | call to get_field | | instance_variables.rb:79:6:79:9 | foo5 : Foo [@field] | instance_variables.rb:13:5:15:7 | self in get_field : Foo [@field] | instance_variables.rb:14:9:14:21 | return | instance_variables.rb:79:6:79:19 | call to get_field | -| instance_variables.rb:82:32:82:40 | call to taint | captured_variables.rb:57:19:57:19 | x | captured_variables.rb:57:5:59:7 | self in set_field [Return] : Foo [@field] | instance_variables.rb:82:15:82:18 | [post] foo6 : Foo [@field] | -| instance_variables.rb:82:32:82:40 | call to taint | instance_variables.rb:10:19:10:19 | x | instance_variables.rb:10:5:12:7 | self in set_field [Return] : Foo [@field] | instance_variables.rb:82:15:82:18 | [post] foo6 : Foo [@field] | +| instance_variables.rb:82:32:82:40 | call to taint | captured_variables.rb:57:19:57:19 | x | captured_variables.rb:57:5:59:7 | self in set_field [Return] : Foo [@field] | instance_variables.rb:82:1:82:20 | [post] ( ... ) : Foo [@field] | +| instance_variables.rb:82:32:82:40 | call to taint | instance_variables.rb:10:19:10:19 | x | instance_variables.rb:10:5:12:7 | self in set_field [Return] : Foo [@field] | instance_variables.rb:82:1:82:20 | [post] ( ... ) : Foo [@field] | | instance_variables.rb:83:6:83:9 | foo3 : Foo [@field] | captured_variables.rb:60:5:62:7 | self in get_field : Foo [@field] | captured_variables.rb:61:9:61:21 | return | instance_variables.rb:83:6:83:19 | call to get_field | | instance_variables.rb:83:6:83:9 | foo3 : Foo [@field] | instance_variables.rb:13:5:15:7 | self in get_field : Foo [@field] | instance_variables.rb:14:9:14:21 | return | instance_variables.rb:83:6:83:19 | call to get_field | | instance_variables.rb:84:6:84:9 | foo5 : Foo [@field] | captured_variables.rb:60:5:62:7 | self in get_field : Foo [@field] | captured_variables.rb:61:9:61:21 | return | instance_variables.rb:84:6:84:19 | call to get_field | | instance_variables.rb:84:6:84:9 | foo5 : Foo [@field] | instance_variables.rb:13:5:15:7 | self in get_field : Foo [@field] | instance_variables.rb:14:9:14:21 | return | instance_variables.rb:84:6:84:19 | call to get_field | | instance_variables.rb:85:6:85:9 | foo6 : Foo [@field] | captured_variables.rb:60:5:62:7 | self in get_field : Foo [@field] | captured_variables.rb:61:9:61:21 | return | instance_variables.rb:85:6:85:19 | call to get_field | | instance_variables.rb:85:6:85:9 | foo6 : Foo [@field] | instance_variables.rb:13:5:15:7 | self in get_field : Foo [@field] | instance_variables.rb:14:9:14:21 | return | instance_variables.rb:85:6:85:19 | call to get_field | -| instance_variables.rb:89:45:89:53 | call to taint | captured_variables.rb:57:19:57:19 | x | captured_variables.rb:57:5:59:7 | self in set_field [Return] : Foo [@field] | instance_variables.rb:89:15:89:18 | [post] foo7 : Foo [@field] | -| instance_variables.rb:89:45:89:53 | call to taint | captured_variables.rb:57:19:57:19 | x | captured_variables.rb:57:5:59:7 | self in set_field [Return] : Foo [@field] | instance_variables.rb:89:25:89:28 | [post] foo8 : Foo [@field] | -| instance_variables.rb:89:45:89:53 | call to taint | instance_variables.rb:10:19:10:19 | x | instance_variables.rb:10:5:12:7 | self in set_field [Return] : Foo [@field] | instance_variables.rb:89:15:89:18 | [post] foo7 : Foo [@field] | -| instance_variables.rb:89:45:89:53 | call to taint | instance_variables.rb:10:19:10:19 | x | instance_variables.rb:10:5:12:7 | self in set_field [Return] : Foo [@field] | instance_variables.rb:89:25:89:28 | [post] foo8 : Foo [@field] | +| instance_variables.rb:89:45:89:53 | call to taint | captured_variables.rb:57:19:57:19 | x | captured_variables.rb:57:5:59:7 | self in set_field [Return] : Foo [@field] | instance_variables.rb:89:1:89:33 | [post] ( ... ) : Foo [@field] | +| instance_variables.rb:89:45:89:53 | call to taint | instance_variables.rb:10:19:10:19 | x | instance_variables.rb:10:5:12:7 | self in set_field [Return] : Foo [@field] | instance_variables.rb:89:1:89:33 | [post] ( ... ) : Foo [@field] | | instance_variables.rb:90:6:90:9 | foo7 : Foo [@field] | captured_variables.rb:60:5:62:7 | self in get_field : Foo [@field] | captured_variables.rb:61:9:61:21 | return | instance_variables.rb:90:6:90:19 | call to get_field | | instance_variables.rb:90:6:90:9 | foo7 : Foo [@field] | instance_variables.rb:13:5:15:7 | self in get_field : Foo [@field] | instance_variables.rb:14:9:14:21 | return | instance_variables.rb:90:6:90:19 | call to get_field | | instance_variables.rb:91:6:91:9 | foo8 : Foo [@field] | captured_variables.rb:60:5:62:7 | self in get_field : Foo [@field] | captured_variables.rb:61:9:61:21 | return | instance_variables.rb:91:6:91:19 | call to get_field | | instance_variables.rb:91:6:91:9 | foo8 : Foo [@field] | instance_variables.rb:13:5:15:7 | self in get_field : Foo [@field] | instance_variables.rb:14:9:14:21 | return | instance_variables.rb:91:6:91:19 | call to get_field | -| instance_variables.rb:95:53:95:61 | call to taint | captured_variables.rb:57:19:57:19 | x | captured_variables.rb:57:5:59:7 | self in set_field [Return] : Foo [@field] | instance_variables.rb:95:22:95:25 | [post] foo9 : Foo [@field] | -| instance_variables.rb:95:53:95:61 | call to taint | captured_variables.rb:57:19:57:19 | x | captured_variables.rb:57:5:59:7 | self in set_field [Return] : Foo [@field] | instance_variables.rb:95:32:95:36 | [post] foo10 : Foo [@field] | -| instance_variables.rb:95:53:95:61 | call to taint | instance_variables.rb:10:19:10:19 | x | instance_variables.rb:10:5:12:7 | self in set_field [Return] : Foo [@field] | instance_variables.rb:95:22:95:25 | [post] foo9 : Foo [@field] | -| instance_variables.rb:95:53:95:61 | call to taint | instance_variables.rb:10:19:10:19 | x | instance_variables.rb:10:5:12:7 | self in set_field [Return] : Foo [@field] | instance_variables.rb:95:32:95:36 | [post] foo10 : Foo [@field] | +| instance_variables.rb:95:53:95:61 | call to taint | captured_variables.rb:57:19:57:19 | x | captured_variables.rb:57:5:59:7 | self in set_field [Return] : Foo [@field] | instance_variables.rb:95:1:95:41 | [post] ( ... ) : Foo [@field] | +| instance_variables.rb:95:53:95:61 | call to taint | instance_variables.rb:10:19:10:19 | x | instance_variables.rb:10:5:12:7 | self in set_field [Return] : Foo [@field] | instance_variables.rb:95:1:95:41 | [post] ( ... ) : Foo [@field] | | instance_variables.rb:96:6:96:9 | foo9 : Foo [@field] | captured_variables.rb:60:5:62:7 | self in get_field : Foo [@field] | captured_variables.rb:61:9:61:21 | return | instance_variables.rb:96:6:96:19 | call to get_field | | instance_variables.rb:96:6:96:9 | foo9 : Foo [@field] | instance_variables.rb:13:5:15:7 | self in get_field : Foo [@field] | instance_variables.rb:14:9:14:21 | return | instance_variables.rb:96:6:96:19 | call to get_field | | instance_variables.rb:97:6:97:10 | foo10 : Foo [@field] | captured_variables.rb:60:5:62:7 | self in get_field : Foo [@field] | captured_variables.rb:61:9:61:21 | return | instance_variables.rb:97:6:97:20 | call to get_field | diff --git a/ruby/ql/test/library-tests/dataflow/local/DataflowStep.expected b/ruby/ql/test/library-tests/dataflow/local/DataflowStep.expected index 488f51a3d51..7122b4c0ae2 100644 --- a/ruby/ql/test/library-tests/dataflow/local/DataflowStep.expected +++ b/ruby/ql/test/library-tests/dataflow/local/DataflowStep.expected @@ -2910,6 +2910,8 @@ | local_dataflow.rb:141:19:141:37 | [false] ( ... ) | local_dataflow.rb:141:8:141:37 | [false] ... \|\| ... | | local_dataflow.rb:141:19:141:37 | [input] SSA phi read(self) | local_dataflow.rb:141:38:142:9 | [input] SSA phi read(self) | | local_dataflow.rb:141:19:141:37 | [input] SSA phi read(x) | local_dataflow.rb:141:38:142:9 | [input] SSA phi read(x) | +| local_dataflow.rb:141:19:141:37 | [post] [false] ( ... ) | local_dataflow.rb:141:20:141:36 | [post] [false] ... && ... | +| local_dataflow.rb:141:19:141:37 | [post] [true] ( ... ) | local_dataflow.rb:141:20:141:36 | [post] [true] ... && ... | | local_dataflow.rb:141:19:141:37 | [true] ( ... ) | local_dataflow.rb:141:8:141:37 | [true] ... \|\| ... | | local_dataflow.rb:141:20:141:25 | [input] SSA phi read(self) | local_dataflow.rb:143:11:143:16 | self | | local_dataflow.rb:141:20:141:25 | [input] SSA phi read(x) | local_dataflow.rb:143:15:143:15 | x | diff --git a/ruby/ql/test/library-tests/dataflow/local/TaintStep.expected b/ruby/ql/test/library-tests/dataflow/local/TaintStep.expected index 208a012ff65..4fa46d163b4 100644 --- a/ruby/ql/test/library-tests/dataflow/local/TaintStep.expected +++ b/ruby/ql/test/library-tests/dataflow/local/TaintStep.expected @@ -3405,6 +3405,8 @@ | local_dataflow.rb:141:19:141:37 | [false] ( ... ) | local_dataflow.rb:141:8:141:37 | [false] ... \|\| ... | | local_dataflow.rb:141:19:141:37 | [input] SSA phi read(self) | local_dataflow.rb:141:38:142:9 | [input] SSA phi read(self) | | local_dataflow.rb:141:19:141:37 | [input] SSA phi read(x) | local_dataflow.rb:141:38:142:9 | [input] SSA phi read(x) | +| local_dataflow.rb:141:19:141:37 | [post] [false] ( ... ) | local_dataflow.rb:141:20:141:36 | [post] [false] ... && ... | +| local_dataflow.rb:141:19:141:37 | [post] [true] ( ... ) | local_dataflow.rb:141:20:141:36 | [post] [true] ... && ... | | local_dataflow.rb:141:19:141:37 | [true] ( ... ) | local_dataflow.rb:141:8:141:37 | [true] ... \|\| ... | | local_dataflow.rb:141:20:141:25 | [input] SSA phi read(self) | local_dataflow.rb:143:11:143:16 | self | | local_dataflow.rb:141:20:141:25 | [input] SSA phi read(x) | local_dataflow.rb:143:15:143:15 | x | From 49ecff3292c9cad2ffc6101f721942d8907cc2be Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Thu, 13 Mar 2025 16:32:37 +0100 Subject: [PATCH 227/409] C#: Add cs/useless-assignment-to-local to the CCR suite. --- csharp/ql/src/codeql-suites/csharp-code-quality.qls | 1 + 1 file changed, 1 insertion(+) diff --git a/csharp/ql/src/codeql-suites/csharp-code-quality.qls b/csharp/ql/src/codeql-suites/csharp-code-quality.qls index b7b53377381..a7cfd44d734 100644 --- a/csharp/ql/src/codeql-suites/csharp-code-quality.qls +++ b/csharp/ql/src/codeql-suites/csharp-code-quality.qls @@ -12,3 +12,4 @@ - cs/constant-condition - cs/useless-gethashcode-call - cs/non-short-circuit + - cs/useless-assignment-to-local From 2b88600f0fb6680d7f8e3f0d82c825753f49d0fa Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Fri, 14 Mar 2025 15:19:09 +0100 Subject: [PATCH 228/409] C#: Re-factor cs/useless-assignment-to-local tests to use inline test framework. --- .../DeadStoreOfLocal/DeadStoreOfLocal.cs | 50 +++++++++---------- .../DeadStoreOfLocal/DeadStoreOfLocal.qlref | 3 +- .../DeadStoreOfLocal/DeadStoreOfLocalBad.cs | 10 ++-- 3 files changed, 32 insertions(+), 31 deletions(-) diff --git a/csharp/ql/test/query-tests/Dead Code/DeadStoreOfLocal/DeadStoreOfLocal.cs b/csharp/ql/test/query-tests/Dead Code/DeadStoreOfLocal/DeadStoreOfLocal.cs index 941981f6d6c..1b40bf9c3d7 100644 --- a/csharp/ql/test/query-tests/Dead Code/DeadStoreOfLocal/DeadStoreOfLocal.cs +++ b/csharp/ql/test/query-tests/Dead Code/DeadStoreOfLocal/DeadStoreOfLocal.cs @@ -9,14 +9,14 @@ public class DeadStoreOfLocal public int M1() { - int x = M2(); // BAD + int x = M2(); // $ Alert return (x = 1) + x; // GOOD } public int M2() { int x = 1; // GOOD - return x + (x = 1); // BAD + return x + (x = 1); // $ Alert } public int M3() @@ -41,19 +41,19 @@ public class DeadStoreOfLocal public void M5() { - int x = M3(); // BAD + int x = M3(); // $ Alert } public void M6() { int x = 42; - x += 1; // BAD + x += 1; // $ Alert } public void M7() { int x = 42; - x++; // BAD + x++; // $ Alert } public IEnumerable M8(IEnumerable source) @@ -79,8 +79,8 @@ public class DeadStoreOfLocal public void M10(IEnumerable source) { - foreach (var val in source) - { // BAD + foreach (var val in source) // $ Alert + { } } } @@ -98,10 +98,10 @@ public abstract class ExceptionsFlow message = "Unsuccessful completion"; // GOOD: Used in finally Process(); info2 = "Finishing"; // GOOD: Used in exception handler - extra = "Dead store here"; // BAD: Dead store + extra = "Dead store here"; // $ Alert Dead store Process(); message = "Successful completion"; // GOOD: Used in finally - info1 = "Used in handler"; // BAD: Used in handler, but not a reachable handler + info1 = "Used in handler"; // $ Alert Used in handler, but not a reachable handler } catch (SystemException ex) { @@ -139,7 +139,7 @@ public abstract class ExceptionsFlow { Process(); } - catch (Exception ex) // BAD + catch (Exception ex) // $ Alert { Console.WriteLine("Stage " + stage); stage = 3; // GOOD: Used in finally @@ -157,7 +157,7 @@ public class OutParam public void Test() { int x; - Fn(out x); // BAD + Fn(out x); // Missing Alert Fn(out _); // GOOD } @@ -194,7 +194,7 @@ public class Captured void M2() { - var x = M6(); // BAD [FALSE NEGATIVE] + var x = M6(); // Missing Alert Action a = () => { x = 1; // GOOD @@ -208,7 +208,7 @@ public class Captured int x; Action a = () => { - x = 1; // BAD [FALSE NEGATIVE] + x = 1; // Missing Alert }; a(); } @@ -230,7 +230,7 @@ public class Captured void M5() { - int x = 0; // BAD: NOT DETECTED + int x = 0; // Missing Alert. Action a = () => { x = 1; // GOOD @@ -243,14 +243,14 @@ public class Captured { fn(() => { - int y = M6(); // BAD + int y = M6(); // $ Alert return (y = 1) + y; // GOOD }); int captured = 0; // GOOD: Variable captured variable fn(() => { return captured; }); - return captured = 1; // BAD: NOT DETECTED + return captured = 1; // Missing Alert. } void M7() @@ -258,7 +258,7 @@ public class Captured var y = 12; // GOOD: Not a dead store (used in delegate) fn(() => { - var x = y; // BAD: Dead store in lambda + var x = y; // $ Alert Dead store in lambda return 0; }); } @@ -297,8 +297,8 @@ class Patterns { // GOOD Console.WriteLine($"int {i1}"); } - else if (o is var v1) - { // BAD + else if (o is var v1) // $ Alert + { } switch (o) @@ -311,7 +311,7 @@ class Patterns case int i3: // GOOD Console.WriteLine($"int {i3}"); break; - case var v2: // BAD + case var v2: // $ Alert break; default: Console.WriteLine("Something else"); @@ -328,7 +328,7 @@ class Tuples Use(x); Use(b); Use(s); - (x, (b, s)) = GetTuple(); // BAD: `b` + (x, (b, s)) = GetTuple(); // $ Alert on `b` Use(x); Use(s); (x, (_, s)) = GetTuple(); // GOOD @@ -369,7 +369,7 @@ class Initializers string M4() { - var s = M3(); // BAD + var s = M3(); // $ Alert s = ""; return s; } @@ -395,7 +395,7 @@ class Initializers { var s = ""; if (b) - s = "abc"; // BAD + s = "abc"; // $ Alert if (!b) return s; return null; @@ -469,8 +469,8 @@ public static class Using using var x = new System.IO.FileStream("", System.IO.FileMode.Open); // GOOD using var _ = new System.IO.FileStream("", System.IO.FileMode.Open); // GOOD - using (var y = new System.IO.FileStream("", System.IO.FileMode.Open)) // BAD + using (var y = new System.IO.FileStream("", System.IO.FileMode.Open)) // $ Alert { } } -} \ No newline at end of file +} diff --git a/csharp/ql/test/query-tests/Dead Code/DeadStoreOfLocal/DeadStoreOfLocal.qlref b/csharp/ql/test/query-tests/Dead Code/DeadStoreOfLocal/DeadStoreOfLocal.qlref index 51cf4454da2..cfc0aaa4eef 100644 --- a/csharp/ql/test/query-tests/Dead Code/DeadStoreOfLocal/DeadStoreOfLocal.qlref +++ b/csharp/ql/test/query-tests/Dead Code/DeadStoreOfLocal/DeadStoreOfLocal.qlref @@ -1 +1,2 @@ -Dead Code/DeadStoreOfLocal.ql +query: Dead Code/DeadStoreOfLocal.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Dead Code/DeadStoreOfLocal/DeadStoreOfLocalBad.cs b/csharp/ql/test/query-tests/Dead Code/DeadStoreOfLocal/DeadStoreOfLocalBad.cs index c1b7918e62b..059fe30b772 100644 --- a/csharp/ql/test/query-tests/Dead Code/DeadStoreOfLocal/DeadStoreOfLocalBad.cs +++ b/csharp/ql/test/query-tests/Dead Code/DeadStoreOfLocal/DeadStoreOfLocalBad.cs @@ -4,7 +4,7 @@ class Bad { double ParseInt(string s) { - var success = int.TryParse(s, out int i); + var success = int.TryParse(s, out int i); // $ Alert return i; } @@ -20,7 +20,7 @@ class Bad { return double.Parse(s); } - catch (FormatException e) + catch (FormatException e) // $ Alert { return double.NaN; } @@ -29,14 +29,14 @@ class Bad int Count(string[] ss) { int count = 0; - foreach (var s in ss) + foreach (var s in ss) // $ Alert count++; return count; } string IsInt(object o) { - if (o is int i) + if (o is int i) // $ Alert return "yes"; else return "no"; @@ -46,7 +46,7 @@ class Bad { switch (o) { - case string s: + case string s: // $ Alert return "yes"; default: return "no"; From dd1fbd28beab41658693c6356181a975c7c890e2 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Thu, 20 Mar 2025 11:42:11 +0100 Subject: [PATCH 229/409] C#: Add string interpolation examples to cs/useless-assignment-to-local. --- .../Dead Code/DeadStoreOfLocal/DeadStoreOfLocal.cs | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/csharp/ql/test/query-tests/Dead Code/DeadStoreOfLocal/DeadStoreOfLocal.cs b/csharp/ql/test/query-tests/Dead Code/DeadStoreOfLocal/DeadStoreOfLocal.cs index 1b40bf9c3d7..3e4e5fbeeb2 100644 --- a/csharp/ql/test/query-tests/Dead Code/DeadStoreOfLocal/DeadStoreOfLocal.cs +++ b/csharp/ql/test/query-tests/Dead Code/DeadStoreOfLocal/DeadStoreOfLocal.cs @@ -474,3 +474,13 @@ public static class Using } } } + +class StringInterpolation +{ + void Pi() + { + float pi = 3.14159f; // GOOD + const int align = 6; // GOOD + Console.WriteLine($"Pi, {pi,align:F3}"); + } +} From f9ff92a705307e9b4ed76bb0ac774b9ab117c496 Mon Sep 17 00:00:00 2001 From: Simon Friis Vindum Date: Fri, 4 Apr 2025 10:13:10 +0200 Subject: [PATCH 230/409] Rust: Expand on type inference tests for associated types --- .../test/library-tests/type-inference/main.rs | 94 +- .../type-inference/type-inference.expected | 1128 +++++++++-------- 2 files changed, 678 insertions(+), 544 deletions(-) diff --git a/rust/ql/test/library-tests/type-inference/main.rs b/rust/ql/test/library-tests/type-inference/main.rs index 2a432d50b8d..1a4462d54c4 100644 --- a/rust/ql/test/library-tests/type-inference/main.rs +++ b/rust/ql/test/library-tests/type-inference/main.rs @@ -329,9 +329,21 @@ mod function_trait_bounds { } mod trait_associated_type { + #[derive(Debug)] + struct Wrapper { + field: A, + } + + impl Wrapper { + fn unwrap(self) -> A { + self.field // $ fieldof=Wrapper + } + } + trait MyTrait { type AssociatedType; + // MyTrait::m1 fn m1(self) -> Self::AssociatedType; fn m2(self) -> Self::AssociatedType @@ -339,28 +351,96 @@ mod trait_associated_type { Self::AssociatedType: Default, Self: Sized, { + self.m1(); // $ method=MyTrait::m1 Self::AssociatedType::default() } } + trait MyTraitAssoc2 { + type GenericAssociatedType; + + // MyTrait::put + fn put(&self, a: A) -> Self::GenericAssociatedType; + + fn putTwo(&self, a: A, b: A) -> Self::GenericAssociatedType { + self.put(a); // $ method=MyTrait::put + self.put(b) // $ method=MyTrait::put + } + } + #[derive(Debug, Default)] struct S; + #[derive(Debug, Default)] + struct S2; + + #[derive(Debug, Default)] + struct AT; + impl MyTrait for S { - type AssociatedType = S; + type AssociatedType = AT; // S::m1 fn m1(self) -> Self::AssociatedType { - S + AT } } - pub fn f() { - let x = S; - println!("{:?}", x.m1()); // $ method=S::m1 + impl MyTraitAssoc2 for S { + // Associated type with a type parameter + type GenericAssociatedType = Wrapper; - let x = S; - println!("{:?}", x.m2()); // $ method=m2 + // S::put + fn put(&self, a: A) -> Wrapper { + Wrapper { field: a } + } + } + + impl MyTrait for S2 { + // Associated type definition with a type argument + type AssociatedType = Wrapper; + + fn m1(self) -> Self::AssociatedType { + Wrapper { field: self } + } + } + + // NOTE: This implementation is just to make it possible to call `m2` on `S2.` + impl Default for Wrapper { + fn default() -> Self { + Wrapper { field: S2 } + } + } + + // Function that returns an associated type from a trait bound + fn g(thing: T) -> ::AssociatedType { + thing.m1() // $ method=MyTrait::m1 + } + + pub fn f() { + let x1 = S; + // Call to method in `impl` block + println!("{:?}", x1.m1()); // $ method=S::m1 type=x1.m1():AT + + let x2 = S; + // Call to default method in `trait` block + let y = x2.m2(); // $ method=m2 MISSING: type=y:AT + println!("{:?}", y); + + let x3 = S; + // Call to the method in `impl` block + println!("{:?}", x3.put(1).unwrap()); // $ method=S::put method=unwrap + + // Call to default implementation in `trait` block + println!("{:?}", x3.putTwo(2, 3).unwrap()); // $ method=putTwo MISSING: method=unwrap + + let x4 = g(S); // $ MISSING: type=x4:AT + println!("{:?}", x4); + + let x5 = S2; + println!("{:?}", x5.m1()); // $ method=m1 MISSING: type=x5.m1():A.S2 + let x6 = S2; + println!("{:?}", x6.m2()); // $ method=m2 MISSING: type=x6.m2():A.S2 } } diff --git a/rust/ql/test/library-tests/type-inference/type-inference.expected b/rust/ql/test/library-tests/type-inference/type-inference.expected index d8164f4be81..94cc8c42a0b 100644 --- a/rust/ql/test/library-tests/type-inference/type-inference.expected +++ b/rust/ql/test/library-tests/type-inference/type-inference.expected @@ -328,540 +328,594 @@ inferType | main.rs:327:46:327:47 | y3 | | main.rs:263:5:266:5 | MyThing | | main.rs:327:46:327:47 | y3 | T | main.rs:263:5:266:5 | MyThing | | main.rs:327:46:327:47 | y3 | T.T | main.rs:270:5:271:14 | S2 | -| main.rs:335:15:335:18 | SelfParam | | main.rs:332:5:344:5 | Self [trait MyTrait] | -| main.rs:337:15:337:18 | SelfParam | | main.rs:332:5:344:5 | Self [trait MyTrait] | -| main.rs:353:15:353:18 | SelfParam | | main.rs:346:5:347:13 | S | -| main.rs:353:45:355:9 | { ... } | | main.rs:346:5:347:13 | S | -| main.rs:354:13:354:13 | S | | main.rs:346:5:347:13 | S | -| main.rs:359:13:359:13 | x | | main.rs:346:5:347:13 | S | -| main.rs:359:17:359:17 | S | | main.rs:346:5:347:13 | S | -| main.rs:360:26:360:26 | x | | main.rs:346:5:347:13 | S | -| main.rs:360:26:360:31 | x.m1() | | main.rs:346:5:347:13 | S | -| main.rs:362:13:362:13 | x | | main.rs:346:5:347:13 | S | -| main.rs:362:17:362:17 | S | | main.rs:346:5:347:13 | S | -| main.rs:363:26:363:26 | x | | main.rs:346:5:347:13 | S | -| main.rs:380:15:380:18 | SelfParam | | main.rs:368:5:372:5 | MyEnum | -| main.rs:380:15:380:18 | SelfParam | A | main.rs:379:10:379:10 | T | -| main.rs:380:26:385:9 | { ... } | | main.rs:379:10:379:10 | T | -| main.rs:381:13:384:13 | match self { ... } | | main.rs:379:10:379:10 | T | -| main.rs:381:19:381:22 | self | | main.rs:368:5:372:5 | MyEnum | -| main.rs:381:19:381:22 | self | A | main.rs:379:10:379:10 | T | -| main.rs:382:28:382:28 | a | | main.rs:379:10:379:10 | T | -| main.rs:382:34:382:34 | a | | main.rs:379:10:379:10 | T | -| main.rs:383:30:383:30 | a | | main.rs:379:10:379:10 | T | -| main.rs:383:37:383:37 | a | | main.rs:379:10:379:10 | T | -| main.rs:389:13:389:13 | x | | main.rs:368:5:372:5 | MyEnum | -| main.rs:389:13:389:13 | x | A | main.rs:374:5:375:14 | S1 | -| main.rs:389:17:389:30 | ...::C1(...) | | main.rs:368:5:372:5 | MyEnum | -| main.rs:389:17:389:30 | ...::C1(...) | A | main.rs:374:5:375:14 | S1 | -| main.rs:389:28:389:29 | S1 | | main.rs:374:5:375:14 | S1 | -| main.rs:390:13:390:13 | y | | main.rs:368:5:372:5 | MyEnum | -| main.rs:390:13:390:13 | y | A | main.rs:376:5:377:14 | S2 | -| main.rs:390:17:390:36 | ...::C2 {...} | | main.rs:368:5:372:5 | MyEnum | -| main.rs:390:17:390:36 | ...::C2 {...} | A | main.rs:376:5:377:14 | S2 | -| main.rs:390:33:390:34 | S2 | | main.rs:376:5:377:14 | S2 | -| main.rs:392:26:392:26 | x | | main.rs:368:5:372:5 | MyEnum | -| main.rs:392:26:392:26 | x | A | main.rs:374:5:375:14 | S1 | -| main.rs:392:26:392:31 | x.m1() | | main.rs:374:5:375:14 | S1 | -| main.rs:393:26:393:26 | y | | main.rs:368:5:372:5 | MyEnum | -| main.rs:393:26:393:26 | y | A | main.rs:376:5:377:14 | S2 | -| main.rs:393:26:393:31 | y.m1() | | main.rs:376:5:377:14 | S2 | -| main.rs:415:15:415:18 | SelfParam | | main.rs:413:5:416:5 | Self [trait MyTrait1] | -| main.rs:419:15:419:18 | SelfParam | | main.rs:418:5:429:5 | Self [trait MyTrait2] | -| main.rs:422:9:428:9 | { ... } | | main.rs:418:20:418:22 | Tr2 | -| main.rs:423:13:427:13 | if ... {...} else {...} | | main.rs:418:20:418:22 | Tr2 | -| main.rs:423:26:425:13 | { ... } | | main.rs:418:20:418:22 | Tr2 | -| main.rs:424:17:424:20 | self | | main.rs:418:5:429:5 | Self [trait MyTrait2] | -| main.rs:424:17:424:25 | self.m1() | | main.rs:418:20:418:22 | Tr2 | -| main.rs:425:20:427:13 | { ... } | | main.rs:418:20:418:22 | Tr2 | -| main.rs:426:17:426:30 | ...::m1(...) | | main.rs:418:20:418:22 | Tr2 | -| main.rs:426:26:426:29 | self | | main.rs:418:5:429:5 | Self [trait MyTrait2] | -| main.rs:432:15:432:18 | SelfParam | | main.rs:431:5:442:5 | Self [trait MyTrait3] | -| main.rs:435:9:441:9 | { ... } | | main.rs:431:20:431:22 | Tr3 | -| main.rs:436:13:440:13 | if ... {...} else {...} | | main.rs:431:20:431:22 | Tr3 | -| main.rs:436:26:438:13 | { ... } | | main.rs:431:20:431:22 | Tr3 | -| main.rs:437:17:437:20 | self | | main.rs:431:5:442:5 | Self [trait MyTrait3] | -| main.rs:437:17:437:25 | self.m2() | | main.rs:398:5:401:5 | MyThing | -| main.rs:437:17:437:25 | self.m2() | A | main.rs:431:20:431:22 | Tr3 | -| main.rs:437:17:437:27 | ... .a | | main.rs:431:20:431:22 | Tr3 | -| main.rs:438:20:440:13 | { ... } | | main.rs:431:20:431:22 | Tr3 | -| main.rs:439:17:439:30 | ...::m2(...) | | main.rs:398:5:401:5 | MyThing | -| main.rs:439:17:439:30 | ...::m2(...) | A | main.rs:431:20:431:22 | Tr3 | -| main.rs:439:17:439:32 | ... .a | | main.rs:431:20:431:22 | Tr3 | -| main.rs:439:26:439:29 | self | | main.rs:431:5:442:5 | Self [trait MyTrait3] | -| main.rs:446:15:446:18 | SelfParam | | main.rs:398:5:401:5 | MyThing | -| main.rs:446:15:446:18 | SelfParam | A | main.rs:444:10:444:10 | T | -| main.rs:446:26:448:9 | { ... } | | main.rs:444:10:444:10 | T | -| main.rs:447:13:447:16 | self | | main.rs:398:5:401:5 | MyThing | -| main.rs:447:13:447:16 | self | A | main.rs:444:10:444:10 | T | -| main.rs:447:13:447:18 | self.a | | main.rs:444:10:444:10 | T | -| main.rs:455:15:455:18 | SelfParam | | main.rs:403:5:406:5 | MyThing2 | -| main.rs:455:15:455:18 | SelfParam | A | main.rs:453:10:453:10 | T | -| main.rs:455:35:457:9 | { ... } | | main.rs:398:5:401:5 | MyThing | -| main.rs:455:35:457:9 | { ... } | A | main.rs:453:10:453:10 | T | -| main.rs:456:13:456:33 | MyThing {...} | | main.rs:398:5:401:5 | MyThing | -| main.rs:456:13:456:33 | MyThing {...} | A | main.rs:453:10:453:10 | T | -| main.rs:456:26:456:29 | self | | main.rs:403:5:406:5 | MyThing2 | -| main.rs:456:26:456:29 | self | A | main.rs:453:10:453:10 | T | -| main.rs:456:26:456:31 | self.a | | main.rs:453:10:453:10 | T | -| main.rs:465:13:465:13 | x | | main.rs:398:5:401:5 | MyThing | -| main.rs:465:13:465:13 | x | A | main.rs:408:5:409:14 | S1 | -| main.rs:465:17:465:33 | MyThing {...} | | main.rs:398:5:401:5 | MyThing | -| main.rs:465:17:465:33 | MyThing {...} | A | main.rs:408:5:409:14 | S1 | -| main.rs:465:30:465:31 | S1 | | main.rs:408:5:409:14 | S1 | -| main.rs:466:13:466:13 | y | | main.rs:398:5:401:5 | MyThing | -| main.rs:466:13:466:13 | y | A | main.rs:410:5:411:14 | S2 | -| main.rs:466:17:466:33 | MyThing {...} | | main.rs:398:5:401:5 | MyThing | -| main.rs:466:17:466:33 | MyThing {...} | A | main.rs:410:5:411:14 | S2 | -| main.rs:466:30:466:31 | S2 | | main.rs:410:5:411:14 | S2 | -| main.rs:468:26:468:26 | x | | main.rs:398:5:401:5 | MyThing | -| main.rs:468:26:468:26 | x | A | main.rs:408:5:409:14 | S1 | -| main.rs:468:26:468:31 | x.m1() | | main.rs:408:5:409:14 | S1 | -| main.rs:469:26:469:26 | y | | main.rs:398:5:401:5 | MyThing | -| main.rs:469:26:469:26 | y | A | main.rs:410:5:411:14 | S2 | -| main.rs:469:26:469:31 | y.m1() | | main.rs:410:5:411:14 | S2 | -| main.rs:471:13:471:13 | x | | main.rs:398:5:401:5 | MyThing | -| main.rs:471:13:471:13 | x | A | main.rs:408:5:409:14 | S1 | -| main.rs:471:17:471:33 | MyThing {...} | | main.rs:398:5:401:5 | MyThing | -| main.rs:471:17:471:33 | MyThing {...} | A | main.rs:408:5:409:14 | S1 | -| main.rs:471:30:471:31 | S1 | | main.rs:408:5:409:14 | S1 | -| main.rs:472:13:472:13 | y | | main.rs:398:5:401:5 | MyThing | -| main.rs:472:13:472:13 | y | A | main.rs:410:5:411:14 | S2 | -| main.rs:472:17:472:33 | MyThing {...} | | main.rs:398:5:401:5 | MyThing | -| main.rs:472:17:472:33 | MyThing {...} | A | main.rs:410:5:411:14 | S2 | -| main.rs:472:30:472:31 | S2 | | main.rs:410:5:411:14 | S2 | -| main.rs:474:26:474:26 | x | | main.rs:398:5:401:5 | MyThing | -| main.rs:474:26:474:26 | x | A | main.rs:408:5:409:14 | S1 | -| main.rs:474:26:474:31 | x.m2() | | main.rs:408:5:409:14 | S1 | -| main.rs:475:26:475:26 | y | | main.rs:398:5:401:5 | MyThing | -| main.rs:475:26:475:26 | y | A | main.rs:410:5:411:14 | S2 | -| main.rs:475:26:475:31 | y.m2() | | main.rs:410:5:411:14 | S2 | -| main.rs:477:13:477:13 | x | | main.rs:403:5:406:5 | MyThing2 | -| main.rs:477:13:477:13 | x | A | main.rs:408:5:409:14 | S1 | -| main.rs:477:17:477:34 | MyThing2 {...} | | main.rs:403:5:406:5 | MyThing2 | -| main.rs:477:17:477:34 | MyThing2 {...} | A | main.rs:408:5:409:14 | S1 | -| main.rs:477:31:477:32 | S1 | | main.rs:408:5:409:14 | S1 | -| main.rs:478:13:478:13 | y | | main.rs:403:5:406:5 | MyThing2 | -| main.rs:478:13:478:13 | y | A | main.rs:410:5:411:14 | S2 | -| main.rs:478:17:478:34 | MyThing2 {...} | | main.rs:403:5:406:5 | MyThing2 | -| main.rs:478:17:478:34 | MyThing2 {...} | A | main.rs:410:5:411:14 | S2 | -| main.rs:478:31:478:32 | S2 | | main.rs:410:5:411:14 | S2 | -| main.rs:480:26:480:26 | x | | main.rs:403:5:406:5 | MyThing2 | -| main.rs:480:26:480:26 | x | A | main.rs:408:5:409:14 | S1 | -| main.rs:480:26:480:31 | x.m3() | | main.rs:408:5:409:14 | S1 | -| main.rs:481:26:481:26 | y | | main.rs:403:5:406:5 | MyThing2 | -| main.rs:481:26:481:26 | y | A | main.rs:410:5:411:14 | S2 | -| main.rs:481:26:481:31 | y.m3() | | main.rs:410:5:411:14 | S2 | -| main.rs:499:22:499:22 | x | | file://:0:0:0:0 | & | -| main.rs:499:22:499:22 | x | &T | main.rs:499:11:499:19 | T | -| main.rs:499:35:501:5 | { ... } | | file://:0:0:0:0 | & | -| main.rs:499:35:501:5 | { ... } | &T | main.rs:499:11:499:19 | T | -| main.rs:500:9:500:9 | x | | file://:0:0:0:0 | & | -| main.rs:500:9:500:9 | x | &T | main.rs:499:11:499:19 | T | -| main.rs:504:17:504:20 | SelfParam | | main.rs:489:5:490:14 | S1 | -| main.rs:504:29:506:9 | { ... } | | main.rs:492:5:493:14 | S2 | -| main.rs:505:13:505:14 | S2 | | main.rs:492:5:493:14 | S2 | -| main.rs:509:21:509:21 | x | | main.rs:509:13:509:14 | T1 | -| main.rs:512:5:514:5 | { ... } | | main.rs:509:17:509:18 | T2 | -| main.rs:513:9:513:9 | x | | main.rs:509:13:509:14 | T1 | -| main.rs:513:9:513:16 | x.into() | | main.rs:509:17:509:18 | T2 | -| main.rs:517:13:517:13 | x | | main.rs:489:5:490:14 | S1 | -| main.rs:517:17:517:18 | S1 | | main.rs:489:5:490:14 | S1 | -| main.rs:518:26:518:31 | id(...) | | file://:0:0:0:0 | & | -| main.rs:518:26:518:31 | id(...) | &T | main.rs:489:5:490:14 | S1 | -| main.rs:518:29:518:30 | &x | | file://:0:0:0:0 | & | -| main.rs:518:29:518:30 | &x | &T | main.rs:489:5:490:14 | S1 | -| main.rs:518:30:518:30 | x | | main.rs:489:5:490:14 | S1 | -| main.rs:520:13:520:13 | x | | main.rs:489:5:490:14 | S1 | -| main.rs:520:17:520:18 | S1 | | main.rs:489:5:490:14 | S1 | -| main.rs:521:26:521:37 | id::<...>(...) | | file://:0:0:0:0 | & | -| main.rs:521:26:521:37 | id::<...>(...) | &T | main.rs:489:5:490:14 | S1 | -| main.rs:521:35:521:36 | &x | | file://:0:0:0:0 | & | -| main.rs:521:35:521:36 | &x | &T | main.rs:489:5:490:14 | S1 | -| main.rs:521:36:521:36 | x | | main.rs:489:5:490:14 | S1 | -| main.rs:523:13:523:13 | x | | main.rs:489:5:490:14 | S1 | -| main.rs:523:17:523:18 | S1 | | main.rs:489:5:490:14 | S1 | -| main.rs:524:26:524:44 | id::<...>(...) | | file://:0:0:0:0 | & | -| main.rs:524:26:524:44 | id::<...>(...) | &T | main.rs:489:5:490:14 | S1 | -| main.rs:524:42:524:43 | &x | | file://:0:0:0:0 | & | -| main.rs:524:42:524:43 | &x | &T | main.rs:489:5:490:14 | S1 | -| main.rs:524:43:524:43 | x | | main.rs:489:5:490:14 | S1 | -| main.rs:526:13:526:13 | x | | main.rs:489:5:490:14 | S1 | -| main.rs:526:17:526:18 | S1 | | main.rs:489:5:490:14 | S1 | -| main.rs:527:9:527:25 | into::<...>(...) | | main.rs:492:5:493:14 | S2 | -| main.rs:527:24:527:24 | x | | main.rs:489:5:490:14 | S1 | -| main.rs:529:13:529:13 | x | | main.rs:489:5:490:14 | S1 | -| main.rs:529:17:529:18 | S1 | | main.rs:489:5:490:14 | S1 | -| main.rs:530:13:530:13 | y | | main.rs:492:5:493:14 | S2 | -| main.rs:530:21:530:27 | into(...) | | main.rs:492:5:493:14 | S2 | -| main.rs:530:26:530:26 | x | | main.rs:489:5:490:14 | S1 | -| main.rs:560:13:560:14 | p1 | | main.rs:535:5:541:5 | PairOption | -| main.rs:560:13:560:14 | p1 | Fst | main.rs:543:5:544:14 | S1 | -| main.rs:560:13:560:14 | p1 | Snd | main.rs:546:5:547:14 | S2 | -| main.rs:560:26:560:53 | ...::PairBoth(...) | | main.rs:535:5:541:5 | PairOption | -| main.rs:560:26:560:53 | ...::PairBoth(...) | Fst | main.rs:543:5:544:14 | S1 | -| main.rs:560:26:560:53 | ...::PairBoth(...) | Snd | main.rs:546:5:547:14 | S2 | -| main.rs:560:47:560:48 | S1 | | main.rs:543:5:544:14 | S1 | -| main.rs:560:51:560:52 | S2 | | main.rs:546:5:547:14 | S2 | -| main.rs:561:26:561:27 | p1 | | main.rs:535:5:541:5 | PairOption | -| main.rs:561:26:561:27 | p1 | Fst | main.rs:543:5:544:14 | S1 | -| main.rs:561:26:561:27 | p1 | Snd | main.rs:546:5:547:14 | S2 | -| main.rs:564:13:564:14 | p2 | | main.rs:535:5:541:5 | PairOption | -| main.rs:564:26:564:47 | ...::PairNone(...) | | main.rs:535:5:541:5 | PairOption | -| main.rs:565:26:565:27 | p2 | | main.rs:535:5:541:5 | PairOption | -| main.rs:568:13:568:14 | p3 | | main.rs:535:5:541:5 | PairOption | -| main.rs:568:13:568:14 | p3 | Snd | main.rs:549:5:550:14 | S3 | -| main.rs:568:34:568:56 | ...::PairSnd(...) | | main.rs:535:5:541:5 | PairOption | -| main.rs:568:34:568:56 | ...::PairSnd(...) | Snd | main.rs:549:5:550:14 | S3 | -| main.rs:568:54:568:55 | S3 | | main.rs:549:5:550:14 | S3 | -| main.rs:569:26:569:27 | p3 | | main.rs:535:5:541:5 | PairOption | -| main.rs:569:26:569:27 | p3 | Snd | main.rs:549:5:550:14 | S3 | -| main.rs:572:13:572:14 | p3 | | main.rs:535:5:541:5 | PairOption | -| main.rs:572:13:572:14 | p3 | Fst | main.rs:549:5:550:14 | S3 | -| main.rs:572:35:572:56 | ...::PairNone(...) | | main.rs:535:5:541:5 | PairOption | -| main.rs:572:35:572:56 | ...::PairNone(...) | Fst | main.rs:549:5:550:14 | S3 | -| main.rs:573:26:573:27 | p3 | | main.rs:535:5:541:5 | PairOption | -| main.rs:573:26:573:27 | p3 | Fst | main.rs:549:5:550:14 | S3 | -| main.rs:586:16:586:24 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:586:16:586:24 | SelfParam | &T | main.rs:584:5:591:5 | Self [trait MyTrait] | -| main.rs:586:27:586:31 | value | | main.rs:584:19:584:19 | S | -| main.rs:588:21:588:29 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:588:21:588:29 | SelfParam | &T | main.rs:584:5:591:5 | Self [trait MyTrait] | -| main.rs:588:32:588:36 | value | | main.rs:584:19:584:19 | S | -| main.rs:589:13:589:16 | self | | file://:0:0:0:0 | & | -| main.rs:589:13:589:16 | self | &T | main.rs:584:5:591:5 | Self [trait MyTrait] | -| main.rs:589:22:589:26 | value | | main.rs:584:19:584:19 | S | -| main.rs:595:16:595:24 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:595:16:595:24 | SelfParam | &T | main.rs:578:5:582:5 | MyOption | -| main.rs:595:16:595:24 | SelfParam | &T.T | main.rs:593:10:593:10 | T | -| main.rs:595:27:595:31 | value | | main.rs:593:10:593:10 | T | -| main.rs:599:26:601:9 | { ... } | | main.rs:578:5:582:5 | MyOption | -| main.rs:599:26:601:9 | { ... } | T | main.rs:598:10:598:10 | T | -| main.rs:600:13:600:30 | ...::MyNone(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:600:13:600:30 | ...::MyNone(...) | T | main.rs:598:10:598:10 | T | -| main.rs:605:20:605:23 | SelfParam | | main.rs:578:5:582:5 | MyOption | -| main.rs:605:20:605:23 | SelfParam | T | main.rs:578:5:582:5 | MyOption | -| main.rs:605:20:605:23 | SelfParam | T.T | main.rs:604:10:604:10 | T | -| main.rs:605:41:610:9 | { ... } | | main.rs:578:5:582:5 | MyOption | -| main.rs:605:41:610:9 | { ... } | T | main.rs:604:10:604:10 | T | -| main.rs:606:13:609:13 | match self { ... } | | main.rs:578:5:582:5 | MyOption | -| main.rs:606:13:609:13 | match self { ... } | T | main.rs:604:10:604:10 | T | -| main.rs:606:19:606:22 | self | | main.rs:578:5:582:5 | MyOption | -| main.rs:606:19:606:22 | self | T | main.rs:578:5:582:5 | MyOption | -| main.rs:606:19:606:22 | self | T.T | main.rs:604:10:604:10 | T | -| main.rs:607:39:607:56 | ...::MyNone(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:607:39:607:56 | ...::MyNone(...) | T | main.rs:604:10:604:10 | T | -| main.rs:608:34:608:34 | x | | main.rs:578:5:582:5 | MyOption | -| main.rs:608:34:608:34 | x | T | main.rs:604:10:604:10 | T | -| main.rs:608:40:608:40 | x | | main.rs:578:5:582:5 | MyOption | -| main.rs:608:40:608:40 | x | T | main.rs:604:10:604:10 | T | -| main.rs:617:13:617:14 | x1 | | main.rs:578:5:582:5 | MyOption | -| main.rs:617:18:617:37 | ...::new(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:618:26:618:27 | x1 | | main.rs:578:5:582:5 | MyOption | -| main.rs:620:13:620:18 | mut x2 | | main.rs:578:5:582:5 | MyOption | -| main.rs:620:13:620:18 | mut x2 | T | main.rs:613:5:614:13 | S | -| main.rs:620:22:620:36 | ...::new(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:620:22:620:36 | ...::new(...) | T | main.rs:613:5:614:13 | S | -| main.rs:621:9:621:10 | x2 | | main.rs:578:5:582:5 | MyOption | -| main.rs:621:9:621:10 | x2 | T | main.rs:613:5:614:13 | S | -| main.rs:621:16:621:16 | S | | main.rs:613:5:614:13 | S | -| main.rs:622:26:622:27 | x2 | | main.rs:578:5:582:5 | MyOption | -| main.rs:622:26:622:27 | x2 | T | main.rs:613:5:614:13 | S | -| main.rs:624:13:624:18 | mut x3 | | main.rs:578:5:582:5 | MyOption | -| main.rs:624:22:624:36 | ...::new(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:625:9:625:10 | x3 | | main.rs:578:5:582:5 | MyOption | -| main.rs:625:21:625:21 | S | | main.rs:613:5:614:13 | S | -| main.rs:626:26:626:27 | x3 | | main.rs:578:5:582:5 | MyOption | -| main.rs:628:13:628:18 | mut x4 | | main.rs:578:5:582:5 | MyOption | -| main.rs:628:13:628:18 | mut x4 | T | main.rs:613:5:614:13 | S | -| main.rs:628:22:628:36 | ...::new(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:628:22:628:36 | ...::new(...) | T | main.rs:613:5:614:13 | S | -| main.rs:629:23:629:29 | &mut x4 | | file://:0:0:0:0 | & | -| main.rs:629:23:629:29 | &mut x4 | &T | main.rs:578:5:582:5 | MyOption | -| main.rs:629:23:629:29 | &mut x4 | &T.T | main.rs:613:5:614:13 | S | -| main.rs:629:28:629:29 | x4 | | main.rs:578:5:582:5 | MyOption | -| main.rs:629:28:629:29 | x4 | T | main.rs:613:5:614:13 | S | -| main.rs:629:32:629:32 | S | | main.rs:613:5:614:13 | S | -| main.rs:630:26:630:27 | x4 | | main.rs:578:5:582:5 | MyOption | -| main.rs:630:26:630:27 | x4 | T | main.rs:613:5:614:13 | S | -| main.rs:632:13:632:14 | x5 | | main.rs:578:5:582:5 | MyOption | -| main.rs:632:13:632:14 | x5 | T | main.rs:578:5:582:5 | MyOption | -| main.rs:632:13:632:14 | x5 | T.T | main.rs:613:5:614:13 | S | -| main.rs:632:18:632:58 | ...::MySome(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:632:18:632:58 | ...::MySome(...) | T | main.rs:578:5:582:5 | MyOption | -| main.rs:632:18:632:58 | ...::MySome(...) | T.T | main.rs:613:5:614:13 | S | -| main.rs:632:35:632:57 | ...::MyNone(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:632:35:632:57 | ...::MyNone(...) | T | main.rs:613:5:614:13 | S | -| main.rs:633:26:633:27 | x5 | | main.rs:578:5:582:5 | MyOption | -| main.rs:633:26:633:27 | x5 | T | main.rs:578:5:582:5 | MyOption | -| main.rs:633:26:633:27 | x5 | T.T | main.rs:613:5:614:13 | S | -| main.rs:635:13:635:14 | x6 | | main.rs:578:5:582:5 | MyOption | -| main.rs:635:13:635:14 | x6 | T | main.rs:578:5:582:5 | MyOption | -| main.rs:635:13:635:14 | x6 | T.T | main.rs:613:5:614:13 | S | -| main.rs:635:18:635:58 | ...::MySome(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:635:18:635:58 | ...::MySome(...) | T | main.rs:578:5:582:5 | MyOption | -| main.rs:635:18:635:58 | ...::MySome(...) | T.T | main.rs:613:5:614:13 | S | -| main.rs:635:35:635:57 | ...::MyNone(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:635:35:635:57 | ...::MyNone(...) | T | main.rs:613:5:614:13 | S | -| main.rs:636:26:636:61 | ...::flatten(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:636:26:636:61 | ...::flatten(...) | T | main.rs:613:5:614:13 | S | -| main.rs:636:59:636:60 | x6 | | main.rs:578:5:582:5 | MyOption | -| main.rs:636:59:636:60 | x6 | T | main.rs:578:5:582:5 | MyOption | -| main.rs:636:59:636:60 | x6 | T.T | main.rs:613:5:614:13 | S | -| main.rs:638:13:638:19 | from_if | | main.rs:578:5:582:5 | MyOption | -| main.rs:638:13:638:19 | from_if | T | main.rs:613:5:614:13 | S | -| main.rs:638:23:642:9 | if ... {...} else {...} | | main.rs:578:5:582:5 | MyOption | -| main.rs:638:23:642:9 | if ... {...} else {...} | T | main.rs:613:5:614:13 | S | -| main.rs:638:36:640:9 | { ... } | | main.rs:578:5:582:5 | MyOption | -| main.rs:638:36:640:9 | { ... } | T | main.rs:613:5:614:13 | S | -| main.rs:639:13:639:30 | ...::MyNone(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:639:13:639:30 | ...::MyNone(...) | T | main.rs:613:5:614:13 | S | -| main.rs:640:16:642:9 | { ... } | | main.rs:578:5:582:5 | MyOption | -| main.rs:640:16:642:9 | { ... } | T | main.rs:613:5:614:13 | S | -| main.rs:641:13:641:31 | ...::MySome(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:641:13:641:31 | ...::MySome(...) | T | main.rs:613:5:614:13 | S | -| main.rs:641:30:641:30 | S | | main.rs:613:5:614:13 | S | -| main.rs:643:26:643:32 | from_if | | main.rs:578:5:582:5 | MyOption | -| main.rs:643:26:643:32 | from_if | T | main.rs:613:5:614:13 | S | -| main.rs:645:13:645:22 | from_match | | main.rs:578:5:582:5 | MyOption | -| main.rs:645:13:645:22 | from_match | T | main.rs:613:5:614:13 | S | -| main.rs:645:26:648:9 | match ... { ... } | | main.rs:578:5:582:5 | MyOption | -| main.rs:645:26:648:9 | match ... { ... } | T | main.rs:613:5:614:13 | S | -| main.rs:646:21:646:38 | ...::MyNone(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:646:21:646:38 | ...::MyNone(...) | T | main.rs:613:5:614:13 | S | -| main.rs:647:22:647:40 | ...::MySome(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:647:22:647:40 | ...::MySome(...) | T | main.rs:613:5:614:13 | S | -| main.rs:647:39:647:39 | S | | main.rs:613:5:614:13 | S | -| main.rs:649:26:649:35 | from_match | | main.rs:578:5:582:5 | MyOption | -| main.rs:649:26:649:35 | from_match | T | main.rs:613:5:614:13 | S | -| main.rs:651:13:651:21 | from_loop | | main.rs:578:5:582:5 | MyOption | -| main.rs:651:13:651:21 | from_loop | T | main.rs:613:5:614:13 | S | -| main.rs:651:25:656:9 | loop { ... } | | main.rs:578:5:582:5 | MyOption | -| main.rs:651:25:656:9 | loop { ... } | T | main.rs:613:5:614:13 | S | -| main.rs:653:23:653:40 | ...::MyNone(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:653:23:653:40 | ...::MyNone(...) | T | main.rs:613:5:614:13 | S | -| main.rs:655:19:655:37 | ...::MySome(...) | | main.rs:578:5:582:5 | MyOption | -| main.rs:655:19:655:37 | ...::MySome(...) | T | main.rs:613:5:614:13 | S | -| main.rs:655:36:655:36 | S | | main.rs:613:5:614:13 | S | -| main.rs:657:26:657:34 | from_loop | | main.rs:578:5:582:5 | MyOption | -| main.rs:657:26:657:34 | from_loop | T | main.rs:613:5:614:13 | S | -| main.rs:670:15:670:18 | SelfParam | | main.rs:663:5:664:19 | S | -| main.rs:670:15:670:18 | SelfParam | T | main.rs:669:10:669:10 | T | -| main.rs:670:26:672:9 | { ... } | | main.rs:669:10:669:10 | T | -| main.rs:671:13:671:16 | self | | main.rs:663:5:664:19 | S | -| main.rs:671:13:671:16 | self | T | main.rs:669:10:669:10 | T | -| main.rs:671:13:671:18 | self.0 | | main.rs:669:10:669:10 | T | -| main.rs:674:15:674:19 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:674:15:674:19 | SelfParam | &T | main.rs:663:5:664:19 | S | -| main.rs:674:15:674:19 | SelfParam | &T.T | main.rs:669:10:669:10 | T | -| main.rs:674:28:676:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:674:28:676:9 | { ... } | &T | main.rs:669:10:669:10 | T | -| main.rs:675:13:675:19 | &... | | file://:0:0:0:0 | & | -| main.rs:675:13:675:19 | &... | &T | main.rs:669:10:669:10 | T | -| main.rs:675:14:675:17 | self | | file://:0:0:0:0 | & | -| main.rs:675:14:675:17 | self | &T | main.rs:663:5:664:19 | S | -| main.rs:675:14:675:17 | self | &T.T | main.rs:669:10:669:10 | T | -| main.rs:675:14:675:19 | self.0 | | main.rs:669:10:669:10 | T | -| main.rs:678:15:678:25 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:678:15:678:25 | SelfParam | &T | main.rs:663:5:664:19 | S | -| main.rs:678:15:678:25 | SelfParam | &T.T | main.rs:669:10:669:10 | T | -| main.rs:678:34:680:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:678:34:680:9 | { ... } | &T | main.rs:669:10:669:10 | T | -| main.rs:679:13:679:19 | &... | | file://:0:0:0:0 | & | -| main.rs:679:13:679:19 | &... | &T | main.rs:669:10:669:10 | T | -| main.rs:679:14:679:17 | self | | file://:0:0:0:0 | & | -| main.rs:679:14:679:17 | self | &T | main.rs:663:5:664:19 | S | -| main.rs:679:14:679:17 | self | &T.T | main.rs:669:10:669:10 | T | -| main.rs:679:14:679:19 | self.0 | | main.rs:669:10:669:10 | T | -| main.rs:684:13:684:14 | x1 | | main.rs:663:5:664:19 | S | -| main.rs:684:13:684:14 | x1 | T | main.rs:666:5:667:14 | S2 | -| main.rs:684:18:684:22 | S(...) | | main.rs:663:5:664:19 | S | -| main.rs:684:18:684:22 | S(...) | T | main.rs:666:5:667:14 | S2 | -| main.rs:684:20:684:21 | S2 | | main.rs:666:5:667:14 | S2 | -| main.rs:685:26:685:27 | x1 | | main.rs:663:5:664:19 | S | -| main.rs:685:26:685:27 | x1 | T | main.rs:666:5:667:14 | S2 | -| main.rs:685:26:685:32 | x1.m1() | | main.rs:666:5:667:14 | S2 | -| main.rs:687:13:687:14 | x2 | | main.rs:663:5:664:19 | S | -| main.rs:687:13:687:14 | x2 | T | main.rs:666:5:667:14 | S2 | -| main.rs:687:18:687:22 | S(...) | | main.rs:663:5:664:19 | S | -| main.rs:687:18:687:22 | S(...) | T | main.rs:666:5:667:14 | S2 | -| main.rs:687:20:687:21 | S2 | | main.rs:666:5:667:14 | S2 | -| main.rs:689:26:689:27 | x2 | | main.rs:663:5:664:19 | S | -| main.rs:689:26:689:27 | x2 | T | main.rs:666:5:667:14 | S2 | -| main.rs:689:26:689:32 | x2.m2() | | file://:0:0:0:0 | & | -| main.rs:689:26:689:32 | x2.m2() | &T | main.rs:666:5:667:14 | S2 | -| main.rs:690:26:690:27 | x2 | | main.rs:663:5:664:19 | S | -| main.rs:690:26:690:27 | x2 | T | main.rs:666:5:667:14 | S2 | -| main.rs:690:26:690:32 | x2.m3() | | file://:0:0:0:0 | & | -| main.rs:690:26:690:32 | x2.m3() | &T | main.rs:666:5:667:14 | S2 | -| main.rs:692:13:692:14 | x3 | | main.rs:663:5:664:19 | S | -| main.rs:692:13:692:14 | x3 | T | main.rs:666:5:667:14 | S2 | -| main.rs:692:18:692:22 | S(...) | | main.rs:663:5:664:19 | S | -| main.rs:692:18:692:22 | S(...) | T | main.rs:666:5:667:14 | S2 | -| main.rs:692:20:692:21 | S2 | | main.rs:666:5:667:14 | S2 | -| main.rs:694:26:694:41 | ...::m2(...) | | file://:0:0:0:0 | & | -| main.rs:694:26:694:41 | ...::m2(...) | &T | main.rs:666:5:667:14 | S2 | -| main.rs:694:38:694:40 | &x3 | | file://:0:0:0:0 | & | -| main.rs:694:38:694:40 | &x3 | &T | main.rs:663:5:664:19 | S | -| main.rs:694:38:694:40 | &x3 | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:694:39:694:40 | x3 | | main.rs:663:5:664:19 | S | -| main.rs:694:39:694:40 | x3 | T | main.rs:666:5:667:14 | S2 | -| main.rs:695:26:695:41 | ...::m3(...) | | file://:0:0:0:0 | & | -| main.rs:695:26:695:41 | ...::m3(...) | &T | main.rs:666:5:667:14 | S2 | -| main.rs:695:38:695:40 | &x3 | | file://:0:0:0:0 | & | -| main.rs:695:38:695:40 | &x3 | &T | main.rs:663:5:664:19 | S | -| main.rs:695:38:695:40 | &x3 | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:695:39:695:40 | x3 | | main.rs:663:5:664:19 | S | -| main.rs:695:39:695:40 | x3 | T | main.rs:666:5:667:14 | S2 | -| main.rs:697:13:697:14 | x4 | | file://:0:0:0:0 | & | -| main.rs:697:13:697:14 | x4 | &T | main.rs:663:5:664:19 | S | -| main.rs:697:13:697:14 | x4 | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:697:18:697:23 | &... | | file://:0:0:0:0 | & | -| main.rs:697:18:697:23 | &... | &T | main.rs:663:5:664:19 | S | -| main.rs:697:18:697:23 | &... | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:697:19:697:23 | S(...) | | main.rs:663:5:664:19 | S | -| main.rs:697:19:697:23 | S(...) | T | main.rs:666:5:667:14 | S2 | -| main.rs:697:21:697:22 | S2 | | main.rs:666:5:667:14 | S2 | -| main.rs:699:26:699:27 | x4 | | file://:0:0:0:0 | & | -| main.rs:699:26:699:27 | x4 | &T | main.rs:663:5:664:19 | S | -| main.rs:699:26:699:27 | x4 | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:699:26:699:32 | x4.m2() | | file://:0:0:0:0 | & | -| main.rs:699:26:699:32 | x4.m2() | &T | main.rs:666:5:667:14 | S2 | -| main.rs:700:26:700:27 | x4 | | file://:0:0:0:0 | & | -| main.rs:700:26:700:27 | x4 | &T | main.rs:663:5:664:19 | S | -| main.rs:700:26:700:27 | x4 | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:700:26:700:32 | x4.m3() | | file://:0:0:0:0 | & | -| main.rs:700:26:700:32 | x4.m3() | &T | main.rs:666:5:667:14 | S2 | -| main.rs:702:13:702:14 | x5 | | file://:0:0:0:0 | & | -| main.rs:702:13:702:14 | x5 | &T | main.rs:663:5:664:19 | S | -| main.rs:702:13:702:14 | x5 | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:702:18:702:23 | &... | | file://:0:0:0:0 | & | -| main.rs:702:18:702:23 | &... | &T | main.rs:663:5:664:19 | S | -| main.rs:702:18:702:23 | &... | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:702:19:702:23 | S(...) | | main.rs:663:5:664:19 | S | -| main.rs:702:19:702:23 | S(...) | T | main.rs:666:5:667:14 | S2 | -| main.rs:702:21:702:22 | S2 | | main.rs:666:5:667:14 | S2 | -| main.rs:704:26:704:27 | x5 | | file://:0:0:0:0 | & | -| main.rs:704:26:704:27 | x5 | &T | main.rs:663:5:664:19 | S | -| main.rs:704:26:704:27 | x5 | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:704:26:704:32 | x5.m1() | | main.rs:666:5:667:14 | S2 | -| main.rs:705:26:705:27 | x5 | | file://:0:0:0:0 | & | -| main.rs:705:26:705:27 | x5 | &T | main.rs:663:5:664:19 | S | -| main.rs:705:26:705:27 | x5 | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:705:26:705:29 | x5.0 | | main.rs:666:5:667:14 | S2 | -| main.rs:707:13:707:14 | x6 | | file://:0:0:0:0 | & | -| main.rs:707:13:707:14 | x6 | &T | main.rs:663:5:664:19 | S | -| main.rs:707:13:707:14 | x6 | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:707:18:707:23 | &... | | file://:0:0:0:0 | & | -| main.rs:707:18:707:23 | &... | &T | main.rs:663:5:664:19 | S | -| main.rs:707:18:707:23 | &... | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:707:19:707:23 | S(...) | | main.rs:663:5:664:19 | S | -| main.rs:707:19:707:23 | S(...) | T | main.rs:666:5:667:14 | S2 | -| main.rs:707:21:707:22 | S2 | | main.rs:666:5:667:14 | S2 | -| main.rs:709:26:709:30 | (...) | | main.rs:663:5:664:19 | S | -| main.rs:709:26:709:30 | (...) | T | main.rs:666:5:667:14 | S2 | -| main.rs:709:26:709:35 | ... .m1() | | main.rs:666:5:667:14 | S2 | -| main.rs:709:27:709:29 | * ... | | main.rs:663:5:664:19 | S | -| main.rs:709:27:709:29 | * ... | T | main.rs:666:5:667:14 | S2 | -| main.rs:709:28:709:29 | x6 | | file://:0:0:0:0 | & | -| main.rs:709:28:709:29 | x6 | &T | main.rs:663:5:664:19 | S | -| main.rs:709:28:709:29 | x6 | &T.T | main.rs:666:5:667:14 | S2 | -| main.rs:716:16:716:20 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:716:16:716:20 | SelfParam | &T | main.rs:714:5:722:5 | Self [trait MyTrait] | -| main.rs:719:16:719:20 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:719:16:719:20 | SelfParam | &T | main.rs:714:5:722:5 | Self [trait MyTrait] | -| main.rs:719:32:721:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:719:32:721:9 | { ... } | &T | main.rs:714:5:722:5 | Self [trait MyTrait] | -| main.rs:720:13:720:16 | self | | file://:0:0:0:0 | & | -| main.rs:720:13:720:16 | self | &T | main.rs:714:5:722:5 | Self [trait MyTrait] | -| main.rs:720:13:720:22 | self.foo() | | file://:0:0:0:0 | & | -| main.rs:720:13:720:22 | self.foo() | &T | main.rs:714:5:722:5 | Self [trait MyTrait] | -| main.rs:728:16:728:20 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:728:16:728:20 | SelfParam | &T | main.rs:724:5:724:20 | MyStruct | -| main.rs:728:36:730:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:728:36:730:9 | { ... } | &T | main.rs:724:5:724:20 | MyStruct | -| main.rs:729:13:729:16 | self | | file://:0:0:0:0 | & | -| main.rs:729:13:729:16 | self | &T | main.rs:724:5:724:20 | MyStruct | -| main.rs:734:13:734:13 | x | | main.rs:724:5:724:20 | MyStruct | -| main.rs:734:17:734:24 | MyStruct | | main.rs:724:5:724:20 | MyStruct | -| main.rs:735:9:735:9 | x | | main.rs:724:5:724:20 | MyStruct | -| main.rs:735:9:735:15 | x.bar() | | file://:0:0:0:0 | & | -| main.rs:735:9:735:15 | x.bar() | &T | main.rs:724:5:724:20 | MyStruct | -| main.rs:745:16:745:20 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:745:16:745:20 | SelfParam | &T | main.rs:742:5:742:26 | MyStruct | -| main.rs:745:16:745:20 | SelfParam | &T.T | main.rs:744:10:744:10 | T | -| main.rs:745:32:747:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:745:32:747:9 | { ... } | &T | main.rs:742:5:742:26 | MyStruct | -| main.rs:745:32:747:9 | { ... } | &T.T | main.rs:744:10:744:10 | T | -| main.rs:746:13:746:16 | self | | file://:0:0:0:0 | & | -| main.rs:746:13:746:16 | self | &T | main.rs:742:5:742:26 | MyStruct | -| main.rs:746:13:746:16 | self | &T.T | main.rs:744:10:744:10 | T | -| main.rs:751:13:751:13 | x | | main.rs:742:5:742:26 | MyStruct | -| main.rs:751:13:751:13 | x | T | main.rs:740:5:740:13 | S | -| main.rs:751:17:751:27 | MyStruct(...) | | main.rs:742:5:742:26 | MyStruct | -| main.rs:751:17:751:27 | MyStruct(...) | T | main.rs:740:5:740:13 | S | -| main.rs:751:26:751:26 | S | | main.rs:740:5:740:13 | S | -| main.rs:752:9:752:9 | x | | main.rs:742:5:742:26 | MyStruct | -| main.rs:752:9:752:9 | x | T | main.rs:740:5:740:13 | S | -| main.rs:752:9:752:15 | x.foo() | | file://:0:0:0:0 | & | -| main.rs:752:9:752:15 | x.foo() | &T | main.rs:742:5:742:26 | MyStruct | -| main.rs:752:9:752:15 | x.foo() | &T.T | main.rs:740:5:740:13 | S | -| main.rs:760:15:760:19 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:760:15:760:19 | SelfParam | &T | main.rs:757:5:757:13 | S | -| main.rs:760:31:762:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:760:31:762:9 | { ... } | &T | main.rs:757:5:757:13 | S | -| main.rs:761:13:761:19 | &... | | file://:0:0:0:0 | & | -| main.rs:761:13:761:19 | &... | &T | main.rs:757:5:757:13 | S | -| main.rs:761:14:761:19 | &... | | file://:0:0:0:0 | & | -| main.rs:761:14:761:19 | &... | &T | main.rs:757:5:757:13 | S | -| main.rs:761:15:761:19 | &self | | file://:0:0:0:0 | & | -| main.rs:761:15:761:19 | &self | &T | main.rs:757:5:757:13 | S | -| main.rs:761:16:761:19 | self | | file://:0:0:0:0 | & | -| main.rs:761:16:761:19 | self | &T | main.rs:757:5:757:13 | S | -| main.rs:764:15:764:25 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:764:15:764:25 | SelfParam | &T | main.rs:757:5:757:13 | S | -| main.rs:764:37:766:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:764:37:766:9 | { ... } | &T | main.rs:757:5:757:13 | S | -| main.rs:765:13:765:19 | &... | | file://:0:0:0:0 | & | -| main.rs:765:13:765:19 | &... | &T | main.rs:757:5:757:13 | S | -| main.rs:765:14:765:19 | &... | | file://:0:0:0:0 | & | -| main.rs:765:14:765:19 | &... | &T | main.rs:757:5:757:13 | S | -| main.rs:765:15:765:19 | &self | | file://:0:0:0:0 | & | -| main.rs:765:15:765:19 | &self | &T | main.rs:757:5:757:13 | S | -| main.rs:765:16:765:19 | self | | file://:0:0:0:0 | & | -| main.rs:765:16:765:19 | self | &T | main.rs:757:5:757:13 | S | -| main.rs:768:15:768:15 | x | | file://:0:0:0:0 | & | -| main.rs:768:15:768:15 | x | &T | main.rs:757:5:757:13 | S | -| main.rs:768:34:770:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:768:34:770:9 | { ... } | &T | main.rs:757:5:757:13 | S | -| main.rs:769:13:769:13 | x | | file://:0:0:0:0 | & | -| main.rs:769:13:769:13 | x | &T | main.rs:757:5:757:13 | S | -| main.rs:772:15:772:15 | x | | file://:0:0:0:0 | & | -| main.rs:772:15:772:15 | x | &T | main.rs:757:5:757:13 | S | -| main.rs:772:34:774:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:772:34:774:9 | { ... } | &T | main.rs:757:5:757:13 | S | -| main.rs:773:13:773:16 | &... | | file://:0:0:0:0 | & | -| main.rs:773:13:773:16 | &... | &T | main.rs:757:5:757:13 | S | -| main.rs:773:14:773:16 | &... | | file://:0:0:0:0 | & | -| main.rs:773:14:773:16 | &... | &T | main.rs:757:5:757:13 | S | -| main.rs:773:15:773:16 | &x | | file://:0:0:0:0 | & | -| main.rs:773:15:773:16 | &x | &T | main.rs:757:5:757:13 | S | -| main.rs:773:16:773:16 | x | | file://:0:0:0:0 | & | -| main.rs:773:16:773:16 | x | &T | main.rs:757:5:757:13 | S | -| main.rs:778:13:778:13 | x | | main.rs:757:5:757:13 | S | -| main.rs:778:17:778:20 | S {...} | | main.rs:757:5:757:13 | S | -| main.rs:779:9:779:9 | x | | main.rs:757:5:757:13 | S | -| main.rs:779:9:779:14 | x.f1() | | file://:0:0:0:0 | & | -| main.rs:779:9:779:14 | x.f1() | &T | main.rs:757:5:757:13 | S | -| main.rs:780:9:780:9 | x | | main.rs:757:5:757:13 | S | -| main.rs:780:9:780:14 | x.f2() | | file://:0:0:0:0 | & | -| main.rs:780:9:780:14 | x.f2() | &T | main.rs:757:5:757:13 | S | -| main.rs:781:9:781:17 | ...::f3(...) | | file://:0:0:0:0 | & | -| main.rs:781:9:781:17 | ...::f3(...) | &T | main.rs:757:5:757:13 | S | -| main.rs:781:15:781:16 | &x | | file://:0:0:0:0 | & | -| main.rs:781:15:781:16 | &x | &T | main.rs:757:5:757:13 | S | -| main.rs:781:16:781:16 | x | | main.rs:757:5:757:13 | S | -| main.rs:787:5:787:20 | ...::f(...) | | main.rs:67:5:67:21 | Foo | -| main.rs:788:5:788:60 | ...::g(...) | | main.rs:67:5:67:21 | Foo | -| main.rs:788:20:788:38 | ...::Foo {...} | | main.rs:67:5:67:21 | Foo | -| main.rs:788:41:788:59 | ...::Foo {...} | | main.rs:67:5:67:21 | Foo | +| main.rs:338:19:338:22 | SelfParam | | main.rs:332:5:335:5 | Wrapper | +| main.rs:338:19:338:22 | SelfParam | A | main.rs:337:10:337:10 | A | +| main.rs:338:30:340:9 | { ... } | | main.rs:337:10:337:10 | A | +| main.rs:339:13:339:16 | self | | main.rs:332:5:335:5 | Wrapper | +| main.rs:339:13:339:16 | self | A | main.rs:337:10:337:10 | A | +| main.rs:339:13:339:22 | self.field | | main.rs:337:10:337:10 | A | +| main.rs:347:15:347:18 | SelfParam | | main.rs:343:5:357:5 | Self [trait MyTrait] | +| main.rs:349:15:349:18 | SelfParam | | main.rs:343:5:357:5 | Self [trait MyTrait] | +| main.rs:354:13:354:16 | self | | main.rs:343:5:357:5 | Self [trait MyTrait] | +| main.rs:363:19:363:23 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:363:19:363:23 | SelfParam | &T | main.rs:359:5:369:5 | Self [trait MyTraitAssoc2] | +| main.rs:363:26:363:26 | a | | main.rs:363:16:363:16 | A | +| main.rs:365:22:365:26 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:365:22:365:26 | SelfParam | &T | main.rs:359:5:369:5 | Self [trait MyTraitAssoc2] | +| main.rs:365:29:365:29 | a | | main.rs:365:19:365:19 | A | +| main.rs:365:35:365:35 | b | | main.rs:365:19:365:19 | A | +| main.rs:366:13:366:16 | self | | file://:0:0:0:0 | & | +| main.rs:366:13:366:16 | self | &T | main.rs:359:5:369:5 | Self [trait MyTraitAssoc2] | +| main.rs:366:22:366:22 | a | | main.rs:365:19:365:19 | A | +| main.rs:367:13:367:16 | self | | file://:0:0:0:0 | & | +| main.rs:367:13:367:16 | self | &T | main.rs:359:5:369:5 | Self [trait MyTraitAssoc2] | +| main.rs:367:22:367:22 | b | | main.rs:365:19:365:19 | A | +| main.rs:384:15:384:18 | SelfParam | | main.rs:371:5:372:13 | S | +| main.rs:384:45:386:9 | { ... } | | main.rs:377:5:378:14 | AT | +| main.rs:385:13:385:14 | AT | | main.rs:377:5:378:14 | AT | +| main.rs:394:19:394:23 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:394:19:394:23 | SelfParam | &T | main.rs:371:5:372:13 | S | +| main.rs:394:26:394:26 | a | | main.rs:394:16:394:16 | A | +| main.rs:394:46:396:9 | { ... } | | main.rs:332:5:335:5 | Wrapper | +| main.rs:394:46:396:9 | { ... } | A | main.rs:394:16:394:16 | A | +| main.rs:395:13:395:32 | Wrapper {...} | | main.rs:332:5:335:5 | Wrapper | +| main.rs:395:13:395:32 | Wrapper {...} | A | main.rs:394:16:394:16 | A | +| main.rs:395:30:395:30 | a | | main.rs:394:16:394:16 | A | +| main.rs:403:15:403:18 | SelfParam | | main.rs:374:5:375:14 | S2 | +| main.rs:403:45:405:9 | { ... } | | main.rs:332:5:335:5 | Wrapper | +| main.rs:403:45:405:9 | { ... } | A | main.rs:374:5:375:14 | S2 | +| main.rs:404:13:404:35 | Wrapper {...} | | main.rs:332:5:335:5 | Wrapper | +| main.rs:404:13:404:35 | Wrapper {...} | A | main.rs:374:5:375:14 | S2 | +| main.rs:404:30:404:33 | self | | main.rs:374:5:375:14 | S2 | +| main.rs:410:30:412:9 | { ... } | | main.rs:332:5:335:5 | Wrapper | +| main.rs:410:30:412:9 | { ... } | A | main.rs:374:5:375:14 | S2 | +| main.rs:411:13:411:33 | Wrapper {...} | | main.rs:332:5:335:5 | Wrapper | +| main.rs:411:13:411:33 | Wrapper {...} | A | main.rs:374:5:375:14 | S2 | +| main.rs:411:30:411:31 | S2 | | main.rs:374:5:375:14 | S2 | +| main.rs:416:22:416:26 | thing | | main.rs:416:10:416:19 | T | +| main.rs:417:9:417:13 | thing | | main.rs:416:10:416:19 | T | +| main.rs:421:13:421:14 | x1 | | main.rs:371:5:372:13 | S | +| main.rs:421:18:421:18 | S | | main.rs:371:5:372:13 | S | +| main.rs:423:26:423:27 | x1 | | main.rs:371:5:372:13 | S | +| main.rs:423:26:423:32 | x1.m1() | | main.rs:377:5:378:14 | AT | +| main.rs:425:13:425:14 | x2 | | main.rs:371:5:372:13 | S | +| main.rs:425:18:425:18 | S | | main.rs:371:5:372:13 | S | +| main.rs:427:17:427:18 | x2 | | main.rs:371:5:372:13 | S | +| main.rs:430:13:430:14 | x3 | | main.rs:371:5:372:13 | S | +| main.rs:430:18:430:18 | S | | main.rs:371:5:372:13 | S | +| main.rs:432:26:432:27 | x3 | | main.rs:371:5:372:13 | S | +| main.rs:432:26:432:34 | x3.put(...) | | main.rs:332:5:335:5 | Wrapper | +| main.rs:435:26:435:27 | x3 | | main.rs:371:5:372:13 | S | +| main.rs:437:20:437:20 | S | | main.rs:371:5:372:13 | S | +| main.rs:440:13:440:14 | x5 | | main.rs:374:5:375:14 | S2 | +| main.rs:440:18:440:19 | S2 | | main.rs:374:5:375:14 | S2 | +| main.rs:441:26:441:27 | x5 | | main.rs:374:5:375:14 | S2 | +| main.rs:441:26:441:32 | x5.m1() | | main.rs:332:5:335:5 | Wrapper | +| main.rs:442:13:442:14 | x6 | | main.rs:374:5:375:14 | S2 | +| main.rs:442:18:442:19 | S2 | | main.rs:374:5:375:14 | S2 | +| main.rs:443:26:443:27 | x6 | | main.rs:374:5:375:14 | S2 | +| main.rs:460:15:460:18 | SelfParam | | main.rs:448:5:452:5 | MyEnum | +| main.rs:460:15:460:18 | SelfParam | A | main.rs:459:10:459:10 | T | +| main.rs:460:26:465:9 | { ... } | | main.rs:459:10:459:10 | T | +| main.rs:461:13:464:13 | match self { ... } | | main.rs:459:10:459:10 | T | +| main.rs:461:19:461:22 | self | | main.rs:448:5:452:5 | MyEnum | +| main.rs:461:19:461:22 | self | A | main.rs:459:10:459:10 | T | +| main.rs:462:28:462:28 | a | | main.rs:459:10:459:10 | T | +| main.rs:462:34:462:34 | a | | main.rs:459:10:459:10 | T | +| main.rs:463:30:463:30 | a | | main.rs:459:10:459:10 | T | +| main.rs:463:37:463:37 | a | | main.rs:459:10:459:10 | T | +| main.rs:469:13:469:13 | x | | main.rs:448:5:452:5 | MyEnum | +| main.rs:469:13:469:13 | x | A | main.rs:454:5:455:14 | S1 | +| main.rs:469:17:469:30 | ...::C1(...) | | main.rs:448:5:452:5 | MyEnum | +| main.rs:469:17:469:30 | ...::C1(...) | A | main.rs:454:5:455:14 | S1 | +| main.rs:469:28:469:29 | S1 | | main.rs:454:5:455:14 | S1 | +| main.rs:470:13:470:13 | y | | main.rs:448:5:452:5 | MyEnum | +| main.rs:470:13:470:13 | y | A | main.rs:456:5:457:14 | S2 | +| main.rs:470:17:470:36 | ...::C2 {...} | | main.rs:448:5:452:5 | MyEnum | +| main.rs:470:17:470:36 | ...::C2 {...} | A | main.rs:456:5:457:14 | S2 | +| main.rs:470:33:470:34 | S2 | | main.rs:456:5:457:14 | S2 | +| main.rs:472:26:472:26 | x | | main.rs:448:5:452:5 | MyEnum | +| main.rs:472:26:472:26 | x | A | main.rs:454:5:455:14 | S1 | +| main.rs:472:26:472:31 | x.m1() | | main.rs:454:5:455:14 | S1 | +| main.rs:473:26:473:26 | y | | main.rs:448:5:452:5 | MyEnum | +| main.rs:473:26:473:26 | y | A | main.rs:456:5:457:14 | S2 | +| main.rs:473:26:473:31 | y.m1() | | main.rs:456:5:457:14 | S2 | +| main.rs:495:15:495:18 | SelfParam | | main.rs:493:5:496:5 | Self [trait MyTrait1] | +| main.rs:499:15:499:18 | SelfParam | | main.rs:498:5:509:5 | Self [trait MyTrait2] | +| main.rs:502:9:508:9 | { ... } | | main.rs:498:20:498:22 | Tr2 | +| main.rs:503:13:507:13 | if ... {...} else {...} | | main.rs:498:20:498:22 | Tr2 | +| main.rs:503:26:505:13 | { ... } | | main.rs:498:20:498:22 | Tr2 | +| main.rs:504:17:504:20 | self | | main.rs:498:5:509:5 | Self [trait MyTrait2] | +| main.rs:504:17:504:25 | self.m1() | | main.rs:498:20:498:22 | Tr2 | +| main.rs:505:20:507:13 | { ... } | | main.rs:498:20:498:22 | Tr2 | +| main.rs:506:17:506:30 | ...::m1(...) | | main.rs:498:20:498:22 | Tr2 | +| main.rs:506:26:506:29 | self | | main.rs:498:5:509:5 | Self [trait MyTrait2] | +| main.rs:512:15:512:18 | SelfParam | | main.rs:511:5:522:5 | Self [trait MyTrait3] | +| main.rs:515:9:521:9 | { ... } | | main.rs:511:20:511:22 | Tr3 | +| main.rs:516:13:520:13 | if ... {...} else {...} | | main.rs:511:20:511:22 | Tr3 | +| main.rs:516:26:518:13 | { ... } | | main.rs:511:20:511:22 | Tr3 | +| main.rs:517:17:517:20 | self | | main.rs:511:5:522:5 | Self [trait MyTrait3] | +| main.rs:517:17:517:25 | self.m2() | | main.rs:478:5:481:5 | MyThing | +| main.rs:517:17:517:25 | self.m2() | A | main.rs:511:20:511:22 | Tr3 | +| main.rs:517:17:517:27 | ... .a | | main.rs:511:20:511:22 | Tr3 | +| main.rs:518:20:520:13 | { ... } | | main.rs:511:20:511:22 | Tr3 | +| main.rs:519:17:519:30 | ...::m2(...) | | main.rs:478:5:481:5 | MyThing | +| main.rs:519:17:519:30 | ...::m2(...) | A | main.rs:511:20:511:22 | Tr3 | +| main.rs:519:17:519:32 | ... .a | | main.rs:511:20:511:22 | Tr3 | +| main.rs:519:26:519:29 | self | | main.rs:511:5:522:5 | Self [trait MyTrait3] | +| main.rs:526:15:526:18 | SelfParam | | main.rs:478:5:481:5 | MyThing | +| main.rs:526:15:526:18 | SelfParam | A | main.rs:524:10:524:10 | T | +| main.rs:526:26:528:9 | { ... } | | main.rs:524:10:524:10 | T | +| main.rs:527:13:527:16 | self | | main.rs:478:5:481:5 | MyThing | +| main.rs:527:13:527:16 | self | A | main.rs:524:10:524:10 | T | +| main.rs:527:13:527:18 | self.a | | main.rs:524:10:524:10 | T | +| main.rs:535:15:535:18 | SelfParam | | main.rs:483:5:486:5 | MyThing2 | +| main.rs:535:15:535:18 | SelfParam | A | main.rs:533:10:533:10 | T | +| main.rs:535:35:537:9 | { ... } | | main.rs:478:5:481:5 | MyThing | +| main.rs:535:35:537:9 | { ... } | A | main.rs:533:10:533:10 | T | +| main.rs:536:13:536:33 | MyThing {...} | | main.rs:478:5:481:5 | MyThing | +| main.rs:536:13:536:33 | MyThing {...} | A | main.rs:533:10:533:10 | T | +| main.rs:536:26:536:29 | self | | main.rs:483:5:486:5 | MyThing2 | +| main.rs:536:26:536:29 | self | A | main.rs:533:10:533:10 | T | +| main.rs:536:26:536:31 | self.a | | main.rs:533:10:533:10 | T | +| main.rs:545:13:545:13 | x | | main.rs:478:5:481:5 | MyThing | +| main.rs:545:13:545:13 | x | A | main.rs:488:5:489:14 | S1 | +| main.rs:545:17:545:33 | MyThing {...} | | main.rs:478:5:481:5 | MyThing | +| main.rs:545:17:545:33 | MyThing {...} | A | main.rs:488:5:489:14 | S1 | +| main.rs:545:30:545:31 | S1 | | main.rs:488:5:489:14 | S1 | +| main.rs:546:13:546:13 | y | | main.rs:478:5:481:5 | MyThing | +| main.rs:546:13:546:13 | y | A | main.rs:490:5:491:14 | S2 | +| main.rs:546:17:546:33 | MyThing {...} | | main.rs:478:5:481:5 | MyThing | +| main.rs:546:17:546:33 | MyThing {...} | A | main.rs:490:5:491:14 | S2 | +| main.rs:546:30:546:31 | S2 | | main.rs:490:5:491:14 | S2 | +| main.rs:548:26:548:26 | x | | main.rs:478:5:481:5 | MyThing | +| main.rs:548:26:548:26 | x | A | main.rs:488:5:489:14 | S1 | +| main.rs:548:26:548:31 | x.m1() | | main.rs:488:5:489:14 | S1 | +| main.rs:549:26:549:26 | y | | main.rs:478:5:481:5 | MyThing | +| main.rs:549:26:549:26 | y | A | main.rs:490:5:491:14 | S2 | +| main.rs:549:26:549:31 | y.m1() | | main.rs:490:5:491:14 | S2 | +| main.rs:551:13:551:13 | x | | main.rs:478:5:481:5 | MyThing | +| main.rs:551:13:551:13 | x | A | main.rs:488:5:489:14 | S1 | +| main.rs:551:17:551:33 | MyThing {...} | | main.rs:478:5:481:5 | MyThing | +| main.rs:551:17:551:33 | MyThing {...} | A | main.rs:488:5:489:14 | S1 | +| main.rs:551:30:551:31 | S1 | | main.rs:488:5:489:14 | S1 | +| main.rs:552:13:552:13 | y | | main.rs:478:5:481:5 | MyThing | +| main.rs:552:13:552:13 | y | A | main.rs:490:5:491:14 | S2 | +| main.rs:552:17:552:33 | MyThing {...} | | main.rs:478:5:481:5 | MyThing | +| main.rs:552:17:552:33 | MyThing {...} | A | main.rs:490:5:491:14 | S2 | +| main.rs:552:30:552:31 | S2 | | main.rs:490:5:491:14 | S2 | +| main.rs:554:26:554:26 | x | | main.rs:478:5:481:5 | MyThing | +| main.rs:554:26:554:26 | x | A | main.rs:488:5:489:14 | S1 | +| main.rs:554:26:554:31 | x.m2() | | main.rs:488:5:489:14 | S1 | +| main.rs:555:26:555:26 | y | | main.rs:478:5:481:5 | MyThing | +| main.rs:555:26:555:26 | y | A | main.rs:490:5:491:14 | S2 | +| main.rs:555:26:555:31 | y.m2() | | main.rs:490:5:491:14 | S2 | +| main.rs:557:13:557:13 | x | | main.rs:483:5:486:5 | MyThing2 | +| main.rs:557:13:557:13 | x | A | main.rs:488:5:489:14 | S1 | +| main.rs:557:17:557:34 | MyThing2 {...} | | main.rs:483:5:486:5 | MyThing2 | +| main.rs:557:17:557:34 | MyThing2 {...} | A | main.rs:488:5:489:14 | S1 | +| main.rs:557:31:557:32 | S1 | | main.rs:488:5:489:14 | S1 | +| main.rs:558:13:558:13 | y | | main.rs:483:5:486:5 | MyThing2 | +| main.rs:558:13:558:13 | y | A | main.rs:490:5:491:14 | S2 | +| main.rs:558:17:558:34 | MyThing2 {...} | | main.rs:483:5:486:5 | MyThing2 | +| main.rs:558:17:558:34 | MyThing2 {...} | A | main.rs:490:5:491:14 | S2 | +| main.rs:558:31:558:32 | S2 | | main.rs:490:5:491:14 | S2 | +| main.rs:560:26:560:26 | x | | main.rs:483:5:486:5 | MyThing2 | +| main.rs:560:26:560:26 | x | A | main.rs:488:5:489:14 | S1 | +| main.rs:560:26:560:31 | x.m3() | | main.rs:488:5:489:14 | S1 | +| main.rs:561:26:561:26 | y | | main.rs:483:5:486:5 | MyThing2 | +| main.rs:561:26:561:26 | y | A | main.rs:490:5:491:14 | S2 | +| main.rs:561:26:561:31 | y.m3() | | main.rs:490:5:491:14 | S2 | +| main.rs:579:22:579:22 | x | | file://:0:0:0:0 | & | +| main.rs:579:22:579:22 | x | &T | main.rs:579:11:579:19 | T | +| main.rs:579:35:581:5 | { ... } | | file://:0:0:0:0 | & | +| main.rs:579:35:581:5 | { ... } | &T | main.rs:579:11:579:19 | T | +| main.rs:580:9:580:9 | x | | file://:0:0:0:0 | & | +| main.rs:580:9:580:9 | x | &T | main.rs:579:11:579:19 | T | +| main.rs:584:17:584:20 | SelfParam | | main.rs:569:5:570:14 | S1 | +| main.rs:584:29:586:9 | { ... } | | main.rs:572:5:573:14 | S2 | +| main.rs:585:13:585:14 | S2 | | main.rs:572:5:573:14 | S2 | +| main.rs:589:21:589:21 | x | | main.rs:589:13:589:14 | T1 | +| main.rs:592:5:594:5 | { ... } | | main.rs:589:17:589:18 | T2 | +| main.rs:593:9:593:9 | x | | main.rs:589:13:589:14 | T1 | +| main.rs:593:9:593:16 | x.into() | | main.rs:589:17:589:18 | T2 | +| main.rs:597:13:597:13 | x | | main.rs:569:5:570:14 | S1 | +| main.rs:597:17:597:18 | S1 | | main.rs:569:5:570:14 | S1 | +| main.rs:598:26:598:31 | id(...) | | file://:0:0:0:0 | & | +| main.rs:598:26:598:31 | id(...) | &T | main.rs:569:5:570:14 | S1 | +| main.rs:598:29:598:30 | &x | | file://:0:0:0:0 | & | +| main.rs:598:29:598:30 | &x | &T | main.rs:569:5:570:14 | S1 | +| main.rs:598:30:598:30 | x | | main.rs:569:5:570:14 | S1 | +| main.rs:600:13:600:13 | x | | main.rs:569:5:570:14 | S1 | +| main.rs:600:17:600:18 | S1 | | main.rs:569:5:570:14 | S1 | +| main.rs:601:26:601:37 | id::<...>(...) | | file://:0:0:0:0 | & | +| main.rs:601:26:601:37 | id::<...>(...) | &T | main.rs:569:5:570:14 | S1 | +| main.rs:601:35:601:36 | &x | | file://:0:0:0:0 | & | +| main.rs:601:35:601:36 | &x | &T | main.rs:569:5:570:14 | S1 | +| main.rs:601:36:601:36 | x | | main.rs:569:5:570:14 | S1 | +| main.rs:603:13:603:13 | x | | main.rs:569:5:570:14 | S1 | +| main.rs:603:17:603:18 | S1 | | main.rs:569:5:570:14 | S1 | +| main.rs:604:26:604:44 | id::<...>(...) | | file://:0:0:0:0 | & | +| main.rs:604:26:604:44 | id::<...>(...) | &T | main.rs:569:5:570:14 | S1 | +| main.rs:604:42:604:43 | &x | | file://:0:0:0:0 | & | +| main.rs:604:42:604:43 | &x | &T | main.rs:569:5:570:14 | S1 | +| main.rs:604:43:604:43 | x | | main.rs:569:5:570:14 | S1 | +| main.rs:606:13:606:13 | x | | main.rs:569:5:570:14 | S1 | +| main.rs:606:17:606:18 | S1 | | main.rs:569:5:570:14 | S1 | +| main.rs:607:9:607:25 | into::<...>(...) | | main.rs:572:5:573:14 | S2 | +| main.rs:607:24:607:24 | x | | main.rs:569:5:570:14 | S1 | +| main.rs:609:13:609:13 | x | | main.rs:569:5:570:14 | S1 | +| main.rs:609:17:609:18 | S1 | | main.rs:569:5:570:14 | S1 | +| main.rs:610:13:610:13 | y | | main.rs:572:5:573:14 | S2 | +| main.rs:610:21:610:27 | into(...) | | main.rs:572:5:573:14 | S2 | +| main.rs:610:26:610:26 | x | | main.rs:569:5:570:14 | S1 | +| main.rs:640:13:640:14 | p1 | | main.rs:615:5:621:5 | PairOption | +| main.rs:640:13:640:14 | p1 | Fst | main.rs:623:5:624:14 | S1 | +| main.rs:640:13:640:14 | p1 | Snd | main.rs:626:5:627:14 | S2 | +| main.rs:640:26:640:53 | ...::PairBoth(...) | | main.rs:615:5:621:5 | PairOption | +| main.rs:640:26:640:53 | ...::PairBoth(...) | Fst | main.rs:623:5:624:14 | S1 | +| main.rs:640:26:640:53 | ...::PairBoth(...) | Snd | main.rs:626:5:627:14 | S2 | +| main.rs:640:47:640:48 | S1 | | main.rs:623:5:624:14 | S1 | +| main.rs:640:51:640:52 | S2 | | main.rs:626:5:627:14 | S2 | +| main.rs:641:26:641:27 | p1 | | main.rs:615:5:621:5 | PairOption | +| main.rs:641:26:641:27 | p1 | Fst | main.rs:623:5:624:14 | S1 | +| main.rs:641:26:641:27 | p1 | Snd | main.rs:626:5:627:14 | S2 | +| main.rs:644:13:644:14 | p2 | | main.rs:615:5:621:5 | PairOption | +| main.rs:644:26:644:47 | ...::PairNone(...) | | main.rs:615:5:621:5 | PairOption | +| main.rs:645:26:645:27 | p2 | | main.rs:615:5:621:5 | PairOption | +| main.rs:648:13:648:14 | p3 | | main.rs:615:5:621:5 | PairOption | +| main.rs:648:13:648:14 | p3 | Snd | main.rs:629:5:630:14 | S3 | +| main.rs:648:34:648:56 | ...::PairSnd(...) | | main.rs:615:5:621:5 | PairOption | +| main.rs:648:34:648:56 | ...::PairSnd(...) | Snd | main.rs:629:5:630:14 | S3 | +| main.rs:648:54:648:55 | S3 | | main.rs:629:5:630:14 | S3 | +| main.rs:649:26:649:27 | p3 | | main.rs:615:5:621:5 | PairOption | +| main.rs:649:26:649:27 | p3 | Snd | main.rs:629:5:630:14 | S3 | +| main.rs:652:13:652:14 | p3 | | main.rs:615:5:621:5 | PairOption | +| main.rs:652:13:652:14 | p3 | Fst | main.rs:629:5:630:14 | S3 | +| main.rs:652:35:652:56 | ...::PairNone(...) | | main.rs:615:5:621:5 | PairOption | +| main.rs:652:35:652:56 | ...::PairNone(...) | Fst | main.rs:629:5:630:14 | S3 | +| main.rs:653:26:653:27 | p3 | | main.rs:615:5:621:5 | PairOption | +| main.rs:653:26:653:27 | p3 | Fst | main.rs:629:5:630:14 | S3 | +| main.rs:666:16:666:24 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:666:16:666:24 | SelfParam | &T | main.rs:664:5:671:5 | Self [trait MyTrait] | +| main.rs:666:27:666:31 | value | | main.rs:664:19:664:19 | S | +| main.rs:668:21:668:29 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:668:21:668:29 | SelfParam | &T | main.rs:664:5:671:5 | Self [trait MyTrait] | +| main.rs:668:32:668:36 | value | | main.rs:664:19:664:19 | S | +| main.rs:669:13:669:16 | self | | file://:0:0:0:0 | & | +| main.rs:669:13:669:16 | self | &T | main.rs:664:5:671:5 | Self [trait MyTrait] | +| main.rs:669:22:669:26 | value | | main.rs:664:19:664:19 | S | +| main.rs:675:16:675:24 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:675:16:675:24 | SelfParam | &T | main.rs:658:5:662:5 | MyOption | +| main.rs:675:16:675:24 | SelfParam | &T.T | main.rs:673:10:673:10 | T | +| main.rs:675:27:675:31 | value | | main.rs:673:10:673:10 | T | +| main.rs:679:26:681:9 | { ... } | | main.rs:658:5:662:5 | MyOption | +| main.rs:679:26:681:9 | { ... } | T | main.rs:678:10:678:10 | T | +| main.rs:680:13:680:30 | ...::MyNone(...) | | main.rs:658:5:662:5 | MyOption | +| main.rs:680:13:680:30 | ...::MyNone(...) | T | main.rs:678:10:678:10 | T | +| main.rs:685:20:685:23 | SelfParam | | main.rs:658:5:662:5 | MyOption | +| main.rs:685:20:685:23 | SelfParam | T | main.rs:658:5:662:5 | MyOption | +| main.rs:685:20:685:23 | SelfParam | T.T | main.rs:684:10:684:10 | T | +| main.rs:685:41:690:9 | { ... } | | main.rs:658:5:662:5 | MyOption | +| main.rs:685:41:690:9 | { ... } | T | main.rs:684:10:684:10 | T | +| main.rs:686:13:689:13 | match self { ... } | | main.rs:658:5:662:5 | MyOption | +| main.rs:686:13:689:13 | match self { ... } | T | main.rs:684:10:684:10 | T | +| main.rs:686:19:686:22 | self | | main.rs:658:5:662:5 | MyOption | +| main.rs:686:19:686:22 | self | T | main.rs:658:5:662:5 | MyOption | +| main.rs:686:19:686:22 | self | T.T | main.rs:684:10:684:10 | T | +| main.rs:687:39:687:56 | ...::MyNone(...) | | main.rs:658:5:662:5 | MyOption | +| main.rs:687:39:687:56 | ...::MyNone(...) | T | main.rs:684:10:684:10 | T | +| main.rs:688:34:688:34 | x | | main.rs:658:5:662:5 | MyOption | +| main.rs:688:34:688:34 | x | T | main.rs:684:10:684:10 | T | +| main.rs:688:40:688:40 | x | | main.rs:658:5:662:5 | MyOption | +| main.rs:688:40:688:40 | x | T | main.rs:684:10:684:10 | T | +| main.rs:697:13:697:14 | x1 | | main.rs:658:5:662:5 | MyOption | +| main.rs:697:18:697:37 | ...::new(...) | | main.rs:658:5:662:5 | MyOption | +| main.rs:698:26:698:27 | x1 | | main.rs:658:5:662:5 | MyOption | +| main.rs:700:13:700:18 | mut x2 | | main.rs:658:5:662:5 | MyOption | +| main.rs:700:13:700:18 | mut x2 | T | main.rs:693:5:694:13 | S | +| main.rs:700:22:700:36 | ...::new(...) | | main.rs:658:5:662:5 | MyOption | +| main.rs:700:22:700:36 | ...::new(...) | T | main.rs:693:5:694:13 | S | +| main.rs:701:9:701:10 | x2 | | main.rs:658:5:662:5 | MyOption | +| main.rs:701:9:701:10 | x2 | T | main.rs:693:5:694:13 | S | +| main.rs:701:16:701:16 | S | | main.rs:693:5:694:13 | S | +| main.rs:702:26:702:27 | x2 | | main.rs:658:5:662:5 | MyOption | +| main.rs:702:26:702:27 | x2 | T | main.rs:693:5:694:13 | S | +| main.rs:704:13:704:18 | mut x3 | | main.rs:658:5:662:5 | MyOption | +| main.rs:704:22:704:36 | ...::new(...) | | main.rs:658:5:662:5 | MyOption | +| main.rs:705:9:705:10 | x3 | | main.rs:658:5:662:5 | MyOption | +| main.rs:705:21:705:21 | S | | main.rs:693:5:694:13 | S | +| main.rs:706:26:706:27 | x3 | | main.rs:658:5:662:5 | MyOption | +| main.rs:708:13:708:18 | mut x4 | | main.rs:658:5:662:5 | MyOption | +| main.rs:708:13:708:18 | mut x4 | T | main.rs:693:5:694:13 | S | +| main.rs:708:22:708:36 | ...::new(...) | | main.rs:658:5:662:5 | MyOption | +| main.rs:708:22:708:36 | ...::new(...) | T | main.rs:693:5:694:13 | S | +| main.rs:709:23:709:29 | &mut x4 | | file://:0:0:0:0 | & | +| main.rs:709:23:709:29 | &mut x4 | &T | main.rs:658:5:662:5 | MyOption | +| main.rs:709:23:709:29 | &mut x4 | &T.T | main.rs:693:5:694:13 | S | +| main.rs:709:28:709:29 | x4 | | main.rs:658:5:662:5 | MyOption | +| main.rs:709:28:709:29 | x4 | T | main.rs:693:5:694:13 | S | +| main.rs:709:32:709:32 | S | | main.rs:693:5:694:13 | S | +| main.rs:710:26:710:27 | x4 | | main.rs:658:5:662:5 | MyOption | +| main.rs:710:26:710:27 | x4 | T | main.rs:693:5:694:13 | S | +| main.rs:712:13:712:14 | x5 | | main.rs:658:5:662:5 | MyOption | +| main.rs:712:13:712:14 | x5 | T | main.rs:658:5:662:5 | MyOption | +| main.rs:712:13:712:14 | x5 | T.T | main.rs:693:5:694:13 | S | +| main.rs:712:18:712:58 | ...::MySome(...) | | main.rs:658:5:662:5 | MyOption | +| main.rs:712:18:712:58 | ...::MySome(...) | T | main.rs:658:5:662:5 | MyOption | +| main.rs:712:18:712:58 | ...::MySome(...) | T.T | main.rs:693:5:694:13 | S | +| main.rs:712:35:712:57 | ...::MyNone(...) | | main.rs:658:5:662:5 | MyOption | +| main.rs:712:35:712:57 | ...::MyNone(...) | T | main.rs:693:5:694:13 | S | +| main.rs:713:26:713:27 | x5 | | main.rs:658:5:662:5 | MyOption | +| main.rs:713:26:713:27 | x5 | T | main.rs:658:5:662:5 | MyOption | +| main.rs:713:26:713:27 | x5 | T.T | main.rs:693:5:694:13 | S | +| main.rs:715:13:715:14 | x6 | | main.rs:658:5:662:5 | MyOption | +| main.rs:715:13:715:14 | x6 | T | main.rs:658:5:662:5 | MyOption | +| main.rs:715:13:715:14 | x6 | T.T | main.rs:693:5:694:13 | S | +| main.rs:715:18:715:58 | ...::MySome(...) | | main.rs:658:5:662:5 | MyOption | +| main.rs:715:18:715:58 | ...::MySome(...) | T | main.rs:658:5:662:5 | MyOption | +| main.rs:715:18:715:58 | ...::MySome(...) | T.T | main.rs:693:5:694:13 | S | +| main.rs:715:35:715:57 | ...::MyNone(...) | | main.rs:658:5:662:5 | MyOption | +| main.rs:715:35:715:57 | ...::MyNone(...) | T | main.rs:693:5:694:13 | S | +| main.rs:716:26:716:61 | ...::flatten(...) | | main.rs:658:5:662:5 | MyOption | +| main.rs:716:26:716:61 | ...::flatten(...) | T | main.rs:693:5:694:13 | S | +| main.rs:716:59:716:60 | x6 | | main.rs:658:5:662:5 | MyOption | +| main.rs:716:59:716:60 | x6 | T | main.rs:658:5:662:5 | MyOption | +| main.rs:716:59:716:60 | x6 | T.T | main.rs:693:5:694:13 | S | +| main.rs:718:13:718:19 | from_if | | main.rs:658:5:662:5 | MyOption | +| main.rs:718:13:718:19 | from_if | T | main.rs:693:5:694:13 | S | +| main.rs:718:23:722:9 | if ... {...} else {...} | | main.rs:658:5:662:5 | MyOption | +| main.rs:718:23:722:9 | if ... {...} else {...} | T | main.rs:693:5:694:13 | S | +| main.rs:718:36:720:9 | { ... } | | main.rs:658:5:662:5 | MyOption | +| main.rs:718:36:720:9 | { ... } | T | main.rs:693:5:694:13 | S | +| main.rs:719:13:719:30 | ...::MyNone(...) | | main.rs:658:5:662:5 | MyOption | +| main.rs:719:13:719:30 | ...::MyNone(...) | T | main.rs:693:5:694:13 | S | +| main.rs:720:16:722:9 | { ... } | | main.rs:658:5:662:5 | MyOption | +| main.rs:720:16:722:9 | { ... } | T | main.rs:693:5:694:13 | S | +| main.rs:721:13:721:31 | ...::MySome(...) | | main.rs:658:5:662:5 | MyOption | +| main.rs:721:13:721:31 | ...::MySome(...) | T | main.rs:693:5:694:13 | S | +| main.rs:721:30:721:30 | S | | main.rs:693:5:694:13 | S | +| main.rs:723:26:723:32 | from_if | | main.rs:658:5:662:5 | MyOption | +| main.rs:723:26:723:32 | from_if | T | main.rs:693:5:694:13 | S | +| main.rs:725:13:725:22 | from_match | | main.rs:658:5:662:5 | MyOption | +| main.rs:725:13:725:22 | from_match | T | main.rs:693:5:694:13 | S | +| main.rs:725:26:728:9 | match ... { ... } | | main.rs:658:5:662:5 | MyOption | +| main.rs:725:26:728:9 | match ... { ... } | T | main.rs:693:5:694:13 | S | +| main.rs:726:21:726:38 | ...::MyNone(...) | | main.rs:658:5:662:5 | MyOption | +| main.rs:726:21:726:38 | ...::MyNone(...) | T | main.rs:693:5:694:13 | S | +| main.rs:727:22:727:40 | ...::MySome(...) | | main.rs:658:5:662:5 | MyOption | +| main.rs:727:22:727:40 | ...::MySome(...) | T | main.rs:693:5:694:13 | S | +| main.rs:727:39:727:39 | S | | main.rs:693:5:694:13 | S | +| main.rs:729:26:729:35 | from_match | | main.rs:658:5:662:5 | MyOption | +| main.rs:729:26:729:35 | from_match | T | main.rs:693:5:694:13 | S | +| main.rs:731:13:731:21 | from_loop | | main.rs:658:5:662:5 | MyOption | +| main.rs:731:13:731:21 | from_loop | T | main.rs:693:5:694:13 | S | +| main.rs:731:25:736:9 | loop { ... } | | main.rs:658:5:662:5 | MyOption | +| main.rs:731:25:736:9 | loop { ... } | T | main.rs:693:5:694:13 | S | +| main.rs:733:23:733:40 | ...::MyNone(...) | | main.rs:658:5:662:5 | MyOption | +| main.rs:733:23:733:40 | ...::MyNone(...) | T | main.rs:693:5:694:13 | S | +| main.rs:735:19:735:37 | ...::MySome(...) | | main.rs:658:5:662:5 | MyOption | +| main.rs:735:19:735:37 | ...::MySome(...) | T | main.rs:693:5:694:13 | S | +| main.rs:735:36:735:36 | S | | main.rs:693:5:694:13 | S | +| main.rs:737:26:737:34 | from_loop | | main.rs:658:5:662:5 | MyOption | +| main.rs:737:26:737:34 | from_loop | T | main.rs:693:5:694:13 | S | +| main.rs:750:15:750:18 | SelfParam | | main.rs:743:5:744:19 | S | +| main.rs:750:15:750:18 | SelfParam | T | main.rs:749:10:749:10 | T | +| main.rs:750:26:752:9 | { ... } | | main.rs:749:10:749:10 | T | +| main.rs:751:13:751:16 | self | | main.rs:743:5:744:19 | S | +| main.rs:751:13:751:16 | self | T | main.rs:749:10:749:10 | T | +| main.rs:751:13:751:18 | self.0 | | main.rs:749:10:749:10 | T | +| main.rs:754:15:754:19 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:754:15:754:19 | SelfParam | &T | main.rs:743:5:744:19 | S | +| main.rs:754:15:754:19 | SelfParam | &T.T | main.rs:749:10:749:10 | T | +| main.rs:754:28:756:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:754:28:756:9 | { ... } | &T | main.rs:749:10:749:10 | T | +| main.rs:755:13:755:19 | &... | | file://:0:0:0:0 | & | +| main.rs:755:13:755:19 | &... | &T | main.rs:749:10:749:10 | T | +| main.rs:755:14:755:17 | self | | file://:0:0:0:0 | & | +| main.rs:755:14:755:17 | self | &T | main.rs:743:5:744:19 | S | +| main.rs:755:14:755:17 | self | &T.T | main.rs:749:10:749:10 | T | +| main.rs:755:14:755:19 | self.0 | | main.rs:749:10:749:10 | T | +| main.rs:758:15:758:25 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:758:15:758:25 | SelfParam | &T | main.rs:743:5:744:19 | S | +| main.rs:758:15:758:25 | SelfParam | &T.T | main.rs:749:10:749:10 | T | +| main.rs:758:34:760:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:758:34:760:9 | { ... } | &T | main.rs:749:10:749:10 | T | +| main.rs:759:13:759:19 | &... | | file://:0:0:0:0 | & | +| main.rs:759:13:759:19 | &... | &T | main.rs:749:10:749:10 | T | +| main.rs:759:14:759:17 | self | | file://:0:0:0:0 | & | +| main.rs:759:14:759:17 | self | &T | main.rs:743:5:744:19 | S | +| main.rs:759:14:759:17 | self | &T.T | main.rs:749:10:749:10 | T | +| main.rs:759:14:759:19 | self.0 | | main.rs:749:10:749:10 | T | +| main.rs:764:13:764:14 | x1 | | main.rs:743:5:744:19 | S | +| main.rs:764:13:764:14 | x1 | T | main.rs:746:5:747:14 | S2 | +| main.rs:764:18:764:22 | S(...) | | main.rs:743:5:744:19 | S | +| main.rs:764:18:764:22 | S(...) | T | main.rs:746:5:747:14 | S2 | +| main.rs:764:20:764:21 | S2 | | main.rs:746:5:747:14 | S2 | +| main.rs:765:26:765:27 | x1 | | main.rs:743:5:744:19 | S | +| main.rs:765:26:765:27 | x1 | T | main.rs:746:5:747:14 | S2 | +| main.rs:765:26:765:32 | x1.m1() | | main.rs:746:5:747:14 | S2 | +| main.rs:767:13:767:14 | x2 | | main.rs:743:5:744:19 | S | +| main.rs:767:13:767:14 | x2 | T | main.rs:746:5:747:14 | S2 | +| main.rs:767:18:767:22 | S(...) | | main.rs:743:5:744:19 | S | +| main.rs:767:18:767:22 | S(...) | T | main.rs:746:5:747:14 | S2 | +| main.rs:767:20:767:21 | S2 | | main.rs:746:5:747:14 | S2 | +| main.rs:769:26:769:27 | x2 | | main.rs:743:5:744:19 | S | +| main.rs:769:26:769:27 | x2 | T | main.rs:746:5:747:14 | S2 | +| main.rs:769:26:769:32 | x2.m2() | | file://:0:0:0:0 | & | +| main.rs:769:26:769:32 | x2.m2() | &T | main.rs:746:5:747:14 | S2 | +| main.rs:770:26:770:27 | x2 | | main.rs:743:5:744:19 | S | +| main.rs:770:26:770:27 | x2 | T | main.rs:746:5:747:14 | S2 | +| main.rs:770:26:770:32 | x2.m3() | | file://:0:0:0:0 | & | +| main.rs:770:26:770:32 | x2.m3() | &T | main.rs:746:5:747:14 | S2 | +| main.rs:772:13:772:14 | x3 | | main.rs:743:5:744:19 | S | +| main.rs:772:13:772:14 | x3 | T | main.rs:746:5:747:14 | S2 | +| main.rs:772:18:772:22 | S(...) | | main.rs:743:5:744:19 | S | +| main.rs:772:18:772:22 | S(...) | T | main.rs:746:5:747:14 | S2 | +| main.rs:772:20:772:21 | S2 | | main.rs:746:5:747:14 | S2 | +| main.rs:774:26:774:41 | ...::m2(...) | | file://:0:0:0:0 | & | +| main.rs:774:26:774:41 | ...::m2(...) | &T | main.rs:746:5:747:14 | S2 | +| main.rs:774:38:774:40 | &x3 | | file://:0:0:0:0 | & | +| main.rs:774:38:774:40 | &x3 | &T | main.rs:743:5:744:19 | S | +| main.rs:774:38:774:40 | &x3 | &T.T | main.rs:746:5:747:14 | S2 | +| main.rs:774:39:774:40 | x3 | | main.rs:743:5:744:19 | S | +| main.rs:774:39:774:40 | x3 | T | main.rs:746:5:747:14 | S2 | +| main.rs:775:26:775:41 | ...::m3(...) | | file://:0:0:0:0 | & | +| main.rs:775:26:775:41 | ...::m3(...) | &T | main.rs:746:5:747:14 | S2 | +| main.rs:775:38:775:40 | &x3 | | file://:0:0:0:0 | & | +| main.rs:775:38:775:40 | &x3 | &T | main.rs:743:5:744:19 | S | +| main.rs:775:38:775:40 | &x3 | &T.T | main.rs:746:5:747:14 | S2 | +| main.rs:775:39:775:40 | x3 | | main.rs:743:5:744:19 | S | +| main.rs:775:39:775:40 | x3 | T | main.rs:746:5:747:14 | S2 | +| main.rs:777:13:777:14 | x4 | | file://:0:0:0:0 | & | +| main.rs:777:13:777:14 | x4 | &T | main.rs:743:5:744:19 | S | +| main.rs:777:13:777:14 | x4 | &T.T | main.rs:746:5:747:14 | S2 | +| main.rs:777:18:777:23 | &... | | file://:0:0:0:0 | & | +| main.rs:777:18:777:23 | &... | &T | main.rs:743:5:744:19 | S | +| main.rs:777:18:777:23 | &... | &T.T | main.rs:746:5:747:14 | S2 | +| main.rs:777:19:777:23 | S(...) | | main.rs:743:5:744:19 | S | +| main.rs:777:19:777:23 | S(...) | T | main.rs:746:5:747:14 | S2 | +| main.rs:777:21:777:22 | S2 | | main.rs:746:5:747:14 | S2 | +| main.rs:779:26:779:27 | x4 | | file://:0:0:0:0 | & | +| main.rs:779:26:779:27 | x4 | &T | main.rs:743:5:744:19 | S | +| main.rs:779:26:779:27 | x4 | &T.T | main.rs:746:5:747:14 | S2 | +| main.rs:779:26:779:32 | x4.m2() | | file://:0:0:0:0 | & | +| main.rs:779:26:779:32 | x4.m2() | &T | main.rs:746:5:747:14 | S2 | +| main.rs:780:26:780:27 | x4 | | file://:0:0:0:0 | & | +| main.rs:780:26:780:27 | x4 | &T | main.rs:743:5:744:19 | S | +| main.rs:780:26:780:27 | x4 | &T.T | main.rs:746:5:747:14 | S2 | +| main.rs:780:26:780:32 | x4.m3() | | file://:0:0:0:0 | & | +| main.rs:780:26:780:32 | x4.m3() | &T | main.rs:746:5:747:14 | S2 | +| main.rs:782:13:782:14 | x5 | | file://:0:0:0:0 | & | +| main.rs:782:13:782:14 | x5 | &T | main.rs:743:5:744:19 | S | +| main.rs:782:13:782:14 | x5 | &T.T | main.rs:746:5:747:14 | S2 | +| main.rs:782:18:782:23 | &... | | file://:0:0:0:0 | & | +| main.rs:782:18:782:23 | &... | &T | main.rs:743:5:744:19 | S | +| main.rs:782:18:782:23 | &... | &T.T | main.rs:746:5:747:14 | S2 | +| main.rs:782:19:782:23 | S(...) | | main.rs:743:5:744:19 | S | +| main.rs:782:19:782:23 | S(...) | T | main.rs:746:5:747:14 | S2 | +| main.rs:782:21:782:22 | S2 | | main.rs:746:5:747:14 | S2 | +| main.rs:784:26:784:27 | x5 | | file://:0:0:0:0 | & | +| main.rs:784:26:784:27 | x5 | &T | main.rs:743:5:744:19 | S | +| main.rs:784:26:784:27 | x5 | &T.T | main.rs:746:5:747:14 | S2 | +| main.rs:784:26:784:32 | x5.m1() | | main.rs:746:5:747:14 | S2 | +| main.rs:785:26:785:27 | x5 | | file://:0:0:0:0 | & | +| main.rs:785:26:785:27 | x5 | &T | main.rs:743:5:744:19 | S | +| main.rs:785:26:785:27 | x5 | &T.T | main.rs:746:5:747:14 | S2 | +| main.rs:785:26:785:29 | x5.0 | | main.rs:746:5:747:14 | S2 | +| main.rs:787:13:787:14 | x6 | | file://:0:0:0:0 | & | +| main.rs:787:13:787:14 | x6 | &T | main.rs:743:5:744:19 | S | +| main.rs:787:13:787:14 | x6 | &T.T | main.rs:746:5:747:14 | S2 | +| main.rs:787:18:787:23 | &... | | file://:0:0:0:0 | & | +| main.rs:787:18:787:23 | &... | &T | main.rs:743:5:744:19 | S | +| main.rs:787:18:787:23 | &... | &T.T | main.rs:746:5:747:14 | S2 | +| main.rs:787:19:787:23 | S(...) | | main.rs:743:5:744:19 | S | +| main.rs:787:19:787:23 | S(...) | T | main.rs:746:5:747:14 | S2 | +| main.rs:787:21:787:22 | S2 | | main.rs:746:5:747:14 | S2 | +| main.rs:789:26:789:30 | (...) | | main.rs:743:5:744:19 | S | +| main.rs:789:26:789:30 | (...) | T | main.rs:746:5:747:14 | S2 | +| main.rs:789:26:789:35 | ... .m1() | | main.rs:746:5:747:14 | S2 | +| main.rs:789:27:789:29 | * ... | | main.rs:743:5:744:19 | S | +| main.rs:789:27:789:29 | * ... | T | main.rs:746:5:747:14 | S2 | +| main.rs:789:28:789:29 | x6 | | file://:0:0:0:0 | & | +| main.rs:789:28:789:29 | x6 | &T | main.rs:743:5:744:19 | S | +| main.rs:789:28:789:29 | x6 | &T.T | main.rs:746:5:747:14 | S2 | +| main.rs:796:16:796:20 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:796:16:796:20 | SelfParam | &T | main.rs:794:5:802:5 | Self [trait MyTrait] | +| main.rs:799:16:799:20 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:799:16:799:20 | SelfParam | &T | main.rs:794:5:802:5 | Self [trait MyTrait] | +| main.rs:799:32:801:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:799:32:801:9 | { ... } | &T | main.rs:794:5:802:5 | Self [trait MyTrait] | +| main.rs:800:13:800:16 | self | | file://:0:0:0:0 | & | +| main.rs:800:13:800:16 | self | &T | main.rs:794:5:802:5 | Self [trait MyTrait] | +| main.rs:800:13:800:22 | self.foo() | | file://:0:0:0:0 | & | +| main.rs:800:13:800:22 | self.foo() | &T | main.rs:794:5:802:5 | Self [trait MyTrait] | +| main.rs:808:16:808:20 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:808:16:808:20 | SelfParam | &T | main.rs:804:5:804:20 | MyStruct | +| main.rs:808:36:810:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:808:36:810:9 | { ... } | &T | main.rs:804:5:804:20 | MyStruct | +| main.rs:809:13:809:16 | self | | file://:0:0:0:0 | & | +| main.rs:809:13:809:16 | self | &T | main.rs:804:5:804:20 | MyStruct | +| main.rs:814:13:814:13 | x | | main.rs:804:5:804:20 | MyStruct | +| main.rs:814:17:814:24 | MyStruct | | main.rs:804:5:804:20 | MyStruct | +| main.rs:815:9:815:9 | x | | main.rs:804:5:804:20 | MyStruct | +| main.rs:815:9:815:15 | x.bar() | | file://:0:0:0:0 | & | +| main.rs:815:9:815:15 | x.bar() | &T | main.rs:804:5:804:20 | MyStruct | +| main.rs:825:16:825:20 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:825:16:825:20 | SelfParam | &T | main.rs:822:5:822:26 | MyStruct | +| main.rs:825:16:825:20 | SelfParam | &T.T | main.rs:824:10:824:10 | T | +| main.rs:825:32:827:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:825:32:827:9 | { ... } | &T | main.rs:822:5:822:26 | MyStruct | +| main.rs:825:32:827:9 | { ... } | &T.T | main.rs:824:10:824:10 | T | +| main.rs:826:13:826:16 | self | | file://:0:0:0:0 | & | +| main.rs:826:13:826:16 | self | &T | main.rs:822:5:822:26 | MyStruct | +| main.rs:826:13:826:16 | self | &T.T | main.rs:824:10:824:10 | T | +| main.rs:831:13:831:13 | x | | main.rs:822:5:822:26 | MyStruct | +| main.rs:831:13:831:13 | x | T | main.rs:820:5:820:13 | S | +| main.rs:831:17:831:27 | MyStruct(...) | | main.rs:822:5:822:26 | MyStruct | +| main.rs:831:17:831:27 | MyStruct(...) | T | main.rs:820:5:820:13 | S | +| main.rs:831:26:831:26 | S | | main.rs:820:5:820:13 | S | +| main.rs:832:9:832:9 | x | | main.rs:822:5:822:26 | MyStruct | +| main.rs:832:9:832:9 | x | T | main.rs:820:5:820:13 | S | +| main.rs:832:9:832:15 | x.foo() | | file://:0:0:0:0 | & | +| main.rs:832:9:832:15 | x.foo() | &T | main.rs:822:5:822:26 | MyStruct | +| main.rs:832:9:832:15 | x.foo() | &T.T | main.rs:820:5:820:13 | S | +| main.rs:840:15:840:19 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:840:15:840:19 | SelfParam | &T | main.rs:837:5:837:13 | S | +| main.rs:840:31:842:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:840:31:842:9 | { ... } | &T | main.rs:837:5:837:13 | S | +| main.rs:841:13:841:19 | &... | | file://:0:0:0:0 | & | +| main.rs:841:13:841:19 | &... | &T | main.rs:837:5:837:13 | S | +| main.rs:841:14:841:19 | &... | | file://:0:0:0:0 | & | +| main.rs:841:14:841:19 | &... | &T | main.rs:837:5:837:13 | S | +| main.rs:841:15:841:19 | &self | | file://:0:0:0:0 | & | +| main.rs:841:15:841:19 | &self | &T | main.rs:837:5:837:13 | S | +| main.rs:841:16:841:19 | self | | file://:0:0:0:0 | & | +| main.rs:841:16:841:19 | self | &T | main.rs:837:5:837:13 | S | +| main.rs:844:15:844:25 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:844:15:844:25 | SelfParam | &T | main.rs:837:5:837:13 | S | +| main.rs:844:37:846:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:844:37:846:9 | { ... } | &T | main.rs:837:5:837:13 | S | +| main.rs:845:13:845:19 | &... | | file://:0:0:0:0 | & | +| main.rs:845:13:845:19 | &... | &T | main.rs:837:5:837:13 | S | +| main.rs:845:14:845:19 | &... | | file://:0:0:0:0 | & | +| main.rs:845:14:845:19 | &... | &T | main.rs:837:5:837:13 | S | +| main.rs:845:15:845:19 | &self | | file://:0:0:0:0 | & | +| main.rs:845:15:845:19 | &self | &T | main.rs:837:5:837:13 | S | +| main.rs:845:16:845:19 | self | | file://:0:0:0:0 | & | +| main.rs:845:16:845:19 | self | &T | main.rs:837:5:837:13 | S | +| main.rs:848:15:848:15 | x | | file://:0:0:0:0 | & | +| main.rs:848:15:848:15 | x | &T | main.rs:837:5:837:13 | S | +| main.rs:848:34:850:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:848:34:850:9 | { ... } | &T | main.rs:837:5:837:13 | S | +| main.rs:849:13:849:13 | x | | file://:0:0:0:0 | & | +| main.rs:849:13:849:13 | x | &T | main.rs:837:5:837:13 | S | +| main.rs:852:15:852:15 | x | | file://:0:0:0:0 | & | +| main.rs:852:15:852:15 | x | &T | main.rs:837:5:837:13 | S | +| main.rs:852:34:854:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:852:34:854:9 | { ... } | &T | main.rs:837:5:837:13 | S | +| main.rs:853:13:853:16 | &... | | file://:0:0:0:0 | & | +| main.rs:853:13:853:16 | &... | &T | main.rs:837:5:837:13 | S | +| main.rs:853:14:853:16 | &... | | file://:0:0:0:0 | & | +| main.rs:853:14:853:16 | &... | &T | main.rs:837:5:837:13 | S | +| main.rs:853:15:853:16 | &x | | file://:0:0:0:0 | & | +| main.rs:853:15:853:16 | &x | &T | main.rs:837:5:837:13 | S | +| main.rs:853:16:853:16 | x | | file://:0:0:0:0 | & | +| main.rs:853:16:853:16 | x | &T | main.rs:837:5:837:13 | S | +| main.rs:858:13:858:13 | x | | main.rs:837:5:837:13 | S | +| main.rs:858:17:858:20 | S {...} | | main.rs:837:5:837:13 | S | +| main.rs:859:9:859:9 | x | | main.rs:837:5:837:13 | S | +| main.rs:859:9:859:14 | x.f1() | | file://:0:0:0:0 | & | +| main.rs:859:9:859:14 | x.f1() | &T | main.rs:837:5:837:13 | S | +| main.rs:860:9:860:9 | x | | main.rs:837:5:837:13 | S | +| main.rs:860:9:860:14 | x.f2() | | file://:0:0:0:0 | & | +| main.rs:860:9:860:14 | x.f2() | &T | main.rs:837:5:837:13 | S | +| main.rs:861:9:861:17 | ...::f3(...) | | file://:0:0:0:0 | & | +| main.rs:861:9:861:17 | ...::f3(...) | &T | main.rs:837:5:837:13 | S | +| main.rs:861:15:861:16 | &x | | file://:0:0:0:0 | & | +| main.rs:861:15:861:16 | &x | &T | main.rs:837:5:837:13 | S | +| main.rs:861:16:861:16 | x | | main.rs:837:5:837:13 | S | +| main.rs:867:5:867:20 | ...::f(...) | | main.rs:67:5:67:21 | Foo | +| main.rs:868:5:868:60 | ...::g(...) | | main.rs:67:5:67:21 | Foo | +| main.rs:868:20:868:38 | ...::Foo {...} | | main.rs:67:5:67:21 | Foo | +| main.rs:868:41:868:59 | ...::Foo {...} | | main.rs:67:5:67:21 | Foo | From 77e1b231a6410cca1c8912ce7fe79bd31e925c10 Mon Sep 17 00:00:00 2001 From: Simon Friis Vindum Date: Fri, 4 Apr 2025 10:12:23 +0200 Subject: [PATCH 231/409] Rust: Handle associated types in trait methods --- .../rust/elements/internal/TraitImpl.qll | 10 +++ rust/ql/lib/codeql/rust/internal/Type.qll | 64 ++++++++++++++++++- .../codeql/rust/internal/TypeInference.qll | 27 ++++---- .../lib/codeql/rust/internal/TypeMention.qll | 40 +++++++++++- .../test/library-tests/type-inference/main.rs | 6 +- .../type-inference/type-inference.expected | 11 ++++ 6 files changed, 138 insertions(+), 20 deletions(-) diff --git a/rust/ql/lib/codeql/rust/elements/internal/TraitImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/TraitImpl.qll index 63a13673465..0926db57c97 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/TraitImpl.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/TraitImpl.qll @@ -26,5 +26,15 @@ module Impl { */ class Trait extends Generated::Trait { override string toStringImpl() { result = "trait " + this.getName().getText() } + + /** + * Gets the number of generic parameters of this trait. + */ + int getNumberOfGenericParams() { + result = this.getGenericParamList().getNumberOfGenericParams() + or + not this.hasGenericParamList() and + result = 0 + } } } diff --git a/rust/ql/lib/codeql/rust/internal/Type.qll b/rust/ql/lib/codeql/rust/internal/Type.qll index ef311fae6c8..c3eb83c8dfa 100644 --- a/rust/ql/lib/codeql/rust/internal/Type.qll +++ b/rust/ql/lib/codeql/rust/internal/Type.qll @@ -2,9 +2,10 @@ private import rust private import PathResolution -private import TypeInference private import TypeMention private import codeql.rust.internal.CachedStages +private import codeql.rust.elements.internal.generated.Raw +private import codeql.rust.elements.internal.generated.Synth cached newtype TType = @@ -15,6 +16,7 @@ newtype TType = TArrayType() or // todo: add size? TRefType() or // todo: add mut? TTypeParamTypeParameter(TypeParam t) or + TAssociatedTypeTypeParameter(TypeAlias t) { any(TraitItemNode trait).getADescendant() = t } or TRefTypeParameter() or TSelfTypeParameter(Trait t) @@ -144,6 +146,9 @@ class TraitType extends Type, TTrait { override TypeParameter getTypeParameter(int i) { result = TTypeParamTypeParameter(trait.getGenericParamList().getTypeParam(i)) + or + result = + any(AssociatedTypeTypeParameter param | param.getTrait() = trait and param.getIndex() = i) } pragma[nomagic] @@ -297,6 +302,14 @@ abstract class TypeParameter extends Type { override TypeParameter getTypeParameter(int i) { none() } } +private class RawTypeParameter = @type_param or @trait or @type_alias; + +private predicate id(RawTypeParameter x, RawTypeParameter y) { x = y } + +private predicate idOfRaw(RawTypeParameter x, int y) = equivalenceRelation(id/2)(x, y) + +int idOfTypeParameterAstNode(AstNode node) { idOfRaw(Synth::convertAstNodeToRaw(node), result) } + /** A type parameter from source code. */ class TypeParamTypeParameter extends TypeParameter, TTypeParamTypeParameter { private TypeParam typeParam; @@ -320,6 +333,55 @@ class TypeParamTypeParameter extends TypeParameter, TTypeParamTypeParameter { } } +/** Gets type alias that is the `i`th type parameter of `trait`. */ +predicate traitAliasIndex(Trait trait, int i, TypeAlias typeAlias) { + typeAlias = + rank[i + 1 - trait.getNumberOfGenericParams()](TypeAlias alias | + trait.(TraitItemNode).getADescendant() = alias + | + alias order by idOfTypeParameterAstNode(alias) + ) +} + +/** + * A type parameter corresponding to an associated type in a trait. + * + * We treat associated type declarations in traits as type parameters. E.g., a + * trait such as + * ```rust + * trait ATrait { + * type AssociatedType; + * // ... + * } + * ``` + * is treated as if it where + * ```rust + * trait ATrait { + * // ... + * } + * ``` + */ +class AssociatedTypeTypeParameter extends TypeParameter, TAssociatedTypeTypeParameter { + private TypeAlias typeAlias; + + AssociatedTypeTypeParameter() { this = TAssociatedTypeTypeParameter(typeAlias) } + + TypeAlias getTypeAlias() { result = typeAlias } + + /** Gets the trait that contains this associated type declaration. */ + TraitItemNode getTrait() { result.getADescendant() = typeAlias } + + int getIndex() { traitAliasIndex(this.getTrait(), result, typeAlias) } + + override Function getMethod(string name) { none() } + + override string toString() { result = typeAlias.getName().getText() } + + override Location getLocation() { result = typeAlias.getLocation() } + + override TypeMention getABaseTypeMention() { none() } +} + /** An implicit reference type parameter. */ class RefTypeParameter extends TypeParameter, TRefTypeParameter { override Function getMethod(string name) { none() } diff --git a/rust/ql/lib/codeql/rust/internal/TypeInference.qll b/rust/ql/lib/codeql/rust/internal/TypeInference.qll index ed6370f1638..9e38c41cf35 100644 --- a/rust/ql/lib/codeql/rust/internal/TypeInference.qll +++ b/rust/ql/lib/codeql/rust/internal/TypeInference.qll @@ -40,17 +40,21 @@ private module Input1 implements InputSig1 { private newtype TTypeParameterPosition = TTypeParamTypeParameterPosition(TypeParam tp) or - TSelfTypeParameterPosition() + TImplicitTypeParameterPosition() class TypeParameterPosition extends TTypeParameterPosition { TypeParam asTypeParam() { this = TTypeParamTypeParameterPosition(result) } - predicate isSelf() { this = TSelfTypeParameterPosition() } + /** + * Holds if this is the implicit type parameter position used to represent + * parameters that are never passed explicitly as arguments. + */ + predicate isImplicit() { this = TImplicitTypeParameterPosition() } string toString() { result = this.asTypeParam().toString() or - result = "Self" and this.isSelf() + result = "Implicit" and this.isImplicit() } } @@ -69,15 +73,6 @@ private module Input1 implements InputSig1 { apos.asMethodTypeArgumentPosition() = ppos.asTypeParam().getPosition() } - /** A raw AST node that might correspond to a type parameter. */ - private class RawTypeParameter = @type_param or @trait; - - private predicate id(RawTypeParameter x, RawTypeParameter y) { x = y } - - private predicate idOfRaw(RawTypeParameter x, int y) = equivalenceRelation(id/2)(x, y) - - private int idOf(AstNode node) { idOfRaw(Synth::convertAstNodeToRaw(node), result) } - int getTypeParameterId(TypeParameter tp) { tp = rank[result](TypeParameter tp0, int kind, int id | @@ -86,8 +81,9 @@ private module Input1 implements InputSig1 { id = 0 or kind = 1 and - exists(AstNode node | id = idOf(node) | + exists(AstNode node | id = idOfTypeParameterAstNode(node) | node = tp0.(TypeParamTypeParameter).getTypeParam() or + node = tp0.(AssociatedTypeTypeParameter).getTypeAlias() or node = tp0.(SelfTypeParameter).getTrait() ) | @@ -500,7 +496,10 @@ private module CallExprBaseMatchingInput implements MatchingInputSig { exists(TraitItemNode trait | this = trait.getAnAssocItem() | typeParamMatchPosition(trait.getTypeParam(_), result, ppos) or - ppos.isSelf() and result = TSelfTypeParameter(trait) + ppos.isImplicit() and result = TSelfTypeParameter(trait) + or + ppos.isImplicit() and + result.(AssociatedTypeTypeParameter).getTrait() = trait ) } diff --git a/rust/ql/lib/codeql/rust/internal/TypeMention.qll b/rust/ql/lib/codeql/rust/internal/TypeMention.qll index a5e696313a3..b049d9b7177 100644 --- a/rust/ql/lib/codeql/rust/internal/TypeMention.qll +++ b/rust/ql/lib/codeql/rust/internal/TypeMention.qll @@ -75,6 +75,27 @@ class PathMention extends TypeMention, Path { this = node.getASelfPath() and result = node.(ImplItemNode).getSelfPath().getSegment().getGenericArgList().getTypeArg(i) ) + or + // If `this` is the trait of an `impl` block then any associated types + // defined in the `impl` block are type arguments to the trait. + // + // For instance, for a trait implementation like this + // ```rust + // impl MyTrait for MyType { + // ^^^^^^^ this + // type AssociatedType = i64 + // ^^^ result + // // ... + // } + // ``` + // the rhs. of the type alias is a type argument to the trait. + exists(ImplItemNode impl, AssociatedTypeTypeParameter param, TypeAlias alias | + this = impl.getTraitPath() and + param.getTrait() = resolvePath(this) and + alias = impl.getASuccessor(param.getTypeAlias().getName().getText()) and + result = alias.getTypeRepr() and + param.getIndex() = i + ) } override Type resolveType() { @@ -93,7 +114,11 @@ class PathMention extends TypeMention, Path { or result = TTypeParamTypeParameter(i) or - result = i.(TypeAlias).getTypeRepr().(TypeReprMention).resolveType() + exists(TypeAlias alias | alias = i | + result.(AssociatedTypeTypeParameter).getTypeAlias() = alias + or + result = alias.getTypeRepr().(TypeReprMention).resolveType() + ) ) } } @@ -106,6 +131,13 @@ class TypeParamMention extends TypeMention, TypeParam { override Type resolveType() { result = TTypeParamTypeParameter(this) } } +// Used to represent implicit associated type type arguments in traits. +class TypeAliasMention extends TypeMention, TypeAlias { + override TypeReprMention getTypeArgument(int i) { none() } + + override Type resolveType() { result = TAssociatedTypeTypeParameter(this) } +} + /** * Holds if the `i`th type argument of `selfPath`, belonging to `impl`, resolves * to type parameter `tp`. @@ -157,7 +189,11 @@ class ImplMention extends TypeMention, ImplItemNode { } class TraitMention extends TypeMention, TraitItemNode { - override TypeMention getTypeArgument(int i) { result = this.getTypeParam(i) } + override TypeMention getTypeArgument(int i) { + result = this.getTypeParam(i) + or + traitAliasIndex(this, i, result) + } override Type resolveType() { result = TTrait(this) } } diff --git a/rust/ql/test/library-tests/type-inference/main.rs b/rust/ql/test/library-tests/type-inference/main.rs index 1a4462d54c4..efe1a3444e0 100644 --- a/rust/ql/test/library-tests/type-inference/main.rs +++ b/rust/ql/test/library-tests/type-inference/main.rs @@ -351,7 +351,7 @@ mod trait_associated_type { Self::AssociatedType: Default, Self: Sized, { - self.m1(); // $ method=MyTrait::m1 + self.m1(); // $ method=MyTrait::m1 type=self.m1():AssociatedType Self::AssociatedType::default() } } @@ -424,7 +424,7 @@ mod trait_associated_type { let x2 = S; // Call to default method in `trait` block - let y = x2.m2(); // $ method=m2 MISSING: type=y:AT + let y = x2.m2(); // $ method=m2 type=y:AT println!("{:?}", y); let x3 = S; @@ -440,7 +440,7 @@ mod trait_associated_type { let x5 = S2; println!("{:?}", x5.m1()); // $ method=m1 MISSING: type=x5.m1():A.S2 let x6 = S2; - println!("{:?}", x6.m2()); // $ method=m2 MISSING: type=x6.m2():A.S2 + println!("{:?}", x6.m2()); // $ method=m2 type=x6.m2():A.S2 } } diff --git a/rust/ql/test/library-tests/type-inference/type-inference.expected b/rust/ql/test/library-tests/type-inference/type-inference.expected index 94cc8c42a0b..907ea9fcc53 100644 --- a/rust/ql/test/library-tests/type-inference/type-inference.expected +++ b/rust/ql/test/library-tests/type-inference/type-inference.expected @@ -336,7 +336,10 @@ inferType | main.rs:339:13:339:22 | self.field | | main.rs:337:10:337:10 | A | | main.rs:347:15:347:18 | SelfParam | | main.rs:343:5:357:5 | Self [trait MyTrait] | | main.rs:349:15:349:18 | SelfParam | | main.rs:343:5:357:5 | Self [trait MyTrait] | +| main.rs:353:9:356:9 | { ... } | | main.rs:344:9:344:28 | AssociatedType | | main.rs:354:13:354:16 | self | | main.rs:343:5:357:5 | Self [trait MyTrait] | +| main.rs:354:13:354:21 | self.m1() | | main.rs:344:9:344:28 | AssociatedType | +| main.rs:355:13:355:43 | ...::default(...) | | main.rs:344:9:344:28 | AssociatedType | | main.rs:363:19:363:23 | SelfParam | | file://:0:0:0:0 | & | | main.rs:363:19:363:23 | SelfParam | &T | main.rs:359:5:369:5 | Self [trait MyTraitAssoc2] | | main.rs:363:26:363:26 | a | | main.rs:363:16:363:16 | A | @@ -344,11 +347,14 @@ inferType | main.rs:365:22:365:26 | SelfParam | &T | main.rs:359:5:369:5 | Self [trait MyTraitAssoc2] | | main.rs:365:29:365:29 | a | | main.rs:365:19:365:19 | A | | main.rs:365:35:365:35 | b | | main.rs:365:19:365:19 | A | +| main.rs:365:75:368:9 | { ... } | | main.rs:360:9:360:52 | GenericAssociatedType | | main.rs:366:13:366:16 | self | | file://:0:0:0:0 | & | | main.rs:366:13:366:16 | self | &T | main.rs:359:5:369:5 | Self [trait MyTraitAssoc2] | +| main.rs:366:13:366:23 | self.put(...) | | main.rs:360:9:360:52 | GenericAssociatedType | | main.rs:366:22:366:22 | a | | main.rs:365:19:365:19 | A | | main.rs:367:13:367:16 | self | | file://:0:0:0:0 | & | | main.rs:367:13:367:16 | self | &T | main.rs:359:5:369:5 | Self [trait MyTraitAssoc2] | +| main.rs:367:13:367:23 | self.put(...) | | main.rs:360:9:360:52 | GenericAssociatedType | | main.rs:367:22:367:22 | b | | main.rs:365:19:365:19 | A | | main.rs:384:15:384:18 | SelfParam | | main.rs:371:5:372:13 | S | | main.rs:384:45:386:9 | { ... } | | main.rs:377:5:378:14 | AT | @@ -380,7 +386,10 @@ inferType | main.rs:423:26:423:32 | x1.m1() | | main.rs:377:5:378:14 | AT | | main.rs:425:13:425:14 | x2 | | main.rs:371:5:372:13 | S | | main.rs:425:18:425:18 | S | | main.rs:371:5:372:13 | S | +| main.rs:427:13:427:13 | y | | main.rs:377:5:378:14 | AT | | main.rs:427:17:427:18 | x2 | | main.rs:371:5:372:13 | S | +| main.rs:427:17:427:23 | x2.m2() | | main.rs:377:5:378:14 | AT | +| main.rs:428:26:428:26 | y | | main.rs:377:5:378:14 | AT | | main.rs:430:13:430:14 | x3 | | main.rs:371:5:372:13 | S | | main.rs:430:18:430:18 | S | | main.rs:371:5:372:13 | S | | main.rs:432:26:432:27 | x3 | | main.rs:371:5:372:13 | S | @@ -394,6 +403,8 @@ inferType | main.rs:442:13:442:14 | x6 | | main.rs:374:5:375:14 | S2 | | main.rs:442:18:442:19 | S2 | | main.rs:374:5:375:14 | S2 | | main.rs:443:26:443:27 | x6 | | main.rs:374:5:375:14 | S2 | +| main.rs:443:26:443:32 | x6.m2() | | main.rs:332:5:335:5 | Wrapper | +| main.rs:443:26:443:32 | x6.m2() | A | main.rs:374:5:375:14 | S2 | | main.rs:460:15:460:18 | SelfParam | | main.rs:448:5:452:5 | MyEnum | | main.rs:460:15:460:18 | SelfParam | A | main.rs:459:10:459:10 | T | | main.rs:460:26:465:9 | { ... } | | main.rs:459:10:459:10 | T | From adfe89fadc4b2f83a9d5c34ab8cd3e4cd3746ccc Mon Sep 17 00:00:00 2001 From: Joe Farebrother Date: Fri, 4 Apr 2025 09:47:21 +0100 Subject: [PATCH 232/409] Update test output --- .../capture/LoopVariableCapture.expected | 34 ++++++++++++++----- .../capture/LoopVariableCapture.qlref | 2 +- .../query-tests/Variables/capture/test.py | 19 ++++++----- 3 files changed, 37 insertions(+), 18 deletions(-) diff --git a/python/ql/test/query-tests/Variables/capture/LoopVariableCapture.expected b/python/ql/test/query-tests/Variables/capture/LoopVariableCapture.expected index 8fd40c120a6..d7e15f44e6c 100644 --- a/python/ql/test/query-tests/Variables/capture/LoopVariableCapture.expected +++ b/python/ql/test/query-tests/Variables/capture/LoopVariableCapture.expected @@ -1,8 +1,26 @@ -| test.py:5:9:5:20 | FunctionExpr | Capture of loop variable $@. | test.py:4:5:4:23 | For | x | -| test.py:10:6:10:14 | Lambda | Capture of loop variable $@. | test.py:10:5:10:36 | ListComp | i | -| test.py:42:6:42:14 | Lambda | Capture of loop variable $@. | test.py:42:5:42:56 | ListComp | i | -| test.py:43:6:43:14 | Lambda | Capture of loop variable $@. | test.py:43:5:43:56 | ListComp | j | -| test.py:45:6:45:14 | Lambda | Capture of loop variable $@. | test.py:45:5:45:36 | SetComp | i | -| test.py:49:8:49:16 | Lambda | Capture of loop variable $@. | test.py:49:5:49:38 | DictComp | i | -| test.py:57:6:57:14 | Lambda | Capture of loop variable $@. | test.py:57:6:57:35 | GeneratorExp | i | -| test.py:62:10:62:18 | Lambda | Capture of loop variable $@. | test.py:62:10:62:39 | GeneratorExp | i | +edges +| test.py:5:9:5:20 | ControlFlowNode for FunctionExpr | test.py:5:13:5:17 | ControlFlowNode for inner | provenance | | +| test.py:5:13:5:17 | ControlFlowNode for inner | test.py:7:20:7:24 | ControlFlowNode for inner | provenance | | +| test.py:49:8:49:16 | ControlFlowNode for Lambda | test.py:49:6:49:16 | ControlFlowNode for Tuple | provenance | | +nodes +| test.py:5:9:5:20 | ControlFlowNode for FunctionExpr | semmle.label | ControlFlowNode for FunctionExpr | +| test.py:5:13:5:17 | ControlFlowNode for inner | semmle.label | ControlFlowNode for inner | +| test.py:7:20:7:24 | ControlFlowNode for inner | semmle.label | ControlFlowNode for inner | +| test.py:10:6:10:14 | ControlFlowNode for Lambda | semmle.label | ControlFlowNode for Lambda | +| test.py:42:6:42:14 | ControlFlowNode for Lambda | semmle.label | ControlFlowNode for Lambda | +| test.py:43:6:43:14 | ControlFlowNode for Lambda | semmle.label | ControlFlowNode for Lambda | +| test.py:45:6:45:14 | ControlFlowNode for Lambda | semmle.label | ControlFlowNode for Lambda | +| test.py:49:6:49:16 | ControlFlowNode for Tuple | semmle.label | ControlFlowNode for Tuple | +| test.py:49:8:49:16 | ControlFlowNode for Lambda | semmle.label | ControlFlowNode for Lambda | +| test.py:57:6:57:14 | ControlFlowNode for Lambda | semmle.label | ControlFlowNode for Lambda | +| test.py:62:10:62:18 | ControlFlowNode for Lambda | semmle.label | ControlFlowNode for Lambda | +subpaths +#select +| test.py:5:9:5:20 | FunctionExpr | test.py:5:9:5:20 | ControlFlowNode for FunctionExpr | test.py:7:20:7:24 | ControlFlowNode for inner | This function captures the loop variable $@, and may escape the loop by being stored at $@. | test.py:4:5:4:23 | For | x | test.py:7:20:7:24 | ControlFlowNode for inner | this location | +| test.py:10:6:10:14 | Lambda | test.py:10:6:10:14 | ControlFlowNode for Lambda | test.py:10:6:10:14 | ControlFlowNode for Lambda | This lambda captures the loop variable $@, and may escape the loop by being stored at $@. | test.py:10:5:10:36 | For | i | test.py:10:6:10:14 | ControlFlowNode for Lambda | this location | +| test.py:42:6:42:14 | Lambda | test.py:42:6:42:14 | ControlFlowNode for Lambda | test.py:42:6:42:14 | ControlFlowNode for Lambda | This lambda captures the loop variable $@, and may escape the loop by being stored at $@. | test.py:42:5:42:56 | For | i | test.py:42:6:42:14 | ControlFlowNode for Lambda | this location | +| test.py:43:6:43:14 | Lambda | test.py:43:6:43:14 | ControlFlowNode for Lambda | test.py:43:6:43:14 | ControlFlowNode for Lambda | This lambda captures the loop variable $@, and may escape the loop by being stored at $@. | test.py:43:5:43:56 | For | j | test.py:43:6:43:14 | ControlFlowNode for Lambda | this location | +| test.py:45:6:45:14 | Lambda | test.py:45:6:45:14 | ControlFlowNode for Lambda | test.py:45:6:45:14 | ControlFlowNode for Lambda | This lambda captures the loop variable $@, and may escape the loop by being stored at $@. | test.py:45:5:45:36 | For | i | test.py:45:6:45:14 | ControlFlowNode for Lambda | this location | +| test.py:49:8:49:16 | Lambda | test.py:49:8:49:16 | ControlFlowNode for Lambda | test.py:49:6:49:16 | ControlFlowNode for Tuple | This lambda captures the loop variable $@, and may escape the loop by being stored at $@. | test.py:49:5:49:38 | For | i | test.py:49:6:49:16 | ControlFlowNode for Tuple | this location | +| test.py:57:6:57:14 | Lambda | test.py:57:6:57:14 | ControlFlowNode for Lambda | test.py:57:6:57:14 | ControlFlowNode for Lambda | This lambda captures the loop variable $@, and may escape the loop by being stored at $@. | test.py:57:6:57:35 | For | i | test.py:57:6:57:14 | ControlFlowNode for Lambda | this location | +| test.py:62:10:62:18 | Lambda | test.py:62:10:62:18 | ControlFlowNode for Lambda | test.py:62:10:62:18 | ControlFlowNode for Lambda | This lambda captures the loop variable $@, and may escape the loop by being stored at $@. | test.py:62:10:62:39 | For | i | test.py:62:10:62:18 | ControlFlowNode for Lambda | this location | diff --git a/python/ql/test/query-tests/Variables/capture/LoopVariableCapture.qlref b/python/ql/test/query-tests/Variables/capture/LoopVariableCapture.qlref index 1e2a71cd6a7..05bfcbd9420 100644 --- a/python/ql/test/query-tests/Variables/capture/LoopVariableCapture.qlref +++ b/python/ql/test/query-tests/Variables/capture/LoopVariableCapture.qlref @@ -1 +1 @@ -Variables/LoopVariableCapture.ql +Variables/LoopVariableCapture/LoopVariableCapture.ql diff --git a/python/ql/test/query-tests/Variables/capture/test.py b/python/ql/test/query-tests/Variables/capture/test.py index 480bc58862e..5ffccc7a9e4 100644 --- a/python/ql/test/query-tests/Variables/capture/test.py +++ b/python/ql/test/query-tests/Variables/capture/test.py @@ -2,12 +2,12 @@ def bad1(): results = [] for x in range(10): - def inner(): + def inner(): # $capturedVar=x return x results.append(inner) return results -a = [lambda: i for i in range(1, 4)] +a = [lambda: i for i in range(1, 4)] # $capturedVar=a for f in a: print(f()) @@ -39,14 +39,14 @@ def ok1(): result += inner() return result -b = [lambda: i for i in range(1, 4) for j in range(1,5)] -c = [lambda: j for i in range(1, 4) for j in range(1,5)] +b = [lambda: i for i in range(1, 4) for j in range(1,5)] # $capturedVar=i +c = [lambda: j for i in range(1, 4) for j in range(1,5)] # $capturedVar=j -s = {lambda: i for i in range(1, 4)} +s = {lambda: i for i in range(1, 4)} # $capturedVar=i for f in s: print(f()) -d = {i:lambda: i for i in range(1, 4)} +d = {i:lambda: i for i in range(1, 4)} # $capturedVar=d for k, f in d.items(): print(k, f()) @@ -54,14 +54,15 @@ for k, f in d.items(): #When the captured variable is used. #So technically this is a false positive, but it is extremely fragile #code, so I (Mark) think it is fine to report it as a violation. -g = (lambda: i for i in range(1, 4)) +g = (lambda: i for i in range(1, 4)) # $capturedVar=i for f in g: print(f()) #But not if evaluated eagerly -l = list(lambda: i for i in range(1, 4)) +l = list(lambda: i for i in range(1, 4)) # $capturedVar=i for f in l: print(f()) +# This result is MISSING since the lambda is not detected to escape the loop def odasa4860(asset_ids): - return dict((asset_id, filter(lambda c : c.asset_id == asset_id, xxx)) for asset_id in asset_ids) + return dict((asset_id, filter(lambda c : c.asset_id == asset_id, xxx)) for asset_id in asset_ids) # $MISSING: capturedVar=asset_id From f96b00a62ab667bea496948718cdf59dd510311d Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 4 Apr 2025 09:53:13 +0100 Subject: [PATCH 233/409] Update rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSizeGood.rs Co-authored-by: Simon Friis Vindum --- .../queries/security/CWE-770/UncontrolledAllocationSizeGood.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSizeGood.rs b/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSizeGood.rs index c0758431289..92c9a5b291b 100644 --- a/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSizeGood.rs +++ b/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSizeGood.rs @@ -3,7 +3,7 @@ const BUFFER_LIMIT: usize = 10 * 1024; fn allocate_buffer(user_input: String) -> Result<*mut u8, Error> { let size = user_input.parse::()?; - if (size > BUFFER_LIMIT) { + if size > BUFFER_LIMIT { return Err("Size exceeds limit".into()); } let num_bytes = size * std::mem::size_of::(); From 44b26e5ae6a8912a34ac9e776b3f39220277a0b1 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 4 Apr 2025 09:54:41 +0100 Subject: [PATCH 234/409] Rust: Change the test copy of the example as well. --- rust/ql/test/query-tests/security/CWE-770/main.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rust/ql/test/query-tests/security/CWE-770/main.rs b/rust/ql/test/query-tests/security/CWE-770/main.rs index 37533e746ed..6d786dd0323 100644 --- a/rust/ql/test/query-tests/security/CWE-770/main.rs +++ b/rust/ql/test/query-tests/security/CWE-770/main.rs @@ -291,7 +291,7 @@ const BUFFER_LIMIT: usize = 10 * 1024; fn allocate_buffer_good(user_input: String) -> Result<*mut u8, Error> { let size = user_input.parse::()?; - if (size > BUFFER_LIMIT) { + if size > BUFFER_LIMIT { return Err("Size exceeds limit".into()); } let num_bytes = size * std::mem::size_of::(); From 9fb1c312067e50c29010947d0b19de7178c08a3d Mon Sep 17 00:00:00 2001 From: Joe Farebrother Date: Fri, 4 Apr 2025 10:13:39 +0100 Subject: [PATCH 235/409] Update tests to inline expectations --- .../LoopVariableCapture.ql | 72 +---------------- .../LoopVariableCaptureQuery.qll | 81 +++++++++++++++++++ .../capture/LoopVariableCapture.expected | 26 ------ .../capture/LoopVariableCapture.qlref | 1 - .../capture/LoopVariableCaptureTest.expected | 0 .../capture/LoopVariableCaptureTest.ql | 19 +++++ .../query-tests/Variables/capture/test.py | 15 +++- 7 files changed, 112 insertions(+), 102 deletions(-) create mode 100644 python/ql/src/Variables/LoopVariableCapture/LoopVariableCaptureQuery.qll delete mode 100644 python/ql/test/query-tests/Variables/capture/LoopVariableCapture.expected delete mode 100644 python/ql/test/query-tests/Variables/capture/LoopVariableCapture.qlref create mode 100644 python/ql/test/query-tests/Variables/capture/LoopVariableCaptureTest.expected create mode 100644 python/ql/test/query-tests/Variables/capture/LoopVariableCaptureTest.ql diff --git a/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql index 49392e3d01e..9c8822a3f6b 100644 --- a/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql +++ b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql @@ -10,80 +10,10 @@ */ import python +import LoopVariableCaptureQuery import semmle.python.dataflow.new.DataFlow - -abstract class Loop extends AstNode { - abstract Variable getALoopVariable(); -} - -class ForLoop extends Loop, For { - override Variable getALoopVariable() { - this.getTarget() = result.getAnAccess().getParentNode*() and - result.getScope() = this.getScope() - } -} - -predicate capturesLoopVariable(CallableExpr capturing, Loop loop, Variable var) { - var.getAnAccess().getScope() = capturing.getInnerScope() and - capturing.getParentNode+() = loop and - var = loop.getALoopVariable() -} - -module EscapingCaptureFlowConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node node) { capturesLoopVariable(node.asExpr(), _, _) } - - predicate isSink(DataFlow::Node node) { - // Stored in a field. - // This appeared to lead to FPs through wrapper classes. - // exists(DataFlow::AttrWrite aw | aw.getObject() = node) - // or - // Stored in a dict/list. - exists(Assign assign, Subscript sub | - sub = assign.getATarget() and node.asExpr() = assign.getValue() - ) - or - // Stored in a list. - exists(DataFlow::MethodCallNode mc | mc.calls(_, "append") and node = mc.getArg(0)) - or - // Used in a yield statement, likely included in a collection. - // The element of comprehension expressions desugar to involve a yield statement internally. - exists(Yield y | node.asExpr() = y.getValue()) - } - - predicate isBarrierOut(DataFlow::Node node) { isSink(node) } - - predicate isBarrier(DataFlow::Node node) { - // Incorrect virtual dispatch to __call__ methods is a source of FPs. - exists(Function call | - call.getName() = "__call__" and - call.getArg(0) = node.(DataFlow::ParameterNode).getParameter() - ) - } - - predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet cs) { - isSink(node) and - ( - cs instanceof DataFlow::TupleElementContent or - cs instanceof DataFlow::ListElementContent or - cs instanceof DataFlow::SetElementContent or - cs instanceof DataFlow::DictionaryElementAnyContent - ) - } -} - -module EscapingCaptureFlow = DataFlow::Global; - import EscapingCaptureFlow::PathGraph -predicate escapingCapture( - CallableExpr capturing, Loop loop, Variable var, EscapingCaptureFlow::PathNode source, - EscapingCaptureFlow::PathNode sink -) { - capturesLoopVariable(capturing, loop, var) and - capturing = source.getNode().asExpr() and - EscapingCaptureFlow::flowPath(source, sink) -} - from CallableExpr capturing, AstNode loop, Variable var, string descr, EscapingCaptureFlow::PathNode source, EscapingCaptureFlow::PathNode sink diff --git a/python/ql/src/Variables/LoopVariableCapture/LoopVariableCaptureQuery.qll b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCaptureQuery.qll new file mode 100644 index 00000000000..ed0c6496141 --- /dev/null +++ b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCaptureQuery.qll @@ -0,0 +1,81 @@ +/** Definitions for reasoning about loop variable capture issues. */ + +import python +import semmle.python.dataflow.new.DataFlow + +/** A looping construct. */ +abstract class Loop extends AstNode { + /** + * Gets a loop variable of this loop. + * For example, `x` and `y` in `for x,y in pairs: print(x+y)` + */ + abstract Variable getALoopVariable(); +} + +/** A `for` loop. */ +private class ForLoop extends Loop, For { + override Variable getALoopVariable() { + this.getTarget() = result.getAnAccess().getParentNode*() and + result.getScope() = this.getScope() + } +} + +/** Holds if the callable `capturing` captures the variable `var` from the loop `loop`. */ +predicate capturesLoopVariable(CallableExpr capturing, Loop loop, Variable var) { + var.getAnAccess().getScope() = capturing.getInnerScope() and + capturing.getParentNode+() = loop and + var = loop.getALoopVariable() +} + +/** Dataflow configuration for reasoning about callables that capture a loop variable and then may escape from the loop. */ +module EscapingCaptureFlowConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node node) { capturesLoopVariable(node.asExpr(), _, _) } + + predicate isSink(DataFlow::Node node) { + // Stored in a dict/list. + exists(Assign assign, Subscript sub | + sub = assign.getATarget() and node.asExpr() = assign.getValue() + ) + or + // Stored in a list. + exists(DataFlow::MethodCallNode mc | mc.calls(_, "append") and node = mc.getArg(0)) + or + // Used in a yield statement, likely included in a collection. + // The element of comprehension expressions desugar to involve a yield statement internally. + exists(Yield y | node.asExpr() = y.getValue()) + // Checks for storing in a field leads to false positives, so are omitted. + } + + predicate isBarrierOut(DataFlow::Node node) { isSink(node) } + + predicate isBarrier(DataFlow::Node node) { + // Incorrect virtual dispatch to __call__ methods is a source of FPs. + exists(Function call | + call.getName() = "__call__" and + call.getArg(0) = node.(DataFlow::ParameterNode).getParameter() + ) + } + + predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet cs) { + isSink(node) and + ( + cs instanceof DataFlow::TupleElementContent or + cs instanceof DataFlow::ListElementContent or + cs instanceof DataFlow::SetElementContent or + cs instanceof DataFlow::DictionaryElementAnyContent + ) + } +} + +/** Dataflow for reasoning about callables that capture a loop variable and then escape from the loop. */ +module EscapingCaptureFlow = DataFlow::Global; + +/** Holds if `capturing` is a callable that captures the variable `var` of the loop `loop`, and then may escape the loop via a flow path from `source` to `sink`. */ +predicate escapingCapture( + CallableExpr capturing, Loop loop, Variable var, EscapingCaptureFlow::PathNode source, + EscapingCaptureFlow::PathNode sink +) { + capturesLoopVariable(capturing, loop, var) and + capturing = source.getNode().asExpr() and + EscapingCaptureFlow::flowPath(source, sink) +} diff --git a/python/ql/test/query-tests/Variables/capture/LoopVariableCapture.expected b/python/ql/test/query-tests/Variables/capture/LoopVariableCapture.expected deleted file mode 100644 index d7e15f44e6c..00000000000 --- a/python/ql/test/query-tests/Variables/capture/LoopVariableCapture.expected +++ /dev/null @@ -1,26 +0,0 @@ -edges -| test.py:5:9:5:20 | ControlFlowNode for FunctionExpr | test.py:5:13:5:17 | ControlFlowNode for inner | provenance | | -| test.py:5:13:5:17 | ControlFlowNode for inner | test.py:7:20:7:24 | ControlFlowNode for inner | provenance | | -| test.py:49:8:49:16 | ControlFlowNode for Lambda | test.py:49:6:49:16 | ControlFlowNode for Tuple | provenance | | -nodes -| test.py:5:9:5:20 | ControlFlowNode for FunctionExpr | semmle.label | ControlFlowNode for FunctionExpr | -| test.py:5:13:5:17 | ControlFlowNode for inner | semmle.label | ControlFlowNode for inner | -| test.py:7:20:7:24 | ControlFlowNode for inner | semmle.label | ControlFlowNode for inner | -| test.py:10:6:10:14 | ControlFlowNode for Lambda | semmle.label | ControlFlowNode for Lambda | -| test.py:42:6:42:14 | ControlFlowNode for Lambda | semmle.label | ControlFlowNode for Lambda | -| test.py:43:6:43:14 | ControlFlowNode for Lambda | semmle.label | ControlFlowNode for Lambda | -| test.py:45:6:45:14 | ControlFlowNode for Lambda | semmle.label | ControlFlowNode for Lambda | -| test.py:49:6:49:16 | ControlFlowNode for Tuple | semmle.label | ControlFlowNode for Tuple | -| test.py:49:8:49:16 | ControlFlowNode for Lambda | semmle.label | ControlFlowNode for Lambda | -| test.py:57:6:57:14 | ControlFlowNode for Lambda | semmle.label | ControlFlowNode for Lambda | -| test.py:62:10:62:18 | ControlFlowNode for Lambda | semmle.label | ControlFlowNode for Lambda | -subpaths -#select -| test.py:5:9:5:20 | FunctionExpr | test.py:5:9:5:20 | ControlFlowNode for FunctionExpr | test.py:7:20:7:24 | ControlFlowNode for inner | This function captures the loop variable $@, and may escape the loop by being stored at $@. | test.py:4:5:4:23 | For | x | test.py:7:20:7:24 | ControlFlowNode for inner | this location | -| test.py:10:6:10:14 | Lambda | test.py:10:6:10:14 | ControlFlowNode for Lambda | test.py:10:6:10:14 | ControlFlowNode for Lambda | This lambda captures the loop variable $@, and may escape the loop by being stored at $@. | test.py:10:5:10:36 | For | i | test.py:10:6:10:14 | ControlFlowNode for Lambda | this location | -| test.py:42:6:42:14 | Lambda | test.py:42:6:42:14 | ControlFlowNode for Lambda | test.py:42:6:42:14 | ControlFlowNode for Lambda | This lambda captures the loop variable $@, and may escape the loop by being stored at $@. | test.py:42:5:42:56 | For | i | test.py:42:6:42:14 | ControlFlowNode for Lambda | this location | -| test.py:43:6:43:14 | Lambda | test.py:43:6:43:14 | ControlFlowNode for Lambda | test.py:43:6:43:14 | ControlFlowNode for Lambda | This lambda captures the loop variable $@, and may escape the loop by being stored at $@. | test.py:43:5:43:56 | For | j | test.py:43:6:43:14 | ControlFlowNode for Lambda | this location | -| test.py:45:6:45:14 | Lambda | test.py:45:6:45:14 | ControlFlowNode for Lambda | test.py:45:6:45:14 | ControlFlowNode for Lambda | This lambda captures the loop variable $@, and may escape the loop by being stored at $@. | test.py:45:5:45:36 | For | i | test.py:45:6:45:14 | ControlFlowNode for Lambda | this location | -| test.py:49:8:49:16 | Lambda | test.py:49:8:49:16 | ControlFlowNode for Lambda | test.py:49:6:49:16 | ControlFlowNode for Tuple | This lambda captures the loop variable $@, and may escape the loop by being stored at $@. | test.py:49:5:49:38 | For | i | test.py:49:6:49:16 | ControlFlowNode for Tuple | this location | -| test.py:57:6:57:14 | Lambda | test.py:57:6:57:14 | ControlFlowNode for Lambda | test.py:57:6:57:14 | ControlFlowNode for Lambda | This lambda captures the loop variable $@, and may escape the loop by being stored at $@. | test.py:57:6:57:35 | For | i | test.py:57:6:57:14 | ControlFlowNode for Lambda | this location | -| test.py:62:10:62:18 | Lambda | test.py:62:10:62:18 | ControlFlowNode for Lambda | test.py:62:10:62:18 | ControlFlowNode for Lambda | This lambda captures the loop variable $@, and may escape the loop by being stored at $@. | test.py:62:10:62:39 | For | i | test.py:62:10:62:18 | ControlFlowNode for Lambda | this location | diff --git a/python/ql/test/query-tests/Variables/capture/LoopVariableCapture.qlref b/python/ql/test/query-tests/Variables/capture/LoopVariableCapture.qlref deleted file mode 100644 index 05bfcbd9420..00000000000 --- a/python/ql/test/query-tests/Variables/capture/LoopVariableCapture.qlref +++ /dev/null @@ -1 +0,0 @@ -Variables/LoopVariableCapture/LoopVariableCapture.ql diff --git a/python/ql/test/query-tests/Variables/capture/LoopVariableCaptureTest.expected b/python/ql/test/query-tests/Variables/capture/LoopVariableCaptureTest.expected new file mode 100644 index 00000000000..e69de29bb2d diff --git a/python/ql/test/query-tests/Variables/capture/LoopVariableCaptureTest.ql b/python/ql/test/query-tests/Variables/capture/LoopVariableCaptureTest.ql new file mode 100644 index 00000000000..792fa2159cb --- /dev/null +++ b/python/ql/test/query-tests/Variables/capture/LoopVariableCaptureTest.ql @@ -0,0 +1,19 @@ +import python +import Variables.LoopVariableCapture.LoopVariableCaptureQuery +import utils.test.InlineExpectationsTest + +module MethodArgTest implements TestSig { + string getARelevantTag() { result = ["capturedVar"] } + + predicate hasActualResult(Location location, string element, string tag, string value) { + exists(CallableExpr capturing, AstNode loop, Variable var | + escapingCapture(capturing, loop, var, _, _) and + element = capturing.toString() and + location = capturing.getLocation() and + tag = "capturedVar" and + value = var.getId() + ) + } +} + +import MakeTest diff --git a/python/ql/test/query-tests/Variables/capture/test.py b/python/ql/test/query-tests/Variables/capture/test.py index 5ffccc7a9e4..186a19b7570 100644 --- a/python/ql/test/query-tests/Variables/capture/test.py +++ b/python/ql/test/query-tests/Variables/capture/test.py @@ -4,10 +4,10 @@ def bad1(): for x in range(10): def inner(): # $capturedVar=x return x - results.append(inner) + results.append(inner) return results -a = [lambda: i for i in range(1, 4)] # $capturedVar=a +a = [lambda: i for i in range(1, 4)] # $capturedVar=i for f in a: print(f()) @@ -18,7 +18,14 @@ def good1(): for y in range(10): def inner(y=y): return y - results.append(inner) + results.append(inner) + return results + +# OK: Using default argument. +def good2(): + results = [] + for y in range(10): + results.append(lambda y=y: y) return results #Factory function @@ -46,7 +53,7 @@ s = {lambda: i for i in range(1, 4)} # $capturedVar=i for f in s: print(f()) -d = {i:lambda: i for i in range(1, 4)} # $capturedVar=d +d = {i:lambda: i for i in range(1, 4)} # $capturedVar=i for k, f in d.items(): print(k, f()) From 5731fa91f3e11c881b9bd5c22da4ac8df2605885 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Fri, 4 Apr 2025 11:21:19 +0200 Subject: [PATCH 236/409] Rust: Use macro call location as fall back in macro expansions --- .../rust/elements/internal/LocatableImpl.qll | 24 ++++++++--- .../codeql/rust/internal/AstConsistency.qll | 3 +- .../CONSISTENCY/AstConsistency.expected | 41 ------------------- .../MacroItems/MacroItems_getItem.expected | 4 +- 4 files changed, 23 insertions(+), 49 deletions(-) delete mode 100644 rust/ql/test/extractor-tests/generated/MacroItems/CONSISTENCY/AstConsistency.expected diff --git a/rust/ql/lib/codeql/rust/elements/internal/LocatableImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/LocatableImpl.qll index 5aeec330a37..ed349df4868 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/LocatableImpl.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/LocatableImpl.qll @@ -46,11 +46,25 @@ module Impl { predicate fromSource() { exists(this.getFile().getRelativePath()) } } - /** Gets the non-synthesized location of `l`, if any. */ - LocationImpl::LocationDefault getLocationDefault(Locatable l) { - exists(@location_default location | - result = LocationImpl::TLocationDefault(location) and - locatable_locations(Synth::convertLocatableToRaw(l), location) + private @location_default getDbLocation(Locatable l) { + locatable_locations(Synth::convertLocatableToRaw(l), result) + } + + private MacroCall getImmediatelyEnclosingMacroCall(AstNode n) { + result = n.getParentNode() + or + exists(AstNode mid | + result = getImmediatelyEnclosingMacroCall(mid) and + n.getParentNode() = mid and + not mid instanceof MacroCall ) } + + /** Gets the non-synthesized location of `l`, if any. */ + LocationImpl::LocationDefault getLocationDefault(Locatable l) { + result = LocationImpl::TLocationDefault(getDbLocation(l)) + or + not exists(getDbLocation(l)) and + result = getLocationDefault(getImmediatelyEnclosingMacroCall(l)) + } } diff --git a/rust/ql/lib/codeql/rust/internal/AstConsistency.qll b/rust/ql/lib/codeql/rust/internal/AstConsistency.qll index b86ebc9a0f9..d812bfd2ef7 100644 --- a/rust/ql/lib/codeql/rust/internal/AstConsistency.qll +++ b/rust/ql/lib/codeql/rust/internal/AstConsistency.qll @@ -25,7 +25,8 @@ query predicate multipleLocations(Locatable e) { strictcount(e.getLocation()) > * Holds if `e` does not have a `Location`. */ query predicate noLocation(Locatable e) { - not exists(e.getLocation()) and not e.(AstNode).getParentNode*() = any(Crate c).getModule() + not exists(e.getLocation()) and + not e.(AstNode).getParentNode*() = any(Crate c).getModule() } private predicate multiplePrimaryQlClasses(Element e) { diff --git a/rust/ql/test/extractor-tests/generated/MacroItems/CONSISTENCY/AstConsistency.expected b/rust/ql/test/extractor-tests/generated/MacroItems/CONSISTENCY/AstConsistency.expected deleted file mode 100644 index 807f782967d..00000000000 --- a/rust/ql/test/extractor-tests/generated/MacroItems/CONSISTENCY/AstConsistency.expected +++ /dev/null @@ -1,41 +0,0 @@ -noLocation -| file://:0:0:0:0 | ... .unwrap() | -| file://:0:0:0:0 | ...: ... | -| file://:0:0:0:0 | ...::Path | -| file://:0:0:0:0 | ...::Path | -| file://:0:0:0:0 | ...::path | -| file://:0:0:0:0 | ArgList | -| file://:0:0:0:0 | ArgList | -| file://:0:0:0:0 | ParamList | -| file://:0:0:0:0 | Path | -| file://:0:0:0:0 | Path | -| file://:0:0:0:0 | Path | -| file://:0:0:0:0 | Path | -| file://:0:0:0:0 | Path | -| file://:0:0:0:0 | Path | -| file://:0:0:0:0 | Path | -| file://:0:0:0:0 | Path | -| file://:0:0:0:0 | Path | -| file://:0:0:0:0 | Path | -| file://:0:0:0:0 | RefTypeRepr | -| file://:0:0:0:0 | RefTypeRepr | -| file://:0:0:0:0 | RetTypeRepr | -| file://:0:0:0:0 | StmtList | -| file://:0:0:0:0 | fn get_parent | -| file://:0:0:0:0 | get_parent | -| file://:0:0:0:0 | parent | -| file://:0:0:0:0 | path | -| file://:0:0:0:0 | path | -| file://:0:0:0:0 | path | -| file://:0:0:0:0 | path | -| file://:0:0:0:0 | path | -| file://:0:0:0:0 | path | -| file://:0:0:0:0 | path | -| file://:0:0:0:0 | path | -| file://:0:0:0:0 | path.parent() | -| file://:0:0:0:0 | std | -| file://:0:0:0:0 | std | -| file://:0:0:0:0 | std | -| file://:0:0:0:0 | unwrap | -| file://:0:0:0:0 | use ...::Path | -| file://:0:0:0:0 | { ... } | diff --git a/rust/ql/test/extractor-tests/generated/MacroItems/MacroItems_getItem.expected b/rust/ql/test/extractor-tests/generated/MacroItems/MacroItems_getItem.expected index 08f3925f5a4..e86dfee101a 100644 --- a/rust/ql/test/extractor-tests/generated/MacroItems/MacroItems_getItem.expected +++ b/rust/ql/test/extractor-tests/generated/MacroItems/MacroItems_getItem.expected @@ -1,2 +1,2 @@ -| gen_macro_items.rs:5:5:5:38 | MacroItems | 0 | file://:0:0:0:0 | use ...::Path | -| gen_macro_items.rs:5:5:5:38 | MacroItems | 1 | file://:0:0:0:0 | fn get_parent | +| gen_macro_items.rs:5:5:5:38 | MacroItems | 0 | gen_macro_items.rs:5:5:5:38 | use ...::Path | +| gen_macro_items.rs:5:5:5:38 | MacroItems | 1 | gen_macro_items.rs:5:5:5:38 | fn get_parent | From b115f3f5e9c3da8c7df3d3115550685bb960d807 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Fri, 4 Apr 2025 11:39:06 +0200 Subject: [PATCH 237/409] Update rust/ql/lib/codeql/rust/internal/PathResolution.qll Co-authored-by: Simon Friis Vindum --- rust/ql/lib/codeql/rust/internal/PathResolution.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rust/ql/lib/codeql/rust/internal/PathResolution.qll b/rust/ql/lib/codeql/rust/internal/PathResolution.qll index e5a6763525e..c70ab0049d5 100644 --- a/rust/ql/lib/codeql/rust/internal/PathResolution.qll +++ b/rust/ql/lib/codeql/rust/internal/PathResolution.qll @@ -1088,7 +1088,7 @@ private predicate useImportEdge(Use use, string name, ItemNode item) { * Holds if `i` is available inside `f` because it is reexported in [the prelude][1]. * * We don't yet have access to prelude information from the extractor, so for now - * we include all the preludes for Rust 2015, 2018, 2021, and 2024. + * we include all the preludes for Rust: 2015, 2018, 2021, and 2024. * * [1]: https://doc.rust-lang.org/core/prelude/index.html */ From 70a174ad5a4de2fe6ddc4a8ea3d5970afa7d5f15 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Fri, 4 Apr 2025 11:47:46 +0200 Subject: [PATCH 238/409] C#: Address review comments. --- .../Dead Code/DeadStoreOfLocal/DeadStoreOfLocal.cs | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/csharp/ql/test/query-tests/Dead Code/DeadStoreOfLocal/DeadStoreOfLocal.cs b/csharp/ql/test/query-tests/Dead Code/DeadStoreOfLocal/DeadStoreOfLocal.cs index 3e4e5fbeeb2..04d8e20c09e 100644 --- a/csharp/ql/test/query-tests/Dead Code/DeadStoreOfLocal/DeadStoreOfLocal.cs +++ b/csharp/ql/test/query-tests/Dead Code/DeadStoreOfLocal/DeadStoreOfLocal.cs @@ -157,7 +157,7 @@ public class OutParam public void Test() { int x; - Fn(out x); // Missing Alert + Fn(out x); // $ MISSING: Alert Fn(out _); // GOOD } @@ -194,7 +194,7 @@ public class Captured void M2() { - var x = M6(); // Missing Alert + var x = M6(); // $ MISSING: Alert Action a = () => { x = 1; // GOOD @@ -208,7 +208,7 @@ public class Captured int x; Action a = () => { - x = 1; // Missing Alert + x = 1; // $ MISSING: Alert }; a(); } @@ -230,7 +230,7 @@ public class Captured void M5() { - int x = 0; // Missing Alert. + int x = 0; // $ MISSING: Alert Action a = () => { x = 1; // GOOD @@ -250,7 +250,7 @@ public class Captured int captured = 0; // GOOD: Variable captured variable fn(() => { return captured; }); - return captured = 1; // Missing Alert. + return captured = 1; // $ MISSING: Alert } void M7() From 49194b03400ad8f940e80bef5940f88e12afc575 Mon Sep 17 00:00:00 2001 From: Napalys Date: Fri, 4 Apr 2025 09:20:40 +0200 Subject: [PATCH 239/409] Updated `WebSocketReceiveNode` with API graphs. --- .../ql/lib/semmle/javascript/frameworks/WebSocket.qll | 6 +++--- .../frameworks/WebSocket/browser-custom.js | 8 ++++---- .../frameworks/WebSocket/client-custom.js | 2 +- .../library-tests/frameworks/WebSocket/test.expected | 10 ++++++++++ 4 files changed, 18 insertions(+), 8 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll b/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll index 09c9f98e3f0..0455bb69172 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll @@ -159,8 +159,8 @@ module ClientWebSocket { private DataFlow::FunctionNode getAMessageHandler( ClientWebSocket::ClientSocket emitter, string methodName ) { - exists(DataFlow::CallNode call | - call = emitter.getAMemberCall(methodName) and + exists(API::CallNode call | + call = emitter.getReturn().getMember(methodName).getACall() and call.getArgument(0).mayHaveStringValue("message") and result = call.getCallback(1) ) @@ -175,7 +175,7 @@ module ClientWebSocket { WebSocketReceiveNode() { this = getAMessageHandler(emitter, "addEventListener") or - this = emitter.getAPropertyWrite("onmessage").getRhs() + this = emitter.getReturn().getMember("onmessage").getAValueReachingSink() } override DataFlow::Node getReceivedItem(int i) { diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js b/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js index 11765138f55..95c931f5cee 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js @@ -41,11 +41,11 @@ import { MyWebSocket, MySockJS, myWebSocketInstance, mySockJSInstance } from './ myWebSocketInstance.addEventListener('message', function (event) { console.log('Message from server ', event.data); - }); // $ MISSING: clientReceive + }); // $ clientReceive myWebSocketInstance.onmessage = function (event) { console.log("Message from server 2", event.data) - }; // $ MISSING: clientReceive + }; // $ clientReceive })(); @@ -57,9 +57,9 @@ import { MyWebSocket, MySockJS, myWebSocketInstance, mySockJSInstance } from './ mySockJSInstance.onmessage = function (e) { console.log('message', e.data); mySockJSInstance.close(); - }; // $ MISSING: clientReceive + }; // $ clientReceive mySockJSInstance.addEventListener('message', function (event) { console.log('Using addEventListener ', event.data); - }); // $ MISSING: clientReceive + }); // $ clientReceive })(); diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/client-custom.js b/javascript/ql/test/library-tests/frameworks/WebSocket/client-custom.js index 5d7ac4b564d..dd8c84e87c0 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/client-custom.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/client-custom.js @@ -19,5 +19,5 @@ const { MyWebSocketWS, myWebSocketWSInstance } = require('./client.js'); myWebSocketWSInstance.on('message', function incoming(data) { console.log(data); - }); // $ MISSING: clientReceive + }); // $ clientReceive })(); diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected b/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected index 4d7e33f5402..a5c55cf6363 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected @@ -3,11 +3,16 @@ clientReceive | browser-custom.js:14:21:16:2 | functio ... ata)\\n\\t} | | browser-custom.js:26:19:29:2 | functio ... e();\\n\\t} | | browser-custom.js:31:35:33:2 | functio ... ta);\\n\\t} | +| browser-custom.js:42:53:44:5 | functio ... ;\\n } | +| browser-custom.js:46:37:48:5 | functio ... )\\n } | +| browser-custom.js:57:34:60:5 | functio ... ;\\n } | +| browser-custom.js:62:50:64:5 | functio ... ;\\n } | | browser.js:8:37:10:2 | functio ... ta);\\n\\t} | | browser.js:12:21:14:2 | functio ... ata)\\n\\t} | | browser.js:24:19:27:2 | functio ... e();\\n\\t} | | browser.js:29:35:31:2 | functio ... ta);\\n\\t} | | client-custom.js:10:19:12:2 | functio ... ta);\\n\\t} | +| client-custom.js:20:38:22:2 | functio ... ta);\\n\\t} | | client.js:10:19:12:2 | functio ... ta);\\n\\t} | clientSend | browser-custom.js:7:3:7:33 | socket. ... wser!') | @@ -47,14 +52,19 @@ flowSteps | client.js:16:40:16:72 | new Web ... e.org') | client-custom.js:1:24:1:44 | myWebSo ... nstance | | server.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:11:39:11:48 | event.data | | server.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:15:40:15:49 | event.data | +| server.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:43:45:43:54 | event.data | +| server.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:47:46:47:55 | event.data | | server.js:11:11:11:27 | 'Hi from server!' | browser.js:9:39:9:48 | event.data | | server.js:11:11:11:27 | 'Hi from server!' | browser.js:13:40:13:49 | event.data | | server.js:11:11:11:27 | 'Hi from server!' | client-custom.js:10:37:10:40 | data | +| server.js:11:11:11:27 | 'Hi from server!' | client-custom.js:20:56:20:59 | data | | server.js:11:11:11:27 | 'Hi from server!' | client.js:10:37:10:40 | data | | server.js:15:36:15:55 | require('ws').Server | server-custom.js:1:9:1:25 | MyWebSocketServer | | server.js:16:44:16:79 | new Web ... 8080 }) | server-custom.js:1:28:1:52 | myWebSo ... nstance | | sockjs.js:11:20:11:50 | JSON.st ... .test)) | browser-custom.js:27:26:27:31 | e.data | | sockjs.js:11:20:11:50 | JSON.st ... .test)) | browser-custom.js:32:42:32:51 | event.data | +| sockjs.js:11:20:11:50 | JSON.st ... .test)) | browser-custom.js:58:32:58:37 | e.data | +| sockjs.js:11:20:11:50 | JSON.st ... .test)) | browser-custom.js:63:48:63:57 | event.data | | sockjs.js:11:20:11:50 | JSON.st ... .test)) | browser.js:25:26:25:31 | e.data | | sockjs.js:11:20:11:50 | JSON.st ... .test)) | browser.js:30:42:30:51 | event.data | remoteFlow From 4b7a9cd399d68ac8bb1b06f05f07bd5d84142b63 Mon Sep 17 00:00:00 2001 From: Napalys Date: Fri, 4 Apr 2025 09:25:50 +0200 Subject: [PATCH 240/409] Added test case with `bind`. --- .../library-tests/frameworks/WebSocket/browser-custom.js | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js b/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js index 95c931f5cee..a426b6768a6 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js @@ -63,3 +63,12 @@ import { MyWebSocket, MySockJS, myWebSocketInstance, mySockJSInstance } from './ console.log('Using addEventListener ', event.data); }); // $ clientReceive })(); + + +const recv_message = function (e) { + console.log('Received message:', e.data); +}; // $ MISSING: clientReceive + +(function () { + myWebSocketInstance.onmessage = recv_message.bind(this); +})(); From c5860e92ec84b3d681175b83ab534a80501c6418 Mon Sep 17 00:00:00 2001 From: Napalys Date: Fri, 4 Apr 2025 09:26:45 +0200 Subject: [PATCH 241/409] Updated `WebSocketReceiveNode` to match bind functions. --- .../ql/lib/semmle/javascript/frameworks/WebSocket.qll | 6 ++++++ .../library-tests/frameworks/WebSocket/browser-custom.js | 2 +- .../test/library-tests/frameworks/WebSocket/test.expected | 2 ++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll b/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll index 0455bb69172..98aef6ed096 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll @@ -176,6 +176,12 @@ module ClientWebSocket { this = getAMessageHandler(emitter, "addEventListener") or this = emitter.getReturn().getMember("onmessage").getAValueReachingSink() + or + exists(DataFlow::MethodCallNode bindCall | + bindCall = emitter.getReturn().getMember("onmessage").getAValueReachingSink() and + bindCall.getMethodName() = "bind" and + this = bindCall.getReceiver().getAFunctionValue() + ) } override DataFlow::Node getReceivedItem(int i) { diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js b/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js index a426b6768a6..ad0d30fb01e 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js @@ -67,7 +67,7 @@ import { MyWebSocket, MySockJS, myWebSocketInstance, mySockJSInstance } from './ const recv_message = function (e) { console.log('Received message:', e.data); -}; // $ MISSING: clientReceive +}; // $ clientReceive (function () { myWebSocketInstance.onmessage = recv_message.bind(this); diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected b/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected index a5c55cf6363..16fc0f0d267 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected @@ -7,6 +7,7 @@ clientReceive | browser-custom.js:46:37:48:5 | functio ... )\\n } | | browser-custom.js:57:34:60:5 | functio ... ;\\n } | | browser-custom.js:62:50:64:5 | functio ... ;\\n } | +| browser-custom.js:68:22:70:1 | functio ... ata);\\n} | | browser.js:8:37:10:2 | functio ... ta);\\n\\t} | | browser.js:12:21:14:2 | functio ... ata)\\n\\t} | | browser.js:24:19:27:2 | functio ... e();\\n\\t} | @@ -54,6 +55,7 @@ flowSteps | server.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:15:40:15:49 | event.data | | server.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:43:45:43:54 | event.data | | server.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:47:46:47:55 | event.data | +| server.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:69:38:69:43 | e.data | | server.js:11:11:11:27 | 'Hi from server!' | browser.js:9:39:9:48 | event.data | | server.js:11:11:11:27 | 'Hi from server!' | browser.js:13:40:13:49 | event.data | | server.js:11:11:11:27 | 'Hi from server!' | client-custom.js:10:37:10:40 | data | From 6bcfd8c91ded71561d6a58ead3aca5c053465e54 Mon Sep 17 00:00:00 2001 From: Napalys Date: Fri, 4 Apr 2025 09:31:16 +0200 Subject: [PATCH 242/409] Updated `getAServer` with API graphs. --- .../javascript/frameworks/WebSocket.qll | 8 ++-- .../frameworks/WebSocket/server-custom.js | 16 ++++---- .../frameworks/WebSocket/test.expected | 40 +++++++++++++++++++ 3 files changed, 52 insertions(+), 12 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll b/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll index 98aef6ed096..da110c6562c 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll @@ -212,19 +212,19 @@ module ServerWebSocket { /** * Gets a server created by a library named `library`. */ - DataFlow::SourceNode getAServer(LibraryName library) { + API::InvokeNode getAServer(LibraryName library) { library = ws() and - result = DataFlow::moduleImport("ws").getAConstructorInvocation("Server") + result = API::moduleImport("ws").getMember("Server").getAnInvocation() or library = sockjs() and - result = DataFlow::moduleImport("sockjs").getAMemberCall("createServer") + result = API::moduleImport("sockjs").getMember("createServer").getAnInvocation() } /** * Gets a `socket.on("connection", (msg, req) => {})` call. */ private DataFlow::CallNode getAConnectionCall(LibraryName library) { - result = getAServer(library).getAMemberCall(EventEmitter::on()) and + result = getAServer(library).getReturn().getMember(EventEmitter::on()).getACall() and result.getArgument(0).mayHaveStringValue("connection") } diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/server-custom.js b/javascript/ql/test/library-tests/frameworks/WebSocket/server-custom.js index 63893ba2f5c..65d49c0d73e 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/server-custom.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/server-custom.js @@ -3,21 +3,21 @@ const { MyWebSocketServer, myWebSocketServerInstance } = require('./server.js'); (function () { const wss = new MyWebSocketServer({ port: 8080 }); - wss.on('connection', function connection(ws) { // $ MISSING: serverSocket - ws.on('message', function incoming(message) { // $ MISSING: remoteFlow + wss.on('connection', function connection(ws) { // $ serverSocket + ws.on('message', function incoming(message) { // $ remoteFlow console.log('received: %s', message); - }); // $ MISSING: serverReceive + }); // $ serverReceive - ws.send('Hi from server!'); // $ MISSING: serverSend + ws.send('Hi from server!'); // $ serverSend }); })(); (function () { - myWebSocketServerInstance.on('connection', function connection(ws) { // $ MISSING: serverSocket - ws.on('message', function incoming(message) { // $ MISSING: remoteFlow + myWebSocketServerInstance.on('connection', function connection(ws) { // $ serverSocket + ws.on('message', function incoming(message) { // $ remoteFlow console.log('received: %s', message); - }); // $ MISSING: serverReceive + }); // $ serverReceive - ws.send('Hi from server!'); // $ MISSING: serverSend + ws.send('Hi from server!'); // $ serverSend }); })(); diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected b/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected index 16fc0f0d267..7480e066876 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected @@ -40,17 +40,49 @@ flowSteps | browser-custom.js:1:23:1:30 | MySockJS | browser-custom.js:1:23:1:30 | MySockJS | | browser-custom.js:1:33:1:51 | myWebSocketInstance | browser-custom.js:1:33:1:51 | myWebSocketInstance | | browser-custom.js:1:54:1:69 | mySockJSInstance | browser-custom.js:1:54:1:69 | mySockJSInstance | +| browser-custom.js:7:15:7:32 | 'Hi from browser!' | server-custom.js:7:38:7:44 | message | +| browser-custom.js:7:15:7:32 | 'Hi from browser!' | server-custom.js:17:38:17:44 | message | | browser-custom.js:7:15:7:32 | 'Hi from browser!' | server.js:7:38:7:44 | message | | browser-custom.js:23:13:23:18 | 'test' | sockjs.js:9:31:9:37 | message | +| browser-custom.js:39:34:39:51 | 'Hi from browser!' | server-custom.js:7:38:7:44 | message | +| browser-custom.js:39:34:39:51 | 'Hi from browser!' | server-custom.js:17:38:17:44 | message | | browser-custom.js:39:34:39:51 | 'Hi from browser!' | server.js:7:38:7:44 | message | | browser-custom.js:54:31:54:36 | 'test' | sockjs.js:9:31:9:37 | message | +| browser.js:5:15:5:32 | 'Hi from browser!' | server-custom.js:7:38:7:44 | message | +| browser.js:5:15:5:32 | 'Hi from browser!' | server-custom.js:17:38:17:44 | message | | browser.js:5:15:5:32 | 'Hi from browser!' | server.js:7:38:7:44 | message | | browser.js:21:13:21:18 | 'test' | sockjs.js:9:31:9:37 | message | +| client-custom.js:7:11:7:27 | 'Hi from client!' | server-custom.js:7:38:7:44 | message | +| client-custom.js:7:11:7:27 | 'Hi from client!' | server-custom.js:17:38:17:44 | message | | client-custom.js:7:11:7:27 | 'Hi from client!' | server.js:7:38:7:44 | message | +| client-custom.js:17:30:17:46 | 'Hi from client!' | server-custom.js:7:38:7:44 | message | +| client-custom.js:17:30:17:46 | 'Hi from client!' | server-custom.js:17:38:17:44 | message | | client-custom.js:17:30:17:46 | 'Hi from client!' | server.js:7:38:7:44 | message | +| client.js:7:11:7:27 | 'Hi from client!' | server-custom.js:7:38:7:44 | message | +| client.js:7:11:7:27 | 'Hi from client!' | server-custom.js:17:38:17:44 | message | | client.js:7:11:7:27 | 'Hi from client!' | server.js:7:38:7:44 | message | | client.js:15:32:15:44 | require('ws') | client-custom.js:1:9:1:21 | MyWebSocketWS | | client.js:16:40:16:72 | new Web ... e.org') | client-custom.js:1:24:1:44 | myWebSo ... nstance | +| server-custom.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:11:39:11:48 | event.data | +| server-custom.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:15:40:15:49 | event.data | +| server-custom.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:43:45:43:54 | event.data | +| server-custom.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:47:46:47:55 | event.data | +| server-custom.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:69:38:69:43 | e.data | +| server-custom.js:11:11:11:27 | 'Hi from server!' | browser.js:9:39:9:48 | event.data | +| server-custom.js:11:11:11:27 | 'Hi from server!' | browser.js:13:40:13:49 | event.data | +| server-custom.js:11:11:11:27 | 'Hi from server!' | client-custom.js:10:37:10:40 | data | +| server-custom.js:11:11:11:27 | 'Hi from server!' | client-custom.js:20:56:20:59 | data | +| server-custom.js:11:11:11:27 | 'Hi from server!' | client.js:10:37:10:40 | data | +| server-custom.js:21:11:21:27 | 'Hi from server!' | browser-custom.js:11:39:11:48 | event.data | +| server-custom.js:21:11:21:27 | 'Hi from server!' | browser-custom.js:15:40:15:49 | event.data | +| server-custom.js:21:11:21:27 | 'Hi from server!' | browser-custom.js:43:45:43:54 | event.data | +| server-custom.js:21:11:21:27 | 'Hi from server!' | browser-custom.js:47:46:47:55 | event.data | +| server-custom.js:21:11:21:27 | 'Hi from server!' | browser-custom.js:69:38:69:43 | e.data | +| server-custom.js:21:11:21:27 | 'Hi from server!' | browser.js:9:39:9:48 | event.data | +| server-custom.js:21:11:21:27 | 'Hi from server!' | browser.js:13:40:13:49 | event.data | +| server-custom.js:21:11:21:27 | 'Hi from server!' | client-custom.js:10:37:10:40 | data | +| server-custom.js:21:11:21:27 | 'Hi from server!' | client-custom.js:20:56:20:59 | data | +| server-custom.js:21:11:21:27 | 'Hi from server!' | client.js:10:37:10:40 | data | | server.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:11:39:11:48 | event.data | | server.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:15:40:15:49 | event.data | | server.js:11:11:11:27 | 'Hi from server!' | browser-custom.js:43:45:43:54 | event.data | @@ -70,14 +102,22 @@ flowSteps | sockjs.js:11:20:11:50 | JSON.st ... .test)) | browser.js:25:26:25:31 | e.data | | sockjs.js:11:20:11:50 | JSON.st ... .test)) | browser.js:30:42:30:51 | event.data | remoteFlow +| server-custom.js:7:38:7:44 | message | +| server-custom.js:17:38:17:44 | message | | server.js:7:38:7:44 | message | | sockjs.js:9:31:9:37 | message | serverReceive +| server-custom.js:7:3:9:4 | ws.on(' ... );\\n\\t\\t}) | +| server-custom.js:17:3:19:4 | ws.on(' ... );\\n\\t\\t}) | | server.js:7:3:9:4 | ws.on(' ... );\\n\\t\\t}) | | sockjs.js:9:5:12:6 | conn.on ... \\n }) | serverSend +| server-custom.js:11:3:11:28 | ws.send ... rver!') | +| server-custom.js:21:3:21:28 | ws.send ... rver!') | | server.js:11:3:11:28 | ws.send ... rver!') | | sockjs.js:11:9:11:51 | conn.wr ... test))) | serverSocket +| server-custom.js:6:43:6:44 | ws | +| server-custom.js:16:65:16:66 | ws | | server.js:6:43:6:44 | ws | | sockjs.js:8:40:8:43 | conn | From b5805503fe34f76a6e31ec0fd7ad53d437488ad1 Mon Sep 17 00:00:00 2001 From: Joe Farebrother Date: Fri, 4 Apr 2025 11:56:07 +0100 Subject: [PATCH 243/409] Cleanups --- .../Variables/LoopVariableCapture/LoopVariableCapture.ql | 1 - .../Variables/capture/LoopVariableCaptureTest.ql | 6 +++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql index 9c8822a3f6b..9c41e52cc45 100644 --- a/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql +++ b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql @@ -11,7 +11,6 @@ import python import LoopVariableCaptureQuery -import semmle.python.dataflow.new.DataFlow import EscapingCaptureFlow::PathGraph from diff --git a/python/ql/test/query-tests/Variables/capture/LoopVariableCaptureTest.ql b/python/ql/test/query-tests/Variables/capture/LoopVariableCaptureTest.ql index 792fa2159cb..dc9fbed27dc 100644 --- a/python/ql/test/query-tests/Variables/capture/LoopVariableCaptureTest.ql +++ b/python/ql/test/query-tests/Variables/capture/LoopVariableCaptureTest.ql @@ -3,11 +3,11 @@ import Variables.LoopVariableCapture.LoopVariableCaptureQuery import utils.test.InlineExpectationsTest module MethodArgTest implements TestSig { - string getARelevantTag() { result = ["capturedVar"] } + string getARelevantTag() { result = "capturedVar" } predicate hasActualResult(Location location, string element, string tag, string value) { - exists(CallableExpr capturing, AstNode loop, Variable var | - escapingCapture(capturing, loop, var, _, _) and + exists(CallableExpr capturing, Variable var | + escapingCapture(capturing, _, var, _, _) and element = capturing.toString() and location = capturing.getLocation() and tag = "capturedVar" and From 24a4aad1204d58dab00d94210732d3bffae2f5f6 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 4 Apr 2025 12:11:25 +0100 Subject: [PATCH 244/409] Rust: Accept consistency check fixes following merge with main. --- .../CWE-696/CONSISTENCY/DataFlowConsistency.expected | 2 -- .../CWE-825/CONSISTENCY/DataFlowConsistency.expected | 10 ---------- 2 files changed, 12 deletions(-) diff --git a/rust/ql/test/query-tests/security/CWE-696/CONSISTENCY/DataFlowConsistency.expected b/rust/ql/test/query-tests/security/CWE-696/CONSISTENCY/DataFlowConsistency.expected index ad26ad761aa..e69de29bb2d 100644 --- a/rust/ql/test/query-tests/security/CWE-696/CONSISTENCY/DataFlowConsistency.expected +++ b/rust/ql/test/query-tests/security/CWE-696/CONSISTENCY/DataFlowConsistency.expected @@ -1,2 +0,0 @@ -postWithInFlow -| test.rs:118:17:118:19 | [post] ptr | PostUpdateNode should not be the target of local flow. | diff --git a/rust/ql/test/query-tests/security/CWE-825/CONSISTENCY/DataFlowConsistency.expected b/rust/ql/test/query-tests/security/CWE-825/CONSISTENCY/DataFlowConsistency.expected index f518ed81ffa..e69de29bb2d 100644 --- a/rust/ql/test/query-tests/security/CWE-825/CONSISTENCY/DataFlowConsistency.expected +++ b/rust/ql/test/query-tests/security/CWE-825/CONSISTENCY/DataFlowConsistency.expected @@ -1,10 +0,0 @@ -postWithInFlow -| deallocation.rs:20:23:20:24 | [post] m1 | PostUpdateNode should not be the target of local flow. | -| deallocation.rs:70:23:70:35 | [post] m2 as ... | PostUpdateNode should not be the target of local flow. | -| deallocation.rs:112:14:112:40 | [post] my_ptr as ... | PostUpdateNode should not be the target of local flow. | -| deallocation.rs:176:27:176:28 | [post] p1 | PostUpdateNode should not be the target of local flow. | -| deallocation.rs:189:27:189:44 | [post] ... .as_mut_ptr(...) | PostUpdateNode should not be the target of local flow. | -| deallocation.rs:217:24:217:31 | [post] self.ptr | PostUpdateNode should not be the target of local flow. | -| deallocation.rs:236:27:236:29 | [post] ptr | PostUpdateNode should not be the target of local flow. | -| deallocation.rs:242:27:242:29 | [post] ptr | PostUpdateNode should not be the target of local flow. | -| deallocation.rs:267:23:267:25 | [post] ptr | PostUpdateNode should not be the target of local flow. | From de7e6119624c99e6e1c990904162a3b3c78c2619 Mon Sep 17 00:00:00 2001 From: Joe Farebrother Date: Fri, 4 Apr 2025 12:36:13 +0100 Subject: [PATCH 245/409] Rewrite documentation --- .../LoopVariableCapture.py | 18 -------- .../LoopVariableCapture.qhelp | 46 ++++++------------- .../LoopVariableCapture.ql | 1 + .../LoopVariableCapture/examples/bad.py | 8 ++++ .../LoopVariableCapture/examples/good.py | 8 ++++ .../LoopVariableCapture/examples/good2.py | 9 ++++ 6 files changed, 41 insertions(+), 49 deletions(-) delete mode 100644 python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.py create mode 100644 python/ql/src/Variables/LoopVariableCapture/examples/bad.py create mode 100644 python/ql/src/Variables/LoopVariableCapture/examples/good.py create mode 100644 python/ql/src/Variables/LoopVariableCapture/examples/good2.py diff --git a/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.py b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.py deleted file mode 100644 index 4a6abcb8894..00000000000 --- a/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.py +++ /dev/null @@ -1,18 +0,0 @@ - -#Make a list of functions to increment their arguments by 0 to 9. -def make_incrementers(): - result = [] - for i in range(10): - def incrementer(x): - return x + i - result.append(incrementer) - return result - -#This will fail -def test(): - incs = make_incrementers() - for x in range(10): - for y in range(10): - assert incs[x](y) == x+y - -test() \ No newline at end of file diff --git a/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.qhelp b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.qhelp index 15f2b185eb9..ae23584344c 100644 --- a/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.qhelp +++ b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.qhelp @@ -5,56 +5,40 @@

    -Nested functions are a useful feature of Python as it allows a function to access the variables of its enclosing function. -However, the programmer needs to be aware that when an inner function accesses a variable in an outer scope, -it is the variable that is captured, not the value of that variable. +In Python, a nested function or lambda expression that captures a variable from its surrounding scope is a late-binding closure, +meaning that the value of the variable is determined when the closure is called, not when it is created.

    -Therefore, care must be taken when the captured variable is a loop variable, since it is the loop variable and -not the value of that variable that is captured. -This will mean that by the time that the inner function executes, -the loop variable will have its final value, not the value when the inner function was created. +Care must be taken when the captured variable is a loop variable. If the closure is called after the loop ends, it will use the value of the variable on the last iteration of the loop, rather than the value at the iteration at which it was created.

    -The simplest way to fix this problem is to add a local variable of the same name as the outer variable and initialize that -using the outer variable as a default. - -for var in seq: - ... - def inner_func(arg): - ... - use(var) - -becomes - -for var in seq: - ... - def inner_func(arg, var=var): - ... - use(var) - +Ensure that closures that capture loop variables aren't used outside of a single iteration of the loop. +To capture the value of a loop variable at the time the closure is created, use a default parameter, or functools.partial.

    -In this example, a list of functions is created which should each increment its argument by its index in the list. -However, since i will be 9 when the functions execute, they will each increment their argument by 9. +In the following (BAD) example, a `tasks` list is created, but each task captures the loop variable i, and reads the same value when run.

    - +

    -This can be fixed by adding the default value as shown below. The default value is computed when the function is created, so the desired effect is achieved. +In the following (GOOD) example, each closure has an `i` default parameter, shadowing the outer i variable, the default value of which is determined as the value of the loop variable i at the time the closure is created. + +In the following (GOOD) example, functools.partial is used to partially evaluate the lambda expression with the value of i. +

    -     -
  • The Hitchhiker’s Guide to Python: Late Binding Closures
    • -
  • Python Language Reference: Naming and binding
    • +
  • The Hitchhiker's Guide to Python: Late Binding Closures.
    • +
  • Python Language Reference: Naming and binding.
    • +
  • Stack Overflow: Creating functions (or lambdas) in a loop (or comprehension).
    • +
  • Python Language Reference: functools.partial.
    • diff --git a/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql index 9c41e52cc45..514a6790ea0 100644 --- a/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql +++ b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql @@ -3,6 +3,7 @@ * @description Capture of a loop variable is not the same as capturing the value of a loop variable, and may be erroneous. * @kind path-problem * @tags correctness + * quality * @problem.severity error * @sub-severity low * @precision high diff --git a/python/ql/src/Variables/LoopVariableCapture/examples/bad.py b/python/ql/src/Variables/LoopVariableCapture/examples/bad.py new file mode 100644 index 00000000000..1e70d20fd1d --- /dev/null +++ b/python/ql/src/Variables/LoopVariableCapture/examples/bad.py @@ -0,0 +1,8 @@ +# BAD: The loop variable `i` is captured. +tasks = [] +for i in range(5): + tasks.append(lambda: print(i)) + +# This will print `4,4,4,4,4`, rather than `0,1,2,3,4` as likely intended. +for t in tasks: + t() \ No newline at end of file diff --git a/python/ql/src/Variables/LoopVariableCapture/examples/good.py b/python/ql/src/Variables/LoopVariableCapture/examples/good.py new file mode 100644 index 00000000000..67ed2624f0a --- /dev/null +++ b/python/ql/src/Variables/LoopVariableCapture/examples/good.py @@ -0,0 +1,8 @@ +# GOOD: A default parameter is used, so the variable `i` is not being captured. +tasks = [] +for i in range(5): + tasks.append(lambda i=i: print(i)) + +# This will print `0,1,2,3,4``. +for t in tasks: + t() \ No newline at end of file diff --git a/python/ql/src/Variables/LoopVariableCapture/examples/good2.py b/python/ql/src/Variables/LoopVariableCapture/examples/good2.py new file mode 100644 index 00000000000..1a2469b4220 --- /dev/null +++ b/python/ql/src/Variables/LoopVariableCapture/examples/good2.py @@ -0,0 +1,9 @@ +import functools +# GOOD: A default parameter is used, so the variable `i` is not being captured. +tasks = [] +for i in range(5): + tasks.append(functools.partial(lambda i: print(i), i)) + +# This will print `0,1,2,3,4``. +for t in tasks: + t() \ No newline at end of file From 5c1581d080fb90573a490c2da8c9d06995f97eae Mon Sep 17 00:00:00 2001 From: Florin Coada Date: Fri, 4 Apr 2025 12:37:37 +0100 Subject: [PATCH 246/409] Add changelog entries for CodeQL CLI versions 2.20.7 and 2.21.0 --- .../codeql-changelog/codeql-cli-2.20.7.rst | 22 ++ .../codeql-changelog/codeql-cli-2.21.0.rst | 211 ++++++++++++++++++ .../codeql-changelog/index.rst | 2 + 3 files changed, 235 insertions(+) create mode 100644 docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.7.rst create mode 100644 docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.21.0.rst diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.7.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.7.rst new file mode 100644 index 00000000000..fd6885b025e --- /dev/null +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.20.7.rst @@ -0,0 +1,22 @@ +.. _codeql-cli-2.20.7: + +========================== +CodeQL 2.20.7 (2025-03-18) +========================== + +.. contents:: Contents + :depth: 2 + :local: + :backlinks: none + +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. + +Security Coverage +----------------- + +CodeQL 2.20.7 runs a total of 450 security queries when configured with the Default suite (covering 168 CWE). The Extended suite enables an additional 137 queries (covering 35 more CWE). + +CodeQL CLI +---------- + +There are no user-facing CLI changes in this release. diff --git a/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.21.0.rst b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.21.0.rst new file mode 100644 index 00000000000..7d62123a49a --- /dev/null +++ b/docs/codeql/codeql-overview/codeql-changelog/codeql-cli-2.21.0.rst @@ -0,0 +1,211 @@ +.. _codeql-cli-2.21.0: + +========================== +CodeQL 2.21.0 (2025-04-03) +========================== + +.. contents:: Contents + :depth: 2 + :local: + :backlinks: none + +This is an overview of changes in the CodeQL CLI and relevant CodeQL query and library packs. For additional updates on changes to the CodeQL code scanning experience, check out the `code scanning section on the GitHub blog `__, `relevant GitHub Changelog updates `__, `changes in the CodeQL extension for Visual Studio Code `__, and the `CodeQL Action changelog `__. + +Security Coverage +----------------- + +CodeQL 2.21.0 runs a total of 452 security queries when configured with the Default suite (covering 168 CWE). The Extended suite enables an additional 136 queries (covering 35 more CWE). 1 security query has been added with this release. + +CodeQL CLI +---------- + +Miscellaneous +~~~~~~~~~~~~~ + +* On macOS the :code:`CODEQL_TRACER_RELOCATION_EXCLUDE` environment variable can now be used to exclude certain paths from the tracer relocation and tracing process. This environment variable accepts newline-separated regex patterns of binaries to be excluded. + +Query Packs +----------- + +Bug Fixes +~~~~~~~~~ + +JavaScript/TypeScript +""""""""""""""""""""" + +* Fixed a bug, first introduced in :code:`2.20.3`, that would prevent :code:`v-html` attributes in Vue files from being flagged by the :code:`js/xss` query. The original behaviour has been restored and the :code:`v-html` attribute is once again functioning as a sink for the :code:`js/xss` query. +* Fixed a bug that would in rare cases cause some regexp-based checks to be seen as generic taint sanitisers, even though the underlying regexp is not restrictive enough. The regexps are now analysed more precisely, + and unrestrictive regexp checks will no longer block taint flow. +* Fixed a recently-introduced bug that caused :code:`js/server-side-unvalidated-url-redirection` to ignore valid hostname checks and report spurious alerts after such a check. The original behaviour has been restored. + +Python +"""""" + +* The :code:`py/unused-global-variable` now no longer flags variables that are only used in forward references (e.g. the :code:`Foo` in :code:`def bar(x: "Foo"): ...`). + +GitHub Actions +"""""""""""""" + +* Fixed typos in the query and alert titles for the queries + :code:`actions/envpath-injection/critical`, :code:`actions/envpath-injection/medium`, + :code:`actions/envvar-injection/critical`, and :code:`actions/envvar-injection/medium`. + +Major Analysis Improvements +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Java/Kotlin +""""""""""" + +* Updated the :code:`java/unreleased-lock` query so that it no longer report alerts in cases where a boolean variable is used to track lock state. + +Minor Analysis Improvements +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +C/C++ +""""" + +* Fixed a bug in the models for Microsoft's Active Template Library (ATL). +* The query "Use of basic integral type" (:code:`cpp/jpl-c/basic-int-types`) no longer produces alerts for the standard fixed width integer types (:code:`int8_t`, :code:`uint8_t`, etc.), and the :code:`_Bool` and :code:`bool` types. + +C# +"" + +* Improved dependency resolution in :code:`build-mode: none` extraction to handle failing :code:`dotnet restore` processes that managed to download a subset of the dependencies before the failure. +* Increase query precision for :code:`cs/useless-gethashcode-call` by not flagging calls to :code:`GetHashCode` on :code:`uint`, :code:`long` and :code:`ulong`. +* Increase query precision for :code:`cs/constant-condition` and allow the use of discards in switch/case statements and also take the condition (if any) into account. +* The :code:`cs/local-not-disposed` query no longer flags un-disposed tasks as this is often not needed (explained `here `__). +* Increase query precision for :code:`cs/useless-assignment-to-local` and :code:`cs/constant-condition` when *unknown* types are involved (mostly relevant for :code:`build-mode: none` databases). +* Don't consider an if-statement to be *useless* in :code:`cs/useless-if-statement` if there is at least a comment. + +Golang +"""""" + +* False positives in "Log entries created from user input" (:code:`go/log-injection`) and "Clear-text logging of sensitive information" (:code:`go/clear-text-logging`) which involved the verb :code:`%T` in a format specifier have been fixed. As a result, some users may also see more alerts from the "Use of constant :code:`state` value in OAuth 2.0 URL" (:code:`go/constant-oauth2-state`) query. + +Java/Kotlin +""""""""""" + +* Fixed a false positive in "Time-of-check time-of-use race condition" (:code:`java/toctou-race-condition`) where a field of a non-static class was not considered always-locked if it was accessed in a constructor. +* Overrides of :code:`BroadcastReceiver::onReceive` with no statements in their body are no longer considered unverified by the :code:`java/improper-intent-verification` query. This will reduce false positives from :code:`onReceive` methods which do not perform any actions. + +Python +"""""" + +* The :code:`py/special-method-wrong-signature` has been modernized and rewritten to no longer rely on outdated APIs. Moreover, the query no longer flags cases where a default value is never used, as these alerts were rarely useful. + +New Queries +~~~~~~~~~~~ + +C# +"" + +* Added a new query, :code:`csharp/path-combine`, to recommend against the :code:`Path.Combine` method due to it silently discarding its earlier parameters if later parameters are rooted. + +Java/Kotlin +""""""""""" + +* Added a new quality query, :code:`java/empty-method`, to detect empty methods. +* The query :code:`java/spring-boot-exposed-actuators` has been promoted from experimental to the main query pack. Its results will now appear by default, and the query itself will be removed from the `CodeQL Community Packs `__. This query was originally submitted as an experimental query `by @ggolawski `__. + +Swift +""""" + +* Added a new summary query counting the total number of extracted AST nodes. + +Language Libraries +------------------ + +Bug Fixes +~~~~~~~~~ + +Java/Kotlin +""""""""""" + +* In :code:`build-mode: none` where the project has a Gradle build system, database creation no longer attempts to download some non-existent jar files relating to non-jar Maven artifacts, such as BOMs. This was harmless, but saves some time and reduces spurious warnings. +* Java extraction no longer freezes for a long time or times out when using libraries that feature expanding cyclic generic types. For example, this was known to occur when using some classes from the Blazebit Persistence library. +* Java build-mode :code:`none` no longer fails when a required version of Gradle cannot be downloaded using the :code:`gradle wrapper` command, such as due to a firewall. It will now attempt to use the system version of Gradle if present, or otherwise proceed without detailed dependency information. +* Java build-mode :code:`none` no longer fails when a required version of Maven cannot be downloaded, such as due to a firewall. It will now attempt to use the system version of Maven if present, or otherwise proceed without detailed dependency information. +* Java build-mode :code:`none` now correctly uses Maven dependency information on Windows platforms. + +Python +"""""" + +* :code:`MatchLiteralPattern`\ s such as :code:`case None: ...` are now never pruned from the extracted source code. This fixes some situations where code was wrongly identified as unreachable. + +GitHub Actions +"""""""""""""" + +* The query :code:`actions/code-injection/medium` now produces alerts for injection vulnerabilities on :code:`pull_request` events. + +Major Analysis Improvements +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +JavaScript/TypeScript +""""""""""""""""""""" + +* Added support for TypeScript 5.8. + +Minor Analysis Improvements +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +C# +"" + +* The models for :code:`System.Uri` have been modified to better model the flow of tainted URIs. +* Modeled parameter passing between Blazor parent and child components. + +Golang +"""""" + +* We no longer track taint into a :code:`sync.Map` via the key of a key-value pair, since we do not model any way in which keys can be read from a :code:`sync.Map`. +* :code:`database` source models have been added for v1 and v2 of the :code:`github.com/couchbase/gocb` package. +* Added :code:`database` source models for the :code:`github.com/Masterminds/squirrel` ORM package. + +Java/Kotlin +""""""""""" + +* Java extraction is now able to download Maven 3.9.x if a Maven Enforcer Plugin configuration indicates it is necessary. Maven 3.8.x is still preferred if the enforcer-plugin configuration (if any) permits it. +* Added a path injection sanitizer for calls to :code:`java.lang.String.matches`, :code:`java.lang.String.replace`, and :code:`java.lang.String.replaceAll` that make sure '/', '\', '..' are not in the path. + +JavaScript/TypeScript +""""""""""""""""""""" + +* Added support for additional :code:`fs-extra` methods as sinks in path-injection queries. +* Added support for the newer version of :code:`Hapi` with the :code:`@hapi/hapi` import and :code:`server` function. +* Improved modeling of the :code:`node:fs` module: :code:`await`\ -ed calls to :code:`read` and :code:`readFile` are now supported. +* Added support for the :code:`@sap/hana-client`, :code:`@sap/hdbext` and :code:`hdb` packages. +* Enhanced :code:`axios` support with new methods (:code:`postForm`, :code:`putForm`, :code:`patchForm`, :code:`getUri`, :code:`create`) and added support for :code:`interceptors.request` and :code:`interceptors.response`. +* Improved support for :code:`got` package with :code:`Options`, :code:`paginate()` and :code:`extend()` +* Added support for the :code:`ApolloServer` class from :code:`@apollo/server` and similar packages. In particular, the incoming data in a GraphQL resolver is now seen as a source of untrusted user input. +* Improved support for :code:`superagent` to handle the case where the package is directly called as a function, or via the :code:`.del()` or :code:`.agent()` method. +* Added support for the :code:`underscore.string` package. +* Added additional flow step for :code:`unescape()` and :code:`escape()`. +* Added support for the :code:`@tanstack/vue-query` package. +* Added taint-steps for :code:`unescape()`. +* Added support for the :code:`@tanstack/angular-query-experimental` package. +* Improved support for the :code:`@angular/common/http` package, detecting outgoing HTTP requests in more cases. +* Improved the modeling of the :code:`markdown-table` package to ensure it handles nested arrays properly. +* Added support for the :code:`react-relay` library. + +Python +"""""" + +* Added the methods :code:`getMinArguments` and :code:`getMaxArguments` to the :code:`Function` class. These return the minimum and maximum positional arguments that the given function accepts. + +New Features +~~~~~~~~~~~~ + +C/C++ +""""" + +* Added :code:`Node.asUncertainDefinition` and :code:`Node.asCertainDefinition` to the :code:`DataFlow::Node` class for querying whether a definition overwrites the entire destination buffer. + +JavaScript/TypeScript +""""""""""""""""""""" + +* Extraction now supports regular expressions with the :code:`v` flag, using the new operators: + + * Intersection :code:`&&` + * Subtraction :code:`--` + * :code:`\q` quoted string + diff --git a/docs/codeql/codeql-overview/codeql-changelog/index.rst b/docs/codeql/codeql-overview/codeql-changelog/index.rst index e53d669f3a3..08c8502ad1a 100644 --- a/docs/codeql/codeql-overview/codeql-changelog/index.rst +++ b/docs/codeql/codeql-overview/codeql-changelog/index.rst @@ -11,6 +11,8 @@ A list of queries for each suite and language `is available here Date: Fri, 4 Apr 2025 12:43:23 +0100 Subject: [PATCH 247/409] Fix qhelp formatting --- .../LoopVariableCapture/LoopVariableCapture.qhelp | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.qhelp b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.qhelp index ae23584344c..b902f976a53 100644 --- a/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.qhelp +++ b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.qhelp @@ -27,10 +27,13 @@ In the following (BAD) example, a `tasks` list is created, but each task capture

    In the following (GOOD) example, each closure has an `i` default parameter, shadowing the outer i variable, the default value of which is determined as the value of the loop variable i at the time the closure is created. - -In the following (GOOD) example, functools.partial is used to partially evaluate the lambda expression with the value of i. -

    + +

    +In the following (GOOD) example, functools.partial is used to partially evaluate the lambda expression with the value of i. +

    + + From dc31da82d05c810056593cc92cf5620b03389a4f Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 4 Apr 2025 13:42:29 +0100 Subject: [PATCH 248/409] Rust: Fix file name typo. --- ...SummaryStatsReeduced.expected => SummaryStatsReduced.expected} | 0 .../{SummaryStatsReeduced.qlref => SummaryStatsReduced.qlref} | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename rust/ql/test/query-tests/diagnostics/{SummaryStatsReeduced.expected => SummaryStatsReduced.expected} (100%) rename rust/ql/test/query-tests/diagnostics/{SummaryStatsReeduced.qlref => SummaryStatsReduced.qlref} (100%) diff --git a/rust/ql/test/query-tests/diagnostics/SummaryStatsReeduced.expected b/rust/ql/test/query-tests/diagnostics/SummaryStatsReduced.expected similarity index 100% rename from rust/ql/test/query-tests/diagnostics/SummaryStatsReeduced.expected rename to rust/ql/test/query-tests/diagnostics/SummaryStatsReduced.expected diff --git a/rust/ql/test/query-tests/diagnostics/SummaryStatsReeduced.qlref b/rust/ql/test/query-tests/diagnostics/SummaryStatsReduced.qlref similarity index 100% rename from rust/ql/test/query-tests/diagnostics/SummaryStatsReeduced.qlref rename to rust/ql/test/query-tests/diagnostics/SummaryStatsReduced.qlref From 8b6c8d7174e489f0ade284c953486c78cdb0b396 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Fri, 4 Apr 2025 14:44:39 +0200 Subject: [PATCH 249/409] Rust: Minor path resolution fix for `($)crate` paths --- .../codeql/rust/internal/PathResolution.qll | 25 +++++++++---------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/rust/ql/lib/codeql/rust/internal/PathResolution.qll b/rust/ql/lib/codeql/rust/internal/PathResolution.qll index c70ab0049d5..c6ab2135d97 100644 --- a/rust/ql/lib/codeql/rust/internal/PathResolution.qll +++ b/rust/ql/lib/codeql/rust/internal/PathResolution.qll @@ -194,21 +194,11 @@ abstract class ItemNode extends Locatable { this = result.(ImplOrTraitItemNode).getAnItemInSelfScope() or name = "crate" and - result = - any(CrateItemNode crate | - this = crate.getASourceFile() - or - this = crate.getModuleNode() - ) + this = result.(CrateItemNode).getARootModuleNode() or // todo: implement properly name = "$crate" and - result = - any(CrateItemNode crate | - this = crate.getASourceFile() - or - this = crate.getModuleNode() - ).(Crate).getADependency*() and + result = any(CrateItemNode crate | this = crate.getARootModuleNode()).(Crate).getADependency*() and result.(CrateItemNode).isPotentialDollarCrateTarget() } @@ -237,7 +227,7 @@ abstract private class ModuleLikeNode extends ItemNode { predicate isRoot() { this instanceof SourceFileItemNode or - this = any(CrateItemNode c).getModuleNode() + this = any(Crate c).getModule() } } @@ -294,6 +284,15 @@ class CrateItemNode extends ItemNode instanceof Crate { ) } + /** + * Gets a root module node belonging to this crate. + */ + ModuleLikeNode getARootModuleNode() { + result = this.getASourceFile() + or + result = super.getModule() + } + pragma[nomagic] predicate isPotentialDollarCrateTarget() { exists(string name, RelevantPath p | From e9971ffb9412962dfacf2fbc30d18c82bdb41c31 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 4 Apr 2025 11:59:39 +0100 Subject: [PATCH 250/409] Rust: Change the ID of the new query. --- rust/ql/src/queries/summary/SummaryStatsReduced.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rust/ql/src/queries/summary/SummaryStatsReduced.ql b/rust/ql/src/queries/summary/SummaryStatsReduced.ql index 75358064bba..47669f9da58 100644 --- a/rust/ql/src/queries/summary/SummaryStatsReduced.ql +++ b/rust/ql/src/queries/summary/SummaryStatsReduced.ql @@ -3,7 +3,7 @@ * @description A table of summary statistics about a database, with data that * has been found to be noisy on tests removed. * @kind metric - * @id rust/summary/summary-statistics-reduced + * @id rust/summary/reduced-summary-statistics * @tags summary */ From d47e925e8570a3cdf86a3e6d0b0b26c96ee45955 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 4 Apr 2025 14:43:24 +0100 Subject: [PATCH 251/409] Rust: Delete empty .expected files. --- .../security/CWE-696/CONSISTENCY/DataFlowConsistency.expected | 0 .../security/CWE-825/CONSISTENCY/DataFlowConsistency.expected | 0 2 files changed, 0 insertions(+), 0 deletions(-) delete mode 100644 rust/ql/test/query-tests/security/CWE-696/CONSISTENCY/DataFlowConsistency.expected delete mode 100644 rust/ql/test/query-tests/security/CWE-825/CONSISTENCY/DataFlowConsistency.expected diff --git a/rust/ql/test/query-tests/security/CWE-696/CONSISTENCY/DataFlowConsistency.expected b/rust/ql/test/query-tests/security/CWE-696/CONSISTENCY/DataFlowConsistency.expected deleted file mode 100644 index e69de29bb2d..00000000000 diff --git a/rust/ql/test/query-tests/security/CWE-825/CONSISTENCY/DataFlowConsistency.expected b/rust/ql/test/query-tests/security/CWE-825/CONSISTENCY/DataFlowConsistency.expected deleted file mode 100644 index e69de29bb2d..00000000000 From 1acbdbaaa2ab211ae6f1d921836facefbf70809e Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 1 Apr 2025 09:29:51 +0100 Subject: [PATCH 252/409] Rust: Make all query sinks extend QuerySink::Range and import them into Stats.qll (this ensures that sink statistics are complete). --- .../rust/security/CleartextTransmissionExtensions.qll | 5 ++++- .../ql/lib/codeql/rust/security/TaintedPathExtensions.qll | 4 +++- .../rust/security/WeakSensitiveDataHashingExtensions.qll | 4 ++-- rust/ql/src/queries/summary/Stats.qll | 8 +++++--- 4 files changed, 14 insertions(+), 7 deletions(-) diff --git a/rust/ql/lib/codeql/rust/security/CleartextTransmissionExtensions.qll b/rust/ql/lib/codeql/rust/security/CleartextTransmissionExtensions.qll index 73495cd1c0d..8a3892f2347 100644 --- a/rust/ql/lib/codeql/rust/security/CleartextTransmissionExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/CleartextTransmissionExtensions.qll @@ -7,12 +7,15 @@ private import codeql.util.Unit private import rust private import codeql.rust.dataflow.DataFlow private import codeql.rust.dataflow.FlowSink +private import codeql.rust.Concepts /** * A data flow sink for cleartext transmission vulnerabilities. That is, * a `DataFlow::Node` of something that is transmitted over a network. */ -abstract class CleartextTransmissionSink extends DataFlow::Node { } +abstract class CleartextTransmissionSink extends QuerySink::Range { + override string getSinkType() { result = "CleartextTransmission" } +} /** * A barrier for cleartext transmission vulnerabilities. diff --git a/rust/ql/lib/codeql/rust/security/TaintedPathExtensions.qll b/rust/ql/lib/codeql/rust/security/TaintedPathExtensions.qll index df8c43212b3..5f8d8b77ee8 100644 --- a/rust/ql/lib/codeql/rust/security/TaintedPathExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/TaintedPathExtensions.qll @@ -23,7 +23,9 @@ module TaintedPath { /** * A data flow sink for path injection vulnerabilities. */ - abstract class Sink extends DataFlow::Node { } + abstract class Sink extends QuerySink::Range { + override string getSinkType() { result = "TaintedPath" } + } /** * A barrier for path injection vulnerabilities. diff --git a/rust/ql/lib/codeql/rust/security/WeakSensitiveDataHashingExtensions.qll b/rust/ql/lib/codeql/rust/security/WeakSensitiveDataHashingExtensions.qll index b22e5153ce3..7b6b6c801d7 100644 --- a/rust/ql/lib/codeql/rust/security/WeakSensitiveDataHashingExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/WeakSensitiveDataHashingExtensions.qll @@ -44,6 +44,8 @@ module NormalHashFunction { * hashing. That is, a broken or weak hashing algorithm. */ abstract class Sink extends QuerySink::Range { + override string getSinkType() { result = "WeakSensitiveDataHashing" } + /** * Gets the name of the weak hashing algorithm. */ @@ -76,8 +78,6 @@ module NormalHashFunction { class WeakHashingOperationInputAsSink extends Sink { Cryptography::HashingAlgorithm algorithm; - override string getSinkType() { result = "WeakSensitiveDataHashing" } - WeakHashingOperationInputAsSink() { exists(Cryptography::CryptographicOperation operation | algorithm.isWeak() and diff --git a/rust/ql/src/queries/summary/Stats.qll b/rust/ql/src/queries/summary/Stats.qll index a24a4eac9c9..45b5bffa8d1 100644 --- a/rust/ql/src/queries/summary/Stats.qll +++ b/rust/ql/src/queries/summary/Stats.qll @@ -15,10 +15,12 @@ private import codeql.rust.Diagnostics private import codeql.rust.security.SensitiveData private import TaintReach // import all query extensions files, so that all extensions of `QuerySink` are found -private import codeql.rust.security.CleartextLoggingExtensions -private import codeql.rust.security.SqlInjectionExtensions -private import codeql.rust.security.WeakSensitiveDataHashingExtensions private import codeql.rust.security.regex.RegexInjectionExtensions +private import codeql.rust.security.CleartextLoggingExtensions +private import codeql.rust.security.CleartextTransmissionExtensions +private import codeql.rust.security.SqlInjectionExtensions +private import codeql.rust.security.TaintedPathExtensions +private import codeql.rust.security.WeakSensitiveDataHashingExtensions /** * Gets a count of the total number of lines of code in the database. From 784ccb740b75092c8cbd0eed902cbec1857d5909 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 4 Apr 2025 18:02:21 +0100 Subject: [PATCH 253/409] Rust: Define Rust queries and extensions more consistently. --- .../security/CleartextLoggingExtensions.qll | 8 +- .../CleartextTransmissionExtensions.qll | 64 ++++++---- .../rust/security/SqlInjectionExtensions.qll | 8 +- .../regex/RegexInjectionExtensions.qll | 113 ++++++++++-------- .../security/CWE-020/RegexInjection.ql | 8 +- .../queries/security/CWE-089/SqlInjection.ql | 8 +- .../security/CWE-311/CleartextTransmission.ql | 10 +- .../security/CWE-020/RegexInjectionSink.ql | 2 +- 8 files changed, 129 insertions(+), 92 deletions(-) diff --git a/rust/ql/lib/codeql/rust/security/CleartextLoggingExtensions.qll b/rust/ql/lib/codeql/rust/security/CleartextLoggingExtensions.qll index e6bbc0d2a2b..559509ad9f8 100644 --- a/rust/ql/lib/codeql/rust/security/CleartextLoggingExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/CleartextLoggingExtensions.qll @@ -36,8 +36,10 @@ module CleartextLogging { */ private class SensitiveDataAsSource extends Source instanceof SensitiveData { } - /** A sink for logging from model data. */ - private class ModelsAsDataSinks extends Sink { - ModelsAsDataSinks() { exists(string s | sinkNode(this, s) and s.matches("log-injection%")) } + /** + * A sink for logging from model data. + */ + private class ModelsAsDataSink extends Sink { + ModelsAsDataSink() { exists(string s | sinkNode(this, s) and s.matches("log-injection%")) } } } diff --git a/rust/ql/lib/codeql/rust/security/CleartextTransmissionExtensions.qll b/rust/ql/lib/codeql/rust/security/CleartextTransmissionExtensions.qll index 8a3892f2347..2c528dddd9e 100644 --- a/rust/ql/lib/codeql/rust/security/CleartextTransmissionExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/CleartextTransmissionExtensions.qll @@ -10,32 +10,48 @@ private import codeql.rust.dataflow.FlowSink private import codeql.rust.Concepts /** - * A data flow sink for cleartext transmission vulnerabilities. That is, - * a `DataFlow::Node` of something that is transmitted over a network. + * Provides default sources, sinks and barriers for detecting cleartext transmission + * vulnerabilities, as well as extension points for adding your own. */ -abstract class CleartextTransmissionSink extends QuerySink::Range { - override string getSinkType() { result = "CleartextTransmission" } -} - -/** - * A barrier for cleartext transmission vulnerabilities. - */ -abstract class CleartextTransmissionBarrier extends DataFlow::Node { } - -/** - * A unit class for adding additional flow steps. - */ -class CleartextTransmissionAdditionalFlowStep extends Unit { +module CleartextTransmission { /** - * Holds if the step from `node1` to `node2` should be considered a flow - * step for paths related to cleartext transmission vulnerabilities. + * A data flow source for cleartext transmission vulnerabilities. */ - abstract predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo); -} + abstract class Source extends DataFlow::Node { } -/** - * A sink defined through MaD. - */ -private class MadCleartextTransmissionSink extends CleartextTransmissionSink { - MadCleartextTransmissionSink() { sinkNode(this, "transmission") } + /** + * A data flow sink for cleartext transmission vulnerabilities. That is, + * a `DataFlow::Node` of something that is transmitted over a network. + */ + abstract class Sink extends QuerySink::Range { + override string getSinkType() { result = "CleartextTransmission" } + } + + /** + * A barrier for cleartext transmission vulnerabilities. + */ + abstract class Barrier extends DataFlow::Node { } + + /** + * A unit class for adding additional flow steps. + */ + class AdditionalFlowStep extends Unit { + /** + * Holds if the step from `node1` to `node2` should be considered a flow + * step for paths related to cleartext transmission vulnerabilities. + */ + abstract predicate step(DataFlow::Node nodeFrom, DataFlow::Node nodeTo); + } + + /** + * Sensitive data, considered as a flow source. + */ + private class SensitiveDataAsSource extends Source instanceof SensitiveData { } + + /** + * A sink defined through MaD. + */ + private class ModelsAsDataSink extends Sink { + ModelsAsDataSink() { sinkNode(this, "transmission") } + } } diff --git a/rust/ql/lib/codeql/rust/security/SqlInjectionExtensions.qll b/rust/ql/lib/codeql/rust/security/SqlInjectionExtensions.qll index 9c61fe4aa52..8ead5ac684a 100644 --- a/rust/ql/lib/codeql/rust/security/SqlInjectionExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/SqlInjectionExtensions.qll @@ -51,8 +51,10 @@ module SqlInjection { SqlExecutionAsSink() { this = any(SqlExecution e).getSql() } } - /** A sink for sql-injection from model data. */ - private class ModelsAsDataSinks extends Sink { - ModelsAsDataSinks() { sinkNode(this, "sql-injection") } + /** + * A sink for sql-injection from model data. + */ + private class ModelsAsDataSink extends Sink { + ModelsAsDataSink() { sinkNode(this, "sql-injection") } } } diff --git a/rust/ql/lib/codeql/rust/security/regex/RegexInjectionExtensions.qll b/rust/ql/lib/codeql/rust/security/regex/RegexInjectionExtensions.qll index f1e4060a5cf..5c0f8b616b6 100644 --- a/rust/ql/lib/codeql/rust/security/regex/RegexInjectionExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/regex/RegexInjectionExtensions.qll @@ -11,60 +11,71 @@ private import codeql.rust.dataflow.FlowSink private import codeql.rust.Concepts /** - * A data flow sink for regular expression injection vulnerabilities. + * Provides default sources, sinks and barriers for detecting regular expression + * injection vulnerabilities, as well as extension points for adding your own. */ -abstract class RegexInjectionSink extends QuerySink::Range { - override string getSinkType() { result = "RegexInjection" } -} - -/** - * A barrier for regular expression injection vulnerabilities. - */ -abstract class RegexInjectionBarrier extends DataFlow::Node { } - -/** A sink for `a` in `Regex::new(a)` when `a` is not a literal. */ -private class NewRegexInjectionSink extends RegexInjectionSink { - NewRegexInjectionSink() { - exists(CallExprCfgNode call, PathExpr path | - path = call.getFunction().getExpr() and - path.getResolvedCrateOrigin() = "repo:https://github.com/rust-lang/regex:regex" and - path.getResolvedPath() = "::new" and - this.asExpr() = call.getArgument(0) and - not this.asExpr() instanceof LiteralExprCfgNode - ) - } -} - -private class MadRegexInjectionSink extends RegexInjectionSink { - MadRegexInjectionSink() { sinkNode(this, "regex-use") } -} - -/** - * A unit class for adding additional flow steps. - */ -class RegexInjectionAdditionalFlowStep extends Unit { +module RegexInjection { /** - * Holds if the step from `node1` to `node2` should be considered a flow - * step for paths related to regular expression injection vulnerabilities. + * A data flow sink for regular expression injection vulnerabilities. */ - abstract predicate step(DataFlow::Node node1, DataFlow::Node node2); -} + abstract class Sink extends QuerySink::Range { + override string getSinkType() { result = "RegexInjection" } + } -/** - * An escape barrier for regular expression injection vulnerabilities. - */ -private class RegexInjectionDefaultBarrier extends RegexInjectionBarrier { - RegexInjectionDefaultBarrier() { - // A barrier is any call to a function named `escape`, in particular this - // makes calls to `regex::escape` a barrier. - this.asExpr() - .getExpr() - .(CallExpr) - .getFunction() - .(PathExpr) - .getPath() - .getSegment() - .getIdentifier() - .getText() = "escape" + /** + * A barrier for regular expression injection vulnerabilities. + */ + abstract class Barrier extends DataFlow::Node { } + + /** + * A sink for `a` in `Regex::new(a)` when `a` is not a literal. + */ + private class NewSink extends Sink { + NewSink() { + exists(CallExprCfgNode call, PathExpr path | + path = call.getFunction().getExpr() and + path.getResolvedCrateOrigin() = "repo:https://github.com/rust-lang/regex:regex" and + path.getResolvedPath() = "::new" and + this.asExpr() = call.getArgument(0) and + not this.asExpr() instanceof LiteralExprCfgNode + ) + } + } + + /** + * A sink for regular expression injection from model data. + */ + private class ModelsAsDataSink extends Sink { + ModelsAsDataSink() { sinkNode(this, "regex-use") } + } + + /** + * A unit class for adding additional flow steps. + */ + class AdditionalFlowStep extends Unit { + /** + * Holds if the step from `node1` to `node2` should be considered a flow + * step for paths related to regular expression injection vulnerabilities. + */ + abstract predicate step(DataFlow::Node node1, DataFlow::Node node2); + } + + /** + * An escape barrier for regular expression injection vulnerabilities. + */ + private class DefaultBarrier extends Barrier { + DefaultBarrier() { + // A barrier is any call to a function named `escape`, in particular this + // makes calls to `regex::escape` a barrier. + this.asExpr() + .getExpr() + .(CallExpr) + .getFunction() + .(PathExpr) + .getPath() + .getSegment() + .getIdentifier() + .getText() = "escape" + } } } diff --git a/rust/ql/src/queries/security/CWE-020/RegexInjection.ql b/rust/ql/src/queries/security/CWE-020/RegexInjection.ql index b49d08969f6..075f6e99d11 100644 --- a/rust/ql/src/queries/security/CWE-020/RegexInjection.ql +++ b/rust/ql/src/queries/security/CWE-020/RegexInjection.ql @@ -24,14 +24,16 @@ private import codeql.rust.security.regex.RegexInjectionExtensions * A taint configuration for detecting regular expression injection vulnerabilities. */ module RegexInjectionConfig implements DataFlow::ConfigSig { + import RegexInjection + predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } - predicate isSink(DataFlow::Node sink) { sink instanceof RegexInjectionSink } + predicate isSink(DataFlow::Node sink) { sink instanceof Sink } - predicate isBarrier(DataFlow::Node barrier) { barrier instanceof RegexInjectionBarrier } + predicate isBarrier(DataFlow::Node barrier) { barrier instanceof Barrier } predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { - any(RegexInjectionAdditionalFlowStep s).step(nodeFrom, nodeTo) + any(AdditionalFlowStep s).step(nodeFrom, nodeTo) } } diff --git a/rust/ql/src/queries/security/CWE-089/SqlInjection.ql b/rust/ql/src/queries/security/CWE-089/SqlInjection.ql index ee2a3d14486..803cb67e33e 100644 --- a/rust/ql/src/queries/security/CWE-089/SqlInjection.ql +++ b/rust/ql/src/queries/security/CWE-089/SqlInjection.ql @@ -20,11 +20,13 @@ import SqlInjectionFlow::PathGraph * A taint configuration for tainted data that reaches a SQL sink. */ module SqlInjectionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node node) { node instanceof SqlInjection::Source } + import SqlInjection - predicate isSink(DataFlow::Node node) { node instanceof SqlInjection::Sink } + predicate isSource(DataFlow::Node node) { node instanceof Source } - predicate isBarrier(DataFlow::Node barrier) { barrier instanceof SqlInjection::Barrier } + predicate isSink(DataFlow::Node node) { node instanceof Sink } + + predicate isBarrier(DataFlow::Node barrier) { barrier instanceof Barrier } } module SqlInjectionFlow = TaintTracking::Global; diff --git a/rust/ql/src/queries/security/CWE-311/CleartextTransmission.ql b/rust/ql/src/queries/security/CWE-311/CleartextTransmission.ql index ccf01f6fdda..84b88c3f145 100644 --- a/rust/ql/src/queries/security/CWE-311/CleartextTransmission.ql +++ b/rust/ql/src/queries/security/CWE-311/CleartextTransmission.ql @@ -22,14 +22,16 @@ import codeql.rust.security.CleartextTransmissionExtensions * transmitted over a network. */ module CleartextTransmissionConfig implements DataFlow::ConfigSig { - predicate isSource(DataFlow::Node node) { node instanceof SensitiveData } + import CleartextTransmission - predicate isSink(DataFlow::Node node) { node instanceof CleartextTransmissionSink } + predicate isSource(DataFlow::Node node) { node instanceof Source } - predicate isBarrier(DataFlow::Node barrier) { barrier instanceof CleartextTransmissionBarrier } + predicate isSink(DataFlow::Node node) { node instanceof Sink } + + predicate isBarrier(DataFlow::Node barrier) { barrier instanceof Barrier } predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) { - any(CleartextTransmissionAdditionalFlowStep s).step(nodeFrom, nodeTo) + any(AdditionalFlowStep s).step(nodeFrom, nodeTo) } predicate isBarrierIn(DataFlow::Node node) { diff --git a/rust/ql/test/query-tests/security/CWE-020/RegexInjectionSink.ql b/rust/ql/test/query-tests/security/CWE-020/RegexInjectionSink.ql index 0723ec5bb5b..c7da47a1172 100644 --- a/rust/ql/test/query-tests/security/CWE-020/RegexInjectionSink.ql +++ b/rust/ql/test/query-tests/security/CWE-020/RegexInjectionSink.ql @@ -1,4 +1,4 @@ private import codeql.rust.dataflow.DataFlow private import codeql.rust.security.regex.RegexInjectionExtensions -query predicate regexInjectionSink(DataFlow::Node node) { node instanceof RegexInjectionSink } +query predicate regexInjectionSink(DataFlow::Node node) { node instanceof RegexInjection::Sink } From 0db551032c21dabe50b2ec0c48ad28b7dc98973e Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 4 Apr 2025 18:23:53 +0100 Subject: [PATCH 254/409] Rust: Make imports consistent and correct. --- .../rust/security/CleartextTransmissionExtensions.qll | 1 + rust/ql/src/queries/security/CWE-022/TaintedPath.ql | 7 ++++--- rust/ql/src/queries/security/CWE-089/SqlInjection.ql | 3 ++- .../src/queries/security/CWE-311/CleartextTransmission.ql | 1 - rust/ql/src/queries/security/CWE-312/CleartextLogging.ql | 2 +- .../queries/security/CWE-328/WeakSensitiveDataHashing.ql | 2 +- 6 files changed, 9 insertions(+), 7 deletions(-) diff --git a/rust/ql/lib/codeql/rust/security/CleartextTransmissionExtensions.qll b/rust/ql/lib/codeql/rust/security/CleartextTransmissionExtensions.qll index 2c528dddd9e..2dfe77ee8ba 100644 --- a/rust/ql/lib/codeql/rust/security/CleartextTransmissionExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/CleartextTransmissionExtensions.qll @@ -7,6 +7,7 @@ private import codeql.util.Unit private import rust private import codeql.rust.dataflow.DataFlow private import codeql.rust.dataflow.FlowSink +private import codeql.rust.security.SensitiveData private import codeql.rust.Concepts /** diff --git a/rust/ql/src/queries/security/CWE-022/TaintedPath.ql b/rust/ql/src/queries/security/CWE-022/TaintedPath.ql index fcc1c89ef66..8896cf60842 100644 --- a/rust/ql/src/queries/security/CWE-022/TaintedPath.ql +++ b/rust/ql/src/queries/security/CWE-022/TaintedPath.ql @@ -16,11 +16,10 @@ import rust import codeql.rust.dataflow.DataFlow -import codeql.rust.dataflow.internal.DataFlowImpl as DataflowImpl import codeql.rust.dataflow.TaintTracking +import codeql.rust.dataflow.internal.DataFlowImpl as DataflowImpl +import codeql.rust.Concepts import codeql.rust.security.TaintedPathExtensions -import TaintedPathFlow::PathGraph -private import codeql.rust.Concepts newtype NormalizationState = /** A state signifying that the file path has not been normalized. */ @@ -84,6 +83,8 @@ module TaintedPathConfig implements DataFlow::StateConfigSig { module TaintedPathFlow = TaintTracking::GlobalWithState; +import TaintedPathFlow::PathGraph + from TaintedPathFlow::PathNode source, TaintedPathFlow::PathNode sink where TaintedPathFlow::flowPath(source, sink) select sink.getNode(), source, sink, "This path depends on a $@.", source.getNode(), diff --git a/rust/ql/src/queries/security/CWE-089/SqlInjection.ql b/rust/ql/src/queries/security/CWE-089/SqlInjection.ql index 803cb67e33e..f61295263bf 100644 --- a/rust/ql/src/queries/security/CWE-089/SqlInjection.ql +++ b/rust/ql/src/queries/security/CWE-089/SqlInjection.ql @@ -14,7 +14,6 @@ import rust import codeql.rust.dataflow.DataFlow import codeql.rust.dataflow.TaintTracking import codeql.rust.security.SqlInjectionExtensions -import SqlInjectionFlow::PathGraph /** * A taint configuration for tainted data that reaches a SQL sink. @@ -31,6 +30,8 @@ module SqlInjectionConfig implements DataFlow::ConfigSig { module SqlInjectionFlow = TaintTracking::Global; +import SqlInjectionFlow::PathGraph + from SqlInjectionFlow::PathNode sourceNode, SqlInjectionFlow::PathNode sinkNode where SqlInjectionFlow::flowPath(sourceNode, sinkNode) select sinkNode.getNode(), sourceNode, sinkNode, "This query depends on a $@.", diff --git a/rust/ql/src/queries/security/CWE-311/CleartextTransmission.ql b/rust/ql/src/queries/security/CWE-311/CleartextTransmission.ql index 84b88c3f145..739dca0f418 100644 --- a/rust/ql/src/queries/security/CWE-311/CleartextTransmission.ql +++ b/rust/ql/src/queries/security/CWE-311/CleartextTransmission.ql @@ -13,7 +13,6 @@ import rust import codeql.rust.dataflow.DataFlow -import codeql.rust.security.SensitiveData import codeql.rust.dataflow.TaintTracking import codeql.rust.security.CleartextTransmissionExtensions diff --git a/rust/ql/src/queries/security/CWE-312/CleartextLogging.ql b/rust/ql/src/queries/security/CWE-312/CleartextLogging.ql index fd6d538f13f..75bd47e76dc 100644 --- a/rust/ql/src/queries/security/CWE-312/CleartextLogging.ql +++ b/rust/ql/src/queries/security/CWE-312/CleartextLogging.ql @@ -14,9 +14,9 @@ */ import rust -import codeql.rust.security.CleartextLoggingExtensions import codeql.rust.dataflow.DataFlow import codeql.rust.dataflow.TaintTracking +import codeql.rust.security.CleartextLoggingExtensions /** * A taint-tracking configuration for cleartext logging vulnerabilities. diff --git a/rust/ql/src/queries/security/CWE-328/WeakSensitiveDataHashing.ql b/rust/ql/src/queries/security/CWE-328/WeakSensitiveDataHashing.ql index b22fe576212..0f8d23fbc29 100755 --- a/rust/ql/src/queries/security/CWE-328/WeakSensitiveDataHashing.ql +++ b/rust/ql/src/queries/security/CWE-328/WeakSensitiveDataHashing.ql @@ -13,9 +13,9 @@ */ import rust -import codeql.rust.security.WeakSensitiveDataHashingExtensions import codeql.rust.dataflow.DataFlow import codeql.rust.dataflow.TaintTracking +import codeql.rust.security.WeakSensitiveDataHashingExtensions /** * Provides a taint-tracking configuration for detecting use of a broken or weak From 47ee6c6b815b1ecd86a265c8d6972315b23f767d Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 4 Apr 2025 18:27:16 +0100 Subject: [PATCH 255/409] Rust: Give regex injection extendable sources as well. --- .../rust/security/regex/RegexInjectionExtensions.qll | 10 ++++++++++ rust/ql/src/queries/security/CWE-020/RegexInjection.ql | 3 +-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/rust/ql/lib/codeql/rust/security/regex/RegexInjectionExtensions.qll b/rust/ql/lib/codeql/rust/security/regex/RegexInjectionExtensions.qll index 5c0f8b616b6..36ae9116724 100644 --- a/rust/ql/lib/codeql/rust/security/regex/RegexInjectionExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/regex/RegexInjectionExtensions.qll @@ -15,6 +15,11 @@ private import codeql.rust.Concepts * injection vulnerabilities, as well as extension points for adding your own. */ module RegexInjection { + /** + * A data flow source for regular expression injection vulnerabilities. + */ + abstract class Source extends DataFlow::Node { } + /** * A data flow sink for regular expression injection vulnerabilities. */ @@ -27,6 +32,11 @@ module RegexInjection { */ abstract class Barrier extends DataFlow::Node { } + /** + * An active threat-model source, considered as a flow source. + */ + private class ActiveThreatModelSourceAsSource extends Source, ActiveThreatModelSource { } + /** * A sink for `a` in `Regex::new(a)` when `a` is not a literal. */ diff --git a/rust/ql/src/queries/security/CWE-020/RegexInjection.ql b/rust/ql/src/queries/security/CWE-020/RegexInjection.ql index 075f6e99d11..14d6d8e167e 100644 --- a/rust/ql/src/queries/security/CWE-020/RegexInjection.ql +++ b/rust/ql/src/queries/security/CWE-020/RegexInjection.ql @@ -17,7 +17,6 @@ private import rust private import codeql.rust.dataflow.DataFlow private import codeql.rust.dataflow.TaintTracking -private import codeql.rust.Concepts private import codeql.rust.security.regex.RegexInjectionExtensions /** @@ -26,7 +25,7 @@ private import codeql.rust.security.regex.RegexInjectionExtensions module RegexInjectionConfig implements DataFlow::ConfigSig { import RegexInjection - predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } + predicate isSource(DataFlow::Node source) { source instanceof Source } predicate isSink(DataFlow::Node sink) { sink instanceof Sink } From ff78c45e500aa52bc33e1682536f3320e6a361e9 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 4 Apr 2025 18:33:27 +0100 Subject: [PATCH 256/409] Rust: Abstractions then implementations. --- .../regex/RegexInjectionExtensions.qll | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/rust/ql/lib/codeql/rust/security/regex/RegexInjectionExtensions.qll b/rust/ql/lib/codeql/rust/security/regex/RegexInjectionExtensions.qll index 36ae9116724..4daff543b98 100644 --- a/rust/ql/lib/codeql/rust/security/regex/RegexInjectionExtensions.qll +++ b/rust/ql/lib/codeql/rust/security/regex/RegexInjectionExtensions.qll @@ -32,6 +32,17 @@ module RegexInjection { */ abstract class Barrier extends DataFlow::Node { } + /** + * A unit class for adding additional flow steps. + */ + class AdditionalFlowStep extends Unit { + /** + * Holds if the step from `node1` to `node2` should be considered a flow + * step for paths related to regular expression injection vulnerabilities. + */ + abstract predicate step(DataFlow::Node node1, DataFlow::Node node2); + } + /** * An active threat-model source, considered as a flow source. */ @@ -59,17 +70,6 @@ module RegexInjection { ModelsAsDataSink() { sinkNode(this, "regex-use") } } - /** - * A unit class for adding additional flow steps. - */ - class AdditionalFlowStep extends Unit { - /** - * Holds if the step from `node1` to `node2` should be considered a flow - * step for paths related to regular expression injection vulnerabilities. - */ - abstract predicate step(DataFlow::Node node1, DataFlow::Node node2); - } - /** * An escape barrier for regular expression injection vulnerabilities. */ From d7c14ec0656f44cb7063ef934b97b6ce93633e2c Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 4 Apr 2025 20:47:16 +0100 Subject: [PATCH 257/409] Rust: Revert change to Cargo.lock. --- Cargo.lock | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index db07984a44b..7719e26ffd2 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -325,9 +325,9 @@ dependencies = [ [[package]] name = "clap" -version = "4.5.35" +version = "4.5.32" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d8aa86934b44c19c50f87cc2790e19f54f7a67aedb64101c2e1a2e5ecfb73944" +checksum = "6088f3ae8c3608d19260cd7445411865a485688711b78b5be70d78cd96136f83" dependencies = [ "clap_builder", "clap_derive", @@ -335,9 +335,9 @@ dependencies = [ [[package]] name = "clap_builder" -version = "4.5.35" +version = "4.5.32" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2414dbb2dd0695280da6ea9261e327479e9d37b0630f6b53ba2a11c60c679fd9" +checksum = "22a7ef7f676155edfb82daa97f99441f3ebf4a58d5e32f295a56259f1b6facc8" dependencies = [ "anstream", "anstyle", From a5883b1627a8edfc7bca0196d5ce219f31baede8 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 4 Apr 2025 21:45:37 +0100 Subject: [PATCH 258/409] Rust: Accept test changes (due to added models?). --- .../dataflow/local/DataFlowStep.expected | 9 ++ .../security/CWE-020/RegexInjection.expected | 8 +- .../UncontrolledAllocationSize.expected | 152 +++++++++--------- 3 files changed, 89 insertions(+), 80 deletions(-) diff --git a/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected b/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected index 9676fd3f2af..6edba8b73ba 100644 --- a/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected +++ b/rust/ql/test/library-tests/dataflow/local/DataFlowStep.expected @@ -2161,6 +2161,13 @@ storeStep | file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Err(0)].Reference in lang:core::_::::as_ref | &ref | file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Err(0)] in lang:core::_::::as_ref | | file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)] in lang:alloc::_::::search_tree_for_bifurcation | Ok | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:alloc::_::::search_tree_for_bifurcation | | file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)] in lang:alloc::_::::from_str | Ok | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:alloc::_::::from_str | +| file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)] in lang:core::_::::align_to | Ok | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::::align_to | +| file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)] in lang:core::_::::array | Ok | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::::array | +| file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)] in lang:core::_::::extend | Ok | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::::extend | +| file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)] in lang:core::_::::extend_packed | Ok | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::::extend_packed | +| file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)] in lang:core::_::::from_size_align | Ok | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::::from_size_align | +| file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)] in lang:core::_::::repeat | Ok | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::::repeat | +| file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)] in lang:core::_::::repeat_packed | Ok | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::::repeat_packed | | file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)] in lang:core::_::::try_insert | Ok | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::::try_insert | | file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)] in lang:core::_::::ok_or | Ok | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::::ok_or | | file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)] in lang:core::_::::ok_or_else | Ok | file://:0:0:0:0 | [summary] to write: ReturnValue in lang:core::_::::ok_or_else | @@ -2194,6 +2201,8 @@ storeStep | file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)] in repo:https://github.com/seanmonstar/reqwest:reqwest::_::::text_with_charset | Ok | file://:0:0:0:0 | [summary] to write: ReturnValue in repo:https://github.com/seanmonstar/reqwest:reqwest::_::::text_with_charset | | file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)] in repo:https://github.com/servo/rust-url:url::_::::parse | Ok | file://:0:0:0:0 | [summary] to write: ReturnValue in repo:https://github.com/servo/rust-url:url::_::::parse | | file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)].Field[0] in lang:alloc::_::::search_tree_for_bifurcation | tuple.0 | file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)] in lang:alloc::_::::search_tree_for_bifurcation | +| file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)].Field[0] in lang:core::_::::extend | tuple.0 | file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)] in lang:core::_::::extend | +| file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)].Field[0] in lang:core::_::::repeat | tuple.0 | file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)] in lang:core::_::::repeat | | file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)].Field[0] in lang:std::_::::wait_timeout | tuple.0 | file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)] in lang:std::_::::wait_timeout | | file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)].Field[0] in lang:std::_::::wait_timeout_ms | tuple.0 | file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)] in lang:std::_::::wait_timeout_ms | | file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)].Field[0] in lang:std::_::::wait_timeout_while | tuple.0 | file://:0:0:0:0 | [summary] to write: ReturnValue.Field[crate::result::Result::Ok(0)] in lang:std::_::::wait_timeout_while | diff --git a/rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected b/rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected index 1dd626144da..4d5a046ccc5 100644 --- a/rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected +++ b/rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected @@ -2,15 +2,15 @@ | main.rs:6:25:6:30 | ®ex | main.rs:4:20:4:32 | ...::var | main.rs:6:25:6:30 | ®ex | This regular expression is constructed from a $@. | main.rs:4:20:4:32 | ...::var | user-provided value | edges | main.rs:4:9:4:16 | username | main.rs:5:25:5:44 | MacroExpr | provenance | | -| main.rs:4:20:4:32 | ...::var | main.rs:4:20:4:40 | ...::var(...) [Ok] | provenance | Src:MaD:64 | -| main.rs:4:20:4:40 | ...::var(...) [Ok] | main.rs:4:20:4:66 | ... .unwrap_or(...) | provenance | MaD:1627 | +| main.rs:4:20:4:32 | ...::var | main.rs:4:20:4:40 | ...::var(...) [Ok] | provenance | Src:MaD:68 | +| main.rs:4:20:4:40 | ...::var(...) [Ok] | main.rs:4:20:4:66 | ... .unwrap_or(...) | provenance | MaD:1660 | | main.rs:4:20:4:66 | ... .unwrap_or(...) | main.rs:4:9:4:16 | username | provenance | | | main.rs:5:9:5:13 | regex | main.rs:6:26:6:30 | regex | provenance | | | main.rs:5:17:5:45 | res | main.rs:5:25:5:44 | { ... } | provenance | | | main.rs:5:25:5:44 | ...::format(...) | main.rs:5:17:5:45 | res | provenance | | | main.rs:5:25:5:44 | ...::must_use(...) | main.rs:5:9:5:13 | regex | provenance | | -| main.rs:5:25:5:44 | MacroExpr | main.rs:5:25:5:44 | ...::format(...) | provenance | MaD:100 | -| main.rs:5:25:5:44 | { ... } | main.rs:5:25:5:44 | ...::must_use(...) | provenance | MaD:3050 | +| main.rs:5:25:5:44 | MacroExpr | main.rs:5:25:5:44 | ...::format(...) | provenance | MaD:119 | +| main.rs:5:25:5:44 | { ... } | main.rs:5:25:5:44 | ...::must_use(...) | provenance | MaD:3083 | | main.rs:6:26:6:30 | regex | main.rs:6:25:6:30 | ®ex | provenance | | nodes | main.rs:4:9:4:16 | username | semmle.label | username | diff --git a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected index 9cc7f803aac..8fbaf765939 100644 --- a/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected +++ b/rust/ql/test/query-tests/security/CWE-770/UncontrolledAllocationSize.expected @@ -53,18 +53,18 @@ edges | main.rs:18:41:18:41 | v | main.rs:32:60:32:89 | ... * ... | provenance | | | main.rs:18:41:18:41 | v | main.rs:35:9:35:10 | s6 | provenance | | | main.rs:20:9:20:10 | l2 | main.rs:21:31:21:32 | l2 | provenance | | -| main.rs:20:14:20:54 | ...::from_size_align(...) [Ok] | main.rs:20:14:20:63 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:20:14:20:63 | ... .unwrap(...) | main.rs:20:9:20:10 | l2 | provenance | | +| main.rs:20:14:20:54 | ...::from_size_align(...) [Ok] | main.rs:20:14:20:63 | ... .unwrap() | provenance | MaD:31 | +| main.rs:20:14:20:63 | ... .unwrap() | main.rs:20:9:20:10 | l2 | provenance | | | main.rs:20:50:20:50 | v | main.rs:20:14:20:54 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | | main.rs:21:31:21:32 | l2 | main.rs:21:13:21:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:21:31:21:32 | l2 | main.rs:22:31:22:44 | l2.align_to(...) [Ok] | provenance | MaD:17 | | main.rs:21:31:21:32 | l2 | main.rs:23:31:23:44 | l2.align_to(...) [Ok] | provenance | MaD:17 | | main.rs:21:31:21:32 | l2 | main.rs:24:38:24:39 | l2 | provenance | | -| main.rs:22:31:22:44 | l2.align_to(...) [Ok] | main.rs:22:31:22:53 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:22:31:22:53 | ... .unwrap(...) | main.rs:22:13:22:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:23:31:23:44 | l2.align_to(...) [Ok] | main.rs:23:31:23:53 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:23:31:23:53 | ... .unwrap(...) | main.rs:23:31:23:68 | ... .pad_to_align(...) | provenance | MaD:25 | -| main.rs:23:31:23:68 | ... .pad_to_align(...) | main.rs:23:13:23:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:22:31:22:44 | l2.align_to(...) [Ok] | main.rs:22:31:22:53 | ... .unwrap() | provenance | MaD:31 | +| main.rs:22:31:22:53 | ... .unwrap() | main.rs:22:13:22:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:23:31:23:44 | l2.align_to(...) [Ok] | main.rs:23:31:23:53 | ... .unwrap() | provenance | MaD:31 | +| main.rs:23:31:23:53 | ... .unwrap() | main.rs:23:31:23:68 | ... .pad_to_align() | provenance | MaD:25 | +| main.rs:23:31:23:68 | ... .pad_to_align() | main.rs:23:13:23:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:24:38:24:39 | l2 | main.rs:24:13:24:36 | ...::alloc_zeroed | provenance | MaD:4 Sink:MaD:4 | | main.rs:29:9:29:10 | l4 | main.rs:30:31:30:32 | l4 | provenance | | | main.rs:29:14:29:64 | ...::from_size_align_unchecked(...) | main.rs:29:9:29:10 | l4 | provenance | | @@ -79,10 +79,10 @@ edges | main.rs:36:14:36:65 | ...::from_size_align_unchecked(...) | main.rs:36:9:36:10 | l6 | provenance | | | main.rs:36:60:36:61 | s6 | main.rs:36:14:36:65 | ...::from_size_align_unchecked(...) | provenance | MaD:24 | | main.rs:37:31:37:32 | l6 | main.rs:37:13:37:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:37:31:37:32 | l6 | main.rs:39:60:39:68 | l6.size(...) | provenance | MaD:28 | +| main.rs:37:31:37:32 | l6 | main.rs:39:60:39:68 | l6.size() | provenance | MaD:28 | | main.rs:39:9:39:10 | l7 | main.rs:40:31:40:32 | l7 | provenance | | | main.rs:39:14:39:72 | ...::from_size_align_unchecked(...) | main.rs:39:9:39:10 | l7 | provenance | | -| main.rs:39:60:39:68 | l6.size(...) | main.rs:39:14:39:72 | ...::from_size_align_unchecked(...) | provenance | MaD:24 | +| main.rs:39:60:39:68 | l6.size() | main.rs:39:14:39:72 | ...::from_size_align_unchecked(...) | provenance | MaD:24 | | main.rs:40:31:40:32 | l7 | main.rs:40:13:40:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:43:44:43:51 | ...: usize | main.rs:50:41:50:41 | v | provenance | | | main.rs:43:44:43:51 | ...: usize | main.rs:51:41:51:45 | ... + ... | provenance | | @@ -90,19 +90,19 @@ edges | main.rs:43:44:43:51 | ...: usize | main.rs:54:48:54:53 | ... * ... | provenance | | | main.rs:43:44:43:51 | ...: usize | main.rs:58:34:58:34 | v | provenance | | | main.rs:43:44:43:51 | ...: usize | main.rs:67:46:67:46 | v | provenance | | -| main.rs:50:31:50:42 | l2.repeat(...) [Ok, tuple.0] | main.rs:50:31:50:51 | ... .unwrap(...) [tuple.0] | provenance | MaD:31 | -| main.rs:50:31:50:51 | ... .unwrap(...) [tuple.0] | main.rs:50:31:50:53 | ... .0 | provenance | | +| main.rs:50:31:50:42 | l2.repeat(...) [Ok, tuple.0] | main.rs:50:31:50:51 | ... .unwrap() [tuple.0] | provenance | MaD:31 | +| main.rs:50:31:50:51 | ... .unwrap() [tuple.0] | main.rs:50:31:50:53 | ... .0 | provenance | | | main.rs:50:31:50:53 | ... .0 | main.rs:50:13:50:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:50:41:50:41 | v | main.rs:50:31:50:42 | l2.repeat(...) [Ok, tuple.0] | provenance | MaD:26 | -| main.rs:51:31:51:46 | l2.repeat(...) [Ok, tuple.0] | main.rs:51:31:51:55 | ... .unwrap(...) [tuple.0] | provenance | MaD:31 | -| main.rs:51:31:51:55 | ... .unwrap(...) [tuple.0] | main.rs:51:31:51:57 | ... .0 | provenance | | +| main.rs:51:31:51:46 | l2.repeat(...) [Ok, tuple.0] | main.rs:51:31:51:55 | ... .unwrap() [tuple.0] | provenance | MaD:31 | +| main.rs:51:31:51:55 | ... .unwrap() [tuple.0] | main.rs:51:31:51:57 | ... .0 | provenance | | | main.rs:51:31:51:57 | ... .0 | main.rs:51:13:51:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:51:41:51:45 | ... + ... | main.rs:51:31:51:46 | l2.repeat(...) [Ok, tuple.0] | provenance | MaD:26 | -| main.rs:53:31:53:49 | l2.repeat_packed(...) [Ok] | main.rs:53:31:53:58 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:53:31:53:58 | ... .unwrap(...) | main.rs:53:13:53:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:53:31:53:49 | l2.repeat_packed(...) [Ok] | main.rs:53:31:53:58 | ... .unwrap() | provenance | MaD:31 | +| main.rs:53:31:53:58 | ... .unwrap() | main.rs:53:13:53:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:53:48:53:48 | v | main.rs:53:31:53:49 | l2.repeat_packed(...) [Ok] | provenance | MaD:27 | -| main.rs:54:31:54:54 | l2.repeat_packed(...) [Ok] | main.rs:54:31:54:63 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:54:31:54:63 | ... .unwrap(...) | main.rs:54:13:54:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:54:31:54:54 | l2.repeat_packed(...) [Ok] | main.rs:54:31:54:63 | ... .unwrap() | provenance | MaD:31 | +| main.rs:54:31:54:63 | ... .unwrap() | main.rs:54:13:54:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:54:48:54:53 | ... * ... | main.rs:54:31:54:54 | l2.repeat_packed(...) [Ok] | provenance | MaD:27 | | main.rs:58:9:58:20 | TuplePat [tuple.0] | main.rs:58:10:58:11 | k1 | provenance | | | main.rs:58:10:58:11 | k1 | main.rs:59:31:59:32 | k1 | provenance | | @@ -116,29 +116,29 @@ edges | main.rs:59:31:59:32 | k1 | main.rs:65:31:65:50 | k1.extend_packed(...) [Ok] | provenance | MaD:22 | | main.rs:60:9:60:20 | TuplePat [tuple.0] | main.rs:60:10:60:11 | k2 | provenance | | | main.rs:60:10:60:11 | k2 | main.rs:61:31:61:32 | k2 | provenance | | -| main.rs:60:24:60:36 | l3.extend(...) [Ok, tuple.0] | main.rs:60:24:60:45 | ... .unwrap(...) [tuple.0] | provenance | MaD:31 | -| main.rs:60:24:60:45 | ... .unwrap(...) [tuple.0] | main.rs:60:9:60:20 | TuplePat [tuple.0] | provenance | | +| main.rs:60:24:60:36 | l3.extend(...) [Ok, tuple.0] | main.rs:60:24:60:45 | ... .unwrap() [tuple.0] | provenance | MaD:31 | +| main.rs:60:24:60:45 | ... .unwrap() [tuple.0] | main.rs:60:9:60:20 | TuplePat [tuple.0] | provenance | | | main.rs:60:34:60:35 | k1 | main.rs:60:24:60:36 | l3.extend(...) [Ok, tuple.0] | provenance | MaD:19 | | main.rs:61:31:61:32 | k2 | main.rs:61:13:61:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:62:9:62:20 | TuplePat [tuple.0] | main.rs:62:10:62:11 | k3 | provenance | | | main.rs:62:10:62:11 | k3 | main.rs:63:31:63:32 | k3 | provenance | | -| main.rs:62:24:62:36 | k1.extend(...) [Ok, tuple.0] | main.rs:62:24:62:45 | ... .unwrap(...) [tuple.0] | provenance | MaD:31 | -| main.rs:62:24:62:45 | ... .unwrap(...) [tuple.0] | main.rs:62:9:62:20 | TuplePat [tuple.0] | provenance | | +| main.rs:62:24:62:36 | k1.extend(...) [Ok, tuple.0] | main.rs:62:24:62:45 | ... .unwrap() [tuple.0] | provenance | MaD:31 | +| main.rs:62:24:62:45 | ... .unwrap() [tuple.0] | main.rs:62:9:62:20 | TuplePat [tuple.0] | provenance | | | main.rs:63:31:63:32 | k3 | main.rs:63:13:63:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | -| main.rs:64:31:64:50 | l3.extend_packed(...) [Ok] | main.rs:64:31:64:59 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:64:31:64:59 | ... .unwrap(...) | main.rs:64:13:64:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:64:31:64:50 | l3.extend_packed(...) [Ok] | main.rs:64:31:64:59 | ... .unwrap() | provenance | MaD:31 | +| main.rs:64:31:64:59 | ... .unwrap() | main.rs:64:13:64:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:64:48:64:49 | k1 | main.rs:64:31:64:50 | l3.extend_packed(...) [Ok] | provenance | MaD:21 | -| main.rs:65:31:65:50 | k1.extend_packed(...) [Ok] | main.rs:65:31:65:59 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:65:31:65:59 | ... .unwrap(...) | main.rs:65:13:65:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | +| main.rs:65:31:65:50 | k1.extend_packed(...) [Ok] | main.rs:65:31:65:59 | ... .unwrap() | provenance | MaD:31 | +| main.rs:65:31:65:59 | ... .unwrap() | main.rs:65:13:65:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:67:9:67:10 | l4 | main.rs:68:31:68:32 | l4 | provenance | | -| main.rs:67:14:67:47 | ...::array::<...>(...) [Ok] | main.rs:67:14:67:56 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:67:14:67:56 | ... .unwrap(...) | main.rs:67:9:67:10 | l4 | provenance | | +| main.rs:67:14:67:47 | ...::array::<...>(...) [Ok] | main.rs:67:14:67:56 | ... .unwrap() | provenance | MaD:31 | +| main.rs:67:14:67:56 | ... .unwrap() | main.rs:67:9:67:10 | l4 | provenance | | | main.rs:67:46:67:46 | v | main.rs:67:14:67:47 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | | main.rs:68:31:68:32 | l4 | main.rs:68:13:68:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:86:35:86:42 | ...: usize | main.rs:87:54:87:54 | v | provenance | | | main.rs:87:9:87:14 | layout | main.rs:88:31:88:36 | layout | provenance | | -| main.rs:87:18:87:58 | ...::from_size_align(...) [Ok] | main.rs:87:18:87:67 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:87:18:87:67 | ... .unwrap(...) | main.rs:87:9:87:14 | layout | provenance | | +| main.rs:87:18:87:58 | ...::from_size_align(...) [Ok] | main.rs:87:18:87:67 | ... .unwrap() | provenance | MaD:31 | +| main.rs:87:18:87:67 | ... .unwrap() | main.rs:87:9:87:14 | layout | provenance | | | main.rs:87:54:87:54 | v | main.rs:87:18:87:58 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | | main.rs:88:31:88:36 | layout | main.rs:88:13:88:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:91:38:91:45 | ...: usize | main.rs:92:47:92:47 | v | provenance | | @@ -150,15 +150,15 @@ edges | main.rs:91:38:91:45 | ...: usize | main.rs:161:55:161:55 | v | provenance | | | main.rs:92:9:92:10 | l1 | main.rs:96:35:96:36 | l1 | provenance | | | main.rs:92:9:92:10 | l1 | main.rs:102:35:102:36 | l1 | provenance | | -| main.rs:92:14:92:48 | ...::array::<...>(...) [Ok] | main.rs:92:14:92:57 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:92:14:92:57 | ... .unwrap(...) | main.rs:92:9:92:10 | l1 | provenance | | +| main.rs:92:14:92:48 | ...::array::<...>(...) [Ok] | main.rs:92:14:92:57 | ... .unwrap() | provenance | MaD:31 | +| main.rs:92:14:92:57 | ... .unwrap() | main.rs:92:9:92:10 | l1 | provenance | | | main.rs:92:47:92:47 | v | main.rs:92:14:92:48 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | | main.rs:96:35:96:36 | l1 | main.rs:96:17:96:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:96:35:96:36 | l1 | main.rs:109:35:109:36 | l1 | provenance | | | main.rs:96:35:96:36 | l1 | main.rs:111:35:111:36 | l1 | provenance | | | main.rs:101:13:101:14 | l3 | main.rs:103:35:103:36 | l3 | provenance | | -| main.rs:101:18:101:52 | ...::array::<...>(...) [Ok] | main.rs:101:18:101:61 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:101:18:101:61 | ... .unwrap(...) | main.rs:101:13:101:14 | l3 | provenance | | +| main.rs:101:18:101:52 | ...::array::<...>(...) [Ok] | main.rs:101:18:101:61 | ... .unwrap() | provenance | MaD:31 | +| main.rs:101:18:101:61 | ... .unwrap() | main.rs:101:13:101:14 | l3 | provenance | | | main.rs:101:51:101:51 | v | main.rs:101:18:101:52 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | | main.rs:102:35:102:36 | l1 | main.rs:102:17:102:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:102:35:102:36 | l1 | main.rs:109:35:109:36 | l1 | provenance | | @@ -170,27 +170,27 @@ edges | main.rs:111:35:111:36 | l1 | main.rs:111:17:111:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:111:35:111:36 | l1 | main.rs:146:35:146:36 | l1 | provenance | | | main.rs:145:13:145:14 | l9 | main.rs:148:35:148:36 | l9 | provenance | | -| main.rs:145:18:145:52 | ...::array::<...>(...) [Ok] | main.rs:145:18:145:61 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:145:18:145:61 | ... .unwrap(...) | main.rs:145:13:145:14 | l9 | provenance | | +| main.rs:145:18:145:52 | ...::array::<...>(...) [Ok] | main.rs:145:18:145:61 | ... .unwrap() | provenance | MaD:31 | +| main.rs:145:18:145:61 | ... .unwrap() | main.rs:145:13:145:14 | l9 | provenance | | | main.rs:145:51:145:51 | v | main.rs:145:18:145:52 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | | main.rs:146:35:146:36 | l1 | main.rs:146:17:146:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:146:35:146:36 | l1 | main.rs:177:31:177:32 | l1 | provenance | | | main.rs:148:35:148:36 | l9 | main.rs:148:17:148:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:151:9:151:11 | l10 | main.rs:152:31:152:33 | l10 | provenance | | -| main.rs:151:15:151:69 | ...::array::<...>(...) [Ok] | main.rs:151:15:151:78 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:151:15:151:78 | ... .unwrap(...) | main.rs:151:9:151:11 | l10 | provenance | | +| main.rs:151:15:151:69 | ...::array::<...>(...) [Ok] | main.rs:151:15:151:78 | ... .unwrap() | provenance | MaD:31 | +| main.rs:151:15:151:78 | ... .unwrap() | main.rs:151:9:151:11 | l10 | provenance | | | main.rs:151:48:151:68 | ...::min(...) | main.rs:151:15:151:69 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | | main.rs:151:62:151:62 | v | main.rs:151:48:151:68 | ...::min(...) | provenance | MaD:34 | | main.rs:152:31:152:33 | l10 | main.rs:152:13:152:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:154:9:154:11 | l11 | main.rs:155:31:155:33 | l11 | provenance | | -| main.rs:154:15:154:69 | ...::array::<...>(...) [Ok] | main.rs:154:15:154:78 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:154:15:154:78 | ... .unwrap(...) | main.rs:154:9:154:11 | l11 | provenance | | +| main.rs:154:15:154:69 | ...::array::<...>(...) [Ok] | main.rs:154:15:154:78 | ... .unwrap() | provenance | MaD:31 | +| main.rs:154:15:154:78 | ... .unwrap() | main.rs:154:9:154:11 | l11 | provenance | | | main.rs:154:48:154:68 | ...::max(...) | main.rs:154:15:154:69 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | | main.rs:154:62:154:62 | v | main.rs:154:48:154:68 | ...::max(...) | provenance | MaD:33 | | main.rs:155:31:155:33 | l11 | main.rs:155:13:155:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:161:13:161:15 | l13 | main.rs:162:35:162:37 | l13 | provenance | | -| main.rs:161:19:161:59 | ...::from_size_align(...) [Ok] | main.rs:161:19:161:68 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:161:19:161:68 | ... .unwrap(...) | main.rs:161:13:161:15 | l13 | provenance | | +| main.rs:161:19:161:59 | ...::from_size_align(...) [Ok] | main.rs:161:19:161:68 | ... .unwrap() | provenance | MaD:31 | +| main.rs:161:19:161:68 | ... .unwrap() | main.rs:161:13:161:15 | l13 | provenance | | | main.rs:161:55:161:55 | v | main.rs:161:19:161:59 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | | main.rs:162:35:162:37 | l13 | main.rs:162:17:162:33 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:162:35:162:37 | l13 | main.rs:169:35:169:37 | l13 | provenance | | @@ -198,8 +198,8 @@ edges | main.rs:177:31:177:32 | l1 | main.rs:177:13:177:29 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:183:29:183:36 | ...: usize | main.rs:192:46:192:46 | v | provenance | | | main.rs:192:9:192:10 | l2 | main.rs:193:38:193:39 | l2 | provenance | | -| main.rs:192:14:192:47 | ...::array::<...>(...) [Ok] | main.rs:192:14:192:56 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:192:14:192:56 | ... .unwrap(...) | main.rs:192:9:192:10 | l2 | provenance | | +| main.rs:192:14:192:47 | ...::array::<...>(...) [Ok] | main.rs:192:14:192:56 | ... .unwrap() | provenance | MaD:31 | +| main.rs:192:14:192:56 | ... .unwrap() | main.rs:192:9:192:10 | l2 | provenance | | | main.rs:192:46:192:46 | v | main.rs:192:14:192:47 | ...::array::<...>(...) [Ok] | provenance | MaD:18 | | main.rs:193:38:193:39 | l2 | main.rs:193:32:193:36 | alloc | provenance | MaD:10 Sink:MaD:10 | | main.rs:193:38:193:39 | l2 | main.rs:194:45:194:46 | l2 | provenance | | @@ -226,13 +226,13 @@ edges | main.rs:223:26:223:26 | v | main.rs:223:13:223:24 | ...::calloc | provenance | MaD:13 Sink:MaD:13 | | main.rs:223:26:223:26 | v | main.rs:224:31:224:31 | v | provenance | | | main.rs:224:31:224:31 | v | main.rs:224:13:224:25 | ...::realloc | provenance | MaD:15 Sink:MaD:15 | -| main.rs:279:24:279:41 | ...: String | main.rs:280:21:280:47 | user_input.parse(...) [Ok] | provenance | MaD:32 | +| main.rs:279:24:279:41 | ...: String | main.rs:280:21:280:47 | user_input.parse() [Ok] | provenance | MaD:32 | | main.rs:280:9:280:17 | num_bytes | main.rs:282:54:282:62 | num_bytes | provenance | | -| main.rs:280:21:280:47 | user_input.parse(...) [Ok] | main.rs:280:21:280:48 | TryExpr | provenance | | +| main.rs:280:21:280:47 | user_input.parse() [Ok] | main.rs:280:21:280:48 | TryExpr | provenance | | | main.rs:280:21:280:48 | TryExpr | main.rs:280:9:280:17 | num_bytes | provenance | | | main.rs:282:9:282:14 | layout | main.rs:284:40:284:45 | layout | provenance | | -| main.rs:282:18:282:66 | ...::from_size_align(...) [Ok] | main.rs:282:18:282:75 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:282:18:282:75 | ... .unwrap(...) | main.rs:282:9:282:14 | layout | provenance | | +| main.rs:282:18:282:66 | ...::from_size_align(...) [Ok] | main.rs:282:18:282:75 | ... .unwrap() | provenance | MaD:31 | +| main.rs:282:18:282:75 | ... .unwrap() | main.rs:282:9:282:14 | layout | provenance | | | main.rs:282:54:282:62 | num_bytes | main.rs:282:18:282:66 | ...::from_size_align(...) [Ok] | provenance | MaD:23 | | main.rs:284:40:284:45 | layout | main.rs:284:22:284:38 | ...::alloc | provenance | MaD:3 Sink:MaD:3 | | main.rs:308:25:308:38 | ...::args | main.rs:308:25:308:40 | ...::args(...) [element] | provenance | Src:MaD:16 | @@ -247,9 +247,9 @@ edges | main.rs:317:13:317:26 | ...::args | main.rs:317:13:317:28 | ...::args(...) [element] | provenance | Src:MaD:16 | | main.rs:317:13:317:28 | ...::args(...) [element] | main.rs:317:13:317:35 | ... .nth(...) [Some] | provenance | MaD:35 | | main.rs:317:13:317:35 | ... .nth(...) [Some] | main.rs:317:13:317:65 | ... .unwrap_or(...) | provenance | MaD:29 | -| main.rs:317:13:317:65 | ... .unwrap_or(...) | main.rs:317:13:317:82 | ... .parse(...) [Ok] | provenance | MaD:32 | -| main.rs:317:13:317:82 | ... .parse(...) [Ok] | main.rs:317:13:317:91 | ... .unwrap(...) | provenance | MaD:31 | -| main.rs:317:13:317:91 | ... .unwrap(...) | main.rs:317:9:317:9 | v | provenance | | +| main.rs:317:13:317:65 | ... .unwrap_or(...) | main.rs:317:13:317:82 | ... .parse() [Ok] | provenance | MaD:32 | +| main.rs:317:13:317:82 | ... .parse() [Ok] | main.rs:317:13:317:91 | ... .unwrap() | provenance | MaD:31 | +| main.rs:317:13:317:91 | ... .unwrap() | main.rs:317:9:317:9 | v | provenance | | | main.rs:320:34:320:34 | v | main.rs:12:36:12:43 | ...: usize | provenance | | | main.rs:321:42:321:42 | v | main.rs:43:44:43:51 | ...: usize | provenance | | | main.rs:322:36:322:36 | v | main.rs:91:38:91:45 | ...: usize | provenance | | @@ -297,17 +297,17 @@ nodes | main.rs:18:41:18:41 | v | semmle.label | v | | main.rs:20:9:20:10 | l2 | semmle.label | l2 | | main.rs:20:14:20:54 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | -| main.rs:20:14:20:63 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:20:14:20:63 | ... .unwrap() | semmle.label | ... .unwrap() | | main.rs:20:50:20:50 | v | semmle.label | v | | main.rs:21:13:21:29 | ...::alloc | semmle.label | ...::alloc | | main.rs:21:31:21:32 | l2 | semmle.label | l2 | | main.rs:22:13:22:29 | ...::alloc | semmle.label | ...::alloc | | main.rs:22:31:22:44 | l2.align_to(...) [Ok] | semmle.label | l2.align_to(...) [Ok] | -| main.rs:22:31:22:53 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:22:31:22:53 | ... .unwrap() | semmle.label | ... .unwrap() | | main.rs:23:13:23:29 | ...::alloc | semmle.label | ...::alloc | | main.rs:23:31:23:44 | l2.align_to(...) [Ok] | semmle.label | l2.align_to(...) [Ok] | -| main.rs:23:31:23:53 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | -| main.rs:23:31:23:68 | ... .pad_to_align(...) | semmle.label | ... .pad_to_align(...) | +| main.rs:23:31:23:53 | ... .unwrap() | semmle.label | ... .unwrap() | +| main.rs:23:31:23:68 | ... .pad_to_align() | semmle.label | ... .pad_to_align() | | main.rs:24:13:24:36 | ...::alloc_zeroed | semmle.label | ...::alloc_zeroed | | main.rs:24:38:24:39 | l2 | semmle.label | l2 | | main.rs:29:9:29:10 | l4 | semmle.label | l4 | @@ -328,27 +328,27 @@ nodes | main.rs:37:31:37:32 | l6 | semmle.label | l6 | | main.rs:39:9:39:10 | l7 | semmle.label | l7 | | main.rs:39:14:39:72 | ...::from_size_align_unchecked(...) | semmle.label | ...::from_size_align_unchecked(...) | -| main.rs:39:60:39:68 | l6.size(...) | semmle.label | l6.size(...) | +| main.rs:39:60:39:68 | l6.size() | semmle.label | l6.size() | | main.rs:40:13:40:29 | ...::alloc | semmle.label | ...::alloc | | main.rs:40:31:40:32 | l7 | semmle.label | l7 | | main.rs:43:44:43:51 | ...: usize | semmle.label | ...: usize | | main.rs:50:13:50:29 | ...::alloc | semmle.label | ...::alloc | | main.rs:50:31:50:42 | l2.repeat(...) [Ok, tuple.0] | semmle.label | l2.repeat(...) [Ok, tuple.0] | -| main.rs:50:31:50:51 | ... .unwrap(...) [tuple.0] | semmle.label | ... .unwrap(...) [tuple.0] | +| main.rs:50:31:50:51 | ... .unwrap() [tuple.0] | semmle.label | ... .unwrap() [tuple.0] | | main.rs:50:31:50:53 | ... .0 | semmle.label | ... .0 | | main.rs:50:41:50:41 | v | semmle.label | v | | main.rs:51:13:51:29 | ...::alloc | semmle.label | ...::alloc | | main.rs:51:31:51:46 | l2.repeat(...) [Ok, tuple.0] | semmle.label | l2.repeat(...) [Ok, tuple.0] | -| main.rs:51:31:51:55 | ... .unwrap(...) [tuple.0] | semmle.label | ... .unwrap(...) [tuple.0] | +| main.rs:51:31:51:55 | ... .unwrap() [tuple.0] | semmle.label | ... .unwrap() [tuple.0] | | main.rs:51:31:51:57 | ... .0 | semmle.label | ... .0 | | main.rs:51:41:51:45 | ... + ... | semmle.label | ... + ... | | main.rs:53:13:53:29 | ...::alloc | semmle.label | ...::alloc | | main.rs:53:31:53:49 | l2.repeat_packed(...) [Ok] | semmle.label | l2.repeat_packed(...) [Ok] | -| main.rs:53:31:53:58 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:53:31:53:58 | ... .unwrap() | semmle.label | ... .unwrap() | | main.rs:53:48:53:48 | v | semmle.label | v | | main.rs:54:13:54:29 | ...::alloc | semmle.label | ...::alloc | | main.rs:54:31:54:54 | l2.repeat_packed(...) [Ok] | semmle.label | l2.repeat_packed(...) [Ok] | -| main.rs:54:31:54:63 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:54:31:54:63 | ... .unwrap() | semmle.label | ... .unwrap() | | main.rs:54:48:54:53 | ... * ... | semmle.label | ... * ... | | main.rs:58:9:58:20 | TuplePat [tuple.0] | semmle.label | TuplePat [tuple.0] | | main.rs:58:10:58:11 | k1 | semmle.label | k1 | @@ -360,46 +360,46 @@ nodes | main.rs:60:9:60:20 | TuplePat [tuple.0] | semmle.label | TuplePat [tuple.0] | | main.rs:60:10:60:11 | k2 | semmle.label | k2 | | main.rs:60:24:60:36 | l3.extend(...) [Ok, tuple.0] | semmle.label | l3.extend(...) [Ok, tuple.0] | -| main.rs:60:24:60:45 | ... .unwrap(...) [tuple.0] | semmle.label | ... .unwrap(...) [tuple.0] | +| main.rs:60:24:60:45 | ... .unwrap() [tuple.0] | semmle.label | ... .unwrap() [tuple.0] | | main.rs:60:34:60:35 | k1 | semmle.label | k1 | | main.rs:61:13:61:29 | ...::alloc | semmle.label | ...::alloc | | main.rs:61:31:61:32 | k2 | semmle.label | k2 | | main.rs:62:9:62:20 | TuplePat [tuple.0] | semmle.label | TuplePat [tuple.0] | | main.rs:62:10:62:11 | k3 | semmle.label | k3 | | main.rs:62:24:62:36 | k1.extend(...) [Ok, tuple.0] | semmle.label | k1.extend(...) [Ok, tuple.0] | -| main.rs:62:24:62:45 | ... .unwrap(...) [tuple.0] | semmle.label | ... .unwrap(...) [tuple.0] | +| main.rs:62:24:62:45 | ... .unwrap() [tuple.0] | semmle.label | ... .unwrap() [tuple.0] | | main.rs:63:13:63:29 | ...::alloc | semmle.label | ...::alloc | | main.rs:63:31:63:32 | k3 | semmle.label | k3 | | main.rs:64:13:64:29 | ...::alloc | semmle.label | ...::alloc | | main.rs:64:31:64:50 | l3.extend_packed(...) [Ok] | semmle.label | l3.extend_packed(...) [Ok] | -| main.rs:64:31:64:59 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:64:31:64:59 | ... .unwrap() | semmle.label | ... .unwrap() | | main.rs:64:48:64:49 | k1 | semmle.label | k1 | | main.rs:65:13:65:29 | ...::alloc | semmle.label | ...::alloc | | main.rs:65:31:65:50 | k1.extend_packed(...) [Ok] | semmle.label | k1.extend_packed(...) [Ok] | -| main.rs:65:31:65:59 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:65:31:65:59 | ... .unwrap() | semmle.label | ... .unwrap() | | main.rs:67:9:67:10 | l4 | semmle.label | l4 | | main.rs:67:14:67:47 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | -| main.rs:67:14:67:56 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:67:14:67:56 | ... .unwrap() | semmle.label | ... .unwrap() | | main.rs:67:46:67:46 | v | semmle.label | v | | main.rs:68:13:68:29 | ...::alloc | semmle.label | ...::alloc | | main.rs:68:31:68:32 | l4 | semmle.label | l4 | | main.rs:86:35:86:42 | ...: usize | semmle.label | ...: usize | | main.rs:87:9:87:14 | layout | semmle.label | layout | | main.rs:87:18:87:58 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | -| main.rs:87:18:87:67 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:87:18:87:67 | ... .unwrap() | semmle.label | ... .unwrap() | | main.rs:87:54:87:54 | v | semmle.label | v | | main.rs:88:13:88:29 | ...::alloc | semmle.label | ...::alloc | | main.rs:88:31:88:36 | layout | semmle.label | layout | | main.rs:91:38:91:45 | ...: usize | semmle.label | ...: usize | | main.rs:92:9:92:10 | l1 | semmle.label | l1 | | main.rs:92:14:92:48 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | -| main.rs:92:14:92:57 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:92:14:92:57 | ... .unwrap() | semmle.label | ... .unwrap() | | main.rs:92:47:92:47 | v | semmle.label | v | | main.rs:96:17:96:33 | ...::alloc | semmle.label | ...::alloc | | main.rs:96:35:96:36 | l1 | semmle.label | l1 | | main.rs:101:13:101:14 | l3 | semmle.label | l3 | | main.rs:101:18:101:52 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | -| main.rs:101:18:101:61 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:101:18:101:61 | ... .unwrap() | semmle.label | ... .unwrap() | | main.rs:101:51:101:51 | v | semmle.label | v | | main.rs:102:17:102:33 | ...::alloc | semmle.label | ...::alloc | | main.rs:102:35:102:36 | l1 | semmle.label | l1 | @@ -412,7 +412,7 @@ nodes | main.rs:111:35:111:36 | l1 | semmle.label | l1 | | main.rs:145:13:145:14 | l9 | semmle.label | l9 | | main.rs:145:18:145:52 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | -| main.rs:145:18:145:61 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:145:18:145:61 | ... .unwrap() | semmle.label | ... .unwrap() | | main.rs:145:51:145:51 | v | semmle.label | v | | main.rs:146:17:146:33 | ...::alloc | semmle.label | ...::alloc | | main.rs:146:35:146:36 | l1 | semmle.label | l1 | @@ -420,21 +420,21 @@ nodes | main.rs:148:35:148:36 | l9 | semmle.label | l9 | | main.rs:151:9:151:11 | l10 | semmle.label | l10 | | main.rs:151:15:151:69 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | -| main.rs:151:15:151:78 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:151:15:151:78 | ... .unwrap() | semmle.label | ... .unwrap() | | main.rs:151:48:151:68 | ...::min(...) | semmle.label | ...::min(...) | | main.rs:151:62:151:62 | v | semmle.label | v | | main.rs:152:13:152:29 | ...::alloc | semmle.label | ...::alloc | | main.rs:152:31:152:33 | l10 | semmle.label | l10 | | main.rs:154:9:154:11 | l11 | semmle.label | l11 | | main.rs:154:15:154:69 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | -| main.rs:154:15:154:78 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:154:15:154:78 | ... .unwrap() | semmle.label | ... .unwrap() | | main.rs:154:48:154:68 | ...::max(...) | semmle.label | ...::max(...) | | main.rs:154:62:154:62 | v | semmle.label | v | | main.rs:155:13:155:29 | ...::alloc | semmle.label | ...::alloc | | main.rs:155:31:155:33 | l11 | semmle.label | l11 | | main.rs:161:13:161:15 | l13 | semmle.label | l13 | | main.rs:161:19:161:59 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | -| main.rs:161:19:161:68 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:161:19:161:68 | ... .unwrap() | semmle.label | ... .unwrap() | | main.rs:161:55:161:55 | v | semmle.label | v | | main.rs:162:17:162:33 | ...::alloc | semmle.label | ...::alloc | | main.rs:162:35:162:37 | l13 | semmle.label | l13 | @@ -445,7 +445,7 @@ nodes | main.rs:183:29:183:36 | ...: usize | semmle.label | ...: usize | | main.rs:192:9:192:10 | l2 | semmle.label | l2 | | main.rs:192:14:192:47 | ...::array::<...>(...) [Ok] | semmle.label | ...::array::<...>(...) [Ok] | -| main.rs:192:14:192:56 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:192:14:192:56 | ... .unwrap() | semmle.label | ... .unwrap() | | main.rs:192:46:192:46 | v | semmle.label | v | | main.rs:193:32:193:36 | alloc | semmle.label | alloc | | main.rs:193:38:193:39 | l2 | semmle.label | l2 | @@ -476,11 +476,11 @@ nodes | main.rs:224:31:224:31 | v | semmle.label | v | | main.rs:279:24:279:41 | ...: String | semmle.label | ...: String | | main.rs:280:9:280:17 | num_bytes | semmle.label | num_bytes | -| main.rs:280:21:280:47 | user_input.parse(...) [Ok] | semmle.label | user_input.parse(...) [Ok] | +| main.rs:280:21:280:47 | user_input.parse() [Ok] | semmle.label | user_input.parse() [Ok] | | main.rs:280:21:280:48 | TryExpr | semmle.label | TryExpr | | main.rs:282:9:282:14 | layout | semmle.label | layout | | main.rs:282:18:282:66 | ...::from_size_align(...) [Ok] | semmle.label | ...::from_size_align(...) [Ok] | -| main.rs:282:18:282:75 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:282:18:282:75 | ... .unwrap() | semmle.label | ... .unwrap() | | main.rs:282:54:282:62 | num_bytes | semmle.label | num_bytes | | main.rs:284:22:284:38 | ...::alloc | semmle.label | ...::alloc | | main.rs:284:40:284:45 | layout | semmle.label | layout | @@ -493,8 +493,8 @@ nodes | main.rs:317:13:317:28 | ...::args(...) [element] | semmle.label | ...::args(...) [element] | | main.rs:317:13:317:35 | ... .nth(...) [Some] | semmle.label | ... .nth(...) [Some] | | main.rs:317:13:317:65 | ... .unwrap_or(...) | semmle.label | ... .unwrap_or(...) | -| main.rs:317:13:317:82 | ... .parse(...) [Ok] | semmle.label | ... .parse(...) [Ok] | -| main.rs:317:13:317:91 | ... .unwrap(...) | semmle.label | ... .unwrap(...) | +| main.rs:317:13:317:82 | ... .parse() [Ok] | semmle.label | ... .parse() [Ok] | +| main.rs:317:13:317:91 | ... .unwrap() | semmle.label | ... .unwrap() | | main.rs:320:34:320:34 | v | semmle.label | v | | main.rs:321:42:321:42 | v | semmle.label | v | | main.rs:322:36:322:36 | v | semmle.label | v | From c9939387f8512d39e52b8f201d89926519d8be48 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Fri, 4 Apr 2025 21:47:22 +0100 Subject: [PATCH 259/409] Rust: Turn on PrettyPrintModels for RegexInjection so we hopefully don't have to deal with test result changes there as often. --- .../security/CWE-020/RegexInjection.expected | 13 +++++++++---- .../security/CWE-020/RegexInjection.qlref | 4 +++- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected b/rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected index 4d5a046ccc5..c86d5f444d6 100644 --- a/rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected +++ b/rust/ql/test/query-tests/security/CWE-020/RegexInjection.expected @@ -2,16 +2,21 @@ | main.rs:6:25:6:30 | ®ex | main.rs:4:20:4:32 | ...::var | main.rs:6:25:6:30 | ®ex | This regular expression is constructed from a $@. | main.rs:4:20:4:32 | ...::var | user-provided value | edges | main.rs:4:9:4:16 | username | main.rs:5:25:5:44 | MacroExpr | provenance | | -| main.rs:4:20:4:32 | ...::var | main.rs:4:20:4:40 | ...::var(...) [Ok] | provenance | Src:MaD:68 | -| main.rs:4:20:4:40 | ...::var(...) [Ok] | main.rs:4:20:4:66 | ... .unwrap_or(...) | provenance | MaD:1660 | +| main.rs:4:20:4:32 | ...::var | main.rs:4:20:4:40 | ...::var(...) [Ok] | provenance | Src:MaD:1 | +| main.rs:4:20:4:40 | ...::var(...) [Ok] | main.rs:4:20:4:66 | ... .unwrap_or(...) | provenance | MaD:3 | | main.rs:4:20:4:66 | ... .unwrap_or(...) | main.rs:4:9:4:16 | username | provenance | | | main.rs:5:9:5:13 | regex | main.rs:6:26:6:30 | regex | provenance | | | main.rs:5:17:5:45 | res | main.rs:5:25:5:44 | { ... } | provenance | | | main.rs:5:25:5:44 | ...::format(...) | main.rs:5:17:5:45 | res | provenance | | | main.rs:5:25:5:44 | ...::must_use(...) | main.rs:5:9:5:13 | regex | provenance | | -| main.rs:5:25:5:44 | MacroExpr | main.rs:5:25:5:44 | ...::format(...) | provenance | MaD:119 | -| main.rs:5:25:5:44 | { ... } | main.rs:5:25:5:44 | ...::must_use(...) | provenance | MaD:3083 | +| main.rs:5:25:5:44 | MacroExpr | main.rs:5:25:5:44 | ...::format(...) | provenance | MaD:2 | +| main.rs:5:25:5:44 | { ... } | main.rs:5:25:5:44 | ...::must_use(...) | provenance | MaD:4 | | main.rs:6:26:6:30 | regex | main.rs:6:25:6:30 | ®ex | provenance | | +models +| 1 | Source: lang:std; crate::env::var; environment-source; ReturnValue.Field[crate::result::Result::Ok(0)] | +| 2 | Summary: lang:alloc; crate::fmt::format; Argument[0]; ReturnValue; taint | +| 3 | Summary: lang:core; ::unwrap_or; Argument[self].Field[crate::result::Result::Ok(0)]; ReturnValue; value | +| 4 | Summary: lang:core; crate::hint::must_use; Argument[0]; ReturnValue; value | nodes | main.rs:4:9:4:16 | username | semmle.label | username | | main.rs:4:20:4:32 | ...::var | semmle.label | ...::var | diff --git a/rust/ql/test/query-tests/security/CWE-020/RegexInjection.qlref b/rust/ql/test/query-tests/security/CWE-020/RegexInjection.qlref index bc028b7e20d..390ef3fe575 100644 --- a/rust/ql/test/query-tests/security/CWE-020/RegexInjection.qlref +++ b/rust/ql/test/query-tests/security/CWE-020/RegexInjection.qlref @@ -1,2 +1,4 @@ query: queries/security/CWE-020/RegexInjection.ql -postprocess: utils/test/InlineExpectationsTestQuery.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql From f992c714fd9ca1b90002fec25525bb8dc5f9bbef Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Mon, 7 Apr 2025 09:24:26 +0200 Subject: [PATCH 260/409] Ruby: Add change note --- ruby/ql/lib/change-notes/2025-04-07-implicit-super-args.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 ruby/ql/lib/change-notes/2025-04-07-implicit-super-args.md diff --git a/ruby/ql/lib/change-notes/2025-04-07-implicit-super-args.md b/ruby/ql/lib/change-notes/2025-04-07-implicit-super-args.md new file mode 100644 index 00000000000..7570dffb740 --- /dev/null +++ b/ruby/ql/lib/change-notes/2025-04-07-implicit-super-args.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Calls to `super` without explict arguments now have their implicit arguments generated. For example, in `def foo(x, y) { super } end` the call to `super` becomes `super(x, y)`. From 6fb5376c5f65259ef1e185c3d83820c5130b1c26 Mon Sep 17 00:00:00 2001 From: Napalys Date: Mon, 7 Apr 2025 11:44:40 +0200 Subject: [PATCH 261/409] Refactor `ReceivedItemAsRemoteFlow` to handle data from both client and server WebSocket sources --- .../javascript/frameworks/WebSocket.qll | 25 +++++++------ .../frameworks/WebSocket/browser-custom.js | 18 +++++----- .../frameworks/WebSocket/browser.js | 8 ++--- .../frameworks/WebSocket/client-custom.js | 4 +-- .../frameworks/WebSocket/client.js | 2 +- .../frameworks/WebSocket/test.expected | 36 +++++++++++++------ 6 files changed, 56 insertions(+), 37 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll b/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll index da110c6562c..5e40360a4d8 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll @@ -344,15 +344,18 @@ module ServerWebSocket { result = this.getCallback(1).getParameter(0) } } - - /** - * A data flow node representing data received from a client, viewed as remote user input. - */ - private class ReceivedItemAsRemoteFlow extends RemoteFlowSource { - ReceivedItemAsRemoteFlow() { this = any(ReceiveNode rercv).getReceivedItem(_) } - - override string getSourceType() { result = "WebSocket client data" } - - override predicate isUserControlledObject() { any() } - } +} + +/** + * A data flow node representing data received from a client or server, viewed as remote user input. + */ +private class ReceivedItemAsRemoteFlow extends RemoteFlowSource { + ReceivedItemAsRemoteFlow() { + this = any(ClientWebSocket::ReceiveNode rercv).getReceivedItem(_) or + this = any(ServerWebSocket::ReceiveNode rercv).getReceivedItem(_) + } + + override string getSourceType() { result = "WebSocket transmitted data" } + + override predicate isUserControlledObject() { any() } } diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js b/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js index ad0d30fb01e..f7ac5b0f4fe 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/browser-custom.js @@ -8,11 +8,11 @@ import { MyWebSocket, MySockJS, myWebSocketInstance, mySockJSInstance } from './ }); socket.addEventListener('message', function (event) { - console.log('Message from server ', event.data); + console.log('Message from server ', event.data); // $ remoteFlow }); // $ clientReceive socket.onmessage = function (event) { - console.log("Message from server 2", event.data) + console.log("Message from server 2", event.data); // $ remoteFlow }; // $ clientReceive })(); @@ -24,12 +24,12 @@ import { MyWebSocket, MySockJS, myWebSocketInstance, mySockJSInstance } from './ }; sock.onmessage = function (e) { - console.log('message', e.data); + console.log('message', e.data); // $ remoteFlow sock.close(); }; // $ clientReceive sock.addEventListener('message', function (event) { - console.log('Using addEventListener ', event.data); + console.log('Using addEventListener ', event.data); // $ remoteFlow }); // $ clientReceive })(); @@ -40,11 +40,11 @@ import { MyWebSocket, MySockJS, myWebSocketInstance, mySockJSInstance } from './ }); myWebSocketInstance.addEventListener('message', function (event) { - console.log('Message from server ', event.data); + console.log('Message from server ', event.data); // $ remoteFlow }); // $ clientReceive myWebSocketInstance.onmessage = function (event) { - console.log("Message from server 2", event.data) + console.log("Message from server 2", event.data); // $ remoteFlow }; // $ clientReceive })(); @@ -55,18 +55,18 @@ import { MyWebSocket, MySockJS, myWebSocketInstance, mySockJSInstance } from './ }; mySockJSInstance.onmessage = function (e) { - console.log('message', e.data); + console.log('message', e.data); // $ remoteFlow mySockJSInstance.close(); }; // $ clientReceive mySockJSInstance.addEventListener('message', function (event) { - console.log('Using addEventListener ', event.data); + console.log('Using addEventListener ', event.data); // $ remoteFlow }); // $ clientReceive })(); const recv_message = function (e) { - console.log('Received message:', e.data); + console.log('Received message:', e.data); // $ remoteFlow }; // $ clientReceive (function () { diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/browser.js b/javascript/ql/test/library-tests/frameworks/WebSocket/browser.js index f966879f9f2..4d82c113e08 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/browser.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/browser.js @@ -6,11 +6,11 @@ }); socket.addEventListener('message', function (event) { - console.log('Message from server ', event.data); + console.log('Message from server ', event.data); // $ remoteFlow }); // $clientReceive socket.onmessage = function (event) { - console.log("Message from server 2", event.data) + console.log("Message from server 2", event.data); // $ remoteFlow }; // $clientReceive })(); @@ -22,12 +22,12 @@ }; sock.onmessage = function (e) { - console.log('message', e.data); + console.log('message', e.data); // $ remoteFlow sock.close(); }; // $clientReceive sock.addEventListener('message', function (event) { - console.log('Using addEventListener ', event.data); + console.log('Using addEventListener ', event.data); // $ remoteFlow }); // $clientReceive })(); diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/client-custom.js b/javascript/ql/test/library-tests/frameworks/WebSocket/client-custom.js index dd8c84e87c0..24eeebdb4cc 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/client-custom.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/client-custom.js @@ -7,7 +7,7 @@ const { MyWebSocketWS, myWebSocketWSInstance } = require('./client.js'); ws.send('Hi from client!'); // $ clientSend }); - ws.on('message', function incoming(data) { + ws.on('message', function incoming(data) { // $ remoteFlow console.log(data); }); // $ clientReceive })(); @@ -17,7 +17,7 @@ const { MyWebSocketWS, myWebSocketWSInstance } = require('./client.js'); myWebSocketWSInstance.send('Hi from client!'); // $ clientSend }); - myWebSocketWSInstance.on('message', function incoming(data) { + myWebSocketWSInstance.on('message', function incoming(data) { // $ remoteFlow console.log(data); }); // $ clientReceive })(); diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/client.js b/javascript/ql/test/library-tests/frameworks/WebSocket/client.js index 54a200f3379..7061d51a954 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/client.js +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/client.js @@ -7,7 +7,7 @@ const WebSocket = require('ws'); ws.send('Hi from client!'); // $clientSend }); - ws.on('message', function incoming(data) { + ws.on('message', function incoming(data) { // $ remoteFlow console.log(data); }); // $clientReceive })(); diff --git a/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected b/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected index 7480e066876..d08070a1a71 100644 --- a/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected +++ b/javascript/ql/test/library-tests/frameworks/WebSocket/test.expected @@ -1,17 +1,17 @@ clientReceive -| browser-custom.js:10:37:12:2 | functio ... ta);\\n\\t} | -| browser-custom.js:14:21:16:2 | functio ... ata)\\n\\t} | +| browser-custom.js:10:37:12:2 | functio ... Flow\\n\\t} | +| browser-custom.js:14:21:16:2 | functio ... Flow\\n\\t} | | browser-custom.js:26:19:29:2 | functio ... e();\\n\\t} | -| browser-custom.js:31:35:33:2 | functio ... ta);\\n\\t} | -| browser-custom.js:42:53:44:5 | functio ... ;\\n } | -| browser-custom.js:46:37:48:5 | functio ... )\\n } | +| browser-custom.js:31:35:33:2 | functio ... Flow\\n\\t} | +| browser-custom.js:42:53:44:5 | functio ... w\\n } | +| browser-custom.js:46:37:48:5 | functio ... w\\n } | | browser-custom.js:57:34:60:5 | functio ... ;\\n } | -| browser-custom.js:62:50:64:5 | functio ... ;\\n } | -| browser-custom.js:68:22:70:1 | functio ... ata);\\n} | -| browser.js:8:37:10:2 | functio ... ta);\\n\\t} | -| browser.js:12:21:14:2 | functio ... ata)\\n\\t} | +| browser-custom.js:62:50:64:5 | functio ... w\\n } | +| browser-custom.js:68:22:70:1 | functio ... eFlow\\n} | +| browser.js:8:37:10:2 | functio ... Flow\\n\\t} | +| browser.js:12:21:14:2 | functio ... Flow\\n\\t} | | browser.js:24:19:27:2 | functio ... e();\\n\\t} | -| browser.js:29:35:31:2 | functio ... ta);\\n\\t} | +| browser.js:29:35:31:2 | functio ... Flow\\n\\t} | | client-custom.js:10:19:12:2 | functio ... ta);\\n\\t} | | client-custom.js:20:38:22:2 | functio ... ta);\\n\\t} | | client.js:10:19:12:2 | functio ... ta);\\n\\t} | @@ -102,6 +102,22 @@ flowSteps | sockjs.js:11:20:11:50 | JSON.st ... .test)) | browser.js:25:26:25:31 | e.data | | sockjs.js:11:20:11:50 | JSON.st ... .test)) | browser.js:30:42:30:51 | event.data | remoteFlow +| browser-custom.js:11:39:11:48 | event.data | +| browser-custom.js:15:40:15:49 | event.data | +| browser-custom.js:27:26:27:31 | e.data | +| browser-custom.js:32:42:32:51 | event.data | +| browser-custom.js:43:45:43:54 | event.data | +| browser-custom.js:47:46:47:55 | event.data | +| browser-custom.js:58:32:58:37 | e.data | +| browser-custom.js:63:48:63:57 | event.data | +| browser-custom.js:69:38:69:43 | e.data | +| browser.js:9:39:9:48 | event.data | +| browser.js:13:40:13:49 | event.data | +| browser.js:25:26:25:31 | e.data | +| browser.js:30:42:30:51 | event.data | +| client-custom.js:10:37:10:40 | data | +| client-custom.js:20:56:20:59 | data | +| client.js:10:37:10:40 | data | | server-custom.js:7:38:7:44 | message | | server-custom.js:17:38:17:44 | message | | server.js:7:38:7:44 | message | From 5c2d6e3d0fa3dbbaa01235301f15b552fe03780f Mon Sep 17 00:00:00 2001 From: Simon Friis Vindum Date: Mon, 7 Apr 2025 11:45:43 +0200 Subject: [PATCH 262/409] Rust: Add path resolution test for Self in trait implementation --- .../library-tests/path-resolution/main.rs | 28 ++++ .../path-resolution/path-resolution.expected | 124 +++++++++--------- 2 files changed, 93 insertions(+), 59 deletions(-) diff --git a/rust/ql/test/library-tests/path-resolution/main.rs b/rust/ql/test/library-tests/path-resolution/main.rs index 3d54b1a4b6a..2f9c2c19fbe 100644 --- a/rust/ql/test/library-tests/path-resolution/main.rs +++ b/rust/ql/test/library-tests/path-resolution/main.rs @@ -520,6 +520,33 @@ mod m21 { } } +mod m23 { + #[rustfmt::skip] + trait Trait1< + T // I1 + > { + fn f(&self); // // I3 + } // I2 + + struct S; // I4 + + #[rustfmt::skip] + impl Trait1< + Self // $ MISSING: item=I4 + > // $ item=I2 + for S { // $ item=I4 + fn f(&self) { + println!("m23::>::f"); + } // I5 + } + + #[rustfmt::skip] + pub fn f() { + let x = S; // $ item=I4 + x.f(); // $ item=I5 + } // I108 +} + fn main() { my::nested::nested1::nested2::f(); // $ item=I4 my::f(); // $ item=I38 @@ -547,4 +574,5 @@ fn main() { my3::f(); // $ item=I200 nested_f(); // $ item=I201 m18::m19::m20::g(); // $ item=I103 + m23::f(); // $ item=I108 } diff --git a/rust/ql/test/library-tests/path-resolution/path-resolution.expected b/rust/ql/test/library-tests/path-resolution/path-resolution.expected index a7ead02db84..54914c79c37 100644 --- a/rust/ql/test/library-tests/path-resolution/path-resolution.expected +++ b/rust/ql/test/library-tests/path-resolution/path-resolution.expected @@ -27,6 +27,7 @@ mod | main.rs:496:1:521:1 | mod m21 | | main.rs:497:5:503:5 | mod m22 | | main.rs:505:5:520:5 | mod m33 | +| main.rs:523:1:548:1 | mod m23 | | my2/mod.rs:1:1:1:16 | mod nested2 | | my2/mod.rs:12:1:12:12 | mod my3 | | my2/nested2.rs:1:1:11:1 | mod nested3 | @@ -59,7 +60,7 @@ resolvePath | main.rs:30:17:30:21 | super | main.rs:18:5:36:5 | mod m2 | | main.rs:30:17:30:24 | ...::f | main.rs:19:9:21:9 | fn f | | main.rs:33:17:33:17 | f | main.rs:19:9:21:9 | fn f | -| main.rs:40:9:40:13 | super | main.rs:1:1:550:2 | SourceFile | +| main.rs:40:9:40:13 | super | main.rs:1:1:578:2 | SourceFile | | main.rs:40:9:40:17 | ...::m1 | main.rs:13:1:37:1 | mod m1 | | main.rs:40:9:40:21 | ...::m2 | main.rs:18:5:36:5 | mod m2 | | main.rs:40:9:40:24 | ...::g | main.rs:23:9:27:9 | fn g | @@ -71,7 +72,7 @@ resolvePath | main.rs:61:17:61:19 | Foo | main.rs:59:9:59:21 | struct Foo | | main.rs:64:13:64:15 | Foo | main.rs:53:5:53:17 | struct Foo | | main.rs:66:5:66:5 | f | main.rs:55:5:62:5 | fn f | -| main.rs:68:5:68:8 | self | main.rs:1:1:550:2 | SourceFile | +| main.rs:68:5:68:8 | self | main.rs:1:1:578:2 | SourceFile | | main.rs:68:5:68:11 | ...::i | main.rs:71:1:83:1 | fn i | | main.rs:74:13:74:15 | Foo | main.rs:48:1:48:13 | struct Foo | | main.rs:81:17:81:19 | Foo | main.rs:77:9:79:9 | struct Foo | @@ -85,7 +86,7 @@ resolvePath | main.rs:87:57:87:66 | ...::g | my2/nested2.rs:7:9:9:9 | fn g | | main.rs:87:80:87:86 | nested4 | my2/nested2.rs:2:5:10:5 | mod nested4 | | main.rs:100:5:100:22 | f_defined_in_macro | main.rs:99:18:99:42 | fn f_defined_in_macro | -| main.rs:117:13:117:17 | super | main.rs:1:1:550:2 | SourceFile | +| main.rs:117:13:117:17 | super | main.rs:1:1:578:2 | SourceFile | | main.rs:117:13:117:21 | ...::m5 | main.rs:103:1:107:1 | mod m5 | | main.rs:118:9:118:9 | f | main.rs:104:5:106:5 | fn f | | main.rs:118:9:118:9 | f | main.rs:110:5:112:5 | fn f | @@ -234,61 +235,66 @@ resolvePath | main.rs:517:21:517:26 | MyEnum | main.rs:498:9:500:9 | enum MyEnum | | main.rs:517:21:517:29 | ...::A | main.rs:499:13:499:13 | A | | main.rs:518:21:518:28 | MyStruct | main.rs:502:9:502:28 | struct MyStruct | -| main.rs:524:5:524:6 | my | main.rs:1:1:1:7 | mod my | -| main.rs:524:5:524:14 | ...::nested | my.rs:1:1:1:15 | mod nested | -| main.rs:524:5:524:23 | ...::nested1 | my/nested.rs:1:1:17:1 | mod nested1 | -| main.rs:524:5:524:32 | ...::nested2 | my/nested.rs:2:5:11:5 | mod nested2 | -| main.rs:524:5:524:35 | ...::f | my/nested.rs:3:9:5:9 | fn f | -| main.rs:525:5:525:6 | my | main.rs:1:1:1:7 | mod my | -| main.rs:525:5:525:9 | ...::f | my.rs:5:1:7:1 | fn f | -| main.rs:526:5:526:11 | nested2 | my2/mod.rs:1:1:1:16 | mod nested2 | -| main.rs:526:5:526:20 | ...::nested3 | my2/nested2.rs:1:1:11:1 | mod nested3 | -| main.rs:526:5:526:29 | ...::nested4 | my2/nested2.rs:2:5:10:5 | mod nested4 | -| main.rs:526:5:526:32 | ...::f | my2/nested2.rs:3:9:5:9 | fn f | -| main.rs:527:5:527:5 | f | my2/nested2.rs:3:9:5:9 | fn f | -| main.rs:528:5:528:5 | g | my2/nested2.rs:7:9:9:9 | fn g | -| main.rs:529:5:529:9 | crate | main.rs:0:0:0:0 | Crate(main@0.0.1) | -| main.rs:529:5:529:12 | ...::h | main.rs:50:1:69:1 | fn h | -| main.rs:530:5:530:6 | m1 | main.rs:13:1:37:1 | mod m1 | -| main.rs:530:5:530:10 | ...::m2 | main.rs:18:5:36:5 | mod m2 | -| main.rs:530:5:530:13 | ...::g | main.rs:23:9:27:9 | fn g | -| main.rs:531:5:531:6 | m1 | main.rs:13:1:37:1 | mod m1 | -| main.rs:531:5:531:10 | ...::m2 | main.rs:18:5:36:5 | mod m2 | -| main.rs:531:5:531:14 | ...::m3 | main.rs:29:9:35:9 | mod m3 | -| main.rs:531:5:531:17 | ...::h | main.rs:30:27:34:13 | fn h | -| main.rs:532:5:532:6 | m4 | main.rs:39:1:46:1 | mod m4 | -| main.rs:532:5:532:9 | ...::i | main.rs:42:5:45:5 | fn i | -| main.rs:533:5:533:5 | h | main.rs:50:1:69:1 | fn h | -| main.rs:534:5:534:11 | f_alias | my2/nested2.rs:3:9:5:9 | fn f | -| main.rs:535:5:535:11 | g_alias | my2/nested2.rs:7:9:9:9 | fn g | -| main.rs:536:5:536:5 | j | main.rs:97:1:101:1 | fn j | -| main.rs:537:5:537:6 | m6 | main.rs:109:1:120:1 | mod m6 | -| main.rs:537:5:537:9 | ...::g | main.rs:114:5:119:5 | fn g | -| main.rs:538:5:538:6 | m7 | main.rs:122:1:137:1 | mod m7 | -| main.rs:538:5:538:9 | ...::f | main.rs:129:5:136:5 | fn f | -| main.rs:539:5:539:6 | m8 | main.rs:139:1:193:1 | mod m8 | -| main.rs:539:5:539:9 | ...::g | main.rs:177:5:192:5 | fn g | -| main.rs:540:5:540:6 | m9 | main.rs:195:1:203:1 | mod m9 | -| main.rs:540:5:540:9 | ...::f | main.rs:198:5:202:5 | fn f | -| main.rs:541:5:541:7 | m11 | main.rs:226:1:263:1 | mod m11 | -| main.rs:541:5:541:10 | ...::f | main.rs:231:5:234:5 | fn f | -| main.rs:542:5:542:7 | m15 | main.rs:294:1:348:1 | mod m15 | -| main.rs:542:5:542:10 | ...::f | main.rs:335:5:347:5 | fn f | -| main.rs:543:5:543:7 | m16 | main.rs:350:1:442:1 | mod m16 | -| main.rs:543:5:543:10 | ...::f | main.rs:417:5:441:5 | fn f | -| main.rs:544:5:544:7 | m17 | main.rs:444:1:474:1 | mod m17 | -| main.rs:544:5:544:10 | ...::f | main.rs:468:5:473:5 | fn f | -| main.rs:545:5:545:11 | nested6 | my2/nested2.rs:14:5:18:5 | mod nested6 | -| main.rs:545:5:545:14 | ...::f | my2/nested2.rs:15:9:17:9 | fn f | -| main.rs:546:5:546:11 | nested8 | my2/nested2.rs:22:5:26:5 | mod nested8 | -| main.rs:546:5:546:14 | ...::f | my2/nested2.rs:23:9:25:9 | fn f | -| main.rs:547:5:547:7 | my3 | my2/mod.rs:12:1:12:12 | mod my3 | -| main.rs:547:5:547:10 | ...::f | my2/my3/mod.rs:1:1:5:1 | fn f | -| main.rs:548:5:548:12 | nested_f | my/my4/my5/mod.rs:1:1:3:1 | fn f | -| main.rs:549:5:549:7 | m18 | main.rs:476:1:494:1 | mod m18 | -| main.rs:549:5:549:12 | ...::m19 | main.rs:481:5:493:5 | mod m19 | -| main.rs:549:5:549:17 | ...::m20 | main.rs:486:9:492:9 | mod m20 | -| main.rs:549:5:549:20 | ...::g | main.rs:487:13:491:13 | fn g | +| main.rs:534:10:536:5 | Trait1::<...> | main.rs:524:5:529:5 | trait Trait1 | +| main.rs:537:11:537:11 | S | main.rs:531:5:531:13 | struct S | +| main.rs:545:17:545:17 | S | main.rs:531:5:531:13 | struct S | +| main.rs:551:5:551:6 | my | main.rs:1:1:1:7 | mod my | +| main.rs:551:5:551:14 | ...::nested | my.rs:1:1:1:15 | mod nested | +| main.rs:551:5:551:23 | ...::nested1 | my/nested.rs:1:1:17:1 | mod nested1 | +| main.rs:551:5:551:32 | ...::nested2 | my/nested.rs:2:5:11:5 | mod nested2 | +| main.rs:551:5:551:35 | ...::f | my/nested.rs:3:9:5:9 | fn f | +| main.rs:552:5:552:6 | my | main.rs:1:1:1:7 | mod my | +| main.rs:552:5:552:9 | ...::f | my.rs:5:1:7:1 | fn f | +| main.rs:553:5:553:11 | nested2 | my2/mod.rs:1:1:1:16 | mod nested2 | +| main.rs:553:5:553:20 | ...::nested3 | my2/nested2.rs:1:1:11:1 | mod nested3 | +| main.rs:553:5:553:29 | ...::nested4 | my2/nested2.rs:2:5:10:5 | mod nested4 | +| main.rs:553:5:553:32 | ...::f | my2/nested2.rs:3:9:5:9 | fn f | +| main.rs:554:5:554:5 | f | my2/nested2.rs:3:9:5:9 | fn f | +| main.rs:555:5:555:5 | g | my2/nested2.rs:7:9:9:9 | fn g | +| main.rs:556:5:556:9 | crate | main.rs:0:0:0:0 | Crate(main@0.0.1) | +| main.rs:556:5:556:12 | ...::h | main.rs:50:1:69:1 | fn h | +| main.rs:557:5:557:6 | m1 | main.rs:13:1:37:1 | mod m1 | +| main.rs:557:5:557:10 | ...::m2 | main.rs:18:5:36:5 | mod m2 | +| main.rs:557:5:557:13 | ...::g | main.rs:23:9:27:9 | fn g | +| main.rs:558:5:558:6 | m1 | main.rs:13:1:37:1 | mod m1 | +| main.rs:558:5:558:10 | ...::m2 | main.rs:18:5:36:5 | mod m2 | +| main.rs:558:5:558:14 | ...::m3 | main.rs:29:9:35:9 | mod m3 | +| main.rs:558:5:558:17 | ...::h | main.rs:30:27:34:13 | fn h | +| main.rs:559:5:559:6 | m4 | main.rs:39:1:46:1 | mod m4 | +| main.rs:559:5:559:9 | ...::i | main.rs:42:5:45:5 | fn i | +| main.rs:560:5:560:5 | h | main.rs:50:1:69:1 | fn h | +| main.rs:561:5:561:11 | f_alias | my2/nested2.rs:3:9:5:9 | fn f | +| main.rs:562:5:562:11 | g_alias | my2/nested2.rs:7:9:9:9 | fn g | +| main.rs:563:5:563:5 | j | main.rs:97:1:101:1 | fn j | +| main.rs:564:5:564:6 | m6 | main.rs:109:1:120:1 | mod m6 | +| main.rs:564:5:564:9 | ...::g | main.rs:114:5:119:5 | fn g | +| main.rs:565:5:565:6 | m7 | main.rs:122:1:137:1 | mod m7 | +| main.rs:565:5:565:9 | ...::f | main.rs:129:5:136:5 | fn f | +| main.rs:566:5:566:6 | m8 | main.rs:139:1:193:1 | mod m8 | +| main.rs:566:5:566:9 | ...::g | main.rs:177:5:192:5 | fn g | +| main.rs:567:5:567:6 | m9 | main.rs:195:1:203:1 | mod m9 | +| main.rs:567:5:567:9 | ...::f | main.rs:198:5:202:5 | fn f | +| main.rs:568:5:568:7 | m11 | main.rs:226:1:263:1 | mod m11 | +| main.rs:568:5:568:10 | ...::f | main.rs:231:5:234:5 | fn f | +| main.rs:569:5:569:7 | m15 | main.rs:294:1:348:1 | mod m15 | +| main.rs:569:5:569:10 | ...::f | main.rs:335:5:347:5 | fn f | +| main.rs:570:5:570:7 | m16 | main.rs:350:1:442:1 | mod m16 | +| main.rs:570:5:570:10 | ...::f | main.rs:417:5:441:5 | fn f | +| main.rs:571:5:571:7 | m17 | main.rs:444:1:474:1 | mod m17 | +| main.rs:571:5:571:10 | ...::f | main.rs:468:5:473:5 | fn f | +| main.rs:572:5:572:11 | nested6 | my2/nested2.rs:14:5:18:5 | mod nested6 | +| main.rs:572:5:572:14 | ...::f | my2/nested2.rs:15:9:17:9 | fn f | +| main.rs:573:5:573:11 | nested8 | my2/nested2.rs:22:5:26:5 | mod nested8 | +| main.rs:573:5:573:14 | ...::f | my2/nested2.rs:23:9:25:9 | fn f | +| main.rs:574:5:574:7 | my3 | my2/mod.rs:12:1:12:12 | mod my3 | +| main.rs:574:5:574:10 | ...::f | my2/my3/mod.rs:1:1:5:1 | fn f | +| main.rs:575:5:575:12 | nested_f | my/my4/my5/mod.rs:1:1:3:1 | fn f | +| main.rs:576:5:576:7 | m18 | main.rs:476:1:494:1 | mod m18 | +| main.rs:576:5:576:12 | ...::m19 | main.rs:481:5:493:5 | mod m19 | +| main.rs:576:5:576:17 | ...::m20 | main.rs:486:9:492:9 | mod m20 | +| main.rs:576:5:576:20 | ...::g | main.rs:487:13:491:13 | fn g | +| main.rs:577:5:577:7 | m23 | main.rs:523:1:548:1 | mod m23 | +| main.rs:577:5:577:10 | ...::f | main.rs:543:5:547:5 | fn f | | my2/mod.rs:5:5:5:11 | nested2 | my2/mod.rs:1:1:1:16 | mod nested2 | | my2/mod.rs:5:5:5:20 | ...::nested3 | my2/nested2.rs:1:1:11:1 | mod nested3 | | my2/mod.rs:5:5:5:29 | ...::nested4 | my2/nested2.rs:2:5:10:5 | mod nested4 | @@ -302,7 +308,7 @@ resolvePath | my2/my3/mod.rs:3:5:3:5 | g | my2/mod.rs:3:1:6:1 | fn g | | my2/my3/mod.rs:4:5:4:5 | h | main.rs:50:1:69:1 | fn h | | my2/my3/mod.rs:7:5:7:9 | super | my2/mod.rs:1:1:12:13 | SourceFile | -| my2/my3/mod.rs:7:5:7:16 | ...::super | main.rs:1:1:550:2 | SourceFile | +| my2/my3/mod.rs:7:5:7:16 | ...::super | main.rs:1:1:578:2 | SourceFile | | my2/my3/mod.rs:7:5:7:19 | ...::h | main.rs:50:1:69:1 | fn h | | my2/my3/mod.rs:8:5:8:9 | super | my2/mod.rs:1:1:12:13 | SourceFile | | my2/my3/mod.rs:8:5:8:12 | ...::g | my2/mod.rs:3:1:6:1 | fn g | From 6cecf7e618fbeec0e159520c9ed8fc447bcf84b9 Mon Sep 17 00:00:00 2001 From: Simon Friis Vindum Date: Mon, 7 Apr 2025 11:47:48 +0200 Subject: [PATCH 263/409] Rust: Resolve Self path in trait type of implementation --- rust/ql/lib/codeql/rust/internal/PathResolution.qll | 2 ++ rust/ql/test/library-tests/path-resolution/main.rs | 2 +- .../test/library-tests/path-resolution/path-resolution.expected | 1 + 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/rust/ql/lib/codeql/rust/internal/PathResolution.qll b/rust/ql/lib/codeql/rust/internal/PathResolution.qll index c70ab0049d5..24b0efd28a4 100644 --- a/rust/ql/lib/codeql/rust/internal/PathResolution.qll +++ b/rust/ql/lib/codeql/rust/internal/PathResolution.qll @@ -373,6 +373,8 @@ abstract class ImplOrTraitItemNode extends ItemNode { /** Gets an item that may refer to this node using `Self`. */ pragma[nomagic] ItemNode getAnItemInSelfScope() { + result = this + or result.getImmediateParent() = this or exists(ItemNode mid | diff --git a/rust/ql/test/library-tests/path-resolution/main.rs b/rust/ql/test/library-tests/path-resolution/main.rs index 2f9c2c19fbe..6e7fa8af354 100644 --- a/rust/ql/test/library-tests/path-resolution/main.rs +++ b/rust/ql/test/library-tests/path-resolution/main.rs @@ -532,7 +532,7 @@ mod m23 { #[rustfmt::skip] impl Trait1< - Self // $ MISSING: item=I4 + Self // $ item=I4 > // $ item=I2 for S { // $ item=I4 fn f(&self) { diff --git a/rust/ql/test/library-tests/path-resolution/path-resolution.expected b/rust/ql/test/library-tests/path-resolution/path-resolution.expected index 54914c79c37..1d480f2f5ad 100644 --- a/rust/ql/test/library-tests/path-resolution/path-resolution.expected +++ b/rust/ql/test/library-tests/path-resolution/path-resolution.expected @@ -236,6 +236,7 @@ resolvePath | main.rs:517:21:517:29 | ...::A | main.rs:499:13:499:13 | A | | main.rs:518:21:518:28 | MyStruct | main.rs:502:9:502:28 | struct MyStruct | | main.rs:534:10:536:5 | Trait1::<...> | main.rs:524:5:529:5 | trait Trait1 | +| main.rs:535:7:535:10 | Self | main.rs:531:5:531:13 | struct S | | main.rs:537:11:537:11 | S | main.rs:531:5:531:13 | struct S | | main.rs:545:17:545:17 | S | main.rs:531:5:531:13 | struct S | | main.rs:551:5:551:6 | my | main.rs:1:1:1:7 | mod my | From c4fa4176802a27405e418ba0a87325c502b34cc0 Mon Sep 17 00:00:00 2001 From: Napalys Date: Mon, 7 Apr 2025 12:11:33 +0200 Subject: [PATCH 264/409] Added change note --- javascript/ql/lib/change-notes/2025-04-07-websocket.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 javascript/ql/lib/change-notes/2025-04-07-websocket.md diff --git a/javascript/ql/lib/change-notes/2025-04-07-websocket.md b/javascript/ql/lib/change-notes/2025-04-07-websocket.md new file mode 100644 index 00000000000..a6f6e214f3a --- /dev/null +++ b/javascript/ql/lib/change-notes/2025-04-07-websocket.md @@ -0,0 +1,5 @@ +--- +category: minorAnalysis +--- +* Improved `WebSocket` analysis by refactoring the model to use API graphs. +* Added data received from `WebSocket` clients as a remote flow source. From 93882263f934cf1c717b259b72e99ae747b8e749 Mon Sep 17 00:00:00 2001 From: Napalys Date: Mon, 7 Apr 2025 12:32:18 +0200 Subject: [PATCH 265/409] Added test case for `Uint8Array` and `TypedArray.prototype.buffer` --- .../TaintTracking/BasicTaintTracking.expected | 3 +++ .../test/library-tests/TaintTracking/typed-arrays.js | 12 ++++++++++++ 2 files changed, 15 insertions(+) create mode 100644 javascript/ql/test/library-tests/TaintTracking/typed-arrays.js diff --git a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected index 4a0575eb73e..b16953795b1 100644 --- a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected +++ b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected @@ -40,6 +40,9 @@ consistencyIssue | nested-props.js:20 | expected an alert, but found none | NOT OK - but not found | Consistency | | stringification-read-steps.js:17 | expected an alert, but found none | NOT OK | Consistency | | stringification-read-steps.js:25 | expected an alert, but found none | NOT OK | Consistency | +| typed-arrays.js:5 | expected an alert, but found none | NOT OK | Consistency | +| typed-arrays.js:7 | expected an alert, but found none | NOT OK | Consistency | +| typed-arrays.js:11 | expected an alert, but found none | NOT OK | Consistency | flow | access-path-sanitizer.js:2:18:2:25 | source() | access-path-sanitizer.js:4:8:4:12 | obj.x | | addexpr.js:4:10:4:17 | source() | addexpr.js:7:8:7:8 | x | diff --git a/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js b/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js new file mode 100644 index 00000000000..c29c7bef954 --- /dev/null +++ b/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js @@ -0,0 +1,12 @@ +function test() { + let x = source(); + + let y = new Uint8Array(x); + sink(y); // NOT OK + + sink(y.buffer); // NOT OK + sink(y.length); + + var arr = new Uint8Array(y.buffer, y.byteOffset, y.byteLength); + sink(arr); // NOT OK +} From d17d44125cac4b2898a5f1093d4e7d068b634065 Mon Sep 17 00:00:00 2001 From: Tamas Vajk Date: Mon, 7 Apr 2025 12:43:37 +0200 Subject: [PATCH 266/409] Java: add integration test for query suite contents --- .../java-code-quality.qls.expected | 11 + .../java-code-scanning.qls.expected | 79 ++++++ .../java-security-and-quality.qls.expected | 243 ++++++++++++++++++ .../java-security-extended.qls.expected | 123 +++++++++ .../java/query-suite/test.py | 15 ++ 5 files changed, 471 insertions(+) create mode 100644 java/ql/integration-tests/java/query-suite/java-code-quality.qls.expected create mode 100644 java/ql/integration-tests/java/query-suite/java-code-scanning.qls.expected create mode 100644 java/ql/integration-tests/java/query-suite/java-security-and-quality.qls.expected create mode 100644 java/ql/integration-tests/java/query-suite/java-security-extended.qls.expected create mode 100644 java/ql/integration-tests/java/query-suite/test.py diff --git a/java/ql/integration-tests/java/query-suite/java-code-quality.qls.expected b/java/ql/integration-tests/java/query-suite/java-code-quality.qls.expected new file mode 100644 index 00000000000..1b231590e6a --- /dev/null +++ b/java/ql/integration-tests/java/query-suite/java-code-quality.qls.expected @@ -0,0 +1,11 @@ +/ql/java/ql/src/Language Abuse/TypeVariableHidesType.ql +/ql/java/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql +/ql/java/ql/src/Likely Bugs/Collections/WriteOnlyContainer.ql +/ql/java/ql/src/Likely Bugs/Comparison/IncomparableEquals.ql +/ql/java/ql/src/Likely Bugs/Comparison/InconsistentEqualsHashCode.ql +/ql/java/ql/src/Likely Bugs/Comparison/MissingInstanceofInEquals.ql +/ql/java/ql/src/Likely Bugs/Comparison/RefEqBoxed.ql +/ql/java/ql/src/Likely Bugs/Likely Typos/ContradictoryTypeChecks.ql +/ql/java/ql/src/Likely Bugs/Likely Typos/SuspiciousDateFormat.ql +/ql/java/ql/src/Likely Bugs/Resource Leaks/CloseReader.ql +/ql/java/ql/src/Likely Bugs/Resource Leaks/CloseWriter.ql diff --git a/java/ql/integration-tests/java/query-suite/java-code-scanning.qls.expected b/java/ql/integration-tests/java/query-suite/java-code-scanning.qls.expected new file mode 100644 index 00000000000..9f22d395c39 --- /dev/null +++ b/java/ql/integration-tests/java/query-suite/java-code-scanning.qls.expected @@ -0,0 +1,79 @@ +/ql/java/ql/src/Diagnostics/ExtractionErrors.ql +/ql/java/ql/src/Diagnostics/ExtractionWarnings.ql +/ql/java/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql +/ql/java/ql/src/Likely Bugs/Arithmetic/InformationLoss.ql +/ql/java/ql/src/Metrics/Summaries/LinesOfCode.ql +/ql/java/ql/src/Metrics/Summaries/LinesOfCodeJava.ql +/ql/java/ql/src/Metrics/Summaries/LinesOfCodeKotlin.ql +/ql/java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.ql +/ql/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql +/ql/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql +/ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.ql +/ql/java/ql/src/Security/CWE/CWE-074/JndiInjection.ql +/ql/java/ql/src/Security/CWE/CWE-074/XsltInjection.ql +/ql/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql +/ql/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql +/ql/java/ql/src/Security/CWE/CWE-079/XSS.ql +/ql/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql +/ql/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql +/ql/java/ql/src/Security/CWE/CWE-094/GroovyInjection.ql +/ql/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql +/ql/java/ql/src/Security/CWE/CWE-094/JexlInjection.ql +/ql/java/ql/src/Security/CWE/CWE-094/MvelInjection.ql +/ql/java/ql/src/Security/CWE/CWE-094/SpelInjection.ql +/ql/java/ql/src/Security/CWE/CWE-094/TemplateInjection.ql +/ql/java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.ql +/ql/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql +/ql/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql +/ql/java/ql/src/Security/CWE/CWE-1204/StaticInitializationVector.ql +/ql/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql +/ql/java/ql/src/Security/CWE/CWE-200/SpringBootActuators.ql +/ql/java/ql/src/Security/CWE/CWE-209/SensitiveDataExposureThroughErrorMessage.ql +/ql/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql +/ql/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql +/ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureLocalAuthentication.ql +/ql/java/ql/src/Security/CWE/CWE-295/ImproperWebViewCertificateValidation.ql +/ql/java/ql/src/Security/CWE/CWE-295/InsecureTrustManager.ql +/ql/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql +/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageCookie.ql +/ql/java/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql +/ql/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql +/ql/java/ql/src/Security/CWE/CWE-330/InsecureRandomness.ql +/ql/java/ql/src/Security/CWE/CWE-335/PredictableSeed.ql +/ql/java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql +/ql/java/ql/src/Security/CWE/CWE-347/MissingJWTSignatureCheck.ql +/ql/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql +/ql/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.ql +/ql/java/ql/src/Security/CWE/CWE-470/FragmentInjection.ql +/ql/java/ql/src/Security/CWE/CWE-470/FragmentInjectionInPreferenceActivity.ql +/ql/java/ql/src/Security/CWE/CWE-489/DebuggableAttributeEnabled.ql +/ql/java/ql/src/Security/CWE/CWE-489/WebviewDebuggingEnabled.ql +/ql/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql +/ql/java/ql/src/Security/CWE/CWE-522/InsecureLdapAuth.ql +/ql/java/ql/src/Security/CWE/CWE-552/UrlForward.ql +/ql/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql +/ql/java/ql/src/Security/CWE/CWE-611/XXE.ql +/ql/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql +/ql/java/ql/src/Security/CWE/CWE-643/XPathInjection.ql +/ql/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql +/ql/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql +/ql/java/ql/src/Security/CWE/CWE-730/ReDoS.ql +/ql/java/ql/src/Security/CWE/CWE-730/RegexInjection.ql +/ql/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql +/ql/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql +/ql/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql +/ql/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql +/ql/java/ql/src/Security/CWE/CWE-917/OgnlInjection.ql +/ql/java/ql/src/Security/CWE/CWE-918/RequestForgery.ql +/ql/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.ql +/ql/java/ql/src/Security/CWE/CWE-926/ImplicitlyExportedAndroidComponent.ql +/ql/java/ql/src/Security/CWE/CWE-927/ImplicitPendingIntents.ql +/ql/java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirection.ql +/ql/java/ql/src/Telemetry/DatabaseQualityDiagnostics.ql +/ql/java/ql/src/Telemetry/ExternalLibraryUsage.ql +/ql/java/ql/src/Telemetry/ExtractorInformation.ql +/ql/java/ql/src/Telemetry/SupportedExternalApis.ql +/ql/java/ql/src/Telemetry/SupportedExternalSinks.ql +/ql/java/ql/src/Telemetry/SupportedExternalSources.ql +/ql/java/ql/src/Telemetry/SupportedExternalTaint.ql +/ql/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql diff --git a/java/ql/integration-tests/java/query-suite/java-security-and-quality.qls.expected b/java/ql/integration-tests/java/query-suite/java-security-and-quality.qls.expected new file mode 100644 index 00000000000..7da7bc5119e --- /dev/null +++ b/java/ql/integration-tests/java/query-suite/java-security-and-quality.qls.expected @@ -0,0 +1,243 @@ +/ql/java/ql/src/Advisory/Declarations/MissingOverrideAnnotation.ql +/ql/java/ql/src/Advisory/Deprecated Code/AvoidDeprecatedCallableAccess.ql +/ql/java/ql/src/Advisory/Documentation/ImpossibleJavadocThrows.ql +/ql/java/ql/src/Advisory/Documentation/SpuriousJavadocParam.ql +/ql/java/ql/src/Compatibility/JDK9/JdkInternalAccess.ql +/ql/java/ql/src/Compatibility/JDK9/UnderscoreIdentifier.ql +/ql/java/ql/src/DeadCode/UselessParameter.ql +/ql/java/ql/src/Diagnostics/ExtractionErrors.ql +/ql/java/ql/src/Diagnostics/ExtractionWarnings.ql +/ql/java/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql +/ql/java/ql/src/Language Abuse/ChainedInstanceof.ql +/ql/java/ql/src/Language Abuse/IterableIterator.ql +/ql/java/ql/src/Language Abuse/OverridePackagePrivate.ql +/ql/java/ql/src/Language Abuse/TypeVarExtendsFinalType.ql +/ql/java/ql/src/Language Abuse/TypeVariableHidesType.ql +/ql/java/ql/src/Language Abuse/UselessNullCheck.ql +/ql/java/ql/src/Language Abuse/UselessTypeTest.ql +/ql/java/ql/src/Language Abuse/WrappedIterator.ql +/ql/java/ql/src/Likely Bugs/Arithmetic/BadAbsOfRandom.ql +/ql/java/ql/src/Likely Bugs/Arithmetic/ConstantExpAppearsNonConstant.ql +/ql/java/ql/src/Likely Bugs/Arithmetic/InformationLoss.ql +/ql/java/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql +/ql/java/ql/src/Likely Bugs/Arithmetic/LShiftLargerThanTypeWidth.ql +/ql/java/ql/src/Likely Bugs/Arithmetic/MultiplyRemainder.ql +/ql/java/ql/src/Likely Bugs/Arithmetic/RandomUsedOnce.ql +/ql/java/ql/src/Likely Bugs/Arithmetic/WhitespaceContradictsPrecedence.ql +/ql/java/ql/src/Likely Bugs/Cloning/MissingCallToSuperClone.ql +/ql/java/ql/src/Likely Bugs/Cloning/MissingMethodClone.ql +/ql/java/ql/src/Likely Bugs/Collections/ArrayIndexOutOfBounds.ql +/ql/java/ql/src/Likely Bugs/Collections/ContainsTypeMismatch.ql +/ql/java/ql/src/Likely Bugs/Collections/IteratorRemoveMayFail.ql +/ql/java/ql/src/Likely Bugs/Collections/ReadOnlyContainer.ql +/ql/java/ql/src/Likely Bugs/Collections/RemoveTypeMismatch.ql +/ql/java/ql/src/Likely Bugs/Collections/WriteOnlyContainer.ql +/ql/java/ql/src/Likely Bugs/Comparison/CompareIdenticalValues.ql +/ql/java/ql/src/Likely Bugs/Comparison/CovariantCompareTo.ql +/ql/java/ql/src/Likely Bugs/Comparison/CovariantEquals.ql +/ql/java/ql/src/Likely Bugs/Comparison/EqualsArray.ql +/ql/java/ql/src/Likely Bugs/Comparison/HashedButNoHash.ql +/ql/java/ql/src/Likely Bugs/Comparison/IncomparableEquals.ql +/ql/java/ql/src/Likely Bugs/Comparison/InconsistentCompareTo.ql +/ql/java/ql/src/Likely Bugs/Comparison/InconsistentEqualsHashCode.ql +/ql/java/ql/src/Likely Bugs/Comparison/MissingInstanceofInEquals.ql +/ql/java/ql/src/Likely Bugs/Comparison/RefEqBoxed.ql +/ql/java/ql/src/Likely Bugs/Comparison/StringComparison.ql +/ql/java/ql/src/Likely Bugs/Comparison/UselessComparisonTest.ql +/ql/java/ql/src/Likely Bugs/Comparison/WrongNanComparison.ql +/ql/java/ql/src/Likely Bugs/Concurrency/CallsToConditionWait.ql +/ql/java/ql/src/Likely Bugs/Concurrency/CallsToRunnableRun.ql +/ql/java/ql/src/Likely Bugs/Concurrency/DateFormatThreadUnsafe.ql +/ql/java/ql/src/Likely Bugs/Concurrency/DoubleCheckedLocking.ql +/ql/java/ql/src/Likely Bugs/Concurrency/DoubleCheckedLockingWithInitRace.ql +/ql/java/ql/src/Likely Bugs/Concurrency/FutileSynchOnField.ql +/ql/java/ql/src/Likely Bugs/Concurrency/NonSynchronizedOverride.ql +/ql/java/ql/src/Likely Bugs/Concurrency/NotifyNotNotifyAll.ql +/ql/java/ql/src/Likely Bugs/Concurrency/SleepWithLock.ql +/ql/java/ql/src/Likely Bugs/Concurrency/StartInConstructor.ql +/ql/java/ql/src/Likely Bugs/Concurrency/SynchOnBoxedType.ql +/ql/java/ql/src/Likely Bugs/Concurrency/SynchSetUnsynchGet.ql +/ql/java/ql/src/Likely Bugs/Concurrency/SynchWriteObject.ql +/ql/java/ql/src/Likely Bugs/Concurrency/UnreleasedLock.ql +/ql/java/ql/src/Likely Bugs/Finalization/NullifiedSuperFinalize.ql +/ql/java/ql/src/Likely Bugs/Frameworks/JUnit/BadSuiteMethod.ql +/ql/java/ql/src/Likely Bugs/Frameworks/Swing/BadlyOverriddenAdapter.ql +/ql/java/ql/src/Likely Bugs/Inheritance/NoNonFinalInConstructor.ql +/ql/java/ql/src/Likely Bugs/Likely Typos/ContainerSizeCmpZero.ql +/ql/java/ql/src/Likely Bugs/Likely Typos/ContradictoryTypeChecks.ql +/ql/java/ql/src/Likely Bugs/Likely Typos/DangerousNonCircuitLogic.ql +/ql/java/ql/src/Likely Bugs/Likely Typos/EqualsTypo.ql +/ql/java/ql/src/Likely Bugs/Likely Typos/HashCodeTypo.ql +/ql/java/ql/src/Likely Bugs/Likely Typos/MissingFormatArg.ql +/ql/java/ql/src/Likely Bugs/Likely Typos/MissingSpaceTypo.ql +/ql/java/ql/src/Likely Bugs/Likely Typos/SelfAssignment.ql +/ql/java/ql/src/Likely Bugs/Likely Typos/StringBufferCharInit.ql +/ql/java/ql/src/Likely Bugs/Likely Typos/SuspiciousDateFormat.ql +/ql/java/ql/src/Likely Bugs/Likely Typos/ToStringTypo.ql +/ql/java/ql/src/Likely Bugs/Likely Typos/UnusedFormatArg.ql +/ql/java/ql/src/Likely Bugs/Nullness/NullAlways.ql +/ql/java/ql/src/Likely Bugs/Nullness/NullExprDeref.ql +/ql/java/ql/src/Likely Bugs/Nullness/NullMaybe.ql +/ql/java/ql/src/Likely Bugs/Reflection/AnnotationPresentCheck.ql +/ql/java/ql/src/Likely Bugs/Resource Leaks/CloseReader.ql +/ql/java/ql/src/Likely Bugs/Resource Leaks/CloseSql.ql +/ql/java/ql/src/Likely Bugs/Resource Leaks/CloseWriter.ql +/ql/java/ql/src/Likely Bugs/Serialization/IncorrectSerialVersionUID.ql +/ql/java/ql/src/Likely Bugs/Serialization/IncorrectSerializableMethods.ql +/ql/java/ql/src/Likely Bugs/Serialization/MissingVoidConstructorOnExternalizable.ql +/ql/java/ql/src/Likely Bugs/Serialization/MissingVoidConstructorsOnSerializable.ql +/ql/java/ql/src/Likely Bugs/Serialization/NonSerializableInnerClass.ql +/ql/java/ql/src/Likely Bugs/Serialization/ReadResolveObject.ql +/ql/java/ql/src/Likely Bugs/Statements/ContinueInFalseLoop.ql +/ql/java/ql/src/Likely Bugs/Statements/MissingEnumInSwitch.ql +/ql/java/ql/src/Likely Bugs/Statements/PartiallyMaskedCatch.ql +/ql/java/ql/src/Likely Bugs/Statements/UseBraces.ql +/ql/java/ql/src/Likely Bugs/Termination/ConstantLoopCondition.ql +/ql/java/ql/src/Likely Bugs/Termination/SpinOnField.ql +/ql/java/ql/src/Metrics/Summaries/LinesOfCode.ql +/ql/java/ql/src/Metrics/Summaries/LinesOfCodeJava.ql +/ql/java/ql/src/Metrics/Summaries/LinesOfCodeKotlin.ql +/ql/java/ql/src/Performance/InefficientEmptyStringTest.ql +/ql/java/ql/src/Performance/InefficientKeySetIterator.ql +/ql/java/ql/src/Performance/InefficientOutputStream.ql +/ql/java/ql/src/Performance/InefficientPrimConstructor.ql +/ql/java/ql/src/Performance/InnerClassCouldBeStatic.ql +/ql/java/ql/src/Performance/NewStringString.ql +/ql/java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.ql +/ql/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql +/ql/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql +/ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.ql +/ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.ql +/ql/java/ql/src/Security/CWE/CWE-074/JndiInjection.ql +/ql/java/ql/src/Security/CWE/CWE-074/XsltInjection.ql +/ql/java/ql/src/Security/CWE/CWE-078/ExecRelative.ql +/ql/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql +/ql/java/ql/src/Security/CWE/CWE-078/ExecTaintedEnvironment.ql +/ql/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql +/ql/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql +/ql/java/ql/src/Security/CWE/CWE-079/AndroidWebViewSettingsEnabledJavaScript.ql +/ql/java/ql/src/Security/CWE/CWE-079/XSS.ql +/ql/java/ql/src/Security/CWE/CWE-089/SqlConcatenated.ql +/ql/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql +/ql/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql +/ql/java/ql/src/Security/CWE/CWE-094/ArbitraryApkInstallation.ql +/ql/java/ql/src/Security/CWE/CWE-094/GroovyInjection.ql +/ql/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql +/ql/java/ql/src/Security/CWE/CWE-094/JexlInjection.ql +/ql/java/ql/src/Security/CWE/CWE-094/MvelInjection.ql +/ql/java/ql/src/Security/CWE/CWE-094/SpelInjection.ql +/ql/java/ql/src/Security/CWE/CWE-094/TemplateInjection.ql +/ql/java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.ql +/ql/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql +/ql/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql +/ql/java/ql/src/Security/CWE/CWE-117/LogInjection.ql +/ql/java/ql/src/Security/CWE/CWE-1204/StaticInitializationVector.ql +/ql/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql +/ql/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql +/ql/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql +/ql/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql +/ql/java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql +/ql/java/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql +/ql/java/ql/src/Security/CWE/CWE-200/AndroidSensitiveNotifications.ql +/ql/java/ql/src/Security/CWE/CWE-200/AndroidSensitiveTextField.ql +/ql/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsAllowsContentAccess.ql +/ql/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsFileAccess.ql +/ql/java/ql/src/Security/CWE/CWE-200/SpringBootActuators.ql +/ql/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql +/ql/java/ql/src/Security/CWE/CWE-209/SensitiveDataExposureThroughErrorMessage.ql +/ql/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql +/ql/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql +/ql/java/ql/src/Security/CWE/CWE-273/UnsafeCertTrust.ql +/ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureKeys.ql +/ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureLocalAuthentication.ql +/ql/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql +/ql/java/ql/src/Security/CWE/CWE-295/ImproperWebViewCertificateValidation.ql +/ql/java/ql/src/Security/CWE/CWE-295/InsecureTrustManager.ql +/ql/java/ql/src/Security/CWE/CWE-297/InsecureJavaMail.ql +/ql/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql +/ql/java/ql/src/Security/CWE/CWE-312/AllowBackupAttributeEnabled.ql +/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidDatabase.ql +/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidFilesystem.ql +/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageCookie.ql +/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageProperties.ql +/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageSharedPrefs.ql +/ql/java/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql +/ql/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql +/ql/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql +/ql/java/ql/src/Security/CWE/CWE-330/InsecureRandomness.ql +/ql/java/ql/src/Security/CWE/CWE-335/PredictableSeed.ql +/ql/java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql +/ql/java/ql/src/Security/CWE/CWE-347/MissingJWTSignatureCheck.ql +/ql/java/ql/src/Security/CWE/CWE-352/CsrfUnprotectedRequestType.ql +/ql/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql +/ql/java/ql/src/Security/CWE/CWE-367/TOCTOURace.ql +/ql/java/ql/src/Security/CWE/CWE-421/SocketAuthRace.ql +/ql/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.ql +/ql/java/ql/src/Security/CWE/CWE-470/FragmentInjection.ql +/ql/java/ql/src/Security/CWE/CWE-470/FragmentInjectionInPreferenceActivity.ql +/ql/java/ql/src/Security/CWE/CWE-489/DebuggableAttributeEnabled.ql +/ql/java/ql/src/Security/CWE/CWE-489/WebviewDebuggingEnabled.ql +/ql/java/ql/src/Security/CWE/CWE-501/TrustBoundaryViolation.ql +/ql/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql +/ql/java/ql/src/Security/CWE/CWE-522/InsecureBasicAuth.ql +/ql/java/ql/src/Security/CWE/CWE-522/InsecureLdapAuth.ql +/ql/java/ql/src/Security/CWE/CWE-524/SensitiveKeyboardCache.ql +/ql/java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.ql +/ql/java/ql/src/Security/CWE/CWE-552/UrlForward.ql +/ql/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql +/ql/java/ql/src/Security/CWE/CWE-611/XXE.ql +/ql/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql +/ql/java/ql/src/Security/CWE/CWE-643/XPathInjection.ql +/ql/java/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql +/ql/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql +/ql/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql +/ql/java/ql/src/Security/CWE/CWE-730/ReDoS.ql +/ql/java/ql/src/Security/CWE/CWE-730/RegexInjection.ql +/ql/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql +/ql/java/ql/src/Security/CWE/CWE-749/UnsafeAndroidAccess.ql +/ql/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql +/ql/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsApiCall.ql +/ql/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql +/ql/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql +/ql/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql +/ql/java/ql/src/Security/CWE/CWE-835/InfiniteLoop.ql +/ql/java/ql/src/Security/CWE/CWE-917/OgnlInjection.ql +/ql/java/ql/src/Security/CWE/CWE-918/RequestForgery.ql +/ql/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.ql +/ql/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissions.ql +/ql/java/ql/src/Security/CWE/CWE-926/ImplicitlyExportedAndroidComponent.ql +/ql/java/ql/src/Security/CWE/CWE-927/ImplicitPendingIntents.ql +/ql/java/ql/src/Security/CWE/CWE-927/SensitiveCommunication.ql +/ql/java/ql/src/Security/CWE/CWE-927/SensitiveResultReceiver.ql +/ql/java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirection.ql +/ql/java/ql/src/Telemetry/DatabaseQualityDiagnostics.ql +/ql/java/ql/src/Telemetry/ExternalLibraryUsage.ql +/ql/java/ql/src/Telemetry/ExtractorInformation.ql +/ql/java/ql/src/Telemetry/SupportedExternalApis.ql +/ql/java/ql/src/Telemetry/SupportedExternalSinks.ql +/ql/java/ql/src/Telemetry/SupportedExternalSources.ql +/ql/java/ql/src/Telemetry/SupportedExternalTaint.ql +/ql/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql +/ql/java/ql/src/Violations of Best Practice/Boxed Types/BoxedVariable.ql +/ql/java/ql/src/Violations of Best Practice/Dead Code/CreatesEmptyZip.ql +/ql/java/ql/src/Violations of Best Practice/Dead Code/DeadRefTypes.ql +/ql/java/ql/src/Violations of Best Practice/Dead Code/InterfaceCannotBeImplemented.ql +/ql/java/ql/src/Violations of Best Practice/Dead Code/UnreadLocal.ql +/ql/java/ql/src/Violations of Best Practice/Dead Code/UnusedLabel.ql +/ql/java/ql/src/Violations of Best Practice/Declarations/NoConstantsOnly.ql +/ql/java/ql/src/Violations of Best Practice/Exception Handling/IgnoreExceptionalReturn.ql +/ql/java/ql/src/Violations of Best Practice/Exception Handling/NumberFormatException.ql +/ql/java/ql/src/Violations of Best Practice/Implementation Hiding/AbstractToConcreteCollection.ql +/ql/java/ql/src/Violations of Best Practice/Implementation Hiding/ExposeRepresentation.ql +/ql/java/ql/src/Violations of Best Practice/Implementation Hiding/GetClassGetResource.ql +/ql/java/ql/src/Violations of Best Practice/Naming Conventions/AmbiguousOuterSuper.ql +/ql/java/ql/src/Violations of Best Practice/Naming Conventions/ConfusingMethodNames.ql +/ql/java/ql/src/Violations of Best Practice/Naming Conventions/ConfusingOverloading.ql +/ql/java/ql/src/Violations of Best Practice/Naming Conventions/FieldMasksSuperField.ql +/ql/java/ql/src/Violations of Best Practice/Naming Conventions/LocalShadowsFieldConfusing.ql +/ql/java/ql/src/Violations of Best Practice/Naming Conventions/SameNameAsSuper.ql +/ql/java/ql/src/Violations of Best Practice/Undesirable Calls/CallsToRunFinalizersOnExit.ql +/ql/java/ql/src/Violations of Best Practice/Undesirable Calls/CallsToStringToString.ql +/ql/java/ql/src/Violations of Best Practice/Undesirable Calls/DefaultToString.ql +/ql/java/ql/src/Violations of Best Practice/Undesirable Calls/NextFromIterator.ql +/ql/java/ql/src/Violations of Best Practice/Undesirable Calls/PrintLnArray.ql diff --git a/java/ql/integration-tests/java/query-suite/java-security-extended.qls.expected b/java/ql/integration-tests/java/query-suite/java-security-extended.qls.expected new file mode 100644 index 00000000000..adcdc17c6c1 --- /dev/null +++ b/java/ql/integration-tests/java/query-suite/java-security-extended.qls.expected @@ -0,0 +1,123 @@ +/ql/java/ql/src/Diagnostics/ExtractionErrors.ql +/ql/java/ql/src/Diagnostics/ExtractionWarnings.ql +/ql/java/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql +/ql/java/ql/src/Likely Bugs/Arithmetic/InformationLoss.ql +/ql/java/ql/src/Likely Bugs/Concurrency/UnreleasedLock.ql +/ql/java/ql/src/Metrics/Summaries/LinesOfCode.ql +/ql/java/ql/src/Metrics/Summaries/LinesOfCodeJava.ql +/ql/java/ql/src/Metrics/Summaries/LinesOfCodeKotlin.ql +/ql/java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.ql +/ql/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql +/ql/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql +/ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.ql +/ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.ql +/ql/java/ql/src/Security/CWE/CWE-074/JndiInjection.ql +/ql/java/ql/src/Security/CWE/CWE-074/XsltInjection.ql +/ql/java/ql/src/Security/CWE/CWE-078/ExecRelative.ql +/ql/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql +/ql/java/ql/src/Security/CWE/CWE-078/ExecTaintedEnvironment.ql +/ql/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql +/ql/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql +/ql/java/ql/src/Security/CWE/CWE-079/AndroidWebViewSettingsEnabledJavaScript.ql +/ql/java/ql/src/Security/CWE/CWE-079/XSS.ql +/ql/java/ql/src/Security/CWE/CWE-089/SqlConcatenated.ql +/ql/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql +/ql/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql +/ql/java/ql/src/Security/CWE/CWE-094/ArbitraryApkInstallation.ql +/ql/java/ql/src/Security/CWE/CWE-094/GroovyInjection.ql +/ql/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql +/ql/java/ql/src/Security/CWE/CWE-094/JexlInjection.ql +/ql/java/ql/src/Security/CWE/CWE-094/MvelInjection.ql +/ql/java/ql/src/Security/CWE/CWE-094/SpelInjection.ql +/ql/java/ql/src/Security/CWE/CWE-094/TemplateInjection.ql +/ql/java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.ql +/ql/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql +/ql/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql +/ql/java/ql/src/Security/CWE/CWE-117/LogInjection.ql +/ql/java/ql/src/Security/CWE/CWE-1204/StaticInitializationVector.ql +/ql/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql +/ql/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql +/ql/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql +/ql/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql +/ql/java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql +/ql/java/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql +/ql/java/ql/src/Security/CWE/CWE-200/AndroidSensitiveNotifications.ql +/ql/java/ql/src/Security/CWE/CWE-200/AndroidSensitiveTextField.ql +/ql/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsAllowsContentAccess.ql +/ql/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsFileAccess.ql +/ql/java/ql/src/Security/CWE/CWE-200/SpringBootActuators.ql +/ql/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql +/ql/java/ql/src/Security/CWE/CWE-209/SensitiveDataExposureThroughErrorMessage.ql +/ql/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql +/ql/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql +/ql/java/ql/src/Security/CWE/CWE-273/UnsafeCertTrust.ql +/ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureKeys.ql +/ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureLocalAuthentication.ql +/ql/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql +/ql/java/ql/src/Security/CWE/CWE-295/ImproperWebViewCertificateValidation.ql +/ql/java/ql/src/Security/CWE/CWE-295/InsecureTrustManager.ql +/ql/java/ql/src/Security/CWE/CWE-297/InsecureJavaMail.ql +/ql/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql +/ql/java/ql/src/Security/CWE/CWE-312/AllowBackupAttributeEnabled.ql +/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidDatabase.ql +/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidFilesystem.ql +/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageCookie.ql +/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageProperties.ql +/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageSharedPrefs.ql +/ql/java/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql +/ql/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql +/ql/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql +/ql/java/ql/src/Security/CWE/CWE-330/InsecureRandomness.ql +/ql/java/ql/src/Security/CWE/CWE-335/PredictableSeed.ql +/ql/java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql +/ql/java/ql/src/Security/CWE/CWE-347/MissingJWTSignatureCheck.ql +/ql/java/ql/src/Security/CWE/CWE-352/CsrfUnprotectedRequestType.ql +/ql/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql +/ql/java/ql/src/Security/CWE/CWE-367/TOCTOURace.ql +/ql/java/ql/src/Security/CWE/CWE-421/SocketAuthRace.ql +/ql/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.ql +/ql/java/ql/src/Security/CWE/CWE-470/FragmentInjection.ql +/ql/java/ql/src/Security/CWE/CWE-470/FragmentInjectionInPreferenceActivity.ql +/ql/java/ql/src/Security/CWE/CWE-489/DebuggableAttributeEnabled.ql +/ql/java/ql/src/Security/CWE/CWE-489/WebviewDebuggingEnabled.ql +/ql/java/ql/src/Security/CWE/CWE-501/TrustBoundaryViolation.ql +/ql/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql +/ql/java/ql/src/Security/CWE/CWE-522/InsecureBasicAuth.ql +/ql/java/ql/src/Security/CWE/CWE-522/InsecureLdapAuth.ql +/ql/java/ql/src/Security/CWE/CWE-524/SensitiveKeyboardCache.ql +/ql/java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.ql +/ql/java/ql/src/Security/CWE/CWE-552/UrlForward.ql +/ql/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql +/ql/java/ql/src/Security/CWE/CWE-611/XXE.ql +/ql/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql +/ql/java/ql/src/Security/CWE/CWE-643/XPathInjection.ql +/ql/java/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql +/ql/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql +/ql/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql +/ql/java/ql/src/Security/CWE/CWE-730/ReDoS.ql +/ql/java/ql/src/Security/CWE/CWE-730/RegexInjection.ql +/ql/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql +/ql/java/ql/src/Security/CWE/CWE-749/UnsafeAndroidAccess.ql +/ql/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql +/ql/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsApiCall.ql +/ql/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql +/ql/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql +/ql/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql +/ql/java/ql/src/Security/CWE/CWE-835/InfiniteLoop.ql +/ql/java/ql/src/Security/CWE/CWE-917/OgnlInjection.ql +/ql/java/ql/src/Security/CWE/CWE-918/RequestForgery.ql +/ql/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.ql +/ql/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissions.ql +/ql/java/ql/src/Security/CWE/CWE-926/ImplicitlyExportedAndroidComponent.ql +/ql/java/ql/src/Security/CWE/CWE-927/ImplicitPendingIntents.ql +/ql/java/ql/src/Security/CWE/CWE-927/SensitiveCommunication.ql +/ql/java/ql/src/Security/CWE/CWE-927/SensitiveResultReceiver.ql +/ql/java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirection.ql +/ql/java/ql/src/Telemetry/DatabaseQualityDiagnostics.ql +/ql/java/ql/src/Telemetry/ExternalLibraryUsage.ql +/ql/java/ql/src/Telemetry/ExtractorInformation.ql +/ql/java/ql/src/Telemetry/SupportedExternalApis.ql +/ql/java/ql/src/Telemetry/SupportedExternalSinks.ql +/ql/java/ql/src/Telemetry/SupportedExternalSources.ql +/ql/java/ql/src/Telemetry/SupportedExternalTaint.ql +/ql/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql diff --git a/java/ql/integration-tests/java/query-suite/test.py b/java/ql/integration-tests/java/query-suite/test.py new file mode 100644 index 00000000000..9a95a808998 --- /dev/null +++ b/java/ql/integration-tests/java/query-suite/test.py @@ -0,0 +1,15 @@ +import runs_on + +@runs_on.linux +def test(codeql, java, cwd, expected_files, semmle_code_dir): + query_suites = ['java-code-quality.qls', 'java-security-and-quality.qls', 'java-security-extended.qls', 'java-code-scanning.qls'] + + for query_suite in query_suites: + actual = codeql.resolve.queries(query_suite, _capture=True).strip() + actual = sorted(actual.split('\n')) + print(semmle_code_dir) + index = len(str(semmle_code_dir)) + actual = [line[index:] for line in actual] + actual_file_name = query_suite + '.actual' + expected_files.add(actual_file_name) + (cwd / actual_file_name).write_text('\n'.join(actual)+'\n') From acc565f84ef4a51d1d8b157fb3e09893cea538c2 Mon Sep 17 00:00:00 2001 From: Simon Friis Vindum Date: Mon, 7 Apr 2025 12:50:31 +0200 Subject: [PATCH 267/409] Rust: Refactor PathMention as suggested in review --- rust/ql/lib/codeql/rust/internal/TypeMention.qll | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/rust/ql/lib/codeql/rust/internal/TypeMention.qll b/rust/ql/lib/codeql/rust/internal/TypeMention.qll index 2fd50b974c9..3390d959231 100644 --- a/rust/ql/lib/codeql/rust/internal/TypeMention.qll +++ b/rust/ql/lib/codeql/rust/internal/TypeMention.qll @@ -62,18 +62,22 @@ class TypeReprMention extends TypeMention, TypeRepr { } } -/** Holds if `path` resolves the type alias `alias` with the definition `rhs`. */ +/** Holds if `path` resolves to the type alias `alias` with the definition `rhs`. */ private predicate resolvePathAlias(Path path, TypeAlias alias, TypeReprMention rhs) { alias = resolvePath(path) and rhs = alias.getTypeRepr() } -abstract class PathMention extends TypeMention, Path { } +abstract class PathMention extends TypeMention, Path { + override TypeMention getTypeArgument(int i) { + result = this.getSegment().getGenericArgList().getTypeArg(i) + } +} class NonAliasPathMention extends PathMention { NonAliasPathMention() { not resolvePathAlias(this, _, _) } override TypeMention getTypeArgument(int i) { - result = this.getSegment().getGenericArgList().getTypeArg(i) + result = super.getTypeArgument(i) or // `Self` paths inside `impl` blocks have implicit type arguments that are // the type parameters of the `impl` block. For example, in @@ -120,10 +124,6 @@ class AliasPathMention extends PathMention { AliasPathMention() { resolvePathAlias(this, alias, rhs) } - override TypeMention getTypeArgument(int i) { - result = this.getSegment().getGenericArgList().getTypeArg(i) - } - /** Get the `i`th type parameter of the alias itself. */ private TypeParameter getTypeParameter(int i) { result = TTypeParamTypeParameter(alias.getGenericParamList().getTypeParam(i)) From 5dba2412b5b8bacbc54b617883f605e29451df7e Mon Sep 17 00:00:00 2001 From: Simon Friis Vindum Date: Mon, 7 Apr 2025 12:53:13 +0200 Subject: [PATCH 268/409] Rust: Fix annotation in comment --- rust/ql/test/library-tests/path-resolution/main.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rust/ql/test/library-tests/path-resolution/main.rs b/rust/ql/test/library-tests/path-resolution/main.rs index 6e7fa8af354..467248219a4 100644 --- a/rust/ql/test/library-tests/path-resolution/main.rs +++ b/rust/ql/test/library-tests/path-resolution/main.rs @@ -525,7 +525,7 @@ mod m23 { trait Trait1< T // I1 > { - fn f(&self); // // I3 + fn f(&self); // I3 } // I2 struct S; // I4 From 2c2506c4f813a5e99bcc259f36b0825647cc40c0 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 7 Apr 2025 12:07:51 +0100 Subject: [PATCH 269/409] Rust: Add Rust SSA inconsistency infrastructure. --- rust/ql/consistency-queries/SsaConsistency.ql | 9 ++++++++- .../hello-project/summary.expected | 1 + .../hello-workspace/summary.cargo.expected | 1 + .../hello-workspace/summary.rust-project.expected | 1 + .../queries/diagnostics/SsaConsistencyCounts.ql | 14 ++++++++++++++ rust/ql/src/queries/summary/Stats.qll | 10 ++++++++++ .../diagnostics/SsaConsistencyCounts.expected | 0 .../diagnostics/SsaConsistencyCounts.qlref | 1 + .../diagnostics/SummaryStatsReduced.expected | 1 + shared/ssa/codeql/ssa/Ssa.qll | 7 +++++++ 10 files changed, 44 insertions(+), 1 deletion(-) create mode 100644 rust/ql/src/queries/diagnostics/SsaConsistencyCounts.ql create mode 100644 rust/ql/test/query-tests/diagnostics/SsaConsistencyCounts.expected create mode 100644 rust/ql/test/query-tests/diagnostics/SsaConsistencyCounts.qlref diff --git a/rust/ql/consistency-queries/SsaConsistency.ql b/rust/ql/consistency-queries/SsaConsistency.ql index 51a5f97e978..f28b71e2a7d 100644 --- a/rust/ql/consistency-queries/SsaConsistency.ql +++ b/rust/ql/consistency-queries/SsaConsistency.ql @@ -1,3 +1,10 @@ -import codeql.rust.dataflow.Ssa +/** + * @name Static single assignment inconsistencies + * @description Lists the static single assignment inconsistencies in the database. This query is intended for internal use. + * @kind table + * @id rust/diagnostics/ssa-consistency + */ + + import codeql.rust.dataflow.Ssa import codeql.rust.dataflow.internal.SsaImpl import Consistency diff --git a/rust/ql/integration-tests/hello-project/summary.expected b/rust/ql/integration-tests/hello-project/summary.expected index 1ce4e784cbf..1f343b197c0 100644 --- a/rust/ql/integration-tests/hello-project/summary.expected +++ b/rust/ql/integration-tests/hello-project/summary.expected @@ -7,6 +7,7 @@ | Inconsistencies - AST | 0 | | Inconsistencies - CFG | 0 | | Inconsistencies - Path resolution | 0 | +| Inconsistencies - SSA | 0 | | Inconsistencies - data flow | 0 | | Lines of code extracted | 6 | | Lines of user code extracted | 6 | diff --git a/rust/ql/integration-tests/hello-workspace/summary.cargo.expected b/rust/ql/integration-tests/hello-workspace/summary.cargo.expected index 67da3bcf309..5912f7d69ba 100644 --- a/rust/ql/integration-tests/hello-workspace/summary.cargo.expected +++ b/rust/ql/integration-tests/hello-workspace/summary.cargo.expected @@ -7,6 +7,7 @@ | Inconsistencies - AST | 0 | | Inconsistencies - CFG | 0 | | Inconsistencies - Path resolution | 0 | +| Inconsistencies - SSA | 0 | | Inconsistencies - data flow | 0 | | Lines of code extracted | 9 | | Lines of user code extracted | 9 | diff --git a/rust/ql/integration-tests/hello-workspace/summary.rust-project.expected b/rust/ql/integration-tests/hello-workspace/summary.rust-project.expected index 67da3bcf309..5912f7d69ba 100644 --- a/rust/ql/integration-tests/hello-workspace/summary.rust-project.expected +++ b/rust/ql/integration-tests/hello-workspace/summary.rust-project.expected @@ -7,6 +7,7 @@ | Inconsistencies - AST | 0 | | Inconsistencies - CFG | 0 | | Inconsistencies - Path resolution | 0 | +| Inconsistencies - SSA | 0 | | Inconsistencies - data flow | 0 | | Lines of code extracted | 9 | | Lines of user code extracted | 9 | diff --git a/rust/ql/src/queries/diagnostics/SsaConsistencyCounts.ql b/rust/ql/src/queries/diagnostics/SsaConsistencyCounts.ql new file mode 100644 index 00000000000..8293b6883f9 --- /dev/null +++ b/rust/ql/src/queries/diagnostics/SsaConsistencyCounts.ql @@ -0,0 +1,14 @@ +/** + * @name Static single assignment inconsistency counts + * @description Counts the number of static single assignment inconsistencies of each type. This query is intended for internal use. + * @kind diagnostic + * @id rust/diagnostics/ssa-consistency-counts + */ + + private import codeql.rust.dataflow.internal.SsaImpl as SsaImpl + +// see also `rust/diagnostics/ssa-consistency`, which lists the +// individual inconsistency results. +from string type, int num +where num = SsaImpl::Consistency::getInconsistencyCounts(type) +select type, num diff --git a/rust/ql/src/queries/summary/Stats.qll b/rust/ql/src/queries/summary/Stats.qll index ec252c36d70..a2e9c93af7c 100644 --- a/rust/ql/src/queries/summary/Stats.qll +++ b/rust/ql/src/queries/summary/Stats.qll @@ -10,6 +10,7 @@ private import codeql.rust.internal.AstConsistency as AstConsistency private import codeql.rust.internal.PathResolutionConsistency as PathResolutionConsistency private import codeql.rust.controlflow.internal.CfgConsistency as CfgConsistency private import codeql.rust.dataflow.internal.DataFlowConsistency as DataFlowConsistency +private import codeql.rust.dataflow.internal.SsaImpl as SsaImpl private import codeql.rust.Concepts private import codeql.rust.Diagnostics private import codeql.rust.security.SensitiveData @@ -57,6 +58,13 @@ int getTotalCfgInconsistencies() { result = sum(string type | | CfgConsistency::getCfgInconsistencyCounts(type)) } +/** + * Gets a count of the total number of SSA inconsistencies in the database. + */ +int getTotalSsaInconsistencies() { + result = sum(string type | | SsaImpl::Consistency::getInconsistencyCounts(type)) +} + /** * Gets a count of the total number of data flow inconsistencies in the database. */ @@ -142,6 +150,8 @@ predicate inconsistencyStats(string key, int value) { or key = "Inconsistencies - CFG" and value = getTotalCfgInconsistencies() or + key = "Inconsistencies - SSA" and value = getTotalSsaInconsistencies() + or key = "Inconsistencies - data flow" and value = getTotalDataFlowInconsistencies() } diff --git a/rust/ql/test/query-tests/diagnostics/SsaConsistencyCounts.expected b/rust/ql/test/query-tests/diagnostics/SsaConsistencyCounts.expected new file mode 100644 index 00000000000..e69de29bb2d diff --git a/rust/ql/test/query-tests/diagnostics/SsaConsistencyCounts.qlref b/rust/ql/test/query-tests/diagnostics/SsaConsistencyCounts.qlref new file mode 100644 index 00000000000..40242e81c24 --- /dev/null +++ b/rust/ql/test/query-tests/diagnostics/SsaConsistencyCounts.qlref @@ -0,0 +1 @@ +queries/diagnostics/SsaConsistencyCounts.ql diff --git a/rust/ql/test/query-tests/diagnostics/SummaryStatsReduced.expected b/rust/ql/test/query-tests/diagnostics/SummaryStatsReduced.expected index 640bd179abd..ed21d9772fc 100644 --- a/rust/ql/test/query-tests/diagnostics/SummaryStatsReduced.expected +++ b/rust/ql/test/query-tests/diagnostics/SummaryStatsReduced.expected @@ -7,6 +7,7 @@ | Inconsistencies - AST | 0 | | Inconsistencies - CFG | 0 | | Inconsistencies - Path resolution | 0 | +| Inconsistencies - SSA | 0 | | Inconsistencies - data flow | 0 | | Lines of code extracted | 60 | | Lines of user code extracted | 60 | diff --git a/shared/ssa/codeql/ssa/Ssa.qll b/shared/ssa/codeql/ssa/Ssa.qll index 5a18d128ab6..d9bfdf62d90 100644 --- a/shared/ssa/codeql/ssa/Ssa.qll +++ b/shared/ssa/codeql/ssa/Ssa.qll @@ -1468,6 +1468,13 @@ module Make Input> { inputRefs = count(BasicBlock bb, int i | AdjacentSsaRefs::adjacentRefPhi(bb, i, _, bbPhi, v)) and inputRefs < 2 } + + /** + * Gets counts of inconsistencies of each type. + */ + int getInconsistencyCounts(string type) { + type = "" and result = 0 + } } /** Provides the input to `DataFlowIntegration`. */ From e5fc1b0b001865d7f1ccd0e28e61c79531f97ff8 Mon Sep 17 00:00:00 2001 From: yoff Date: Fri, 4 Apr 2025 15:11:11 +0200 Subject: [PATCH 270/409] ruby: add qhelp to `rb/useless-assignment-to-local` --- .../queries/variables/DeadStoreOfLocal.qhelp | 49 +++++++++++++++++++ .../variables/examples/DeadStoreOfLocal.rb | 5 ++ .../examples/DeadStoreOfLocalGood.rb | 9 ++++ 3 files changed, 63 insertions(+) create mode 100644 ruby/ql/src/queries/variables/DeadStoreOfLocal.qhelp create mode 100644 ruby/ql/src/queries/variables/examples/DeadStoreOfLocal.rb create mode 100644 ruby/ql/src/queries/variables/examples/DeadStoreOfLocalGood.rb diff --git a/ruby/ql/src/queries/variables/DeadStoreOfLocal.qhelp b/ruby/ql/src/queries/variables/DeadStoreOfLocal.qhelp new file mode 100644 index 00000000000..b4e32eb1708 --- /dev/null +++ b/ruby/ql/src/queries/variables/DeadStoreOfLocal.qhelp @@ -0,0 +1,49 @@ + + + +

    +A value is assigned to a local variable, but either that variable is never read +later on, or its value is always overwritten before being read. This means +that the original assignment has no effect, and could indicate a logic error or +incomplete code. +

    + +     + + +

    +Ensure that you check the control and data flow in the method carefully. +If a value is really not needed, consider omitting the assignment. Be careful, +though: if the right-hand side has a side-effect (like performing a method call), +it is important to keep this to preserve the overall behavior. +

    + +     + + +

    +In the following example, the return value of the call to send on line 2 +is assigned to the local variable result, but then never used. +

    + + + +

    +Assuming that send returns a status code indicating whether the operation +succeeded or not, the value of result should be checked, perhaps like this: +

    + + + +     + + + +
  • Wikipedia: Dead store.
    • + + + +     +     diff --git a/ruby/ql/src/queries/variables/examples/DeadStoreOfLocal.rb b/ruby/ql/src/queries/variables/examples/DeadStoreOfLocal.rb new file mode 100644 index 00000000000..0b5dc3d6c2e --- /dev/null +++ b/ruby/ql/src/queries/variables/examples/DeadStoreOfLocal.rb @@ -0,0 +1,5 @@ +def f(x) + result = send(x) + waitForResponse + return getResponse +end \ No newline at end of file diff --git a/ruby/ql/src/queries/variables/examples/DeadStoreOfLocalGood.rb b/ruby/ql/src/queries/variables/examples/DeadStoreOfLocalGood.rb new file mode 100644 index 00000000000..fc40a7fc4eb --- /dev/null +++ b/ruby/ql/src/queries/variables/examples/DeadStoreOfLocalGood.rb @@ -0,0 +1,9 @@ +def f(x) + result = send(x) + # check for error + if (result == -1) + raise "Unable to send, check network." + end + waitForResponse + return getResponse +end \ No newline at end of file From b205fedef47c9402bb9df7cd932609e1195a6f60 Mon Sep 17 00:00:00 2001 From: yoff Date: Fri, 4 Apr 2025 16:16:26 +0200 Subject: [PATCH 271/409] ruby: add tests --- .../DeadStoreOfLocal.expected | 4 +++ .../DeadStoreOfLocal/DeadStoreOfLocal.qlref | 2 ++ .../DeadStoreOfLocal/DeadStoreOfLocal.rb | 36 +++++++++++++++++++ .../DeadStoreOfLocal/TestTemplate.rb | 10 ++++++ 4 files changed, 52 insertions(+) create mode 100644 ruby/ql/test/query-tests/variables/DeadStoreOfLocal/DeadStoreOfLocal.expected create mode 100644 ruby/ql/test/query-tests/variables/DeadStoreOfLocal/DeadStoreOfLocal.qlref create mode 100644 ruby/ql/test/query-tests/variables/DeadStoreOfLocal/DeadStoreOfLocal.rb create mode 100644 ruby/ql/test/query-tests/variables/DeadStoreOfLocal/TestTemplate.rb diff --git a/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/DeadStoreOfLocal.expected b/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/DeadStoreOfLocal.expected new file mode 100644 index 00000000000..9b903f762f4 --- /dev/null +++ b/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/DeadStoreOfLocal.expected @@ -0,0 +1,4 @@ +| DeadStoreOfLocal.rb:2:5:2:5 | y | This assignment to $@ is useless, since its value is never read. | DeadStoreOfLocal.rb:2:5:2:5 | y | y | +| DeadStoreOfLocal.rb:14:9:14:9 | x | This assignment to $@ is useless, since its value is never read. | DeadStoreOfLocal.rb:8:5:8:5 | x | x | +| DeadStoreOfLocal.rb:21:5:21:5 | x | This assignment to $@ is useless, since its value is never read. | DeadStoreOfLocal.rb:21:5:21:5 | x | x | +| TestTemplate.rb:9:1:9:1 | x | This assignment to $@ is useless, since its value is never read. | TestTemplate.rb:9:1:9:1 | x | x | diff --git a/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/DeadStoreOfLocal.qlref b/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/DeadStoreOfLocal.qlref new file mode 100644 index 00000000000..222bba3622b --- /dev/null +++ b/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/DeadStoreOfLocal.qlref @@ -0,0 +1,2 @@ +query: queries/variables/DeadStoreOfLocal.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql \ No newline at end of file diff --git a/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/DeadStoreOfLocal.rb b/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/DeadStoreOfLocal.rb new file mode 100644 index 00000000000..9d7b8a95fb4 --- /dev/null +++ b/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/DeadStoreOfLocal.rb @@ -0,0 +1,36 @@ +def test_basic(x) + y = x #$ Alert + y = x + 2 + return y +end + +def test_retry + x = 0 + begin + if x == 0 + raise "error" + end + rescue + x = 2 #$ SPURIOUS: Alert + retry + end + return 42 +end + +def test_binding + x = 4 #$ SPURIOUS: Alert + return binding +end + +class Sup + def m(x) + print(x + 1) + end +end + +class Sub < Sup + def m(y) + y = 3 # OK - the call to `super` sees the value of y + super + end +end \ No newline at end of file diff --git a/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/TestTemplate.rb b/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/TestTemplate.rb new file mode 100644 index 00000000000..09aa20d3a8b --- /dev/null +++ b/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/TestTemplate.rb @@ -0,0 +1,10 @@ +# -*- coding: utf-8 -*- +require 'erb' + +template = ERB.new < + \_\_ENCODING\_\_ is <%= \_\_ENCODING\_\_ %>. + x is <%= x %>. +EOF +x = 5 #$ SPURIOUS: Alert +puts template.result \ No newline at end of file From 385598d46dd7324ac059d61f0f7e318fea3d77ab Mon Sep 17 00:00:00 2001 From: yoff Date: Mon, 31 Mar 2025 14:39:02 +0200 Subject: [PATCH 272/409] ruby: remove some FPs from `rb/useless-assignment-to-local` --- ruby/ql/src/queries/variables/DeadStoreOfLocal.ql | 11 ++++++++++- .../DeadStoreOfLocal/DeadStoreOfLocal.expected | 3 --- .../variables/DeadStoreOfLocal/DeadStoreOfLocal.rb | 6 +++--- .../variables/DeadStoreOfLocal/TestTemplate.rb | 2 +- 4 files changed, 14 insertions(+), 8 deletions(-) diff --git a/ruby/ql/src/queries/variables/DeadStoreOfLocal.ql b/ruby/ql/src/queries/variables/DeadStoreOfLocal.ql index 2cf36bdc3e5..eb2fb4a7b5a 100644 --- a/ruby/ql/src/queries/variables/DeadStoreOfLocal.ql +++ b/ruby/ql/src/queries/variables/DeadStoreOfLocal.ql @@ -12,11 +12,20 @@ import codeql.ruby.AST import codeql.ruby.dataflow.SSA +import codeql.ruby.ApiGraphs class RelevantLocalVariableWriteAccess extends LocalVariableWriteAccess { RelevantLocalVariableWriteAccess() { not this.getVariable().getName().charAt(0) = "_" and - not this = any(Parameter p).getAVariable().getDefiningAccess() + not this = any(Parameter p).getAVariable().getDefiningAccess() and + not API::getTopLevelMember("ERB").getInstance().getAMethodCall("result").asExpr().getScope() = + this.getCfgScope() and + not exists(RetryStmt r | r.getCfgScope() = this.getCfgScope()) and + not exists(MethodCall c | + c.getReceiver() instanceof SelfVariableAccess and + c.getMethodName() = "binding" and + c.getCfgScope() = this.getCfgScope() + ) } } diff --git a/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/DeadStoreOfLocal.expected b/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/DeadStoreOfLocal.expected index 9b903f762f4..572308ee51e 100644 --- a/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/DeadStoreOfLocal.expected +++ b/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/DeadStoreOfLocal.expected @@ -1,4 +1 @@ | DeadStoreOfLocal.rb:2:5:2:5 | y | This assignment to $@ is useless, since its value is never read. | DeadStoreOfLocal.rb:2:5:2:5 | y | y | -| DeadStoreOfLocal.rb:14:9:14:9 | x | This assignment to $@ is useless, since its value is never read. | DeadStoreOfLocal.rb:8:5:8:5 | x | x | -| DeadStoreOfLocal.rb:21:5:21:5 | x | This assignment to $@ is useless, since its value is never read. | DeadStoreOfLocal.rb:21:5:21:5 | x | x | -| TestTemplate.rb:9:1:9:1 | x | This assignment to $@ is useless, since its value is never read. | TestTemplate.rb:9:1:9:1 | x | x | diff --git a/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/DeadStoreOfLocal.rb b/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/DeadStoreOfLocal.rb index 9d7b8a95fb4..7f3252a58fd 100644 --- a/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/DeadStoreOfLocal.rb +++ b/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/DeadStoreOfLocal.rb @@ -11,14 +11,14 @@ def test_retry raise "error" end rescue - x = 2 #$ SPURIOUS: Alert + x = 2 # OK - the retry will allow a later read retry end return 42 end def test_binding - x = 4 #$ SPURIOUS: Alert + x = 4 # OK - the binding collects the value of x return binding end @@ -30,7 +30,7 @@ end class Sub < Sup def m(y) - y = 3 # OK - the call to `super` sees the value of y + y = 3 # OK - the call to `super` sees the value of `y`` super end end \ No newline at end of file diff --git a/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/TestTemplate.rb b/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/TestTemplate.rb index 09aa20d3a8b..e13b54d0e03 100644 --- a/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/TestTemplate.rb +++ b/ruby/ql/test/query-tests/variables/DeadStoreOfLocal/TestTemplate.rb @@ -6,5 +6,5 @@ template = ERB.new <. x is <%= x %>. EOF -x = 5 #$ SPURIOUS: Alert +x = 5 # OK - the template can see the value of x puts template.result \ No newline at end of file From eb8cbfa287e6648e9fb510b08ae6d18db15a10ed Mon Sep 17 00:00:00 2001 From: yoff Date: Fri, 4 Apr 2025 15:18:00 +0200 Subject: [PATCH 273/409] ruby: add change note --- ruby/ql/src/change-notes/2025-04-04-refine-deadstore.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 ruby/ql/src/change-notes/2025-04-04-refine-deadstore.md diff --git a/ruby/ql/src/change-notes/2025-04-04-refine-deadstore.md b/ruby/ql/src/change-notes/2025-04-04-refine-deadstore.md new file mode 100644 index 00000000000..c0bff9adf21 --- /dev/null +++ b/ruby/ql/src/change-notes/2025-04-04-refine-deadstore.md @@ -0,0 +1,4 @@ +--- +category: majorAnalysis +--- +* The query `rb/useless-assignment-to-local` now comes with query help and has been tweaked to produce fewer false positives. From 6a8484f84375c8ba0d7c68bc9f14bcae40c1d919 Mon Sep 17 00:00:00 2001 From: yoff Date: Fri, 4 Apr 2025 15:18:42 +0200 Subject: [PATCH 274/409] ruby: adjust precision of `rb/useless-assignment-to-local` to medium --- ruby/ql/src/queries/variables/DeadStoreOfLocal.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ruby/ql/src/queries/variables/DeadStoreOfLocal.ql b/ruby/ql/src/queries/variables/DeadStoreOfLocal.ql index eb2fb4a7b5a..8717047e995 100644 --- a/ruby/ql/src/queries/variables/DeadStoreOfLocal.ql +++ b/ruby/ql/src/queries/variables/DeadStoreOfLocal.ql @@ -7,7 +7,7 @@ * @id rb/useless-assignment-to-local * @tags maintainability * external/cwe/cwe-563 - * @precision low + * @precision medium */ import codeql.ruby.AST From ba225013e75c33b50e5d17ae1e60dfb30593e26f Mon Sep 17 00:00:00 2001 From: yoff Date: Mon, 7 Apr 2025 14:03:49 +0200 Subject: [PATCH 275/409] ruby: add `rb/useless-assignment-to-local` to the code-quality suite --- ruby/ql/src/codeql-suites/ruby-code-quality.qls | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ruby/ql/src/codeql-suites/ruby-code-quality.qls b/ruby/ql/src/codeql-suites/ruby-code-quality.qls index 61775d5f51f..33be91082d0 100644 --- a/ruby/ql/src/codeql-suites/ruby-code-quality.qls +++ b/ruby/ql/src/codeql-suites/ruby-code-quality.qls @@ -1,4 +1,5 @@ - queries: . - include: id: - - rb/database-query-in-loop \ No newline at end of file + - rb/database-query-in-loop + - rb/useless-assignment-to-local \ No newline at end of file From ffcf6d6e581185d22f499cd7735d33e429c30b4c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tam=C3=A1s=20Vajk?= Date: Mon, 7 Apr 2025 14:31:24 +0200 Subject: [PATCH 276/409] Apply suggestions from code review Co-authored-by: Paolo Tranquilli Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .../java-code-quality.qls.expected | 22 +- .../java-code-scanning.qls.expected | 158 +++--- .../java-security-and-quality.qls.expected | 486 +++++++++--------- .../java-security-extended.qls.expected | 246 ++++----- .../java/query-suite/test.py | 14 +- 5 files changed, 462 insertions(+), 464 deletions(-) diff --git a/java/ql/integration-tests/java/query-suite/java-code-quality.qls.expected b/java/ql/integration-tests/java/query-suite/java-code-quality.qls.expected index 1b231590e6a..6f396573aa1 100644 --- a/java/ql/integration-tests/java/query-suite/java-code-quality.qls.expected +++ b/java/ql/integration-tests/java/query-suite/java-code-quality.qls.expected @@ -1,11 +1,11 @@ -/ql/java/ql/src/Language Abuse/TypeVariableHidesType.ql -/ql/java/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql -/ql/java/ql/src/Likely Bugs/Collections/WriteOnlyContainer.ql -/ql/java/ql/src/Likely Bugs/Comparison/IncomparableEquals.ql -/ql/java/ql/src/Likely Bugs/Comparison/InconsistentEqualsHashCode.ql -/ql/java/ql/src/Likely Bugs/Comparison/MissingInstanceofInEquals.ql -/ql/java/ql/src/Likely Bugs/Comparison/RefEqBoxed.ql -/ql/java/ql/src/Likely Bugs/Likely Typos/ContradictoryTypeChecks.ql -/ql/java/ql/src/Likely Bugs/Likely Typos/SuspiciousDateFormat.ql -/ql/java/ql/src/Likely Bugs/Resource Leaks/CloseReader.ql -/ql/java/ql/src/Likely Bugs/Resource Leaks/CloseWriter.ql +ql/java/ql/src/Language Abuse/TypeVariableHidesType.ql +ql/java/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql +ql/java/ql/src/Likely Bugs/Collections/WriteOnlyContainer.ql +ql/java/ql/src/Likely Bugs/Comparison/IncomparableEquals.ql +ql/java/ql/src/Likely Bugs/Comparison/InconsistentEqualsHashCode.ql +ql/java/ql/src/Likely Bugs/Comparison/MissingInstanceofInEquals.ql +ql/java/ql/src/Likely Bugs/Comparison/RefEqBoxed.ql +ql/java/ql/src/Likely Bugs/Likely Typos/ContradictoryTypeChecks.ql +ql/java/ql/src/Likely Bugs/Likely Typos/SuspiciousDateFormat.ql +ql/java/ql/src/Likely Bugs/Resource Leaks/CloseReader.ql +ql/java/ql/src/Likely Bugs/Resource Leaks/CloseWriter.ql diff --git a/java/ql/integration-tests/java/query-suite/java-code-scanning.qls.expected b/java/ql/integration-tests/java/query-suite/java-code-scanning.qls.expected index 9f22d395c39..a8ce00aca6c 100644 --- a/java/ql/integration-tests/java/query-suite/java-code-scanning.qls.expected +++ b/java/ql/integration-tests/java/query-suite/java-code-scanning.qls.expected @@ -1,79 +1,79 @@ -/ql/java/ql/src/Diagnostics/ExtractionErrors.ql -/ql/java/ql/src/Diagnostics/ExtractionWarnings.ql -/ql/java/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql -/ql/java/ql/src/Likely Bugs/Arithmetic/InformationLoss.ql -/ql/java/ql/src/Metrics/Summaries/LinesOfCode.ql -/ql/java/ql/src/Metrics/Summaries/LinesOfCodeJava.ql -/ql/java/ql/src/Metrics/Summaries/LinesOfCodeKotlin.ql -/ql/java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.ql -/ql/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql -/ql/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql -/ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.ql -/ql/java/ql/src/Security/CWE/CWE-074/JndiInjection.ql -/ql/java/ql/src/Security/CWE/CWE-074/XsltInjection.ql -/ql/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql -/ql/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql -/ql/java/ql/src/Security/CWE/CWE-079/XSS.ql -/ql/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql -/ql/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql -/ql/java/ql/src/Security/CWE/CWE-094/GroovyInjection.ql -/ql/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql -/ql/java/ql/src/Security/CWE/CWE-094/JexlInjection.ql -/ql/java/ql/src/Security/CWE/CWE-094/MvelInjection.ql -/ql/java/ql/src/Security/CWE/CWE-094/SpelInjection.ql -/ql/java/ql/src/Security/CWE/CWE-094/TemplateInjection.ql -/ql/java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.ql -/ql/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql -/ql/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql -/ql/java/ql/src/Security/CWE/CWE-1204/StaticInitializationVector.ql -/ql/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql -/ql/java/ql/src/Security/CWE/CWE-200/SpringBootActuators.ql -/ql/java/ql/src/Security/CWE/CWE-209/SensitiveDataExposureThroughErrorMessage.ql -/ql/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql -/ql/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql -/ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureLocalAuthentication.ql -/ql/java/ql/src/Security/CWE/CWE-295/ImproperWebViewCertificateValidation.ql -/ql/java/ql/src/Security/CWE/CWE-295/InsecureTrustManager.ql -/ql/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql -/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageCookie.ql -/ql/java/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql -/ql/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql -/ql/java/ql/src/Security/CWE/CWE-330/InsecureRandomness.ql -/ql/java/ql/src/Security/CWE/CWE-335/PredictableSeed.ql -/ql/java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql -/ql/java/ql/src/Security/CWE/CWE-347/MissingJWTSignatureCheck.ql -/ql/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql -/ql/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.ql -/ql/java/ql/src/Security/CWE/CWE-470/FragmentInjection.ql -/ql/java/ql/src/Security/CWE/CWE-470/FragmentInjectionInPreferenceActivity.ql -/ql/java/ql/src/Security/CWE/CWE-489/DebuggableAttributeEnabled.ql -/ql/java/ql/src/Security/CWE/CWE-489/WebviewDebuggingEnabled.ql -/ql/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql -/ql/java/ql/src/Security/CWE/CWE-522/InsecureLdapAuth.ql -/ql/java/ql/src/Security/CWE/CWE-552/UrlForward.ql -/ql/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql -/ql/java/ql/src/Security/CWE/CWE-611/XXE.ql -/ql/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql -/ql/java/ql/src/Security/CWE/CWE-643/XPathInjection.ql -/ql/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql -/ql/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql -/ql/java/ql/src/Security/CWE/CWE-730/ReDoS.ql -/ql/java/ql/src/Security/CWE/CWE-730/RegexInjection.ql -/ql/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql -/ql/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql -/ql/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql -/ql/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql -/ql/java/ql/src/Security/CWE/CWE-917/OgnlInjection.ql -/ql/java/ql/src/Security/CWE/CWE-918/RequestForgery.ql -/ql/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.ql -/ql/java/ql/src/Security/CWE/CWE-926/ImplicitlyExportedAndroidComponent.ql -/ql/java/ql/src/Security/CWE/CWE-927/ImplicitPendingIntents.ql -/ql/java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirection.ql -/ql/java/ql/src/Telemetry/DatabaseQualityDiagnostics.ql -/ql/java/ql/src/Telemetry/ExternalLibraryUsage.ql -/ql/java/ql/src/Telemetry/ExtractorInformation.ql -/ql/java/ql/src/Telemetry/SupportedExternalApis.ql -/ql/java/ql/src/Telemetry/SupportedExternalSinks.ql -/ql/java/ql/src/Telemetry/SupportedExternalSources.ql -/ql/java/ql/src/Telemetry/SupportedExternalTaint.ql -/ql/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql +ql/java/ql/src/Diagnostics/ExtractionErrors.ql +ql/java/ql/src/Diagnostics/ExtractionWarnings.ql +ql/java/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql +ql/java/ql/src/Likely Bugs/Arithmetic/InformationLoss.ql +ql/java/ql/src/Metrics/Summaries/LinesOfCode.ql +ql/java/ql/src/Metrics/Summaries/LinesOfCodeJava.ql +ql/java/ql/src/Metrics/Summaries/LinesOfCodeKotlin.ql +ql/java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.ql +ql/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql +ql/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql +ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.ql +ql/java/ql/src/Security/CWE/CWE-074/JndiInjection.ql +ql/java/ql/src/Security/CWE/CWE-074/XsltInjection.ql +ql/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql +ql/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql +ql/java/ql/src/Security/CWE/CWE-079/XSS.ql +ql/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql +ql/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql +ql/java/ql/src/Security/CWE/CWE-094/GroovyInjection.ql +ql/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql +ql/java/ql/src/Security/CWE/CWE-094/JexlInjection.ql +ql/java/ql/src/Security/CWE/CWE-094/MvelInjection.ql +ql/java/ql/src/Security/CWE/CWE-094/SpelInjection.ql +ql/java/ql/src/Security/CWE/CWE-094/TemplateInjection.ql +ql/java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.ql +ql/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql +ql/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql +ql/java/ql/src/Security/CWE/CWE-1204/StaticInitializationVector.ql +ql/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql +ql/java/ql/src/Security/CWE/CWE-200/SpringBootActuators.ql +ql/java/ql/src/Security/CWE/CWE-209/SensitiveDataExposureThroughErrorMessage.ql +ql/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql +ql/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql +ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureLocalAuthentication.ql +ql/java/ql/src/Security/CWE/CWE-295/ImproperWebViewCertificateValidation.ql +ql/java/ql/src/Security/CWE/CWE-295/InsecureTrustManager.ql +ql/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql +ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageCookie.ql +ql/java/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql +ql/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql +ql/java/ql/src/Security/CWE/CWE-330/InsecureRandomness.ql +ql/java/ql/src/Security/CWE/CWE-335/PredictableSeed.ql +ql/java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql +ql/java/ql/src/Security/CWE/CWE-347/MissingJWTSignatureCheck.ql +ql/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql +ql/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.ql +ql/java/ql/src/Security/CWE/CWE-470/FragmentInjection.ql +ql/java/ql/src/Security/CWE/CWE-470/FragmentInjectionInPreferenceActivity.ql +ql/java/ql/src/Security/CWE/CWE-489/DebuggableAttributeEnabled.ql +ql/java/ql/src/Security/CWE/CWE-489/WebviewDebuggingEnabled.ql +ql/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql +ql/java/ql/src/Security/CWE/CWE-522/InsecureLdapAuth.ql +ql/java/ql/src/Security/CWE/CWE-552/UrlForward.ql +ql/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql +ql/java/ql/src/Security/CWE/CWE-611/XXE.ql +ql/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql +ql/java/ql/src/Security/CWE/CWE-643/XPathInjection.ql +ql/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql +ql/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql +ql/java/ql/src/Security/CWE/CWE-730/ReDoS.ql +ql/java/ql/src/Security/CWE/CWE-730/RegexInjection.ql +ql/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql +ql/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql +ql/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql +ql/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql +ql/java/ql/src/Security/CWE/CWE-917/OgnlInjection.ql +ql/java/ql/src/Security/CWE/CWE-918/RequestForgery.ql +ql/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.ql +ql/java/ql/src/Security/CWE/CWE-926/ImplicitlyExportedAndroidComponent.ql +ql/java/ql/src/Security/CWE/CWE-927/ImplicitPendingIntents.ql +ql/java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirection.ql +ql/java/ql/src/Telemetry/DatabaseQualityDiagnostics.ql +ql/java/ql/src/Telemetry/ExternalLibraryUsage.ql +ql/java/ql/src/Telemetry/ExtractorInformation.ql +ql/java/ql/src/Telemetry/SupportedExternalApis.ql +ql/java/ql/src/Telemetry/SupportedExternalSinks.ql +ql/java/ql/src/Telemetry/SupportedExternalSources.ql +ql/java/ql/src/Telemetry/SupportedExternalTaint.ql +ql/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql diff --git a/java/ql/integration-tests/java/query-suite/java-security-and-quality.qls.expected b/java/ql/integration-tests/java/query-suite/java-security-and-quality.qls.expected index 7da7bc5119e..85d7e7d0960 100644 --- a/java/ql/integration-tests/java/query-suite/java-security-and-quality.qls.expected +++ b/java/ql/integration-tests/java/query-suite/java-security-and-quality.qls.expected @@ -1,243 +1,243 @@ -/ql/java/ql/src/Advisory/Declarations/MissingOverrideAnnotation.ql -/ql/java/ql/src/Advisory/Deprecated Code/AvoidDeprecatedCallableAccess.ql -/ql/java/ql/src/Advisory/Documentation/ImpossibleJavadocThrows.ql -/ql/java/ql/src/Advisory/Documentation/SpuriousJavadocParam.ql -/ql/java/ql/src/Compatibility/JDK9/JdkInternalAccess.ql -/ql/java/ql/src/Compatibility/JDK9/UnderscoreIdentifier.ql -/ql/java/ql/src/DeadCode/UselessParameter.ql -/ql/java/ql/src/Diagnostics/ExtractionErrors.ql -/ql/java/ql/src/Diagnostics/ExtractionWarnings.ql -/ql/java/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql -/ql/java/ql/src/Language Abuse/ChainedInstanceof.ql -/ql/java/ql/src/Language Abuse/IterableIterator.ql -/ql/java/ql/src/Language Abuse/OverridePackagePrivate.ql -/ql/java/ql/src/Language Abuse/TypeVarExtendsFinalType.ql -/ql/java/ql/src/Language Abuse/TypeVariableHidesType.ql -/ql/java/ql/src/Language Abuse/UselessNullCheck.ql -/ql/java/ql/src/Language Abuse/UselessTypeTest.ql -/ql/java/ql/src/Language Abuse/WrappedIterator.ql -/ql/java/ql/src/Likely Bugs/Arithmetic/BadAbsOfRandom.ql -/ql/java/ql/src/Likely Bugs/Arithmetic/ConstantExpAppearsNonConstant.ql -/ql/java/ql/src/Likely Bugs/Arithmetic/InformationLoss.ql -/ql/java/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql -/ql/java/ql/src/Likely Bugs/Arithmetic/LShiftLargerThanTypeWidth.ql -/ql/java/ql/src/Likely Bugs/Arithmetic/MultiplyRemainder.ql -/ql/java/ql/src/Likely Bugs/Arithmetic/RandomUsedOnce.ql -/ql/java/ql/src/Likely Bugs/Arithmetic/WhitespaceContradictsPrecedence.ql -/ql/java/ql/src/Likely Bugs/Cloning/MissingCallToSuperClone.ql -/ql/java/ql/src/Likely Bugs/Cloning/MissingMethodClone.ql -/ql/java/ql/src/Likely Bugs/Collections/ArrayIndexOutOfBounds.ql -/ql/java/ql/src/Likely Bugs/Collections/ContainsTypeMismatch.ql -/ql/java/ql/src/Likely Bugs/Collections/IteratorRemoveMayFail.ql -/ql/java/ql/src/Likely Bugs/Collections/ReadOnlyContainer.ql -/ql/java/ql/src/Likely Bugs/Collections/RemoveTypeMismatch.ql -/ql/java/ql/src/Likely Bugs/Collections/WriteOnlyContainer.ql -/ql/java/ql/src/Likely Bugs/Comparison/CompareIdenticalValues.ql -/ql/java/ql/src/Likely Bugs/Comparison/CovariantCompareTo.ql -/ql/java/ql/src/Likely Bugs/Comparison/CovariantEquals.ql -/ql/java/ql/src/Likely Bugs/Comparison/EqualsArray.ql -/ql/java/ql/src/Likely Bugs/Comparison/HashedButNoHash.ql -/ql/java/ql/src/Likely Bugs/Comparison/IncomparableEquals.ql -/ql/java/ql/src/Likely Bugs/Comparison/InconsistentCompareTo.ql -/ql/java/ql/src/Likely Bugs/Comparison/InconsistentEqualsHashCode.ql -/ql/java/ql/src/Likely Bugs/Comparison/MissingInstanceofInEquals.ql -/ql/java/ql/src/Likely Bugs/Comparison/RefEqBoxed.ql -/ql/java/ql/src/Likely Bugs/Comparison/StringComparison.ql -/ql/java/ql/src/Likely Bugs/Comparison/UselessComparisonTest.ql -/ql/java/ql/src/Likely Bugs/Comparison/WrongNanComparison.ql -/ql/java/ql/src/Likely Bugs/Concurrency/CallsToConditionWait.ql -/ql/java/ql/src/Likely Bugs/Concurrency/CallsToRunnableRun.ql -/ql/java/ql/src/Likely Bugs/Concurrency/DateFormatThreadUnsafe.ql -/ql/java/ql/src/Likely Bugs/Concurrency/DoubleCheckedLocking.ql -/ql/java/ql/src/Likely Bugs/Concurrency/DoubleCheckedLockingWithInitRace.ql -/ql/java/ql/src/Likely Bugs/Concurrency/FutileSynchOnField.ql -/ql/java/ql/src/Likely Bugs/Concurrency/NonSynchronizedOverride.ql -/ql/java/ql/src/Likely Bugs/Concurrency/NotifyNotNotifyAll.ql -/ql/java/ql/src/Likely Bugs/Concurrency/SleepWithLock.ql -/ql/java/ql/src/Likely Bugs/Concurrency/StartInConstructor.ql -/ql/java/ql/src/Likely Bugs/Concurrency/SynchOnBoxedType.ql -/ql/java/ql/src/Likely Bugs/Concurrency/SynchSetUnsynchGet.ql -/ql/java/ql/src/Likely Bugs/Concurrency/SynchWriteObject.ql -/ql/java/ql/src/Likely Bugs/Concurrency/UnreleasedLock.ql -/ql/java/ql/src/Likely Bugs/Finalization/NullifiedSuperFinalize.ql -/ql/java/ql/src/Likely Bugs/Frameworks/JUnit/BadSuiteMethod.ql -/ql/java/ql/src/Likely Bugs/Frameworks/Swing/BadlyOverriddenAdapter.ql -/ql/java/ql/src/Likely Bugs/Inheritance/NoNonFinalInConstructor.ql -/ql/java/ql/src/Likely Bugs/Likely Typos/ContainerSizeCmpZero.ql -/ql/java/ql/src/Likely Bugs/Likely Typos/ContradictoryTypeChecks.ql -/ql/java/ql/src/Likely Bugs/Likely Typos/DangerousNonCircuitLogic.ql -/ql/java/ql/src/Likely Bugs/Likely Typos/EqualsTypo.ql -/ql/java/ql/src/Likely Bugs/Likely Typos/HashCodeTypo.ql -/ql/java/ql/src/Likely Bugs/Likely Typos/MissingFormatArg.ql -/ql/java/ql/src/Likely Bugs/Likely Typos/MissingSpaceTypo.ql -/ql/java/ql/src/Likely Bugs/Likely Typos/SelfAssignment.ql -/ql/java/ql/src/Likely Bugs/Likely Typos/StringBufferCharInit.ql -/ql/java/ql/src/Likely Bugs/Likely Typos/SuspiciousDateFormat.ql -/ql/java/ql/src/Likely Bugs/Likely Typos/ToStringTypo.ql -/ql/java/ql/src/Likely Bugs/Likely Typos/UnusedFormatArg.ql -/ql/java/ql/src/Likely Bugs/Nullness/NullAlways.ql -/ql/java/ql/src/Likely Bugs/Nullness/NullExprDeref.ql -/ql/java/ql/src/Likely Bugs/Nullness/NullMaybe.ql -/ql/java/ql/src/Likely Bugs/Reflection/AnnotationPresentCheck.ql -/ql/java/ql/src/Likely Bugs/Resource Leaks/CloseReader.ql -/ql/java/ql/src/Likely Bugs/Resource Leaks/CloseSql.ql -/ql/java/ql/src/Likely Bugs/Resource Leaks/CloseWriter.ql -/ql/java/ql/src/Likely Bugs/Serialization/IncorrectSerialVersionUID.ql -/ql/java/ql/src/Likely Bugs/Serialization/IncorrectSerializableMethods.ql -/ql/java/ql/src/Likely Bugs/Serialization/MissingVoidConstructorOnExternalizable.ql -/ql/java/ql/src/Likely Bugs/Serialization/MissingVoidConstructorsOnSerializable.ql -/ql/java/ql/src/Likely Bugs/Serialization/NonSerializableInnerClass.ql -/ql/java/ql/src/Likely Bugs/Serialization/ReadResolveObject.ql -/ql/java/ql/src/Likely Bugs/Statements/ContinueInFalseLoop.ql -/ql/java/ql/src/Likely Bugs/Statements/MissingEnumInSwitch.ql -/ql/java/ql/src/Likely Bugs/Statements/PartiallyMaskedCatch.ql -/ql/java/ql/src/Likely Bugs/Statements/UseBraces.ql -/ql/java/ql/src/Likely Bugs/Termination/ConstantLoopCondition.ql -/ql/java/ql/src/Likely Bugs/Termination/SpinOnField.ql -/ql/java/ql/src/Metrics/Summaries/LinesOfCode.ql -/ql/java/ql/src/Metrics/Summaries/LinesOfCodeJava.ql -/ql/java/ql/src/Metrics/Summaries/LinesOfCodeKotlin.ql -/ql/java/ql/src/Performance/InefficientEmptyStringTest.ql -/ql/java/ql/src/Performance/InefficientKeySetIterator.ql -/ql/java/ql/src/Performance/InefficientOutputStream.ql -/ql/java/ql/src/Performance/InefficientPrimConstructor.ql -/ql/java/ql/src/Performance/InnerClassCouldBeStatic.ql -/ql/java/ql/src/Performance/NewStringString.ql -/ql/java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.ql -/ql/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql -/ql/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql -/ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.ql -/ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.ql -/ql/java/ql/src/Security/CWE/CWE-074/JndiInjection.ql -/ql/java/ql/src/Security/CWE/CWE-074/XsltInjection.ql -/ql/java/ql/src/Security/CWE/CWE-078/ExecRelative.ql -/ql/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql -/ql/java/ql/src/Security/CWE/CWE-078/ExecTaintedEnvironment.ql -/ql/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql -/ql/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql -/ql/java/ql/src/Security/CWE/CWE-079/AndroidWebViewSettingsEnabledJavaScript.ql -/ql/java/ql/src/Security/CWE/CWE-079/XSS.ql -/ql/java/ql/src/Security/CWE/CWE-089/SqlConcatenated.ql -/ql/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql -/ql/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql -/ql/java/ql/src/Security/CWE/CWE-094/ArbitraryApkInstallation.ql -/ql/java/ql/src/Security/CWE/CWE-094/GroovyInjection.ql -/ql/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql -/ql/java/ql/src/Security/CWE/CWE-094/JexlInjection.ql -/ql/java/ql/src/Security/CWE/CWE-094/MvelInjection.ql -/ql/java/ql/src/Security/CWE/CWE-094/SpelInjection.ql -/ql/java/ql/src/Security/CWE/CWE-094/TemplateInjection.ql -/ql/java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.ql -/ql/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql -/ql/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql -/ql/java/ql/src/Security/CWE/CWE-117/LogInjection.ql -/ql/java/ql/src/Security/CWE/CWE-1204/StaticInitializationVector.ql -/ql/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql -/ql/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql -/ql/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql -/ql/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql -/ql/java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql -/ql/java/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql -/ql/java/ql/src/Security/CWE/CWE-200/AndroidSensitiveNotifications.ql -/ql/java/ql/src/Security/CWE/CWE-200/AndroidSensitiveTextField.ql -/ql/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsAllowsContentAccess.ql -/ql/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsFileAccess.ql -/ql/java/ql/src/Security/CWE/CWE-200/SpringBootActuators.ql -/ql/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql -/ql/java/ql/src/Security/CWE/CWE-209/SensitiveDataExposureThroughErrorMessage.ql -/ql/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql -/ql/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql -/ql/java/ql/src/Security/CWE/CWE-273/UnsafeCertTrust.ql -/ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureKeys.ql -/ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureLocalAuthentication.ql -/ql/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql -/ql/java/ql/src/Security/CWE/CWE-295/ImproperWebViewCertificateValidation.ql -/ql/java/ql/src/Security/CWE/CWE-295/InsecureTrustManager.ql -/ql/java/ql/src/Security/CWE/CWE-297/InsecureJavaMail.ql -/ql/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql -/ql/java/ql/src/Security/CWE/CWE-312/AllowBackupAttributeEnabled.ql -/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidDatabase.ql -/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidFilesystem.ql -/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageCookie.ql -/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageProperties.ql -/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageSharedPrefs.ql -/ql/java/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql -/ql/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql -/ql/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql -/ql/java/ql/src/Security/CWE/CWE-330/InsecureRandomness.ql -/ql/java/ql/src/Security/CWE/CWE-335/PredictableSeed.ql -/ql/java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql -/ql/java/ql/src/Security/CWE/CWE-347/MissingJWTSignatureCheck.ql -/ql/java/ql/src/Security/CWE/CWE-352/CsrfUnprotectedRequestType.ql -/ql/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql -/ql/java/ql/src/Security/CWE/CWE-367/TOCTOURace.ql -/ql/java/ql/src/Security/CWE/CWE-421/SocketAuthRace.ql -/ql/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.ql -/ql/java/ql/src/Security/CWE/CWE-470/FragmentInjection.ql -/ql/java/ql/src/Security/CWE/CWE-470/FragmentInjectionInPreferenceActivity.ql -/ql/java/ql/src/Security/CWE/CWE-489/DebuggableAttributeEnabled.ql -/ql/java/ql/src/Security/CWE/CWE-489/WebviewDebuggingEnabled.ql -/ql/java/ql/src/Security/CWE/CWE-501/TrustBoundaryViolation.ql -/ql/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql -/ql/java/ql/src/Security/CWE/CWE-522/InsecureBasicAuth.ql -/ql/java/ql/src/Security/CWE/CWE-522/InsecureLdapAuth.ql -/ql/java/ql/src/Security/CWE/CWE-524/SensitiveKeyboardCache.ql -/ql/java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.ql -/ql/java/ql/src/Security/CWE/CWE-552/UrlForward.ql -/ql/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql -/ql/java/ql/src/Security/CWE/CWE-611/XXE.ql -/ql/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql -/ql/java/ql/src/Security/CWE/CWE-643/XPathInjection.ql -/ql/java/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql -/ql/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql -/ql/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql -/ql/java/ql/src/Security/CWE/CWE-730/ReDoS.ql -/ql/java/ql/src/Security/CWE/CWE-730/RegexInjection.ql -/ql/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql -/ql/java/ql/src/Security/CWE/CWE-749/UnsafeAndroidAccess.ql -/ql/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql -/ql/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsApiCall.ql -/ql/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql -/ql/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql -/ql/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql -/ql/java/ql/src/Security/CWE/CWE-835/InfiniteLoop.ql -/ql/java/ql/src/Security/CWE/CWE-917/OgnlInjection.ql -/ql/java/ql/src/Security/CWE/CWE-918/RequestForgery.ql -/ql/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.ql -/ql/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissions.ql -/ql/java/ql/src/Security/CWE/CWE-926/ImplicitlyExportedAndroidComponent.ql -/ql/java/ql/src/Security/CWE/CWE-927/ImplicitPendingIntents.ql -/ql/java/ql/src/Security/CWE/CWE-927/SensitiveCommunication.ql -/ql/java/ql/src/Security/CWE/CWE-927/SensitiveResultReceiver.ql -/ql/java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirection.ql -/ql/java/ql/src/Telemetry/DatabaseQualityDiagnostics.ql -/ql/java/ql/src/Telemetry/ExternalLibraryUsage.ql -/ql/java/ql/src/Telemetry/ExtractorInformation.ql -/ql/java/ql/src/Telemetry/SupportedExternalApis.ql -/ql/java/ql/src/Telemetry/SupportedExternalSinks.ql -/ql/java/ql/src/Telemetry/SupportedExternalSources.ql -/ql/java/ql/src/Telemetry/SupportedExternalTaint.ql -/ql/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql -/ql/java/ql/src/Violations of Best Practice/Boxed Types/BoxedVariable.ql -/ql/java/ql/src/Violations of Best Practice/Dead Code/CreatesEmptyZip.ql -/ql/java/ql/src/Violations of Best Practice/Dead Code/DeadRefTypes.ql -/ql/java/ql/src/Violations of Best Practice/Dead Code/InterfaceCannotBeImplemented.ql -/ql/java/ql/src/Violations of Best Practice/Dead Code/UnreadLocal.ql -/ql/java/ql/src/Violations of Best Practice/Dead Code/UnusedLabel.ql -/ql/java/ql/src/Violations of Best Practice/Declarations/NoConstantsOnly.ql -/ql/java/ql/src/Violations of Best Practice/Exception Handling/IgnoreExceptionalReturn.ql -/ql/java/ql/src/Violations of Best Practice/Exception Handling/NumberFormatException.ql -/ql/java/ql/src/Violations of Best Practice/Implementation Hiding/AbstractToConcreteCollection.ql -/ql/java/ql/src/Violations of Best Practice/Implementation Hiding/ExposeRepresentation.ql -/ql/java/ql/src/Violations of Best Practice/Implementation Hiding/GetClassGetResource.ql -/ql/java/ql/src/Violations of Best Practice/Naming Conventions/AmbiguousOuterSuper.ql -/ql/java/ql/src/Violations of Best Practice/Naming Conventions/ConfusingMethodNames.ql -/ql/java/ql/src/Violations of Best Practice/Naming Conventions/ConfusingOverloading.ql -/ql/java/ql/src/Violations of Best Practice/Naming Conventions/FieldMasksSuperField.ql -/ql/java/ql/src/Violations of Best Practice/Naming Conventions/LocalShadowsFieldConfusing.ql -/ql/java/ql/src/Violations of Best Practice/Naming Conventions/SameNameAsSuper.ql -/ql/java/ql/src/Violations of Best Practice/Undesirable Calls/CallsToRunFinalizersOnExit.ql -/ql/java/ql/src/Violations of Best Practice/Undesirable Calls/CallsToStringToString.ql -/ql/java/ql/src/Violations of Best Practice/Undesirable Calls/DefaultToString.ql -/ql/java/ql/src/Violations of Best Practice/Undesirable Calls/NextFromIterator.ql -/ql/java/ql/src/Violations of Best Practice/Undesirable Calls/PrintLnArray.ql +ql/java/ql/src/Advisory/Declarations/MissingOverrideAnnotation.ql +ql/java/ql/src/Advisory/Deprecated Code/AvoidDeprecatedCallableAccess.ql +ql/java/ql/src/Advisory/Documentation/ImpossibleJavadocThrows.ql +ql/java/ql/src/Advisory/Documentation/SpuriousJavadocParam.ql +ql/java/ql/src/Compatibility/JDK9/JdkInternalAccess.ql +ql/java/ql/src/Compatibility/JDK9/UnderscoreIdentifier.ql +ql/java/ql/src/DeadCode/UselessParameter.ql +ql/java/ql/src/Diagnostics/ExtractionErrors.ql +ql/java/ql/src/Diagnostics/ExtractionWarnings.ql +ql/java/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql +ql/java/ql/src/Language Abuse/ChainedInstanceof.ql +ql/java/ql/src/Language Abuse/IterableIterator.ql +ql/java/ql/src/Language Abuse/OverridePackagePrivate.ql +ql/java/ql/src/Language Abuse/TypeVarExtendsFinalType.ql +ql/java/ql/src/Language Abuse/TypeVariableHidesType.ql +ql/java/ql/src/Language Abuse/UselessNullCheck.ql +ql/java/ql/src/Language Abuse/UselessTypeTest.ql +ql/java/ql/src/Language Abuse/WrappedIterator.ql +ql/java/ql/src/Likely Bugs/Arithmetic/BadAbsOfRandom.ql +ql/java/ql/src/Likely Bugs/Arithmetic/ConstantExpAppearsNonConstant.ql +ql/java/ql/src/Likely Bugs/Arithmetic/InformationLoss.ql +ql/java/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql +ql/java/ql/src/Likely Bugs/Arithmetic/LShiftLargerThanTypeWidth.ql +ql/java/ql/src/Likely Bugs/Arithmetic/MultiplyRemainder.ql +ql/java/ql/src/Likely Bugs/Arithmetic/RandomUsedOnce.ql +ql/java/ql/src/Likely Bugs/Arithmetic/WhitespaceContradictsPrecedence.ql +ql/java/ql/src/Likely Bugs/Cloning/MissingCallToSuperClone.ql +ql/java/ql/src/Likely Bugs/Cloning/MissingMethodClone.ql +ql/java/ql/src/Likely Bugs/Collections/ArrayIndexOutOfBounds.ql +ql/java/ql/src/Likely Bugs/Collections/ContainsTypeMismatch.ql +ql/java/ql/src/Likely Bugs/Collections/IteratorRemoveMayFail.ql +ql/java/ql/src/Likely Bugs/Collections/ReadOnlyContainer.ql +ql/java/ql/src/Likely Bugs/Collections/RemoveTypeMismatch.ql +ql/java/ql/src/Likely Bugs/Collections/WriteOnlyContainer.ql +ql/java/ql/src/Likely Bugs/Comparison/CompareIdenticalValues.ql +ql/java/ql/src/Likely Bugs/Comparison/CovariantCompareTo.ql +ql/java/ql/src/Likely Bugs/Comparison/CovariantEquals.ql +ql/java/ql/src/Likely Bugs/Comparison/EqualsArray.ql +ql/java/ql/src/Likely Bugs/Comparison/HashedButNoHash.ql +ql/java/ql/src/Likely Bugs/Comparison/IncomparableEquals.ql +ql/java/ql/src/Likely Bugs/Comparison/InconsistentCompareTo.ql +ql/java/ql/src/Likely Bugs/Comparison/InconsistentEqualsHashCode.ql +ql/java/ql/src/Likely Bugs/Comparison/MissingInstanceofInEquals.ql +ql/java/ql/src/Likely Bugs/Comparison/RefEqBoxed.ql +ql/java/ql/src/Likely Bugs/Comparison/StringComparison.ql +ql/java/ql/src/Likely Bugs/Comparison/UselessComparisonTest.ql +ql/java/ql/src/Likely Bugs/Comparison/WrongNanComparison.ql +ql/java/ql/src/Likely Bugs/Concurrency/CallsToConditionWait.ql +ql/java/ql/src/Likely Bugs/Concurrency/CallsToRunnableRun.ql +ql/java/ql/src/Likely Bugs/Concurrency/DateFormatThreadUnsafe.ql +ql/java/ql/src/Likely Bugs/Concurrency/DoubleCheckedLocking.ql +ql/java/ql/src/Likely Bugs/Concurrency/DoubleCheckedLockingWithInitRace.ql +ql/java/ql/src/Likely Bugs/Concurrency/FutileSynchOnField.ql +ql/java/ql/src/Likely Bugs/Concurrency/NonSynchronizedOverride.ql +ql/java/ql/src/Likely Bugs/Concurrency/NotifyNotNotifyAll.ql +ql/java/ql/src/Likely Bugs/Concurrency/SleepWithLock.ql +ql/java/ql/src/Likely Bugs/Concurrency/StartInConstructor.ql +ql/java/ql/src/Likely Bugs/Concurrency/SynchOnBoxedType.ql +ql/java/ql/src/Likely Bugs/Concurrency/SynchSetUnsynchGet.ql +ql/java/ql/src/Likely Bugs/Concurrency/SynchWriteObject.ql +ql/java/ql/src/Likely Bugs/Concurrency/UnreleasedLock.ql +ql/java/ql/src/Likely Bugs/Finalization/NullifiedSuperFinalize.ql +ql/java/ql/src/Likely Bugs/Frameworks/JUnit/BadSuiteMethod.ql +ql/java/ql/src/Likely Bugs/Frameworks/Swing/BadlyOverriddenAdapter.ql +ql/java/ql/src/Likely Bugs/Inheritance/NoNonFinalInConstructor.ql +ql/java/ql/src/Likely Bugs/Likely Typos/ContainerSizeCmpZero.ql +ql/java/ql/src/Likely Bugs/Likely Typos/ContradictoryTypeChecks.ql +ql/java/ql/src/Likely Bugs/Likely Typos/DangerousNonCircuitLogic.ql +ql/java/ql/src/Likely Bugs/Likely Typos/EqualsTypo.ql +ql/java/ql/src/Likely Bugs/Likely Typos/HashCodeTypo.ql +ql/java/ql/src/Likely Bugs/Likely Typos/MissingFormatArg.ql +ql/java/ql/src/Likely Bugs/Likely Typos/MissingSpaceTypo.ql +ql/java/ql/src/Likely Bugs/Likely Typos/SelfAssignment.ql +ql/java/ql/src/Likely Bugs/Likely Typos/StringBufferCharInit.ql +ql/java/ql/src/Likely Bugs/Likely Typos/SuspiciousDateFormat.ql +ql/java/ql/src/Likely Bugs/Likely Typos/ToStringTypo.ql +ql/java/ql/src/Likely Bugs/Likely Typos/UnusedFormatArg.ql +ql/java/ql/src/Likely Bugs/Nullness/NullAlways.ql +ql/java/ql/src/Likely Bugs/Nullness/NullExprDeref.ql +ql/java/ql/src/Likely Bugs/Nullness/NullMaybe.ql +ql/java/ql/src/Likely Bugs/Reflection/AnnotationPresentCheck.ql +ql/java/ql/src/Likely Bugs/Resource Leaks/CloseReader.ql +ql/java/ql/src/Likely Bugs/Resource Leaks/CloseSql.ql +ql/java/ql/src/Likely Bugs/Resource Leaks/CloseWriter.ql +ql/java/ql/src/Likely Bugs/Serialization/IncorrectSerialVersionUID.ql +ql/java/ql/src/Likely Bugs/Serialization/IncorrectSerializableMethods.ql +ql/java/ql/src/Likely Bugs/Serialization/MissingVoidConstructorOnExternalizable.ql +ql/java/ql/src/Likely Bugs/Serialization/MissingVoidConstructorsOnSerializable.ql +ql/java/ql/src/Likely Bugs/Serialization/NonSerializableInnerClass.ql +ql/java/ql/src/Likely Bugs/Serialization/ReadResolveObject.ql +ql/java/ql/src/Likely Bugs/Statements/ContinueInFalseLoop.ql +ql/java/ql/src/Likely Bugs/Statements/MissingEnumInSwitch.ql +ql/java/ql/src/Likely Bugs/Statements/PartiallyMaskedCatch.ql +ql/java/ql/src/Likely Bugs/Statements/UseBraces.ql +ql/java/ql/src/Likely Bugs/Termination/ConstantLoopCondition.ql +ql/java/ql/src/Likely Bugs/Termination/SpinOnField.ql +ql/java/ql/src/Metrics/Summaries/LinesOfCode.ql +ql/java/ql/src/Metrics/Summaries/LinesOfCodeJava.ql +ql/java/ql/src/Metrics/Summaries/LinesOfCodeKotlin.ql +ql/java/ql/src/Performance/InefficientEmptyStringTest.ql +ql/java/ql/src/Performance/InefficientKeySetIterator.ql +ql/java/ql/src/Performance/InefficientOutputStream.ql +ql/java/ql/src/Performance/InefficientPrimConstructor.ql +ql/java/ql/src/Performance/InnerClassCouldBeStatic.ql +ql/java/ql/src/Performance/NewStringString.ql +ql/java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.ql +ql/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql +ql/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql +ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.ql +ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.ql +ql/java/ql/src/Security/CWE/CWE-074/JndiInjection.ql +ql/java/ql/src/Security/CWE/CWE-074/XsltInjection.ql +ql/java/ql/src/Security/CWE/CWE-078/ExecRelative.ql +ql/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql +ql/java/ql/src/Security/CWE/CWE-078/ExecTaintedEnvironment.ql +ql/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql +ql/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql +ql/java/ql/src/Security/CWE/CWE-079/AndroidWebViewSettingsEnabledJavaScript.ql +ql/java/ql/src/Security/CWE/CWE-079/XSS.ql +ql/java/ql/src/Security/CWE/CWE-089/SqlConcatenated.ql +ql/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql +ql/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql +ql/java/ql/src/Security/CWE/CWE-094/ArbitraryApkInstallation.ql +ql/java/ql/src/Security/CWE/CWE-094/GroovyInjection.ql +ql/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql +ql/java/ql/src/Security/CWE/CWE-094/JexlInjection.ql +ql/java/ql/src/Security/CWE/CWE-094/MvelInjection.ql +ql/java/ql/src/Security/CWE/CWE-094/SpelInjection.ql +ql/java/ql/src/Security/CWE/CWE-094/TemplateInjection.ql +ql/java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.ql +ql/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql +ql/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql +ql/java/ql/src/Security/CWE/CWE-117/LogInjection.ql +ql/java/ql/src/Security/CWE/CWE-1204/StaticInitializationVector.ql +ql/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql +ql/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql +ql/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql +ql/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql +ql/java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql +ql/java/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql +ql/java/ql/src/Security/CWE/CWE-200/AndroidSensitiveNotifications.ql +ql/java/ql/src/Security/CWE/CWE-200/AndroidSensitiveTextField.ql +ql/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsAllowsContentAccess.ql +ql/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsFileAccess.ql +ql/java/ql/src/Security/CWE/CWE-200/SpringBootActuators.ql +ql/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql +ql/java/ql/src/Security/CWE/CWE-209/SensitiveDataExposureThroughErrorMessage.ql +ql/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql +ql/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql +ql/java/ql/src/Security/CWE/CWE-273/UnsafeCertTrust.ql +ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureKeys.ql +ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureLocalAuthentication.ql +ql/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql +ql/java/ql/src/Security/CWE/CWE-295/ImproperWebViewCertificateValidation.ql +ql/java/ql/src/Security/CWE/CWE-295/InsecureTrustManager.ql +ql/java/ql/src/Security/CWE/CWE-297/InsecureJavaMail.ql +ql/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql +ql/java/ql/src/Security/CWE/CWE-312/AllowBackupAttributeEnabled.ql +ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidDatabase.ql +ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidFilesystem.ql +ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageCookie.ql +ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageProperties.ql +ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageSharedPrefs.ql +ql/java/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql +ql/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql +ql/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql +ql/java/ql/src/Security/CWE/CWE-330/InsecureRandomness.ql +ql/java/ql/src/Security/CWE/CWE-335/PredictableSeed.ql +ql/java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql +ql/java/ql/src/Security/CWE/CWE-347/MissingJWTSignatureCheck.ql +ql/java/ql/src/Security/CWE/CWE-352/CsrfUnprotectedRequestType.ql +ql/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql +ql/java/ql/src/Security/CWE/CWE-367/TOCTOURace.ql +ql/java/ql/src/Security/CWE/CWE-421/SocketAuthRace.ql +ql/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.ql +ql/java/ql/src/Security/CWE/CWE-470/FragmentInjection.ql +ql/java/ql/src/Security/CWE/CWE-470/FragmentInjectionInPreferenceActivity.ql +ql/java/ql/src/Security/CWE/CWE-489/DebuggableAttributeEnabled.ql +ql/java/ql/src/Security/CWE/CWE-489/WebviewDebuggingEnabled.ql +ql/java/ql/src/Security/CWE/CWE-501/TrustBoundaryViolation.ql +ql/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql +ql/java/ql/src/Security/CWE/CWE-522/InsecureBasicAuth.ql +ql/java/ql/src/Security/CWE/CWE-522/InsecureLdapAuth.ql +ql/java/ql/src/Security/CWE/CWE-524/SensitiveKeyboardCache.ql +ql/java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.ql +ql/java/ql/src/Security/CWE/CWE-552/UrlForward.ql +ql/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql +ql/java/ql/src/Security/CWE/CWE-611/XXE.ql +ql/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql +ql/java/ql/src/Security/CWE/CWE-643/XPathInjection.ql +ql/java/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql +ql/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql +ql/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql +ql/java/ql/src/Security/CWE/CWE-730/ReDoS.ql +ql/java/ql/src/Security/CWE/CWE-730/RegexInjection.ql +ql/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql +ql/java/ql/src/Security/CWE/CWE-749/UnsafeAndroidAccess.ql +ql/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql +ql/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsApiCall.ql +ql/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql +ql/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql +ql/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql +ql/java/ql/src/Security/CWE/CWE-835/InfiniteLoop.ql +ql/java/ql/src/Security/CWE/CWE-917/OgnlInjection.ql +ql/java/ql/src/Security/CWE/CWE-918/RequestForgery.ql +ql/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.ql +ql/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissions.ql +ql/java/ql/src/Security/CWE/CWE-926/ImplicitlyExportedAndroidComponent.ql +ql/java/ql/src/Security/CWE/CWE-927/ImplicitPendingIntents.ql +ql/java/ql/src/Security/CWE/CWE-927/SensitiveCommunication.ql +ql/java/ql/src/Security/CWE/CWE-927/SensitiveResultReceiver.ql +ql/java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirection.ql +ql/java/ql/src/Telemetry/DatabaseQualityDiagnostics.ql +ql/java/ql/src/Telemetry/ExternalLibraryUsage.ql +ql/java/ql/src/Telemetry/ExtractorInformation.ql +ql/java/ql/src/Telemetry/SupportedExternalApis.ql +ql/java/ql/src/Telemetry/SupportedExternalSinks.ql +ql/java/ql/src/Telemetry/SupportedExternalSources.ql +ql/java/ql/src/Telemetry/SupportedExternalTaint.ql +ql/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql +ql/java/ql/src/Violations of Best Practice/Boxed Types/BoxedVariable.ql +ql/java/ql/src/Violations of Best Practice/Dead Code/CreatesEmptyZip.ql +ql/java/ql/src/Violations of Best Practice/Dead Code/DeadRefTypes.ql +ql/java/ql/src/Violations of Best Practice/Dead Code/InterfaceCannotBeImplemented.ql +ql/java/ql/src/Violations of Best Practice/Dead Code/UnreadLocal.ql +ql/java/ql/src/Violations of Best Practice/Dead Code/UnusedLabel.ql +ql/java/ql/src/Violations of Best Practice/Declarations/NoConstantsOnly.ql +ql/java/ql/src/Violations of Best Practice/Exception Handling/IgnoreExceptionalReturn.ql +ql/java/ql/src/Violations of Best Practice/Exception Handling/NumberFormatException.ql +ql/java/ql/src/Violations of Best Practice/Implementation Hiding/AbstractToConcreteCollection.ql +ql/java/ql/src/Violations of Best Practice/Implementation Hiding/ExposeRepresentation.ql +ql/java/ql/src/Violations of Best Practice/Implementation Hiding/GetClassGetResource.ql +ql/java/ql/src/Violations of Best Practice/Naming Conventions/AmbiguousOuterSuper.ql +ql/java/ql/src/Violations of Best Practice/Naming Conventions/ConfusingMethodNames.ql +ql/java/ql/src/Violations of Best Practice/Naming Conventions/ConfusingOverloading.ql +ql/java/ql/src/Violations of Best Practice/Naming Conventions/FieldMasksSuperField.ql +ql/java/ql/src/Violations of Best Practice/Naming Conventions/LocalShadowsFieldConfusing.ql +ql/java/ql/src/Violations of Best Practice/Naming Conventions/SameNameAsSuper.ql +ql/java/ql/src/Violations of Best Practice/Undesirable Calls/CallsToRunFinalizersOnExit.ql +ql/java/ql/src/Violations of Best Practice/Undesirable Calls/CallsToStringToString.ql +ql/java/ql/src/Violations of Best Practice/Undesirable Calls/DefaultToString.ql +ql/java/ql/src/Violations of Best Practice/Undesirable Calls/NextFromIterator.ql +ql/java/ql/src/Violations of Best Practice/Undesirable Calls/PrintLnArray.ql diff --git a/java/ql/integration-tests/java/query-suite/java-security-extended.qls.expected b/java/ql/integration-tests/java/query-suite/java-security-extended.qls.expected index adcdc17c6c1..d5f4cbf1ccc 100644 --- a/java/ql/integration-tests/java/query-suite/java-security-extended.qls.expected +++ b/java/ql/integration-tests/java/query-suite/java-security-extended.qls.expected @@ -1,123 +1,123 @@ -/ql/java/ql/src/Diagnostics/ExtractionErrors.ql -/ql/java/ql/src/Diagnostics/ExtractionWarnings.ql -/ql/java/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql -/ql/java/ql/src/Likely Bugs/Arithmetic/InformationLoss.ql -/ql/java/ql/src/Likely Bugs/Concurrency/UnreleasedLock.ql -/ql/java/ql/src/Metrics/Summaries/LinesOfCode.ql -/ql/java/ql/src/Metrics/Summaries/LinesOfCodeJava.ql -/ql/java/ql/src/Metrics/Summaries/LinesOfCodeKotlin.ql -/ql/java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.ql -/ql/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql -/ql/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql -/ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.ql -/ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.ql -/ql/java/ql/src/Security/CWE/CWE-074/JndiInjection.ql -/ql/java/ql/src/Security/CWE/CWE-074/XsltInjection.ql -/ql/java/ql/src/Security/CWE/CWE-078/ExecRelative.ql -/ql/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql -/ql/java/ql/src/Security/CWE/CWE-078/ExecTaintedEnvironment.ql -/ql/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql -/ql/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql -/ql/java/ql/src/Security/CWE/CWE-079/AndroidWebViewSettingsEnabledJavaScript.ql -/ql/java/ql/src/Security/CWE/CWE-079/XSS.ql -/ql/java/ql/src/Security/CWE/CWE-089/SqlConcatenated.ql -/ql/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql -/ql/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql -/ql/java/ql/src/Security/CWE/CWE-094/ArbitraryApkInstallation.ql -/ql/java/ql/src/Security/CWE/CWE-094/GroovyInjection.ql -/ql/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql -/ql/java/ql/src/Security/CWE/CWE-094/JexlInjection.ql -/ql/java/ql/src/Security/CWE/CWE-094/MvelInjection.ql -/ql/java/ql/src/Security/CWE/CWE-094/SpelInjection.ql -/ql/java/ql/src/Security/CWE/CWE-094/TemplateInjection.ql -/ql/java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.ql -/ql/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql -/ql/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql -/ql/java/ql/src/Security/CWE/CWE-117/LogInjection.ql -/ql/java/ql/src/Security/CWE/CWE-1204/StaticInitializationVector.ql -/ql/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql -/ql/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql -/ql/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql -/ql/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql -/ql/java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql -/ql/java/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql -/ql/java/ql/src/Security/CWE/CWE-200/AndroidSensitiveNotifications.ql -/ql/java/ql/src/Security/CWE/CWE-200/AndroidSensitiveTextField.ql -/ql/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsAllowsContentAccess.ql -/ql/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsFileAccess.ql -/ql/java/ql/src/Security/CWE/CWE-200/SpringBootActuators.ql -/ql/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql -/ql/java/ql/src/Security/CWE/CWE-209/SensitiveDataExposureThroughErrorMessage.ql -/ql/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql -/ql/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql -/ql/java/ql/src/Security/CWE/CWE-273/UnsafeCertTrust.ql -/ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureKeys.ql -/ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureLocalAuthentication.ql -/ql/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql -/ql/java/ql/src/Security/CWE/CWE-295/ImproperWebViewCertificateValidation.ql -/ql/java/ql/src/Security/CWE/CWE-295/InsecureTrustManager.ql -/ql/java/ql/src/Security/CWE/CWE-297/InsecureJavaMail.ql -/ql/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql -/ql/java/ql/src/Security/CWE/CWE-312/AllowBackupAttributeEnabled.ql -/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidDatabase.ql -/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidFilesystem.ql -/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageCookie.ql -/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageProperties.ql -/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageSharedPrefs.ql -/ql/java/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql -/ql/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql -/ql/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql -/ql/java/ql/src/Security/CWE/CWE-330/InsecureRandomness.ql -/ql/java/ql/src/Security/CWE/CWE-335/PredictableSeed.ql -/ql/java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql -/ql/java/ql/src/Security/CWE/CWE-347/MissingJWTSignatureCheck.ql -/ql/java/ql/src/Security/CWE/CWE-352/CsrfUnprotectedRequestType.ql -/ql/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql -/ql/java/ql/src/Security/CWE/CWE-367/TOCTOURace.ql -/ql/java/ql/src/Security/CWE/CWE-421/SocketAuthRace.ql -/ql/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.ql -/ql/java/ql/src/Security/CWE/CWE-470/FragmentInjection.ql -/ql/java/ql/src/Security/CWE/CWE-470/FragmentInjectionInPreferenceActivity.ql -/ql/java/ql/src/Security/CWE/CWE-489/DebuggableAttributeEnabled.ql -/ql/java/ql/src/Security/CWE/CWE-489/WebviewDebuggingEnabled.ql -/ql/java/ql/src/Security/CWE/CWE-501/TrustBoundaryViolation.ql -/ql/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql -/ql/java/ql/src/Security/CWE/CWE-522/InsecureBasicAuth.ql -/ql/java/ql/src/Security/CWE/CWE-522/InsecureLdapAuth.ql -/ql/java/ql/src/Security/CWE/CWE-524/SensitiveKeyboardCache.ql -/ql/java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.ql -/ql/java/ql/src/Security/CWE/CWE-552/UrlForward.ql -/ql/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql -/ql/java/ql/src/Security/CWE/CWE-611/XXE.ql -/ql/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql -/ql/java/ql/src/Security/CWE/CWE-643/XPathInjection.ql -/ql/java/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql -/ql/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql -/ql/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql -/ql/java/ql/src/Security/CWE/CWE-730/ReDoS.ql -/ql/java/ql/src/Security/CWE/CWE-730/RegexInjection.ql -/ql/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql -/ql/java/ql/src/Security/CWE/CWE-749/UnsafeAndroidAccess.ql -/ql/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql -/ql/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsApiCall.ql -/ql/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql -/ql/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql -/ql/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql -/ql/java/ql/src/Security/CWE/CWE-835/InfiniteLoop.ql -/ql/java/ql/src/Security/CWE/CWE-917/OgnlInjection.ql -/ql/java/ql/src/Security/CWE/CWE-918/RequestForgery.ql -/ql/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.ql -/ql/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissions.ql -/ql/java/ql/src/Security/CWE/CWE-926/ImplicitlyExportedAndroidComponent.ql -/ql/java/ql/src/Security/CWE/CWE-927/ImplicitPendingIntents.ql -/ql/java/ql/src/Security/CWE/CWE-927/SensitiveCommunication.ql -/ql/java/ql/src/Security/CWE/CWE-927/SensitiveResultReceiver.ql -/ql/java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirection.ql -/ql/java/ql/src/Telemetry/DatabaseQualityDiagnostics.ql -/ql/java/ql/src/Telemetry/ExternalLibraryUsage.ql -/ql/java/ql/src/Telemetry/ExtractorInformation.ql -/ql/java/ql/src/Telemetry/SupportedExternalApis.ql -/ql/java/ql/src/Telemetry/SupportedExternalSinks.ql -/ql/java/ql/src/Telemetry/SupportedExternalSources.ql -/ql/java/ql/src/Telemetry/SupportedExternalTaint.ql -/ql/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql +ql/java/ql/src/Diagnostics/ExtractionErrors.ql +ql/java/ql/src/Diagnostics/ExtractionWarnings.ql +ql/java/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql +ql/java/ql/src/Likely Bugs/Arithmetic/InformationLoss.ql +ql/java/ql/src/Likely Bugs/Concurrency/UnreleasedLock.ql +ql/java/ql/src/Metrics/Summaries/LinesOfCode.ql +ql/java/ql/src/Metrics/Summaries/LinesOfCodeJava.ql +ql/java/ql/src/Metrics/Summaries/LinesOfCodeKotlin.ql +ql/java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.ql +ql/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql +ql/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql +ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.ql +ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.ql +ql/java/ql/src/Security/CWE/CWE-074/JndiInjection.ql +ql/java/ql/src/Security/CWE/CWE-074/XsltInjection.ql +ql/java/ql/src/Security/CWE/CWE-078/ExecRelative.ql +ql/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql +ql/java/ql/src/Security/CWE/CWE-078/ExecTaintedEnvironment.ql +ql/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql +ql/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql +ql/java/ql/src/Security/CWE/CWE-079/AndroidWebViewSettingsEnabledJavaScript.ql +ql/java/ql/src/Security/CWE/CWE-079/XSS.ql +ql/java/ql/src/Security/CWE/CWE-089/SqlConcatenated.ql +ql/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql +ql/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql +ql/java/ql/src/Security/CWE/CWE-094/ArbitraryApkInstallation.ql +ql/java/ql/src/Security/CWE/CWE-094/GroovyInjection.ql +ql/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql +ql/java/ql/src/Security/CWE/CWE-094/JexlInjection.ql +ql/java/ql/src/Security/CWE/CWE-094/MvelInjection.ql +ql/java/ql/src/Security/CWE/CWE-094/SpelInjection.ql +ql/java/ql/src/Security/CWE/CWE-094/TemplateInjection.ql +ql/java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.ql +ql/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql +ql/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql +ql/java/ql/src/Security/CWE/CWE-117/LogInjection.ql +ql/java/ql/src/Security/CWE/CWE-1204/StaticInitializationVector.ql +ql/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql +ql/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql +ql/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql +ql/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql +ql/java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql +ql/java/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql +ql/java/ql/src/Security/CWE/CWE-200/AndroidSensitiveNotifications.ql +ql/java/ql/src/Security/CWE/CWE-200/AndroidSensitiveTextField.ql +ql/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsAllowsContentAccess.ql +ql/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsFileAccess.ql +ql/java/ql/src/Security/CWE/CWE-200/SpringBootActuators.ql +ql/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql +ql/java/ql/src/Security/CWE/CWE-209/SensitiveDataExposureThroughErrorMessage.ql +ql/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql +ql/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql +ql/java/ql/src/Security/CWE/CWE-273/UnsafeCertTrust.ql +ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureKeys.ql +ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureLocalAuthentication.ql +ql/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql +ql/java/ql/src/Security/CWE/CWE-295/ImproperWebViewCertificateValidation.ql +ql/java/ql/src/Security/CWE/CWE-295/InsecureTrustManager.ql +ql/java/ql/src/Security/CWE/CWE-297/InsecureJavaMail.ql +ql/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql +ql/java/ql/src/Security/CWE/CWE-312/AllowBackupAttributeEnabled.ql +ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidDatabase.ql +ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidFilesystem.ql +ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageCookie.ql +ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageProperties.ql +ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageSharedPrefs.ql +ql/java/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql +ql/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql +ql/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql +ql/java/ql/src/Security/CWE/CWE-330/InsecureRandomness.ql +ql/java/ql/src/Security/CWE/CWE-335/PredictableSeed.ql +ql/java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql +ql/java/ql/src/Security/CWE/CWE-347/MissingJWTSignatureCheck.ql +ql/java/ql/src/Security/CWE/CWE-352/CsrfUnprotectedRequestType.ql +ql/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql +ql/java/ql/src/Security/CWE/CWE-367/TOCTOURace.ql +ql/java/ql/src/Security/CWE/CWE-421/SocketAuthRace.ql +ql/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.ql +ql/java/ql/src/Security/CWE/CWE-470/FragmentInjection.ql +ql/java/ql/src/Security/CWE/CWE-470/FragmentInjectionInPreferenceActivity.ql +ql/java/ql/src/Security/CWE/CWE-489/DebuggableAttributeEnabled.ql +ql/java/ql/src/Security/CWE/CWE-489/WebviewDebuggingEnabled.ql +ql/java/ql/src/Security/CWE/CWE-501/TrustBoundaryViolation.ql +ql/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql +ql/java/ql/src/Security/CWE/CWE-522/InsecureBasicAuth.ql +ql/java/ql/src/Security/CWE/CWE-522/InsecureLdapAuth.ql +ql/java/ql/src/Security/CWE/CWE-524/SensitiveKeyboardCache.ql +ql/java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.ql +ql/java/ql/src/Security/CWE/CWE-552/UrlForward.ql +ql/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql +ql/java/ql/src/Security/CWE/CWE-611/XXE.ql +ql/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql +ql/java/ql/src/Security/CWE/CWE-643/XPathInjection.ql +ql/java/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql +ql/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql +ql/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql +ql/java/ql/src/Security/CWE/CWE-730/ReDoS.ql +ql/java/ql/src/Security/CWE/CWE-730/RegexInjection.ql +ql/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql +ql/java/ql/src/Security/CWE/CWE-749/UnsafeAndroidAccess.ql +ql/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql +ql/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsApiCall.ql +ql/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql +ql/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql +ql/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql +ql/java/ql/src/Security/CWE/CWE-835/InfiniteLoop.ql +ql/java/ql/src/Security/CWE/CWE-917/OgnlInjection.ql +ql/java/ql/src/Security/CWE/CWE-918/RequestForgery.ql +ql/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.ql +ql/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissions.ql +ql/java/ql/src/Security/CWE/CWE-926/ImplicitlyExportedAndroidComponent.ql +ql/java/ql/src/Security/CWE/CWE-927/ImplicitPendingIntents.ql +ql/java/ql/src/Security/CWE/CWE-927/SensitiveCommunication.ql +ql/java/ql/src/Security/CWE/CWE-927/SensitiveResultReceiver.ql +ql/java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirection.ql +ql/java/ql/src/Telemetry/DatabaseQualityDiagnostics.ql +ql/java/ql/src/Telemetry/ExternalLibraryUsage.ql +ql/java/ql/src/Telemetry/ExtractorInformation.ql +ql/java/ql/src/Telemetry/SupportedExternalApis.ql +ql/java/ql/src/Telemetry/SupportedExternalSinks.ql +ql/java/ql/src/Telemetry/SupportedExternalSources.ql +ql/java/ql/src/Telemetry/SupportedExternalTaint.ql +ql/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql diff --git a/java/ql/integration-tests/java/query-suite/test.py b/java/ql/integration-tests/java/query-suite/test.py index 9a95a808998..c829eb9ffa0 100644 --- a/java/ql/integration-tests/java/query-suite/test.py +++ b/java/ql/integration-tests/java/query-suite/test.py @@ -1,15 +1,13 @@ +import os import runs_on +import pytest @runs_on.linux -def test(codeql, java, cwd, expected_files, semmle_code_dir): - query_suites = ['java-code-quality.qls', 'java-security-and-quality.qls', 'java-security-extended.qls', 'java-code-scanning.qls'] - - for query_suite in query_suites: +@pytest.mark.parametrize("query_suite", ['java-code-quality.qls', 'java-security-and-quality.qls', 'java-security-extended.qls', 'java-code-scanning.qls']) +def test(codeql, java, cwd, expected_files, semmle_code_dir, query_suite): actual = codeql.resolve.queries(query_suite, _capture=True).strip() - actual = sorted(actual.split('\n')) - print(semmle_code_dir) - index = len(str(semmle_code_dir)) - actual = [line[index:] for line in actual] + actual = sorted(actual.splitlines()) + actual = [os.path.relpath(q, semmle_code_dir) for q in actual] actual_file_name = query_suite + '.actual' expected_files.add(actual_file_name) (cwd / actual_file_name).write_text('\n'.join(actual)+'\n') From e23ff9cf3eeca835094d64da502ace1b63403b2a Mon Sep 17 00:00:00 2001 From: Napalys Date: Mon, 7 Apr 2025 12:55:58 +0200 Subject: [PATCH 277/409] Add TypedArrays flow summaries for `Uint8Array` and buffer property --- .../flow_summaries/AllFlowSummaries.qll | 1 + .../internal/flow_summaries/TypedArrays.qll | 38 +++++++++++++++++++ .../TaintTracking/BasicTaintTracking.expected | 9 +++-- .../DecompressionBombs.expected | 5 +++ 4 files changed, 50 insertions(+), 3 deletions(-) create mode 100644 javascript/ql/lib/semmle/javascript/internal/flow_summaries/TypedArrays.qll diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll index 940180d80cb..20247b7e268 100644 --- a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll @@ -12,3 +12,4 @@ private import Sets private import Strings private import DynamicImportStep private import UrlSearchParams +private import TypedArrays diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/TypedArrays.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/TypedArrays.qll new file mode 100644 index 00000000000..788992d7c1c --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/TypedArrays.qll @@ -0,0 +1,38 @@ +private import javascript +private import semmle.javascript.dataflow.FlowSummary +private import semmle.javascript.dataflow.InferredTypes +private import semmle.javascript.dataflow.internal.DataFlowPrivate as Private +private import FlowSummaryUtil + +private class TypedArrayEntryPoint extends API::EntryPoint { + TypedArrayEntryPoint() { this = "global.Uint8Array" } + + override DataFlow::SourceNode getASource() { result = DataFlow::globalVarRef("Uint8Array") } +} + +pragma[nomagic] +API::Node typedArrayConstructorRef() { result = any(TypedArrayEntryPoint e).getANode() } + +class TypedArrayConstructorSummary extends SummarizedCallable { + TypedArrayConstructorSummary() { this = "TypedArray constructor" } + + override DataFlow::InvokeNode getACall() { + result = typedArrayConstructorRef().getAnInstantiation() + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[0].ArrayElement" and + output = "ReturnValue.ArrayElement" + } +} + +class BufferTypedArray extends DataFlow::AdditionalFlowStep { + override predicate step(DataFlow::Node pred, DataFlow::Node succ) { + exists(DataFlow::PropRead p | + p = typedArrayConstructorRef().getInstance().getMember("buffer").asSource() and + pred = p.getBase() and + succ = p + ) + } +} diff --git a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected index b16953795b1..14ae297b4fd 100644 --- a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected +++ b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected @@ -35,14 +35,14 @@ legacyDataFlowDifference | spread.js:4:15:4:22 | source() | spread.js:18:8:18:8 | y | only flow with NEW data flow library | | spread.js:4:15:4:22 | source() | spread.js:24:8:24:8 | y | only flow with NEW data flow library | | tst.js:2:13:2:20 | source() | tst.js:17:10:17:10 | a | only flow with OLD data flow library | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:5:10:5:10 | y | only flow with NEW data flow library | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:7:10:7:17 | y.buffer | only flow with NEW data flow library | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:11:10:11:12 | arr | only flow with NEW data flow library | | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:15:10:15:10 | x | only flow with NEW data flow library | consistencyIssue | nested-props.js:20 | expected an alert, but found none | NOT OK - but not found | Consistency | | stringification-read-steps.js:17 | expected an alert, but found none | NOT OK | Consistency | | stringification-read-steps.js:25 | expected an alert, but found none | NOT OK | Consistency | -| typed-arrays.js:5 | expected an alert, but found none | NOT OK | Consistency | -| typed-arrays.js:7 | expected an alert, but found none | NOT OK | Consistency | -| typed-arrays.js:11 | expected an alert, but found none | NOT OK | Consistency | flow | access-path-sanitizer.js:2:18:2:25 | source() | access-path-sanitizer.js:4:8:4:12 | obj.x | | addexpr.js:4:10:4:17 | source() | addexpr.js:7:8:7:8 | x | @@ -328,6 +328,9 @@ flow | tst.js:87:22:87:29 | source() | tst.js:90:14:90:25 | taintedValue | | tst.js:93:22:93:29 | source() | tst.js:96:14:96:25 | taintedValue | | tst.js:93:22:93:29 | source() | tst.js:97:14:97:26 | map.get(true) | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:5:10:5:10 | y | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:7:10:7:17 | y.buffer | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:11:10:11:12 | arr | | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:8:10:8:17 | captured | | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:15:10:15:10 | x | | xml.js:5:18:5:25 | source() | xml.js:8:14:8:17 | text | diff --git a/javascript/ql/test/query-tests/Security/CWE-522-DecompressionBombs/DecompressionBombs.expected b/javascript/ql/test/query-tests/Security/CWE-522-DecompressionBombs/DecompressionBombs.expected index 56acd539012..11c63c257e8 100644 --- a/javascript/ql/test/query-tests/Security/CWE-522-DecompressionBombs/DecompressionBombs.expected +++ b/javascript/ql/test/query-tests/Security/CWE-522-DecompressionBombs/DecompressionBombs.expected @@ -81,9 +81,12 @@ edges | pako.js:18:48:18:66 | zipFile.data.buffer | pako.js:18:33:18:67 | new Uin ... buffer) | provenance | Config | | pako.js:28:19:28:25 | zipFile | pako.js:29:36:29:42 | zipFile | provenance | | | pako.js:29:11:29:62 | myArray | pako.js:32:31:32:37 | myArray | provenance | | +| pako.js:29:11:29:62 | myArray [ArrayElement] | pako.js:32:31:32:37 | myArray | provenance | | | pako.js:29:21:29:55 | new Uin ... buffer) | pako.js:29:11:29:62 | myArray | provenance | | +| pako.js:29:21:29:55 | new Uin ... buffer) [ArrayElement] | pako.js:29:11:29:62 | myArray [ArrayElement] | provenance | | | pako.js:29:36:29:42 | zipFile | pako.js:29:36:29:54 | zipFile.data.buffer | provenance | | | pako.js:29:36:29:54 | zipFile.data.buffer | pako.js:29:21:29:55 | new Uin ... buffer) | provenance | Config | +| pako.js:29:36:29:54 | zipFile.data.buffer | pako.js:29:21:29:55 | new Uin ... buffer) [ArrayElement] | provenance | | | unbzip2.js:12:5:12:43 | fs.crea ... lePath) | unbzip2.js:12:50:12:54 | bz2() | provenance | Config | | unbzip2.js:12:25:12:42 | req.query.FilePath | unbzip2.js:12:5:12:43 | fs.crea ... lePath) | provenance | Config | | unzipper.js:13:26:13:62 | Readabl ... e.data) | unzipper.js:16:23:16:63 | unzippe ... ath' }) | provenance | Config | @@ -183,7 +186,9 @@ nodes | pako.js:21:31:21:37 | myArray | semmle.label | myArray | | pako.js:28:19:28:25 | zipFile | semmle.label | zipFile | | pako.js:29:11:29:62 | myArray | semmle.label | myArray | +| pako.js:29:11:29:62 | myArray [ArrayElement] | semmle.label | myArray [ArrayElement] | | pako.js:29:21:29:55 | new Uin ... buffer) | semmle.label | new Uin ... buffer) | +| pako.js:29:21:29:55 | new Uin ... buffer) [ArrayElement] | semmle.label | new Uin ... buffer) [ArrayElement] | | pako.js:29:36:29:42 | zipFile | semmle.label | zipFile | | pako.js:29:36:29:54 | zipFile.data.buffer | semmle.label | zipFile.data.buffer | | pako.js:32:31:32:37 | myArray | semmle.label | myArray | From d689a55229615798a3a03d2c067dc659cf44e9fa Mon Sep 17 00:00:00 2001 From: Napalys Date: Mon, 7 Apr 2025 13:12:00 +0200 Subject: [PATCH 278/409] Added test cases for `TypedArray` methods --- .../TaintTracking/BasicTaintTracking.expected | 3 +++ .../test/library-tests/TaintTracking/typed-arrays.js | 11 +++++++++++ 2 files changed, 14 insertions(+) diff --git a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected index 14ae297b4fd..3856dfe15f8 100644 --- a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected +++ b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected @@ -43,6 +43,9 @@ consistencyIssue | nested-props.js:20 | expected an alert, but found none | NOT OK - but not found | Consistency | | stringification-read-steps.js:17 | expected an alert, but found none | NOT OK | Consistency | | stringification-read-steps.js:25 | expected an alert, but found none | NOT OK | Consistency | +| typed-arrays.js:15 | expected an alert, but found none | NOT OK | Consistency | +| typed-arrays.js:18 | expected an alert, but found none | NOT OK | Consistency | +| typed-arrays.js:22 | expected an alert, but found none | NOT OK | Consistency | flow | access-path-sanitizer.js:2:18:2:25 | source() | access-path-sanitizer.js:4:8:4:12 | obj.x | | addexpr.js:4:10:4:17 | source() | addexpr.js:7:8:7:8 | x | diff --git a/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js b/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js index c29c7bef954..4ccf64131b6 100644 --- a/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js +++ b/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js @@ -9,4 +9,15 @@ function test() { var arr = new Uint8Array(y.buffer, y.byteOffset, y.byteLength); sink(arr); // NOT OK + + const z = new Uint8Array([1, 2, 3]); + z.set(y, 3); + sink(z); // NOT OK + + const sub = y.subarray(1, 3) + sink(sub); // NOT OK + + const clone = new y.constructor(y.length); + clone.set(y); + sink(clone); // NOT OK } From edb7aaabab1d5166b207c6a548d8e2e9c6a68e6a Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Fri, 4 Apr 2025 10:50:54 +0200 Subject: [PATCH 279/409] Rust: Add path attribute test --- rust/ql/test/library-tests/path-resolution/my2/mod.rs | 5 +++++ rust/ql/test/library-tests/path-resolution/my2/renamed.rs | 1 + .../library-tests/path-resolution/path-resolution.expected | 6 ++++-- 3 files changed, 10 insertions(+), 2 deletions(-) create mode 100644 rust/ql/test/library-tests/path-resolution/my2/renamed.rs diff --git a/rust/ql/test/library-tests/path-resolution/my2/mod.rs b/rust/ql/test/library-tests/path-resolution/my2/mod.rs index 64291a53af5..27969db97c0 100644 --- a/rust/ql/test/library-tests/path-resolution/my2/mod.rs +++ b/rust/ql/test/library-tests/path-resolution/my2/mod.rs @@ -10,3 +10,8 @@ pub use nested2::nested5::*; // $ item=I114 pub use nested2::nested7::nested8::{self}; // $ item=I118 pub mod my3; + +#[path = "renamed.rs"] +mod mymod; + +use mymod::f; // $ MISSING: item=I1001 diff --git a/rust/ql/test/library-tests/path-resolution/my2/renamed.rs b/rust/ql/test/library-tests/path-resolution/my2/renamed.rs new file mode 100644 index 00000000000..fa37691c136 --- /dev/null +++ b/rust/ql/test/library-tests/path-resolution/my2/renamed.rs @@ -0,0 +1 @@ +pub fn f() {} // I1001 diff --git a/rust/ql/test/library-tests/path-resolution/path-resolution.expected b/rust/ql/test/library-tests/path-resolution/path-resolution.expected index 1d480f2f5ad..85a56c3384c 100644 --- a/rust/ql/test/library-tests/path-resolution/path-resolution.expected +++ b/rust/ql/test/library-tests/path-resolution/path-resolution.expected @@ -30,6 +30,7 @@ mod | main.rs:523:1:548:1 | mod m23 | | my2/mod.rs:1:1:1:16 | mod nested2 | | my2/mod.rs:12:1:12:12 | mod my3 | +| my2/mod.rs:14:1:15:10 | mod mymod | | my2/nested2.rs:1:1:11:1 | mod nested3 | | my2/nested2.rs:2:5:10:5 | mod nested4 | | my2/nested2.rs:13:1:19:1 | mod nested5 | @@ -306,12 +307,13 @@ resolvePath | my2/mod.rs:10:9:10:24 | ...::nested7 | my2/nested2.rs:21:1:27:1 | mod nested7 | | my2/mod.rs:10:9:10:33 | ...::nested8 | my2/nested2.rs:22:5:26:5 | mod nested8 | | my2/mod.rs:10:37:10:40 | self | my2/nested2.rs:22:5:26:5 | mod nested8 | +| my2/mod.rs:17:5:17:9 | mymod | my2/mod.rs:14:1:15:10 | mod mymod | | my2/my3/mod.rs:3:5:3:5 | g | my2/mod.rs:3:1:6:1 | fn g | | my2/my3/mod.rs:4:5:4:5 | h | main.rs:50:1:69:1 | fn h | -| my2/my3/mod.rs:7:5:7:9 | super | my2/mod.rs:1:1:12:13 | SourceFile | +| my2/my3/mod.rs:7:5:7:9 | super | my2/mod.rs:1:1:17:39 | SourceFile | | my2/my3/mod.rs:7:5:7:16 | ...::super | main.rs:1:1:578:2 | SourceFile | | my2/my3/mod.rs:7:5:7:19 | ...::h | main.rs:50:1:69:1 | fn h | -| my2/my3/mod.rs:8:5:8:9 | super | my2/mod.rs:1:1:12:13 | SourceFile | +| my2/my3/mod.rs:8:5:8:9 | super | my2/mod.rs:1:1:17:39 | SourceFile | | my2/my3/mod.rs:8:5:8:12 | ...::g | my2/mod.rs:3:1:6:1 | fn g | | my.rs:3:5:3:10 | nested | my.rs:1:1:1:15 | mod nested | | my.rs:3:5:3:13 | ...::g | my/nested.rs:19:1:22:1 | fn g | From 13f4a6afa6426b9b2e708cb23901333c686704f6 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Fri, 4 Apr 2025 10:51:35 +0200 Subject: [PATCH 280/409] Rust: Handle path attributes in path resolution --- rust/ql/lib/codeql/files/FileSystem.qll | 2 + .../codeql/rust/internal/PathResolution.qll | 27 ++++++++--- .../library-tests/path-resolution/my2/mod.rs | 2 +- .../path-resolution/path-resolution.expected | 5 +- shared/util/codeql/util/FileSystem.qll | 47 +++++++++++++++++++ 5 files changed, 74 insertions(+), 9 deletions(-) diff --git a/rust/ql/lib/codeql/files/FileSystem.qll b/rust/ql/lib/codeql/files/FileSystem.qll index 175f50c7c9e..5a60d28418e 100644 --- a/rust/ql/lib/codeql/files/FileSystem.qll +++ b/rust/ql/lib/codeql/files/FileSystem.qll @@ -34,6 +34,8 @@ class Container = Impl::Container; class Folder = Impl::Folder; +module Folder = Impl::Folder; + /** A file. */ class File extends Container, Impl::File { /** Holds if this file was extracted from ordinary source code. */ diff --git a/rust/ql/lib/codeql/rust/internal/PathResolution.qll b/rust/ql/lib/codeql/rust/internal/PathResolution.qll index 91d7e87704c..ad64e50d009 100644 --- a/rust/ql/lib/codeql/rust/internal/PathResolution.qll +++ b/rust/ql/lib/codeql/rust/internal/PathResolution.qll @@ -655,6 +655,11 @@ private predicate fileModule(SourceFile f, string name, Folder folder) { ) } +private Meta getPathAttrMeta(Module m) { + result = m.getAnAttr().getMeta() and + result.getPath().getText() = "path" +} + /** * Holds if `m` is a `mod name;` module declaration, where the corresponding * module file needs to be looked up in `lookup` or one of its descandants. @@ -663,12 +668,7 @@ private predicate modImport0(Module m, string name, Folder lookup) { exists(File f, Folder parent, string fileName | f = m.getFile() and not m.hasItemList() and - // TODO: handle - // ``` - // #[path = "foo.rs"] - // mod bar; - // ``` - not m.getAnAttr().getMeta().getPath().getText() = "path" and + not exists(getPathAttrMeta(m)) and name = m.getName().getText() and parent = f.getParentContainer() and fileName = f.getStem() @@ -717,6 +717,16 @@ private predicate modImportNestedLookup(Module m, ModuleItemNode ancestor, Folde ) } +private predicate pathAttrImport(Folder f, Module m, string relativePath) { + exists(Meta meta | + f = m.getFile().getParentContainer() and + meta = getPathAttrMeta(m) and + relativePath = meta.getExpr().(LiteralExpr).getTextValue().regexpCapture("\"(.+)\"", 1) + ) +} + +private predicate append(Folder f, string relativePath) { pathAttrImport(f, _, relativePath) } + /** Holds if `m` is a `mod name;` item importing file `f`. */ private predicate fileImport(Module m, SourceFile f) { exists(string name, Folder parent | @@ -730,6 +740,11 @@ private predicate fileImport(Module m, SourceFile f) { // `m` is inside a nested module modImportNestedLookup(m, m, parent) ) + or + exists(Folder folder, string relativePath | + pathAttrImport(folder, m, relativePath) and + f.getFile() = Folder::Append::append(folder, relativePath) + ) } /** diff --git a/rust/ql/test/library-tests/path-resolution/my2/mod.rs b/rust/ql/test/library-tests/path-resolution/my2/mod.rs index 27969db97c0..43c1a05e91f 100644 --- a/rust/ql/test/library-tests/path-resolution/my2/mod.rs +++ b/rust/ql/test/library-tests/path-resolution/my2/mod.rs @@ -14,4 +14,4 @@ pub mod my3; #[path = "renamed.rs"] mod mymod; -use mymod::f; // $ MISSING: item=I1001 +use mymod::f; // $ item=I1001 diff --git a/rust/ql/test/library-tests/path-resolution/path-resolution.expected b/rust/ql/test/library-tests/path-resolution/path-resolution.expected index 85a56c3384c..7fbbca66c39 100644 --- a/rust/ql/test/library-tests/path-resolution/path-resolution.expected +++ b/rust/ql/test/library-tests/path-resolution/path-resolution.expected @@ -308,12 +308,13 @@ resolvePath | my2/mod.rs:10:9:10:33 | ...::nested8 | my2/nested2.rs:22:5:26:5 | mod nested8 | | my2/mod.rs:10:37:10:40 | self | my2/nested2.rs:22:5:26:5 | mod nested8 | | my2/mod.rs:17:5:17:9 | mymod | my2/mod.rs:14:1:15:10 | mod mymod | +| my2/mod.rs:17:5:17:12 | ...::f | my2/renamed.rs:1:1:1:13 | fn f | | my2/my3/mod.rs:3:5:3:5 | g | my2/mod.rs:3:1:6:1 | fn g | | my2/my3/mod.rs:4:5:4:5 | h | main.rs:50:1:69:1 | fn h | -| my2/my3/mod.rs:7:5:7:9 | super | my2/mod.rs:1:1:17:39 | SourceFile | +| my2/my3/mod.rs:7:5:7:9 | super | my2/mod.rs:1:1:17:30 | SourceFile | | my2/my3/mod.rs:7:5:7:16 | ...::super | main.rs:1:1:578:2 | SourceFile | | my2/my3/mod.rs:7:5:7:19 | ...::h | main.rs:50:1:69:1 | fn h | -| my2/my3/mod.rs:8:5:8:9 | super | my2/mod.rs:1:1:17:39 | SourceFile | +| my2/my3/mod.rs:8:5:8:9 | super | my2/mod.rs:1:1:17:30 | SourceFile | | my2/my3/mod.rs:8:5:8:12 | ...::g | my2/mod.rs:3:1:6:1 | fn g | | my.rs:3:5:3:10 | nested | my.rs:1:1:1:15 | mod nested | | my.rs:3:5:3:13 | ...::g | my/nested.rs:19:1:22:1 | fn g | diff --git a/shared/util/codeql/util/FileSystem.qll b/shared/util/codeql/util/FileSystem.qll index a9eb21279b6..261139dcf41 100644 --- a/shared/util/codeql/util/FileSystem.qll +++ b/shared/util/codeql/util/FileSystem.qll @@ -218,6 +218,53 @@ module Make { /** Gets the URL of this file. */ override string getURL() { result = "file://" + this.getAbsolutePath() + ":0:0:0:0" } } + + /** Provides logic related to `Folder`s. */ + module Folder { + /** Holds if `relativePath` needs to be appended to `f`. */ + signature predicate appendSig(Folder f, string relativePath); + + /** Provides the `append` predicate for appending a relative path onto a folder. */ + module Append { + pragma[nomagic] + private string getComponent(string relativePath, int i) { + app(_, relativePath) and + result = relativePath.replaceAll("\\", "/").regexpFind("[^/]+", i, _) + } + + pragma[nomagic] + private Container appendStep(Folder f, string relativePath, int i) { + i = -1 and + app(f, relativePath) and + result = f + or + exists(Container mid, string comp | + mid = appendStep(f, relativePath, i - 1) and + comp = getComponent(relativePath, i) and + if comp = ".." + then result = mid.getParentContainer() + else + if comp = "." + then result = mid + else ( + result = mid.getAChildContainer() and + result.getBaseName() = comp + ) + ) + } + + /** + * Gets the file or folder obtained by appending `relativePath` onto `f`. + */ + pragma[nomagic] + Container append(Folder f, string relativePath) { + exists(int components | + components = (-1).maximum(max(int comp | exists(getComponent(relativePath, comp)) | comp)) and + result = appendStep(f, relativePath, components) + ) + } + } + } } /** A file. */ From dad85854cddf8969136f88788294fa1227b50e89 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 7 Apr 2025 14:27:12 +0100 Subject: [PATCH 281/409] Apply suggestions from code review Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com> --- .../CWE-770/UncontrolledAllocationSize.qhelp | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSize.qhelp b/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSize.qhelp index 936c2761976..fe5a2582e30 100644 --- a/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSize.qhelp +++ b/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSize.qhelp @@ -5,11 +5,11 @@

    Allocating memory with a size based on user input may allow arbitrary amounts of memory to be -allocated, leading to a crash or denial of service incident.

    +allocated, leading to a crash or a denial-of-service (DoS) attack.

    If the user input is multiplied by a constant, such as the size of a type, the result may -overflow. In a build with the --release flag Rust performs two's complement wrapping, -with the result that less memory may be allocated than expected. This can lead to buffer overflow +overflow. In a build with the --release flag, Rust performs two's complement wrapping, +with the result that less memory than expected may be allocated. This can lead to buffer overflow incidents.

     @@ -24,12 +24,12 @@ does not wrap around.

    In the following example, an arbitrary amount of memory is allocated based on user input. In -addition, due to the multiplication operation the result may overflow if a very large value is -provided, leading to less memory being allocated than other parts of the program expect.

    +addition, due to the multiplication operation, the result may overflow if a very large value is +provided. This may lead to less memory being allocated than expected by other parts of the program.

    -

    In the fixed example, the user input is checked against a maximum value. If the check fails an -error is returned, and both the multiplication and alloaction do not take place.

    +

    In the fixed example, the user input is checked against a maximum value. If the check fails, an +error is returned, and both the multiplication and allocation do not take place.

     From 41f54d836eaa9c6e81aa536385a709e9852fe843 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 7 Apr 2025 14:29:32 +0100 Subject: [PATCH 282/409] Rust: Tweak query description. --- .../src/queries/security/CWE-770/UncontrolledAllocationSize.ql | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSize.ql b/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSize.ql index bbaaaf06a02..c4125774315 100644 --- a/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSize.ql +++ b/rust/ql/src/queries/security/CWE-770/UncontrolledAllocationSize.ql @@ -1,7 +1,8 @@ /** * @name Uncontrolled allocation size * @description Allocating memory with a size controlled by an external user can result in - * arbitrary amounts of memory being allocated. + * arbitrary amounts of memory being allocated, leading to a crash or a + * denial-of-service (DoS) attack. * @kind path-problem * @problem.severity recommendation * @security-severity 7.5 From 3744ef737968ea8203e5336ed230a2e3b365bb2e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=93scar=20San=20Jos=C3=A9?= Date: Mon, 7 Apr 2025 15:43:16 +0200 Subject: [PATCH 283/409] Disable csharp tests that use nuget on macos-15 --- .../posix/standalone_dependencies_no_framework/test.py | 7 +++++-- .../posix/standalone_dependencies_nuget with_space/test.py | 7 +++++-- .../posix/standalone_dependencies_nuget/test.py | 7 +++++-- .../posix/standalone_dependencies_nuget_no_sources/test.py | 5 ++++- 4 files changed, 19 insertions(+), 7 deletions(-) diff --git a/csharp/ql/integration-tests/posix/standalone_dependencies_no_framework/test.py b/csharp/ql/integration-tests/posix/standalone_dependencies_no_framework/test.py index 4d5c7b24bc9..d1c1745d69b 100644 --- a/csharp/ql/integration-tests/posix/standalone_dependencies_no_framework/test.py +++ b/csharp/ql/integration-tests/posix/standalone_dependencies_no_framework/test.py @@ -3,8 +3,11 @@ import pytest import os -# Skipping the test on the ARM runners, as we're running into trouble with Mono and nuget. -@pytest.mark.only_if(runs_on.linux or (runs_on.macos and runs_on.x86_64)) +# Skipping the test on the ARM runners and macos-15, as we're running into trouble with Mono and nuget. +@pytest.mark.only_if( + runs_on.linux + or (runs_on.macos and runs_on.x86_64 and not runs_on.macos_15) +) def test(codeql, csharp): os.environ["CODEQL_EXTRACTOR_CSHARP_BUILDLESS_DOTNET_FRAMEWORK_REFERENCES"] = ( "/non-existent-path" diff --git a/csharp/ql/integration-tests/posix/standalone_dependencies_nuget with_space/test.py b/csharp/ql/integration-tests/posix/standalone_dependencies_nuget with_space/test.py index 5bfcb3bfd1c..6d2058c684c 100644 --- a/csharp/ql/integration-tests/posix/standalone_dependencies_nuget with_space/test.py +++ b/csharp/ql/integration-tests/posix/standalone_dependencies_nuget with_space/test.py @@ -3,8 +3,11 @@ import runs_on import pytest -# Skipping the test on the ARM runners, as we're running into trouble with Mono and nuget. -@pytest.mark.only_if(runs_on.linux or (runs_on.macos and runs_on.x86_64)) +# Skipping the test on the ARM runners and macos-15, as we're running into trouble with Mono and nuget. +@pytest.mark.only_if( + runs_on.linux + or (runs_on.macos and runs_on.x86_64 and not runs_on.macos_15) +) def test(codeql, csharp): # making sure we're not doing any fallback restore: os.environ["CODEQL_EXTRACTOR_CSHARP_BUILDLESS_NUGET_FEEDS_CHECK_FALLBACK_TIMEOUT"] = "1" diff --git a/csharp/ql/integration-tests/posix/standalone_dependencies_nuget/test.py b/csharp/ql/integration-tests/posix/standalone_dependencies_nuget/test.py index c7728b64d2a..7f88196097f 100644 --- a/csharp/ql/integration-tests/posix/standalone_dependencies_nuget/test.py +++ b/csharp/ql/integration-tests/posix/standalone_dependencies_nuget/test.py @@ -2,7 +2,10 @@ import runs_on import pytest -# Skipping the test on the ARM runners, as we're running into trouble with Mono and nuget. -@pytest.mark.only_if(runs_on.linux or (runs_on.macos and runs_on.x86_64)) +# Skipping the test on the ARM runners and macos-15, as we're running into trouble with Mono and nuget. +@pytest.mark.only_if( + runs_on.linux + or (runs_on.macos and runs_on.x86_64 and not runs_on.macos_15) +) def test(codeql, csharp): codeql.database.create(build_mode="none") diff --git a/csharp/ql/integration-tests/posix/standalone_dependencies_nuget_no_sources/test.py b/csharp/ql/integration-tests/posix/standalone_dependencies_nuget_no_sources/test.py index a6a6123f019..185fb5201f9 100644 --- a/csharp/ql/integration-tests/posix/standalone_dependencies_nuget_no_sources/test.py +++ b/csharp/ql/integration-tests/posix/standalone_dependencies_nuget_no_sources/test.py @@ -3,6 +3,9 @@ import pytest # Skipping the test on the ARM runners, as we're running into trouble with Mono and nuget. -@pytest.mark.only_if(runs_on.linux or (runs_on.macos and runs_on.x86_64)) +@pytest.mark.only_if( + runs_on.linux + or (runs_on.macos and runs_on.x86_64 and not runs_on.macos_15) +) def test(codeql, csharp): codeql.database.create(source_root="proj", build_mode="none") From 8e76bb1a43f0d399ccc25889da606c7e4cc0fdf0 Mon Sep 17 00:00:00 2001 From: Simon Friis Vindum Date: Mon, 7 Apr 2025 16:46:54 +0200 Subject: [PATCH 284/409] Rust: Minor changes based on PR review --- rust/ql/lib/codeql/rust/internal/Type.qll | 14 +++++++++----- rust/ql/lib/codeql/rust/internal/TypeMention.qll | 8 ++++++-- 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/rust/ql/lib/codeql/rust/internal/Type.qll b/rust/ql/lib/codeql/rust/internal/Type.qll index c3eb83c8dfa..d9c156ef96f 100644 --- a/rust/ql/lib/codeql/rust/internal/Type.qll +++ b/rust/ql/lib/codeql/rust/internal/Type.qll @@ -16,7 +16,7 @@ newtype TType = TArrayType() or // todo: add size? TRefType() or // todo: add mut? TTypeParamTypeParameter(TypeParam t) or - TAssociatedTypeTypeParameter(TypeAlias t) { any(TraitItemNode trait).getADescendant() = t } or + TAssociatedTypeTypeParameter(TypeAlias t) { any(TraitItemNode trait).getAnAssocItem() = t } or TRefTypeParameter() or TSelfTypeParameter(Trait t) @@ -333,7 +333,11 @@ class TypeParamTypeParameter extends TypeParameter, TTypeParamTypeParameter { } } -/** Gets type alias that is the `i`th type parameter of `trait`. */ +/** + * Gets the type alias that is the `i`th type parameter of `trait`. Type aliases + * are numbered consecutively but in arbitrary order, starting from the index + * following the last ordinary type parameter. + */ predicate traitAliasIndex(Trait trait, int i, TypeAlias typeAlias) { typeAlias = rank[i + 1 - trait.getNumberOfGenericParams()](TypeAlias alias | @@ -354,7 +358,7 @@ predicate traitAliasIndex(Trait trait, int i, TypeAlias typeAlias) { * // ... * } * ``` - * is treated as if it where + * is treated as if it was * ```rust * trait ATrait { * // ... @@ -369,9 +373,9 @@ class AssociatedTypeTypeParameter extends TypeParameter, TAssociatedTypeTypePara TypeAlias getTypeAlias() { result = typeAlias } /** Gets the trait that contains this associated type declaration. */ - TraitItemNode getTrait() { result.getADescendant() = typeAlias } + TraitItemNode getTrait() { result.getAnAssocItem() = typeAlias } - int getIndex() { traitAliasIndex(this.getTrait(), result, typeAlias) } + int getIndex() { traitAliasIndex(_, result, typeAlias) } override Function getMethod(string name) { none() } diff --git a/rust/ql/lib/codeql/rust/internal/TypeMention.qll b/rust/ql/lib/codeql/rust/internal/TypeMention.qll index b049d9b7177..f29b7dfe859 100644 --- a/rust/ql/lib/codeql/rust/internal/TypeMention.qll +++ b/rust/ql/lib/codeql/rust/internal/TypeMention.qll @@ -131,11 +131,15 @@ class TypeParamMention extends TypeMention, TypeParam { override Type resolveType() { result = TTypeParamTypeParameter(this) } } -// Used to represent implicit associated type type arguments in traits. +// Used to represent implicit type arguments for associated types in traits. class TypeAliasMention extends TypeMention, TypeAlias { + private Type t; + + TypeAliasMention() { t = TAssociatedTypeTypeParameter(this) } + override TypeReprMention getTypeArgument(int i) { none() } - override Type resolveType() { result = TAssociatedTypeTypeParameter(this) } + override Type resolveType() { result = t } } /** From 602e617bc669725b836e2a56ab03947d7d242df9 Mon Sep 17 00:00:00 2001 From: Simon Friis Vindum Date: Mon, 7 Apr 2025 17:02:51 +0200 Subject: [PATCH 285/409] Rust: Add type inference test for trait with multiple associated types --- .../test/library-tests/type-inference/main.rs | 33 + .../type-inference/type-inference.expected | 1175 +++++++++-------- 2 files changed, 634 insertions(+), 574 deletions(-) diff --git a/rust/ql/test/library-tests/type-inference/main.rs b/rust/ql/test/library-tests/type-inference/main.rs index efe1a3444e0..be85debb7c3 100644 --- a/rust/ql/test/library-tests/type-inference/main.rs +++ b/rust/ql/test/library-tests/type-inference/main.rs @@ -368,6 +368,18 @@ mod trait_associated_type { } } + // A generic trait with multiple associated types. + trait TraitMultipleAssoc { + type Assoc1; + type Assoc2; + + fn get_zero(&self) -> TrG; + + fn get_one(&self) -> Self::Assoc1; + + fn get_two(&self) -> Self::Assoc2; + } + #[derive(Debug, Default)] struct S; @@ -417,6 +429,23 @@ mod trait_associated_type { thing.m1() // $ method=MyTrait::m1 } + impl TraitMultipleAssoc for AT { + type Assoc1 = S; + type Assoc2 = S2; + + fn get_zero(&self) -> AT { + AT + } + + fn get_one(&self) -> Self::Assoc1 { + S + } + + fn get_two(&self) -> Self::Assoc2 { + S2 + } + } + pub fn f() { let x1 = S; // Call to method in `impl` block @@ -441,6 +470,10 @@ mod trait_associated_type { println!("{:?}", x5.m1()); // $ method=m1 MISSING: type=x5.m1():A.S2 let x6 = S2; println!("{:?}", x6.m2()); // $ method=m2 type=x6.m2():A.S2 + + let assoc_zero = AT.get_zero(); // $ method=get_zero type=assoc_zero:AT + let assoc_one = AT.get_one(); // $ method=get_one type=assoc_one:S + let assoc_two = AT.get_two(); // $ method=get_two type=assoc_two:S2 } } diff --git a/rust/ql/test/library-tests/type-inference/type-inference.expected b/rust/ql/test/library-tests/type-inference/type-inference.expected index 907ea9fcc53..477aebc2099 100644 --- a/rust/ql/test/library-tests/type-inference/type-inference.expected +++ b/rust/ql/test/library-tests/type-inference/type-inference.expected @@ -356,577 +356,604 @@ inferType | main.rs:367:13:367:16 | self | &T | main.rs:359:5:369:5 | Self [trait MyTraitAssoc2] | | main.rs:367:13:367:23 | self.put(...) | | main.rs:360:9:360:52 | GenericAssociatedType | | main.rs:367:22:367:22 | b | | main.rs:365:19:365:19 | A | -| main.rs:384:15:384:18 | SelfParam | | main.rs:371:5:372:13 | S | -| main.rs:384:45:386:9 | { ... } | | main.rs:377:5:378:14 | AT | -| main.rs:385:13:385:14 | AT | | main.rs:377:5:378:14 | AT | -| main.rs:394:19:394:23 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:394:19:394:23 | SelfParam | &T | main.rs:371:5:372:13 | S | -| main.rs:394:26:394:26 | a | | main.rs:394:16:394:16 | A | -| main.rs:394:46:396:9 | { ... } | | main.rs:332:5:335:5 | Wrapper | -| main.rs:394:46:396:9 | { ... } | A | main.rs:394:16:394:16 | A | -| main.rs:395:13:395:32 | Wrapper {...} | | main.rs:332:5:335:5 | Wrapper | -| main.rs:395:13:395:32 | Wrapper {...} | A | main.rs:394:16:394:16 | A | -| main.rs:395:30:395:30 | a | | main.rs:394:16:394:16 | A | -| main.rs:403:15:403:18 | SelfParam | | main.rs:374:5:375:14 | S2 | -| main.rs:403:45:405:9 | { ... } | | main.rs:332:5:335:5 | Wrapper | -| main.rs:403:45:405:9 | { ... } | A | main.rs:374:5:375:14 | S2 | -| main.rs:404:13:404:35 | Wrapper {...} | | main.rs:332:5:335:5 | Wrapper | -| main.rs:404:13:404:35 | Wrapper {...} | A | main.rs:374:5:375:14 | S2 | -| main.rs:404:30:404:33 | self | | main.rs:374:5:375:14 | S2 | -| main.rs:410:30:412:9 | { ... } | | main.rs:332:5:335:5 | Wrapper | -| main.rs:410:30:412:9 | { ... } | A | main.rs:374:5:375:14 | S2 | -| main.rs:411:13:411:33 | Wrapper {...} | | main.rs:332:5:335:5 | Wrapper | -| main.rs:411:13:411:33 | Wrapper {...} | A | main.rs:374:5:375:14 | S2 | -| main.rs:411:30:411:31 | S2 | | main.rs:374:5:375:14 | S2 | -| main.rs:416:22:416:26 | thing | | main.rs:416:10:416:19 | T | -| main.rs:417:9:417:13 | thing | | main.rs:416:10:416:19 | T | -| main.rs:421:13:421:14 | x1 | | main.rs:371:5:372:13 | S | -| main.rs:421:18:421:18 | S | | main.rs:371:5:372:13 | S | -| main.rs:423:26:423:27 | x1 | | main.rs:371:5:372:13 | S | -| main.rs:423:26:423:32 | x1.m1() | | main.rs:377:5:378:14 | AT | -| main.rs:425:13:425:14 | x2 | | main.rs:371:5:372:13 | S | -| main.rs:425:18:425:18 | S | | main.rs:371:5:372:13 | S | -| main.rs:427:13:427:13 | y | | main.rs:377:5:378:14 | AT | -| main.rs:427:17:427:18 | x2 | | main.rs:371:5:372:13 | S | -| main.rs:427:17:427:23 | x2.m2() | | main.rs:377:5:378:14 | AT | -| main.rs:428:26:428:26 | y | | main.rs:377:5:378:14 | AT | -| main.rs:430:13:430:14 | x3 | | main.rs:371:5:372:13 | S | -| main.rs:430:18:430:18 | S | | main.rs:371:5:372:13 | S | -| main.rs:432:26:432:27 | x3 | | main.rs:371:5:372:13 | S | -| main.rs:432:26:432:34 | x3.put(...) | | main.rs:332:5:335:5 | Wrapper | -| main.rs:435:26:435:27 | x3 | | main.rs:371:5:372:13 | S | -| main.rs:437:20:437:20 | S | | main.rs:371:5:372:13 | S | -| main.rs:440:13:440:14 | x5 | | main.rs:374:5:375:14 | S2 | -| main.rs:440:18:440:19 | S2 | | main.rs:374:5:375:14 | S2 | -| main.rs:441:26:441:27 | x5 | | main.rs:374:5:375:14 | S2 | -| main.rs:441:26:441:32 | x5.m1() | | main.rs:332:5:335:5 | Wrapper | -| main.rs:442:13:442:14 | x6 | | main.rs:374:5:375:14 | S2 | -| main.rs:442:18:442:19 | S2 | | main.rs:374:5:375:14 | S2 | -| main.rs:443:26:443:27 | x6 | | main.rs:374:5:375:14 | S2 | -| main.rs:443:26:443:32 | x6.m2() | | main.rs:332:5:335:5 | Wrapper | -| main.rs:443:26:443:32 | x6.m2() | A | main.rs:374:5:375:14 | S2 | -| main.rs:460:15:460:18 | SelfParam | | main.rs:448:5:452:5 | MyEnum | -| main.rs:460:15:460:18 | SelfParam | A | main.rs:459:10:459:10 | T | -| main.rs:460:26:465:9 | { ... } | | main.rs:459:10:459:10 | T | -| main.rs:461:13:464:13 | match self { ... } | | main.rs:459:10:459:10 | T | -| main.rs:461:19:461:22 | self | | main.rs:448:5:452:5 | MyEnum | -| main.rs:461:19:461:22 | self | A | main.rs:459:10:459:10 | T | -| main.rs:462:28:462:28 | a | | main.rs:459:10:459:10 | T | -| main.rs:462:34:462:34 | a | | main.rs:459:10:459:10 | T | -| main.rs:463:30:463:30 | a | | main.rs:459:10:459:10 | T | -| main.rs:463:37:463:37 | a | | main.rs:459:10:459:10 | T | -| main.rs:469:13:469:13 | x | | main.rs:448:5:452:5 | MyEnum | -| main.rs:469:13:469:13 | x | A | main.rs:454:5:455:14 | S1 | -| main.rs:469:17:469:30 | ...::C1(...) | | main.rs:448:5:452:5 | MyEnum | -| main.rs:469:17:469:30 | ...::C1(...) | A | main.rs:454:5:455:14 | S1 | -| main.rs:469:28:469:29 | S1 | | main.rs:454:5:455:14 | S1 | -| main.rs:470:13:470:13 | y | | main.rs:448:5:452:5 | MyEnum | -| main.rs:470:13:470:13 | y | A | main.rs:456:5:457:14 | S2 | -| main.rs:470:17:470:36 | ...::C2 {...} | | main.rs:448:5:452:5 | MyEnum | -| main.rs:470:17:470:36 | ...::C2 {...} | A | main.rs:456:5:457:14 | S2 | -| main.rs:470:33:470:34 | S2 | | main.rs:456:5:457:14 | S2 | -| main.rs:472:26:472:26 | x | | main.rs:448:5:452:5 | MyEnum | -| main.rs:472:26:472:26 | x | A | main.rs:454:5:455:14 | S1 | -| main.rs:472:26:472:31 | x.m1() | | main.rs:454:5:455:14 | S1 | -| main.rs:473:26:473:26 | y | | main.rs:448:5:452:5 | MyEnum | -| main.rs:473:26:473:26 | y | A | main.rs:456:5:457:14 | S2 | -| main.rs:473:26:473:31 | y.m1() | | main.rs:456:5:457:14 | S2 | -| main.rs:495:15:495:18 | SelfParam | | main.rs:493:5:496:5 | Self [trait MyTrait1] | -| main.rs:499:15:499:18 | SelfParam | | main.rs:498:5:509:5 | Self [trait MyTrait2] | -| main.rs:502:9:508:9 | { ... } | | main.rs:498:20:498:22 | Tr2 | -| main.rs:503:13:507:13 | if ... {...} else {...} | | main.rs:498:20:498:22 | Tr2 | -| main.rs:503:26:505:13 | { ... } | | main.rs:498:20:498:22 | Tr2 | -| main.rs:504:17:504:20 | self | | main.rs:498:5:509:5 | Self [trait MyTrait2] | -| main.rs:504:17:504:25 | self.m1() | | main.rs:498:20:498:22 | Tr2 | -| main.rs:505:20:507:13 | { ... } | | main.rs:498:20:498:22 | Tr2 | -| main.rs:506:17:506:30 | ...::m1(...) | | main.rs:498:20:498:22 | Tr2 | -| main.rs:506:26:506:29 | self | | main.rs:498:5:509:5 | Self [trait MyTrait2] | -| main.rs:512:15:512:18 | SelfParam | | main.rs:511:5:522:5 | Self [trait MyTrait3] | -| main.rs:515:9:521:9 | { ... } | | main.rs:511:20:511:22 | Tr3 | -| main.rs:516:13:520:13 | if ... {...} else {...} | | main.rs:511:20:511:22 | Tr3 | -| main.rs:516:26:518:13 | { ... } | | main.rs:511:20:511:22 | Tr3 | -| main.rs:517:17:517:20 | self | | main.rs:511:5:522:5 | Self [trait MyTrait3] | -| main.rs:517:17:517:25 | self.m2() | | main.rs:478:5:481:5 | MyThing | -| main.rs:517:17:517:25 | self.m2() | A | main.rs:511:20:511:22 | Tr3 | -| main.rs:517:17:517:27 | ... .a | | main.rs:511:20:511:22 | Tr3 | -| main.rs:518:20:520:13 | { ... } | | main.rs:511:20:511:22 | Tr3 | -| main.rs:519:17:519:30 | ...::m2(...) | | main.rs:478:5:481:5 | MyThing | -| main.rs:519:17:519:30 | ...::m2(...) | A | main.rs:511:20:511:22 | Tr3 | -| main.rs:519:17:519:32 | ... .a | | main.rs:511:20:511:22 | Tr3 | -| main.rs:519:26:519:29 | self | | main.rs:511:5:522:5 | Self [trait MyTrait3] | -| main.rs:526:15:526:18 | SelfParam | | main.rs:478:5:481:5 | MyThing | -| main.rs:526:15:526:18 | SelfParam | A | main.rs:524:10:524:10 | T | -| main.rs:526:26:528:9 | { ... } | | main.rs:524:10:524:10 | T | -| main.rs:527:13:527:16 | self | | main.rs:478:5:481:5 | MyThing | -| main.rs:527:13:527:16 | self | A | main.rs:524:10:524:10 | T | -| main.rs:527:13:527:18 | self.a | | main.rs:524:10:524:10 | T | -| main.rs:535:15:535:18 | SelfParam | | main.rs:483:5:486:5 | MyThing2 | -| main.rs:535:15:535:18 | SelfParam | A | main.rs:533:10:533:10 | T | -| main.rs:535:35:537:9 | { ... } | | main.rs:478:5:481:5 | MyThing | -| main.rs:535:35:537:9 | { ... } | A | main.rs:533:10:533:10 | T | -| main.rs:536:13:536:33 | MyThing {...} | | main.rs:478:5:481:5 | MyThing | -| main.rs:536:13:536:33 | MyThing {...} | A | main.rs:533:10:533:10 | T | -| main.rs:536:26:536:29 | self | | main.rs:483:5:486:5 | MyThing2 | -| main.rs:536:26:536:29 | self | A | main.rs:533:10:533:10 | T | -| main.rs:536:26:536:31 | self.a | | main.rs:533:10:533:10 | T | -| main.rs:545:13:545:13 | x | | main.rs:478:5:481:5 | MyThing | -| main.rs:545:13:545:13 | x | A | main.rs:488:5:489:14 | S1 | -| main.rs:545:17:545:33 | MyThing {...} | | main.rs:478:5:481:5 | MyThing | -| main.rs:545:17:545:33 | MyThing {...} | A | main.rs:488:5:489:14 | S1 | -| main.rs:545:30:545:31 | S1 | | main.rs:488:5:489:14 | S1 | -| main.rs:546:13:546:13 | y | | main.rs:478:5:481:5 | MyThing | -| main.rs:546:13:546:13 | y | A | main.rs:490:5:491:14 | S2 | -| main.rs:546:17:546:33 | MyThing {...} | | main.rs:478:5:481:5 | MyThing | -| main.rs:546:17:546:33 | MyThing {...} | A | main.rs:490:5:491:14 | S2 | -| main.rs:546:30:546:31 | S2 | | main.rs:490:5:491:14 | S2 | -| main.rs:548:26:548:26 | x | | main.rs:478:5:481:5 | MyThing | -| main.rs:548:26:548:26 | x | A | main.rs:488:5:489:14 | S1 | -| main.rs:548:26:548:31 | x.m1() | | main.rs:488:5:489:14 | S1 | -| main.rs:549:26:549:26 | y | | main.rs:478:5:481:5 | MyThing | -| main.rs:549:26:549:26 | y | A | main.rs:490:5:491:14 | S2 | -| main.rs:549:26:549:31 | y.m1() | | main.rs:490:5:491:14 | S2 | -| main.rs:551:13:551:13 | x | | main.rs:478:5:481:5 | MyThing | -| main.rs:551:13:551:13 | x | A | main.rs:488:5:489:14 | S1 | -| main.rs:551:17:551:33 | MyThing {...} | | main.rs:478:5:481:5 | MyThing | -| main.rs:551:17:551:33 | MyThing {...} | A | main.rs:488:5:489:14 | S1 | -| main.rs:551:30:551:31 | S1 | | main.rs:488:5:489:14 | S1 | -| main.rs:552:13:552:13 | y | | main.rs:478:5:481:5 | MyThing | -| main.rs:552:13:552:13 | y | A | main.rs:490:5:491:14 | S2 | -| main.rs:552:17:552:33 | MyThing {...} | | main.rs:478:5:481:5 | MyThing | -| main.rs:552:17:552:33 | MyThing {...} | A | main.rs:490:5:491:14 | S2 | -| main.rs:552:30:552:31 | S2 | | main.rs:490:5:491:14 | S2 | -| main.rs:554:26:554:26 | x | | main.rs:478:5:481:5 | MyThing | -| main.rs:554:26:554:26 | x | A | main.rs:488:5:489:14 | S1 | -| main.rs:554:26:554:31 | x.m2() | | main.rs:488:5:489:14 | S1 | -| main.rs:555:26:555:26 | y | | main.rs:478:5:481:5 | MyThing | -| main.rs:555:26:555:26 | y | A | main.rs:490:5:491:14 | S2 | -| main.rs:555:26:555:31 | y.m2() | | main.rs:490:5:491:14 | S2 | -| main.rs:557:13:557:13 | x | | main.rs:483:5:486:5 | MyThing2 | -| main.rs:557:13:557:13 | x | A | main.rs:488:5:489:14 | S1 | -| main.rs:557:17:557:34 | MyThing2 {...} | | main.rs:483:5:486:5 | MyThing2 | -| main.rs:557:17:557:34 | MyThing2 {...} | A | main.rs:488:5:489:14 | S1 | -| main.rs:557:31:557:32 | S1 | | main.rs:488:5:489:14 | S1 | -| main.rs:558:13:558:13 | y | | main.rs:483:5:486:5 | MyThing2 | -| main.rs:558:13:558:13 | y | A | main.rs:490:5:491:14 | S2 | -| main.rs:558:17:558:34 | MyThing2 {...} | | main.rs:483:5:486:5 | MyThing2 | -| main.rs:558:17:558:34 | MyThing2 {...} | A | main.rs:490:5:491:14 | S2 | -| main.rs:558:31:558:32 | S2 | | main.rs:490:5:491:14 | S2 | -| main.rs:560:26:560:26 | x | | main.rs:483:5:486:5 | MyThing2 | -| main.rs:560:26:560:26 | x | A | main.rs:488:5:489:14 | S1 | -| main.rs:560:26:560:31 | x.m3() | | main.rs:488:5:489:14 | S1 | -| main.rs:561:26:561:26 | y | | main.rs:483:5:486:5 | MyThing2 | -| main.rs:561:26:561:26 | y | A | main.rs:490:5:491:14 | S2 | -| main.rs:561:26:561:31 | y.m3() | | main.rs:490:5:491:14 | S2 | -| main.rs:579:22:579:22 | x | | file://:0:0:0:0 | & | -| main.rs:579:22:579:22 | x | &T | main.rs:579:11:579:19 | T | -| main.rs:579:35:581:5 | { ... } | | file://:0:0:0:0 | & | -| main.rs:579:35:581:5 | { ... } | &T | main.rs:579:11:579:19 | T | -| main.rs:580:9:580:9 | x | | file://:0:0:0:0 | & | -| main.rs:580:9:580:9 | x | &T | main.rs:579:11:579:19 | T | -| main.rs:584:17:584:20 | SelfParam | | main.rs:569:5:570:14 | S1 | -| main.rs:584:29:586:9 | { ... } | | main.rs:572:5:573:14 | S2 | -| main.rs:585:13:585:14 | S2 | | main.rs:572:5:573:14 | S2 | -| main.rs:589:21:589:21 | x | | main.rs:589:13:589:14 | T1 | -| main.rs:592:5:594:5 | { ... } | | main.rs:589:17:589:18 | T2 | -| main.rs:593:9:593:9 | x | | main.rs:589:13:589:14 | T1 | -| main.rs:593:9:593:16 | x.into() | | main.rs:589:17:589:18 | T2 | -| main.rs:597:13:597:13 | x | | main.rs:569:5:570:14 | S1 | -| main.rs:597:17:597:18 | S1 | | main.rs:569:5:570:14 | S1 | -| main.rs:598:26:598:31 | id(...) | | file://:0:0:0:0 | & | -| main.rs:598:26:598:31 | id(...) | &T | main.rs:569:5:570:14 | S1 | -| main.rs:598:29:598:30 | &x | | file://:0:0:0:0 | & | -| main.rs:598:29:598:30 | &x | &T | main.rs:569:5:570:14 | S1 | -| main.rs:598:30:598:30 | x | | main.rs:569:5:570:14 | S1 | -| main.rs:600:13:600:13 | x | | main.rs:569:5:570:14 | S1 | -| main.rs:600:17:600:18 | S1 | | main.rs:569:5:570:14 | S1 | -| main.rs:601:26:601:37 | id::<...>(...) | | file://:0:0:0:0 | & | -| main.rs:601:26:601:37 | id::<...>(...) | &T | main.rs:569:5:570:14 | S1 | -| main.rs:601:35:601:36 | &x | | file://:0:0:0:0 | & | -| main.rs:601:35:601:36 | &x | &T | main.rs:569:5:570:14 | S1 | -| main.rs:601:36:601:36 | x | | main.rs:569:5:570:14 | S1 | -| main.rs:603:13:603:13 | x | | main.rs:569:5:570:14 | S1 | -| main.rs:603:17:603:18 | S1 | | main.rs:569:5:570:14 | S1 | -| main.rs:604:26:604:44 | id::<...>(...) | | file://:0:0:0:0 | & | -| main.rs:604:26:604:44 | id::<...>(...) | &T | main.rs:569:5:570:14 | S1 | -| main.rs:604:42:604:43 | &x | | file://:0:0:0:0 | & | -| main.rs:604:42:604:43 | &x | &T | main.rs:569:5:570:14 | S1 | -| main.rs:604:43:604:43 | x | | main.rs:569:5:570:14 | S1 | -| main.rs:606:13:606:13 | x | | main.rs:569:5:570:14 | S1 | -| main.rs:606:17:606:18 | S1 | | main.rs:569:5:570:14 | S1 | -| main.rs:607:9:607:25 | into::<...>(...) | | main.rs:572:5:573:14 | S2 | -| main.rs:607:24:607:24 | x | | main.rs:569:5:570:14 | S1 | -| main.rs:609:13:609:13 | x | | main.rs:569:5:570:14 | S1 | -| main.rs:609:17:609:18 | S1 | | main.rs:569:5:570:14 | S1 | -| main.rs:610:13:610:13 | y | | main.rs:572:5:573:14 | S2 | -| main.rs:610:21:610:27 | into(...) | | main.rs:572:5:573:14 | S2 | -| main.rs:610:26:610:26 | x | | main.rs:569:5:570:14 | S1 | -| main.rs:640:13:640:14 | p1 | | main.rs:615:5:621:5 | PairOption | -| main.rs:640:13:640:14 | p1 | Fst | main.rs:623:5:624:14 | S1 | -| main.rs:640:13:640:14 | p1 | Snd | main.rs:626:5:627:14 | S2 | -| main.rs:640:26:640:53 | ...::PairBoth(...) | | main.rs:615:5:621:5 | PairOption | -| main.rs:640:26:640:53 | ...::PairBoth(...) | Fst | main.rs:623:5:624:14 | S1 | -| main.rs:640:26:640:53 | ...::PairBoth(...) | Snd | main.rs:626:5:627:14 | S2 | -| main.rs:640:47:640:48 | S1 | | main.rs:623:5:624:14 | S1 | -| main.rs:640:51:640:52 | S2 | | main.rs:626:5:627:14 | S2 | -| main.rs:641:26:641:27 | p1 | | main.rs:615:5:621:5 | PairOption | -| main.rs:641:26:641:27 | p1 | Fst | main.rs:623:5:624:14 | S1 | -| main.rs:641:26:641:27 | p1 | Snd | main.rs:626:5:627:14 | S2 | -| main.rs:644:13:644:14 | p2 | | main.rs:615:5:621:5 | PairOption | -| main.rs:644:26:644:47 | ...::PairNone(...) | | main.rs:615:5:621:5 | PairOption | -| main.rs:645:26:645:27 | p2 | | main.rs:615:5:621:5 | PairOption | -| main.rs:648:13:648:14 | p3 | | main.rs:615:5:621:5 | PairOption | -| main.rs:648:13:648:14 | p3 | Snd | main.rs:629:5:630:14 | S3 | -| main.rs:648:34:648:56 | ...::PairSnd(...) | | main.rs:615:5:621:5 | PairOption | -| main.rs:648:34:648:56 | ...::PairSnd(...) | Snd | main.rs:629:5:630:14 | S3 | -| main.rs:648:54:648:55 | S3 | | main.rs:629:5:630:14 | S3 | -| main.rs:649:26:649:27 | p3 | | main.rs:615:5:621:5 | PairOption | -| main.rs:649:26:649:27 | p3 | Snd | main.rs:629:5:630:14 | S3 | -| main.rs:652:13:652:14 | p3 | | main.rs:615:5:621:5 | PairOption | -| main.rs:652:13:652:14 | p3 | Fst | main.rs:629:5:630:14 | S3 | -| main.rs:652:35:652:56 | ...::PairNone(...) | | main.rs:615:5:621:5 | PairOption | -| main.rs:652:35:652:56 | ...::PairNone(...) | Fst | main.rs:629:5:630:14 | S3 | -| main.rs:653:26:653:27 | p3 | | main.rs:615:5:621:5 | PairOption | -| main.rs:653:26:653:27 | p3 | Fst | main.rs:629:5:630:14 | S3 | -| main.rs:666:16:666:24 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:666:16:666:24 | SelfParam | &T | main.rs:664:5:671:5 | Self [trait MyTrait] | -| main.rs:666:27:666:31 | value | | main.rs:664:19:664:19 | S | -| main.rs:668:21:668:29 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:668:21:668:29 | SelfParam | &T | main.rs:664:5:671:5 | Self [trait MyTrait] | -| main.rs:668:32:668:36 | value | | main.rs:664:19:664:19 | S | -| main.rs:669:13:669:16 | self | | file://:0:0:0:0 | & | -| main.rs:669:13:669:16 | self | &T | main.rs:664:5:671:5 | Self [trait MyTrait] | -| main.rs:669:22:669:26 | value | | main.rs:664:19:664:19 | S | -| main.rs:675:16:675:24 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:675:16:675:24 | SelfParam | &T | main.rs:658:5:662:5 | MyOption | -| main.rs:675:16:675:24 | SelfParam | &T.T | main.rs:673:10:673:10 | T | -| main.rs:675:27:675:31 | value | | main.rs:673:10:673:10 | T | -| main.rs:679:26:681:9 | { ... } | | main.rs:658:5:662:5 | MyOption | -| main.rs:679:26:681:9 | { ... } | T | main.rs:678:10:678:10 | T | -| main.rs:680:13:680:30 | ...::MyNone(...) | | main.rs:658:5:662:5 | MyOption | -| main.rs:680:13:680:30 | ...::MyNone(...) | T | main.rs:678:10:678:10 | T | -| main.rs:685:20:685:23 | SelfParam | | main.rs:658:5:662:5 | MyOption | -| main.rs:685:20:685:23 | SelfParam | T | main.rs:658:5:662:5 | MyOption | -| main.rs:685:20:685:23 | SelfParam | T.T | main.rs:684:10:684:10 | T | -| main.rs:685:41:690:9 | { ... } | | main.rs:658:5:662:5 | MyOption | -| main.rs:685:41:690:9 | { ... } | T | main.rs:684:10:684:10 | T | -| main.rs:686:13:689:13 | match self { ... } | | main.rs:658:5:662:5 | MyOption | -| main.rs:686:13:689:13 | match self { ... } | T | main.rs:684:10:684:10 | T | -| main.rs:686:19:686:22 | self | | main.rs:658:5:662:5 | MyOption | -| main.rs:686:19:686:22 | self | T | main.rs:658:5:662:5 | MyOption | -| main.rs:686:19:686:22 | self | T.T | main.rs:684:10:684:10 | T | -| main.rs:687:39:687:56 | ...::MyNone(...) | | main.rs:658:5:662:5 | MyOption | -| main.rs:687:39:687:56 | ...::MyNone(...) | T | main.rs:684:10:684:10 | T | -| main.rs:688:34:688:34 | x | | main.rs:658:5:662:5 | MyOption | -| main.rs:688:34:688:34 | x | T | main.rs:684:10:684:10 | T | -| main.rs:688:40:688:40 | x | | main.rs:658:5:662:5 | MyOption | -| main.rs:688:40:688:40 | x | T | main.rs:684:10:684:10 | T | -| main.rs:697:13:697:14 | x1 | | main.rs:658:5:662:5 | MyOption | -| main.rs:697:18:697:37 | ...::new(...) | | main.rs:658:5:662:5 | MyOption | -| main.rs:698:26:698:27 | x1 | | main.rs:658:5:662:5 | MyOption | -| main.rs:700:13:700:18 | mut x2 | | main.rs:658:5:662:5 | MyOption | -| main.rs:700:13:700:18 | mut x2 | T | main.rs:693:5:694:13 | S | -| main.rs:700:22:700:36 | ...::new(...) | | main.rs:658:5:662:5 | MyOption | -| main.rs:700:22:700:36 | ...::new(...) | T | main.rs:693:5:694:13 | S | -| main.rs:701:9:701:10 | x2 | | main.rs:658:5:662:5 | MyOption | -| main.rs:701:9:701:10 | x2 | T | main.rs:693:5:694:13 | S | -| main.rs:701:16:701:16 | S | | main.rs:693:5:694:13 | S | -| main.rs:702:26:702:27 | x2 | | main.rs:658:5:662:5 | MyOption | -| main.rs:702:26:702:27 | x2 | T | main.rs:693:5:694:13 | S | -| main.rs:704:13:704:18 | mut x3 | | main.rs:658:5:662:5 | MyOption | -| main.rs:704:22:704:36 | ...::new(...) | | main.rs:658:5:662:5 | MyOption | -| main.rs:705:9:705:10 | x3 | | main.rs:658:5:662:5 | MyOption | -| main.rs:705:21:705:21 | S | | main.rs:693:5:694:13 | S | -| main.rs:706:26:706:27 | x3 | | main.rs:658:5:662:5 | MyOption | -| main.rs:708:13:708:18 | mut x4 | | main.rs:658:5:662:5 | MyOption | -| main.rs:708:13:708:18 | mut x4 | T | main.rs:693:5:694:13 | S | -| main.rs:708:22:708:36 | ...::new(...) | | main.rs:658:5:662:5 | MyOption | -| main.rs:708:22:708:36 | ...::new(...) | T | main.rs:693:5:694:13 | S | -| main.rs:709:23:709:29 | &mut x4 | | file://:0:0:0:0 | & | -| main.rs:709:23:709:29 | &mut x4 | &T | main.rs:658:5:662:5 | MyOption | -| main.rs:709:23:709:29 | &mut x4 | &T.T | main.rs:693:5:694:13 | S | -| main.rs:709:28:709:29 | x4 | | main.rs:658:5:662:5 | MyOption | -| main.rs:709:28:709:29 | x4 | T | main.rs:693:5:694:13 | S | -| main.rs:709:32:709:32 | S | | main.rs:693:5:694:13 | S | -| main.rs:710:26:710:27 | x4 | | main.rs:658:5:662:5 | MyOption | -| main.rs:710:26:710:27 | x4 | T | main.rs:693:5:694:13 | S | -| main.rs:712:13:712:14 | x5 | | main.rs:658:5:662:5 | MyOption | -| main.rs:712:13:712:14 | x5 | T | main.rs:658:5:662:5 | MyOption | -| main.rs:712:13:712:14 | x5 | T.T | main.rs:693:5:694:13 | S | -| main.rs:712:18:712:58 | ...::MySome(...) | | main.rs:658:5:662:5 | MyOption | -| main.rs:712:18:712:58 | ...::MySome(...) | T | main.rs:658:5:662:5 | MyOption | -| main.rs:712:18:712:58 | ...::MySome(...) | T.T | main.rs:693:5:694:13 | S | -| main.rs:712:35:712:57 | ...::MyNone(...) | | main.rs:658:5:662:5 | MyOption | -| main.rs:712:35:712:57 | ...::MyNone(...) | T | main.rs:693:5:694:13 | S | -| main.rs:713:26:713:27 | x5 | | main.rs:658:5:662:5 | MyOption | -| main.rs:713:26:713:27 | x5 | T | main.rs:658:5:662:5 | MyOption | -| main.rs:713:26:713:27 | x5 | T.T | main.rs:693:5:694:13 | S | -| main.rs:715:13:715:14 | x6 | | main.rs:658:5:662:5 | MyOption | -| main.rs:715:13:715:14 | x6 | T | main.rs:658:5:662:5 | MyOption | -| main.rs:715:13:715:14 | x6 | T.T | main.rs:693:5:694:13 | S | -| main.rs:715:18:715:58 | ...::MySome(...) | | main.rs:658:5:662:5 | MyOption | -| main.rs:715:18:715:58 | ...::MySome(...) | T | main.rs:658:5:662:5 | MyOption | -| main.rs:715:18:715:58 | ...::MySome(...) | T.T | main.rs:693:5:694:13 | S | -| main.rs:715:35:715:57 | ...::MyNone(...) | | main.rs:658:5:662:5 | MyOption | -| main.rs:715:35:715:57 | ...::MyNone(...) | T | main.rs:693:5:694:13 | S | -| main.rs:716:26:716:61 | ...::flatten(...) | | main.rs:658:5:662:5 | MyOption | -| main.rs:716:26:716:61 | ...::flatten(...) | T | main.rs:693:5:694:13 | S | -| main.rs:716:59:716:60 | x6 | | main.rs:658:5:662:5 | MyOption | -| main.rs:716:59:716:60 | x6 | T | main.rs:658:5:662:5 | MyOption | -| main.rs:716:59:716:60 | x6 | T.T | main.rs:693:5:694:13 | S | -| main.rs:718:13:718:19 | from_if | | main.rs:658:5:662:5 | MyOption | -| main.rs:718:13:718:19 | from_if | T | main.rs:693:5:694:13 | S | -| main.rs:718:23:722:9 | if ... {...} else {...} | | main.rs:658:5:662:5 | MyOption | -| main.rs:718:23:722:9 | if ... {...} else {...} | T | main.rs:693:5:694:13 | S | -| main.rs:718:36:720:9 | { ... } | | main.rs:658:5:662:5 | MyOption | -| main.rs:718:36:720:9 | { ... } | T | main.rs:693:5:694:13 | S | -| main.rs:719:13:719:30 | ...::MyNone(...) | | main.rs:658:5:662:5 | MyOption | -| main.rs:719:13:719:30 | ...::MyNone(...) | T | main.rs:693:5:694:13 | S | -| main.rs:720:16:722:9 | { ... } | | main.rs:658:5:662:5 | MyOption | -| main.rs:720:16:722:9 | { ... } | T | main.rs:693:5:694:13 | S | -| main.rs:721:13:721:31 | ...::MySome(...) | | main.rs:658:5:662:5 | MyOption | -| main.rs:721:13:721:31 | ...::MySome(...) | T | main.rs:693:5:694:13 | S | -| main.rs:721:30:721:30 | S | | main.rs:693:5:694:13 | S | -| main.rs:723:26:723:32 | from_if | | main.rs:658:5:662:5 | MyOption | -| main.rs:723:26:723:32 | from_if | T | main.rs:693:5:694:13 | S | -| main.rs:725:13:725:22 | from_match | | main.rs:658:5:662:5 | MyOption | -| main.rs:725:13:725:22 | from_match | T | main.rs:693:5:694:13 | S | -| main.rs:725:26:728:9 | match ... { ... } | | main.rs:658:5:662:5 | MyOption | -| main.rs:725:26:728:9 | match ... { ... } | T | main.rs:693:5:694:13 | S | -| main.rs:726:21:726:38 | ...::MyNone(...) | | main.rs:658:5:662:5 | MyOption | -| main.rs:726:21:726:38 | ...::MyNone(...) | T | main.rs:693:5:694:13 | S | -| main.rs:727:22:727:40 | ...::MySome(...) | | main.rs:658:5:662:5 | MyOption | -| main.rs:727:22:727:40 | ...::MySome(...) | T | main.rs:693:5:694:13 | S | -| main.rs:727:39:727:39 | S | | main.rs:693:5:694:13 | S | -| main.rs:729:26:729:35 | from_match | | main.rs:658:5:662:5 | MyOption | -| main.rs:729:26:729:35 | from_match | T | main.rs:693:5:694:13 | S | -| main.rs:731:13:731:21 | from_loop | | main.rs:658:5:662:5 | MyOption | -| main.rs:731:13:731:21 | from_loop | T | main.rs:693:5:694:13 | S | -| main.rs:731:25:736:9 | loop { ... } | | main.rs:658:5:662:5 | MyOption | -| main.rs:731:25:736:9 | loop { ... } | T | main.rs:693:5:694:13 | S | -| main.rs:733:23:733:40 | ...::MyNone(...) | | main.rs:658:5:662:5 | MyOption | -| main.rs:733:23:733:40 | ...::MyNone(...) | T | main.rs:693:5:694:13 | S | -| main.rs:735:19:735:37 | ...::MySome(...) | | main.rs:658:5:662:5 | MyOption | -| main.rs:735:19:735:37 | ...::MySome(...) | T | main.rs:693:5:694:13 | S | -| main.rs:735:36:735:36 | S | | main.rs:693:5:694:13 | S | -| main.rs:737:26:737:34 | from_loop | | main.rs:658:5:662:5 | MyOption | -| main.rs:737:26:737:34 | from_loop | T | main.rs:693:5:694:13 | S | -| main.rs:750:15:750:18 | SelfParam | | main.rs:743:5:744:19 | S | -| main.rs:750:15:750:18 | SelfParam | T | main.rs:749:10:749:10 | T | -| main.rs:750:26:752:9 | { ... } | | main.rs:749:10:749:10 | T | -| main.rs:751:13:751:16 | self | | main.rs:743:5:744:19 | S | -| main.rs:751:13:751:16 | self | T | main.rs:749:10:749:10 | T | -| main.rs:751:13:751:18 | self.0 | | main.rs:749:10:749:10 | T | -| main.rs:754:15:754:19 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:754:15:754:19 | SelfParam | &T | main.rs:743:5:744:19 | S | -| main.rs:754:15:754:19 | SelfParam | &T.T | main.rs:749:10:749:10 | T | -| main.rs:754:28:756:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:754:28:756:9 | { ... } | &T | main.rs:749:10:749:10 | T | -| main.rs:755:13:755:19 | &... | | file://:0:0:0:0 | & | -| main.rs:755:13:755:19 | &... | &T | main.rs:749:10:749:10 | T | -| main.rs:755:14:755:17 | self | | file://:0:0:0:0 | & | -| main.rs:755:14:755:17 | self | &T | main.rs:743:5:744:19 | S | -| main.rs:755:14:755:17 | self | &T.T | main.rs:749:10:749:10 | T | -| main.rs:755:14:755:19 | self.0 | | main.rs:749:10:749:10 | T | -| main.rs:758:15:758:25 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:758:15:758:25 | SelfParam | &T | main.rs:743:5:744:19 | S | -| main.rs:758:15:758:25 | SelfParam | &T.T | main.rs:749:10:749:10 | T | -| main.rs:758:34:760:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:758:34:760:9 | { ... } | &T | main.rs:749:10:749:10 | T | -| main.rs:759:13:759:19 | &... | | file://:0:0:0:0 | & | -| main.rs:759:13:759:19 | &... | &T | main.rs:749:10:749:10 | T | -| main.rs:759:14:759:17 | self | | file://:0:0:0:0 | & | -| main.rs:759:14:759:17 | self | &T | main.rs:743:5:744:19 | S | -| main.rs:759:14:759:17 | self | &T.T | main.rs:749:10:749:10 | T | -| main.rs:759:14:759:19 | self.0 | | main.rs:749:10:749:10 | T | -| main.rs:764:13:764:14 | x1 | | main.rs:743:5:744:19 | S | -| main.rs:764:13:764:14 | x1 | T | main.rs:746:5:747:14 | S2 | -| main.rs:764:18:764:22 | S(...) | | main.rs:743:5:744:19 | S | -| main.rs:764:18:764:22 | S(...) | T | main.rs:746:5:747:14 | S2 | -| main.rs:764:20:764:21 | S2 | | main.rs:746:5:747:14 | S2 | -| main.rs:765:26:765:27 | x1 | | main.rs:743:5:744:19 | S | -| main.rs:765:26:765:27 | x1 | T | main.rs:746:5:747:14 | S2 | -| main.rs:765:26:765:32 | x1.m1() | | main.rs:746:5:747:14 | S2 | -| main.rs:767:13:767:14 | x2 | | main.rs:743:5:744:19 | S | -| main.rs:767:13:767:14 | x2 | T | main.rs:746:5:747:14 | S2 | -| main.rs:767:18:767:22 | S(...) | | main.rs:743:5:744:19 | S | -| main.rs:767:18:767:22 | S(...) | T | main.rs:746:5:747:14 | S2 | -| main.rs:767:20:767:21 | S2 | | main.rs:746:5:747:14 | S2 | -| main.rs:769:26:769:27 | x2 | | main.rs:743:5:744:19 | S | -| main.rs:769:26:769:27 | x2 | T | main.rs:746:5:747:14 | S2 | -| main.rs:769:26:769:32 | x2.m2() | | file://:0:0:0:0 | & | -| main.rs:769:26:769:32 | x2.m2() | &T | main.rs:746:5:747:14 | S2 | -| main.rs:770:26:770:27 | x2 | | main.rs:743:5:744:19 | S | -| main.rs:770:26:770:27 | x2 | T | main.rs:746:5:747:14 | S2 | -| main.rs:770:26:770:32 | x2.m3() | | file://:0:0:0:0 | & | -| main.rs:770:26:770:32 | x2.m3() | &T | main.rs:746:5:747:14 | S2 | -| main.rs:772:13:772:14 | x3 | | main.rs:743:5:744:19 | S | -| main.rs:772:13:772:14 | x3 | T | main.rs:746:5:747:14 | S2 | -| main.rs:772:18:772:22 | S(...) | | main.rs:743:5:744:19 | S | -| main.rs:772:18:772:22 | S(...) | T | main.rs:746:5:747:14 | S2 | -| main.rs:772:20:772:21 | S2 | | main.rs:746:5:747:14 | S2 | -| main.rs:774:26:774:41 | ...::m2(...) | | file://:0:0:0:0 | & | -| main.rs:774:26:774:41 | ...::m2(...) | &T | main.rs:746:5:747:14 | S2 | -| main.rs:774:38:774:40 | &x3 | | file://:0:0:0:0 | & | -| main.rs:774:38:774:40 | &x3 | &T | main.rs:743:5:744:19 | S | -| main.rs:774:38:774:40 | &x3 | &T.T | main.rs:746:5:747:14 | S2 | -| main.rs:774:39:774:40 | x3 | | main.rs:743:5:744:19 | S | -| main.rs:774:39:774:40 | x3 | T | main.rs:746:5:747:14 | S2 | -| main.rs:775:26:775:41 | ...::m3(...) | | file://:0:0:0:0 | & | -| main.rs:775:26:775:41 | ...::m3(...) | &T | main.rs:746:5:747:14 | S2 | -| main.rs:775:38:775:40 | &x3 | | file://:0:0:0:0 | & | -| main.rs:775:38:775:40 | &x3 | &T | main.rs:743:5:744:19 | S | -| main.rs:775:38:775:40 | &x3 | &T.T | main.rs:746:5:747:14 | S2 | -| main.rs:775:39:775:40 | x3 | | main.rs:743:5:744:19 | S | -| main.rs:775:39:775:40 | x3 | T | main.rs:746:5:747:14 | S2 | -| main.rs:777:13:777:14 | x4 | | file://:0:0:0:0 | & | -| main.rs:777:13:777:14 | x4 | &T | main.rs:743:5:744:19 | S | -| main.rs:777:13:777:14 | x4 | &T.T | main.rs:746:5:747:14 | S2 | -| main.rs:777:18:777:23 | &... | | file://:0:0:0:0 | & | -| main.rs:777:18:777:23 | &... | &T | main.rs:743:5:744:19 | S | -| main.rs:777:18:777:23 | &... | &T.T | main.rs:746:5:747:14 | S2 | -| main.rs:777:19:777:23 | S(...) | | main.rs:743:5:744:19 | S | -| main.rs:777:19:777:23 | S(...) | T | main.rs:746:5:747:14 | S2 | -| main.rs:777:21:777:22 | S2 | | main.rs:746:5:747:14 | S2 | -| main.rs:779:26:779:27 | x4 | | file://:0:0:0:0 | & | -| main.rs:779:26:779:27 | x4 | &T | main.rs:743:5:744:19 | S | -| main.rs:779:26:779:27 | x4 | &T.T | main.rs:746:5:747:14 | S2 | -| main.rs:779:26:779:32 | x4.m2() | | file://:0:0:0:0 | & | -| main.rs:779:26:779:32 | x4.m2() | &T | main.rs:746:5:747:14 | S2 | -| main.rs:780:26:780:27 | x4 | | file://:0:0:0:0 | & | -| main.rs:780:26:780:27 | x4 | &T | main.rs:743:5:744:19 | S | -| main.rs:780:26:780:27 | x4 | &T.T | main.rs:746:5:747:14 | S2 | -| main.rs:780:26:780:32 | x4.m3() | | file://:0:0:0:0 | & | -| main.rs:780:26:780:32 | x4.m3() | &T | main.rs:746:5:747:14 | S2 | -| main.rs:782:13:782:14 | x5 | | file://:0:0:0:0 | & | -| main.rs:782:13:782:14 | x5 | &T | main.rs:743:5:744:19 | S | -| main.rs:782:13:782:14 | x5 | &T.T | main.rs:746:5:747:14 | S2 | -| main.rs:782:18:782:23 | &... | | file://:0:0:0:0 | & | -| main.rs:782:18:782:23 | &... | &T | main.rs:743:5:744:19 | S | -| main.rs:782:18:782:23 | &... | &T.T | main.rs:746:5:747:14 | S2 | -| main.rs:782:19:782:23 | S(...) | | main.rs:743:5:744:19 | S | -| main.rs:782:19:782:23 | S(...) | T | main.rs:746:5:747:14 | S2 | -| main.rs:782:21:782:22 | S2 | | main.rs:746:5:747:14 | S2 | -| main.rs:784:26:784:27 | x5 | | file://:0:0:0:0 | & | -| main.rs:784:26:784:27 | x5 | &T | main.rs:743:5:744:19 | S | -| main.rs:784:26:784:27 | x5 | &T.T | main.rs:746:5:747:14 | S2 | -| main.rs:784:26:784:32 | x5.m1() | | main.rs:746:5:747:14 | S2 | -| main.rs:785:26:785:27 | x5 | | file://:0:0:0:0 | & | -| main.rs:785:26:785:27 | x5 | &T | main.rs:743:5:744:19 | S | -| main.rs:785:26:785:27 | x5 | &T.T | main.rs:746:5:747:14 | S2 | -| main.rs:785:26:785:29 | x5.0 | | main.rs:746:5:747:14 | S2 | -| main.rs:787:13:787:14 | x6 | | file://:0:0:0:0 | & | -| main.rs:787:13:787:14 | x6 | &T | main.rs:743:5:744:19 | S | -| main.rs:787:13:787:14 | x6 | &T.T | main.rs:746:5:747:14 | S2 | -| main.rs:787:18:787:23 | &... | | file://:0:0:0:0 | & | -| main.rs:787:18:787:23 | &... | &T | main.rs:743:5:744:19 | S | -| main.rs:787:18:787:23 | &... | &T.T | main.rs:746:5:747:14 | S2 | -| main.rs:787:19:787:23 | S(...) | | main.rs:743:5:744:19 | S | -| main.rs:787:19:787:23 | S(...) | T | main.rs:746:5:747:14 | S2 | -| main.rs:787:21:787:22 | S2 | | main.rs:746:5:747:14 | S2 | -| main.rs:789:26:789:30 | (...) | | main.rs:743:5:744:19 | S | -| main.rs:789:26:789:30 | (...) | T | main.rs:746:5:747:14 | S2 | -| main.rs:789:26:789:35 | ... .m1() | | main.rs:746:5:747:14 | S2 | -| main.rs:789:27:789:29 | * ... | | main.rs:743:5:744:19 | S | -| main.rs:789:27:789:29 | * ... | T | main.rs:746:5:747:14 | S2 | -| main.rs:789:28:789:29 | x6 | | file://:0:0:0:0 | & | -| main.rs:789:28:789:29 | x6 | &T | main.rs:743:5:744:19 | S | -| main.rs:789:28:789:29 | x6 | &T.T | main.rs:746:5:747:14 | S2 | -| main.rs:796:16:796:20 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:796:16:796:20 | SelfParam | &T | main.rs:794:5:802:5 | Self [trait MyTrait] | -| main.rs:799:16:799:20 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:799:16:799:20 | SelfParam | &T | main.rs:794:5:802:5 | Self [trait MyTrait] | -| main.rs:799:32:801:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:799:32:801:9 | { ... } | &T | main.rs:794:5:802:5 | Self [trait MyTrait] | -| main.rs:800:13:800:16 | self | | file://:0:0:0:0 | & | -| main.rs:800:13:800:16 | self | &T | main.rs:794:5:802:5 | Self [trait MyTrait] | -| main.rs:800:13:800:22 | self.foo() | | file://:0:0:0:0 | & | -| main.rs:800:13:800:22 | self.foo() | &T | main.rs:794:5:802:5 | Self [trait MyTrait] | -| main.rs:808:16:808:20 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:808:16:808:20 | SelfParam | &T | main.rs:804:5:804:20 | MyStruct | -| main.rs:808:36:810:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:808:36:810:9 | { ... } | &T | main.rs:804:5:804:20 | MyStruct | -| main.rs:809:13:809:16 | self | | file://:0:0:0:0 | & | -| main.rs:809:13:809:16 | self | &T | main.rs:804:5:804:20 | MyStruct | -| main.rs:814:13:814:13 | x | | main.rs:804:5:804:20 | MyStruct | -| main.rs:814:17:814:24 | MyStruct | | main.rs:804:5:804:20 | MyStruct | -| main.rs:815:9:815:9 | x | | main.rs:804:5:804:20 | MyStruct | -| main.rs:815:9:815:15 | x.bar() | | file://:0:0:0:0 | & | -| main.rs:815:9:815:15 | x.bar() | &T | main.rs:804:5:804:20 | MyStruct | -| main.rs:825:16:825:20 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:825:16:825:20 | SelfParam | &T | main.rs:822:5:822:26 | MyStruct | -| main.rs:825:16:825:20 | SelfParam | &T.T | main.rs:824:10:824:10 | T | -| main.rs:825:32:827:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:825:32:827:9 | { ... } | &T | main.rs:822:5:822:26 | MyStruct | -| main.rs:825:32:827:9 | { ... } | &T.T | main.rs:824:10:824:10 | T | -| main.rs:826:13:826:16 | self | | file://:0:0:0:0 | & | -| main.rs:826:13:826:16 | self | &T | main.rs:822:5:822:26 | MyStruct | -| main.rs:826:13:826:16 | self | &T.T | main.rs:824:10:824:10 | T | -| main.rs:831:13:831:13 | x | | main.rs:822:5:822:26 | MyStruct | -| main.rs:831:13:831:13 | x | T | main.rs:820:5:820:13 | S | -| main.rs:831:17:831:27 | MyStruct(...) | | main.rs:822:5:822:26 | MyStruct | -| main.rs:831:17:831:27 | MyStruct(...) | T | main.rs:820:5:820:13 | S | -| main.rs:831:26:831:26 | S | | main.rs:820:5:820:13 | S | -| main.rs:832:9:832:9 | x | | main.rs:822:5:822:26 | MyStruct | -| main.rs:832:9:832:9 | x | T | main.rs:820:5:820:13 | S | -| main.rs:832:9:832:15 | x.foo() | | file://:0:0:0:0 | & | -| main.rs:832:9:832:15 | x.foo() | &T | main.rs:822:5:822:26 | MyStruct | -| main.rs:832:9:832:15 | x.foo() | &T.T | main.rs:820:5:820:13 | S | -| main.rs:840:15:840:19 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:840:15:840:19 | SelfParam | &T | main.rs:837:5:837:13 | S | -| main.rs:840:31:842:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:840:31:842:9 | { ... } | &T | main.rs:837:5:837:13 | S | -| main.rs:841:13:841:19 | &... | | file://:0:0:0:0 | & | -| main.rs:841:13:841:19 | &... | &T | main.rs:837:5:837:13 | S | -| main.rs:841:14:841:19 | &... | | file://:0:0:0:0 | & | -| main.rs:841:14:841:19 | &... | &T | main.rs:837:5:837:13 | S | -| main.rs:841:15:841:19 | &self | | file://:0:0:0:0 | & | -| main.rs:841:15:841:19 | &self | &T | main.rs:837:5:837:13 | S | -| main.rs:841:16:841:19 | self | | file://:0:0:0:0 | & | -| main.rs:841:16:841:19 | self | &T | main.rs:837:5:837:13 | S | -| main.rs:844:15:844:25 | SelfParam | | file://:0:0:0:0 | & | -| main.rs:844:15:844:25 | SelfParam | &T | main.rs:837:5:837:13 | S | -| main.rs:844:37:846:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:844:37:846:9 | { ... } | &T | main.rs:837:5:837:13 | S | -| main.rs:845:13:845:19 | &... | | file://:0:0:0:0 | & | -| main.rs:845:13:845:19 | &... | &T | main.rs:837:5:837:13 | S | -| main.rs:845:14:845:19 | &... | | file://:0:0:0:0 | & | -| main.rs:845:14:845:19 | &... | &T | main.rs:837:5:837:13 | S | -| main.rs:845:15:845:19 | &self | | file://:0:0:0:0 | & | -| main.rs:845:15:845:19 | &self | &T | main.rs:837:5:837:13 | S | -| main.rs:845:16:845:19 | self | | file://:0:0:0:0 | & | -| main.rs:845:16:845:19 | self | &T | main.rs:837:5:837:13 | S | -| main.rs:848:15:848:15 | x | | file://:0:0:0:0 | & | -| main.rs:848:15:848:15 | x | &T | main.rs:837:5:837:13 | S | -| main.rs:848:34:850:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:848:34:850:9 | { ... } | &T | main.rs:837:5:837:13 | S | -| main.rs:849:13:849:13 | x | | file://:0:0:0:0 | & | -| main.rs:849:13:849:13 | x | &T | main.rs:837:5:837:13 | S | -| main.rs:852:15:852:15 | x | | file://:0:0:0:0 | & | -| main.rs:852:15:852:15 | x | &T | main.rs:837:5:837:13 | S | -| main.rs:852:34:854:9 | { ... } | | file://:0:0:0:0 | & | -| main.rs:852:34:854:9 | { ... } | &T | main.rs:837:5:837:13 | S | -| main.rs:853:13:853:16 | &... | | file://:0:0:0:0 | & | -| main.rs:853:13:853:16 | &... | &T | main.rs:837:5:837:13 | S | -| main.rs:853:14:853:16 | &... | | file://:0:0:0:0 | & | -| main.rs:853:14:853:16 | &... | &T | main.rs:837:5:837:13 | S | -| main.rs:853:15:853:16 | &x | | file://:0:0:0:0 | & | -| main.rs:853:15:853:16 | &x | &T | main.rs:837:5:837:13 | S | -| main.rs:853:16:853:16 | x | | file://:0:0:0:0 | & | -| main.rs:853:16:853:16 | x | &T | main.rs:837:5:837:13 | S | -| main.rs:858:13:858:13 | x | | main.rs:837:5:837:13 | S | -| main.rs:858:17:858:20 | S {...} | | main.rs:837:5:837:13 | S | -| main.rs:859:9:859:9 | x | | main.rs:837:5:837:13 | S | -| main.rs:859:9:859:14 | x.f1() | | file://:0:0:0:0 | & | -| main.rs:859:9:859:14 | x.f1() | &T | main.rs:837:5:837:13 | S | -| main.rs:860:9:860:9 | x | | main.rs:837:5:837:13 | S | -| main.rs:860:9:860:14 | x.f2() | | file://:0:0:0:0 | & | -| main.rs:860:9:860:14 | x.f2() | &T | main.rs:837:5:837:13 | S | -| main.rs:861:9:861:17 | ...::f3(...) | | file://:0:0:0:0 | & | -| main.rs:861:9:861:17 | ...::f3(...) | &T | main.rs:837:5:837:13 | S | -| main.rs:861:15:861:16 | &x | | file://:0:0:0:0 | & | -| main.rs:861:15:861:16 | &x | &T | main.rs:837:5:837:13 | S | -| main.rs:861:16:861:16 | x | | main.rs:837:5:837:13 | S | -| main.rs:867:5:867:20 | ...::f(...) | | main.rs:67:5:67:21 | Foo | -| main.rs:868:5:868:60 | ...::g(...) | | main.rs:67:5:67:21 | Foo | -| main.rs:868:20:868:38 | ...::Foo {...} | | main.rs:67:5:67:21 | Foo | -| main.rs:868:41:868:59 | ...::Foo {...} | | main.rs:67:5:67:21 | Foo | +| main.rs:376:21:376:25 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:376:21:376:25 | SelfParam | &T | main.rs:371:5:381:5 | Self [trait TraitMultipleAssoc] | +| main.rs:378:20:378:24 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:378:20:378:24 | SelfParam | &T | main.rs:371:5:381:5 | Self [trait TraitMultipleAssoc] | +| main.rs:380:20:380:24 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:380:20:380:24 | SelfParam | &T | main.rs:371:5:381:5 | Self [trait TraitMultipleAssoc] | +| main.rs:396:15:396:18 | SelfParam | | main.rs:383:5:384:13 | S | +| main.rs:396:45:398:9 | { ... } | | main.rs:389:5:390:14 | AT | +| main.rs:397:13:397:14 | AT | | main.rs:389:5:390:14 | AT | +| main.rs:406:19:406:23 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:406:19:406:23 | SelfParam | &T | main.rs:383:5:384:13 | S | +| main.rs:406:26:406:26 | a | | main.rs:406:16:406:16 | A | +| main.rs:406:46:408:9 | { ... } | | main.rs:332:5:335:5 | Wrapper | +| main.rs:406:46:408:9 | { ... } | A | main.rs:406:16:406:16 | A | +| main.rs:407:13:407:32 | Wrapper {...} | | main.rs:332:5:335:5 | Wrapper | +| main.rs:407:13:407:32 | Wrapper {...} | A | main.rs:406:16:406:16 | A | +| main.rs:407:30:407:30 | a | | main.rs:406:16:406:16 | A | +| main.rs:415:15:415:18 | SelfParam | | main.rs:386:5:387:14 | S2 | +| main.rs:415:45:417:9 | { ... } | | main.rs:332:5:335:5 | Wrapper | +| main.rs:415:45:417:9 | { ... } | A | main.rs:386:5:387:14 | S2 | +| main.rs:416:13:416:35 | Wrapper {...} | | main.rs:332:5:335:5 | Wrapper | +| main.rs:416:13:416:35 | Wrapper {...} | A | main.rs:386:5:387:14 | S2 | +| main.rs:416:30:416:33 | self | | main.rs:386:5:387:14 | S2 | +| main.rs:422:30:424:9 | { ... } | | main.rs:332:5:335:5 | Wrapper | +| main.rs:422:30:424:9 | { ... } | A | main.rs:386:5:387:14 | S2 | +| main.rs:423:13:423:33 | Wrapper {...} | | main.rs:332:5:335:5 | Wrapper | +| main.rs:423:13:423:33 | Wrapper {...} | A | main.rs:386:5:387:14 | S2 | +| main.rs:423:30:423:31 | S2 | | main.rs:386:5:387:14 | S2 | +| main.rs:428:22:428:26 | thing | | main.rs:428:10:428:19 | T | +| main.rs:429:9:429:13 | thing | | main.rs:428:10:428:19 | T | +| main.rs:436:21:436:25 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:436:21:436:25 | SelfParam | &T | main.rs:389:5:390:14 | AT | +| main.rs:436:34:438:9 | { ... } | | main.rs:389:5:390:14 | AT | +| main.rs:437:13:437:14 | AT | | main.rs:389:5:390:14 | AT | +| main.rs:440:20:440:24 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:440:20:440:24 | SelfParam | &T | main.rs:389:5:390:14 | AT | +| main.rs:440:43:442:9 | { ... } | | main.rs:383:5:384:13 | S | +| main.rs:441:13:441:13 | S | | main.rs:383:5:384:13 | S | +| main.rs:444:20:444:24 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:444:20:444:24 | SelfParam | &T | main.rs:389:5:390:14 | AT | +| main.rs:444:43:446:9 | { ... } | | main.rs:386:5:387:14 | S2 | +| main.rs:445:13:445:14 | S2 | | main.rs:386:5:387:14 | S2 | +| main.rs:450:13:450:14 | x1 | | main.rs:383:5:384:13 | S | +| main.rs:450:18:450:18 | S | | main.rs:383:5:384:13 | S | +| main.rs:452:26:452:27 | x1 | | main.rs:383:5:384:13 | S | +| main.rs:452:26:452:32 | x1.m1() | | main.rs:389:5:390:14 | AT | +| main.rs:454:13:454:14 | x2 | | main.rs:383:5:384:13 | S | +| main.rs:454:18:454:18 | S | | main.rs:383:5:384:13 | S | +| main.rs:456:13:456:13 | y | | main.rs:389:5:390:14 | AT | +| main.rs:456:17:456:18 | x2 | | main.rs:383:5:384:13 | S | +| main.rs:456:17:456:23 | x2.m2() | | main.rs:389:5:390:14 | AT | +| main.rs:457:26:457:26 | y | | main.rs:389:5:390:14 | AT | +| main.rs:459:13:459:14 | x3 | | main.rs:383:5:384:13 | S | +| main.rs:459:18:459:18 | S | | main.rs:383:5:384:13 | S | +| main.rs:461:26:461:27 | x3 | | main.rs:383:5:384:13 | S | +| main.rs:461:26:461:34 | x3.put(...) | | main.rs:332:5:335:5 | Wrapper | +| main.rs:464:26:464:27 | x3 | | main.rs:383:5:384:13 | S | +| main.rs:466:20:466:20 | S | | main.rs:383:5:384:13 | S | +| main.rs:469:13:469:14 | x5 | | main.rs:386:5:387:14 | S2 | +| main.rs:469:18:469:19 | S2 | | main.rs:386:5:387:14 | S2 | +| main.rs:470:26:470:27 | x5 | | main.rs:386:5:387:14 | S2 | +| main.rs:470:26:470:32 | x5.m1() | | main.rs:332:5:335:5 | Wrapper | +| main.rs:471:13:471:14 | x6 | | main.rs:386:5:387:14 | S2 | +| main.rs:471:18:471:19 | S2 | | main.rs:386:5:387:14 | S2 | +| main.rs:472:26:472:27 | x6 | | main.rs:386:5:387:14 | S2 | +| main.rs:472:26:472:32 | x6.m2() | | main.rs:332:5:335:5 | Wrapper | +| main.rs:472:26:472:32 | x6.m2() | A | main.rs:386:5:387:14 | S2 | +| main.rs:474:13:474:22 | assoc_zero | | main.rs:389:5:390:14 | AT | +| main.rs:474:26:474:27 | AT | | main.rs:389:5:390:14 | AT | +| main.rs:474:26:474:38 | AT.get_zero() | | main.rs:389:5:390:14 | AT | +| main.rs:475:13:475:21 | assoc_one | | main.rs:383:5:384:13 | S | +| main.rs:475:25:475:26 | AT | | main.rs:389:5:390:14 | AT | +| main.rs:475:25:475:36 | AT.get_one() | | main.rs:383:5:384:13 | S | +| main.rs:476:13:476:21 | assoc_two | | main.rs:386:5:387:14 | S2 | +| main.rs:476:25:476:26 | AT | | main.rs:389:5:390:14 | AT | +| main.rs:476:25:476:36 | AT.get_two() | | main.rs:386:5:387:14 | S2 | +| main.rs:493:15:493:18 | SelfParam | | main.rs:481:5:485:5 | MyEnum | +| main.rs:493:15:493:18 | SelfParam | A | main.rs:492:10:492:10 | T | +| main.rs:493:26:498:9 | { ... } | | main.rs:492:10:492:10 | T | +| main.rs:494:13:497:13 | match self { ... } | | main.rs:492:10:492:10 | T | +| main.rs:494:19:494:22 | self | | main.rs:481:5:485:5 | MyEnum | +| main.rs:494:19:494:22 | self | A | main.rs:492:10:492:10 | T | +| main.rs:495:28:495:28 | a | | main.rs:492:10:492:10 | T | +| main.rs:495:34:495:34 | a | | main.rs:492:10:492:10 | T | +| main.rs:496:30:496:30 | a | | main.rs:492:10:492:10 | T | +| main.rs:496:37:496:37 | a | | main.rs:492:10:492:10 | T | +| main.rs:502:13:502:13 | x | | main.rs:481:5:485:5 | MyEnum | +| main.rs:502:13:502:13 | x | A | main.rs:487:5:488:14 | S1 | +| main.rs:502:17:502:30 | ...::C1(...) | | main.rs:481:5:485:5 | MyEnum | +| main.rs:502:17:502:30 | ...::C1(...) | A | main.rs:487:5:488:14 | S1 | +| main.rs:502:28:502:29 | S1 | | main.rs:487:5:488:14 | S1 | +| main.rs:503:13:503:13 | y | | main.rs:481:5:485:5 | MyEnum | +| main.rs:503:13:503:13 | y | A | main.rs:489:5:490:14 | S2 | +| main.rs:503:17:503:36 | ...::C2 {...} | | main.rs:481:5:485:5 | MyEnum | +| main.rs:503:17:503:36 | ...::C2 {...} | A | main.rs:489:5:490:14 | S2 | +| main.rs:503:33:503:34 | S2 | | main.rs:489:5:490:14 | S2 | +| main.rs:505:26:505:26 | x | | main.rs:481:5:485:5 | MyEnum | +| main.rs:505:26:505:26 | x | A | main.rs:487:5:488:14 | S1 | +| main.rs:505:26:505:31 | x.m1() | | main.rs:487:5:488:14 | S1 | +| main.rs:506:26:506:26 | y | | main.rs:481:5:485:5 | MyEnum | +| main.rs:506:26:506:26 | y | A | main.rs:489:5:490:14 | S2 | +| main.rs:506:26:506:31 | y.m1() | | main.rs:489:5:490:14 | S2 | +| main.rs:528:15:528:18 | SelfParam | | main.rs:526:5:529:5 | Self [trait MyTrait1] | +| main.rs:532:15:532:18 | SelfParam | | main.rs:531:5:542:5 | Self [trait MyTrait2] | +| main.rs:535:9:541:9 | { ... } | | main.rs:531:20:531:22 | Tr2 | +| main.rs:536:13:540:13 | if ... {...} else {...} | | main.rs:531:20:531:22 | Tr2 | +| main.rs:536:26:538:13 | { ... } | | main.rs:531:20:531:22 | Tr2 | +| main.rs:537:17:537:20 | self | | main.rs:531:5:542:5 | Self [trait MyTrait2] | +| main.rs:537:17:537:25 | self.m1() | | main.rs:531:20:531:22 | Tr2 | +| main.rs:538:20:540:13 | { ... } | | main.rs:531:20:531:22 | Tr2 | +| main.rs:539:17:539:30 | ...::m1(...) | | main.rs:531:20:531:22 | Tr2 | +| main.rs:539:26:539:29 | self | | main.rs:531:5:542:5 | Self [trait MyTrait2] | +| main.rs:545:15:545:18 | SelfParam | | main.rs:544:5:555:5 | Self [trait MyTrait3] | +| main.rs:548:9:554:9 | { ... } | | main.rs:544:20:544:22 | Tr3 | +| main.rs:549:13:553:13 | if ... {...} else {...} | | main.rs:544:20:544:22 | Tr3 | +| main.rs:549:26:551:13 | { ... } | | main.rs:544:20:544:22 | Tr3 | +| main.rs:550:17:550:20 | self | | main.rs:544:5:555:5 | Self [trait MyTrait3] | +| main.rs:550:17:550:25 | self.m2() | | main.rs:511:5:514:5 | MyThing | +| main.rs:550:17:550:25 | self.m2() | A | main.rs:544:20:544:22 | Tr3 | +| main.rs:550:17:550:27 | ... .a | | main.rs:544:20:544:22 | Tr3 | +| main.rs:551:20:553:13 | { ... } | | main.rs:544:20:544:22 | Tr3 | +| main.rs:552:17:552:30 | ...::m2(...) | | main.rs:511:5:514:5 | MyThing | +| main.rs:552:17:552:30 | ...::m2(...) | A | main.rs:544:20:544:22 | Tr3 | +| main.rs:552:17:552:32 | ... .a | | main.rs:544:20:544:22 | Tr3 | +| main.rs:552:26:552:29 | self | | main.rs:544:5:555:5 | Self [trait MyTrait3] | +| main.rs:559:15:559:18 | SelfParam | | main.rs:511:5:514:5 | MyThing | +| main.rs:559:15:559:18 | SelfParam | A | main.rs:557:10:557:10 | T | +| main.rs:559:26:561:9 | { ... } | | main.rs:557:10:557:10 | T | +| main.rs:560:13:560:16 | self | | main.rs:511:5:514:5 | MyThing | +| main.rs:560:13:560:16 | self | A | main.rs:557:10:557:10 | T | +| main.rs:560:13:560:18 | self.a | | main.rs:557:10:557:10 | T | +| main.rs:568:15:568:18 | SelfParam | | main.rs:516:5:519:5 | MyThing2 | +| main.rs:568:15:568:18 | SelfParam | A | main.rs:566:10:566:10 | T | +| main.rs:568:35:570:9 | { ... } | | main.rs:511:5:514:5 | MyThing | +| main.rs:568:35:570:9 | { ... } | A | main.rs:566:10:566:10 | T | +| main.rs:569:13:569:33 | MyThing {...} | | main.rs:511:5:514:5 | MyThing | +| main.rs:569:13:569:33 | MyThing {...} | A | main.rs:566:10:566:10 | T | +| main.rs:569:26:569:29 | self | | main.rs:516:5:519:5 | MyThing2 | +| main.rs:569:26:569:29 | self | A | main.rs:566:10:566:10 | T | +| main.rs:569:26:569:31 | self.a | | main.rs:566:10:566:10 | T | +| main.rs:578:13:578:13 | x | | main.rs:511:5:514:5 | MyThing | +| main.rs:578:13:578:13 | x | A | main.rs:521:5:522:14 | S1 | +| main.rs:578:17:578:33 | MyThing {...} | | main.rs:511:5:514:5 | MyThing | +| main.rs:578:17:578:33 | MyThing {...} | A | main.rs:521:5:522:14 | S1 | +| main.rs:578:30:578:31 | S1 | | main.rs:521:5:522:14 | S1 | +| main.rs:579:13:579:13 | y | | main.rs:511:5:514:5 | MyThing | +| main.rs:579:13:579:13 | y | A | main.rs:523:5:524:14 | S2 | +| main.rs:579:17:579:33 | MyThing {...} | | main.rs:511:5:514:5 | MyThing | +| main.rs:579:17:579:33 | MyThing {...} | A | main.rs:523:5:524:14 | S2 | +| main.rs:579:30:579:31 | S2 | | main.rs:523:5:524:14 | S2 | +| main.rs:581:26:581:26 | x | | main.rs:511:5:514:5 | MyThing | +| main.rs:581:26:581:26 | x | A | main.rs:521:5:522:14 | S1 | +| main.rs:581:26:581:31 | x.m1() | | main.rs:521:5:522:14 | S1 | +| main.rs:582:26:582:26 | y | | main.rs:511:5:514:5 | MyThing | +| main.rs:582:26:582:26 | y | A | main.rs:523:5:524:14 | S2 | +| main.rs:582:26:582:31 | y.m1() | | main.rs:523:5:524:14 | S2 | +| main.rs:584:13:584:13 | x | | main.rs:511:5:514:5 | MyThing | +| main.rs:584:13:584:13 | x | A | main.rs:521:5:522:14 | S1 | +| main.rs:584:17:584:33 | MyThing {...} | | main.rs:511:5:514:5 | MyThing | +| main.rs:584:17:584:33 | MyThing {...} | A | main.rs:521:5:522:14 | S1 | +| main.rs:584:30:584:31 | S1 | | main.rs:521:5:522:14 | S1 | +| main.rs:585:13:585:13 | y | | main.rs:511:5:514:5 | MyThing | +| main.rs:585:13:585:13 | y | A | main.rs:523:5:524:14 | S2 | +| main.rs:585:17:585:33 | MyThing {...} | | main.rs:511:5:514:5 | MyThing | +| main.rs:585:17:585:33 | MyThing {...} | A | main.rs:523:5:524:14 | S2 | +| main.rs:585:30:585:31 | S2 | | main.rs:523:5:524:14 | S2 | +| main.rs:587:26:587:26 | x | | main.rs:511:5:514:5 | MyThing | +| main.rs:587:26:587:26 | x | A | main.rs:521:5:522:14 | S1 | +| main.rs:587:26:587:31 | x.m2() | | main.rs:521:5:522:14 | S1 | +| main.rs:588:26:588:26 | y | | main.rs:511:5:514:5 | MyThing | +| main.rs:588:26:588:26 | y | A | main.rs:523:5:524:14 | S2 | +| main.rs:588:26:588:31 | y.m2() | | main.rs:523:5:524:14 | S2 | +| main.rs:590:13:590:13 | x | | main.rs:516:5:519:5 | MyThing2 | +| main.rs:590:13:590:13 | x | A | main.rs:521:5:522:14 | S1 | +| main.rs:590:17:590:34 | MyThing2 {...} | | main.rs:516:5:519:5 | MyThing2 | +| main.rs:590:17:590:34 | MyThing2 {...} | A | main.rs:521:5:522:14 | S1 | +| main.rs:590:31:590:32 | S1 | | main.rs:521:5:522:14 | S1 | +| main.rs:591:13:591:13 | y | | main.rs:516:5:519:5 | MyThing2 | +| main.rs:591:13:591:13 | y | A | main.rs:523:5:524:14 | S2 | +| main.rs:591:17:591:34 | MyThing2 {...} | | main.rs:516:5:519:5 | MyThing2 | +| main.rs:591:17:591:34 | MyThing2 {...} | A | main.rs:523:5:524:14 | S2 | +| main.rs:591:31:591:32 | S2 | | main.rs:523:5:524:14 | S2 | +| main.rs:593:26:593:26 | x | | main.rs:516:5:519:5 | MyThing2 | +| main.rs:593:26:593:26 | x | A | main.rs:521:5:522:14 | S1 | +| main.rs:593:26:593:31 | x.m3() | | main.rs:521:5:522:14 | S1 | +| main.rs:594:26:594:26 | y | | main.rs:516:5:519:5 | MyThing2 | +| main.rs:594:26:594:26 | y | A | main.rs:523:5:524:14 | S2 | +| main.rs:594:26:594:31 | y.m3() | | main.rs:523:5:524:14 | S2 | +| main.rs:612:22:612:22 | x | | file://:0:0:0:0 | & | +| main.rs:612:22:612:22 | x | &T | main.rs:612:11:612:19 | T | +| main.rs:612:35:614:5 | { ... } | | file://:0:0:0:0 | & | +| main.rs:612:35:614:5 | { ... } | &T | main.rs:612:11:612:19 | T | +| main.rs:613:9:613:9 | x | | file://:0:0:0:0 | & | +| main.rs:613:9:613:9 | x | &T | main.rs:612:11:612:19 | T | +| main.rs:617:17:617:20 | SelfParam | | main.rs:602:5:603:14 | S1 | +| main.rs:617:29:619:9 | { ... } | | main.rs:605:5:606:14 | S2 | +| main.rs:618:13:618:14 | S2 | | main.rs:605:5:606:14 | S2 | +| main.rs:622:21:622:21 | x | | main.rs:622:13:622:14 | T1 | +| main.rs:625:5:627:5 | { ... } | | main.rs:622:17:622:18 | T2 | +| main.rs:626:9:626:9 | x | | main.rs:622:13:622:14 | T1 | +| main.rs:626:9:626:16 | x.into() | | main.rs:622:17:622:18 | T2 | +| main.rs:630:13:630:13 | x | | main.rs:602:5:603:14 | S1 | +| main.rs:630:17:630:18 | S1 | | main.rs:602:5:603:14 | S1 | +| main.rs:631:26:631:31 | id(...) | | file://:0:0:0:0 | & | +| main.rs:631:26:631:31 | id(...) | &T | main.rs:602:5:603:14 | S1 | +| main.rs:631:29:631:30 | &x | | file://:0:0:0:0 | & | +| main.rs:631:29:631:30 | &x | &T | main.rs:602:5:603:14 | S1 | +| main.rs:631:30:631:30 | x | | main.rs:602:5:603:14 | S1 | +| main.rs:633:13:633:13 | x | | main.rs:602:5:603:14 | S1 | +| main.rs:633:17:633:18 | S1 | | main.rs:602:5:603:14 | S1 | +| main.rs:634:26:634:37 | id::<...>(...) | | file://:0:0:0:0 | & | +| main.rs:634:26:634:37 | id::<...>(...) | &T | main.rs:602:5:603:14 | S1 | +| main.rs:634:35:634:36 | &x | | file://:0:0:0:0 | & | +| main.rs:634:35:634:36 | &x | &T | main.rs:602:5:603:14 | S1 | +| main.rs:634:36:634:36 | x | | main.rs:602:5:603:14 | S1 | +| main.rs:636:13:636:13 | x | | main.rs:602:5:603:14 | S1 | +| main.rs:636:17:636:18 | S1 | | main.rs:602:5:603:14 | S1 | +| main.rs:637:26:637:44 | id::<...>(...) | | file://:0:0:0:0 | & | +| main.rs:637:26:637:44 | id::<...>(...) | &T | main.rs:602:5:603:14 | S1 | +| main.rs:637:42:637:43 | &x | | file://:0:0:0:0 | & | +| main.rs:637:42:637:43 | &x | &T | main.rs:602:5:603:14 | S1 | +| main.rs:637:43:637:43 | x | | main.rs:602:5:603:14 | S1 | +| main.rs:639:13:639:13 | x | | main.rs:602:5:603:14 | S1 | +| main.rs:639:17:639:18 | S1 | | main.rs:602:5:603:14 | S1 | +| main.rs:640:9:640:25 | into::<...>(...) | | main.rs:605:5:606:14 | S2 | +| main.rs:640:24:640:24 | x | | main.rs:602:5:603:14 | S1 | +| main.rs:642:13:642:13 | x | | main.rs:602:5:603:14 | S1 | +| main.rs:642:17:642:18 | S1 | | main.rs:602:5:603:14 | S1 | +| main.rs:643:13:643:13 | y | | main.rs:605:5:606:14 | S2 | +| main.rs:643:21:643:27 | into(...) | | main.rs:605:5:606:14 | S2 | +| main.rs:643:26:643:26 | x | | main.rs:602:5:603:14 | S1 | +| main.rs:673:13:673:14 | p1 | | main.rs:648:5:654:5 | PairOption | +| main.rs:673:13:673:14 | p1 | Fst | main.rs:656:5:657:14 | S1 | +| main.rs:673:13:673:14 | p1 | Snd | main.rs:659:5:660:14 | S2 | +| main.rs:673:26:673:53 | ...::PairBoth(...) | | main.rs:648:5:654:5 | PairOption | +| main.rs:673:26:673:53 | ...::PairBoth(...) | Fst | main.rs:656:5:657:14 | S1 | +| main.rs:673:26:673:53 | ...::PairBoth(...) | Snd | main.rs:659:5:660:14 | S2 | +| main.rs:673:47:673:48 | S1 | | main.rs:656:5:657:14 | S1 | +| main.rs:673:51:673:52 | S2 | | main.rs:659:5:660:14 | S2 | +| main.rs:674:26:674:27 | p1 | | main.rs:648:5:654:5 | PairOption | +| main.rs:674:26:674:27 | p1 | Fst | main.rs:656:5:657:14 | S1 | +| main.rs:674:26:674:27 | p1 | Snd | main.rs:659:5:660:14 | S2 | +| main.rs:677:13:677:14 | p2 | | main.rs:648:5:654:5 | PairOption | +| main.rs:677:26:677:47 | ...::PairNone(...) | | main.rs:648:5:654:5 | PairOption | +| main.rs:678:26:678:27 | p2 | | main.rs:648:5:654:5 | PairOption | +| main.rs:681:13:681:14 | p3 | | main.rs:648:5:654:5 | PairOption | +| main.rs:681:13:681:14 | p3 | Snd | main.rs:662:5:663:14 | S3 | +| main.rs:681:34:681:56 | ...::PairSnd(...) | | main.rs:648:5:654:5 | PairOption | +| main.rs:681:34:681:56 | ...::PairSnd(...) | Snd | main.rs:662:5:663:14 | S3 | +| main.rs:681:54:681:55 | S3 | | main.rs:662:5:663:14 | S3 | +| main.rs:682:26:682:27 | p3 | | main.rs:648:5:654:5 | PairOption | +| main.rs:682:26:682:27 | p3 | Snd | main.rs:662:5:663:14 | S3 | +| main.rs:685:13:685:14 | p3 | | main.rs:648:5:654:5 | PairOption | +| main.rs:685:13:685:14 | p3 | Fst | main.rs:662:5:663:14 | S3 | +| main.rs:685:35:685:56 | ...::PairNone(...) | | main.rs:648:5:654:5 | PairOption | +| main.rs:685:35:685:56 | ...::PairNone(...) | Fst | main.rs:662:5:663:14 | S3 | +| main.rs:686:26:686:27 | p3 | | main.rs:648:5:654:5 | PairOption | +| main.rs:686:26:686:27 | p3 | Fst | main.rs:662:5:663:14 | S3 | +| main.rs:699:16:699:24 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:699:16:699:24 | SelfParam | &T | main.rs:697:5:704:5 | Self [trait MyTrait] | +| main.rs:699:27:699:31 | value | | main.rs:697:19:697:19 | S | +| main.rs:701:21:701:29 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:701:21:701:29 | SelfParam | &T | main.rs:697:5:704:5 | Self [trait MyTrait] | +| main.rs:701:32:701:36 | value | | main.rs:697:19:697:19 | S | +| main.rs:702:13:702:16 | self | | file://:0:0:0:0 | & | +| main.rs:702:13:702:16 | self | &T | main.rs:697:5:704:5 | Self [trait MyTrait] | +| main.rs:702:22:702:26 | value | | main.rs:697:19:697:19 | S | +| main.rs:708:16:708:24 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:708:16:708:24 | SelfParam | &T | main.rs:691:5:695:5 | MyOption | +| main.rs:708:16:708:24 | SelfParam | &T.T | main.rs:706:10:706:10 | T | +| main.rs:708:27:708:31 | value | | main.rs:706:10:706:10 | T | +| main.rs:712:26:714:9 | { ... } | | main.rs:691:5:695:5 | MyOption | +| main.rs:712:26:714:9 | { ... } | T | main.rs:711:10:711:10 | T | +| main.rs:713:13:713:30 | ...::MyNone(...) | | main.rs:691:5:695:5 | MyOption | +| main.rs:713:13:713:30 | ...::MyNone(...) | T | main.rs:711:10:711:10 | T | +| main.rs:718:20:718:23 | SelfParam | | main.rs:691:5:695:5 | MyOption | +| main.rs:718:20:718:23 | SelfParam | T | main.rs:691:5:695:5 | MyOption | +| main.rs:718:20:718:23 | SelfParam | T.T | main.rs:717:10:717:10 | T | +| main.rs:718:41:723:9 | { ... } | | main.rs:691:5:695:5 | MyOption | +| main.rs:718:41:723:9 | { ... } | T | main.rs:717:10:717:10 | T | +| main.rs:719:13:722:13 | match self { ... } | | main.rs:691:5:695:5 | MyOption | +| main.rs:719:13:722:13 | match self { ... } | T | main.rs:717:10:717:10 | T | +| main.rs:719:19:719:22 | self | | main.rs:691:5:695:5 | MyOption | +| main.rs:719:19:719:22 | self | T | main.rs:691:5:695:5 | MyOption | +| main.rs:719:19:719:22 | self | T.T | main.rs:717:10:717:10 | T | +| main.rs:720:39:720:56 | ...::MyNone(...) | | main.rs:691:5:695:5 | MyOption | +| main.rs:720:39:720:56 | ...::MyNone(...) | T | main.rs:717:10:717:10 | T | +| main.rs:721:34:721:34 | x | | main.rs:691:5:695:5 | MyOption | +| main.rs:721:34:721:34 | x | T | main.rs:717:10:717:10 | T | +| main.rs:721:40:721:40 | x | | main.rs:691:5:695:5 | MyOption | +| main.rs:721:40:721:40 | x | T | main.rs:717:10:717:10 | T | +| main.rs:730:13:730:14 | x1 | | main.rs:691:5:695:5 | MyOption | +| main.rs:730:18:730:37 | ...::new(...) | | main.rs:691:5:695:5 | MyOption | +| main.rs:731:26:731:27 | x1 | | main.rs:691:5:695:5 | MyOption | +| main.rs:733:13:733:18 | mut x2 | | main.rs:691:5:695:5 | MyOption | +| main.rs:733:13:733:18 | mut x2 | T | main.rs:726:5:727:13 | S | +| main.rs:733:22:733:36 | ...::new(...) | | main.rs:691:5:695:5 | MyOption | +| main.rs:733:22:733:36 | ...::new(...) | T | main.rs:726:5:727:13 | S | +| main.rs:734:9:734:10 | x2 | | main.rs:691:5:695:5 | MyOption | +| main.rs:734:9:734:10 | x2 | T | main.rs:726:5:727:13 | S | +| main.rs:734:16:734:16 | S | | main.rs:726:5:727:13 | S | +| main.rs:735:26:735:27 | x2 | | main.rs:691:5:695:5 | MyOption | +| main.rs:735:26:735:27 | x2 | T | main.rs:726:5:727:13 | S | +| main.rs:737:13:737:18 | mut x3 | | main.rs:691:5:695:5 | MyOption | +| main.rs:737:22:737:36 | ...::new(...) | | main.rs:691:5:695:5 | MyOption | +| main.rs:738:9:738:10 | x3 | | main.rs:691:5:695:5 | MyOption | +| main.rs:738:21:738:21 | S | | main.rs:726:5:727:13 | S | +| main.rs:739:26:739:27 | x3 | | main.rs:691:5:695:5 | MyOption | +| main.rs:741:13:741:18 | mut x4 | | main.rs:691:5:695:5 | MyOption | +| main.rs:741:13:741:18 | mut x4 | T | main.rs:726:5:727:13 | S | +| main.rs:741:22:741:36 | ...::new(...) | | main.rs:691:5:695:5 | MyOption | +| main.rs:741:22:741:36 | ...::new(...) | T | main.rs:726:5:727:13 | S | +| main.rs:742:23:742:29 | &mut x4 | | file://:0:0:0:0 | & | +| main.rs:742:23:742:29 | &mut x4 | &T | main.rs:691:5:695:5 | MyOption | +| main.rs:742:23:742:29 | &mut x4 | &T.T | main.rs:726:5:727:13 | S | +| main.rs:742:28:742:29 | x4 | | main.rs:691:5:695:5 | MyOption | +| main.rs:742:28:742:29 | x4 | T | main.rs:726:5:727:13 | S | +| main.rs:742:32:742:32 | S | | main.rs:726:5:727:13 | S | +| main.rs:743:26:743:27 | x4 | | main.rs:691:5:695:5 | MyOption | +| main.rs:743:26:743:27 | x4 | T | main.rs:726:5:727:13 | S | +| main.rs:745:13:745:14 | x5 | | main.rs:691:5:695:5 | MyOption | +| main.rs:745:13:745:14 | x5 | T | main.rs:691:5:695:5 | MyOption | +| main.rs:745:13:745:14 | x5 | T.T | main.rs:726:5:727:13 | S | +| main.rs:745:18:745:58 | ...::MySome(...) | | main.rs:691:5:695:5 | MyOption | +| main.rs:745:18:745:58 | ...::MySome(...) | T | main.rs:691:5:695:5 | MyOption | +| main.rs:745:18:745:58 | ...::MySome(...) | T.T | main.rs:726:5:727:13 | S | +| main.rs:745:35:745:57 | ...::MyNone(...) | | main.rs:691:5:695:5 | MyOption | +| main.rs:745:35:745:57 | ...::MyNone(...) | T | main.rs:726:5:727:13 | S | +| main.rs:746:26:746:27 | x5 | | main.rs:691:5:695:5 | MyOption | +| main.rs:746:26:746:27 | x5 | T | main.rs:691:5:695:5 | MyOption | +| main.rs:746:26:746:27 | x5 | T.T | main.rs:726:5:727:13 | S | +| main.rs:748:13:748:14 | x6 | | main.rs:691:5:695:5 | MyOption | +| main.rs:748:13:748:14 | x6 | T | main.rs:691:5:695:5 | MyOption | +| main.rs:748:13:748:14 | x6 | T.T | main.rs:726:5:727:13 | S | +| main.rs:748:18:748:58 | ...::MySome(...) | | main.rs:691:5:695:5 | MyOption | +| main.rs:748:18:748:58 | ...::MySome(...) | T | main.rs:691:5:695:5 | MyOption | +| main.rs:748:18:748:58 | ...::MySome(...) | T.T | main.rs:726:5:727:13 | S | +| main.rs:748:35:748:57 | ...::MyNone(...) | | main.rs:691:5:695:5 | MyOption | +| main.rs:748:35:748:57 | ...::MyNone(...) | T | main.rs:726:5:727:13 | S | +| main.rs:749:26:749:61 | ...::flatten(...) | | main.rs:691:5:695:5 | MyOption | +| main.rs:749:26:749:61 | ...::flatten(...) | T | main.rs:726:5:727:13 | S | +| main.rs:749:59:749:60 | x6 | | main.rs:691:5:695:5 | MyOption | +| main.rs:749:59:749:60 | x6 | T | main.rs:691:5:695:5 | MyOption | +| main.rs:749:59:749:60 | x6 | T.T | main.rs:726:5:727:13 | S | +| main.rs:751:13:751:19 | from_if | | main.rs:691:5:695:5 | MyOption | +| main.rs:751:13:751:19 | from_if | T | main.rs:726:5:727:13 | S | +| main.rs:751:23:755:9 | if ... {...} else {...} | | main.rs:691:5:695:5 | MyOption | +| main.rs:751:23:755:9 | if ... {...} else {...} | T | main.rs:726:5:727:13 | S | +| main.rs:751:36:753:9 | { ... } | | main.rs:691:5:695:5 | MyOption | +| main.rs:751:36:753:9 | { ... } | T | main.rs:726:5:727:13 | S | +| main.rs:752:13:752:30 | ...::MyNone(...) | | main.rs:691:5:695:5 | MyOption | +| main.rs:752:13:752:30 | ...::MyNone(...) | T | main.rs:726:5:727:13 | S | +| main.rs:753:16:755:9 | { ... } | | main.rs:691:5:695:5 | MyOption | +| main.rs:753:16:755:9 | { ... } | T | main.rs:726:5:727:13 | S | +| main.rs:754:13:754:31 | ...::MySome(...) | | main.rs:691:5:695:5 | MyOption | +| main.rs:754:13:754:31 | ...::MySome(...) | T | main.rs:726:5:727:13 | S | +| main.rs:754:30:754:30 | S | | main.rs:726:5:727:13 | S | +| main.rs:756:26:756:32 | from_if | | main.rs:691:5:695:5 | MyOption | +| main.rs:756:26:756:32 | from_if | T | main.rs:726:5:727:13 | S | +| main.rs:758:13:758:22 | from_match | | main.rs:691:5:695:5 | MyOption | +| main.rs:758:13:758:22 | from_match | T | main.rs:726:5:727:13 | S | +| main.rs:758:26:761:9 | match ... { ... } | | main.rs:691:5:695:5 | MyOption | +| main.rs:758:26:761:9 | match ... { ... } | T | main.rs:726:5:727:13 | S | +| main.rs:759:21:759:38 | ...::MyNone(...) | | main.rs:691:5:695:5 | MyOption | +| main.rs:759:21:759:38 | ...::MyNone(...) | T | main.rs:726:5:727:13 | S | +| main.rs:760:22:760:40 | ...::MySome(...) | | main.rs:691:5:695:5 | MyOption | +| main.rs:760:22:760:40 | ...::MySome(...) | T | main.rs:726:5:727:13 | S | +| main.rs:760:39:760:39 | S | | main.rs:726:5:727:13 | S | +| main.rs:762:26:762:35 | from_match | | main.rs:691:5:695:5 | MyOption | +| main.rs:762:26:762:35 | from_match | T | main.rs:726:5:727:13 | S | +| main.rs:764:13:764:21 | from_loop | | main.rs:691:5:695:5 | MyOption | +| main.rs:764:13:764:21 | from_loop | T | main.rs:726:5:727:13 | S | +| main.rs:764:25:769:9 | loop { ... } | | main.rs:691:5:695:5 | MyOption | +| main.rs:764:25:769:9 | loop { ... } | T | main.rs:726:5:727:13 | S | +| main.rs:766:23:766:40 | ...::MyNone(...) | | main.rs:691:5:695:5 | MyOption | +| main.rs:766:23:766:40 | ...::MyNone(...) | T | main.rs:726:5:727:13 | S | +| main.rs:768:19:768:37 | ...::MySome(...) | | main.rs:691:5:695:5 | MyOption | +| main.rs:768:19:768:37 | ...::MySome(...) | T | main.rs:726:5:727:13 | S | +| main.rs:768:36:768:36 | S | | main.rs:726:5:727:13 | S | +| main.rs:770:26:770:34 | from_loop | | main.rs:691:5:695:5 | MyOption | +| main.rs:770:26:770:34 | from_loop | T | main.rs:726:5:727:13 | S | +| main.rs:783:15:783:18 | SelfParam | | main.rs:776:5:777:19 | S | +| main.rs:783:15:783:18 | SelfParam | T | main.rs:782:10:782:10 | T | +| main.rs:783:26:785:9 | { ... } | | main.rs:782:10:782:10 | T | +| main.rs:784:13:784:16 | self | | main.rs:776:5:777:19 | S | +| main.rs:784:13:784:16 | self | T | main.rs:782:10:782:10 | T | +| main.rs:784:13:784:18 | self.0 | | main.rs:782:10:782:10 | T | +| main.rs:787:15:787:19 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:787:15:787:19 | SelfParam | &T | main.rs:776:5:777:19 | S | +| main.rs:787:15:787:19 | SelfParam | &T.T | main.rs:782:10:782:10 | T | +| main.rs:787:28:789:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:787:28:789:9 | { ... } | &T | main.rs:782:10:782:10 | T | +| main.rs:788:13:788:19 | &... | | file://:0:0:0:0 | & | +| main.rs:788:13:788:19 | &... | &T | main.rs:782:10:782:10 | T | +| main.rs:788:14:788:17 | self | | file://:0:0:0:0 | & | +| main.rs:788:14:788:17 | self | &T | main.rs:776:5:777:19 | S | +| main.rs:788:14:788:17 | self | &T.T | main.rs:782:10:782:10 | T | +| main.rs:788:14:788:19 | self.0 | | main.rs:782:10:782:10 | T | +| main.rs:791:15:791:25 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:791:15:791:25 | SelfParam | &T | main.rs:776:5:777:19 | S | +| main.rs:791:15:791:25 | SelfParam | &T.T | main.rs:782:10:782:10 | T | +| main.rs:791:34:793:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:791:34:793:9 | { ... } | &T | main.rs:782:10:782:10 | T | +| main.rs:792:13:792:19 | &... | | file://:0:0:0:0 | & | +| main.rs:792:13:792:19 | &... | &T | main.rs:782:10:782:10 | T | +| main.rs:792:14:792:17 | self | | file://:0:0:0:0 | & | +| main.rs:792:14:792:17 | self | &T | main.rs:776:5:777:19 | S | +| main.rs:792:14:792:17 | self | &T.T | main.rs:782:10:782:10 | T | +| main.rs:792:14:792:19 | self.0 | | main.rs:782:10:782:10 | T | +| main.rs:797:13:797:14 | x1 | | main.rs:776:5:777:19 | S | +| main.rs:797:13:797:14 | x1 | T | main.rs:779:5:780:14 | S2 | +| main.rs:797:18:797:22 | S(...) | | main.rs:776:5:777:19 | S | +| main.rs:797:18:797:22 | S(...) | T | main.rs:779:5:780:14 | S2 | +| main.rs:797:20:797:21 | S2 | | main.rs:779:5:780:14 | S2 | +| main.rs:798:26:798:27 | x1 | | main.rs:776:5:777:19 | S | +| main.rs:798:26:798:27 | x1 | T | main.rs:779:5:780:14 | S2 | +| main.rs:798:26:798:32 | x1.m1() | | main.rs:779:5:780:14 | S2 | +| main.rs:800:13:800:14 | x2 | | main.rs:776:5:777:19 | S | +| main.rs:800:13:800:14 | x2 | T | main.rs:779:5:780:14 | S2 | +| main.rs:800:18:800:22 | S(...) | | main.rs:776:5:777:19 | S | +| main.rs:800:18:800:22 | S(...) | T | main.rs:779:5:780:14 | S2 | +| main.rs:800:20:800:21 | S2 | | main.rs:779:5:780:14 | S2 | +| main.rs:802:26:802:27 | x2 | | main.rs:776:5:777:19 | S | +| main.rs:802:26:802:27 | x2 | T | main.rs:779:5:780:14 | S2 | +| main.rs:802:26:802:32 | x2.m2() | | file://:0:0:0:0 | & | +| main.rs:802:26:802:32 | x2.m2() | &T | main.rs:779:5:780:14 | S2 | +| main.rs:803:26:803:27 | x2 | | main.rs:776:5:777:19 | S | +| main.rs:803:26:803:27 | x2 | T | main.rs:779:5:780:14 | S2 | +| main.rs:803:26:803:32 | x2.m3() | | file://:0:0:0:0 | & | +| main.rs:803:26:803:32 | x2.m3() | &T | main.rs:779:5:780:14 | S2 | +| main.rs:805:13:805:14 | x3 | | main.rs:776:5:777:19 | S | +| main.rs:805:13:805:14 | x3 | T | main.rs:779:5:780:14 | S2 | +| main.rs:805:18:805:22 | S(...) | | main.rs:776:5:777:19 | S | +| main.rs:805:18:805:22 | S(...) | T | main.rs:779:5:780:14 | S2 | +| main.rs:805:20:805:21 | S2 | | main.rs:779:5:780:14 | S2 | +| main.rs:807:26:807:41 | ...::m2(...) | | file://:0:0:0:0 | & | +| main.rs:807:26:807:41 | ...::m2(...) | &T | main.rs:779:5:780:14 | S2 | +| main.rs:807:38:807:40 | &x3 | | file://:0:0:0:0 | & | +| main.rs:807:38:807:40 | &x3 | &T | main.rs:776:5:777:19 | S | +| main.rs:807:38:807:40 | &x3 | &T.T | main.rs:779:5:780:14 | S2 | +| main.rs:807:39:807:40 | x3 | | main.rs:776:5:777:19 | S | +| main.rs:807:39:807:40 | x3 | T | main.rs:779:5:780:14 | S2 | +| main.rs:808:26:808:41 | ...::m3(...) | | file://:0:0:0:0 | & | +| main.rs:808:26:808:41 | ...::m3(...) | &T | main.rs:779:5:780:14 | S2 | +| main.rs:808:38:808:40 | &x3 | | file://:0:0:0:0 | & | +| main.rs:808:38:808:40 | &x3 | &T | main.rs:776:5:777:19 | S | +| main.rs:808:38:808:40 | &x3 | &T.T | main.rs:779:5:780:14 | S2 | +| main.rs:808:39:808:40 | x3 | | main.rs:776:5:777:19 | S | +| main.rs:808:39:808:40 | x3 | T | main.rs:779:5:780:14 | S2 | +| main.rs:810:13:810:14 | x4 | | file://:0:0:0:0 | & | +| main.rs:810:13:810:14 | x4 | &T | main.rs:776:5:777:19 | S | +| main.rs:810:13:810:14 | x4 | &T.T | main.rs:779:5:780:14 | S2 | +| main.rs:810:18:810:23 | &... | | file://:0:0:0:0 | & | +| main.rs:810:18:810:23 | &... | &T | main.rs:776:5:777:19 | S | +| main.rs:810:18:810:23 | &... | &T.T | main.rs:779:5:780:14 | S2 | +| main.rs:810:19:810:23 | S(...) | | main.rs:776:5:777:19 | S | +| main.rs:810:19:810:23 | S(...) | T | main.rs:779:5:780:14 | S2 | +| main.rs:810:21:810:22 | S2 | | main.rs:779:5:780:14 | S2 | +| main.rs:812:26:812:27 | x4 | | file://:0:0:0:0 | & | +| main.rs:812:26:812:27 | x4 | &T | main.rs:776:5:777:19 | S | +| main.rs:812:26:812:27 | x4 | &T.T | main.rs:779:5:780:14 | S2 | +| main.rs:812:26:812:32 | x4.m2() | | file://:0:0:0:0 | & | +| main.rs:812:26:812:32 | x4.m2() | &T | main.rs:779:5:780:14 | S2 | +| main.rs:813:26:813:27 | x4 | | file://:0:0:0:0 | & | +| main.rs:813:26:813:27 | x4 | &T | main.rs:776:5:777:19 | S | +| main.rs:813:26:813:27 | x4 | &T.T | main.rs:779:5:780:14 | S2 | +| main.rs:813:26:813:32 | x4.m3() | | file://:0:0:0:0 | & | +| main.rs:813:26:813:32 | x4.m3() | &T | main.rs:779:5:780:14 | S2 | +| main.rs:815:13:815:14 | x5 | | file://:0:0:0:0 | & | +| main.rs:815:13:815:14 | x5 | &T | main.rs:776:5:777:19 | S | +| main.rs:815:13:815:14 | x5 | &T.T | main.rs:779:5:780:14 | S2 | +| main.rs:815:18:815:23 | &... | | file://:0:0:0:0 | & | +| main.rs:815:18:815:23 | &... | &T | main.rs:776:5:777:19 | S | +| main.rs:815:18:815:23 | &... | &T.T | main.rs:779:5:780:14 | S2 | +| main.rs:815:19:815:23 | S(...) | | main.rs:776:5:777:19 | S | +| main.rs:815:19:815:23 | S(...) | T | main.rs:779:5:780:14 | S2 | +| main.rs:815:21:815:22 | S2 | | main.rs:779:5:780:14 | S2 | +| main.rs:817:26:817:27 | x5 | | file://:0:0:0:0 | & | +| main.rs:817:26:817:27 | x5 | &T | main.rs:776:5:777:19 | S | +| main.rs:817:26:817:27 | x5 | &T.T | main.rs:779:5:780:14 | S2 | +| main.rs:817:26:817:32 | x5.m1() | | main.rs:779:5:780:14 | S2 | +| main.rs:818:26:818:27 | x5 | | file://:0:0:0:0 | & | +| main.rs:818:26:818:27 | x5 | &T | main.rs:776:5:777:19 | S | +| main.rs:818:26:818:27 | x5 | &T.T | main.rs:779:5:780:14 | S2 | +| main.rs:818:26:818:29 | x5.0 | | main.rs:779:5:780:14 | S2 | +| main.rs:820:13:820:14 | x6 | | file://:0:0:0:0 | & | +| main.rs:820:13:820:14 | x6 | &T | main.rs:776:5:777:19 | S | +| main.rs:820:13:820:14 | x6 | &T.T | main.rs:779:5:780:14 | S2 | +| main.rs:820:18:820:23 | &... | | file://:0:0:0:0 | & | +| main.rs:820:18:820:23 | &... | &T | main.rs:776:5:777:19 | S | +| main.rs:820:18:820:23 | &... | &T.T | main.rs:779:5:780:14 | S2 | +| main.rs:820:19:820:23 | S(...) | | main.rs:776:5:777:19 | S | +| main.rs:820:19:820:23 | S(...) | T | main.rs:779:5:780:14 | S2 | +| main.rs:820:21:820:22 | S2 | | main.rs:779:5:780:14 | S2 | +| main.rs:822:26:822:30 | (...) | | main.rs:776:5:777:19 | S | +| main.rs:822:26:822:30 | (...) | T | main.rs:779:5:780:14 | S2 | +| main.rs:822:26:822:35 | ... .m1() | | main.rs:779:5:780:14 | S2 | +| main.rs:822:27:822:29 | * ... | | main.rs:776:5:777:19 | S | +| main.rs:822:27:822:29 | * ... | T | main.rs:779:5:780:14 | S2 | +| main.rs:822:28:822:29 | x6 | | file://:0:0:0:0 | & | +| main.rs:822:28:822:29 | x6 | &T | main.rs:776:5:777:19 | S | +| main.rs:822:28:822:29 | x6 | &T.T | main.rs:779:5:780:14 | S2 | +| main.rs:829:16:829:20 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:829:16:829:20 | SelfParam | &T | main.rs:827:5:835:5 | Self [trait MyTrait] | +| main.rs:832:16:832:20 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:832:16:832:20 | SelfParam | &T | main.rs:827:5:835:5 | Self [trait MyTrait] | +| main.rs:832:32:834:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:832:32:834:9 | { ... } | &T | main.rs:827:5:835:5 | Self [trait MyTrait] | +| main.rs:833:13:833:16 | self | | file://:0:0:0:0 | & | +| main.rs:833:13:833:16 | self | &T | main.rs:827:5:835:5 | Self [trait MyTrait] | +| main.rs:833:13:833:22 | self.foo() | | file://:0:0:0:0 | & | +| main.rs:833:13:833:22 | self.foo() | &T | main.rs:827:5:835:5 | Self [trait MyTrait] | +| main.rs:841:16:841:20 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:841:16:841:20 | SelfParam | &T | main.rs:837:5:837:20 | MyStruct | +| main.rs:841:36:843:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:841:36:843:9 | { ... } | &T | main.rs:837:5:837:20 | MyStruct | +| main.rs:842:13:842:16 | self | | file://:0:0:0:0 | & | +| main.rs:842:13:842:16 | self | &T | main.rs:837:5:837:20 | MyStruct | +| main.rs:847:13:847:13 | x | | main.rs:837:5:837:20 | MyStruct | +| main.rs:847:17:847:24 | MyStruct | | main.rs:837:5:837:20 | MyStruct | +| main.rs:848:9:848:9 | x | | main.rs:837:5:837:20 | MyStruct | +| main.rs:848:9:848:15 | x.bar() | | file://:0:0:0:0 | & | +| main.rs:848:9:848:15 | x.bar() | &T | main.rs:837:5:837:20 | MyStruct | +| main.rs:858:16:858:20 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:858:16:858:20 | SelfParam | &T | main.rs:855:5:855:26 | MyStruct | +| main.rs:858:16:858:20 | SelfParam | &T.T | main.rs:857:10:857:10 | T | +| main.rs:858:32:860:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:858:32:860:9 | { ... } | &T | main.rs:855:5:855:26 | MyStruct | +| main.rs:858:32:860:9 | { ... } | &T.T | main.rs:857:10:857:10 | T | +| main.rs:859:13:859:16 | self | | file://:0:0:0:0 | & | +| main.rs:859:13:859:16 | self | &T | main.rs:855:5:855:26 | MyStruct | +| main.rs:859:13:859:16 | self | &T.T | main.rs:857:10:857:10 | T | +| main.rs:864:13:864:13 | x | | main.rs:855:5:855:26 | MyStruct | +| main.rs:864:13:864:13 | x | T | main.rs:853:5:853:13 | S | +| main.rs:864:17:864:27 | MyStruct(...) | | main.rs:855:5:855:26 | MyStruct | +| main.rs:864:17:864:27 | MyStruct(...) | T | main.rs:853:5:853:13 | S | +| main.rs:864:26:864:26 | S | | main.rs:853:5:853:13 | S | +| main.rs:865:9:865:9 | x | | main.rs:855:5:855:26 | MyStruct | +| main.rs:865:9:865:9 | x | T | main.rs:853:5:853:13 | S | +| main.rs:865:9:865:15 | x.foo() | | file://:0:0:0:0 | & | +| main.rs:865:9:865:15 | x.foo() | &T | main.rs:855:5:855:26 | MyStruct | +| main.rs:865:9:865:15 | x.foo() | &T.T | main.rs:853:5:853:13 | S | +| main.rs:873:15:873:19 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:873:15:873:19 | SelfParam | &T | main.rs:870:5:870:13 | S | +| main.rs:873:31:875:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:873:31:875:9 | { ... } | &T | main.rs:870:5:870:13 | S | +| main.rs:874:13:874:19 | &... | | file://:0:0:0:0 | & | +| main.rs:874:13:874:19 | &... | &T | main.rs:870:5:870:13 | S | +| main.rs:874:14:874:19 | &... | | file://:0:0:0:0 | & | +| main.rs:874:14:874:19 | &... | &T | main.rs:870:5:870:13 | S | +| main.rs:874:15:874:19 | &self | | file://:0:0:0:0 | & | +| main.rs:874:15:874:19 | &self | &T | main.rs:870:5:870:13 | S | +| main.rs:874:16:874:19 | self | | file://:0:0:0:0 | & | +| main.rs:874:16:874:19 | self | &T | main.rs:870:5:870:13 | S | +| main.rs:877:15:877:25 | SelfParam | | file://:0:0:0:0 | & | +| main.rs:877:15:877:25 | SelfParam | &T | main.rs:870:5:870:13 | S | +| main.rs:877:37:879:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:877:37:879:9 | { ... } | &T | main.rs:870:5:870:13 | S | +| main.rs:878:13:878:19 | &... | | file://:0:0:0:0 | & | +| main.rs:878:13:878:19 | &... | &T | main.rs:870:5:870:13 | S | +| main.rs:878:14:878:19 | &... | | file://:0:0:0:0 | & | +| main.rs:878:14:878:19 | &... | &T | main.rs:870:5:870:13 | S | +| main.rs:878:15:878:19 | &self | | file://:0:0:0:0 | & | +| main.rs:878:15:878:19 | &self | &T | main.rs:870:5:870:13 | S | +| main.rs:878:16:878:19 | self | | file://:0:0:0:0 | & | +| main.rs:878:16:878:19 | self | &T | main.rs:870:5:870:13 | S | +| main.rs:881:15:881:15 | x | | file://:0:0:0:0 | & | +| main.rs:881:15:881:15 | x | &T | main.rs:870:5:870:13 | S | +| main.rs:881:34:883:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:881:34:883:9 | { ... } | &T | main.rs:870:5:870:13 | S | +| main.rs:882:13:882:13 | x | | file://:0:0:0:0 | & | +| main.rs:882:13:882:13 | x | &T | main.rs:870:5:870:13 | S | +| main.rs:885:15:885:15 | x | | file://:0:0:0:0 | & | +| main.rs:885:15:885:15 | x | &T | main.rs:870:5:870:13 | S | +| main.rs:885:34:887:9 | { ... } | | file://:0:0:0:0 | & | +| main.rs:885:34:887:9 | { ... } | &T | main.rs:870:5:870:13 | S | +| main.rs:886:13:886:16 | &... | | file://:0:0:0:0 | & | +| main.rs:886:13:886:16 | &... | &T | main.rs:870:5:870:13 | S | +| main.rs:886:14:886:16 | &... | | file://:0:0:0:0 | & | +| main.rs:886:14:886:16 | &... | &T | main.rs:870:5:870:13 | S | +| main.rs:886:15:886:16 | &x | | file://:0:0:0:0 | & | +| main.rs:886:15:886:16 | &x | &T | main.rs:870:5:870:13 | S | +| main.rs:886:16:886:16 | x | | file://:0:0:0:0 | & | +| main.rs:886:16:886:16 | x | &T | main.rs:870:5:870:13 | S | +| main.rs:891:13:891:13 | x | | main.rs:870:5:870:13 | S | +| main.rs:891:17:891:20 | S {...} | | main.rs:870:5:870:13 | S | +| main.rs:892:9:892:9 | x | | main.rs:870:5:870:13 | S | +| main.rs:892:9:892:14 | x.f1() | | file://:0:0:0:0 | & | +| main.rs:892:9:892:14 | x.f1() | &T | main.rs:870:5:870:13 | S | +| main.rs:893:9:893:9 | x | | main.rs:870:5:870:13 | S | +| main.rs:893:9:893:14 | x.f2() | | file://:0:0:0:0 | & | +| main.rs:893:9:893:14 | x.f2() | &T | main.rs:870:5:870:13 | S | +| main.rs:894:9:894:17 | ...::f3(...) | | file://:0:0:0:0 | & | +| main.rs:894:9:894:17 | ...::f3(...) | &T | main.rs:870:5:870:13 | S | +| main.rs:894:15:894:16 | &x | | file://:0:0:0:0 | & | +| main.rs:894:15:894:16 | &x | &T | main.rs:870:5:870:13 | S | +| main.rs:894:16:894:16 | x | | main.rs:870:5:870:13 | S | +| main.rs:900:5:900:20 | ...::f(...) | | main.rs:67:5:67:21 | Foo | +| main.rs:901:5:901:60 | ...::g(...) | | main.rs:67:5:67:21 | Foo | +| main.rs:901:20:901:38 | ...::Foo {...} | | main.rs:67:5:67:21 | Foo | +| main.rs:901:41:901:59 | ...::Foo {...} | | main.rs:67:5:67:21 | Foo | From 9c1567375defeceb6b864460d766ff7c43493952 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 7 Apr 2025 16:17:42 +0100 Subject: [PATCH 286/409] Shared: Implement getInconsistencyCounts for SSA. --- .../diagnostics/SsaConsistencyCounts.expected | 10 ++++ shared/ssa/codeql/ssa/Ssa.qll | 47 ++++++++++++++++++- 2 files changed, 56 insertions(+), 1 deletion(-) diff --git a/rust/ql/test/query-tests/diagnostics/SsaConsistencyCounts.expected b/rust/ql/test/query-tests/diagnostics/SsaConsistencyCounts.expected index e69de29bb2d..7e264176d32 100644 --- a/rust/ql/test/query-tests/diagnostics/SsaConsistencyCounts.expected +++ b/rust/ql/test/query-tests/diagnostics/SsaConsistencyCounts.expected @@ -0,0 +1,10 @@ +| Definition cannot reach a read | 0 | +| End of a basic block can be reached by multiple definitions | 0 | +| Phi has less than 2 immediately prior references | 0 | +| Phi node has less than two inputs | 0 | +| Phi read has less than 2 immediately prior references | 0 | +| Read can be reached from multiple definitions | 0 | +| Read cannot be reached from a definition | 0 | +| Read does not have a prior reference | 0 | +| Read has multiple prior references | 0 | +| Read is not dominated by a definition | 0 | diff --git a/shared/ssa/codeql/ssa/Ssa.qll b/shared/ssa/codeql/ssa/Ssa.qll index d9bfdf62d90..a0a8a1c864d 100644 --- a/shared/ssa/codeql/ssa/Ssa.qll +++ b/shared/ssa/codeql/ssa/Ssa.qll @@ -1473,7 +1473,52 @@ module Make Input> { * Gets counts of inconsistencies of each type. */ int getInconsistencyCounts(string type) { - type = "" and result = 0 + // total results from all the SSA consistency query predicates. + type = "Read can be reached from multiple definitions" and + result = + count(Definition def, SourceVariable v, BasicBlock bb, int i | nonUniqueDef(def, v, bb, i)) + or + type = "Read cannot be reached from a definition" and + result = count(SourceVariable v, BasicBlock bb, int i | readWithoutDef(v, bb, i)) + or + type = "Definition cannot reach a read" and + result = count(Definition def, SourceVariable v | deadDef(def, v)) + or + type = "Read is not dominated by a definition" and + result = + count(Definition def, SourceVariable v, BasicBlock bb, int i | + notDominatedByDef(def, v, bb, i) + ) + or + type = "End of a basic block can be reached by multiple definitions" and + result = + count(Definition def, SourceVariable v, BasicBlock bb | + nonUniqueDefReachesEndOfBlock(def, v, bb) + ) + or + type = "Phi node has less than two inputs" and + result = count(PhiNode phi, int inputs | uselessPhiNode(phi, inputs)) + or + type = "Read does not have a prior reference" and + result = count(SourceVariable v, BasicBlock bb, int i | readWithoutPriorRef(v, bb, i)) + or + type = "Read has multiple prior references" and + result = + count(SourceVariable v, BasicBlock bb1, int i1, BasicBlock bb2, int i2 | + readWithMultiplePriorRefs(v, bb1, i1, bb2, i2) + ) + or + type = "Phi has less than 2 immediately prior references" and + result = + count(PhiNode phi, BasicBlock bbPhi, SourceVariable v, int inputRefs | + phiWithoutTwoPriorRefs(phi, bbPhi, v, inputRefs) + ) + or + type = "Phi read has less than 2 immediately prior references" and + result = + count(BasicBlock bbPhi, SourceVariable v, int inputRefs | + phiReadWithoutTwoPriorRefs(bbPhi, v, inputRefs) + ) } } From ee54ba4c489b33290d7ca3661bc439da28d49131 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 7 Apr 2025 17:01:19 +0100 Subject: [PATCH 287/409] Rust: Autoformat. --- rust/ql/consistency-queries/SsaConsistency.ql | 2 +- rust/ql/src/queries/diagnostics/SsaConsistencyCounts.ql | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/rust/ql/consistency-queries/SsaConsistency.ql b/rust/ql/consistency-queries/SsaConsistency.ql index f28b71e2a7d..1774f269749 100644 --- a/rust/ql/consistency-queries/SsaConsistency.ql +++ b/rust/ql/consistency-queries/SsaConsistency.ql @@ -5,6 +5,6 @@ * @id rust/diagnostics/ssa-consistency */ - import codeql.rust.dataflow.Ssa +import codeql.rust.dataflow.Ssa import codeql.rust.dataflow.internal.SsaImpl import Consistency diff --git a/rust/ql/src/queries/diagnostics/SsaConsistencyCounts.ql b/rust/ql/src/queries/diagnostics/SsaConsistencyCounts.ql index 8293b6883f9..287f14f9707 100644 --- a/rust/ql/src/queries/diagnostics/SsaConsistencyCounts.ql +++ b/rust/ql/src/queries/diagnostics/SsaConsistencyCounts.ql @@ -5,7 +5,7 @@ * @id rust/diagnostics/ssa-consistency-counts */ - private import codeql.rust.dataflow.internal.SsaImpl as SsaImpl +private import codeql.rust.dataflow.internal.SsaImpl as SsaImpl // see also `rust/diagnostics/ssa-consistency`, which lists the // individual inconsistency results. From ff07ec8d8c58749dded7417c17585f7dfdb80d73 Mon Sep 17 00:00:00 2001 From: Napalys Date: Mon, 7 Apr 2025 13:43:50 +0200 Subject: [PATCH 288/409] Add flow summaries for TypedArray methods `set` and `subarray` --- .../internal/flow_summaries/TypedArrays.qll | 29 +++++++++++++++++++ .../TaintTracking/BasicTaintTracking.expected | 7 +++-- .../TaintTracking/typed-arrays.js | 4 --- 3 files changed, 33 insertions(+), 7 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/TypedArrays.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/TypedArrays.qll index 788992d7c1c..43c2a5e07e5 100644 --- a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/TypedArrays.qll +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/TypedArrays.qll @@ -36,3 +36,32 @@ class BufferTypedArray extends DataFlow::AdditionalFlowStep { ) } } + +class SetLike extends SummarizedCallable { + SetLike() { this = "TypedArray#set" } + + override InstanceCall getACall() { + result = typedArrayConstructorRef().getAnInstantiation().getReturn().getMember("set").getACall() + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[0].ArrayElement" and + output = "Argument[this].ArrayElement" + } +} + +class SubArrayLike extends SummarizedCallable { + SubArrayLike() { this = "TypedArray#subarray" } + + override InstanceCall getACall() { + result = + typedArrayConstructorRef().getAnInstantiation().getReturn().getMember("subarray").getACall() + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[this].ArrayElement" and + output = "ReturnValue.ArrayElement" + } +} diff --git a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected index 3856dfe15f8..78dbc3dc5dc 100644 --- a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected +++ b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected @@ -38,14 +38,13 @@ legacyDataFlowDifference | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:5:10:5:10 | y | only flow with NEW data flow library | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:7:10:7:17 | y.buffer | only flow with NEW data flow library | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:11:10:11:12 | arr | only flow with NEW data flow library | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:15:10:15:10 | z | only flow with NEW data flow library | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:18:10:18:12 | sub | only flow with NEW data flow library | | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:15:10:15:10 | x | only flow with NEW data flow library | consistencyIssue | nested-props.js:20 | expected an alert, but found none | NOT OK - but not found | Consistency | | stringification-read-steps.js:17 | expected an alert, but found none | NOT OK | Consistency | | stringification-read-steps.js:25 | expected an alert, but found none | NOT OK | Consistency | -| typed-arrays.js:15 | expected an alert, but found none | NOT OK | Consistency | -| typed-arrays.js:18 | expected an alert, but found none | NOT OK | Consistency | -| typed-arrays.js:22 | expected an alert, but found none | NOT OK | Consistency | flow | access-path-sanitizer.js:2:18:2:25 | source() | access-path-sanitizer.js:4:8:4:12 | obj.x | | addexpr.js:4:10:4:17 | source() | addexpr.js:7:8:7:8 | x | @@ -334,6 +333,8 @@ flow | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:5:10:5:10 | y | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:7:10:7:17 | y.buffer | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:11:10:11:12 | arr | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:15:10:15:10 | z | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:18:10:18:12 | sub | | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:8:10:8:17 | captured | | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:15:10:15:10 | x | | xml.js:5:18:5:25 | source() | xml.js:8:14:8:17 | text | diff --git a/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js b/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js index 4ccf64131b6..1b66d5491d9 100644 --- a/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js +++ b/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js @@ -16,8 +16,4 @@ function test() { const sub = y.subarray(1, 3) sink(sub); // NOT OK - - const clone = new y.constructor(y.length); - clone.set(y); - sink(clone); // NOT OK } From 0e099474c56b9157905478c7cb0881e28124ec41 Mon Sep 17 00:00:00 2001 From: Napalys Date: Mon, 7 Apr 2025 13:50:46 +0200 Subject: [PATCH 289/409] Added test cases for `ArrayBuffer` and `SharedArrayBuffer` --- .../TaintTracking/BasicTaintTracking.expected | 4 ++++ .../library-tests/TaintTracking/typed-arrays.js | 16 ++++++++++++++++ 2 files changed, 20 insertions(+) diff --git a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected index 78dbc3dc5dc..c51eb479313 100644 --- a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected +++ b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected @@ -45,6 +45,10 @@ consistencyIssue | nested-props.js:20 | expected an alert, but found none | NOT OK - but not found | Consistency | | stringification-read-steps.js:17 | expected an alert, but found none | NOT OK | Consistency | | stringification-read-steps.js:25 | expected an alert, but found none | NOT OK | Consistency | +| typed-arrays.js:22 | expected an alert, but found none | NOT OK | Consistency | +| typed-arrays.js:26 | expected an alert, but found none | NOT OK | Consistency | +| typed-arrays.js:30 | expected an alert, but found none | NOT OK | Consistency | +| typed-arrays.js:34 | expected an alert, but found none | NOT OK | Consistency | flow | access-path-sanitizer.js:2:18:2:25 | source() | access-path-sanitizer.js:4:8:4:12 | obj.x | | addexpr.js:4:10:4:17 | source() | addexpr.js:7:8:7:8 | x | diff --git a/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js b/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js index 1b66d5491d9..9b85e8f2804 100644 --- a/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js +++ b/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js @@ -16,4 +16,20 @@ function test() { const sub = y.subarray(1, 3) sink(sub); // NOT OK + + const buffer = new ArrayBuffer(x); + const view = new Uint8Array(buffer); + sink(view); // NOT OK + + const sharedBuffer = new SharedArrayBuffer(x); + const view1 = new Uint8Array(sharedBuffer); + sink(view1); // NOT OK + + const transfered = buffer.transfer(); + const transferedView = new Uint8Array(transfered); + sink(transferedView); // NOT OK + + const transfered2 = buffer.transferToFixedLength(); + const transferedView2 = new Uint8Array(transfered2); + sink(transferedView2); // NOT OK } From f4277204b7fb664be85d6c8cb80ddb6d84da1bd1 Mon Sep 17 00:00:00 2001 From: Napalys Date: Mon, 7 Apr 2025 13:56:13 +0200 Subject: [PATCH 290/409] Add flow summaries and entry points for `ArrayBuffer` and `SharedArrayBuffer` --- .../internal/flow_summaries/TypedArrays.qll | 44 +++++++++++++++++++ .../TaintTracking/BasicTaintTracking.expected | 12 +++-- 2 files changed, 52 insertions(+), 4 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/TypedArrays.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/TypedArrays.qll index 43c2a5e07e5..81e84d806fd 100644 --- a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/TypedArrays.qll +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/TypedArrays.qll @@ -65,3 +65,47 @@ class SubArrayLike extends SummarizedCallable { output = "ReturnValue.ArrayElement" } } + +private class ArrayBufferEntryPoint extends API::EntryPoint { + ArrayBufferEntryPoint() { this = ["global.ArrayBuffer", "global.SharedArrayBuffer"] } + + override DataFlow::SourceNode getASource() { + result = DataFlow::globalVarRef(["ArrayBuffer", "SharedArrayBuffer"]) + } +} + +pragma[nomagic] +API::Node arrayBufferConstructorRef() { result = any(ArrayBufferEntryPoint a).getANode() } + +class ArrayBufferConstructorSummary extends SummarizedCallable { + ArrayBufferConstructorSummary() { this = "ArrayBuffer constructor" } + + override DataFlow::InvokeNode getACall() { + result = arrayBufferConstructorRef().getAnInstantiation() + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[0].ArrayElement" and + output = "ReturnValue.ArrayElement" + } +} + +class TransferLike extends SummarizedCallable { + TransferLike() { this = "ArrayBuffer#transfer" } + + override InstanceCall getACall() { + result = + arrayBufferConstructorRef() + .getAnInstantiation() + .getReturn() + .getMember(["transfer", "transferToFixedLength"]) + .getACall() + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[this].ArrayElement" and + output = "ReturnValue.ArrayElement" + } +} diff --git a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected index c51eb479313..fa33cf23125 100644 --- a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected +++ b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected @@ -40,15 +40,15 @@ legacyDataFlowDifference | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:11:10:11:12 | arr | only flow with NEW data flow library | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:15:10:15:10 | z | only flow with NEW data flow library | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:18:10:18:12 | sub | only flow with NEW data flow library | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:22:10:22:13 | view | only flow with NEW data flow library | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:26:10:26:14 | view1 | only flow with NEW data flow library | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:30:10:30:23 | transferedView | only flow with NEW data flow library | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:34:10:34:24 | transferedView2 | only flow with NEW data flow library | | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:15:10:15:10 | x | only flow with NEW data flow library | consistencyIssue | nested-props.js:20 | expected an alert, but found none | NOT OK - but not found | Consistency | | stringification-read-steps.js:17 | expected an alert, but found none | NOT OK | Consistency | | stringification-read-steps.js:25 | expected an alert, but found none | NOT OK | Consistency | -| typed-arrays.js:22 | expected an alert, but found none | NOT OK | Consistency | -| typed-arrays.js:26 | expected an alert, but found none | NOT OK | Consistency | -| typed-arrays.js:30 | expected an alert, but found none | NOT OK | Consistency | -| typed-arrays.js:34 | expected an alert, but found none | NOT OK | Consistency | flow | access-path-sanitizer.js:2:18:2:25 | source() | access-path-sanitizer.js:4:8:4:12 | obj.x | | addexpr.js:4:10:4:17 | source() | addexpr.js:7:8:7:8 | x | @@ -339,6 +339,10 @@ flow | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:11:10:11:12 | arr | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:15:10:15:10 | z | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:18:10:18:12 | sub | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:22:10:22:13 | view | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:26:10:26:14 | view1 | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:30:10:30:23 | transferedView | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:34:10:34:24 | transferedView2 | | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:8:10:8:17 | captured | | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:15:10:15:10 | x | | xml.js:5:18:5:25 | source() | xml.js:8:14:8:17 | text | From f28478e87668c644e3990254c4b8e1a921ee7878 Mon Sep 17 00:00:00 2001 From: Napalys Date: Mon, 7 Apr 2025 14:23:44 +0200 Subject: [PATCH 291/409] Add test cases from `TypedArrays` to strings. --- .../TaintTracking/BasicTaintTracking.expected | 4 ++++ .../library-tests/TaintTracking/typed-arrays.js | 16 ++++++++++++++++ 2 files changed, 20 insertions(+) diff --git a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected index fa33cf23125..b20e0062411 100644 --- a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected +++ b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected @@ -44,11 +44,14 @@ legacyDataFlowDifference | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:26:10:26:14 | view1 | only flow with NEW data flow library | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:30:10:30:23 | transferedView | only flow with NEW data flow library | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:34:10:34:24 | transferedView2 | only flow with NEW data flow library | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:46:10:46:12 | str | only flow with NEW data flow library | | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:15:10:15:10 | x | only flow with NEW data flow library | consistencyIssue | nested-props.js:20 | expected an alert, but found none | NOT OK - but not found | Consistency | | stringification-read-steps.js:17 | expected an alert, but found none | NOT OK | Consistency | | stringification-read-steps.js:25 | expected an alert, but found none | NOT OK | Consistency | +| typed-arrays.js:40 | expected an alert, but found none | NOT OK -- Should be flagged but it is not. | Consistency | +| typed-arrays.js:50 | expected an alert, but found none | NOT OK | Consistency | flow | access-path-sanitizer.js:2:18:2:25 | source() | access-path-sanitizer.js:4:8:4:12 | obj.x | | addexpr.js:4:10:4:17 | source() | addexpr.js:7:8:7:8 | x | @@ -343,6 +346,7 @@ flow | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:26:10:26:14 | view1 | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:30:10:30:23 | transferedView | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:34:10:34:24 | transferedView2 | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:46:10:46:12 | str | | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:8:10:8:17 | captured | | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:15:10:15:10 | x | | xml.js:5:18:5:25 | source() | xml.js:8:14:8:17 | text | diff --git a/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js b/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js index 9b85e8f2804..d2dc8b2168c 100644 --- a/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js +++ b/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js @@ -32,4 +32,20 @@ function test() { const transfered2 = buffer.transferToFixedLength(); const transferedView2 = new Uint8Array(transfered2); sink(transferedView2); // NOT OK + + var typedArrayToString = (function () { + return function (a) { return String.fromCharCode.apply(null, a); }; + })(); + + sink(typedArrayToString(y)); // NOT OK -- Should be flagged but it is not. + + let str = ''; + for (let i = 0; i < y.length; i++) + str += String.fromCharCode(y[i]); + + sink(str); // NOT OK + + const decoder = new TextDecoder('utf-8'); + const str2 = decoder.decode(y); + sink(str2); // NOT OK } From b97c61864e904d0cde359132e600f899374deb94 Mon Sep 17 00:00:00 2001 From: Napalys Date: Mon, 7 Apr 2025 14:37:52 +0200 Subject: [PATCH 292/409] Add flow summaries and entry points for `TextDecoder` --- .../flow_summaries/AllFlowSummaries.qll | 1 + .../internal/flow_summaries/Decoders.qll | 29 +++++++++++++++++++ .../TaintTracking/BasicTaintTracking.expected | 3 +- 3 files changed, 32 insertions(+), 1 deletion(-) create mode 100644 javascript/ql/lib/semmle/javascript/internal/flow_summaries/Decoders.qll diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll index 20247b7e268..dfbe9ef7da3 100644 --- a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/AllFlowSummaries.qll @@ -13,3 +13,4 @@ private import Strings private import DynamicImportStep private import UrlSearchParams private import TypedArrays +private import Decoders diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Decoders.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Decoders.qll new file mode 100644 index 00000000000..567a0403bcf --- /dev/null +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Decoders.qll @@ -0,0 +1,29 @@ +private import javascript +private import semmle.javascript.dataflow.FlowSummary +private import semmle.javascript.dataflow.InferredTypes +private import semmle.javascript.dataflow.internal.DataFlowPrivate as Private +private import FlowSummaryUtil + +private class TextDecoderEntryPoint extends API::EntryPoint { + TextDecoderEntryPoint() { this = "global.TextDecoder" } + + override DataFlow::SourceNode getASource() { result = DataFlow::globalVarRef("TextDecoder") } +} + +pragma[nomagic] +API::Node textDecoderConstructorRef() { result = any(TextDecoderEntryPoint e).getANode() } + +class DecodeLike extends SummarizedCallable { + DecodeLike() { this = "TextDecoder#decode" } + + override InstanceCall getACall() { + result = + textDecoderConstructorRef().getAnInstantiation().getReturn().getMember("decode").getACall() + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + input = "Argument[0]" and + output = "ReturnValue" + } +} diff --git a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected index b20e0062411..e0cbc7b3b2e 100644 --- a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected +++ b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected @@ -45,13 +45,13 @@ legacyDataFlowDifference | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:30:10:30:23 | transferedView | only flow with NEW data flow library | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:34:10:34:24 | transferedView2 | only flow with NEW data flow library | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:46:10:46:12 | str | only flow with NEW data flow library | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:50:10:50:13 | str2 | only flow with NEW data flow library | | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:15:10:15:10 | x | only flow with NEW data flow library | consistencyIssue | nested-props.js:20 | expected an alert, but found none | NOT OK - but not found | Consistency | | stringification-read-steps.js:17 | expected an alert, but found none | NOT OK | Consistency | | stringification-read-steps.js:25 | expected an alert, but found none | NOT OK | Consistency | | typed-arrays.js:40 | expected an alert, but found none | NOT OK -- Should be flagged but it is not. | Consistency | -| typed-arrays.js:50 | expected an alert, but found none | NOT OK | Consistency | flow | access-path-sanitizer.js:2:18:2:25 | source() | access-path-sanitizer.js:4:8:4:12 | obj.x | | addexpr.js:4:10:4:17 | source() | addexpr.js:7:8:7:8 | x | @@ -347,6 +347,7 @@ flow | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:30:10:30:23 | transferedView | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:34:10:34:24 | transferedView2 | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:46:10:46:12 | str | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:50:10:50:13 | str2 | | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:8:10:8:17 | captured | | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:15:10:15:10 | x | | xml.js:5:18:5:25 | source() | xml.js:8:14:8:17 | text | From 873db7c1215e8fcee250c9f55a7c9061bed0e286 Mon Sep 17 00:00:00 2001 From: Napalys Date: Mon, 7 Apr 2025 15:16:22 +0200 Subject: [PATCH 293/409] Added change note --- javascript/ql/lib/change-notes/2025-04-07-typed-arrays.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 javascript/ql/lib/change-notes/2025-04-07-typed-arrays.md diff --git a/javascript/ql/lib/change-notes/2025-04-07-typed-arrays.md b/javascript/ql/lib/change-notes/2025-04-07-typed-arrays.md new file mode 100644 index 00000000000..f09e6831743 --- /dev/null +++ b/javascript/ql/lib/change-notes/2025-04-07-typed-arrays.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Added taint propagation for `Uint8Array`, `ArrayBuffer`, `SharedArrayBuffer` and `TextDecoder.decode()`. From 5e74bdc8dda99bc7cdbc3007597e11c099734566 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=93scar=20San=20Jos=C3=A9?= Date: Mon, 7 Apr 2025 17:49:18 +0200 Subject: [PATCH 294/409] Disable csharp test failing on macos-15 --- .../all-platforms/diag_missing_project_files/test.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/csharp/ql/integration-tests/all-platforms/diag_missing_project_files/test.py b/csharp/ql/integration-tests/all-platforms/diag_missing_project_files/test.py index a2676d16d9c..fa941f346df 100644 --- a/csharp/ql/integration-tests/all-platforms/diag_missing_project_files/test.py +++ b/csharp/ql/integration-tests/all-platforms/diag_missing_project_files/test.py @@ -1,2 +1,8 @@ +import pytest +import runs_on + + +# Skipping the test on macos-15, as we're running into trouble. +@pytest.mark.only_if(not runs_on.macos_15) def test(codeql, csharp): codeql.database.create(_assert_failure=True) From 37db35431b4bf7886845c1e8db790ac2417618ba Mon Sep 17 00:00:00 2001 From: Aditya Sharad Date: Fri, 4 Apr 2025 16:44:42 -0700 Subject: [PATCH 295/409] Actions: Ensure autobuild invocations work when the CLI path contains spaces Quote the paths to the CodeQL CLI dist or autobuild scripts when invoked. This unblocks integration testing, since our integration tests always use a CLI with a space in its directory name. --- actions/extractor/tools/autobuild-impl.ps1 | 4 ++-- actions/extractor/tools/autobuild.cmd | 2 +- actions/extractor/tools/autobuild.sh | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/actions/extractor/tools/autobuild-impl.ps1 b/actions/extractor/tools/autobuild-impl.ps1 index 1b7805efa04..5a5aa1ab53a 100644 --- a/actions/extractor/tools/autobuild-impl.ps1 +++ b/actions/extractor/tools/autobuild-impl.ps1 @@ -21,7 +21,7 @@ if (($null -ne $env:LGTM_INDEX_INCLUDE) -or ($null -ne $env:LGTM_INDEX_EXCLUDE) # Find the JavaScript extractor directory via `codeql resolve extractor`. $CodeQL = Join-Path $env:CODEQL_DIST 'codeql.exe' -$env:CODEQL_EXTRACTOR_JAVASCRIPT_ROOT = &$CodeQL resolve extractor --language javascript +$env:CODEQL_EXTRACTOR_JAVASCRIPT_ROOT = &"$CodeQL" resolve extractor --language javascript if ($LASTEXITCODE -ne 0) { throw 'Failed to resolve JavaScript extractor.' } @@ -40,7 +40,7 @@ $env:CODEQL_EXTRACTOR_JAVASCRIPT_SOURCE_ARCHIVE_DIR = $env:CODEQL_EXTRACTOR_ACTI $env:CODEQL_EXTRACTOR_JAVASCRIPT_TRAP_DIR = $env:CODEQL_EXTRACTOR_ACTIONS_TRAP_DIR $env:CODEQL_EXTRACTOR_JAVASCRIPT_WIP_DATABASE = $env:CODEQL_EXTRACTOR_ACTIONS_WIP_DATABASE -&$JavaScriptAutoBuild +&"$JavaScriptAutoBuild" if ($LASTEXITCODE -ne 0) { throw "JavaScript autobuilder failed." } diff --git a/actions/extractor/tools/autobuild.cmd b/actions/extractor/tools/autobuild.cmd index ff5ca89d94a..cd05b979110 100644 --- a/actions/extractor/tools/autobuild.cmd +++ b/actions/extractor/tools/autobuild.cmd @@ -1,3 +1,3 @@ @echo off rem All of the work is done in the PowerShell script -powershell.exe %~dp0autobuild-impl.ps1 +powershell.exe "%~dp0autobuild-impl.ps1" diff --git a/actions/extractor/tools/autobuild.sh b/actions/extractor/tools/autobuild.sh index ce6a02b5b76..703154f99c9 100755 --- a/actions/extractor/tools/autobuild.sh +++ b/actions/extractor/tools/autobuild.sh @@ -26,7 +26,7 @@ else fi # Find the JavaScript extractor directory via `codeql resolve extractor`. -CODEQL_EXTRACTOR_JAVASCRIPT_ROOT="$($CODEQL_DIST/codeql resolve extractor --language javascript)" +CODEQL_EXTRACTOR_JAVASCRIPT_ROOT="$("${CODEQL_DIST}/codeql" resolve extractor --language javascript)" export CODEQL_EXTRACTOR_JAVASCRIPT_ROOT echo "Found JavaScript extractor at '${CODEQL_EXTRACTOR_JAVASCRIPT_ROOT}'." @@ -42,4 +42,4 @@ env CODEQL_EXTRACTOR_JAVASCRIPT_DIAGNOSTIC_DIR="${CODEQL_EXTRACTOR_ACTIONS_DIAGN CODEQL_EXTRACTOR_JAVASCRIPT_SOURCE_ARCHIVE_DIR="${CODEQL_EXTRACTOR_ACTIONS_SOURCE_ARCHIVE_DIR}" \ CODEQL_EXTRACTOR_JAVASCRIPT_TRAP_DIR="${CODEQL_EXTRACTOR_ACTIONS_TRAP_DIR}" \ CODEQL_EXTRACTOR_JAVASCRIPT_WIP_DATABASE="${CODEQL_EXTRACTOR_ACTIONS_WIP_DATABASE}" \ - ${JAVASCRIPT_AUTO_BUILD} + "${JAVASCRIPT_AUTO_BUILD}" From 0bb4ab950f46967171b83948e53a087151d0385c Mon Sep 17 00:00:00 2001 From: Aditya Sharad Date: Fri, 4 Apr 2025 17:46:28 -0700 Subject: [PATCH 296/409] Actions: Add integration test for default filter behaviour Include a reachable workflow, and several unreachable workflow files. Include action metadata files at various depths, all reachable. This test exercises the default filters when the user doesn't specify paths/paths-ignore. --- .../filters-default/actions.expected | 4 ++++ .../ql/integration-tests/filters-default/actions.ql | 5 +++++ .../filters-default/src/.github/action.yaml | 11 +++++++++++ .../src/.github/actions/action-name/action.yml | 11 +++++++++++ .../src/.github/unreachable-workflow.yml | 12 ++++++++++++ .../src/.github/workflows/workflow.yml | 12 ++++++++++++ .../integration-tests/filters-default/src/action.yml | 11 +++++++++++ .../filters-default/src/unreachable-workflow.yml | 12 ++++++++++++ actions/ql/integration-tests/filters-default/test.py | 2 ++ 9 files changed, 80 insertions(+) create mode 100644 actions/ql/integration-tests/filters-default/actions.expected create mode 100644 actions/ql/integration-tests/filters-default/actions.ql create mode 100644 actions/ql/integration-tests/filters-default/src/.github/action.yaml create mode 100644 actions/ql/integration-tests/filters-default/src/.github/actions/action-name/action.yml create mode 100644 actions/ql/integration-tests/filters-default/src/.github/unreachable-workflow.yml create mode 100644 actions/ql/integration-tests/filters-default/src/.github/workflows/workflow.yml create mode 100644 actions/ql/integration-tests/filters-default/src/action.yml create mode 100644 actions/ql/integration-tests/filters-default/src/unreachable-workflow.yml create mode 100755 actions/ql/integration-tests/filters-default/test.py diff --git a/actions/ql/integration-tests/filters-default/actions.expected b/actions/ql/integration-tests/filters-default/actions.expected new file mode 100644 index 00000000000..376c71bad6d --- /dev/null +++ b/actions/ql/integration-tests/filters-default/actions.expected @@ -0,0 +1,4 @@ +| src/.github/action.yaml:1:1:11:32 | name: ' ... action' | +| src/.github/actions/action-name/action.yml:1:1:11:32 | name: ' ... action' | +| src/.github/workflows/workflow.yml:1:1:12:33 | name: A workflow | +| src/action.yml:1:1:11:32 | name: ' ... action' | diff --git a/actions/ql/integration-tests/filters-default/actions.ql b/actions/ql/integration-tests/filters-default/actions.ql new file mode 100644 index 00000000000..f0a3e0ab297 --- /dev/null +++ b/actions/ql/integration-tests/filters-default/actions.ql @@ -0,0 +1,5 @@ +import actions + +from AstNode n +where n instanceof Workflow or n instanceof CompositeAction +select n diff --git a/actions/ql/integration-tests/filters-default/src/.github/action.yaml b/actions/ql/integration-tests/filters-default/src/.github/action.yaml new file mode 100644 index 00000000000..f611f8c72ff --- /dev/null +++ b/actions/ql/integration-tests/filters-default/src/.github/action.yaml @@ -0,0 +1,11 @@ +name: 'A composite action' +description: 'Do something' +runs: + using: "composite" + steps: + - name: Print + run: echo "Hello world" + shell: bash + + - name: Checkout + uses: actions/checkout@v4 diff --git a/actions/ql/integration-tests/filters-default/src/.github/actions/action-name/action.yml b/actions/ql/integration-tests/filters-default/src/.github/actions/action-name/action.yml new file mode 100644 index 00000000000..f611f8c72ff --- /dev/null +++ b/actions/ql/integration-tests/filters-default/src/.github/actions/action-name/action.yml @@ -0,0 +1,11 @@ +name: 'A composite action' +description: 'Do something' +runs: + using: "composite" + steps: + - name: Print + run: echo "Hello world" + shell: bash + + - name: Checkout + uses: actions/checkout@v4 diff --git a/actions/ql/integration-tests/filters-default/src/.github/unreachable-workflow.yml b/actions/ql/integration-tests/filters-default/src/.github/unreachable-workflow.yml new file mode 100644 index 00000000000..6f980d6a6b0 --- /dev/null +++ b/actions/ql/integration-tests/filters-default/src/.github/unreachable-workflow.yml @@ -0,0 +1,12 @@ +name: An unreachable workflow +on: + push: + branches: + - main + +jobs: + job: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 \ No newline at end of file diff --git a/actions/ql/integration-tests/filters-default/src/.github/workflows/workflow.yml b/actions/ql/integration-tests/filters-default/src/.github/workflows/workflow.yml new file mode 100644 index 00000000000..8be09d6d07e --- /dev/null +++ b/actions/ql/integration-tests/filters-default/src/.github/workflows/workflow.yml @@ -0,0 +1,12 @@ +name: A workflow +on: + push: + branches: + - main + +jobs: + job: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 \ No newline at end of file diff --git a/actions/ql/integration-tests/filters-default/src/action.yml b/actions/ql/integration-tests/filters-default/src/action.yml new file mode 100644 index 00000000000..f611f8c72ff --- /dev/null +++ b/actions/ql/integration-tests/filters-default/src/action.yml @@ -0,0 +1,11 @@ +name: 'A composite action' +description: 'Do something' +runs: + using: "composite" + steps: + - name: Print + run: echo "Hello world" + shell: bash + + - name: Checkout + uses: actions/checkout@v4 diff --git a/actions/ql/integration-tests/filters-default/src/unreachable-workflow.yml b/actions/ql/integration-tests/filters-default/src/unreachable-workflow.yml new file mode 100644 index 00000000000..6f980d6a6b0 --- /dev/null +++ b/actions/ql/integration-tests/filters-default/src/unreachable-workflow.yml @@ -0,0 +1,12 @@ +name: An unreachable workflow +on: + push: + branches: + - main + +jobs: + job: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 \ No newline at end of file diff --git a/actions/ql/integration-tests/filters-default/test.py b/actions/ql/integration-tests/filters-default/test.py new file mode 100755 index 00000000000..c0ac8d191b9 --- /dev/null +++ b/actions/ql/integration-tests/filters-default/test.py @@ -0,0 +1,2 @@ +def test(codeql, actions): + codeql.database.create(source_root="src") From 5adf135134078edb021746e2050cffd74bae0380 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Tue, 8 Apr 2025 00:22:09 +0000 Subject: [PATCH 297/409] Add changed framework coverage reports --- go/documentation/library-coverage/coverage.csv | 4 ++-- go/documentation/library-coverage/coverage.rst | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/go/documentation/library-coverage/coverage.csv b/go/documentation/library-coverage/coverage.csv index d8091bbda64..2aed94d84a5 100644 --- a/go/documentation/library-coverage/coverage.csv +++ b/go/documentation/library-coverage/coverage.csv @@ -56,7 +56,7 @@ github.com/gobuffalo/envy,,7,,,,,,,,,,,,,,,,,,,,7,,,,, github.com/gobwas/ws,,2,,,,,,,,,,,,,,,,,,,,,,2,,, github.com/gofiber/fiber,5,,,,,,,,4,,,,,,,,,1,,,,,,,,, github.com/gogf/gf-jwt,1,,,,1,,,,,,,,,,,,,,,,,,,,,, -github.com/gogf/gf/database/gdb,51,,,,,,,,,,,,,,51,,,,,,,,,,,, +github.com/gogf/gf/database/gdb,51,39,21,,,,,,,,,,,,51,,,,,,39,,,,,21, github.com/going/toolkit/xmlpath,2,,,,,,,,,,,,,,,,,,2,,,,,,,, github.com/golang-jwt/jwt,3,,11,,2,1,,,,,,,,,,,,,,,,,,,,11, github.com/golang/glog,90,,,,,,90,,,,,,,,,,,,,,,,,,,, @@ -94,7 +94,7 @@ github.com/sendgrid/sendgrid-go/helpers/mail,,,1,,,,,,,,,,,,,,,,,,,,,,,1, github.com/sirupsen/logrus,145,,,,,,145,,,,,,,,,,,,,,,,,,,, github.com/spf13/afero,34,,,,,,,,34,,,,,,,,,,,,,,,,,, github.com/square/go-jose,3,,4,,2,1,,,,,,,,,,,,,,,,,,,,4, -github.com/uptrace/bun,63,,,,,,,,,,,,,,63,,,,,,,,,,,, +github.com/uptrace/bun,63,8,,,,,,,,,,,,,63,,,,,,8,,,,,, github.com/valyala/fasthttp,35,50,5,,,,,,8,,,,17,8,,2,,,,,,,,50,,5, go.mongodb.org/mongo-driver/mongo,14,11,5,,,,,14,,,,,,,,,,,,,11,,,,,5, go.uber.org/zap,33,,11,,,,33,,,,,,,,,,,,,,,,,,,11, diff --git a/go/documentation/library-coverage/coverage.rst b/go/documentation/library-coverage/coverage.rst index 2f45f4b7e33..cad7baeb70f 100644 --- a/go/documentation/library-coverage/coverage.rst +++ b/go/documentation/library-coverage/coverage.rst @@ -8,7 +8,7 @@ Go framework & library support Framework / library,Package,Flow sources,Taint & value steps,Sinks (total) `Afero `_,``github.com/spf13/afero*``,,,34 - `Bun `_,``github.com/uptrace/bun*``,,,63 + `Bun `_,``github.com/uptrace/bun*``,8,,63 `CleverGo `_,"``clevergo.tech/clevergo*``, ``github.com/clevergo/clevergo*``",,,2 `Couchbase official client(gocb) `_,"``github.com/couchbase/gocb*``, ``gopkg.in/couchbase/gocb*``",44,96,16 `Couchbase unofficial client `_,``github.com/couchbaselabs/gocb*``,22,48,8 @@ -22,7 +22,7 @@ Go framework & library support `Go kit `_,``github.com/go-kit/kit*``,,,1 `Go-spew `_,``github.com/davecgh/go-spew/spew*``,,,9 `GoDotEnv `_,``github.com/joho/godotenv*``,4,, - `GoFrame `_,``github.com/gogf/gf*``,,,51 + `GoFrame `_,``github.com/gogf/gf*``,39,21,51 `Gokogiri `_,"``github.com/jbowtie/gokogiri*``, ``github.com/moovweb/gokogiri*``",,,10 `Iris `_,``github.com/kataras/iris*``,,,14 `Kubernetes `_,"``k8s.io/api*``, ``k8s.io/apimachinery*``",,57, @@ -74,5 +74,5 @@ Go framework & library support `yaml `_,``gopkg.in/yaml*``,,9, `zap `_,``go.uber.org/zap*``,,11,33 Others,``github.com/kanikanema/gorqlite``,8,2,24 - Totals,,641,1048,1556 + Totals,,688,1069,1556 From 98b6e5ce2f28347d15e6aa963db3b10d70481030 Mon Sep 17 00:00:00 2001 From: Aditya Sharad Date: Mon, 7 Apr 2025 17:33:43 -0700 Subject: [PATCH 298/409] Docs: Fix formatting of GitHub Actions content Discovered in internal review of docs preview. Use double backticks to render inline code blocks. Use __ after inline hyperlinks. Use an extra blank line to format the Actions library predicates table correctly. Fix some rogue references to Ruby and case inconsistency. --- .../codeql-for-actions.rst | 2 +- .../codeql-library-for-actions.rst | 25 ++++++++++--------- ...customizing-library-models-for-actions.rst | 2 +- .../customizing-library-models-for-ruby.rst | 2 +- .../codeql/reusables/supported-frameworks.rst | 4 +-- 5 files changed, 18 insertions(+), 17 deletions(-) diff --git a/docs/codeql/codeql-language-guides/codeql-for-actions.rst b/docs/codeql/codeql-language-guides/codeql-for-actions.rst index d4597811a47..23b87193abf 100644 --- a/docs/codeql/codeql-language-guides/codeql-for-actions.rst +++ b/docs/codeql/codeql-language-guides/codeql-for-actions.rst @@ -12,6 +12,6 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat codeql-library-for-actions customizing-library-models-for-actions -- :doc:`CodeQL library for GitHub Actions `: When you're analyzing a Ruby program, you can make use of the large collection of classes in the CodeQL library for GitHub Actions. +- :doc:`CodeQL library for GitHub Actions `: When you're analyzing GitHub Actions code, you can make use of the large collection of classes in the CodeQL library for GitHub Actions. - :doc:`Customizing library models for GitHub Actions `: You can model frameworks and libraries that your codebase depends on using data extensions and publish them as CodeQL model packs. diff --git a/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst b/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst index 507438583c6..7be7f3c8cfe 100644 --- a/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst +++ b/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst @@ -95,7 +95,7 @@ to all AST classes: * - ``getAChildNode()`` - Gets a child node of this node. * - ``getParentNode()`` - - Gets the parent of this `AstNode`, if this node is not a root node. + - Gets the parent of this ``AstNode``, if this node is not a root node. * - ``getATriggerEvent()`` - Gets an Actions trigger event that can start the enclosing Actions workflow, if any. @@ -104,9 +104,9 @@ Workflows ~~~~~~~~~ A workflow is a configurable automated process made up of one or more jobs, -defined in a workflow YAML file in the `.github/workflows` directory of a GitHub repository. +defined in a workflow YAML file in the ``.github/workflows`` directory of a GitHub repository. -In the CodeQL AST library, a `Workflow` is an `AstNode` representing the mapping at the top level of an Actions YAML workflow file. +In the CodeQL AST library, a ``Workflow`` is an ``AstNode`` representing the mapping at the top level of an Actions YAML workflow file. See the GitHub Actions documentation on `workflows `__ and `workflow syntax `__ for more information. @@ -116,16 +116,17 @@ See the GitHub Actions documentation on `workflows `, Workflows - `GitHub Actions action metadata YAML files `, Actions + `GitHub Actions workflow YAML files `__, Workflows + `GitHub Actions action metadata YAML files `__, Actions Go built-in support ================================ From cf4989e1f854a8fe63472ab1bccb59b375e7a73d Mon Sep 17 00:00:00 2001 From: Aditya Sharad Date: Mon, 7 Apr 2025 17:37:21 -0700 Subject: [PATCH 299/409] Docs: Place GitHub Actions link lower in sidebar Order by the human-readable language name that is rendered, i.e. 'GitHub Actions', not 'actions'. --- docs/codeql/codeql-language-guides/index.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/codeql/codeql-language-guides/index.rst b/docs/codeql/codeql-language-guides/index.rst index f59d8163db2..ca03ebffd75 100644 --- a/docs/codeql/codeql-language-guides/index.rst +++ b/docs/codeql/codeql-language-guides/index.rst @@ -7,9 +7,9 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat .. toctree:: - codeql-for-actions codeql-for-cpp codeql-for-csharp + codeql-for-actions codeql-for-go codeql-for-java codeql-for-javascript From 2f9be926fb8da5e8525f87e619592087f3a249dd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 8 Apr 2025 03:42:17 +0000 Subject: [PATCH 300/409] Bump golang.org/x/tools Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/tools](https://github.com/golang/tools). Updates `golang.org/x/tools` from 0.31.0 to 0.32.0 - [Release notes](https://github.com/golang/tools/releases) - [Commits](https://github.com/golang/tools/compare/v0.31.0...v0.32.0) --- updated-dependencies: - dependency-name: golang.org/x/tools dependency-version: 0.32.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: extractor-dependencies ... Signed-off-by: dependabot[bot] --- go/extractor/go.mod | 4 ++-- go/extractor/go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go/extractor/go.mod b/go/extractor/go.mod index de799a83fca..737af893993 100644 --- a/go/extractor/go.mod +++ b/go/extractor/go.mod @@ -10,7 +10,7 @@ toolchain go1.24.0 // bazel mod tidy require ( golang.org/x/mod v0.24.0 - golang.org/x/tools v0.31.0 + golang.org/x/tools v0.32.0 ) -require golang.org/x/sync v0.12.0 // indirect +require golang.org/x/sync v0.13.0 // indirect diff --git a/go/extractor/go.sum b/go/extractor/go.sum index 09ebfb8a2a8..0fbc8831fb3 100644 --- a/go/extractor/go.sum +++ b/go/extractor/go.sum @@ -2,7 +2,7 @@ github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= golang.org/x/mod v0.24.0 h1:ZfthKaKaT4NrhGVZHO1/WDTwGES4De8KtWO0SIbNJMU= golang.org/x/mod v0.24.0/go.mod h1:IXM97Txy2VM4PJ3gI61r1YEk/gAj6zAHN3AdZt6S9Ww= -golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw= -golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= -golang.org/x/tools v0.31.0 h1:0EedkvKDbh+qistFTd0Bcwe/YLh4vHwWEkiI0toFIBU= -golang.org/x/tools v0.31.0/go.mod h1:naFTU+Cev749tSJRXJlna0T3WxKvb1kWEx15xA4SdmQ= +golang.org/x/sync v0.13.0 h1:AauUjRAJ9OSnvULf/ARrrVywoJDy0YS2AwQ98I37610= +golang.org/x/sync v0.13.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= +golang.org/x/tools v0.32.0 h1:Q7N1vhpkQv7ybVzLFtTjvQya2ewbwNDZzUgfXGqtMWU= +golang.org/x/tools v0.32.0/go.mod h1:ZxrU41P/wAbZD8EDa6dDCa6XfpkhJ7HFMjHJXfBDu8s= From df89739085904e75cc4f08b99ed7dc3f79500dbd Mon Sep 17 00:00:00 2001 From: Napalys Date: Tue, 8 Apr 2025 08:10:10 +0200 Subject: [PATCH 301/409] Added test cases for `open` package. --- .../query-tests/Security/CWE-022/TaintedPath/open.js | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/open.js diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/open.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/open.js new file mode 100644 index 00000000000..10077281b3a --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/open.js @@ -0,0 +1,11 @@ +import open, {openApp, apps} from 'open'; + +const express = require('express'); +const app = express(); + +app.get('/open', (req, res) => { + const file = req.query.file; // $ MISSING: Source + + open(file); // $ MISSING: Alert + openApp(file); // $ MISSING: Alert +}); From b8802a29f4ca34b5057a9d9452315bb3428299b4 Mon Sep 17 00:00:00 2001 From: Napalys Date: Tue, 8 Apr 2025 08:12:30 +0200 Subject: [PATCH 302/409] Added `open` package model as data. --- javascript/ql/lib/ext/open.model.yml | 7 +++++++ .../Security/CWE-022/TaintedPath/TaintedPath.expected | 9 +++++++++ .../query-tests/Security/CWE-022/TaintedPath/open.js | 6 +++--- 3 files changed, 19 insertions(+), 3 deletions(-) create mode 100644 javascript/ql/lib/ext/open.model.yml diff --git a/javascript/ql/lib/ext/open.model.yml b/javascript/ql/lib/ext/open.model.yml new file mode 100644 index 00000000000..2159fe794d7 --- /dev/null +++ b/javascript/ql/lib/ext/open.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: codeql/javascript-all + extensible: sinkModel + data: + - ["open", "Argument[0]", "path-injection"] + - ["open", "Member[openApp].Argument[0]", "path-injection"] diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected index 99be2545b8e..88334b64c38 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected @@ -140,6 +140,8 @@ | normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | normalizedPaths.js:408:38:408:48 | req.query.x | normalizedPaths.js:408:19:408:60 | pathMod ... t('/')) | This path depends on a $@. | normalizedPaths.js:408:38:408:48 | req.query.x | user-provided value | | normalizedPaths.js:415:19:415:22 | path | normalizedPaths.js:412:35:412:45 | req.query.x | normalizedPaths.js:415:19:415:22 | path | This path depends on a $@. | normalizedPaths.js:412:35:412:45 | req.query.x | user-provided value | | normalizedPaths.js:426:21:426:24 | path | normalizedPaths.js:412:35:412:45 | req.query.x | normalizedPaths.js:426:21:426:24 | path | This path depends on a $@. | normalizedPaths.js:412:35:412:45 | req.query.x | user-provided value | +| open.js:9:10:9:13 | file | open.js:7:18:7:31 | req.query.file | open.js:9:10:9:13 | file | This path depends on a $@. | open.js:7:18:7:31 | req.query.file | user-provided value | +| open.js:10:13:10:16 | file | open.js:7:18:7:31 | req.query.file | open.js:10:13:10:16 | file | This path depends on a $@. | open.js:7:18:7:31 | req.query.file | user-provided value | | other-fs-libraries.js:11:19:11:22 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:11:19:11:22 | path | This path depends on a $@. | other-fs-libraries.js:9:24:9:30 | req.url | user-provided value | | other-fs-libraries.js:12:27:12:30 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:12:27:12:30 | path | This path depends on a $@. | other-fs-libraries.js:9:24:9:30 | req.url | user-provided value | | other-fs-libraries.js:13:24:13:27 | path | other-fs-libraries.js:9:24:9:30 | req.url | other-fs-libraries.js:13:24:13:27 | path | This path depends on a $@. | other-fs-libraries.js:9:24:9:30 | req.url | user-provided value | @@ -561,6 +563,9 @@ edges | normalizedPaths.js:412:7:412:46 | path | normalizedPaths.js:426:21:426:24 | path | provenance | | | normalizedPaths.js:412:14:412:46 | pathMod ... uery.x) | normalizedPaths.js:412:7:412:46 | path | provenance | | | normalizedPaths.js:412:35:412:45 | req.query.x | normalizedPaths.js:412:14:412:46 | pathMod ... uery.x) | provenance | Config | +| open.js:7:11:7:31 | file | open.js:9:10:9:13 | file | provenance | | +| open.js:7:11:7:31 | file | open.js:10:13:10:16 | file | provenance | | +| open.js:7:18:7:31 | req.query.file | open.js:7:11:7:31 | file | provenance | | | other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:11:19:11:22 | path | provenance | | | other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:12:27:12:30 | path | provenance | | | other-fs-libraries.js:9:7:9:48 | path | other-fs-libraries.js:13:24:13:27 | path | provenance | | @@ -1116,6 +1121,10 @@ nodes | normalizedPaths.js:412:35:412:45 | req.query.x | semmle.label | req.query.x | | normalizedPaths.js:415:19:415:22 | path | semmle.label | path | | normalizedPaths.js:426:21:426:24 | path | semmle.label | path | +| open.js:7:11:7:31 | file | semmle.label | file | +| open.js:7:18:7:31 | req.query.file | semmle.label | req.query.file | +| open.js:9:10:9:13 | file | semmle.label | file | +| open.js:10:13:10:16 | file | semmle.label | file | | other-fs-libraries.js:9:7:9:48 | path | semmle.label | path | | other-fs-libraries.js:9:14:9:37 | url.par ... , true) | semmle.label | url.par ... , true) | | other-fs-libraries.js:9:14:9:43 | url.par ... ).query | semmle.label | url.par ... ).query | diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/open.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/open.js index 10077281b3a..ce93d6284a2 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/open.js +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/open.js @@ -4,8 +4,8 @@ const express = require('express'); const app = express(); app.get('/open', (req, res) => { - const file = req.query.file; // $ MISSING: Source + const file = req.query.file; // $ Source - open(file); // $ MISSING: Alert - openApp(file); // $ MISSING: Alert + open(file); // $ Alert + openApp(file); // $ Alert }); From 4a4d78bbdef1eb882e0a0fec36281f1e4da31f97 Mon Sep 17 00:00:00 2001 From: Napalys Date: Tue, 8 Apr 2025 08:12:42 +0200 Subject: [PATCH 303/409] Added change note --- javascript/ql/lib/change-notes/2025-04-07-open-package.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 javascript/ql/lib/change-notes/2025-04-07-open-package.md diff --git a/javascript/ql/lib/change-notes/2025-04-07-open-package.md b/javascript/ql/lib/change-notes/2025-04-07-open-package.md new file mode 100644 index 00000000000..a4c02f0d6d9 --- /dev/null +++ b/javascript/ql/lib/change-notes/2025-04-07-open-package.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Added support for the `open` package. From 15606dd89414e44f2265e928aa0b8b3e9983d030 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Tue, 8 Apr 2025 08:20:54 +0200 Subject: [PATCH 304/409] Bazel: update to 8.1.1 --- .bazelversion | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.bazelversion b/.bazelversion index ae9a76b9249..0e79152459e 100644 --- a/.bazelversion +++ b/.bazelversion @@ -1 +1 @@ -8.0.0 +8.1.1 From fd3dcb2d00ab4b6eb345ba88b0ebd076fff08c16 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 8 Apr 2025 09:27:02 +0100 Subject: [PATCH 305/409] Rust: More precise imports. --- rust/ql/src/queries/diagnostics/SsaConsistencyCounts.ql | 4 ++-- rust/ql/src/queries/summary/Stats.qll | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/rust/ql/src/queries/diagnostics/SsaConsistencyCounts.ql b/rust/ql/src/queries/diagnostics/SsaConsistencyCounts.ql index 287f14f9707..7b79a275f0a 100644 --- a/rust/ql/src/queries/diagnostics/SsaConsistencyCounts.ql +++ b/rust/ql/src/queries/diagnostics/SsaConsistencyCounts.ql @@ -5,10 +5,10 @@ * @id rust/diagnostics/ssa-consistency-counts */ -private import codeql.rust.dataflow.internal.SsaImpl as SsaImpl +private import codeql.rust.dataflow.internal.SsaImpl::Consistency as SsaConsistency // see also `rust/diagnostics/ssa-consistency`, which lists the // individual inconsistency results. from string type, int num -where num = SsaImpl::Consistency::getInconsistencyCounts(type) +where num = SsaConsistency::getInconsistencyCounts(type) select type, num diff --git a/rust/ql/src/queries/summary/Stats.qll b/rust/ql/src/queries/summary/Stats.qll index a2e9c93af7c..17ce97871d0 100644 --- a/rust/ql/src/queries/summary/Stats.qll +++ b/rust/ql/src/queries/summary/Stats.qll @@ -10,7 +10,7 @@ private import codeql.rust.internal.AstConsistency as AstConsistency private import codeql.rust.internal.PathResolutionConsistency as PathResolutionConsistency private import codeql.rust.controlflow.internal.CfgConsistency as CfgConsistency private import codeql.rust.dataflow.internal.DataFlowConsistency as DataFlowConsistency -private import codeql.rust.dataflow.internal.SsaImpl as SsaImpl +private import codeql.rust.dataflow.internal.SsaImpl::Consistency as SsaConsistency private import codeql.rust.Concepts private import codeql.rust.Diagnostics private import codeql.rust.security.SensitiveData @@ -62,7 +62,7 @@ int getTotalCfgInconsistencies() { * Gets a count of the total number of SSA inconsistencies in the database. */ int getTotalSsaInconsistencies() { - result = sum(string type | | SsaImpl::Consistency::getInconsistencyCounts(type)) + result = sum(string type | | SsaConsistency::getInconsistencyCounts(type)) } /** From 10ad5780b5d83a6af212552021008ea6cf5eab5a Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 8 Apr 2025 09:03:12 +0100 Subject: [PATCH 306/409] Rust: Try a different toolchain version to fix the test in CI? --- rust/ql/test/query-tests/security/CWE-770/rust-toolchain.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rust/ql/test/query-tests/security/CWE-770/rust-toolchain.toml b/rust/ql/test/query-tests/security/CWE-770/rust-toolchain.toml index afeb5929325..5d56faf9ae0 100644 --- a/rust/ql/test/query-tests/security/CWE-770/rust-toolchain.toml +++ b/rust/ql/test/query-tests/security/CWE-770/rust-toolchain.toml @@ -1,2 +1,2 @@ [toolchain] -channel = "nightly-2025-03-17" +channel = "nightly" From 7459548118699421b25aed08fd8adb23098e3f89 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Tue, 8 Apr 2025 11:49:16 +0200 Subject: [PATCH 307/409] Rust: Cache tweaks --- .../rust/dataflow/internal/DataFlowImpl.qll | 2 + .../rust/elements/internal/AstNodeImpl.qll | 1 + .../rust/elements/internal/VariableImpl.qll | 88 ++++++++++++------- .../lib/codeql/rust/internal/CachedStages.qll | 4 + .../codeql/rust/internal/PathResolution.qll | 7 +- 5 files changed, 69 insertions(+), 33 deletions(-) diff --git a/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll b/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll index 91af72fce4e..4376df7caf8 100644 --- a/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll +++ b/rust/ql/lib/codeql/rust/dataflow/internal/DataFlowImpl.qll @@ -846,9 +846,11 @@ module RustDataFlow implements InputSig { /** Provides logic related to captured variables. */ module VariableCapture { + private import codeql.rust.internal.CachedStages private import codeql.dataflow.VariableCapture as SharedVariableCapture private predicate closureFlowStep(ExprCfgNode e1, ExprCfgNode e2) { + Stages::DataFlowStage::ref() and e1 = getALastEvalNode(e2) or exists(Ssa::Definition def | diff --git a/rust/ql/lib/codeql/rust/elements/internal/AstNodeImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/AstNodeImpl.qll index c33b1f3dd6e..dea172a7266 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/AstNodeImpl.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/AstNodeImpl.qll @@ -33,6 +33,7 @@ module Impl { * Gets the nearest enclosing parent of this node, which is also an `AstNode`, * if any. */ + cached AstNode getParentNode() { result = getParentOfAstStep*(getImmediateParent(this)) } /** Gets the immediately enclosing callable of this node, if any. */ diff --git a/rust/ql/lib/codeql/rust/elements/internal/VariableImpl.qll b/rust/ql/lib/codeql/rust/elements/internal/VariableImpl.qll index 88a1b815f6b..9bb2029cd44 100644 --- a/rust/ql/lib/codeql/rust/elements/internal/VariableImpl.qll +++ b/rust/ql/lib/codeql/rust/elements/internal/VariableImpl.qll @@ -68,36 +68,36 @@ module Impl { * where `definingNode` is the entire `Either::Left(x) | Either::Right(x)` * pattern. */ + cached private predicate variableDecl(AstNode definingNode, Name name, string text) { - ( - exists(SelfParam sp | - name = sp.getName() and - definingNode = name and - text = name.getText() and - // exclude self parameters from functions without a body as these are - // trait method declarations without implementations - not exists(Function f | not f.hasBody() and f.getParamList().getSelfParam() = sp) - ) - or - exists(IdentPat pat | - name = pat.getName() and - ( - definingNode = getOutermostEnclosingOrPat(pat) - or - not exists(getOutermostEnclosingOrPat(pat)) and definingNode = name - ) and - text = name.getText() and - // exclude for now anything starting with an uppercase character, which may be a reference to - // an enum constant (e.g. `None`). This excludes static and constant variables (UPPERCASE), - // which we don't appear to recognize yet anyway. This also assumes programmers follow the - // naming guidelines, which they generally do, but they're not enforced. - not text.charAt(0).isUppercase() and - // exclude parameters from functions without a body as these are trait method declarations - // without implementations - not exists(Function f | not f.hasBody() and f.getParamList().getAParam().getPat() = pat) and - // exclude parameters from function pointer types (e.g. `x` in `fn(x: i32) -> i32`) - not exists(FnPtrTypeRepr fp | fp.getParamList().getParam(_).getPat() = pat) - ) + Cached::ref() and + exists(SelfParam sp | + name = sp.getName() and + definingNode = name and + text = name.getText() and + // exclude self parameters from functions without a body as these are + // trait method declarations without implementations + not exists(Function f | not f.hasBody() and f.getParamList().getSelfParam() = sp) + ) + or + exists(IdentPat pat | + name = pat.getName() and + ( + definingNode = getOutermostEnclosingOrPat(pat) + or + not exists(getOutermostEnclosingOrPat(pat)) and definingNode = name + ) and + text = name.getText() and + // exclude for now anything starting with an uppercase character, which may be a reference to + // an enum constant (e.g. `None`). This excludes static and constant variables (UPPERCASE), + // which we don't appear to recognize yet anyway. This also assumes programmers follow the + // naming guidelines, which they generally do, but they're not enforced. + not text.charAt(0).isUppercase() and + // exclude parameters from functions without a body as these are trait method declarations + // without implementations + not exists(Function f | not f.hasBody() and f.getParamList().getAParam().getPat() = pat) and + // exclude parameters from function pointer types (e.g. `x` in `fn(x: i32) -> i32`) + not exists(FnPtrTypeRepr fp | fp.getParamList().getParam(_).getPat() = pat) ) } @@ -156,8 +156,12 @@ module Impl { predicate isCaptured() { this.getAnAccess().isCapture() } /** Gets the parameter that introduces this variable, if any. */ + cached ParamBase getParameter() { - result = this.getSelfParam() or result.(Param).getPat() = getAVariablePatAncestor(this) + Cached::ref() and + result = this.getSelfParam() + or + result.(Param).getPat() = getAVariablePatAncestor(this) } /** Hold is this variable is mutable. */ @@ -614,12 +618,18 @@ module Impl { /** A variable write. */ class VariableWriteAccess extends VariableAccess { - VariableWriteAccess() { assignmentExprDescendant(this) } + cached + VariableWriteAccess() { + Cached::ref() and + assignmentExprDescendant(this) + } } /** A variable read. */ class VariableReadAccess extends VariableAccess { + cached VariableReadAccess() { + Cached::ref() and not this instanceof VariableWriteAccess and not this = any(RefExpr re).getExpr() and not this = any(CompoundAssignmentExpr cae).getLhs() @@ -638,6 +648,22 @@ module Impl { cached private module Cached { + cached + predicate ref() { 1 = 1 } + + cached + predicate backref() { + 1 = 1 + or + variableDecl(_, _, _) + or + exists(VariableReadAccess a) + or + exists(VariableWriteAccess a) + or + exists(any(Variable v).getParameter()) + } + cached newtype TVariable = MkVariable(AstNode definingNode, string name) { variableDecl(definingNode, _, name) } diff --git a/rust/ql/lib/codeql/rust/internal/CachedStages.qll b/rust/ql/lib/codeql/rust/internal/CachedStages.qll index 41e81919569..4041b2731f9 100644 --- a/rust/ql/lib/codeql/rust/internal/CachedStages.qll +++ b/rust/ql/lib/codeql/rust/internal/CachedStages.qll @@ -123,6 +123,10 @@ module Stages { exists(any(ItemNode i).getASuccessor(_)) or exists(any(ItemNode i).getASuccessorRec(_)) + or + exists(any(ImplOrTraitItemNode i).getASelfPath()) + or + any(TypeParamItemNode i).hasTraitBound() } } diff --git a/rust/ql/lib/codeql/rust/internal/PathResolution.qll b/rust/ql/lib/codeql/rust/internal/PathResolution.qll index 91d7e87704c..f7f67311ca4 100644 --- a/rust/ql/lib/codeql/rust/internal/PathResolution.qll +++ b/rust/ql/lib/codeql/rust/internal/PathResolution.qll @@ -384,7 +384,9 @@ abstract class ImplOrTraitItemNode extends ItemNode { } /** Gets a `Self` path that refers to this item. */ + cached Path getASelfPath() { + Stages::PathResolutionStage::ref() and isUnqualifiedSelfPath(result) and this = unqualifiedPathLookup(result, _) } @@ -578,7 +580,7 @@ private class BlockExprItemNode extends ItemNode instanceof BlockExpr { override TypeParam getTypeParam(int i) { none() } } -private class TypeParamItemNode extends ItemNode instanceof TypeParam { +class TypeParamItemNode extends ItemNode instanceof TypeParam { pragma[nomagic] Path getABoundPath() { result = super.getTypeBoundList().getABound().getTypeRepr().(PathTypeRepr).getPath() @@ -598,8 +600,9 @@ private class TypeParamItemNode extends ItemNode instanceof TypeParam { * impl Foo where T: Trait { ... } // has trait bound * ``` */ - pragma[nomagic] + cached predicate hasTraitBound() { + Stages::PathResolutionStage::ref() and exists(this.getABoundPath()) or exists(ItemNode declaringItem, WherePred wp | From 7798b716ff73b9a762e622a0bbf79a29fad0968e Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Tue, 8 Apr 2025 12:04:12 +0100 Subject: [PATCH 308/409] Go: Fix `err` instead of `decErr` in `GetPkgsInfo` --- go/extractor/toolchain/toolchain.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/go/extractor/toolchain/toolchain.go b/go/extractor/toolchain/toolchain.go index 119e3782f6f..8abe93ba096 100644 --- a/go/extractor/toolchain/toolchain.go +++ b/go/extractor/toolchain/toolchain.go @@ -259,7 +259,7 @@ func GetPkgsInfo(patterns []string, includingDeps bool, extractTests bool, flags break } if decErr != nil { - log.Printf("Error decoding output of go list -json: %s", err.Error()) + log.Printf("Error decoding output of go list -json: %s", decErr.Error()) return nil, decErr } pkgAbsDir, err := filepath.Abs(pkgInfo.Dir) From 2e1b8b8b0e8ec208831259e7c2ae15b2972a1fed Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Tue, 8 Apr 2025 13:10:52 +0200 Subject: [PATCH 309/409] Rust: Fix bad join in `unqualifiedPathLookup` Before ``` Pipeline standard for PathResolution::unqualifiedPathLookup/2#6b171b76#reorder_2_0_1@822d53wq was evaluated in 61 iterations totaling 118ms (delta sizes total: 131072). 606491 ~0% {4} r1 = SCAN `PathResolution::getASuccessor/3#febac7bd#prev_delta` OUTPUT In.1, In.2, In.0, In.3 106457 ~1% {3} | JOIN WITH `PathResolution::unqualifiedPathLookup/4#e32cdfce_1230#join_rhs` ON FIRST 3 OUTPUT Lhs.3, Rhs.3, Lhs.1 606491 ~2% {4} r2 = SCAN `PathResolution::getASuccessor/3#febac7bd#prev_delta` OUTPUT In.0, In.2, In.3, In.1 19261 ~0% {4} r3 = JOIN r2 WITH `PathResolution::ModuleLikeNode.isRoot/0#dispred#21662e64` ON FIRST 1 OUTPUT Lhs.3, Lhs.0, Lhs.1, Lhs.2 42776643 ~1% {4} r4 = JOIN r2 WITH `doublyBoundedFastTC@PathResolution::hasChild/2#6b318d51#2@PathResolution::isRoot/1#a01ce5c3#1@PathResolution::hasCratePath/1#73ea688d#1` ON FIRST 1 OUTPUT Lhs.3, Rhs.1, Lhs.1, Lhs.2 42795904 ~1% {4} r5 = r3 UNION r4 24921 ~6% {3} | JOIN WITH `PathResolution::RelevantPath.isCratePath/2#e595e892_120#join_rhs` ON FIRST 2 OUTPUT Lhs.3, Rhs.2, Lhs.2 131378 ~2% {3} r6 = r1 UNION r5 131072 ~2% {3} | AND NOT `PathResolution::unqualifiedPathLookup/2#6b171b76#reorder_2_0_1#prev`(FIRST 3) return r6 ``` After ``` Pipeline standard for PathResolution::unqualifiedPathLookup/2#6b171b76#reorder_2_0_1@0553a4wi was evaluated in 66 iterations totaling 10ms (delta sizes total: 131072). 610251 ~0% {4} r1 = SCAN `PathResolution::getASuccessor/3#febac7bd#prev_delta` OUTPUT In.1, In.2, In.0, In.3 131378 ~0% {3} | JOIN WITH `PathResolution::unqualifiedPathLookup1/4#781de0cd_1230#join_rhs` ON FIRST 3 OUTPUT Lhs.3, Rhs.3, Lhs.1 131072 ~0% {3} | AND NOT `PathResolution::unqualifiedPathLookup/2#6b171b76#reorder_2_0_1#prev`(FIRST 3) return r1 ``` --- .../codeql/rust/internal/PathResolution.qll | 29 ++++++++++--------- 1 file changed, 16 insertions(+), 13 deletions(-) diff --git a/rust/ql/lib/codeql/rust/internal/PathResolution.qll b/rust/ql/lib/codeql/rust/internal/PathResolution.qll index 91d7e87704c..74f03e3f609 100644 --- a/rust/ql/lib/codeql/rust/internal/PathResolution.qll +++ b/rust/ql/lib/codeql/rust/internal/PathResolution.qll @@ -882,20 +882,24 @@ private predicate hasChild(ItemNode parent, ItemNode child) { child.getImmediate private predicate rootHasCratePathTc(ItemNode i1, ItemNode i2) = doublyBoundedFastTC(hasChild/2, isRoot/1, hasCratePath/1)(i1, i2) +pragma[nomagic] +private predicate unqualifiedPathLookup1(RelevantPath p, string name, Namespace ns, ItemNode encl) { + unqualifiedPathLookup(p, name, ns, encl) + or + // For `($)crate`, jump directly to the root module + exists(ItemNode i | p.isCratePath(name, i) | + encl.(ModuleLikeNode).isRoot() and + encl = i + or + rootHasCratePathTc(encl, i) + ) +} + pragma[nomagic] private ItemNode unqualifiedPathLookup(RelevantPath path, Namespace ns) { exists(ItemNode encl, string name | - result = getASuccessor(encl, pragma[only_bind_into](name), ns) - | - unqualifiedPathLookup(path, name, ns, encl) - or - // For `($)crate`, jump directly to the root module - exists(ItemNode i | path.isCratePath(pragma[only_bind_into](name), i) | - encl.(ModuleLikeNode).isRoot() and - encl = i - or - rootHasCratePathTc(encl, i) - ) + result = getASuccessor(encl, name, ns) and + unqualifiedPathLookup1(path, name, ns, encl) ) } @@ -916,8 +920,7 @@ private ItemNode resolvePath0(RelevantPath path, Namespace ns) { or exists(ItemNode q, string name | q = resolvePathQualifier(path, name) and - result = q.getASuccessor(name) and - ns = result.getNamespace() + result = getASuccessor(q, name, ns) ) or result = resolveUseTreeListItem(_, _, path) and From 95add2f60bc474b69625a1394c12f4b2a4822b0b Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Tue, 8 Apr 2025 13:11:32 +0200 Subject: [PATCH 310/409] Rust: Fix bad join in `getAPrivateVisibleModule` Before ``` Pipeline standard for PathResolution::getAPrivateVisibleModule/1#3829a5ee@822d5hwq was evaluated in 24 iterations totaling 16ms (delta sizes total: 4843). 105047 ~63652% {2} r1 = SCAN `PathResolution::resolvePathPrivate/3#56db2cdf#reorder_1_2_0_3#prev_delta` OUTPUT In.0, In.0 69 ~0% {2} r2 = JOIN `#PathResolution::ItemNode.getImmediateParentModule/0#dispred#57c4c6d5Plus#bf#reorder_1_0#prev_delta` WITH `PathResolution::resolvePathPrivate/3#56db2cdf#reorder_1_2_0_3#prev` ON FIRST 1 OUTPUT Lhs.0, Lhs.1 5766690 ~148309% {2} r3 = JOIN `PathResolution::resolvePathPrivate/3#56db2cdf#reorder_1_2_0_3#prev_delta` WITH `#PathResolution::ItemNode.getImmediateParentModule/0#dispred#57c4c6d5Plus#bf#reorder_1_0#prev` ON FIRST 1 OUTPUT Lhs.0, Rhs.1 5871806 ~143984% {2} r4 = r1 UNION r2 UNION r3 6859 ~148% {2} | AND NOT `PathResolution::getAPrivateVisibleModule/1#3829a5ee#prev`(FIRST 2) return r4 ``` After ``` Pipeline standard for PathResolution::getAPrivateVisibleModule/1#3829a5ee@5edefhwp was evaluated in 12 iterations totaling 0ms (delta sizes total: 3515). 339 ~1% {2} r1 = SCAN `PathResolution::isItemParent/1#d5e587d6#prev_delta` OUTPUT In.0, In.0 3130 ~0% {2} r2 = JOIN `PathResolution::isItemParent/1#d5e587d6#prev_delta` WITH `#PathResolution::ItemNode.getImmediateParentModule/0#dispred#57c4c6d5Plus#bf#reorder_1_0#prev` ON FIRST 1 OUTPUT Lhs.0, Rhs.1 46 ~0% {2} r3 = JOIN `#PathResolution::ItemNode.getImmediateParentModule/0#dispred#57c4c6d5Plus#bf#reorder_1_0#prev_delta` WITH `PathResolution::isItemParent/1#d5e587d6#prev` ON FIRST 1 OUTPUT Lhs.0, Lhs.1 3515 ~2% {2} r4 = r1 UNION r2 UNION r3 3515 ~2% {2} | AND NOT `PathResolution::getAPrivateVisibleModule/1#3829a5ee#prev`(FIRST 2) return r4 ``` --- rust/ql/lib/codeql/rust/internal/PathResolution.qll | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/rust/ql/lib/codeql/rust/internal/PathResolution.qll b/rust/ql/lib/codeql/rust/internal/PathResolution.qll index 74f03e3f609..fca46835959 100644 --- a/rust/ql/lib/codeql/rust/internal/PathResolution.qll +++ b/rust/ql/lib/codeql/rust/internal/PathResolution.qll @@ -981,6 +981,11 @@ private ItemNode resolvePathPrivate( ) } +pragma[nomagic] +private predicate isItemParent(ModuleLikeNode itemParent) { + exists(resolvePathPrivate(_, itemParent, _)) +} + /** * Gets a module that has access to private items defined inside `itemParent`. * @@ -991,7 +996,7 @@ private ItemNode resolvePathPrivate( */ pragma[nomagic] private ModuleLikeNode getAPrivateVisibleModule(ModuleLikeNode itemParent) { - exists(resolvePathPrivate(_, itemParent, _)) and + isItemParent(itemParent) and result.getImmediateParentModule*() = itemParent } From b5e1b255534d3fb69c3f8c2a1f959f2811e8ecc0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=93scar=20San=20Jos=C3=A9?= Date: Tue, 8 Apr 2025 13:51:09 +0200 Subject: [PATCH 311/409] use sudo nice for running maven test server --- .../java/buildless-inherit-trust-store/test.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/java/ql/integration-tests/java/buildless-inherit-trust-store/test.py b/java/ql/integration-tests/java/buildless-inherit-trust-store/test.py index b69070ddf81..b067844b7a4 100644 --- a/java/ql/integration-tests/java/buildless-inherit-trust-store/test.py +++ b/java/ql/integration-tests/java/buildless-inherit-trust-store/test.py @@ -1,10 +1,15 @@ import subprocess import os +import runs_on def test(codeql, java, cwd): # This serves the "repo" directory on https://locahost:4443 - repo_server_process = subprocess.Popen(["python3", "../server.py"], cwd="repo") + command = ["python3", "../server.py"] + if runs_on.github_actions and runs_on.posix: + # On GitHub Actions, we try to run the server with higher priority + command = ["sudo", "nice", "-n", "10"] + command + repo_server_process = subprocess.Popen(command, cwd="repo") certspath = cwd / "jdk8_shipped_cacerts_plus_cert_pem" # If we override MAVEN_OPTS, we'll break cross-test maven isolation, so we need to append to it instead maven_opts = os.environ["MAVEN_OPTS"] + f" -Djavax.net.ssl.trustStore={certspath}" From e49fb839b8e3fa08555da5457599eb9a8216f663 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=93scar=20San=20Jos=C3=A9?= Date: Tue, 8 Apr 2025 15:28:18 +0200 Subject: [PATCH 312/409] Update java/ql/integration-tests/java/buildless-inherit-trust-store/test.py Co-authored-by: Paolo Tranquilli --- .../java/buildless-inherit-trust-store/test.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/ql/integration-tests/java/buildless-inherit-trust-store/test.py b/java/ql/integration-tests/java/buildless-inherit-trust-store/test.py index b067844b7a4..000ca3e86eb 100644 --- a/java/ql/integration-tests/java/buildless-inherit-trust-store/test.py +++ b/java/ql/integration-tests/java/buildless-inherit-trust-store/test.py @@ -8,7 +8,7 @@ def test(codeql, java, cwd): command = ["python3", "../server.py"] if runs_on.github_actions and runs_on.posix: # On GitHub Actions, we try to run the server with higher priority - command = ["sudo", "nice", "-n", "10"] + command + command = ["sudo"] + command repo_server_process = subprocess.Popen(command, cwd="repo") certspath = cwd / "jdk8_shipped_cacerts_plus_cert_pem" # If we override MAVEN_OPTS, we'll break cross-test maven isolation, so we need to append to it instead From 3b56f954804fae1b0e28747b353acc555441253b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=93scar=20San=20Jos=C3=A9?= Date: Tue, 8 Apr 2025 16:19:33 +0200 Subject: [PATCH 313/409] use only sudo for running maven test server (remove nice) --- .../java/buildless-snapshot-repository/test.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/ql/integration-tests/java/buildless-snapshot-repository/test.py b/java/ql/integration-tests/java/buildless-snapshot-repository/test.py index 2241f2917b9..3a45161a56a 100644 --- a/java/ql/integration-tests/java/buildless-snapshot-repository/test.py +++ b/java/ql/integration-tests/java/buildless-snapshot-repository/test.py @@ -7,7 +7,7 @@ def test(codeql, java): command = ["python3", "-m", "http.server", "9427", "-b", "localhost"] if runs_on.github_actions and runs_on.posix: # On GitHub Actions, we try to run the server with higher priority - command = ["sudo", "nice", "-n", "10"] + command + command = ["sudo"] + command repo_server_process = subprocess.Popen( command, cwd="repo" ) From 1eb4a1aa811e726ac7ea3fb950d673868622ff11 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=93scar=20San=20Jos=C3=A9?= Date: Tue, 8 Apr 2025 16:29:16 +0200 Subject: [PATCH 314/409] Update java/ql/integration-tests/java/buildless-snapshot-repository/test.py Co-authored-by: Paolo Tranquilli --- .../java/buildless-snapshot-repository/test.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/java/ql/integration-tests/java/buildless-snapshot-repository/test.py b/java/ql/integration-tests/java/buildless-snapshot-repository/test.py index 3a45161a56a..a4814e1f8a1 100644 --- a/java/ql/integration-tests/java/buildless-snapshot-repository/test.py +++ b/java/ql/integration-tests/java/buildless-snapshot-repository/test.py @@ -6,7 +6,8 @@ def test(codeql, java): # This serves the "repo" directory on http://localhost:9427 command = ["python3", "-m", "http.server", "9427", "-b", "localhost"] if runs_on.github_actions and runs_on.posix: - # On GitHub Actions, we try to run the server with higher priority + # On GitHub Actions, we saw the server timing out while running in parallel with other tests + # we work around that by running it with higher permissions command = ["sudo"] + command repo_server_process = subprocess.Popen( command, cwd="repo" From afe3e5332f89deee3628d29593bc8b510d55a35c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=93scar=20San=20Jos=C3=A9?= Date: Tue, 8 Apr 2025 16:29:23 +0200 Subject: [PATCH 315/409] Update java/ql/integration-tests/java/buildless-inherit-trust-store/test.py Co-authored-by: Paolo Tranquilli --- .../java/buildless-inherit-trust-store/test.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/java/ql/integration-tests/java/buildless-inherit-trust-store/test.py b/java/ql/integration-tests/java/buildless-inherit-trust-store/test.py index 000ca3e86eb..93a527620e1 100644 --- a/java/ql/integration-tests/java/buildless-inherit-trust-store/test.py +++ b/java/ql/integration-tests/java/buildless-inherit-trust-store/test.py @@ -7,7 +7,8 @@ def test(codeql, java, cwd): # This serves the "repo" directory on https://locahost:4443 command = ["python3", "../server.py"] if runs_on.github_actions and runs_on.posix: - # On GitHub Actions, we try to run the server with higher priority + # On GitHub Actions, we saw the server timing out while running in parallel with other tests + # we work around that by running it with higher permissions command = ["sudo"] + command repo_server_process = subprocess.Popen(command, cwd="repo") certspath = cwd / "jdk8_shipped_cacerts_plus_cert_pem" From 259a09386e4b42981dd3536e90c9d900a1e10264 Mon Sep 17 00:00:00 2001 From: Tamas Vajk Date: Tue, 8 Apr 2025 09:17:41 +0200 Subject: [PATCH 316/409] Move query suite selector logic to security-and-quality-suite --- .../java-security-and-quality.qls | 160 +++++++++++++++++- 1 file changed, 158 insertions(+), 2 deletions(-) diff --git a/java/ql/src/codeql-suites/java-security-and-quality.qls b/java/ql/src/codeql-suites/java-security-and-quality.qls index 2b9ca6c132f..6b1897cc506 100644 --- a/java/ql/src/codeql-suites/java-security-and-quality.qls +++ b/java/ql/src/codeql-suites/java-security-and-quality.qls @@ -1,4 +1,160 @@ - description: Security-and-quality queries for Java - queries: . -- apply: security-and-quality-selectors.yml - from: codeql/suite-helpers +- include: + kind: + - problem + - path-problem + precision: + - high + - very-high +- include: + kind: + - problem + - path-problem + precision: medium + problem.severity: + - error + - warning +- include: + kind: + - diagnostic +- include: + kind: + - metric + tags contain: + - summary +- exclude: + deprecated: // +- exclude: + query path: + - /^experimental\/.*/ + - Metrics/Summaries/FrameworkCoverage.ql + - /Diagnostics/Internal/.*/ +- exclude: + tags contain: + - modeleditor + - modelgenerator + + +java/abs-of-random +java/abstract-to-concrete-cast +java/call-to-object-tostring +java/call-to-thread-run +java/chained-type-tests +java/class-name-matches-super-class +java/comparison-of-identical-expressions +java/comparison-with-nan +java/confusing-method-name +java/confusing-method-signature +java/constant-comparison +java/constant-loop-condition +java/constants-only-interface +java/continue-in-false-loop +java/contradictory-type-checks +java/database-resource-leak +java/deprecated-call +java/dereferenced-expr-may-be-null +java/dereferenced-value-is-always-null +java/dereferenced-value-may-be-null +java/empty-container +java/empty-zip-file-entry +java/equals-on-arrays +java/equals-on-unrelated-types +java/equals-typo +java/evaluation-to-constant +java/field-masks-super-field +java/hashcode-typo +java/hashing-without-hashcode +java/ignored-error-status-of-call +java/implicit-cast-in-compound-assignment +java/inconsistent-compareto-and-equals +java/inconsistent-equals-and-hashcode +java/inconsistent-javadoc-throws +java/inconsistent-sync-writeobject +java/incorrect-serial-version-uid +java/index-out-of-bounds +java/ineffective-annotation-present-check +java/inefficient-boxed-constructor +java/inefficient-empty-string-test +java/inefficient-key-set-iterator +java/inefficient-output-stream +java/inefficient-string-constructor +java/input-resource-leak +java/integer-multiplication-cast-to-long +java/internal-representation-exposure +java/iterable-wraps-iterator +java/iterator-hasnext-calls-next +java/iterator-implements-iterable +java/iterator-remove-failure +java/jdk-internal-api-access +java/local-shadows-field +java/local-variable-is-never-read +java/lshift-larger-than-type-width +java/misleading-indentation +java/missing-call-to-super-clone +java/missing-case-in-switch +java/missing-clone-method +java/missing-format-argument +java/missing-no-arg-constructor-on-externalizable +java/missing-no-arg-constructor-on-serializable +java/missing-override-annotation +java/missing-space-in-concatenation +java/missing-super-finalize +java/multiplication-of-remainder +java/non-final-call-in-constructor +java/non-null-boxed-variable +java/non-overriding-package-private +java/non-serializable-inner-class +java/non-short-circuit-evaluation +java/non-static-nested-class +java/non-sync-override +java/notify-instead-of-notify-all +java/output-resource-leak +java/print-array +java/random-used-once +java/redundant-assignment +java/reference-equality-of-boxed-types +java/reference-equality-on-strings +java/run-finalizers-on-exit +java/sleep-with-lock-held +java/spin-on-field +java/string-buffer-char-init +java/subtle-inherited-call +java/suspicious-date-format +java/sync-on-boxed-types +java/test-for-negative-container-size +java/thread-start-in-constructor +java/thread-unsafe-dateformat +java/tostring-typo +java/type-bound-extends-final +java/type-mismatch-access +java/type-mismatch-modification +java/type-variable-hides-type +java/uncaught-number-format-exception +java/unchecked-cast-in-equals +java/underscore-identifier +java/unimplementable-interface +java/unknown-javadoc-parameter +java/unreachable-catch-clause +java/unreleased-lock +java/unsafe-double-checked-locking +java/unsafe-double-checked-locking-init-order +java/unsafe-get-resource +java/unsafe-sync-on-field +java/unsynchronized-getter +java/unused-container +java/unused-format-argument +java/unused-label +java/unused-parameter +java/unused-reference-type +java/useless-null-check +java/useless-tostring-call +java/useless-type-test +java/wait-on-condition-interface +java/whitespace-contradicts-precedence +java/wrong-compareto-signature +java/wrong-equals-signature +java/wrong-junit-suite-signature +java/wrong-object-serialization-signature +java/wrong-readresolve-signature +java/wrong-swing-event-adapter-signature From 6abff483da26ce10b9665896611b2056a6286c01 Mon Sep 17 00:00:00 2001 From: Tamas Vajk Date: Tue, 8 Apr 2025 09:18:01 +0200 Subject: [PATCH 317/409] Java: Add explicit filtering for quality queries that should be included in security-and-quality --- .../java-security-and-quality.qls | 256 +++++++++--------- 1 file changed, 130 insertions(+), 126 deletions(-) diff --git a/java/ql/src/codeql-suites/java-security-and-quality.qls b/java/ql/src/codeql-suites/java-security-and-quality.qls index 6b1897cc506..91751e6da1b 100644 --- a/java/ql/src/codeql-suites/java-security-and-quality.qls +++ b/java/ql/src/codeql-suites/java-security-and-quality.qls @@ -7,14 +7,142 @@ precision: - high - very-high + tags contain: + - security - include: kind: - problem - path-problem precision: medium problem.severity: - - error - - warning + - error + - warning + tags contain: + - security +- include: + id: + - java/abs-of-random + - java/abstract-to-concrete-cast + - java/call-to-object-tostring + - java/call-to-thread-run + - java/chained-type-tests + - java/class-name-matches-super-class + - java/comparison-of-identical-expressions + - java/comparison-with-nan + - java/confusing-method-name + - java/confusing-method-signature + - java/constant-comparison + - java/constant-loop-condition + - java/constants-only-interface + - java/continue-in-false-loop + - java/contradictory-type-checks + - java/database-resource-leak + - java/deprecated-call + - java/dereferenced-expr-may-be-null + - java/dereferenced-value-is-always-null + - java/dereferenced-value-may-be-null + - java/empty-container + - java/empty-zip-file-entry + - java/equals-on-arrays + - java/equals-on-unrelated-types + - java/equals-typo + - java/evaluation-to-constant + - java/field-masks-super-field + - java/hashcode-typo + - java/hashing-without-hashcode + - java/ignored-error-status-of-call + - java/implicit-cast-in-compound-assignment + - java/inconsistent-compareto-and-equals + - java/inconsistent-equals-and-hashcode + - java/inconsistent-javadoc-throws + - java/inconsistent-sync-writeobject + - java/incorrect-serial-version-uid + - java/index-out-of-bounds + - java/ineffective-annotation-present-check + - java/inefficient-boxed-constructor + - java/inefficient-empty-string-test + - java/inefficient-key-set-iterator + - java/inefficient-output-stream + - java/inefficient-string-constructor + - java/input-resource-leak + - java/integer-multiplication-cast-to-long + - java/internal-representation-exposure + - java/iterable-wraps-iterator + - java/iterator-hasnext-calls-next + - java/iterator-implements-iterable + - java/iterator-remove-failure + - java/jdk-internal-api-access + - java/local-shadows-field + - java/local-variable-is-never-read + - java/lshift-larger-than-type-width + - java/misleading-indentation + - java/missing-call-to-super-clone + - java/missing-case-in-switch + - java/missing-clone-method + - java/missing-format-argument + - java/missing-no-arg-constructor-on-externalizable + - java/missing-no-arg-constructor-on-serializable + - java/missing-override-annotation + - java/missing-space-in-concatenation + - java/missing-super-finalize + - java/multiplication-of-remainder + - java/non-final-call-in-constructor + - java/non-null-boxed-variable + - java/non-overriding-package-private + - java/non-serializable-inner-class + - java/non-short-circuit-evaluation + - java/non-static-nested-class + - java/non-sync-override + - java/notify-instead-of-notify-all + - java/output-resource-leak + - java/print-array + - java/random-used-once + - java/redundant-assignment + - java/reference-equality-of-boxed-types + - java/reference-equality-on-strings + - java/run-finalizers-on-exit + - java/sleep-with-lock-held + - java/spin-on-field + - java/string-buffer-char-init + - java/subtle-inherited-call + - java/suspicious-date-format + - java/sync-on-boxed-types + - java/test-for-negative-container-size + - java/thread-start-in-constructor + - java/thread-unsafe-dateformat + - java/tostring-typo + - java/type-bound-extends-final + - java/type-mismatch-access + - java/type-mismatch-modification + - java/type-variable-hides-type + - java/uncaught-number-format-exception + - java/unchecked-cast-in-equals + - java/underscore-identifier + - java/unimplementable-interface + - java/unknown-javadoc-parameter + - java/unreachable-catch-clause + - java/unreleased-lock + - java/unsafe-double-checked-locking + - java/unsafe-double-checked-locking-init-order + - java/unsafe-get-resource + - java/unsafe-sync-on-field + - java/unsynchronized-getter + - java/unused-container + - java/unused-format-argument + - java/unused-label + - java/unused-parameter + - java/unused-reference-type + - java/useless-null-check + - java/useless-tostring-call + - java/useless-type-test + - java/wait-on-condition-interface + - java/whitespace-contradicts-precedence + - java/wrong-compareto-signature + - java/wrong-equals-signature + - java/wrong-junit-suite-signature + - java/wrong-object-serialization-signature + - java/wrong-readresolve-signature + - java/wrong-swing-event-adapter-signature - include: kind: - diagnostic @@ -34,127 +162,3 @@ tags contain: - modeleditor - modelgenerator - - -java/abs-of-random -java/abstract-to-concrete-cast -java/call-to-object-tostring -java/call-to-thread-run -java/chained-type-tests -java/class-name-matches-super-class -java/comparison-of-identical-expressions -java/comparison-with-nan -java/confusing-method-name -java/confusing-method-signature -java/constant-comparison -java/constant-loop-condition -java/constants-only-interface -java/continue-in-false-loop -java/contradictory-type-checks -java/database-resource-leak -java/deprecated-call -java/dereferenced-expr-may-be-null -java/dereferenced-value-is-always-null -java/dereferenced-value-may-be-null -java/empty-container -java/empty-zip-file-entry -java/equals-on-arrays -java/equals-on-unrelated-types -java/equals-typo -java/evaluation-to-constant -java/field-masks-super-field -java/hashcode-typo -java/hashing-without-hashcode -java/ignored-error-status-of-call -java/implicit-cast-in-compound-assignment -java/inconsistent-compareto-and-equals -java/inconsistent-equals-and-hashcode -java/inconsistent-javadoc-throws -java/inconsistent-sync-writeobject -java/incorrect-serial-version-uid -java/index-out-of-bounds -java/ineffective-annotation-present-check -java/inefficient-boxed-constructor -java/inefficient-empty-string-test -java/inefficient-key-set-iterator -java/inefficient-output-stream -java/inefficient-string-constructor -java/input-resource-leak -java/integer-multiplication-cast-to-long -java/internal-representation-exposure -java/iterable-wraps-iterator -java/iterator-hasnext-calls-next -java/iterator-implements-iterable -java/iterator-remove-failure -java/jdk-internal-api-access -java/local-shadows-field -java/local-variable-is-never-read -java/lshift-larger-than-type-width -java/misleading-indentation -java/missing-call-to-super-clone -java/missing-case-in-switch -java/missing-clone-method -java/missing-format-argument -java/missing-no-arg-constructor-on-externalizable -java/missing-no-arg-constructor-on-serializable -java/missing-override-annotation -java/missing-space-in-concatenation -java/missing-super-finalize -java/multiplication-of-remainder -java/non-final-call-in-constructor -java/non-null-boxed-variable -java/non-overriding-package-private -java/non-serializable-inner-class -java/non-short-circuit-evaluation -java/non-static-nested-class -java/non-sync-override -java/notify-instead-of-notify-all -java/output-resource-leak -java/print-array -java/random-used-once -java/redundant-assignment -java/reference-equality-of-boxed-types -java/reference-equality-on-strings -java/run-finalizers-on-exit -java/sleep-with-lock-held -java/spin-on-field -java/string-buffer-char-init -java/subtle-inherited-call -java/suspicious-date-format -java/sync-on-boxed-types -java/test-for-negative-container-size -java/thread-start-in-constructor -java/thread-unsafe-dateformat -java/tostring-typo -java/type-bound-extends-final -java/type-mismatch-access -java/type-mismatch-modification -java/type-variable-hides-type -java/uncaught-number-format-exception -java/unchecked-cast-in-equals -java/underscore-identifier -java/unimplementable-interface -java/unknown-javadoc-parameter -java/unreachable-catch-clause -java/unreleased-lock -java/unsafe-double-checked-locking -java/unsafe-double-checked-locking-init-order -java/unsafe-get-resource -java/unsafe-sync-on-field -java/unsynchronized-getter -java/unused-container -java/unused-format-argument -java/unused-label -java/unused-parameter -java/unused-reference-type -java/useless-null-check -java/useless-tostring-call -java/useless-type-test -java/wait-on-condition-interface -java/whitespace-contradicts-precedence -java/wrong-compareto-signature -java/wrong-equals-signature -java/wrong-junit-suite-signature -java/wrong-object-serialization-signature -java/wrong-readresolve-signature -java/wrong-swing-event-adapter-signature From e1633449077621942b87d28b1fef594f7bbbdce4 Mon Sep 17 00:00:00 2001 From: Tamas Vajk Date: Tue, 8 Apr 2025 17:06:46 +0200 Subject: [PATCH 318/409] Java: Add test to check queries not included in well-known query suites --- .../query-suite/not_included_in_qls.expected | 285 ++++++++++++++++++ .../java/query-suite/test.py | 32 +- 2 files changed, 309 insertions(+), 8 deletions(-) create mode 100644 java/ql/integration-tests/java/query-suite/not_included_in_qls.expected diff --git a/java/ql/integration-tests/java/query-suite/not_included_in_qls.expected b/java/ql/integration-tests/java/query-suite/not_included_in_qls.expected new file mode 100644 index 00000000000..38c0db1c66d --- /dev/null +++ b/java/ql/integration-tests/java/query-suite/not_included_in_qls.expected @@ -0,0 +1,285 @@ +ql/java/ql/src/Advisory/Declarations/NonFinalImmutableField.ql +ql/java/ql/src/Advisory/Declarations/NonPrivateField.ql +ql/java/ql/src/Advisory/Documentation/MissingJavadocMethods.ql +ql/java/ql/src/Advisory/Documentation/MissingJavadocParameters.ql +ql/java/ql/src/Advisory/Documentation/MissingJavadocReturnValues.ql +ql/java/ql/src/Advisory/Documentation/MissingJavadocThrows.ql +ql/java/ql/src/Advisory/Documentation/MissingJavadocTypes.ql +ql/java/ql/src/Advisory/Java Objects/AvoidCloneMethodAccess.ql +ql/java/ql/src/Advisory/Java Objects/AvoidCloneOverride.ql +ql/java/ql/src/Advisory/Java Objects/AvoidCloneableInterface.ql +ql/java/ql/src/Advisory/Java Objects/AvoidFinalizeOverride.ql +ql/java/ql/src/Advisory/Naming/NamingConventionsConstants.ql +ql/java/ql/src/Advisory/Naming/NamingConventionsMethods.ql +ql/java/ql/src/Advisory/Naming/NamingConventionsPackages.ql +ql/java/ql/src/Advisory/Naming/NamingConventionsRefTypes.ql +ql/java/ql/src/Advisory/Naming/NamingConventionsVariables.ql +ql/java/ql/src/Advisory/Statements/MissingDefaultInSwitch.ql +ql/java/ql/src/Advisory/Statements/OneStatementPerLine.ql +ql/java/ql/src/Advisory/Statements/TerminateIfElseIfWithElse.ql +ql/java/ql/src/Advisory/Types/GenericsConstructor.ql +ql/java/ql/src/Advisory/Types/GenericsReturnType.ql +ql/java/ql/src/Advisory/Types/GenericsVariable.ql +ql/java/ql/src/AlertSuppression.ql +ql/java/ql/src/AlertSuppressionAnnotations.ql +ql/java/ql/src/Architecture/Dependencies/MutualDependency.ql +ql/java/ql/src/Architecture/Dependencies/UnusedMavenDependencyBinary.ql +ql/java/ql/src/Architecture/Dependencies/UnusedMavenDependencySource.ql +ql/java/ql/src/Architecture/Refactoring Opportunities/DeeplyNestedClass.ql +ql/java/ql/src/Architecture/Refactoring Opportunities/FeatureEnvy.ql +ql/java/ql/src/Architecture/Refactoring Opportunities/HubClasses.ql +ql/java/ql/src/Architecture/Refactoring Opportunities/InappropriateIntimacy.ql +ql/java/ql/src/Complexity/BlockWithTooManyStatements.ql +ql/java/ql/src/Complexity/ComplexCondition.ql +ql/java/ql/src/DeadCode/DeadClass.ql +ql/java/ql/src/DeadCode/DeadEnumConstant.ql +ql/java/ql/src/DeadCode/DeadField.ql +ql/java/ql/src/DeadCode/DeadMethod.ql +ql/java/ql/src/DeadCode/FLinesOfDeadCode.ql +ql/java/ql/src/Frameworks/JavaEE/EJB/EjbContainerInterference.ql +ql/java/ql/src/Frameworks/JavaEE/EJB/EjbFileIO.ql +ql/java/ql/src/Frameworks/JavaEE/EJB/EjbGraphics.ql +ql/java/ql/src/Frameworks/JavaEE/EJB/EjbNative.ql +ql/java/ql/src/Frameworks/JavaEE/EJB/EjbReflection.ql +ql/java/ql/src/Frameworks/JavaEE/EJB/EjbSecurityConfiguration.ql +ql/java/ql/src/Frameworks/JavaEE/EJB/EjbSerialization.ql +ql/java/ql/src/Frameworks/JavaEE/EJB/EjbSetSocketOrUrlFactory.ql +ql/java/ql/src/Frameworks/JavaEE/EJB/EjbSocketAsServer.ql +ql/java/ql/src/Frameworks/JavaEE/EJB/EjbStaticFieldNonFinal.ql +ql/java/ql/src/Frameworks/JavaEE/EJB/EjbSynchronization.ql +ql/java/ql/src/Frameworks/JavaEE/EJB/EjbThis.ql +ql/java/ql/src/Frameworks/JavaEE/EJB/EjbThreads.ql +ql/java/ql/src/Frameworks/Spring/Architecture/Refactoring Opportunities/MissingParentBean.ql +ql/java/ql/src/Frameworks/Spring/Architecture/Refactoring Opportunities/TooManyBeans.ql +ql/java/ql/src/Frameworks/Spring/Architecture/Refactoring Opportunities/UnusedBean.ql +ql/java/ql/src/Frameworks/Spring/Architecture/Refactoring Opportunities/UselessPropertyOverride.ql +ql/java/ql/src/Frameworks/Spring/Violations of Best Practice/AvoidAutowiring.ql +ql/java/ql/src/Frameworks/Spring/Violations of Best Practice/DontUseConstructorArgIndex.ql +ql/java/ql/src/Frameworks/Spring/Violations of Best Practice/ImportsFirst.ql +ql/java/ql/src/Frameworks/Spring/Violations of Best Practice/NoBeanDescription.ql +ql/java/ql/src/Frameworks/Spring/Violations of Best Practice/ParentShouldNotUseAbstractClass.ql +ql/java/ql/src/Frameworks/Spring/Violations of Best Practice/UseIdInsteadOfName.ql +ql/java/ql/src/Frameworks/Spring/Violations of Best Practice/UseLocalRef.ql +ql/java/ql/src/Frameworks/Spring/Violations of Best Practice/UseSetterInjection.ql +ql/java/ql/src/Frameworks/Spring/Violations of Best Practice/UseShortcutForms.ql +ql/java/ql/src/Frameworks/Spring/XML Configuration Errors/MissingSetters.ql +ql/java/ql/src/Language Abuse/CastThisToTypeParameter.ql +ql/java/ql/src/Language Abuse/DubiousDowncastOfThis.ql +ql/java/ql/src/Language Abuse/DubiousTypeTestOfThis.ql +ql/java/ql/src/Language Abuse/EmptyMethod.ql +ql/java/ql/src/Language Abuse/EmptyStatement.ql +ql/java/ql/src/Language Abuse/EnumIdentifier.ql +ql/java/ql/src/Language Abuse/ImplementsAnnotation.ql +ql/java/ql/src/Language Abuse/MissedTernaryOpportunity.ql +ql/java/ql/src/Language Abuse/UselessUpcast.ql +ql/java/ql/src/Likely Bugs/Arithmetic/BadCheckOdd.ql +ql/java/ql/src/Likely Bugs/Arithmetic/CondExprTypes.ql +ql/java/ql/src/Likely Bugs/Arithmetic/OctalLiteral.ql +ql/java/ql/src/Likely Bugs/Comparison/BitwiseSignCheck.ql +ql/java/ql/src/Likely Bugs/Comparison/DefineEqualsWhenAddingFields.ql +ql/java/ql/src/Likely Bugs/Comparison/EqualsUsesInstanceOf.ql +ql/java/ql/src/Likely Bugs/Comparison/NoAssignInBooleanExprs.ql +ql/java/ql/src/Likely Bugs/Comparison/NoComparisonOnFloats.ql +ql/java/ql/src/Likely Bugs/Comparison/ObjectComparison.ql +ql/java/ql/src/Likely Bugs/Concurrency/BusyWait.ql +ql/java/ql/src/Likely Bugs/Concurrency/EmptyRunMethodInThread.ql +ql/java/ql/src/Likely Bugs/Concurrency/InconsistentAccess.ql +ql/java/ql/src/Likely Bugs/Concurrency/LazyInitStaticField.ql +ql/java/ql/src/Likely Bugs/Concurrency/NotifyWithoutSynch.ql +ql/java/ql/src/Likely Bugs/Concurrency/PriorityCalls.ql +ql/java/ql/src/Likely Bugs/Concurrency/WaitOutsideLoop.ql +ql/java/ql/src/Likely Bugs/Concurrency/WaitWithTwoLocks.ql +ql/java/ql/src/Likely Bugs/Concurrency/YieldCalls.ql +ql/java/ql/src/Likely Bugs/Frameworks/JUnit/TearDownNoSuper.ql +ql/java/ql/src/Likely Bugs/Frameworks/JUnit/TestCaseNoTests.ql +ql/java/ql/src/Likely Bugs/Frameworks/Swing/ThreadSafety.ql +ql/java/ql/src/Likely Bugs/I18N/MissingLocaleArgument.ql +ql/java/ql/src/Likely Bugs/Likely Typos/ConstructorTypo.ql +ql/java/ql/src/Likely Bugs/Likely Typos/NestedLoopsSameVariable.ql +ql/java/ql/src/Likely Bugs/Serialization/NonSerializableComparator.ql +ql/java/ql/src/Likely Bugs/Serialization/NonSerializableField.ql +ql/java/ql/src/Likely Bugs/Serialization/TransientNotSerializable.ql +ql/java/ql/src/Likely Bugs/Statements/EmptyBlock.ql +ql/java/ql/src/Likely Bugs/Statements/EmptySynchronizedBlock.ql +ql/java/ql/src/Likely Bugs/Statements/ImpossibleCast.ql +ql/java/ql/src/Likely Bugs/Statements/InconsistentCallOnResult.ql +ql/java/ql/src/Likely Bugs/Statements/ReturnValueIgnored.ql +ql/java/ql/src/Likely Bugs/Statements/StaticFieldWrittenByInstance.ql +ql/java/ql/src/Metrics/Authors/AuthorsPerFile.ql +ql/java/ql/src/Metrics/Callables/CCyclomaticComplexity.ql +ql/java/ql/src/Metrics/Callables/CLinesOfCode.ql +ql/java/ql/src/Metrics/Callables/CLinesOfComment.ql +ql/java/ql/src/Metrics/Callables/CNumberOfCalls.ql +ql/java/ql/src/Metrics/Callables/CNumberOfParameters.ql +ql/java/ql/src/Metrics/Callables/CNumberOfStatements.ql +ql/java/ql/src/Metrics/Callables/StatementNestingDepth.ql +ql/java/ql/src/Metrics/Dependencies/ExternalDependencies.ql +ql/java/ql/src/Metrics/Dependencies/ExternalDependenciesSourceLinks.ql +ql/java/ql/src/Metrics/Files/FAfferentCoupling.ql +ql/java/ql/src/Metrics/Files/FCommentRatio.ql +ql/java/ql/src/Metrics/Files/FCyclomaticComplexity.ql +ql/java/ql/src/Metrics/Files/FEfferentCoupling.ql +ql/java/ql/src/Metrics/Files/FLines.ql +ql/java/ql/src/Metrics/Files/FLinesOfCode.ql +ql/java/ql/src/Metrics/Files/FLinesOfComment.ql +ql/java/ql/src/Metrics/Files/FLinesOfCommentedCode.ql +ql/java/ql/src/Metrics/Files/FLinesOfDuplicatedCode.ql +ql/java/ql/src/Metrics/Files/FLinesOfSimilarCode.ql +ql/java/ql/src/Metrics/Files/FNumberOfClasses.ql +ql/java/ql/src/Metrics/Files/FNumberOfInterfaces.ql +ql/java/ql/src/Metrics/Files/FNumberOfTests.ql +ql/java/ql/src/Metrics/Files/FSelfContainedness.ql +ql/java/ql/src/Metrics/RefTypes/TAfferentCoupling.ql +ql/java/ql/src/Metrics/RefTypes/TEfferentCoupling.ql +ql/java/ql/src/Metrics/RefTypes/TEfferentSourceCoupling.ql +ql/java/ql/src/Metrics/RefTypes/TInheritanceDepth.ql +ql/java/ql/src/Metrics/RefTypes/TLackOfCohesionCK.ql +ql/java/ql/src/Metrics/RefTypes/TLackOfCohesionHS.ql +ql/java/ql/src/Metrics/RefTypes/TLinesOfCode.ql +ql/java/ql/src/Metrics/RefTypes/TLinesOfComment.ql +ql/java/ql/src/Metrics/RefTypes/TNumberOfCallables.ql +ql/java/ql/src/Metrics/RefTypes/TNumberOfFields.ql +ql/java/ql/src/Metrics/RefTypes/TNumberOfStatements.ql +ql/java/ql/src/Metrics/RefTypes/TPercentageOfComments.ql +ql/java/ql/src/Metrics/RefTypes/TPercentageOfComplexCode.ql +ql/java/ql/src/Metrics/RefTypes/TResponse.ql +ql/java/ql/src/Metrics/RefTypes/TSelfContainedness.ql +ql/java/ql/src/Metrics/RefTypes/TSizeOfAPI.ql +ql/java/ql/src/Metrics/RefTypes/TSpecialisationIndex.ql +ql/java/ql/src/Metrics/Summaries/FrameworkCoverage.ql +ql/java/ql/src/Metrics/Summaries/GeneratedVsManualCoverage.ql +ql/java/ql/src/Performance/ConcatenationInLoops.ql +ql/java/ql/src/Security/CWE/CWE-020/ExternalAPIsUsedWithUntrustedData.ql +ql/java/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql +ql/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionCodeSpecified.ql +ql/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexCodeSpecified.ql +ql/java/ql/src/Security/CWE/CWE-190/ArithmeticWithExtremeValues.ql +ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageClass.ql +ql/java/ql/src/Security/CWE/CWE-319/HttpsUrls.ql +ql/java/ql/src/Security/CWE/CWE-319/UseSSL.ql +ql/java/ql/src/Security/CWE/CWE-319/UseSSLSocketFactories.ql +ql/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsComparison.ql +ql/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsSourceCall.ql +ql/java/ql/src/Security/CWE/CWE-798/HardcodedPasswordField.ql +ql/java/ql/src/Security/CWE/CWE-833/LockOrderInconsistency.ql +ql/java/ql/src/Violations of Best Practice/Boolean Logic/SimplifyBoolExpr.ql +ql/java/ql/src/Violations of Best Practice/Comments/CommentedCode.ql +ql/java/ql/src/Violations of Best Practice/Comments/TodoComments.ql +ql/java/ql/src/Violations of Best Practice/Dead Code/AssignmentInReturn.ql +ql/java/ql/src/Violations of Best Practice/Dead Code/DeadStoreOfLocal.ql +ql/java/ql/src/Violations of Best Practice/Dead Code/DeadStoreOfLocalUnread.ql +ql/java/ql/src/Violations of Best Practice/Dead Code/EmptyFinalize.ql +ql/java/ql/src/Violations of Best Practice/Dead Code/FinalizerNullsFields.ql +ql/java/ql/src/Violations of Best Practice/Dead Code/LocalInitialisedButNotUsed.ql +ql/java/ql/src/Violations of Best Practice/Dead Code/LocalNotRead.ql +ql/java/ql/src/Violations of Best Practice/Dead Code/NonAssignedFields.ql +ql/java/ql/src/Violations of Best Practice/Dead Code/PointlessForwardingMethod.ql +ql/java/ql/src/Violations of Best Practice/Dead Code/UnusedField.ql +ql/java/ql/src/Violations of Best Practice/Dead Code/UnusedLocal.ql +ql/java/ql/src/Violations of Best Practice/Declarations/BreakInSwitchCase.ql +ql/java/ql/src/Violations of Best Practice/Declarations/MakeImportsExplicit.ql +ql/java/ql/src/Violations of Best Practice/Exception Handling/DroppedExceptions.ql +ql/java/ql/src/Violations of Best Practice/Exception Handling/ExceptionCatch.ql +ql/java/ql/src/Violations of Best Practice/Implementation Hiding/StaticArray.ql +ql/java/ql/src/Violations of Best Practice/Magic Constants/MagicConstantsNumbers.ql +ql/java/ql/src/Violations of Best Practice/Magic Constants/MagicConstantsString.ql +ql/java/ql/src/Violations of Best Practice/Magic Constants/MagicNumbersUseConstant.ql +ql/java/ql/src/Violations of Best Practice/Magic Constants/MagicStringsUseConstant.ql +ql/java/ql/src/Violations of Best Practice/Naming Conventions/ConfusingOverridesNames.ql +ql/java/ql/src/Violations of Best Practice/Naming Conventions/LocalShadowsField.ql +ql/java/ql/src/Violations of Best Practice/Undesirable Calls/CallsToSystemExit.ql +ql/java/ql/src/Violations of Best Practice/Undesirable Calls/GarbageCollection.ql +ql/java/ql/src/Violations of Best Practice/legacy/AutoBoxing.ql +ql/java/ql/src/Violations of Best Practice/legacy/FinallyMayNotComplete.ql +ql/java/ql/src/Violations of Best Practice/legacy/InexactVarArg.ql +ql/java/ql/src/Violations of Best Practice/legacy/ParameterAssignment.ql +ql/java/ql/src/Violations of Best Practice/legacy/UnnecessaryCast.ql +ql/java/ql/src/Violations of Best Practice/legacy/UnnecessaryImport.ql +ql/java/ql/src/definitions.ql +ql/java/ql/src/experimental/Security/CWE/CWE-016/InsecureSpringActuatorConfig.ql +ql/java/ql/src/experimental/Security/CWE/CWE-020/Log4jJndiInjection.ql +ql/java/ql/src/experimental/Security/CWE/CWE-036/OpenStream.ql +ql/java/ql/src/experimental/Security/CWE/CWE-073/FilePathInjection.ql +ql/java/ql/src/experimental/Security/CWE/CWE-078/CommandInjectionRuntimeExec.ql +ql/java/ql/src/experimental/Security/CWE/CWE-078/CommandInjectionRuntimeExecLocal.ql +ql/java/ql/src/experimental/Security/CWE/CWE-078/ExecTainted.ql +ql/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisAnnotationSqlInjection.ql +ql/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisMapperXmlSqlInjection.ql +ql/java/ql/src/experimental/Security/CWE/CWE-094/BeanShellInjection.ql +ql/java/ql/src/experimental/Security/CWE/CWE-094/InsecureDexLoading.ql +ql/java/ql/src/experimental/Security/CWE/CWE-094/JShellInjection.ql +ql/java/ql/src/experimental/Security/CWE/CWE-094/JakartaExpressionInjection.ql +ql/java/ql/src/experimental/Security/CWE/CWE-094/JythonInjection.ql +ql/java/ql/src/experimental/Security/CWE/CWE-094/ScriptInjection.ql +ql/java/ql/src/experimental/Security/CWE/CWE-094/SpringImplicitViewManipulation.ql +ql/java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulation.ql +ql/java/ql/src/experimental/Security/CWE/CWE-1004/InsecureTomcatConfig.ql +ql/java/ql/src/experimental/Security/CWE/CWE-1004/SensitiveCookieNotHttpOnly.ql +ql/java/ql/src/experimental/Security/CWE/CWE-200/InsecureWebResourceResponse.ql +ql/java/ql/src/experimental/Security/CWE/CWE-200/SensitiveAndroidFileLeak.ql +ql/java/ql/src/experimental/Security/CWE/CWE-208/PossibleTimingAttackAgainstSignature.ql +ql/java/ql/src/experimental/Security/CWE/CWE-208/TimingAttackAgainstHeader.ql +ql/java/ql/src/experimental/Security/CWE/CWE-208/TimingAttackAgainstSignature.ql +ql/java/ql/src/experimental/Security/CWE/CWE-295/JxBrowserWithoutCertValidation.ql +ql/java/ql/src/experimental/Security/CWE/CWE-297/IgnoredHostnameVerification.ql +ql/java/ql/src/experimental/Security/CWE/CWE-297/InsecureLdapEndpoint.ql +ql/java/ql/src/experimental/Security/CWE/CWE-299/DisabledRevocationChecking.ql +ql/java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql +ql/java/ql/src/experimental/Security/CWE/CWE-327/UnsafeTlsVersion.ql +ql/java/ql/src/experimental/Security/CWE/CWE-346/UnvalidatedCors.ql +ql/java/ql/src/experimental/Security/CWE/CWE-347/Auth0NoVerifier.ql +ql/java/ql/src/experimental/Security/CWE/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql +ql/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql +ql/java/ql/src/experimental/Security/CWE/CWE-400/LocalThreadResourceAbuse.ql +ql/java/ql/src/experimental/Security/CWE/CWE-400/ThreadResourceAbuse.ql +ql/java/ql/src/experimental/Security/CWE/CWE-470/LoadClassNoSignatureCheck.ql +ql/java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.ql +ql/java/ql/src/experimental/Security/CWE/CWE-489/EJBMain.ql +ql/java/ql/src/experimental/Security/CWE/CWE-489/WebComponentMain.ql +ql/java/ql/src/experimental/Security/CWE/CWE-489/devMode.ql +ql/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeDeserializationRmi.ql +ql/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeSpringExporterInConfigurationClass.ql +ql/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeSpringExporterInXMLConfiguration.ql +ql/java/ql/src/experimental/Security/CWE/CWE-522-DecompressionBombs/DecompressionBomb.ql +ql/java/ql/src/experimental/Security/CWE/CWE-548/InsecureDirectoryConfig.ql +ql/java/ql/src/experimental/Security/CWE/CWE-555/CredentialsInPropertiesFile.ql +ql/java/ql/src/experimental/Security/CWE/CWE-555/PasswordInConfigurationFile.ql +ql/java/ql/src/experimental/Security/CWE/CWE-598/SensitiveGetQuery.ql +ql/java/ql/src/experimental/Security/CWE/CWE-600/UncaughtServletException.ql +ql/java/ql/src/experimental/Security/CWE/CWE-601/SpringUrlRedirect.ql +ql/java/ql/src/experimental/Security/CWE/CWE-625/PermissiveDotRegex.ql +ql/java/ql/src/experimental/Security/CWE/CWE-652/XQueryInjection.ql +ql/java/ql/src/experimental/Security/CWE/CWE-665/InsecureRmiJmxEnvironmentConfiguration.ql +ql/java/ql/src/experimental/Security/CWE/CWE-755/NFEAndroidDoS.ql +ql/java/ql/src/experimental/Security/CWE/CWE-759/HashWithoutSalt.ql +ql/java/ql/src/experimental/Security/CWE/CWE-939/IncorrectURLVerification.ql +ql/java/ql/src/external/DuplicateAnonymous.ql +ql/java/ql/src/external/DuplicateBlock.ql +ql/java/ql/src/external/DuplicateMethod.ql +ql/java/ql/src/external/MostlyDuplicateClass.ql +ql/java/ql/src/external/MostlyDuplicateFile.ql +ql/java/ql/src/external/MostlyDuplicateMethod.ql +ql/java/ql/src/external/MostlySimilarFile.ql +ql/java/ql/src/filters/ClassifyFiles.ql +ql/java/ql/src/meta/frameworks/Coverage.ql +ql/java/ql/src/meta/ssa/AmbiguousToString.ql +ql/java/ql/src/meta/ssa/TooFewPhiInputs.ql +ql/java/ql/src/meta/ssa/UncertainDefWithoutPrior.ql +ql/java/ql/src/meta/ssa/UseWithoutUniqueSsaVariable.ql +ql/java/ql/src/utils/modelconverter/ExtractNeutrals.ql +ql/java/ql/src/utils/modelconverter/ExtractSinks.ql +ql/java/ql/src/utils/modelconverter/ExtractSources.ql +ql/java/ql/src/utils/modelconverter/ExtractSummaries.ql +ql/java/ql/src/utils/modeleditor/ApplicationModeEndpoints.ql +ql/java/ql/src/utils/modeleditor/FrameworkModeEndpoints.ql +ql/java/ql/src/utils/modelgenerator/CaptureContentSummaryModels.ql +ql/java/ql/src/utils/modelgenerator/CaptureMixedNeutralModels.ql +ql/java/ql/src/utils/modelgenerator/CaptureMixedSummaryModels.ql +ql/java/ql/src/utils/modelgenerator/CaptureNeutralModels.ql +ql/java/ql/src/utils/modelgenerator/CaptureSinkModels.ql +ql/java/ql/src/utils/modelgenerator/CaptureSourceModels.ql +ql/java/ql/src/utils/modelgenerator/CaptureSummaryModels.ql +ql/java/ql/src/utils/modelgenerator/CaptureTypeBasedSummaryModels.ql +ql/java/ql/src/utils/modelgenerator/debug/CaptureSummaryModelsPartialPath.ql +ql/java/ql/src/utils/modelgenerator/debug/CaptureSummaryModelsPath.ql +ql/java/ql/src/utils/stub-generator/MinimalStubsFromSource.ql diff --git a/java/ql/integration-tests/java/query-suite/test.py b/java/ql/integration-tests/java/query-suite/test.py index c829eb9ffa0..83551ecfc19 100644 --- a/java/ql/integration-tests/java/query-suite/test.py +++ b/java/ql/integration-tests/java/query-suite/test.py @@ -2,12 +2,28 @@ import os import runs_on import pytest -@runs_on.linux -@pytest.mark.parametrize("query_suite", ['java-code-quality.qls', 'java-security-and-quality.qls', 'java-security-extended.qls', 'java-code-scanning.qls']) +well_known_query_suites = ['java-code-quality.qls', 'java-security-and-quality.qls', 'java-security-extended.qls', 'java-code-scanning.qls'] + +@runs_on.posix +@pytest.mark.parametrize("query_suite", well_known_query_suites) def test(codeql, java, cwd, expected_files, semmle_code_dir, query_suite): - actual = codeql.resolve.queries(query_suite, _capture=True).strip() - actual = sorted(actual.splitlines()) - actual = [os.path.relpath(q, semmle_code_dir) for q in actual] - actual_file_name = query_suite + '.actual' - expected_files.add(actual_file_name) - (cwd / actual_file_name).write_text('\n'.join(actual)+'\n') + actual = codeql.resolve.queries(query_suite, _capture=True).strip() + actual = sorted(actual.splitlines()) + actual = [os.path.relpath(q, semmle_code_dir) for q in actual] + actual_file_name = query_suite + '.actual' + expected_files.add(actual_file_name) + (cwd / actual_file_name).write_text('\n'.join(actual)+'\n') + +@runs_on.posix +def test_not_included_queries(codeql, java, cwd, expected_files, semmle_code_dir): + all_queries = codeql.resolve.queries(semmle_code_dir / 'ql' / 'java' / 'ql' / 'src', _capture=True).strip().splitlines() + + included_in_qls = set() + for query_suite in well_known_query_suites: + included_in_qls |= set(codeql.resolve.queries(query_suite, _capture=True).strip().splitlines()) + + not_included = sorted(set(all_queries) - included_in_qls) + not_included = [os.path.relpath(q, semmle_code_dir) for q in not_included] + not_included_file_name = 'not_included_in_qls.actual' + expected_files.add(not_included_file_name) + (cwd / not_included_file_name).write_text('\n'.join(not_included)+'\n') From 25bd0c3b21a8c4edc3606b7ca59e4155778bcac6 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Tue, 8 Apr 2025 17:27:16 +0200 Subject: [PATCH 319/409] Rust: add test setup script --- rust/ql/test/setup.sh | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100755 rust/ql/test/setup.sh diff --git a/rust/ql/test/setup.sh b/rust/ql/test/setup.sh new file mode 100755 index 00000000000..822097140bb --- /dev/null +++ b/rust/ql/test/setup.sh @@ -0,0 +1,17 @@ +#!/bin/bash + +set -euo pipefail + +# This script is run by the CI to set up the test environment for the Rust QL tests +# We run this as rustup is not meant to be run in parallel, and will this setup will be run by rust-analyzer in the +# parallel QL tests unless we do the setup prior to launching the tests. +# We do this for each `rust-toolchain.toml` we use in the tests (and the root one in `rust`) + +cd "$(dirname "$0")" + +rustup install +rustup component add rust-src + +find . -name rust-toolchain.toml \ + -execdir rustup install \; \ + -execdir rustup component add rust-src \; From 2e75dbd51971df73546a0c5552544624f0a9c5ee Mon Sep 17 00:00:00 2001 From: Aditya Sharad Date: Tue, 8 Apr 2025 19:30:02 -0700 Subject: [PATCH 320/409] Actions: Fix invocation of autobuild PowerShell script Pass the quoted script path to PowerShell using `-File`. This ensures the path is treated as a string rather than a command, and correctly handles file paths that contain spaces, unblocking integration tests. Add logging to autobuild.cmd for easier debugging. --- actions/extractor/tools/autobuild.cmd | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/actions/extractor/tools/autobuild.cmd b/actions/extractor/tools/autobuild.cmd index cd05b979110..3118347d279 100644 --- a/actions/extractor/tools/autobuild.cmd +++ b/actions/extractor/tools/autobuild.cmd @@ -1,3 +1,4 @@ @echo off rem All of the work is done in the PowerShell script -powershell.exe "%~dp0autobuild-impl.ps1" +echo "Running PowerShell script at '%~dp0autobuild-impl.ps1'" +powershell.exe -File "%~dp0autobuild-impl.ps1" From 35f9157e429c2337a006d9a081ed5f4c241a0710 Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Wed, 9 Apr 2025 09:28:55 +0200 Subject: [PATCH 321/409] Ruby: Fix bad join in `DeadStoreOfLocal.ql` --- ruby/ql/src/queries/variables/DeadStoreOfLocal.ql | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/ruby/ql/src/queries/variables/DeadStoreOfLocal.ql b/ruby/ql/src/queries/variables/DeadStoreOfLocal.ql index 8717047e995..547d7d3cd89 100644 --- a/ruby/ql/src/queries/variables/DeadStoreOfLocal.ql +++ b/ruby/ql/src/queries/variables/DeadStoreOfLocal.ql @@ -11,15 +11,20 @@ */ import codeql.ruby.AST +import codeql.ruby.CFG import codeql.ruby.dataflow.SSA import codeql.ruby.ApiGraphs +pragma[nomagic] +private predicate hasErbResultCall(CfgScope scope) { + scope = API::getTopLevelMember("ERB").getInstance().getAMethodCall("result").asExpr().getScope() +} + class RelevantLocalVariableWriteAccess extends LocalVariableWriteAccess { RelevantLocalVariableWriteAccess() { not this.getVariable().getName().charAt(0) = "_" and not this = any(Parameter p).getAVariable().getDefiningAccess() and - not API::getTopLevelMember("ERB").getInstance().getAMethodCall("result").asExpr().getScope() = - this.getCfgScope() and + not hasErbResultCall(this.getCfgScope()) and not exists(RetryStmt r | r.getCfgScope() = this.getCfgScope()) and not exists(MethodCall c | c.getReceiver() instanceof SelfVariableAccess and From da7d6d33468e642c704a12faf983790dd5ed2ec7 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 9 Apr 2025 11:28:21 +0200 Subject: [PATCH 322/409] JS: Change note --- javascript/ql/src/change-notes/2025-04-09-web-response.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 javascript/ql/src/change-notes/2025-04-09-web-response.md diff --git a/javascript/ql/src/change-notes/2025-04-09-web-response.md b/javascript/ql/src/change-notes/2025-04-09-web-response.md new file mode 100644 index 00000000000..3afebf1b6a7 --- /dev/null +++ b/javascript/ql/src/change-notes/2025-04-09-web-response.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Data passed to the [Response](https://developer.mozilla.org/en-US/docs/Web/API/Response) constructor is now treated as a sink for `js/reflected-xss`. From 4bc3e9e736e112c7d2950857b0f768b904bce388 Mon Sep 17 00:00:00 2001 From: Napalys Date: Wed, 9 Apr 2025 12:16:53 +0200 Subject: [PATCH 323/409] Addressed comments Co-authored-by: Asgerf --- .../internal/flow_summaries/Decoders.qll | 3 +-- .../internal/flow_summaries/TypedArrays.qll | 22 ++++++------------- 2 files changed, 8 insertions(+), 17 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Decoders.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Decoders.qll index 567a0403bcf..7e75d6482c5 100644 --- a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Decoders.qll +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Decoders.qll @@ -17,8 +17,7 @@ class DecodeLike extends SummarizedCallable { DecodeLike() { this = "TextDecoder#decode" } override InstanceCall getACall() { - result = - textDecoderConstructorRef().getAnInstantiation().getReturn().getMember("decode").getACall() + result = textDecoderConstructorRef().getInstance().getMember("decode").getACall() } override predicate propagatesFlow(string input, string output, boolean preservesValue) { diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/TypedArrays.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/TypedArrays.qll index 81e84d806fd..9f3140497ab 100644 --- a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/TypedArrays.qll +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/TypedArrays.qll @@ -37,11 +37,11 @@ class BufferTypedArray extends DataFlow::AdditionalFlowStep { } } -class SetLike extends SummarizedCallable { - SetLike() { this = "TypedArray#set" } +class TypedArraySet extends SummarizedCallable { + TypedArraySet() { this = "TypedArray#set" } override InstanceCall getACall() { - result = typedArrayConstructorRef().getAnInstantiation().getReturn().getMember("set").getACall() + result = typedArrayConstructorRef().getInstance().getMember("set").getACall() } override predicate propagatesFlow(string input, string output, boolean preservesValue) { @@ -51,13 +51,10 @@ class SetLike extends SummarizedCallable { } } -class SubArrayLike extends SummarizedCallable { - SubArrayLike() { this = "TypedArray#subarray" } +class TypedArraySubarray extends SummarizedCallable { + TypedArraySubarray() { this = "TypedArray#subarray" } - override InstanceCall getACall() { - result = - typedArrayConstructorRef().getAnInstantiation().getReturn().getMember("subarray").getACall() - } + override InstanceCall getACall() { result.getMethodName() = "subarray" } override predicate propagatesFlow(string input, string output, boolean preservesValue) { preservesValue = true and @@ -95,12 +92,7 @@ class TransferLike extends SummarizedCallable { TransferLike() { this = "ArrayBuffer#transfer" } override InstanceCall getACall() { - result = - arrayBufferConstructorRef() - .getAnInstantiation() - .getReturn() - .getMember(["transfer", "transferToFixedLength"]) - .getACall() + result.getMethodName() = ["transfer", "transferToFixedLength"] } override predicate propagatesFlow(string input, string output, boolean preservesValue) { From 0a293cf357be62d4e32cc4cf2257f16d078225df Mon Sep 17 00:00:00 2001 From: Chris Smowton Date: Wed, 9 Apr 2025 12:12:35 +0100 Subject: [PATCH 324/409] Add EnumType to SimpleTypeSanitizer --- java/ql/lib/semmle/code/java/security/Sanitizers.qll | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/java/ql/lib/semmle/code/java/security/Sanitizers.qll b/java/ql/lib/semmle/code/java/security/Sanitizers.qll index 6035b068bd0..5340ba34482 100644 --- a/java/ql/lib/semmle/code/java/security/Sanitizers.qll +++ b/java/ql/lib/semmle/code/java/security/Sanitizers.qll @@ -23,6 +23,7 @@ class SimpleTypeSanitizer extends DataFlow::Node { this.getType() .(RefType) .getASourceSupertype*() - .hasQualifiedName("java.time.temporal", "TemporalAccessor") + .hasQualifiedName("java.time.temporal", "TemporalAccessor") or + this.getType() instanceof EnumType } } From a3e4e62eacb3279bf8b30b6087bca0e023365bd3 Mon Sep 17 00:00:00 2001 From: Napalys Date: Wed, 9 Apr 2025 13:27:13 +0200 Subject: [PATCH 325/409] Removed taint from `ArrayBuffer` constructor as it accepts `length` --- .../internal/flow_summaries/TypedArrays.qll | 14 ------------ .../TaintTracking/BasicTaintTracking.expected | 22 ++++++++----------- .../TaintTracking/typed-arrays.js | 14 +++++++----- 3 files changed, 17 insertions(+), 33 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/TypedArrays.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/TypedArrays.qll index 9f3140497ab..19a28036db4 100644 --- a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/TypedArrays.qll +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/TypedArrays.qll @@ -74,20 +74,6 @@ private class ArrayBufferEntryPoint extends API::EntryPoint { pragma[nomagic] API::Node arrayBufferConstructorRef() { result = any(ArrayBufferEntryPoint a).getANode() } -class ArrayBufferConstructorSummary extends SummarizedCallable { - ArrayBufferConstructorSummary() { this = "ArrayBuffer constructor" } - - override DataFlow::InvokeNode getACall() { - result = arrayBufferConstructorRef().getAnInstantiation() - } - - override predicate propagatesFlow(string input, string output, boolean preservesValue) { - preservesValue = true and - input = "Argument[0].ArrayElement" and - output = "ReturnValue.ArrayElement" - } -} - class TransferLike extends SummarizedCallable { TransferLike() { this = "ArrayBuffer#transfer" } diff --git a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected index e0cbc7b3b2e..b82fdc8d1ee 100644 --- a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected +++ b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected @@ -40,18 +40,18 @@ legacyDataFlowDifference | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:11:10:11:12 | arr | only flow with NEW data flow library | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:15:10:15:10 | z | only flow with NEW data flow library | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:18:10:18:12 | sub | only flow with NEW data flow library | -| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:22:10:22:13 | view | only flow with NEW data flow library | -| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:26:10:26:14 | view1 | only flow with NEW data flow library | -| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:30:10:30:23 | transferedView | only flow with NEW data flow library | -| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:34:10:34:24 | transferedView2 | only flow with NEW data flow library | -| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:46:10:46:12 | str | only flow with NEW data flow library | -| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:50:10:50:13 | str2 | only flow with NEW data flow library | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:48:10:48:12 | str | only flow with NEW data flow library | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:52:10:52:13 | str2 | only flow with NEW data flow library | | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:15:10:15:10 | x | only flow with NEW data flow library | consistencyIssue | nested-props.js:20 | expected an alert, but found none | NOT OK - but not found | Consistency | | stringification-read-steps.js:17 | expected an alert, but found none | NOT OK | Consistency | | stringification-read-steps.js:25 | expected an alert, but found none | NOT OK | Consistency | -| typed-arrays.js:40 | expected an alert, but found none | NOT OK -- Should be flagged but it is not. | Consistency | +| typed-arrays.js:23 | expected an alert, but found none | NOT OK -- Should be flagged but it is not. | Consistency | +| typed-arrays.js:28 | expected an alert, but found none | NOT OK -- Should be flagged but it is not. | Consistency | +| typed-arrays.js:32 | expected an alert, but found none | NOT OK -- Should be flagged but it is not. | Consistency | +| typed-arrays.js:36 | expected an alert, but found none | NOT OK -- Should be flagged but it is not. | Consistency | +| typed-arrays.js:42 | expected an alert, but found none | NOT OK -- Should be flagged but it is not. | Consistency | flow | access-path-sanitizer.js:2:18:2:25 | source() | access-path-sanitizer.js:4:8:4:12 | obj.x | | addexpr.js:4:10:4:17 | source() | addexpr.js:7:8:7:8 | x | @@ -342,12 +342,8 @@ flow | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:11:10:11:12 | arr | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:15:10:15:10 | z | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:18:10:18:12 | sub | -| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:22:10:22:13 | view | -| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:26:10:26:14 | view1 | -| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:30:10:30:23 | transferedView | -| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:34:10:34:24 | transferedView2 | -| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:46:10:46:12 | str | -| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:50:10:50:13 | str2 | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:48:10:48:12 | str | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:52:10:52:13 | str2 | | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:8:10:8:17 | captured | | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:15:10:15:10 | x | | xml.js:5:18:5:25 | source() | xml.js:8:14:8:17 | text | diff --git a/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js b/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js index d2dc8b2168c..e3eed25dd87 100644 --- a/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js +++ b/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js @@ -17,21 +17,23 @@ function test() { const sub = y.subarray(1, 3) sink(sub); // NOT OK - const buffer = new ArrayBuffer(x); + const buffer = new ArrayBuffer(8); const view = new Uint8Array(buffer); - sink(view); // NOT OK + view.set(x, 3); + sink(buffer); // NOT OK -- Should be flagged but it is not. - const sharedBuffer = new SharedArrayBuffer(x); + const sharedBuffer = new SharedArrayBuffer(8); const view1 = new Uint8Array(sharedBuffer); - sink(view1); // NOT OK + view1.set(x, 3); + sink(sharedBuffer); // NOT OK -- Should be flagged but it is not. const transfered = buffer.transfer(); const transferedView = new Uint8Array(transfered); - sink(transferedView); // NOT OK + sink(transferedView); // NOT OK -- Should be flagged but it is not. const transfered2 = buffer.transferToFixedLength(); const transferedView2 = new Uint8Array(transfered2); - sink(transferedView2); // NOT OK + sink(transferedView2); // NOT OK -- Should be flagged but it is not. var typedArrayToString = (function () { return function (a) { return String.fromCharCode.apply(null, a); }; From 3373c2457c3e8915e48e7bf38bd85c90807ba283 Mon Sep 17 00:00:00 2001 From: Chris Smowton Date: Wed, 9 Apr 2025 12:27:48 +0100 Subject: [PATCH 326/409] Update test expectation --- .../diagnostics.expected | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/ql/integration-tests/java/gradle-sample-without-wrapper-or-gradle-buildless/diagnostics.expected b/java/ql/integration-tests/java/gradle-sample-without-wrapper-or-gradle-buildless/diagnostics.expected index 8e5fb7fc737..9dd6b8297e6 100644 --- a/java/ql/integration-tests/java/gradle-sample-without-wrapper-or-gradle-buildless/diagnostics.expected +++ b/java/ql/integration-tests/java/gradle-sample-without-wrapper-or-gradle-buildless/diagnostics.expected @@ -13,7 +13,7 @@ } } { - "markdownMessage": "Built a Gradle project without the [Gradle wrapper](https://docs.gradle.org/current/userguide/gradle_wrapper.html). This may use an incompatible version of Gradle.", + "markdownMessage": "Analyzed a Gradle project without the [Gradle wrapper](https://docs.gradle.org/current/userguide/gradle_wrapper.html). This may use an incompatible version of Gradle.", "severity": "warning", "source": { "extractorName": "java", From 5c7a4eb51176516ecd3e0fb857b255c8bfc259a0 Mon Sep 17 00:00:00 2001 From: Chris Smowton Date: Wed, 9 Apr 2025 12:51:18 +0100 Subject: [PATCH 327/409] Reorder test expectations --- .../diagnostics.expected | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/java/ql/integration-tests/java/gradle-sample-without-wrapper-or-gradle-buildless/diagnostics.expected b/java/ql/integration-tests/java/gradle-sample-without-wrapper-or-gradle-buildless/diagnostics.expected index 9dd6b8297e6..f40920e10d6 100644 --- a/java/ql/integration-tests/java/gradle-sample-without-wrapper-or-gradle-buildless/diagnostics.expected +++ b/java/ql/integration-tests/java/gradle-sample-without-wrapper-or-gradle-buildless/diagnostics.expected @@ -1,10 +1,10 @@ { - "markdownMessage": "Build tool(s) should have been able to provide a recommended classpath but the attempt failed. Extraction will continue, but external dependencies will be inferred from the Java package names used. Consider troubleshooting the build tool error or using a build mode other than 'none'.", - "severity": "note", + "markdownMessage": "Analyzed a Gradle project without the [Gradle wrapper](https://docs.gradle.org/current/userguide/gradle_wrapper.html). This may use an incompatible version of Gradle.", + "severity": "warning", "source": { "extractorName": "java", - "id": "java/autobuilder/buildless/classpath-from-tool-failed", - "name": "Failed to extract dependency information from build tool tool Gradle" + "id": "java/autobuilder/guessed-gradle-version", + "name": "Required Gradle version not specified" }, "visibility": { "cliSummaryTable": true, @@ -13,12 +13,12 @@ } } { - "markdownMessage": "Analyzed a Gradle project without the [Gradle wrapper](https://docs.gradle.org/current/userguide/gradle_wrapper.html). This may use an incompatible version of Gradle.", - "severity": "warning", + "markdownMessage": "Build tool(s) should have been able to provide a recommended classpath but the attempt failed. Extraction will continue, but external dependencies will be inferred from the Java package names used. Consider troubleshooting the build tool error or using a build mode other than 'none'.", + "severity": "note", "source": { "extractorName": "java", - "id": "java/autobuilder/guessed-gradle-version", - "name": "Required Gradle version not specified" + "id": "java/autobuilder/buildless/classpath-from-tool-failed", + "name": "Failed to extract dependency information from build tool tool Gradle" }, "visibility": { "cliSummaryTable": true, From 0c52b5ad9596b6bc8d5e4227f6205991e3672628 Mon Sep 17 00:00:00 2001 From: Napalys Date: Wed, 9 Apr 2025 14:24:43 +0200 Subject: [PATCH 328/409] Added summary flow for `StringFromCharCode` --- .../internal/flow_summaries/Strings.qll | 16 ++++++++++++++++ .../TaintTracking/BasicTaintTracking.expected | 3 ++- .../library-tests/TaintTracking/typed-arrays.js | 2 +- 3 files changed, 19 insertions(+), 2 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Strings.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Strings.qll index 154668cde08..8c8ab1ac4ac 100644 --- a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Strings.qll +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Strings.qll @@ -99,3 +99,19 @@ class StringSplitHashOrQuestionMark extends SummarizedCallable { ) } } + +class StringFromCharCode extends SummarizedCallable { + StringFromCharCode() { this = "String#fromCharCode" } + + override DataFlow::CallNode getACall() { + result = DataFlow::globalVarRef("String").getAPropertyRead("fromCharCode").getACall() + } + + override predicate propagatesFlow(string input, string output, boolean preservesValue) { + preservesValue = true and + ( + input = "Argument[0..]" and + output = "ReturnValue" + ) + } +} diff --git a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected index b82fdc8d1ee..0083e55e642 100644 --- a/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected +++ b/javascript/ql/test/library-tests/TaintTracking/BasicTaintTracking.expected @@ -40,6 +40,7 @@ legacyDataFlowDifference | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:11:10:11:12 | arr | only flow with NEW data flow library | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:15:10:15:10 | z | only flow with NEW data flow library | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:18:10:18:12 | sub | only flow with NEW data flow library | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:42:10:42:30 | typedAr ... ring(y) | only flow with NEW data flow library | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:48:10:48:12 | str | only flow with NEW data flow library | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:52:10:52:13 | str2 | only flow with NEW data flow library | | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:15:10:15:10 | x | only flow with NEW data flow library | @@ -51,7 +52,6 @@ consistencyIssue | typed-arrays.js:28 | expected an alert, but found none | NOT OK -- Should be flagged but it is not. | Consistency | | typed-arrays.js:32 | expected an alert, but found none | NOT OK -- Should be flagged but it is not. | Consistency | | typed-arrays.js:36 | expected an alert, but found none | NOT OK -- Should be flagged but it is not. | Consistency | -| typed-arrays.js:42 | expected an alert, but found none | NOT OK -- Should be flagged but it is not. | Consistency | flow | access-path-sanitizer.js:2:18:2:25 | source() | access-path-sanitizer.js:4:8:4:12 | obj.x | | addexpr.js:4:10:4:17 | source() | addexpr.js:7:8:7:8 | x | @@ -342,6 +342,7 @@ flow | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:11:10:11:12 | arr | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:15:10:15:10 | z | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:18:10:18:12 | sub | +| typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:42:10:42:30 | typedAr ... ring(y) | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:48:10:48:12 | str | | typed-arrays.js:2:13:2:20 | source() | typed-arrays.js:52:10:52:13 | str2 | | use-use-after-implicit-read.js:7:17:7:24 | source() | use-use-after-implicit-read.js:8:10:8:17 | captured | diff --git a/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js b/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js index e3eed25dd87..0118c2ae690 100644 --- a/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js +++ b/javascript/ql/test/library-tests/TaintTracking/typed-arrays.js @@ -39,7 +39,7 @@ function test() { return function (a) { return String.fromCharCode.apply(null, a); }; })(); - sink(typedArrayToString(y)); // NOT OK -- Should be flagged but it is not. + sink(typedArrayToString(y)); // NOT OK let str = ''; for (let i = 0; i < y.length; i++) From 2dca95af9220bf0adbfa567edc3af2d114289c35 Mon Sep 17 00:00:00 2001 From: Napalys Klicius Date: Wed, 9 Apr 2025 14:26:00 +0200 Subject: [PATCH 329/409] Update javascript/ql/lib/change-notes/2025-04-07-websocket.md Co-authored-by: Asger F --- javascript/ql/lib/change-notes/2025-04-07-websocket.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/javascript/ql/lib/change-notes/2025-04-07-websocket.md b/javascript/ql/lib/change-notes/2025-04-07-websocket.md index a6f6e214f3a..1d6cdb8e6b1 100644 --- a/javascript/ql/lib/change-notes/2025-04-07-websocket.md +++ b/javascript/ql/lib/change-notes/2025-04-07-websocket.md @@ -1,5 +1,5 @@ --- category: minorAnalysis --- -* Improved `WebSocket` analysis by refactoring the model to use API graphs. +* Improved detection of `WebSocket` and `SockJS` usage. * Added data received from `WebSocket` clients as a remote flow source. From 674f40b35fdf4ea6aaf22c31b7a76d1f23c6d65a Mon Sep 17 00:00:00 2001 From: Napalys Date: Wed, 9 Apr 2025 14:39:09 +0200 Subject: [PATCH 330/409] Added test cases for `make-dir` package. --- .../Security/CWE-022/TaintedPath/make-dir.js | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/make-dir.js diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/make-dir.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/make-dir.js new file mode 100644 index 00000000000..a91287bb0b0 --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/make-dir.js @@ -0,0 +1,11 @@ +import { makeDirectory, makeDirectorySync } from 'make-dir'; + +const express = require('express'); +const app = express(); + +app.get('/makedir', (req, res) => { + const file = req.query.file; // $ MISSING: Source + + makeDirectory(file); // $ MISSING: Alert + makeDirectorySync(file); // $ MISSING: Alert +}); From ce2fc25cdbd0c21bb40845f0ac317f6d1d47ddb2 Mon Sep 17 00:00:00 2001 From: Napalys Date: Wed, 9 Apr 2025 14:40:28 +0200 Subject: [PATCH 331/409] Added `make-dir` model as data --- javascript/ql/lib/ext/make-dir.model.yml | 6 ++++++ .../Security/CWE-022/TaintedPath/TaintedPath.expected | 9 +++++++++ .../query-tests/Security/CWE-022/TaintedPath/make-dir.js | 6 +++--- 3 files changed, 18 insertions(+), 3 deletions(-) create mode 100644 javascript/ql/lib/ext/make-dir.model.yml diff --git a/javascript/ql/lib/ext/make-dir.model.yml b/javascript/ql/lib/ext/make-dir.model.yml new file mode 100644 index 00000000000..512259126a6 --- /dev/null +++ b/javascript/ql/lib/ext/make-dir.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/javascript-all + extensible: sinkModel + data: + - ["make-dir", "Member[makeDirectory,makeDirectorySync].Argument[0]", "path-injection"] diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected index 4fa0dbd3a2a..02fc6c0ce95 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected @@ -52,6 +52,8 @@ | handlebars.js:11:32:11:39 | filePath | handlebars.js:29:46:29:60 | req.params.path | handlebars.js:11:32:11:39 | filePath | This path depends on a $@. | handlebars.js:29:46:29:60 | req.params.path | user-provided value | | handlebars.js:15:25:15:32 | filePath | handlebars.js:43:15:43:29 | req.params.path | handlebars.js:15:25:15:32 | filePath | This path depends on a $@. | handlebars.js:43:15:43:29 | req.params.path | user-provided value | | hapi.js:15:44:15:51 | filepath | hapi.js:14:30:14:51 | request ... ilepath | hapi.js:15:44:15:51 | filepath | This path depends on a $@. | hapi.js:14:30:14:51 | request ... ilepath | user-provided value | +| make-dir.js:9:19:9:22 | file | make-dir.js:7:18:7:31 | req.query.file | make-dir.js:9:19:9:22 | file | This path depends on a $@. | make-dir.js:7:18:7:31 | req.query.file | user-provided value | +| make-dir.js:10:23:10:26 | file | make-dir.js:7:18:7:31 | req.query.file | make-dir.js:10:23:10:26 | file | This path depends on a $@. | make-dir.js:7:18:7:31 | req.query.file | user-provided value | | mkdirp.js:11:12:11:18 | dirPath | mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:11:12:11:18 | dirPath | This path depends on a $@. | mkdirp.js:9:42:9:59 | req.query.filename | user-provided value | | mkdirp.js:12:17:12:23 | dirPath | mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:12:17:12:23 | dirPath | This path depends on a $@. | mkdirp.js:9:42:9:59 | req.query.filename | user-provided value | | mkdirp.js:13:23:13:29 | dirPath | mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:13:23:13:29 | dirPath | This path depends on a $@. | mkdirp.js:9:42:9:59 | req.query.filename | user-provided value | @@ -403,6 +405,9 @@ edges | handlebars.js:43:15:43:29 | req.params.path | handlebars.js:13:73:13:80 | filePath | provenance | | | hapi.js:14:19:14:51 | filepath | hapi.js:15:44:15:51 | filepath | provenance | | | hapi.js:14:30:14:51 | request ... ilepath | hapi.js:14:19:14:51 | filepath | provenance | | +| make-dir.js:7:11:7:31 | file | make-dir.js:9:19:9:22 | file | provenance | | +| make-dir.js:7:11:7:31 | file | make-dir.js:10:23:10:26 | file | provenance | | +| make-dir.js:7:18:7:31 | req.query.file | make-dir.js:7:11:7:31 | file | provenance | | | mkdirp.js:9:11:9:76 | dirPath | mkdirp.js:11:12:11:18 | dirPath | provenance | | | mkdirp.js:9:11:9:76 | dirPath | mkdirp.js:12:17:12:23 | dirPath | provenance | | | mkdirp.js:9:11:9:76 | dirPath | mkdirp.js:13:23:13:29 | dirPath | provenance | | @@ -949,6 +954,10 @@ nodes | hapi.js:14:19:14:51 | filepath | semmle.label | filepath | | hapi.js:14:30:14:51 | request ... ilepath | semmle.label | request ... ilepath | | hapi.js:15:44:15:51 | filepath | semmle.label | filepath | +| make-dir.js:7:11:7:31 | file | semmle.label | file | +| make-dir.js:7:18:7:31 | req.query.file | semmle.label | req.query.file | +| make-dir.js:9:19:9:22 | file | semmle.label | file | +| make-dir.js:10:23:10:26 | file | semmle.label | file | | mkdirp.js:9:11:9:76 | dirPath | semmle.label | dirPath | | mkdirp.js:9:21:9:76 | path.jo ... ltDir') | semmle.label | path.jo ... ltDir') | | mkdirp.js:9:42:9:59 | req.query.filename | semmle.label | req.query.filename | diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/make-dir.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/make-dir.js index a91287bb0b0..59b0cfe8d8c 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/make-dir.js +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/make-dir.js @@ -4,8 +4,8 @@ const express = require('express'); const app = express(); app.get('/makedir', (req, res) => { - const file = req.query.file; // $ MISSING: Source + const file = req.query.file; // $ Source - makeDirectory(file); // $ MISSING: Alert - makeDirectorySync(file); // $ MISSING: Alert + makeDirectory(file); // $ Alert + makeDirectorySync(file); // $ Alert }); From 5ec71ab9af33fe00bc2e9eb673c67e0bac80da02 Mon Sep 17 00:00:00 2001 From: Napalys Date: Wed, 9 Apr 2025 14:40:36 +0200 Subject: [PATCH 332/409] Added change note --- javascript/ql/lib/change-notes/2025-04-09-make-dir.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 javascript/ql/lib/change-notes/2025-04-09-make-dir.md diff --git a/javascript/ql/lib/change-notes/2025-04-09-make-dir.md b/javascript/ql/lib/change-notes/2025-04-09-make-dir.md new file mode 100644 index 00000000000..fd056bbc98d --- /dev/null +++ b/javascript/ql/lib/change-notes/2025-04-09-make-dir.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Added support for the `make-dir` package. From 0acccf240ad10ccc5f146332440b88bdb888f1b1 Mon Sep 17 00:00:00 2001 From: Florin Coada Date: Wed, 9 Apr 2025 13:45:21 +0100 Subject: [PATCH 333/409] Update codeql-library-for-actions.rst --- .../codeql-language-guides/codeql-library-for-actions.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst b/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst index 7be7f3c8cfe..aa37abc5784 100644 --- a/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst +++ b/docs/codeql/codeql-language-guides/codeql-library-for-actions.rst @@ -121,9 +121,9 @@ See the GitHub Actions documentation on `workflows Date: Wed, 9 Apr 2025 14:56:24 +0200 Subject: [PATCH 334/409] Brought back old methods and marked them as `deprecated` --- .../javascript/frameworks/WebSocket.qll | 44 +++++++++++++++++-- 1 file changed, 40 insertions(+), 4 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll b/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll index 5e40360a4d8..f71b1cf9e0d 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/WebSocket.qll @@ -70,10 +70,35 @@ module ClientWebSocket { /** * A class that can be used to instantiate a WebSocket instance. */ - class SocketClass extends API::Node { + deprecated class SocketClass extends DataFlow::SourceNode { LibraryName library; // the name of the WebSocket library. Can be one of the libraries defined in `LibraryNames`. SocketClass() { + this = DataFlow::globalVarRef("WebSocket") and library = websocket() + or + this = DataFlow::moduleImport("ws") and library = ws() + or + // the sockjs-client library:https://www.npmjs.com/package/sockjs-client + library = sockjs() and + ( + this = DataFlow::moduleImport("sockjs-client") or + this = DataFlow::globalVarRef("SockJS") + ) + } + + /** + * Gets the WebSocket library name. + */ + LibraryName getLibrary() { result = library } + } + + /** + * A class that can be used to instantiate a WebSocket instance. + */ + class WebSocketClass extends API::Node { + LibraryName library; // the name of the WebSocket library. Can be one of the libraries defined in `LibraryNames`. + + WebSocketClass() { this = any(WebSocketEntryPoint e).getANode() and library = websocket() or this = API::moduleImport("ws") and library = ws() @@ -96,7 +121,7 @@ module ClientWebSocket { * A client WebSocket instance. */ class ClientSocket extends EventEmitter::Range, API::NewNode, ClientRequest::Range { - SocketClass socketClass; + WebSocketClass socketClass; ClientSocket() { this = socketClass.getAnInvocation() } @@ -212,7 +237,18 @@ module ServerWebSocket { /** * Gets a server created by a library named `library`. */ - API::InvokeNode getAServer(LibraryName library) { + deprecated DataFlow::SourceNode getAServer(LibraryName library) { + library = ws() and + result = DataFlow::moduleImport("ws").getAConstructorInvocation("Server") + or + library = sockjs() and + result = DataFlow::moduleImport("sockjs").getAMemberCall("createServer") + } + + /** + * Gets a server created by a library named `library`. + */ + API::InvokeNode getAServerInvocation(LibraryName library) { library = ws() and result = API::moduleImport("ws").getMember("Server").getAnInvocation() or @@ -224,7 +260,7 @@ module ServerWebSocket { * Gets a `socket.on("connection", (msg, req) => {})` call. */ private DataFlow::CallNode getAConnectionCall(LibraryName library) { - result = getAServer(library).getReturn().getMember(EventEmitter::on()).getACall() and + result = getAServerInvocation(library).getReturn().getMember(EventEmitter::on()).getACall() and result.getArgument(0).mayHaveStringValue("connection") } From 84aa2e8627abcf3ca1dceb1d4ebfaaf16033b8e6 Mon Sep 17 00:00:00 2001 From: Joe Farebrother Date: Wed, 9 Apr 2025 14:07:38 +0100 Subject: [PATCH 335/409] Apply review suggestion - Tweak wording of example comment Co-authored-by: Taus --- python/ql/src/Variables/LoopVariableCapture/examples/good2.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/ql/src/Variables/LoopVariableCapture/examples/good2.py b/python/ql/src/Variables/LoopVariableCapture/examples/good2.py index 1a2469b4220..7047e11d0b6 100644 --- a/python/ql/src/Variables/LoopVariableCapture/examples/good2.py +++ b/python/ql/src/Variables/LoopVariableCapture/examples/good2.py @@ -1,5 +1,5 @@ import functools -# GOOD: A default parameter is used, so the variable `i` is not being captured. +# GOOD: `functools.partial` takes care of capturing the _value_ of `i`. tasks = [] for i in range(5): tasks.append(functools.partial(lambda i: print(i), i)) From fbab715cb6a17a69cd2766075c0928b4a905b3bc Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Wed, 9 Apr 2025 15:20:33 +0200 Subject: [PATCH 336/409] Rust: Allow for crate self-references in crate graph paths --- rust/ql/lib/codeql/rust/internal/PathResolution.qll | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/rust/ql/lib/codeql/rust/internal/PathResolution.qll b/rust/ql/lib/codeql/rust/internal/PathResolution.qll index 91d7e87704c..00257238f21 100644 --- a/rust/ql/lib/codeql/rust/internal/PathResolution.qll +++ b/rust/ql/lib/codeql/rust/internal/PathResolution.qll @@ -764,6 +764,10 @@ private predicate crateDependencyEdge(ModuleLikeNode m, string name, CrateItemNo // entry/transitive source file m = c.getASourceFile() ) + or + // paths inside the crate graph use the name of the crate itself as prefix, + // although that is not valid in Rust + dep = any(Crate c | name = c.getName() and m = c.getModule()) } private predicate useTreeDeclares(UseTree tree, string name) { From f31b49b022637d8c00b8b7fa13d33694c4858813 Mon Sep 17 00:00:00 2001 From: Chris Smowton Date: Wed, 9 Apr 2025 15:41:48 +0100 Subject: [PATCH 337/409] Change note --- java/ql/lib/change-notes/2025-04-09-enum-type-exclusion.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 java/ql/lib/change-notes/2025-04-09-enum-type-exclusion.md diff --git a/java/ql/lib/change-notes/2025-04-09-enum-type-exclusion.md b/java/ql/lib/change-notes/2025-04-09-enum-type-exclusion.md new file mode 100644 index 00000000000..9c4e7b574d7 --- /dev/null +++ b/java/ql/lib/change-notes/2025-04-09-enum-type-exclusion.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Enum-typed values are now assumed to be safe by most queries. This means that queries may return less results where an enum value is used in a sensitive context, e.g. pasted into a query string. From 7a8dfdb97157d7efc6c8ab2cf7e18e6fb86bd288 Mon Sep 17 00:00:00 2001 From: Chris Smowton Date: Wed, 9 Apr 2025 15:52:48 +0100 Subject: [PATCH 338/409] Grammar --- java/ql/lib/change-notes/2025-04-09-enum-type-exclusion.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/ql/lib/change-notes/2025-04-09-enum-type-exclusion.md b/java/ql/lib/change-notes/2025-04-09-enum-type-exclusion.md index 9c4e7b574d7..9b120e84ff7 100644 --- a/java/ql/lib/change-notes/2025-04-09-enum-type-exclusion.md +++ b/java/ql/lib/change-notes/2025-04-09-enum-type-exclusion.md @@ -1,4 +1,4 @@ --- category: minorAnalysis --- -* Enum-typed values are now assumed to be safe by most queries. This means that queries may return less results where an enum value is used in a sensitive context, e.g. pasted into a query string. +* Enum-typed values are now assumed to be safe by most queries. This means that queries may return fewer results where an enum value is used in a sensitive context, e.g. pasted into a query string. From 52401aaa735cc623e293e195cb391cdc477eaa5a Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Wed, 9 Apr 2025 17:19:25 +0200 Subject: [PATCH 339/409] Address review comments --- .../codeql/rust/internal/PathResolution.qll | 9 ++++++-- shared/util/codeql/util/FileSystem.qll | 21 ++++++++++++------- 2 files changed, 21 insertions(+), 9 deletions(-) diff --git a/rust/ql/lib/codeql/rust/internal/PathResolution.qll b/rust/ql/lib/codeql/rust/internal/PathResolution.qll index ad64e50d009..9a73d8d035c 100644 --- a/rust/ql/lib/codeql/rust/internal/PathResolution.qll +++ b/rust/ql/lib/codeql/rust/internal/PathResolution.qll @@ -655,6 +655,11 @@ private predicate fileModule(SourceFile f, string name, Folder folder) { ) } +/** + * Gets the `Meta` of the module `m`'s [path attribute][1]. + * + * [1]: https://doc.rust-lang.org/reference/items/modules.html#r-items.mod.outlined.path + */ private Meta getPathAttrMeta(Module m) { result = m.getAnAttr().getMeta() and result.getPath().getText() = "path" @@ -725,7 +730,7 @@ private predicate pathAttrImport(Folder f, Module m, string relativePath) { ) } -private predicate append(Folder f, string relativePath) { pathAttrImport(f, _, relativePath) } +private predicate shouldAppend(Folder f, string relativePath) { pathAttrImport(f, _, relativePath) } /** Holds if `m` is a `mod name;` item importing file `f`. */ private predicate fileImport(Module m, SourceFile f) { @@ -743,7 +748,7 @@ private predicate fileImport(Module m, SourceFile f) { or exists(Folder folder, string relativePath | pathAttrImport(folder, m, relativePath) and - f.getFile() = Folder::Append::append(folder, relativePath) + f.getFile() = Folder::Append::append(folder, relativePath) ) } diff --git a/shared/util/codeql/util/FileSystem.qll b/shared/util/codeql/util/FileSystem.qll index 261139dcf41..ea58db929c5 100644 --- a/shared/util/codeql/util/FileSystem.qll +++ b/shared/util/codeql/util/FileSystem.qll @@ -222,20 +222,27 @@ module Make { /** Provides logic related to `Folder`s. */ module Folder { /** Holds if `relativePath` needs to be appended to `f`. */ - signature predicate appendSig(Folder f, string relativePath); + signature predicate shouldAppendSig(Folder f, string relativePath); /** Provides the `append` predicate for appending a relative path onto a folder. */ - module Append { + module Append { pragma[nomagic] private string getComponent(string relativePath, int i) { - app(_, relativePath) and + shouldAppend(_, relativePath) and result = relativePath.replaceAll("\\", "/").regexpFind("[^/]+", i, _) } + private int getNumberOfComponents(string relativePath) { + result = strictcount(int i | exists(getComponent(relativePath, i)) | i) + or + relativePath = "" and + result = 0 + } + pragma[nomagic] private Container appendStep(Folder f, string relativePath, int i) { i = -1 and - app(f, relativePath) and + shouldAppend(f, relativePath) and result = f or exists(Container mid, string comp | @@ -258,9 +265,9 @@ module Make { */ pragma[nomagic] Container append(Folder f, string relativePath) { - exists(int components | - components = (-1).maximum(max(int comp | exists(getComponent(relativePath, comp)) | comp)) and - result = appendStep(f, relativePath, components) + exists(int last | + last = getNumberOfComponents(relativePath) - 1 and + result = appendStep(f, relativePath, last) ) } } From bd3342af8aa071ca6c53cea1656ba301964bb750 Mon Sep 17 00:00:00 2001 From: Aditya Sharad Date: Wed, 9 Apr 2025 20:59:40 -0700 Subject: [PATCH 340/409] Actions: Update integration test for default filters Create a common file structure to be shared among multiple tests for path filters, and rename accordingly. Update test expectations with additional files. Use pytest markers to indicate the expected outputs. Add source archive checking in addition to checking query output. This allows us to test which YAML files were extracted separately from whether they are semantically meaningful to the Actions analysis. --- actions/ql/integration-tests/filters-default/test.py | 2 -- .../actions.default-filters.expected} | 2 ++ actions/ql/integration-tests/filters/actions.ql | 5 +++++ .../filters/source_archive.default-filters.expected | 6 ++++++ .../src/.github/action.yaml | 0 .../src/.github/actions/action-name/action.yml | 0 .../src/.github/unreachable-workflow.yml | 0 .../src/.github/workflows/workflow.yml | 0 .../{filters-default => filters}/src/action.yml | 0 .../filters/src/excluded/action.yml | 11 +++++++++++ .../src/excluded}/unreachable-workflow.yml | 0 .../filters/src/included/action.yml | 11 +++++++++++ .../filters/src/included/not-an-action.yml | 1 + .../filters/src/included/unreachable-workflow.yml | 12 ++++++++++++ .../filters/src/unreachable-workflow.yml | 12 ++++++++++++ actions/ql/integration-tests/filters/test.py | 6 ++++++ 16 files changed, 66 insertions(+), 2 deletions(-) delete mode 100755 actions/ql/integration-tests/filters-default/test.py rename actions/ql/integration-tests/{filters-default/actions.expected => filters/actions.default-filters.expected} (68%) create mode 100644 actions/ql/integration-tests/filters/actions.ql create mode 100644 actions/ql/integration-tests/filters/source_archive.default-filters.expected rename actions/ql/integration-tests/{filters-default => filters}/src/.github/action.yaml (100%) rename actions/ql/integration-tests/{filters-default => filters}/src/.github/actions/action-name/action.yml (100%) rename actions/ql/integration-tests/{filters-default => filters}/src/.github/unreachable-workflow.yml (100%) rename actions/ql/integration-tests/{filters-default => filters}/src/.github/workflows/workflow.yml (100%) rename actions/ql/integration-tests/{filters-default => filters}/src/action.yml (100%) create mode 100644 actions/ql/integration-tests/filters/src/excluded/action.yml rename actions/ql/integration-tests/{filters-default/src => filters/src/excluded}/unreachable-workflow.yml (100%) create mode 100644 actions/ql/integration-tests/filters/src/included/action.yml create mode 100644 actions/ql/integration-tests/filters/src/included/not-an-action.yml create mode 100644 actions/ql/integration-tests/filters/src/included/unreachable-workflow.yml create mode 100644 actions/ql/integration-tests/filters/src/unreachable-workflow.yml create mode 100755 actions/ql/integration-tests/filters/test.py diff --git a/actions/ql/integration-tests/filters-default/test.py b/actions/ql/integration-tests/filters-default/test.py deleted file mode 100755 index c0ac8d191b9..00000000000 --- a/actions/ql/integration-tests/filters-default/test.py +++ /dev/null @@ -1,2 +0,0 @@ -def test(codeql, actions): - codeql.database.create(source_root="src") diff --git a/actions/ql/integration-tests/filters-default/actions.expected b/actions/ql/integration-tests/filters/actions.default-filters.expected similarity index 68% rename from actions/ql/integration-tests/filters-default/actions.expected rename to actions/ql/integration-tests/filters/actions.default-filters.expected index 376c71bad6d..c2b8216dfa6 100644 --- a/actions/ql/integration-tests/filters-default/actions.expected +++ b/actions/ql/integration-tests/filters/actions.default-filters.expected @@ -2,3 +2,5 @@ | src/.github/actions/action-name/action.yml:1:1:11:32 | name: ' ... action' | | src/.github/workflows/workflow.yml:1:1:12:33 | name: A workflow | | src/action.yml:1:1:11:32 | name: ' ... action' | +| src/excluded/action.yml:1:1:11:32 | name: ' ... action' | +| src/included/action.yml:1:1:11:32 | name: ' ... action' | diff --git a/actions/ql/integration-tests/filters/actions.ql b/actions/ql/integration-tests/filters/actions.ql new file mode 100644 index 00000000000..f0a3e0ab297 --- /dev/null +++ b/actions/ql/integration-tests/filters/actions.ql @@ -0,0 +1,5 @@ +import actions + +from AstNode n +where n instanceof Workflow or n instanceof CompositeAction +select n diff --git a/actions/ql/integration-tests/filters/source_archive.default-filters.expected b/actions/ql/integration-tests/filters/source_archive.default-filters.expected new file mode 100644 index 00000000000..647b180890a --- /dev/null +++ b/actions/ql/integration-tests/filters/source_archive.default-filters.expected @@ -0,0 +1,6 @@ +src/.github/action.yaml +src/.github/actions/action-name/action.yml +src/.github/workflows/workflow.yml +src/action.yml +src/excluded/action.yml +src/included/action.yml diff --git a/actions/ql/integration-tests/filters-default/src/.github/action.yaml b/actions/ql/integration-tests/filters/src/.github/action.yaml similarity index 100% rename from actions/ql/integration-tests/filters-default/src/.github/action.yaml rename to actions/ql/integration-tests/filters/src/.github/action.yaml diff --git a/actions/ql/integration-tests/filters-default/src/.github/actions/action-name/action.yml b/actions/ql/integration-tests/filters/src/.github/actions/action-name/action.yml similarity index 100% rename from actions/ql/integration-tests/filters-default/src/.github/actions/action-name/action.yml rename to actions/ql/integration-tests/filters/src/.github/actions/action-name/action.yml diff --git a/actions/ql/integration-tests/filters-default/src/.github/unreachable-workflow.yml b/actions/ql/integration-tests/filters/src/.github/unreachable-workflow.yml similarity index 100% rename from actions/ql/integration-tests/filters-default/src/.github/unreachable-workflow.yml rename to actions/ql/integration-tests/filters/src/.github/unreachable-workflow.yml diff --git a/actions/ql/integration-tests/filters-default/src/.github/workflows/workflow.yml b/actions/ql/integration-tests/filters/src/.github/workflows/workflow.yml similarity index 100% rename from actions/ql/integration-tests/filters-default/src/.github/workflows/workflow.yml rename to actions/ql/integration-tests/filters/src/.github/workflows/workflow.yml diff --git a/actions/ql/integration-tests/filters-default/src/action.yml b/actions/ql/integration-tests/filters/src/action.yml similarity index 100% rename from actions/ql/integration-tests/filters-default/src/action.yml rename to actions/ql/integration-tests/filters/src/action.yml diff --git a/actions/ql/integration-tests/filters/src/excluded/action.yml b/actions/ql/integration-tests/filters/src/excluded/action.yml new file mode 100644 index 00000000000..f611f8c72ff --- /dev/null +++ b/actions/ql/integration-tests/filters/src/excluded/action.yml @@ -0,0 +1,11 @@ +name: 'A composite action' +description: 'Do something' +runs: + using: "composite" + steps: + - name: Print + run: echo "Hello world" + shell: bash + + - name: Checkout + uses: actions/checkout@v4 diff --git a/actions/ql/integration-tests/filters-default/src/unreachable-workflow.yml b/actions/ql/integration-tests/filters/src/excluded/unreachable-workflow.yml similarity index 100% rename from actions/ql/integration-tests/filters-default/src/unreachable-workflow.yml rename to actions/ql/integration-tests/filters/src/excluded/unreachable-workflow.yml diff --git a/actions/ql/integration-tests/filters/src/included/action.yml b/actions/ql/integration-tests/filters/src/included/action.yml new file mode 100644 index 00000000000..f611f8c72ff --- /dev/null +++ b/actions/ql/integration-tests/filters/src/included/action.yml @@ -0,0 +1,11 @@ +name: 'A composite action' +description: 'Do something' +runs: + using: "composite" + steps: + - name: Print + run: echo "Hello world" + shell: bash + + - name: Checkout + uses: actions/checkout@v4 diff --git a/actions/ql/integration-tests/filters/src/included/not-an-action.yml b/actions/ql/integration-tests/filters/src/included/not-an-action.yml new file mode 100644 index 00000000000..78449e5c484 --- /dev/null +++ b/actions/ql/integration-tests/filters/src/included/not-an-action.yml @@ -0,0 +1 @@ +name: 'Not an action, just a YAML file' diff --git a/actions/ql/integration-tests/filters/src/included/unreachable-workflow.yml b/actions/ql/integration-tests/filters/src/included/unreachable-workflow.yml new file mode 100644 index 00000000000..6f980d6a6b0 --- /dev/null +++ b/actions/ql/integration-tests/filters/src/included/unreachable-workflow.yml @@ -0,0 +1,12 @@ +name: An unreachable workflow +on: + push: + branches: + - main + +jobs: + job: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 \ No newline at end of file diff --git a/actions/ql/integration-tests/filters/src/unreachable-workflow.yml b/actions/ql/integration-tests/filters/src/unreachable-workflow.yml new file mode 100644 index 00000000000..6f980d6a6b0 --- /dev/null +++ b/actions/ql/integration-tests/filters/src/unreachable-workflow.yml @@ -0,0 +1,12 @@ +name: An unreachable workflow +on: + push: + branches: + - main + +jobs: + job: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 \ No newline at end of file diff --git a/actions/ql/integration-tests/filters/test.py b/actions/ql/integration-tests/filters/test.py new file mode 100755 index 00000000000..a2abcf90b03 --- /dev/null +++ b/actions/ql/integration-tests/filters/test.py @@ -0,0 +1,6 @@ +import pytest + +@pytest.mark.ql_test(expected=".default-filters.expected") +def test_default_filters(codeql, actions, check_source_archive): + check_source_archive.expected_suffix = ".default-filters.expected" + codeql.database.create(source_root="src") \ No newline at end of file From 800dd168c2c9e33f8408c8bc9dd99594a13bded5 Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 10 Apr 2025 07:19:26 +0200 Subject: [PATCH 341/409] JS: Add failing TRAP test for trailing comma --- .../tests/json/input/array-trailing-comma.json | 6 ++++++ .../output/trap/array-trailing-comma.json.trap | 15 +++++++++++++++ 2 files changed, 21 insertions(+) create mode 100644 javascript/extractor/tests/json/input/array-trailing-comma.json create mode 100644 javascript/extractor/tests/json/output/trap/array-trailing-comma.json.trap diff --git a/javascript/extractor/tests/json/input/array-trailing-comma.json b/javascript/extractor/tests/json/input/array-trailing-comma.json new file mode 100644 index 00000000000..5658e96a3d0 --- /dev/null +++ b/javascript/extractor/tests/json/input/array-trailing-comma.json @@ -0,0 +1,6 @@ +{ + "array": [ + "foo", + "bar", + ] +} diff --git a/javascript/extractor/tests/json/output/trap/array-trailing-comma.json.trap b/javascript/extractor/tests/json/output/trap/array-trailing-comma.json.trap new file mode 100644 index 00000000000..042bf630e8f --- /dev/null +++ b/javascript/extractor/tests/json/output/trap/array-trailing-comma.json.trap @@ -0,0 +1,15 @@ +#10000=@"/array-trailing-comma.json;sourcefile" +files(#10000,"/array-trailing-comma.json") +#10001=@"/;folder" +folders(#10001,"/") +containerparent(#10001,#10000) +#10002=@"loc,{#10000},0,0,0,0" +locations_default(#10002,#10000,0,0,0,0) +hasLocation(#10000,#10002) +#20000=* +json_errors(#20000,"Error: Omitted elements are not allowed in JSON.") +#20001=@"loc,{#10000},5,4,5,4" +locations_default(#20001,#10000,5,4,5,4) +hasLocation(#20000,#20001) +numlines(#10000,6,0,0) +filetype(#10000,"json") From 1434f7acd2a7cb696ac80c87e511815ed9f83e00 Mon Sep 17 00:00:00 2001 From: Asger F Date: Wed, 9 Apr 2025 23:14:56 +0200 Subject: [PATCH 342/409] JS: Tolerate trailing comma in JSON array Previously we'd fail to extract some tsconfig.json files because of this. --- .../src/com/semmle/js/parser/JSONParser.java | 3 --- .../trap/array-trailing-comma.json.trap | 26 ++++++++++++++++--- 2 files changed, 22 insertions(+), 7 deletions(-) diff --git a/javascript/extractor/src/com/semmle/js/parser/JSONParser.java b/javascript/extractor/src/com/semmle/js/parser/JSONParser.java index 26af68b0cd3..be55eb8397e 100644 --- a/javascript/extractor/src/com/semmle/js/parser/JSONParser.java +++ b/javascript/extractor/src/com/semmle/js/parser/JSONParser.java @@ -205,9 +205,6 @@ public class JSONParser { char c = peek(); switch (c) { case ']': - if (!needsComma) { - raise("Omitted elements are not allowed in JSON."); - } next(); break out; case ',': diff --git a/javascript/extractor/tests/json/output/trap/array-trailing-comma.json.trap b/javascript/extractor/tests/json/output/trap/array-trailing-comma.json.trap index 042bf630e8f..77d36908a3b 100644 --- a/javascript/extractor/tests/json/output/trap/array-trailing-comma.json.trap +++ b/javascript/extractor/tests/json/output/trap/array-trailing-comma.json.trap @@ -7,9 +7,27 @@ containerparent(#10001,#10000) locations_default(#10002,#10000,0,0,0,0) hasLocation(#10000,#10002) #20000=* -json_errors(#20000,"Error: Omitted elements are not allowed in JSON.") -#20001=@"loc,{#10000},5,4,5,4" -locations_default(#20001,#10000,5,4,5,4) -hasLocation(#20000,#20001) +json(#20000,5,#10000,0,"{\n "" ... ]\n}") +#20001=@"loc,{#10000},1,1,6,1" +locations_default(#20001,#10000,1,1,6,1) +json_locations(#20000,#20001) +#20002=* +json(#20002,4,#20000,0,"[\n ... ,\n ]") +#20003=@"loc,{#10000},2,14,5,5" +locations_default(#20003,#10000,2,14,5,5) +json_locations(#20002,#20003) +#20004=* +json(#20004,3,#20002,0,"""foo""") +#20005=@"loc,{#10000},3,9,3,13" +locations_default(#20005,#10000,3,9,3,13) +json_locations(#20004,#20005) +json_literals("foo","""foo""",#20004) +#20006=* +json(#20006,3,#20002,1,"""bar""") +#20007=@"loc,{#10000},4,9,4,13" +locations_default(#20007,#10000,4,9,4,13) +json_locations(#20006,#20007) +json_literals("bar","""bar""",#20006) +json_properties(#20000,"array",#20002) numlines(#10000,6,0,0) filetype(#10000,"json") From cfa1a9b603ce16b00d0fdb9d92b102a8790f90fe Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 10 Apr 2025 07:14:38 +0200 Subject: [PATCH 343/409] JS: Update extractor version string --- javascript/extractor/src/com/semmle/js/extractor/Main.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/javascript/extractor/src/com/semmle/js/extractor/Main.java b/javascript/extractor/src/com/semmle/js/extractor/Main.java index 0b92711b01d..45691d1d7f4 100644 --- a/javascript/extractor/src/com/semmle/js/extractor/Main.java +++ b/javascript/extractor/src/com/semmle/js/extractor/Main.java @@ -42,7 +42,7 @@ public class Main { * A version identifier that should be updated every time the extractor changes in such a way that * it may produce different tuples for the same file under the same {@link ExtractorConfig}. */ - public static final String EXTRACTOR_VERSION = "2025-03-20"; + public static final String EXTRACTOR_VERSION = "2025-04-10"; public static final Pattern NEWLINE = Pattern.compile("\n"); From 3da1f261f7e51b50181f457a6a3902efb2f9c54e Mon Sep 17 00:00:00 2001 From: Asger F Date: Thu, 10 Apr 2025 07:21:48 +0200 Subject: [PATCH 344/409] JS: Change note --- .../src/change-notes/2025-04-10-json-array-trailing-comma.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 javascript/ql/src/change-notes/2025-04-10-json-array-trailing-comma.md diff --git a/javascript/ql/src/change-notes/2025-04-10-json-array-trailing-comma.md b/javascript/ql/src/change-notes/2025-04-10-json-array-trailing-comma.md new file mode 100644 index 00000000000..7a0acd541e1 --- /dev/null +++ b/javascript/ql/src/change-notes/2025-04-10-json-array-trailing-comma.md @@ -0,0 +1,4 @@ +--- +category: fix +--- +* Fixed a bug that would prevent extraction of `tsconfig.json` files when it contained an array literal with a trailing comma. From 00999baf9ae4f7ecad7c2bb627ab6f715a79dfba Mon Sep 17 00:00:00 2001 From: Joe Farebrother Date: Thu, 10 Apr 2025 09:06:01 +0100 Subject: [PATCH 345/409] Apply docs review suggestion - Reword query description. Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com> --- .../ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql index 514a6790ea0..034ac05ee94 100644 --- a/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql +++ b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.ql @@ -1,6 +1,6 @@ /** * @name Loop variable capture - * @description Capture of a loop variable is not the same as capturing the value of a loop variable, and may be erroneous. + * @description Capturing a loop variable is not the same as capturing its value, and can lead to unexpected behavior or bugs. * @kind path-problem * @tags correctness * quality From 6802037c892b51ecb1758d0d4d884135e71eb6e2 Mon Sep 17 00:00:00 2001 From: Joe Farebrother Date: Thu, 10 Apr 2025 09:52:18 +0100 Subject: [PATCH 346/409] Update qhelp formatting --- .../Variables/LoopVariableCapture/LoopVariableCapture.qhelp | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.qhelp b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.qhelp index b902f976a53..2f3beeb2e9f 100644 --- a/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.qhelp +++ b/python/ql/src/Variables/LoopVariableCapture/LoopVariableCapture.qhelp @@ -22,11 +22,11 @@ To capture the value of a loop variable at the time the closure is created, use

    -In the following (BAD) example, a `tasks` list is created, but each task captures the loop variable i, and reads the same value when run. +In the following (BAD) example, a tasks list is created, but each task captures the loop variable i, and reads the same value when run.

    -In the following (GOOD) example, each closure has an `i` default parameter, shadowing the outer i variable, the default value of which is determined as the value of the loop variable i at the time the closure is created. +In the following (GOOD) example, each closure has an i default parameter, shadowing the outer i variable, the default value of which is determined as the value of the loop variable i at the time the closure is created.

    From 041adcd63a567d28e769c1578f37991b42ff738f Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Fri, 21 Mar 2025 16:28:20 +0000 Subject: [PATCH 347/409] Java: Add initial version of string replaceAll with no regex query --- .../StringReplaceAllWithNonRegex.md | 28 +++++++++++++++++++ .../StringReplaceAllWithNonRegex.ql | 20 +++++++++++++ .../StringReplaceAllWithNonRegex.expected | 1 + .../StringReplaceAllWithNonRegex.qlref | 1 + .../StringReplaceAllWithNonRegex/Test.java | 7 +++++ 5 files changed, 57 insertions(+) create mode 100644 java/ql/src/Performance/StringReplaceAllWithNonRegex.md create mode 100644 java/ql/src/Performance/StringReplaceAllWithNonRegex.ql create mode 100644 java/ql/test/query-tests/StringReplaceAllWithNonRegex/StringReplaceAllWithNonRegex.expected create mode 100644 java/ql/test/query-tests/StringReplaceAllWithNonRegex/StringReplaceAllWithNonRegex.qlref create mode 100644 java/ql/test/query-tests/StringReplaceAllWithNonRegex/Test.java diff --git a/java/ql/src/Performance/StringReplaceAllWithNonRegex.md b/java/ql/src/Performance/StringReplaceAllWithNonRegex.md new file mode 100644 index 00000000000..b38ee002f97 --- /dev/null +++ b/java/ql/src/Performance/StringReplaceAllWithNonRegex.md @@ -0,0 +1,28 @@ +# J-STR-001: Use of `String.replaceAll` with a first argument of a non regular expression + +Using `String.replaceAll` is less performant than `String.replace` when the first argument is not a regular expression. + +## Overview + +The underlying implementation of `String.replaceAll` uses `Pattern.compile` and expects a regular expression as its first argument. However in cases where the argument could be represented by just a plain `String` that does not represent an interesting regular expression, a call to `String.replace` may be more performant as it does not need to compile the regular expression. + +## Recommendation + +Use `String.replace` instead where a `replaceAll` call uses a trivial string as its first argument. + +## Example + +```java +public class Test { + void f() { + String s1 = "test"; + s1 = s1.replaceAll("t", "x"); // NON_COMPLIANT + s1 = s1.replaceAll(".*", "x"); // COMPLIANT + } +} + +``` + +## References + +- [String.replaceAll](https://docs.oracle.com/en/java/javase/20/docs/api/java.base/java/lang/String.html#replaceAll(java.lang.String,java.lang.String)) diff --git a/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql b/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql new file mode 100644 index 00000000000..d5d4c63cc6e --- /dev/null +++ b/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql @@ -0,0 +1,20 @@ +/** + * @id java/string-replace-all-with-non-regex + * @name J-STR-001: Use of `String#replaceAll` with a first argument of a non regular expression + * @description Using `String#replaceAll` is less performant than `String#replace` when the first + * argument is not a regular expression. + * @kind problem + * @precision very-high + * @problem.severity recommendation + * @tags performance + */ + +import java + +from MethodCall replaceAllCall +where + replaceAllCall.getMethod().hasQualifiedName("java.lang", "String", "replaceAll") and + //only contains characters that could be a simple string + replaceAllCall.getArgument(0).(StringLiteral).getValue().regexpMatch("^[a-zA-Z0-9]+$") +select replaceAllCall, + "Call to 'replaceAll' uses an argument comprised of plain string characters only." diff --git a/java/ql/test/query-tests/StringReplaceAllWithNonRegex/StringReplaceAllWithNonRegex.expected b/java/ql/test/query-tests/StringReplaceAllWithNonRegex/StringReplaceAllWithNonRegex.expected new file mode 100644 index 00000000000..f47e86d1f0e --- /dev/null +++ b/java/ql/test/query-tests/StringReplaceAllWithNonRegex/StringReplaceAllWithNonRegex.expected @@ -0,0 +1 @@ +| Test.java:4:14:4:36 | replaceAll(...) | Call to 'replaceAll' uses an argument comprised of plain string characters only. | diff --git a/java/ql/test/query-tests/StringReplaceAllWithNonRegex/StringReplaceAllWithNonRegex.qlref b/java/ql/test/query-tests/StringReplaceAllWithNonRegex/StringReplaceAllWithNonRegex.qlref new file mode 100644 index 00000000000..c82994caef5 --- /dev/null +++ b/java/ql/test/query-tests/StringReplaceAllWithNonRegex/StringReplaceAllWithNonRegex.qlref @@ -0,0 +1 @@ +Performance/StringReplaceAllWithNonRegex.ql diff --git a/java/ql/test/query-tests/StringReplaceAllWithNonRegex/Test.java b/java/ql/test/query-tests/StringReplaceAllWithNonRegex/Test.java new file mode 100644 index 00000000000..e2734f10135 --- /dev/null +++ b/java/ql/test/query-tests/StringReplaceAllWithNonRegex/Test.java @@ -0,0 +1,7 @@ +public class Test { + void f() { + String s1 = "test"; + s1 = s1.replaceAll("t", "x"); // NON_COMPLIANT + s1 = s1.replaceAll(".*", "x"); // COMPLIANT + } +} From ff2947a0e5da92daf993aa32cb8bbe71f4d861cb Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Tue, 25 Mar 2025 11:34:39 +0000 Subject: [PATCH 348/409] Adjust query name --- java/ql/src/Performance/StringReplaceAllWithNonRegex.md | 2 +- java/ql/src/Performance/StringReplaceAllWithNonRegex.ql | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/java/ql/src/Performance/StringReplaceAllWithNonRegex.md b/java/ql/src/Performance/StringReplaceAllWithNonRegex.md index b38ee002f97..d9e8c722782 100644 --- a/java/ql/src/Performance/StringReplaceAllWithNonRegex.md +++ b/java/ql/src/Performance/StringReplaceAllWithNonRegex.md @@ -1,4 +1,4 @@ -# J-STR-001: Use of `String.replaceAll` with a first argument of a non regular expression +# Use of `String#replaceAll` with a first argument which is not a regular expression Using `String.replaceAll` is less performant than `String.replace` when the first argument is not a regular expression. diff --git a/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql b/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql index d5d4c63cc6e..02768d6817e 100644 --- a/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql +++ b/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql @@ -1,6 +1,6 @@ /** * @id java/string-replace-all-with-non-regex - * @name J-STR-001: Use of `String#replaceAll` with a first argument of a non regular expression + * @name Use of `String#replaceAll` with a first argument which is not a regular expression * @description Using `String#replaceAll` is less performant than `String#replace` when the first * argument is not a regular expression. * @kind problem From b5b252b10f7f8ae735c093a03c3ce3feadb83cee Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Tue, 25 Mar 2025 11:36:37 +0000 Subject: [PATCH 349/409] Convert test to inline expectations --- .../StringReplaceAllWithNonRegex.qlref | 3 ++- .../test/query-tests/StringReplaceAllWithNonRegex/Test.java | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/java/ql/test/query-tests/StringReplaceAllWithNonRegex/StringReplaceAllWithNonRegex.qlref b/java/ql/test/query-tests/StringReplaceAllWithNonRegex/StringReplaceAllWithNonRegex.qlref index c82994caef5..7737507b19e 100644 --- a/java/ql/test/query-tests/StringReplaceAllWithNonRegex/StringReplaceAllWithNonRegex.qlref +++ b/java/ql/test/query-tests/StringReplaceAllWithNonRegex/StringReplaceAllWithNonRegex.qlref @@ -1 +1,2 @@ -Performance/StringReplaceAllWithNonRegex.ql +query: Performance/StringReplaceAllWithNonRegex.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql diff --git a/java/ql/test/query-tests/StringReplaceAllWithNonRegex/Test.java b/java/ql/test/query-tests/StringReplaceAllWithNonRegex/Test.java index e2734f10135..e3d9dafb531 100644 --- a/java/ql/test/query-tests/StringReplaceAllWithNonRegex/Test.java +++ b/java/ql/test/query-tests/StringReplaceAllWithNonRegex/Test.java @@ -1,7 +1,7 @@ public class Test { void f() { String s1 = "test"; - s1 = s1.replaceAll("t", "x"); // NON_COMPLIANT - s1 = s1.replaceAll(".*", "x"); // COMPLIANT + s1 = s1.replaceAll("t", "x"); // $ Alert + s1 = s1.replaceAll(".*", "x"); } } From 441c79ebdf999dfb4802dcf2a418770da72eff17 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Tue, 25 Mar 2025 11:38:07 +0000 Subject: [PATCH 350/409] Use existing class StringReplaceAllCall --- java/ql/src/Performance/StringReplaceAllWithNonRegex.ql | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql b/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql index 02768d6817e..a5918c642ea 100644 --- a/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql +++ b/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql @@ -11,9 +11,8 @@ import java -from MethodCall replaceAllCall +from StringReplaceAllCall replaceAllCall where - replaceAllCall.getMethod().hasQualifiedName("java.lang", "String", "replaceAll") and //only contains characters that could be a simple string replaceAllCall.getArgument(0).(StringLiteral).getValue().regexpMatch("^[a-zA-Z0-9]+$") select replaceAllCall, From fea3d10b97a7d8659b22ce46778f5d550786024b Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Tue, 25 Mar 2025 11:41:59 +0000 Subject: [PATCH 351/409] Update qhelp --- java/ql/src/Performance/StringReplaceAllWithNonRegex.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/java/ql/src/Performance/StringReplaceAllWithNonRegex.md b/java/ql/src/Performance/StringReplaceAllWithNonRegex.md index d9e8c722782..b5b35fcceff 100644 --- a/java/ql/src/Performance/StringReplaceAllWithNonRegex.md +++ b/java/ql/src/Performance/StringReplaceAllWithNonRegex.md @@ -1,14 +1,14 @@ # Use of `String#replaceAll` with a first argument which is not a regular expression -Using `String.replaceAll` is less performant than `String.replace` when the first argument is not a regular expression. +Using `String#replaceAll` is less performant than `String#replace` when the first argument is not a regular expression. ## Overview -The underlying implementation of `String.replaceAll` uses `Pattern.compile` and expects a regular expression as its first argument. However in cases where the argument could be represented by just a plain `String` that does not represent an interesting regular expression, a call to `String.replace` may be more performant as it does not need to compile the regular expression. +The underlying implementation of `String#replaceAll` uses `Pattern#compile` and expects a regular expression as its first argument. However in cases where the argument could be represented by just a plain `String` that does not represent an interesting regular expression, a call to `String#replace` may be more performant as it does not need to compile the regular expression. ## Recommendation -Use `String.replace` instead where a `replaceAll` call uses a trivial string as its first argument. +Use `String#replace` instead where a `replaceAll` call uses a trivial string as its first argument. ## Example @@ -25,4 +25,4 @@ public class Test { ## References -- [String.replaceAll](https://docs.oracle.com/en/java/javase/20/docs/api/java.base/java/lang/String.html#replaceAll(java.lang.String,java.lang.String)) +- Java SE Documentation: [String.replaceAll](https://docs.oracle.com/en/java/javase/20/docs/api/java.base/java/lang/String.html#replaceAll(java.lang.String,java.lang.String)). From 042fe074944033bb6d0ce7ff2fe7ab3cb96b382b Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Tue, 25 Mar 2025 11:50:42 +0000 Subject: [PATCH 352/409] Adjust alert message --- java/ql/src/Performance/StringReplaceAllWithNonRegex.ql | 8 +++++--- .../StringReplaceAllWithNonRegex.expected | 2 +- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql b/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql index a5918c642ea..49198bc5219 100644 --- a/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql +++ b/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql @@ -11,9 +11,11 @@ import java -from StringReplaceAllCall replaceAllCall +from StringReplaceAllCall replaceAllCall, StringLiteral firstArg where + firstArg = replaceAllCall.getArgument(0) and //only contains characters that could be a simple string - replaceAllCall.getArgument(0).(StringLiteral).getValue().regexpMatch("^[a-zA-Z0-9]+$") + firstArg.getValue().regexpMatch("^[a-zA-Z0-9]+$") select replaceAllCall, - "Call to 'replaceAll' uses an argument comprised of plain string characters only." + "This call to 'replaceAll' should be a call `replace` as its $@ is not a regular expression.", + firstArg, "first argument" diff --git a/java/ql/test/query-tests/StringReplaceAllWithNonRegex/StringReplaceAllWithNonRegex.expected b/java/ql/test/query-tests/StringReplaceAllWithNonRegex/StringReplaceAllWithNonRegex.expected index f47e86d1f0e..c64ee0db334 100644 --- a/java/ql/test/query-tests/StringReplaceAllWithNonRegex/StringReplaceAllWithNonRegex.expected +++ b/java/ql/test/query-tests/StringReplaceAllWithNonRegex/StringReplaceAllWithNonRegex.expected @@ -1 +1 @@ -| Test.java:4:14:4:36 | replaceAll(...) | Call to 'replaceAll' uses an argument comprised of plain string characters only. | +| Test.java:4:14:4:36 | replaceAll(...) | This call to 'replaceAll' should be a call `replace` as its $@ is not a regular expression. | Test.java:4:28:4:30 | "t" | first argument | From c4e56b1ec8cf4911577cc72f9d6809c3e18efe3e Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Tue, 25 Mar 2025 13:44:21 +0000 Subject: [PATCH 353/409] Add quality and cwe tag to query CWE-1176: Inefficient CPU Computation --- java/ql/src/Performance/StringReplaceAllWithNonRegex.md | 1 + java/ql/src/Performance/StringReplaceAllWithNonRegex.ql | 2 ++ 2 files changed, 3 insertions(+) diff --git a/java/ql/src/Performance/StringReplaceAllWithNonRegex.md b/java/ql/src/Performance/StringReplaceAllWithNonRegex.md index b5b35fcceff..4b14303bd7a 100644 --- a/java/ql/src/Performance/StringReplaceAllWithNonRegex.md +++ b/java/ql/src/Performance/StringReplaceAllWithNonRegex.md @@ -26,3 +26,4 @@ public class Test { ## References - Java SE Documentation: [String.replaceAll](https://docs.oracle.com/en/java/javase/20/docs/api/java.base/java/lang/String.html#replaceAll(java.lang.String,java.lang.String)). +- Common Weakness Enumeration: [CWE-1176](https://cwe.mitre.org/data/definitions/1176.html) diff --git a/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql b/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql index 49198bc5219..3f0fb5829dd 100644 --- a/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql +++ b/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql @@ -7,6 +7,8 @@ * @precision very-high * @problem.severity recommendation * @tags performance + * quality + * external/cwe/cwe-1176 */ import java From 626a7d50074befe1092981198c7ca7d8d67ac310 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Wed, 26 Mar 2025 10:19:31 +0000 Subject: [PATCH 354/409] Fix punctuation --- java/ql/src/Performance/StringReplaceAllWithNonRegex.md | 2 +- java/ql/src/Performance/StringReplaceAllWithNonRegex.ql | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/java/ql/src/Performance/StringReplaceAllWithNonRegex.md b/java/ql/src/Performance/StringReplaceAllWithNonRegex.md index 4b14303bd7a..a297ad519f8 100644 --- a/java/ql/src/Performance/StringReplaceAllWithNonRegex.md +++ b/java/ql/src/Performance/StringReplaceAllWithNonRegex.md @@ -26,4 +26,4 @@ public class Test { ## References - Java SE Documentation: [String.replaceAll](https://docs.oracle.com/en/java/javase/20/docs/api/java.base/java/lang/String.html#replaceAll(java.lang.String,java.lang.String)). -- Common Weakness Enumeration: [CWE-1176](https://cwe.mitre.org/data/definitions/1176.html) +- Common Weakness Enumeration: [CWE-1176](https://cwe.mitre.org/data/definitions/1176.html). diff --git a/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql b/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql index 3f0fb5829dd..d02a7ff0a08 100644 --- a/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql +++ b/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql @@ -19,5 +19,5 @@ where //only contains characters that could be a simple string firstArg.getValue().regexpMatch("^[a-zA-Z0-9]+$") select replaceAllCall, - "This call to 'replaceAll' should be a call `replace` as its $@ is not a regular expression.", + "This call to 'replaceAll' should be a call to 'replace' as its $@ is not a regular expression.", firstArg, "first argument" From 04ec1d783062d709442d60fa9789977139ebff45 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Wed, 26 Mar 2025 11:01:09 +0000 Subject: [PATCH 355/409] Update test expectations --- .../StringReplaceAllWithNonRegex.expected | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/ql/test/query-tests/StringReplaceAllWithNonRegex/StringReplaceAllWithNonRegex.expected b/java/ql/test/query-tests/StringReplaceAllWithNonRegex/StringReplaceAllWithNonRegex.expected index c64ee0db334..944dd3d23a3 100644 --- a/java/ql/test/query-tests/StringReplaceAllWithNonRegex/StringReplaceAllWithNonRegex.expected +++ b/java/ql/test/query-tests/StringReplaceAllWithNonRegex/StringReplaceAllWithNonRegex.expected @@ -1 +1 @@ -| Test.java:4:14:4:36 | replaceAll(...) | This call to 'replaceAll' should be a call `replace` as its $@ is not a regular expression. | Test.java:4:28:4:30 | "t" | first argument | +| Test.java:4:14:4:36 | replaceAll(...) | This call to 'replaceAll' should be a call to 'replace' as its $@ is not a regular expression. | Test.java:4:28:4:30 | "t" | first argument | From e1c5517de71b8f73338c9dcd02582ddb20a03dcb Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 27 Mar 2025 11:40:53 +0000 Subject: [PATCH 356/409] Keep COMPLIANT and NON_COMPLIANT comments in test --- .../test/query-tests/StringReplaceAllWithNonRegex/Test.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/java/ql/test/query-tests/StringReplaceAllWithNonRegex/Test.java b/java/ql/test/query-tests/StringReplaceAllWithNonRegex/Test.java index e3d9dafb531..1465343b8c2 100644 --- a/java/ql/test/query-tests/StringReplaceAllWithNonRegex/Test.java +++ b/java/ql/test/query-tests/StringReplaceAllWithNonRegex/Test.java @@ -1,7 +1,7 @@ public class Test { void f() { String s1 = "test"; - s1 = s1.replaceAll("t", "x"); // $ Alert - s1 = s1.replaceAll(".*", "x"); + s1 = s1.replaceAll("t", "x"); // $ Alert // NON_COMPLIANT + s1 = s1.replaceAll(".*", "x"); // COMPLIANT } } From 3ea5cc1b66670181d96e5cd7e28ca69933f06d13 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 27 Mar 2025 16:00:05 +0000 Subject: [PATCH 357/409] Add query to code-quality query suite --- java/ql/src/codeql-suites/java-code-quality.qls | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/java/ql/src/codeql-suites/java-code-quality.qls b/java/ql/src/codeql-suites/java-code-quality.qls index ac1f52624c4..0f6151a5e8d 100644 --- a/java/ql/src/codeql-suites/java-code-quality.qls +++ b/java/ql/src/codeql-suites/java-code-quality.qls @@ -11,4 +11,5 @@ - java/unused-container - java/input-resource-leak - java/output-resource-leak - - java/type-variable-hides-type \ No newline at end of file + - java/type-variable-hides-type + - java/string-replace-all-with-non-regex From ad89e7980ef1d3eb05bd5917de0aad9db81da668 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Mon, 31 Mar 2025 22:45:02 +0100 Subject: [PATCH 358/409] Tweak documentation --- java/ql/src/Performance/StringReplaceAllWithNonRegex.md | 2 +- java/ql/src/Performance/StringReplaceAllWithNonRegex.ql | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/java/ql/src/Performance/StringReplaceAllWithNonRegex.md b/java/ql/src/Performance/StringReplaceAllWithNonRegex.md index a297ad519f8..6e298b4955b 100644 --- a/java/ql/src/Performance/StringReplaceAllWithNonRegex.md +++ b/java/ql/src/Performance/StringReplaceAllWithNonRegex.md @@ -4,7 +4,7 @@ Using `String#replaceAll` is less performant than `String#replace` when the firs ## Overview -The underlying implementation of `String#replaceAll` uses `Pattern#compile` and expects a regular expression as its first argument. However in cases where the argument could be represented by just a plain `String` that does not represent an interesting regular expression, a call to `String#replace` may be more performant as it does not need to compile the regular expression. +The `String#replaceAll` method is designed to work with regular expressions as its first parameter. When you use a simple string without any regex patterns (like special characters or syntax), it's more efficient to use `String#replace` instead. This is because `replaceAll` has to compile the input as a regular expression first, which adds unnecessary overhead when you are just replacing literal text. ## Recommendation diff --git a/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql b/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql index d02a7ff0a08..3f662b60cf3 100644 --- a/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql +++ b/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql @@ -1,8 +1,8 @@ /** * @id java/string-replace-all-with-non-regex * @name Use of `String#replaceAll` with a first argument which is not a regular expression - * @description Using `String#replaceAll` is less performant than `String#replace` when the first - * argument is not a regular expression. + * @description Using `String#replaceAll` with a first argument which is not a regular expression + * is less efficient than using `String#replace`. * @kind problem * @precision very-high * @problem.severity recommendation From 576f4cf19f92f82960ff55283229763c432a2576 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 10 Apr 2025 12:20:31 +0100 Subject: [PATCH 359/409] Update tags --- java/ql/src/Performance/StringReplaceAllWithNonRegex.ql | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql b/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql index 3f662b60cf3..bc05b3bf063 100644 --- a/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql +++ b/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql @@ -6,8 +6,9 @@ * @kind problem * @precision very-high * @problem.severity recommendation - * @tags performance - * quality + * @tags quality + * reliability + * performance * external/cwe/cwe-1176 */ From acfcc6d490b985e3726a0a29d9748a686df8368f Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 10 Apr 2025 12:35:42 +0100 Subject: [PATCH 360/409] Sort ids in `java-code-quality.qls` --- java/ql/src/codeql-suites/java-code-quality.qls | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/java/ql/src/codeql-suites/java-code-quality.qls b/java/ql/src/codeql-suites/java-code-quality.qls index 0f6151a5e8d..2eafe785532 100644 --- a/java/ql/src/codeql-suites/java-code-quality.qls +++ b/java/ql/src/codeql-suites/java-code-quality.qls @@ -1,15 +1,15 @@ - queries: . - include: id: - - java/suspicious-date-format - - java/integer-multiplication-cast-to-long - - java/equals-on-unrelated-types - java/contradictory-type-checks - - java/reference-equality-of-boxed-types + - java/equals-on-unrelated-types - java/inconsistent-equals-and-hashcode + - java/input-resource-leak + - java/integer-multiplication-cast-to-long + - java/output-resource-leak + - java/reference-equality-of-boxed-types + - java/string-replace-all-with-non-regex + - java/suspicious-date-format + - java/type-variable-hides-type - java/unchecked-cast-in-equals - java/unused-container - - java/input-resource-leak - - java/output-resource-leak - - java/type-variable-hides-type - - java/string-replace-all-with-non-regex From 78a26cfdb2bb06c4fc3120f2b94762238a157367 Mon Sep 17 00:00:00 2001 From: Felicity Chapman Date: Thu, 10 Apr 2025 13:09:51 +0100 Subject: [PATCH 361/409] Update index.rst --- docs/codeql/query-help/index.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/codeql/query-help/index.rst b/docs/codeql/query-help/index.rst index f9408d1913c..685b7551ea3 100644 --- a/docs/codeql/query-help/index.rst +++ b/docs/codeql/query-help/index.rst @@ -29,9 +29,9 @@ For a full list of the CWEs covered by these queries, see ":doc:`CodeQL CWE cove :hidden: :titlesonly: - actions cpp csharp + actions go java javascript From 171a84609e4ad54ae6cb6dc66fc680ee33883a59 Mon Sep 17 00:00:00 2001 From: Napalys Date: Thu, 10 Apr 2025 14:13:48 +0200 Subject: [PATCH 362/409] Applied copilot suggestion. --- .../Security/CWE-022/TaintedPath/TaintedPath.expected | 6 +++--- .../query-tests/Security/CWE-022/TaintedPath/make-dir.js | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected index 02fc6c0ce95..08bf15800da 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/TaintedPath.expected @@ -52,7 +52,7 @@ | handlebars.js:11:32:11:39 | filePath | handlebars.js:29:46:29:60 | req.params.path | handlebars.js:11:32:11:39 | filePath | This path depends on a $@. | handlebars.js:29:46:29:60 | req.params.path | user-provided value | | handlebars.js:15:25:15:32 | filePath | handlebars.js:43:15:43:29 | req.params.path | handlebars.js:15:25:15:32 | filePath | This path depends on a $@. | handlebars.js:43:15:43:29 | req.params.path | user-provided value | | hapi.js:15:44:15:51 | filepath | hapi.js:14:30:14:51 | request ... ilepath | hapi.js:15:44:15:51 | filepath | This path depends on a $@. | hapi.js:14:30:14:51 | request ... ilepath | user-provided value | -| make-dir.js:9:19:9:22 | file | make-dir.js:7:18:7:31 | req.query.file | make-dir.js:9:19:9:22 | file | This path depends on a $@. | make-dir.js:7:18:7:31 | req.query.file | user-provided value | +| make-dir.js:9:25:9:28 | file | make-dir.js:7:18:7:31 | req.query.file | make-dir.js:9:25:9:28 | file | This path depends on a $@. | make-dir.js:7:18:7:31 | req.query.file | user-provided value | | make-dir.js:10:23:10:26 | file | make-dir.js:7:18:7:31 | req.query.file | make-dir.js:10:23:10:26 | file | This path depends on a $@. | make-dir.js:7:18:7:31 | req.query.file | user-provided value | | mkdirp.js:11:12:11:18 | dirPath | mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:11:12:11:18 | dirPath | This path depends on a $@. | mkdirp.js:9:42:9:59 | req.query.filename | user-provided value | | mkdirp.js:12:17:12:23 | dirPath | mkdirp.js:9:42:9:59 | req.query.filename | mkdirp.js:12:17:12:23 | dirPath | This path depends on a $@. | mkdirp.js:9:42:9:59 | req.query.filename | user-provided value | @@ -405,7 +405,7 @@ edges | handlebars.js:43:15:43:29 | req.params.path | handlebars.js:13:73:13:80 | filePath | provenance | | | hapi.js:14:19:14:51 | filepath | hapi.js:15:44:15:51 | filepath | provenance | | | hapi.js:14:30:14:51 | request ... ilepath | hapi.js:14:19:14:51 | filepath | provenance | | -| make-dir.js:7:11:7:31 | file | make-dir.js:9:19:9:22 | file | provenance | | +| make-dir.js:7:11:7:31 | file | make-dir.js:9:25:9:28 | file | provenance | | | make-dir.js:7:11:7:31 | file | make-dir.js:10:23:10:26 | file | provenance | | | make-dir.js:7:18:7:31 | req.query.file | make-dir.js:7:11:7:31 | file | provenance | | | mkdirp.js:9:11:9:76 | dirPath | mkdirp.js:11:12:11:18 | dirPath | provenance | | @@ -956,7 +956,7 @@ nodes | hapi.js:15:44:15:51 | filepath | semmle.label | filepath | | make-dir.js:7:11:7:31 | file | semmle.label | file | | make-dir.js:7:18:7:31 | req.query.file | semmle.label | req.query.file | -| make-dir.js:9:19:9:22 | file | semmle.label | file | +| make-dir.js:9:25:9:28 | file | semmle.label | file | | make-dir.js:10:23:10:26 | file | semmle.label | file | | mkdirp.js:9:11:9:76 | dirPath | semmle.label | dirPath | | mkdirp.js:9:21:9:76 | path.jo ... ltDir') | semmle.label | path.jo ... ltDir') | diff --git a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/make-dir.js b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/make-dir.js index 59b0cfe8d8c..2306e00bcae 100644 --- a/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/make-dir.js +++ b/javascript/ql/test/query-tests/Security/CWE-022/TaintedPath/make-dir.js @@ -3,9 +3,9 @@ import { makeDirectory, makeDirectorySync } from 'make-dir'; const express = require('express'); const app = express(); -app.get('/makedir', (req, res) => { +app.get('/makedir', async (req, res) => { const file = req.query.file; // $ Source - makeDirectory(file); // $ Alert + await makeDirectory(file); // $ Alert makeDirectorySync(file); // $ Alert }); From 81cba7fa2f8e873ec8532004426aa17efafa2410 Mon Sep 17 00:00:00 2001 From: Napalys Date: Mon, 31 Mar 2025 13:50:56 +0200 Subject: [PATCH 363/409] Added test cases with missing alerts for `Request` and `NextRequest`. --- .../Request/app/api/proxy/route.serverSide.ts | 5 +++++ .../Request/app/api/proxy/route2.serverSide.ts | 8 ++++++++ .../Security/CWE-918/Request/package.json | 13 +++++++++++++ 3 files changed, 26 insertions(+) create mode 100644 javascript/ql/test/query-tests/Security/CWE-918/Request/app/api/proxy/route.serverSide.ts create mode 100644 javascript/ql/test/query-tests/Security/CWE-918/Request/app/api/proxy/route2.serverSide.ts create mode 100644 javascript/ql/test/query-tests/Security/CWE-918/Request/package.json diff --git a/javascript/ql/test/query-tests/Security/CWE-918/Request/app/api/proxy/route.serverSide.ts b/javascript/ql/test/query-tests/Security/CWE-918/Request/app/api/proxy/route.serverSide.ts new file mode 100644 index 00000000000..bfee2442afb --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-918/Request/app/api/proxy/route.serverSide.ts @@ -0,0 +1,5 @@ +export async function POST(req: Request) { + const { url } = await req.json(); // $ MISSING: Source[js/request-forgery] + const res = await fetch(url); // $ MISSING: Alert[js/request-forgery] Sink[js/request-forgery] + return new Response(res.body, { headers: res.headers }); +} diff --git a/javascript/ql/test/query-tests/Security/CWE-918/Request/app/api/proxy/route2.serverSide.ts b/javascript/ql/test/query-tests/Security/CWE-918/Request/app/api/proxy/route2.serverSide.ts new file mode 100644 index 00000000000..7b212a73542 --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-918/Request/app/api/proxy/route2.serverSide.ts @@ -0,0 +1,8 @@ +import { NextRequest, NextResponse } from 'next/server'; + +export async function POST(req: NextRequest) { + const { url } = await req.json(); // $ MISSING: Source[js/request-forgery] + const res = await fetch(url); // $ MISSING: Alert[js/request-forgery] Sink[js/request-forgery] + const data = await res.text(); + return new NextResponse(data, { headers: res.headers }); +} diff --git a/javascript/ql/test/query-tests/Security/CWE-918/Request/package.json b/javascript/ql/test/query-tests/Security/CWE-918/Request/package.json new file mode 100644 index 00000000000..329c7acb823 --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-918/Request/package.json @@ -0,0 +1,13 @@ +{ + "name": "next-edge-proxy-app", + "version": "0.1.0", + "private": true, + "scripts": { + "dev": "next dev", + "build": "next build", + "start": "next start" + }, + "dependencies": { + "next": "15.1.7" + } +} From 63a3953b0cdab643d356ad4234c4f18510cfbc03 Mon Sep 17 00:00:00 2001 From: Napalys Date: Mon, 31 Mar 2025 13:57:43 +0200 Subject: [PATCH 364/409] Enhance Next.js API endpoint handling for compatibility with both Pages and App Router structures. --- .../lib/semmle/javascript/frameworks/Next.qll | 58 ++++++++++++++++++- .../Request/app/api/proxy/route.serverSide.ts | 4 +- .../app/api/proxy/route2.serverSide.ts | 4 +- .../Security/CWE-918/RequestForgery.expected | 20 +++++++ 4 files changed, 80 insertions(+), 6 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Next.qll b/javascript/ql/lib/semmle/javascript/frameworks/Next.qll index 8fce608a970..6333c9442d8 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/Next.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/Next.qll @@ -213,10 +213,12 @@ module NextJS { /** * Gets a folder that contains API endpoints for a Next.js application. * These API endpoints act as Express-like route-handlers. + * It matches both the Pages Router (`pages/api/`) Next.js 12 or earlier and + * the App Router (`app/api/`) Next.js 13+ structures. */ Folder apiFolder() { - result = getANextPackage().getFile().getParentContainer().getFolder("pages").getFolder("api") - or + result = + getANextPackage().getFile().getParentContainer().getFolder(["pages", "app"]).getFolder("api") or result = apiFolder().getAFolder() } @@ -271,4 +273,56 @@ module NextJS { override string getCredentialsKind() { result = "jwt key" } } } + + /** + * A route handler for Next.js 13+ App Router API endpoints, which are defined by exporting + * HTTP method functions (like `GET`, `POST`, `PUT`, `DELETE`) from route.js files inside + * the `app/api/` directory. + */ + class NextAppRouteHandler extends DataFlow::FunctionNode, Http::Servers::StandardRouteHandler { + NextAppRouteHandler() { + exists(Module mod | mod.getFile().getParentContainer() = apiFolder() | + this = mod.getAnExportedValue(any(Http::RequestMethodName m)).getAFunctionValue() and + ( + this.getParameter(0).hasUnderlyingType("next/server", "NextRequest") + or + this.getParameter(0).hasUnderlyingType("Request") + ) + ) + } + + /** + * Gets the request parameter, which is either a `NextRequest` object (from `next/server`) or a standard web `Request` object. + */ + DataFlow::SourceNode getRequest() { result = this.getParameter(0) } + } + + /** + * A source of user-controlled data from a `NextRequest` object (from `next/server`) or a standard web `Request` object + * in a Next.js App Router route handler. + */ + class NextAppRequestSource extends Http::RequestInputAccess { + NextAppRouteHandler handler; + string kind; + + NextAppRequestSource() { + ( + this = + handler.getRequest().getAMethodCall(["json", "formData", "blob", "arrayBuffer", "text"]) + or + this = handler.getRequest().getAPropertyRead("body") + ) and + kind = "body" + or + this = handler.getRequest().getAPropertyRead(["url", "nextUrl"]) and kind = "url" + or + this = handler.getRequest().getAPropertyRead("headers") and kind = "headers" + } + + override string getKind() { result = kind } + + override Http::RouteHandler getRouteHandler() { result = handler } + + override string getSourceType() { result = "Next.js App Router request" } + } } diff --git a/javascript/ql/test/query-tests/Security/CWE-918/Request/app/api/proxy/route.serverSide.ts b/javascript/ql/test/query-tests/Security/CWE-918/Request/app/api/proxy/route.serverSide.ts index bfee2442afb..f3d05b7e5aa 100644 --- a/javascript/ql/test/query-tests/Security/CWE-918/Request/app/api/proxy/route.serverSide.ts +++ b/javascript/ql/test/query-tests/Security/CWE-918/Request/app/api/proxy/route.serverSide.ts @@ -1,5 +1,5 @@ export async function POST(req: Request) { - const { url } = await req.json(); // $ MISSING: Source[js/request-forgery] - const res = await fetch(url); // $ MISSING: Alert[js/request-forgery] Sink[js/request-forgery] + const { url } = await req.json(); // $ Source[js/request-forgery] + const res = await fetch(url); // $ Alert[js/request-forgery] Sink[js/request-forgery] return new Response(res.body, { headers: res.headers }); } diff --git a/javascript/ql/test/query-tests/Security/CWE-918/Request/app/api/proxy/route2.serverSide.ts b/javascript/ql/test/query-tests/Security/CWE-918/Request/app/api/proxy/route2.serverSide.ts index 7b212a73542..051ba67e401 100644 --- a/javascript/ql/test/query-tests/Security/CWE-918/Request/app/api/proxy/route2.serverSide.ts +++ b/javascript/ql/test/query-tests/Security/CWE-918/Request/app/api/proxy/route2.serverSide.ts @@ -1,8 +1,8 @@ import { NextRequest, NextResponse } from 'next/server'; export async function POST(req: NextRequest) { - const { url } = await req.json(); // $ MISSING: Source[js/request-forgery] - const res = await fetch(url); // $ MISSING: Alert[js/request-forgery] Sink[js/request-forgery] + const { url } = await req.json(); // $ Source[js/request-forgery] + const res = await fetch(url); // $ Alert[js/request-forgery] Sink[js/request-forgery] const data = await res.text(); return new NextResponse(data, { headers: res.headers }); } diff --git a/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected b/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected index 78b02c5f7db..b8436fa6722 100644 --- a/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected +++ b/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected @@ -1,4 +1,6 @@ #select +| Request/app/api/proxy/route2.serverSide.ts:5:21:5:30 | fetch(url) | Request/app/api/proxy/route2.serverSide.ts:4:25:4:34 | req.json() | Request/app/api/proxy/route2.serverSide.ts:5:27:5:29 | url | The $@ of this request depends on a $@. | Request/app/api/proxy/route2.serverSide.ts:5:27:5:29 | url | URL | Request/app/api/proxy/route2.serverSide.ts:4:25:4:34 | req.json() | user-provided value | +| Request/app/api/proxy/route.serverSide.ts:3:21:3:30 | fetch(url) | Request/app/api/proxy/route.serverSide.ts:2:25:2:34 | req.json() | Request/app/api/proxy/route.serverSide.ts:3:27:3:29 | url | The $@ of this request depends on a $@. | Request/app/api/proxy/route.serverSide.ts:3:27:3:29 | url | URL | Request/app/api/proxy/route.serverSide.ts:2:25:2:34 | req.json() | user-provided value | | apollo.serverSide.ts:8:39:8:64 | get(fil ... => {}) | apollo.serverSide.ts:7:36:7:44 | { files } | apollo.serverSide.ts:8:43:8:50 | file.url | The $@ of this request depends on a $@. | apollo.serverSide.ts:8:43:8:50 | file.url | URL | apollo.serverSide.ts:7:36:7:44 | { files } | user-provided value | | apollo.serverSide.ts:18:37:18:62 | get(fil ... => {}) | apollo.serverSide.ts:17:34:17:42 | { files } | apollo.serverSide.ts:18:41:18:48 | file.url | The $@ of this request depends on a $@. | apollo.serverSide.ts:18:41:18:48 | file.url | URL | apollo.serverSide.ts:17:34:17:42 | { files } | user-provided value | | axiosInterceptors.serverSide.js:11:26:11:40 | userProvidedUrl | axiosInterceptors.serverSide.js:19:21:19:28 | req.body | axiosInterceptors.serverSide.js:11:26:11:40 | userProvidedUrl | The $@ of this request depends on a $@. | axiosInterceptors.serverSide.js:11:26:11:40 | userProvidedUrl | endpoint | axiosInterceptors.serverSide.js:19:21:19:28 | req.body | user-provided value | @@ -27,6 +29,14 @@ | serverSide.js:125:5:128:6 | axios({ ... \\n }) | serverSide.js:123:29:123:35 | req.url | serverSide.js:127:14:127:20 | tainted | The $@ of this request depends on a $@. | serverSide.js:127:14:127:20 | tainted | URL | serverSide.js:123:29:123:35 | req.url | user-provided value | | serverSide.js:131:5:131:20 | axios.get(myUrl) | serverSide.js:123:29:123:35 | req.url | serverSide.js:131:15:131:19 | myUrl | The $@ of this request depends on a $@. | serverSide.js:131:15:131:19 | myUrl | URL | serverSide.js:123:29:123:35 | req.url | user-provided value | edges +| Request/app/api/proxy/route2.serverSide.ts:4:9:4:15 | { url } | Request/app/api/proxy/route2.serverSide.ts:4:9:4:34 | url | provenance | | +| Request/app/api/proxy/route2.serverSide.ts:4:9:4:34 | url | Request/app/api/proxy/route2.serverSide.ts:5:27:5:29 | url | provenance | | +| Request/app/api/proxy/route2.serverSide.ts:4:19:4:34 | await req.json() | Request/app/api/proxy/route2.serverSide.ts:4:9:4:15 | { url } | provenance | | +| Request/app/api/proxy/route2.serverSide.ts:4:25:4:34 | req.json() | Request/app/api/proxy/route2.serverSide.ts:4:19:4:34 | await req.json() | provenance | | +| Request/app/api/proxy/route.serverSide.ts:2:9:2:15 | { url } | Request/app/api/proxy/route.serverSide.ts:2:9:2:34 | url | provenance | | +| Request/app/api/proxy/route.serverSide.ts:2:9:2:34 | url | Request/app/api/proxy/route.serverSide.ts:3:27:3:29 | url | provenance | | +| Request/app/api/proxy/route.serverSide.ts:2:19:2:34 | await req.json() | Request/app/api/proxy/route.serverSide.ts:2:9:2:15 | { url } | provenance | | +| Request/app/api/proxy/route.serverSide.ts:2:25:2:34 | req.json() | Request/app/api/proxy/route.serverSide.ts:2:19:2:34 | await req.json() | provenance | | | apollo.serverSide.ts:7:36:7:44 | files | apollo.serverSide.ts:8:13:8:17 | files | provenance | | | apollo.serverSide.ts:7:36:7:44 | { files } | apollo.serverSide.ts:7:36:7:44 | files | provenance | | | apollo.serverSide.ts:8:13:8:17 | files | apollo.serverSide.ts:8:28:8:31 | file | provenance | | @@ -91,6 +101,16 @@ edges | serverSide.js:130:9:130:45 | myUrl | serverSide.js:131:15:131:19 | myUrl | provenance | | | serverSide.js:130:37:130:43 | tainted | serverSide.js:130:9:130:45 | myUrl | provenance | | nodes +| Request/app/api/proxy/route2.serverSide.ts:4:9:4:15 | { url } | semmle.label | { url } | +| Request/app/api/proxy/route2.serverSide.ts:4:9:4:34 | url | semmle.label | url | +| Request/app/api/proxy/route2.serverSide.ts:4:19:4:34 | await req.json() | semmle.label | await req.json() | +| Request/app/api/proxy/route2.serverSide.ts:4:25:4:34 | req.json() | semmle.label | req.json() | +| Request/app/api/proxy/route2.serverSide.ts:5:27:5:29 | url | semmle.label | url | +| Request/app/api/proxy/route.serverSide.ts:2:9:2:15 | { url } | semmle.label | { url } | +| Request/app/api/proxy/route.serverSide.ts:2:9:2:34 | url | semmle.label | url | +| Request/app/api/proxy/route.serverSide.ts:2:19:2:34 | await req.json() | semmle.label | await req.json() | +| Request/app/api/proxy/route.serverSide.ts:2:25:2:34 | req.json() | semmle.label | req.json() | +| Request/app/api/proxy/route.serverSide.ts:3:27:3:29 | url | semmle.label | url | | apollo.serverSide.ts:7:36:7:44 | files | semmle.label | files | | apollo.serverSide.ts:7:36:7:44 | { files } | semmle.label | { files } | | apollo.serverSide.ts:8:13:8:17 | files | semmle.label | files | From a1dc87496a02c1eeb538630fd867c8a189256fd9 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 10 Apr 2025 13:56:38 +0100 Subject: [PATCH 365/409] Shared: Replace a 'count' with a 'strictcount' to prevent a CP when testing on C++. --- .../codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll b/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll index 0678d07e7f4..61b6b2434dc 100644 --- a/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll +++ b/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll @@ -687,7 +687,7 @@ module MakeModelGenerator< private DataFlow::ParameterNode parameter; ContentDataFlowSummaryTargetApi() { - count(string input, string output | + strictcount(string input, string output | exists( PropagateContentFlow::AccessPath reads, ReturnNodeExt returnNodeExt, PropagateContentFlow::AccessPath stores From 8acb0243ada91759d96d24121dc625d5b39db9a2 Mon Sep 17 00:00:00 2001 From: Napalys Date: Tue, 1 Apr 2025 14:14:27 +0200 Subject: [PATCH 366/409] Added test cases for `NextResponse` and `Response` --- .../ReflectedXss/ReflectedXss.expected | 17 ++++++++++ .../ReflectedXssWithCustomSanitizer.expected | 4 +++ .../CWE-079/ReflectedXss/app/api/route.ts | 30 +++++++++++++++++ .../ReflectedXss/app/api/routeNextRequest.ts | 32 +++++++++++++++++++ 4 files changed, 83 insertions(+) create mode 100644 javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/app/api/route.ts create mode 100644 javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/app/api/routeNextRequest.ts diff --git a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected index 75bef3e1b3b..d4462e6064b 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected @@ -27,6 +27,10 @@ | ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | Cross-site scripting vulnerability due to a $@. | ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | user-provided value | | ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id | ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id | Cross-site scripting vulnerability due to a $@. | ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | user-provided value | | ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) | ReflectedXssGood3.js:135:15:135:27 | req.params.id | ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) | Cross-site scripting vulnerability due to a $@. | ReflectedXssGood3.js:135:15:135:27 | req.params.id | user-provided value | +| app/api/route.ts:5:18:5:21 | body | app/api/route.ts:2:24:2:33 | req.json() | app/api/route.ts:5:18:5:21 | body | Cross-site scripting vulnerability due to a $@. | app/api/route.ts:2:24:2:33 | req.json() | user-provided value | +| app/api/route.ts:13:18:13:21 | body | app/api/route.ts:2:24:2:33 | req.json() | app/api/route.ts:13:18:13:21 | body | Cross-site scripting vulnerability due to a $@. | app/api/route.ts:2:24:2:33 | req.json() | user-provided value | +| app/api/route.ts:25:18:25:21 | body | app/api/route.ts:2:24:2:33 | req.json() | app/api/route.ts:25:18:25:21 | body | Cross-site scripting vulnerability due to a $@. | app/api/route.ts:2:24:2:33 | req.json() | user-provided value | +| app/api/route.ts:29:25:29:28 | body | app/api/route.ts:2:24:2:33 | req.json() | app/api/route.ts:29:25:29:28 | body | Cross-site scripting vulnerability due to a $@. | app/api/route.ts:2:24:2:33 | req.json() | user-provided value | | etherpad.js:11:12:11:19 | response | etherpad.js:9:16:9:30 | req.query.jsonp | etherpad.js:11:12:11:19 | response | Cross-site scripting vulnerability due to a $@. | etherpad.js:9:16:9:30 | req.query.jsonp | user-provided value | | formatting.js:6:14:6:47 | util.fo ... , evil) | formatting.js:4:16:4:29 | req.query.evil | formatting.js:6:14:6:47 | util.fo ... , evil) | Cross-site scripting vulnerability due to a $@. | formatting.js:4:16:4:29 | req.query.evil | user-provided value | | formatting.js:7:14:7:53 | require ... , evil) | formatting.js:4:16:4:29 | req.query.evil | formatting.js:7:14:7:53 | require ... , evil) | Cross-site scripting vulnerability due to a $@. | formatting.js:4:16:4:29 | req.query.evil | user-provided value | @@ -128,6 +132,12 @@ edges | ReflectedXssGood3.js:135:15:135:27 | req.params.id | ReflectedXssGood3.js:135:9:135:27 | url | provenance | | | ReflectedXssGood3.js:139:24:139:26 | url | ReflectedXssGood3.js:68:22:68:26 | value | provenance | | | ReflectedXssGood3.js:139:24:139:26 | url | ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) | provenance | | +| app/api/route.ts:2:11:2:33 | body | app/api/route.ts:5:18:5:21 | body | provenance | | +| app/api/route.ts:2:11:2:33 | body | app/api/route.ts:13:18:13:21 | body | provenance | | +| app/api/route.ts:2:11:2:33 | body | app/api/route.ts:25:18:25:21 | body | provenance | | +| app/api/route.ts:2:11:2:33 | body | app/api/route.ts:29:25:29:28 | body | provenance | | +| app/api/route.ts:2:18:2:33 | await req.json() | app/api/route.ts:2:11:2:33 | body | provenance | | +| app/api/route.ts:2:24:2:33 | req.json() | app/api/route.ts:2:18:2:33 | await req.json() | provenance | | | etherpad.js:9:5:9:53 | response | etherpad.js:11:12:11:19 | response | provenance | | | etherpad.js:9:16:9:30 | req.query.jsonp | etherpad.js:9:5:9:53 | response | provenance | | | formatting.js:4:9:4:29 | evil | formatting.js:6:43:6:46 | evil | provenance | | @@ -309,6 +319,13 @@ nodes | ReflectedXssGood3.js:135:15:135:27 | req.params.id | semmle.label | req.params.id | | ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) | semmle.label | escapeHtml3(url) | | ReflectedXssGood3.js:139:24:139:26 | url | semmle.label | url | +| app/api/route.ts:2:11:2:33 | body | semmle.label | body | +| app/api/route.ts:2:18:2:33 | await req.json() | semmle.label | await req.json() | +| app/api/route.ts:2:24:2:33 | req.json() | semmle.label | req.json() | +| app/api/route.ts:5:18:5:21 | body | semmle.label | body | +| app/api/route.ts:13:18:13:21 | body | semmle.label | body | +| app/api/route.ts:25:18:25:21 | body | semmle.label | body | +| app/api/route.ts:29:25:29:28 | body | semmle.label | body | | etherpad.js:9:5:9:53 | response | semmle.label | response | | etherpad.js:9:16:9:30 | req.query.jsonp | semmle.label | req.query.jsonp | | etherpad.js:11:12:11:19 | response | semmle.label | response | diff --git a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.expected b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.expected index 5532af3cf11..8fb9524ff45 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.expected @@ -26,6 +26,10 @@ | ReflectedXssContentTypes.js:39:13:39:35 | "FOO: " ... rams.id | Cross-site scripting vulnerability due to $@. | ReflectedXssContentTypes.js:39:23:39:35 | req.params.id | user-provided value | | ReflectedXssContentTypes.js:70:12:70:34 | "FOO: " ... rams.id | Cross-site scripting vulnerability due to $@. | ReflectedXssContentTypes.js:70:22:70:34 | req.params.id | user-provided value | | ReflectedXssGood3.js:139:12:139:27 | escapeHtml3(url) | Cross-site scripting vulnerability due to $@. | ReflectedXssGood3.js:135:15:135:27 | req.params.id | user-provided value | +| app/api/route.ts:5:18:5:21 | body | Cross-site scripting vulnerability due to $@. | app/api/route.ts:2:24:2:33 | req.json() | user-provided value | +| app/api/route.ts:13:18:13:21 | body | Cross-site scripting vulnerability due to $@. | app/api/route.ts:2:24:2:33 | req.json() | user-provided value | +| app/api/route.ts:25:18:25:21 | body | Cross-site scripting vulnerability due to $@. | app/api/route.ts:2:24:2:33 | req.json() | user-provided value | +| app/api/route.ts:29:25:29:28 | body | Cross-site scripting vulnerability due to $@. | app/api/route.ts:2:24:2:33 | req.json() | user-provided value | | formatting.js:6:14:6:47 | util.fo ... , evil) | Cross-site scripting vulnerability due to $@. | formatting.js:4:16:4:29 | req.query.evil | user-provided value | | formatting.js:7:14:7:53 | require ... , evil) | Cross-site scripting vulnerability due to $@. | formatting.js:4:16:4:29 | req.query.evil | user-provided value | | live-server.js:6:13:6:50 | ` ... /html>` | Cross-site scripting vulnerability due to $@. | live-server.js:4:21:4:27 | req.url | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/app/api/route.ts b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/app/api/route.ts new file mode 100644 index 00000000000..467f02a8ff8 --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/app/api/route.ts @@ -0,0 +1,30 @@ +export async function POST(req: Request) { + const body = await req.json(); // $ Source + + new Response(body, {headers: { 'Content-Type': 'application/json' }}); + new Response(body, {headers: { 'Content-Type': 'text/html' }}); // $ Alert + + const headers2 = new Headers(req.headers); + headers2.append('Content-Type', 'application/json'); + new Response(body, { headers: headers2 }); + + const headers3 = new Headers(req.headers); + headers3.append('Content-Type', 'text/html'); + new Response(body, { headers: headers3 }); // $ Alert + + const headers4 = new Headers({ + ...Object.fromEntries(req.headers), + 'Content-Type': 'application/json' + }); + new Response(body, { headers: headers4 }); + + const headers5 = new Headers({ + ...Object.fromEntries(req.headers), + 'Content-Type': 'text/html' + }); + new Response(body, { headers: headers5 }); // $ Alert + + const headers = new Headers(req.headers); + headers.set('Content-Type', 'text/html'); + return new Response(body, { headers }); // $ Alert +} diff --git a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/app/api/routeNextRequest.ts b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/app/api/routeNextRequest.ts new file mode 100644 index 00000000000..758b91e1caa --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/app/api/routeNextRequest.ts @@ -0,0 +1,32 @@ +import { NextRequest, NextResponse } from 'next/server'; + +export async function POST(req: NextRequest) { + const body = await req.json(); // $ MISSING: Source + + new NextResponse(body, {headers: { 'Content-Type': 'application/json' }}); + new NextResponse(body, {headers: { 'Content-Type': 'text/html' }}); // $ MISSING: Alert + + const headers2 = new Headers(req.headers); + headers2.append('Content-Type', 'application/json'); + new NextResponse(body, { headers: headers2 }); + + const headers3 = new Headers(req.headers); + headers3.append('Content-Type', 'text/html'); + new NextResponse(body, { headers: headers3 }); // $ MISSING: Alert + + const headers4 = new Headers({ + ...Object.fromEntries(req.headers), + 'Content-Type': 'application/json' + }); + new NextResponse(body, { headers: headers4 }); + + const headers5 = new Headers({ + ...Object.fromEntries(req.headers), + 'Content-Type': 'text/html' + }); + new NextResponse(body, { headers: headers5 }); // $ MISSING: Alert + + const headers = new Headers(req.headers); + headers.set('Content-Type', 'text/html'); + return new NextResponse(body, { headers }); // $ MISSING: Alert +} From 732fcbf1c908abbe7f6976e7aff17712eca8ab89 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 10 Apr 2025 13:58:59 +0100 Subject: [PATCH 367/409] Shared: Move 'asParameter' out of the class signature. --- .../modelgenerator/internal/ModelGeneratorImpl.qll | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll b/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll index 61b6b2434dc..270301f361d 100644 --- a/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll +++ b/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll @@ -55,11 +55,8 @@ signature module ModelGeneratorInputSig */ Callable getAsExprEnclosingCallable(); - /** - * Gets the parameter corresponding to this node, if any. - */ - Parameter asParameter(); - } + /** Gets the parameter corresponding to this node, if any. */ + Parameter asParameter(NodeExtended n); /** * A class of callables that are potentially relevant for generating summary or @@ -390,7 +387,7 @@ module MakeModelGenerator< * Gets the MaD string representation of the parameter node `p`. */ string parameterNodeAsInput(DataFlow::ParameterNode p) { - result = parameterAccess(p.(NodeExtended).asParameter()) + result = parameterAccess(asParameter(p)) or result = qualifierString() and p instanceof InstanceParameterNode } @@ -613,7 +610,7 @@ module MakeModelGenerator< * when used in content flow. */ private string parameterNodeAsContentInput(DataFlow::ParameterNode p) { - result = parameterContentAccess(p.(NodeExtended).asParameter()) + result = parameterContentAccess(asParameter(p)) or result = qualifierString() and p instanceof InstanceParameterNode } From c484945f395d31e7c6c131ef373baf467ca8b555 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 10 Apr 2025 14:00:11 +0100 Subject: [PATCH 368/409] Shared: Move 'getEnclosingCallable' and 'getAsExprEnclosingCallable' out of the class signature. --- .../internal/ModelGeneratorImpl.qll | 47 ++++++++++--------- 1 file changed, 24 insertions(+), 23 deletions(-) diff --git a/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll b/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll index 270301f361d..da06e74e10f 100644 --- a/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll +++ b/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll @@ -44,16 +44,15 @@ signature module ModelGeneratorInputSig * Gets the type of this node. */ Type getType(); + } - /** - * Gets the enclosing callable of this node. - */ - Callable getEnclosingCallable(); + /** Gets the enclosing callable of `node`. */ + Callable getEnclosingCallable(NodeExtended node); - /** - * Gets the enclosing callable of this node, when considered as an expression. - */ - Callable getAsExprEnclosingCallable(); + /** + * Gets the enclosing callable of `node`, when considered as an expression. + */ + Callable getAsExprEnclosingCallable(NodeExtended node); /** Gets the parameter corresponding to this node, if any. */ Parameter asParameter(NodeExtended n); @@ -462,7 +461,7 @@ module MakeModelGenerator< predicate isSource(DataFlow::Node source, FlowState state) { source instanceof DataFlow::ParameterNode and exists(Callable c | - c = source.(NodeExtended).getEnclosingCallable() and + c = getEnclosingCallable(source) and c instanceof DataFlowSummaryTargetApi and not isUninterestingForHeuristicDataFlowModels(c) ) and @@ -472,7 +471,7 @@ module MakeModelGenerator< predicate isSink(DataFlow::Node sink, FlowState state) { sink instanceof ReturnNodeExt and not isOwnInstanceAccessNode(sink) and - not exists(captureQualifierFlow(sink.(NodeExtended).getAsExprEnclosingCallable())) and + not exists(captureQualifierFlow(getAsExprEnclosingCallable(sink))) and (state instanceof TaintRead or state instanceof TaintStore) } @@ -516,8 +515,8 @@ module MakeModelGenerator< DataFlowSummaryTargetApi api, DataFlow::ParameterNode p, ReturnNodeExt returnNodeExt ) { exists(string input, string output | - p.(NodeExtended).getEnclosingCallable() = api and - returnNodeExt.getEnclosingCallable() = api and + getEnclosingCallable(p) = api and + getEnclosingCallable(returnNodeExt) = api and input = parameterNodeAsInput(p) and output = getOutput(returnNodeExt) and input != output and @@ -567,11 +566,12 @@ module MakeModelGenerator< private module PropagateContentFlowConfig implements ContentDataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof DataFlow::ParameterNode and - source.(NodeExtended).getEnclosingCallable() instanceof DataFlowSummaryTargetApi + getEnclosingCallable(source) instanceof DataFlowSummaryTargetApi } predicate isSink(DataFlow::Node sink) { - sink.(ReturnNodeExt).getEnclosingCallable() instanceof DataFlowSummaryTargetApi + sink instanceof ReturnNodeExt and + getEnclosingCallable(sink) instanceof DataFlowSummaryTargetApi } predicate isAdditionalFlowStep = isAdditionalContentFlowStep/2; @@ -664,8 +664,8 @@ module MakeModelGenerator< PropagateContentFlow::AccessPath stores, boolean preservesValue ) { PropagateContentFlow::flow(p, reads, returnNodeExt, stores, preservesValue) and - returnNodeExt.getEnclosingCallable() = api and - p.(NodeExtended).getEnclosingCallable() = api + getEnclosingCallable(returnNodeExt) = api and + getEnclosingCallable(p) = api } /** @@ -709,8 +709,8 @@ module MakeModelGenerator< PropagateContentFlow::AccessPath stores, boolean preservesValue ) { PropagateContentFlow::flow(p, reads, returnNodeExt, stores, preservesValue) and - returnNodeExt.getEnclosingCallable() = api and - p.(NodeExtended).getEnclosingCallable() = api and + getEnclosingCallable(returnNodeExt) = api and + getEnclosingCallable(p) = api and p = api.getARelevantParameterNode() } @@ -982,7 +982,8 @@ module MakeModelGenerator< } predicate isSink(DataFlow::Node sink) { - sink.(ReturnNodeExt).getEnclosingCallable() instanceof DataFlowSourceTargetApi + sink instanceof ReturnNodeExt and + getEnclosingCallable(sink) instanceof DataFlowSourceTargetApi } DataFlow::FlowFeature getAFeature() { result instanceof DataFlow::FeatureHasSinkCallContext } @@ -1005,8 +1006,8 @@ module MakeModelGenerator< exists(NodeExtended source, ReturnNodeExt sink, string kind | PropagateFromSource::flow(source, sink) and sourceNode(source, kind) and - api = sink.getEnclosingCallable() and - not irrelevantSourceSinkApi(source.getEnclosingCallable(), api) and + api = getEnclosingCallable(sink) and + not irrelevantSourceSinkApi(getEnclosingCallable(source), api) and result = ModelPrinting::asSourceModel(api, getOutput(sink), kind) ) } @@ -1021,7 +1022,7 @@ module MakeModelGenerator< module PropagateToSinkConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { apiSource(source) and - source.(NodeExtended).getEnclosingCallable() instanceof DataFlowSinkTargetApi + getEnclosingCallable(source) instanceof DataFlowSinkTargetApi } predicate isSink(DataFlow::Node sink) { @@ -1050,7 +1051,7 @@ module MakeModelGenerator< exists(NodeExtended src, NodeExtended sink, string kind | PropagateToSink::flow(src, sink) and sinkNode(sink, kind) and - api = src.getEnclosingCallable() and + api = getEnclosingCallable(src) and result = ModelPrinting::asSinkModel(api, asInputArgument(src), kind) ) } From 04bf908a4bcb26179988550f84bdf4f4c2cb2635 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 10 Apr 2025 14:01:00 +0100 Subject: [PATCH 369/409] C#: Fixup MaD input. --- .../utils/modelgenerator/internal/CaptureModels.qll | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/csharp/ql/src/utils/modelgenerator/internal/CaptureModels.qll b/csharp/ql/src/utils/modelgenerator/internal/CaptureModels.qll index 125204d7c5b..ce83369df07 100644 --- a/csharp/ql/src/utils/modelgenerator/internal/CaptureModels.qll +++ b/csharp/ql/src/utils/modelgenerator/internal/CaptureModels.qll @@ -22,10 +22,16 @@ module ModelGeneratorInput implements ModelGeneratorInputSig`. */ From b6c658767e23f0c74d7825bbcf65fd9584948d24 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 10 Apr 2025 14:01:11 +0100 Subject: [PATCH 370/409] Java: Fixup MaD input. --- .../utils/modelgenerator/internal/CaptureModels.qll | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/java/ql/src/utils/modelgenerator/internal/CaptureModels.qll b/java/ql/src/utils/modelgenerator/internal/CaptureModels.qll index 1f96d8ad296..9dd317b3006 100644 --- a/java/ql/src/utils/modelgenerator/internal/CaptureModels.qll +++ b/java/ql/src/utils/modelgenerator/internal/CaptureModels.qll @@ -32,10 +32,16 @@ module ModelGeneratorInput implements ModelGeneratorInputSig Date: Thu, 10 Apr 2025 14:01:20 +0100 Subject: [PATCH 371/409] Rust: Fixup MaD input. --- .../modelgenerator/internal/CaptureModels.qll | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/rust/ql/src/utils/modelgenerator/internal/CaptureModels.qll b/rust/ql/src/utils/modelgenerator/internal/CaptureModels.qll index 3a14f6a4a48..237da46750b 100644 --- a/rust/ql/src/utils/modelgenerator/internal/CaptureModels.qll +++ b/rust/ql/src/utils/modelgenerator/internal/CaptureModels.qll @@ -20,15 +20,17 @@ module ModelGeneratorInput implements ModelGeneratorInputSig Date: Thu, 10 Apr 2025 14:02:31 +0100 Subject: [PATCH 372/409] Shared: Provide a hook to MaD generation to modify the 'ReturnValue' string. --- .../internal/ModelGeneratorImpl.qll | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll b/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll index da06e74e10f..37934b92114 100644 --- a/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll +++ b/shared/mad/codeql/mad/modelgenerator/internal/ModelGeneratorImpl.qll @@ -222,6 +222,14 @@ signature module ModelGeneratorInputSig */ default Lang::ParameterPosition getReturnKindParamPosition(Lang::ReturnKind node) { none() } + /** + * Gets the string that represents the return value corresponding to the + * return kind `kind`. + * + * For most languages this will be the string "ReturnValue". + */ + default string getReturnValueString(Lang::ReturnKind kind) { result = "ReturnValue" } + /** * Holds if it is irrelevant to generate models for `api` based on data flow analysis. * @@ -317,9 +325,11 @@ module MakeModelGenerator< private module PrintReturnNodeExt { string getOutput(ReturnNodeExt node) { - node.getKind() instanceof DataFlow::ValueReturnKind and - not exists(node.getPosition()) and - result = "ReturnValue" + exists(DataFlow::ValueReturnKind valueReturnKind | + valueReturnKind = node.getKind() and + not exists(node.getPosition()) and + result = getReturnValueString(valueReturnKind.getKind()) + ) or exists(DataFlow::ParameterPosition pos | pos = node.getPosition() and From 86b64afa13848bdc9bb6cdeeb1a7dee7fc2778d4 Mon Sep 17 00:00:00 2001 From: Napalys Date: Thu, 10 Apr 2025 15:06:44 +0200 Subject: [PATCH 373/409] Added `NextResponse` to the `ResponseCall` class it models similar near idential behaviour. --- .../javascript/frameworks/WebResponse.qll | 7 +++++-- .../CWE-079/ReflectedXss/ReflectedXss.expected | 17 +++++++++++++++++ .../ReflectedXssWithCustomSanitizer.expected | 4 ++++ .../ReflectedXss/app/api/routeNextRequest.ts | 10 +++++----- 4 files changed, 31 insertions(+), 7 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/WebResponse.qll b/javascript/ql/lib/semmle/javascript/frameworks/WebResponse.qll index 0e3f93d8099..dfdee73c9d9 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/WebResponse.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/WebResponse.qll @@ -19,10 +19,13 @@ private class HeadersEntryPoint extends API::EntryPoint { } /** - * A call to the `Response` constructor. + * A call to the `Response` and `NextResponse` constructor. */ private class ResponseCall extends API::InvokeNode { - ResponseCall() { this = any(ResponseEntryPoint e).getANode().getAnInstantiation() } + ResponseCall() { + this = any(ResponseEntryPoint e).getANode().getAnInstantiation() or + this = API::moduleImport("next/server").getMember("NextResponse").getAnInstantiation() + } } /** diff --git a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected index d4462e6064b..5681ae99aa8 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXss.expected @@ -31,6 +31,10 @@ | app/api/route.ts:13:18:13:21 | body | app/api/route.ts:2:24:2:33 | req.json() | app/api/route.ts:13:18:13:21 | body | Cross-site scripting vulnerability due to a $@. | app/api/route.ts:2:24:2:33 | req.json() | user-provided value | | app/api/route.ts:25:18:25:21 | body | app/api/route.ts:2:24:2:33 | req.json() | app/api/route.ts:25:18:25:21 | body | Cross-site scripting vulnerability due to a $@. | app/api/route.ts:2:24:2:33 | req.json() | user-provided value | | app/api/route.ts:29:25:29:28 | body | app/api/route.ts:2:24:2:33 | req.json() | app/api/route.ts:29:25:29:28 | body | Cross-site scripting vulnerability due to a $@. | app/api/route.ts:2:24:2:33 | req.json() | user-provided value | +| app/api/routeNextRequest.ts:7:20:7:23 | body | app/api/routeNextRequest.ts:4:22:4:31 | req.json() | app/api/routeNextRequest.ts:7:20:7:23 | body | Cross-site scripting vulnerability due to a $@. | app/api/routeNextRequest.ts:4:22:4:31 | req.json() | user-provided value | +| app/api/routeNextRequest.ts:15:20:15:23 | body | app/api/routeNextRequest.ts:4:22:4:31 | req.json() | app/api/routeNextRequest.ts:15:20:15:23 | body | Cross-site scripting vulnerability due to a $@. | app/api/routeNextRequest.ts:4:22:4:31 | req.json() | user-provided value | +| app/api/routeNextRequest.ts:27:20:27:23 | body | app/api/routeNextRequest.ts:4:22:4:31 | req.json() | app/api/routeNextRequest.ts:27:20:27:23 | body | Cross-site scripting vulnerability due to a $@. | app/api/routeNextRequest.ts:4:22:4:31 | req.json() | user-provided value | +| app/api/routeNextRequest.ts:31:27:31:30 | body | app/api/routeNextRequest.ts:4:22:4:31 | req.json() | app/api/routeNextRequest.ts:31:27:31:30 | body | Cross-site scripting vulnerability due to a $@. | app/api/routeNextRequest.ts:4:22:4:31 | req.json() | user-provided value | | etherpad.js:11:12:11:19 | response | etherpad.js:9:16:9:30 | req.query.jsonp | etherpad.js:11:12:11:19 | response | Cross-site scripting vulnerability due to a $@. | etherpad.js:9:16:9:30 | req.query.jsonp | user-provided value | | formatting.js:6:14:6:47 | util.fo ... , evil) | formatting.js:4:16:4:29 | req.query.evil | formatting.js:6:14:6:47 | util.fo ... , evil) | Cross-site scripting vulnerability due to a $@. | formatting.js:4:16:4:29 | req.query.evil | user-provided value | | formatting.js:7:14:7:53 | require ... , evil) | formatting.js:4:16:4:29 | req.query.evil | formatting.js:7:14:7:53 | require ... , evil) | Cross-site scripting vulnerability due to a $@. | formatting.js:4:16:4:29 | req.query.evil | user-provided value | @@ -138,6 +142,12 @@ edges | app/api/route.ts:2:11:2:33 | body | app/api/route.ts:29:25:29:28 | body | provenance | | | app/api/route.ts:2:18:2:33 | await req.json() | app/api/route.ts:2:11:2:33 | body | provenance | | | app/api/route.ts:2:24:2:33 | req.json() | app/api/route.ts:2:18:2:33 | await req.json() | provenance | | +| app/api/routeNextRequest.ts:4:9:4:31 | body | app/api/routeNextRequest.ts:7:20:7:23 | body | provenance | | +| app/api/routeNextRequest.ts:4:9:4:31 | body | app/api/routeNextRequest.ts:15:20:15:23 | body | provenance | | +| app/api/routeNextRequest.ts:4:9:4:31 | body | app/api/routeNextRequest.ts:27:20:27:23 | body | provenance | | +| app/api/routeNextRequest.ts:4:9:4:31 | body | app/api/routeNextRequest.ts:31:27:31:30 | body | provenance | | +| app/api/routeNextRequest.ts:4:16:4:31 | await req.json() | app/api/routeNextRequest.ts:4:9:4:31 | body | provenance | | +| app/api/routeNextRequest.ts:4:22:4:31 | req.json() | app/api/routeNextRequest.ts:4:16:4:31 | await req.json() | provenance | | | etherpad.js:9:5:9:53 | response | etherpad.js:11:12:11:19 | response | provenance | | | etherpad.js:9:16:9:30 | req.query.jsonp | etherpad.js:9:5:9:53 | response | provenance | | | formatting.js:4:9:4:29 | evil | formatting.js:6:43:6:46 | evil | provenance | | @@ -326,6 +336,13 @@ nodes | app/api/route.ts:13:18:13:21 | body | semmle.label | body | | app/api/route.ts:25:18:25:21 | body | semmle.label | body | | app/api/route.ts:29:25:29:28 | body | semmle.label | body | +| app/api/routeNextRequest.ts:4:9:4:31 | body | semmle.label | body | +| app/api/routeNextRequest.ts:4:16:4:31 | await req.json() | semmle.label | await req.json() | +| app/api/routeNextRequest.ts:4:22:4:31 | req.json() | semmle.label | req.json() | +| app/api/routeNextRequest.ts:7:20:7:23 | body | semmle.label | body | +| app/api/routeNextRequest.ts:15:20:15:23 | body | semmle.label | body | +| app/api/routeNextRequest.ts:27:20:27:23 | body | semmle.label | body | +| app/api/routeNextRequest.ts:31:27:31:30 | body | semmle.label | body | | etherpad.js:9:5:9:53 | response | semmle.label | response | | etherpad.js:9:16:9:30 | req.query.jsonp | semmle.label | req.query.jsonp | | etherpad.js:11:12:11:19 | response | semmle.label | response | diff --git a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.expected b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.expected index 8fb9524ff45..b57d294c7a7 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.expected +++ b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/ReflectedXssWithCustomSanitizer.expected @@ -30,6 +30,10 @@ | app/api/route.ts:13:18:13:21 | body | Cross-site scripting vulnerability due to $@. | app/api/route.ts:2:24:2:33 | req.json() | user-provided value | | app/api/route.ts:25:18:25:21 | body | Cross-site scripting vulnerability due to $@. | app/api/route.ts:2:24:2:33 | req.json() | user-provided value | | app/api/route.ts:29:25:29:28 | body | Cross-site scripting vulnerability due to $@. | app/api/route.ts:2:24:2:33 | req.json() | user-provided value | +| app/api/routeNextRequest.ts:7:20:7:23 | body | Cross-site scripting vulnerability due to $@. | app/api/routeNextRequest.ts:4:22:4:31 | req.json() | user-provided value | +| app/api/routeNextRequest.ts:15:20:15:23 | body | Cross-site scripting vulnerability due to $@. | app/api/routeNextRequest.ts:4:22:4:31 | req.json() | user-provided value | +| app/api/routeNextRequest.ts:27:20:27:23 | body | Cross-site scripting vulnerability due to $@. | app/api/routeNextRequest.ts:4:22:4:31 | req.json() | user-provided value | +| app/api/routeNextRequest.ts:31:27:31:30 | body | Cross-site scripting vulnerability due to $@. | app/api/routeNextRequest.ts:4:22:4:31 | req.json() | user-provided value | | formatting.js:6:14:6:47 | util.fo ... , evil) | Cross-site scripting vulnerability due to $@. | formatting.js:4:16:4:29 | req.query.evil | user-provided value | | formatting.js:7:14:7:53 | require ... , evil) | Cross-site scripting vulnerability due to $@. | formatting.js:4:16:4:29 | req.query.evil | user-provided value | | live-server.js:6:13:6:50 | ` ... /html>` | Cross-site scripting vulnerability due to $@. | live-server.js:4:21:4:27 | req.url | user-provided value | diff --git a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/app/api/routeNextRequest.ts b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/app/api/routeNextRequest.ts index 758b91e1caa..91d9f4ecb51 100644 --- a/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/app/api/routeNextRequest.ts +++ b/javascript/ql/test/query-tests/Security/CWE-079/ReflectedXss/app/api/routeNextRequest.ts @@ -1,10 +1,10 @@ import { NextRequest, NextResponse } from 'next/server'; export async function POST(req: NextRequest) { - const body = await req.json(); // $ MISSING: Source + const body = await req.json(); // $ Source new NextResponse(body, {headers: { 'Content-Type': 'application/json' }}); - new NextResponse(body, {headers: { 'Content-Type': 'text/html' }}); // $ MISSING: Alert + new NextResponse(body, {headers: { 'Content-Type': 'text/html' }}); // $ Alert const headers2 = new Headers(req.headers); headers2.append('Content-Type', 'application/json'); @@ -12,7 +12,7 @@ export async function POST(req: NextRequest) { const headers3 = new Headers(req.headers); headers3.append('Content-Type', 'text/html'); - new NextResponse(body, { headers: headers3 }); // $ MISSING: Alert + new NextResponse(body, { headers: headers3 }); // $ Alert const headers4 = new Headers({ ...Object.fromEntries(req.headers), @@ -24,9 +24,9 @@ export async function POST(req: NextRequest) { ...Object.fromEntries(req.headers), 'Content-Type': 'text/html' }); - new NextResponse(body, { headers: headers5 }); // $ MISSING: Alert + new NextResponse(body, { headers: headers5 }); // $ Alert const headers = new Headers(req.headers); headers.set('Content-Type', 'text/html'); - return new NextResponse(body, { headers }); // $ MISSING: Alert + return new NextResponse(body, { headers }); // $ Alert } From 94e08e318de8d73c35ab126ee4fc437ae9dbe863 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 10 Apr 2025 14:18:47 +0100 Subject: [PATCH 374/409] C++: Expose a few predicates from 'ExternalFlow'. --- .../semmle/code/cpp/dataflow/ExternalFlow.qll | 24 ++++++++++++------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll b/cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll index 9e335dbcbfe..456768081a1 100644 --- a/cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll +++ b/cpp/ql/lib/semmle/code/cpp/dataflow/ExternalFlow.qll @@ -465,7 +465,7 @@ private predicate isFunctionConstructedFrom(Function f, Function templateFunc) { } /** Gets the fully templated version of `f`. */ -private Function getFullyTemplatedFunction(Function f) { +Function getFullyTemplatedFunction(Function f) { not f.isFromUninstantiatedTemplate(_) and ( exists(Class c, Class templateClass, int i | @@ -559,12 +559,15 @@ private string getTypeName(Type t, boolean needsSpace) { /** * Gets a type name for the `n`'th parameter of `f` without any template - * arguments. The result may be a string representing a type for which the - * typedefs have been resolved. + * arguments. + * + * If `canonical = false` then the result may be a string representing a type + * for which the typedefs have been resolved. If `canonical = true` then the + * result will be a string representing a type without resolving `typedefs`. */ bindingset[f] pragma[inline_late] -string getParameterTypeWithoutTemplateArguments(Function f, int n) { +string getParameterTypeWithoutTemplateArguments(Function f, int n, boolean canonical) { exists(string s, string base, string specifiers, Type t | t = f.getParameter(n).getType() and // The name of the string can either be the possibly typedefed name @@ -572,14 +575,19 @@ string getParameterTypeWithoutTemplateArguments(Function f, int n) { // `getTypeName(t, _)` is almost equal to `t.resolveTypedefs().getName()`, // except that `t.resolveTypedefs()` doesn't have a result when the // resulting type doesn't appear in the database. - s = [t.getName(), getTypeName(t, _)] and + ( + s = t.getName() and canonical = true + or + s = getTypeName(t, _) and canonical = false + ) and parseAngles(s, base, _, specifiers) and result = base + specifiers ) or f.isVarargs() and n = f.getNumberOfParameters() and - result = "..." + result = "..." and + canonical = true } /** @@ -590,7 +598,7 @@ private string getTypeNameWithoutFunctionTemplates(Function f, int n, int remain exists(Function templateFunction | templateFunction = getFullyTemplatedFunction(f) and remaining = templateFunction.getNumberOfTemplateArguments() and - result = getParameterTypeWithoutTemplateArguments(templateFunction, n) + result = getParameterTypeWithoutTemplateArguments(templateFunction, n, _) ) or exists(string mid, TypeTemplateParameter tp, Function templateFunction | @@ -627,7 +635,7 @@ private string getTypeNameWithoutClassTemplates(Function f, int n, int remaining } /** Gets the string representation of the `i`'th parameter of `c`. */ -private string getParameterTypeName(Function c, int i) { +string getParameterTypeName(Function c, int i) { result = getTypeNameWithoutClassTemplates(c, i, 0) } From 960e9900af2bacc094d64e162adfbac931e7e3b7 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 10 Apr 2025 14:20:56 +0100 Subject: [PATCH 375/409] C++: Move the 'getArgumentIndex' into the abstract 'Position' class. It is implemented in all subclasses anyway. --- .../cpp/ir/dataflow/internal/DataFlowPrivate.qll | 14 +++++++++++--- .../code/cpp/ir/dataflow/internal/DataFlowUtil.qll | 6 +++--- .../cpp/ir/dataflow/internal/TaintTrackingUtil.qll | 4 ++-- 3 files changed, 16 insertions(+), 8 deletions(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll index 8a515523930..fdfbb07f2a7 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll @@ -371,7 +371,7 @@ private class PrimaryArgumentNode extends ArgumentNode, OperandNode { PrimaryArgumentNode() { exists(CallInstruction call | op = call.getAnArgumentOperand()) } override predicate argumentOf(DataFlowCall call, ArgumentPosition pos) { - op = call.getArgumentOperand(pos.(DirectPosition).getIndex()) + op = call.getArgumentOperand(pos.(DirectPosition).getArgumentIndex()) } } @@ -410,8 +410,16 @@ class ParameterPosition = Position; class ArgumentPosition = Position; abstract class Position extends TPosition { + /** Gets a textual representation of this position. */ abstract string toString(); + /** + * Gets the argument index of this position. The qualifier of a call has + * argument index `-1`. + */ + abstract int getArgumentIndex(); + + /** Gets the indirection index of this position. */ abstract int getIndirectionIndex(); } @@ -428,7 +436,7 @@ class DirectPosition extends Position, TDirectPosition { result = index.toString() } - int getIndex() { result = index } + override int getArgumentIndex() { result = index } final override int getIndirectionIndex() { result = 0 } } @@ -445,7 +453,7 @@ class IndirectionPosition extends Position, TIndirectionPosition { else result = repeatStars(indirectionIndex) + argumentIndex.toString() } - int getArgumentIndex() { result = argumentIndex } + override int getArgumentIndex() { result = argumentIndex } final override int getIndirectionIndex() { result = indirectionIndex } } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll index 3b6e190cc98..62ad9f02fe2 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowUtil.qll @@ -1445,7 +1445,7 @@ private class ExplicitParameterInstructionNode extends AbstractExplicitParameter ExplicitParameterInstructionNode() { exists(instr.getParameter()) } override predicate isSourceParameterOf(Function f, ParameterPosition pos) { - f.getParameter(pos.(DirectPosition).getIndex()) = instr.getParameter() + f.getParameter(pos.(DirectPosition).getArgumentIndex()) = instr.getParameter() } override string toStringImpl() { result = instr.getParameter().toString() } @@ -1460,7 +1460,7 @@ class ThisParameterInstructionNode extends AbstractExplicitParameterNode, ThisParameterInstructionNode() { instr.getIRVariable() instanceof IRThisVariable } override predicate isSourceParameterOf(Function f, ParameterPosition pos) { - pos.(DirectPosition).getIndex() = -1 and + pos.(DirectPosition).getArgumentIndex() = -1 and instr.getEnclosingFunction() = f } @@ -1494,7 +1494,7 @@ private class DirectBodyLessParameterNode extends AbstractExplicitParameterNode, override predicate isSourceParameterOf(Function f, ParameterPosition pos) { this.getFunction() = f and - f.getParameter(pos.(DirectPosition).getIndex()) = p + f.getParameter(pos.(DirectPosition).getArgumentIndex()) = p } override Parameter getParameter() { result = p } diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll index b6d332e3d4c..83fac3ebb49 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/TaintTrackingUtil.qll @@ -229,11 +229,11 @@ private module SpeculativeTaintFlow { not exists(DataFlowDispatch::viableCallable(call)) and src.(DataFlowPrivate::ArgumentNode).argumentOf(call, argpos) | - not argpos.(DirectPosition).getIndex() = -1 and + not argpos.(DirectPosition).getArgumentIndex() = -1 and sink.(PostUpdateNode) .getPreUpdateNode() .(DataFlowPrivate::ArgumentNode) - .argumentOf(call, any(DirectPosition qualpos | qualpos.getIndex() = -1)) + .argumentOf(call, any(DirectPosition qualpos | qualpos.getArgumentIndex() = -1)) or sink.(DataFlowPrivate::OutNode).getCall() = call ) From b678112f4d1d82facf6de22654e22b403994888f Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 10 Apr 2025 14:21:50 +0100 Subject: [PATCH 376/409] C++: Add a few predicates to 'ReturnKind'. --- .../ir/dataflow/internal/DataFlowPrivate.qll | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll index fdfbb07f2a7..44d7a6d725a 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll @@ -509,6 +509,15 @@ class ReturnKind extends TReturnKind { /** Gets a textual representation of this return kind. */ abstract string toString(); + + /** Holds if this `ReturnKind` is generated from a `return` statement. */ + abstract predicate isNormalReturn(); + + /** + * Holds if this `ReturnKind` is generated from a write to the parameter with + * index `argumentIndex` + */ + abstract predicate isIndirectReturn(int argumentIndex); } /** @@ -522,6 +531,10 @@ class NormalReturnKind extends ReturnKind, TNormalReturnKind { override int getIndirectionIndex() { result = indirectionIndex } override string toString() { result = "indirect return" } + + override predicate isNormalReturn() { any() } + + override predicate isIndirectReturn(int argumentIndex) { none() } } /** @@ -536,6 +549,10 @@ private class IndirectReturnKind extends ReturnKind, TIndirectReturnKind { override int getIndirectionIndex() { result = indirectionIndex } override string toString() { result = "indirect outparam[" + argumentIndex.toString() + "]" } + + override predicate isNormalReturn() { none() } + + override predicate isIndirectReturn(int argumentIndex_) { argumentIndex_ = argumentIndex } } /** A data flow node that occurs as the result of a `ReturnStmt`. */ From 3bb249f580eb28c84f6e523d9428fb0abca32ac6 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Thu, 10 Apr 2025 14:23:38 +0100 Subject: [PATCH 377/409] C++: Ensure we always have 'Position's even if there are no calls in the DB. --- .../cpp/ir/dataflow/internal/DataFlowPrivate.qll | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll index 44d7a6d725a..1cf67dba1ee 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll @@ -459,10 +459,23 @@ class IndirectionPosition extends Position, TIndirectionPosition { } newtype TPosition = - TDirectPosition(int argumentIndex) { exists(any(CallInstruction c).getArgument(argumentIndex)) } or + TDirectPosition(int argumentIndex) { + exists(any(CallInstruction c).getArgument(argumentIndex)) + or + // Handle the rare case where the is a function definition but no call to + // the function. + exists(any(Cpp::Function f).getParameter(argumentIndex)) + } or TIndirectionPosition(int argumentIndex, int indirectionIndex) { Ssa::hasIndirectOperand(any(CallInstruction call).getArgumentOperand(argumentIndex), indirectionIndex) + or + // Handle the rare case where the is a function definition but no call to + // the function. + exists(Cpp::Function f, Cpp::Parameter p | + p = f.getParameter(argumentIndex) and + indirectionIndex = [1 .. Ssa::getMaxIndirectionsForType(p.getUnspecifiedType()) - 1] + ) } private newtype TReturnKind = From 4f5bdbb5174dbecf06e848493185756abf866732 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 10 Apr 2025 14:37:11 +0100 Subject: [PATCH 378/409] Add new query to java-code-quality.qls.expected --- .../java/query-suite/java-code-quality.qls.expected | 1 + 1 file changed, 1 insertion(+) diff --git a/java/ql/integration-tests/java/query-suite/java-code-quality.qls.expected b/java/ql/integration-tests/java/query-suite/java-code-quality.qls.expected index 6f396573aa1..2cff4a3eaa6 100644 --- a/java/ql/integration-tests/java/query-suite/java-code-quality.qls.expected +++ b/java/ql/integration-tests/java/query-suite/java-code-quality.qls.expected @@ -9,3 +9,4 @@ ql/java/ql/src/Likely Bugs/Likely Typos/ContradictoryTypeChecks.ql ql/java/ql/src/Likely Bugs/Likely Typos/SuspiciousDateFormat.ql ql/java/ql/src/Likely Bugs/Resource Leaks/CloseReader.ql ql/java/ql/src/Likely Bugs/Resource Leaks/CloseWriter.ql +ql/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql From 30ce0c5cbfd3d8c8a9626bbf72cc32ce96283970 Mon Sep 17 00:00:00 2001 From: Aditya Sharad Date: Wed, 9 Apr 2025 21:18:58 -0700 Subject: [PATCH 379/409] Actions: Add integration tests for configured path filters Use the common structure from the existing test for default filters. Check both query output finding workflows and actions, and source archive output showing all extracted YAML files. The test for only `paths-ignore` fails in this commit, demonstrating a bug: we start with all YAML files rather than starting with the default includes. The tests for `paths` reflect current behaviour which is consistent with other languages: `paths` overrides the default inclusions, and only files under `paths` are included. This may not be the best user experience for Actions, since we want to scan all workflow and action files even in the presence of `paths`, but that is not currently addressed. --- .../actions.paths-and-paths-ignore.expected | 2 ++ .../filters/actions.paths-ignore-only.expected | 5 +++++ .../filters/actions.paths-only.expected | 2 ++ .../codeql-config.paths-and-paths-ignore.yml | 4 ++++ .../filters/codeql-config.paths-ignore-only.yml | 2 ++ .../filters/codeql-config.paths-only.yml | 2 ++ .../source_archive.paths-and-paths-ignore.expected | 3 +++ .../source_archive.paths-ignore-only.expected | 5 +++++ .../filters/source_archive.paths-only.expected | 3 +++ actions/ql/integration-tests/filters/test.py | 14 +++++++++++++- 10 files changed, 41 insertions(+), 1 deletion(-) create mode 100644 actions/ql/integration-tests/filters/actions.paths-and-paths-ignore.expected create mode 100644 actions/ql/integration-tests/filters/actions.paths-ignore-only.expected create mode 100644 actions/ql/integration-tests/filters/actions.paths-only.expected create mode 100644 actions/ql/integration-tests/filters/codeql-config.paths-and-paths-ignore.yml create mode 100644 actions/ql/integration-tests/filters/codeql-config.paths-ignore-only.yml create mode 100644 actions/ql/integration-tests/filters/codeql-config.paths-only.yml create mode 100644 actions/ql/integration-tests/filters/source_archive.paths-and-paths-ignore.expected create mode 100644 actions/ql/integration-tests/filters/source_archive.paths-ignore-only.expected create mode 100644 actions/ql/integration-tests/filters/source_archive.paths-only.expected diff --git a/actions/ql/integration-tests/filters/actions.paths-and-paths-ignore.expected b/actions/ql/integration-tests/filters/actions.paths-and-paths-ignore.expected new file mode 100644 index 00000000000..b521ff6b930 --- /dev/null +++ b/actions/ql/integration-tests/filters/actions.paths-and-paths-ignore.expected @@ -0,0 +1,2 @@ +| src/included/action.yml:1:1:11:32 | name: ' ... action' | +| src/included/unreachable-workflow.yml:1:1:12:33 | name: A ... orkflow | \ No newline at end of file diff --git a/actions/ql/integration-tests/filters/actions.paths-ignore-only.expected b/actions/ql/integration-tests/filters/actions.paths-ignore-only.expected new file mode 100644 index 00000000000..2fd8f3a0520 --- /dev/null +++ b/actions/ql/integration-tests/filters/actions.paths-ignore-only.expected @@ -0,0 +1,5 @@ +| src/.github/action.yaml:1:1:11:32 | name: ' ... action' | +| src/.github/actions/action-name/action.yml:1:1:11:32 | name: ' ... action' | +| src/.github/workflows/workflow.yml:1:1:12:33 | name: A workflow | +| src/action.yml:1:1:11:32 | name: ' ... action' | +| src/included/action.yml:1:1:11:32 | name: ' ... action' | diff --git a/actions/ql/integration-tests/filters/actions.paths-only.expected b/actions/ql/integration-tests/filters/actions.paths-only.expected new file mode 100644 index 00000000000..f90744eddb5 --- /dev/null +++ b/actions/ql/integration-tests/filters/actions.paths-only.expected @@ -0,0 +1,2 @@ +| src/included/action.yml:1:1:11:32 | name: ' ... action' | +| src/included/unreachable-workflow.yml:1:1:12:33 | name: A ... orkflow | diff --git a/actions/ql/integration-tests/filters/codeql-config.paths-and-paths-ignore.yml b/actions/ql/integration-tests/filters/codeql-config.paths-and-paths-ignore.yml new file mode 100644 index 00000000000..aad4e6f2af7 --- /dev/null +++ b/actions/ql/integration-tests/filters/codeql-config.paths-and-paths-ignore.yml @@ -0,0 +1,4 @@ +paths: + - 'included' +paths-ignore: + - 'excluded' diff --git a/actions/ql/integration-tests/filters/codeql-config.paths-ignore-only.yml b/actions/ql/integration-tests/filters/codeql-config.paths-ignore-only.yml new file mode 100644 index 00000000000..a1664407f5b --- /dev/null +++ b/actions/ql/integration-tests/filters/codeql-config.paths-ignore-only.yml @@ -0,0 +1,2 @@ +paths-ignore: + - 'excluded' diff --git a/actions/ql/integration-tests/filters/codeql-config.paths-only.yml b/actions/ql/integration-tests/filters/codeql-config.paths-only.yml new file mode 100644 index 00000000000..e07472255bf --- /dev/null +++ b/actions/ql/integration-tests/filters/codeql-config.paths-only.yml @@ -0,0 +1,2 @@ +paths: + - 'included' diff --git a/actions/ql/integration-tests/filters/source_archive.paths-and-paths-ignore.expected b/actions/ql/integration-tests/filters/source_archive.paths-and-paths-ignore.expected new file mode 100644 index 00000000000..70fb47e93a6 --- /dev/null +++ b/actions/ql/integration-tests/filters/source_archive.paths-and-paths-ignore.expected @@ -0,0 +1,3 @@ +src/included/action.yml +src/included/not-an-action.yml +src/included/unreachable-workflow.yml \ No newline at end of file diff --git a/actions/ql/integration-tests/filters/source_archive.paths-ignore-only.expected b/actions/ql/integration-tests/filters/source_archive.paths-ignore-only.expected new file mode 100644 index 00000000000..4abf239fa34 --- /dev/null +++ b/actions/ql/integration-tests/filters/source_archive.paths-ignore-only.expected @@ -0,0 +1,5 @@ +src/.github/action.yaml +src/.github/actions/action-name/action.yml +src/.github/workflows/workflow.yml +src/action.yml +src/included/action.yml \ No newline at end of file diff --git a/actions/ql/integration-tests/filters/source_archive.paths-only.expected b/actions/ql/integration-tests/filters/source_archive.paths-only.expected new file mode 100644 index 00000000000..70fb47e93a6 --- /dev/null +++ b/actions/ql/integration-tests/filters/source_archive.paths-only.expected @@ -0,0 +1,3 @@ +src/included/action.yml +src/included/not-an-action.yml +src/included/unreachable-workflow.yml \ No newline at end of file diff --git a/actions/ql/integration-tests/filters/test.py b/actions/ql/integration-tests/filters/test.py index a2abcf90b03..8ad37c16487 100755 --- a/actions/ql/integration-tests/filters/test.py +++ b/actions/ql/integration-tests/filters/test.py @@ -3,4 +3,16 @@ import pytest @pytest.mark.ql_test(expected=".default-filters.expected") def test_default_filters(codeql, actions, check_source_archive): check_source_archive.expected_suffix = ".default-filters.expected" - codeql.database.create(source_root="src") \ No newline at end of file + codeql.database.create(source_root="src") + +@pytest.mark.ql_test(expected=".paths-only.expected") +def test_config_paths_only(codeql, actions): + codeql.database.create(source_root="src", codescanning_config="codeql-config.paths-only.yml") + +@pytest.mark.ql_test(expected=".paths-ignore-only.expected") +def test_config_paths_ignore_only(codeql, actions): + codeql.database.create(source_root="src", codescanning_config="codeql-config.paths-ignore-only.yml") + +@pytest.mark.ql_test(expected=".paths-and-paths-ignore.expected") +def test_config_paths_and_paths_ignore(codeql, actions): + codeql.database.create(source_root="src", codescanning_config="codeql-config.paths-and-paths-ignore.yml") \ No newline at end of file From 283503b06d80c6a3f5cfaac3e77d6f8f553a2aab Mon Sep 17 00:00:00 2001 From: Aditya Sharad Date: Thu, 10 Apr 2025 11:07:14 -0700 Subject: [PATCH 380/409] Actions: Fix handling of paths-ignore in autobuild scripts Always concatenate the default filters with the user-provided filters. This ensures that when `paths-ignore` is provided, we begin with the default path inclusions, not all YAML files. This makes the `paths-ignore-only` integration test variant under `filters` pass. The handling of `paths` is unchanged: if provided, this overrides the default filters. --- actions/extractor/tools/autobuild-impl.ps1 | 41 +++++++++++++--------- actions/extractor/tools/autobuild.sh | 18 ++++++++-- 2 files changed, 39 insertions(+), 20 deletions(-) diff --git a/actions/extractor/tools/autobuild-impl.ps1 b/actions/extractor/tools/autobuild-impl.ps1 index 5a5aa1ab53a..e232cd3cc54 100644 --- a/actions/extractor/tools/autobuild-impl.ps1 +++ b/actions/extractor/tools/autobuild-impl.ps1 @@ -1,21 +1,28 @@ -if (($null -ne $env:LGTM_INDEX_INCLUDE) -or ($null -ne $env:LGTM_INDEX_EXCLUDE) -or ($null -ne $env:LGTM_INDEX_FILTERS)) { - Write-Output 'Path filters set. Passing them through to the JavaScript extractor.' -} else { - Write-Output 'No path filters set. Using the default filters.' - # Note: We're adding the `reusable_workflows` subdirectories to proactively - # record workflows that were called cross-repo, check them out locally, - # and enable an interprocedural analysis across the workflow files. - # These workflows follow the convention `.github/reusable_workflows//*.ya?ml` - $DefaultPathFilters = @( - 'exclude:**/*', - 'include:.github/workflows/*.yml', - 'include:.github/workflows/*.yaml', - 'include:.github/reusable_workflows/**/*.yml', - 'include:.github/reusable_workflows/**/*.yaml', - 'include:**/action.yml', - 'include:**/action.yaml' - ) +# Note: We're adding the `reusable_workflows` subdirectories to proactively +# record workflows that were called cross-repo, check them out locally, +# and enable an interprocedural analysis across the workflow files. +# These workflows follow the convention `.github/reusable_workflows//*.ya?ml` +$DefaultPathFilters = @( + 'exclude:**/*', + 'include:.github/workflows/*.yml', + 'include:.github/workflows/*.yaml', + 'include:.github/reusable_workflows/**/*.yml', + 'include:.github/reusable_workflows/**/*.yaml', + 'include:**/action.yml', + 'include:**/action.yaml' +) +if ($null -ne $env:LGTM_INDEX_FILTERS) { + Write-Output 'LGTM_INDEX_FILTERS set. Using the default filters together with the user-provided filters, and passing through to the JavaScript extractor.' + # Begin with the default path inclusions only, + # followed by the user-provided filters. + # If the user provided `paths`, those patterns override the default inclusions + # (because `LGTM_INDEX_FILTERS` will begin with `exclude:**/*`). + # If the user provided `paths-ignore`, those patterns are excluded. + $PathFilters = ($DefaultPathFilters -join "`n") + "`n" + $env:LGTM_INDEX_FILTERS + $env:LGTM_INDEX_FILTERS = $PathFilters +} else { + Write-Output 'LGTM_INDEX_FILTERS not set. Using the default filters, and passing through to the JavaScript extractor.' $env:LGTM_INDEX_FILTERS = $DefaultPathFilters -join "`n" } diff --git a/actions/extractor/tools/autobuild.sh b/actions/extractor/tools/autobuild.sh index 703154f99c9..f2cbb7ddfa7 100755 --- a/actions/extractor/tools/autobuild.sh +++ b/actions/extractor/tools/autobuild.sh @@ -17,10 +17,22 @@ include:**/action.yaml END ) -if [ -n "${LGTM_INDEX_INCLUDE:-}" ] || [ -n "${LGTM_INDEX_EXCLUDE:-}" ] || [ -n "${LGTM_INDEX_FILTERS:-}" ] ; then - echo "Path filters set. Passing them through to the JavaScript extractor." +if [ -n "${LGTM_INDEX_FILTERS:-}" ]; then + echo "LGTM_INDEX_FILTERS set. Using the default filters together with the user-provided filters, and passing through to the JavaScript extractor." + # Begin with the default path inclusions only, + # followed by the user-provided filters. + # If the user provided `paths`, those patterns override the default inclusions + # (because `LGTM_INDEX_FILTERS` will begin with `exclude:**/*`). + # If the user provided `paths-ignore`, those patterns are excluded. + PATH_FILTERS="$(cat << END +${DEFAULT_PATH_FILTERS} +${LGTM_INDEX_FILTERS} +END +)" + LGTM_INDEX_FILTERS="${PATH_FILTERS}" + export LGTM_INDEX_FILTERS else - echo "No path filters set. Using the default filters." + echo "LGTM_INDEX_FILTERS not set. Using the default filters, and passing through to the JavaScript extractor." LGTM_INDEX_FILTERS="${DEFAULT_PATH_FILTERS}" export LGTM_INDEX_FILTERS fi From 1ca25b2ccb7da1942d5c2c52d905e1dcc8fd8102 Mon Sep 17 00:00:00 2001 From: yoff Date: Wed, 9 Apr 2025 16:49:36 +0200 Subject: [PATCH 381/409] ruby: add test of `rb/uninitialized-local-variable` --- .../UninitializedLocal.expected | 14 ++++++ .../UninitializedLocal.qlref | 2 + .../UninitializedLocal/UninitializedLocal.rb | 46 +++++++++++++++++++ 3 files changed, 62 insertions(+) create mode 100644 ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.expected create mode 100644 ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.qlref create mode 100644 ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.rb diff --git a/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.expected b/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.expected new file mode 100644 index 00000000000..206af4ee3b4 --- /dev/null +++ b/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.expected @@ -0,0 +1,14 @@ +| UninitializedLocal.rb:12:3:12:3 | m | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:8:7:8:7 | m | m | +| UninitializedLocal.rb:17:16:17:16 | a | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:17:7:17:7 | a | a | +| UninitializedLocal.rb:30:3:30:3 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:7:27:7 | b | b | +| UninitializedLocal.rb:31:3:31:3 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:7:27:7 | b | b | +| UninitializedLocal.rb:32:3:32:3 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:7:27:7 | b | b | +| UninitializedLocal.rb:32:8:32:8 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:7:27:7 | b | b | +| UninitializedLocal.rb:33:3:33:3 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:7:27:7 | b | b | +| UninitializedLocal.rb:33:14:33:14 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:7:27:7 | b | b | +| UninitializedLocal.rb:33:20:33:20 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:7:27:7 | b | b | +| UninitializedLocal.rb:34:3:34:3 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:7:27:7 | b | b | +| UninitializedLocal.rb:34:15:34:15 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:7:27:7 | b | b | +| UninitializedLocal.rb:34:21:34:21 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:7:27:7 | b | b | +| UninitializedLocal.rb:44:13:44:13 | a | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:40:11:40:11 | a | a | +| UninitializedLocal.rb:45:3:45:3 | a | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:40:11:40:11 | a | a | diff --git a/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.qlref b/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.qlref new file mode 100644 index 00000000000..e37501dffbf --- /dev/null +++ b/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.qlref @@ -0,0 +1,2 @@ +query: queries/variables/UninitializedLocal.ql +postprocess: utils/test/InlineExpectationsTestQuery.ql \ No newline at end of file diff --git a/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.rb b/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.rb new file mode 100644 index 00000000000..bf591be5005 --- /dev/null +++ b/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.rb @@ -0,0 +1,46 @@ +def m + puts "m" +end + +def foo + m # calls m above + if false + m = 0 + m # reads local variable m + else + end + m #$ Alert + m2 # undefined local variable or method 'm2' for main (NameError) +end + +def test_guards + if (a = 3 && a) #$ Alert + a + end + if (a = 3) && a # OK - a is assigned in the previous conjunct + a + end + if !(a = 3) or a # OK - a is assigned in the previous conjunct + a + end + if false + b = 0 + end + b.nil? + b || 0 #$ SPURIOUS: Alert + b&.m #$ SPURIOUS: Alert + b if b #$ SPURIOUS: Alert + b.close if b && !b.closed #$ SPURIOUS: Alert + b.blowup if b || !b.blownup #$ Alert +end + +def test_loop + begin + if false + a = 0 + else + set_a + end + end until a #$ SPURIOUS: Alert + a #$ SPURIOUS: Alert +end \ No newline at end of file From 53c88da91ba08a10eefe832648d16db2c5eb5073 Mon Sep 17 00:00:00 2001 From: yoff Date: Tue, 1 Apr 2025 13:21:54 +0200 Subject: [PATCH 382/409] ruby: refine query for uninitialised local variables - there are places where uninitialised reads are intentional - there are also some places where they are impossible --- .../variables/UninitializedLocal.qhelp | 36 +++++++++ .../queries/variables/UninitializedLocal.ql | 63 +++++++++++++-- .../variables/examples/UninitializedLocal.rb | 14 ++++ .../UninitializedLocal.expected | 15 +--- .../UninitializedLocal/UninitializedLocal.rb | 76 ++++++++++++------- 5 files changed, 159 insertions(+), 45 deletions(-) create mode 100644 ruby/ql/src/queries/variables/UninitializedLocal.qhelp create mode 100644 ruby/ql/src/queries/variables/examples/UninitializedLocal.rb diff --git a/ruby/ql/src/queries/variables/UninitializedLocal.qhelp b/ruby/ql/src/queries/variables/UninitializedLocal.qhelp new file mode 100644 index 00000000000..d06bdc7087f --- /dev/null +++ b/ruby/ql/src/queries/variables/UninitializedLocal.qhelp @@ -0,0 +1,36 @@ + + + +

    +In Ruby, raw identifiers like x can be both local variable accesses and method calls. It is a local variable access iff it is syntactically preceded by something that binds it (like an assignment). +Consider the following example: +

    + + + +

    +This will generate an alert on the last access to m, where it is not clear that the programmer intended to read from the local variable. +

    + +     + + +

    +Ensure that you check the control and data flow in the method carefully. +Check that the variable reference is spelled correctly, perhaps the variable has been renamed and the reference needs to be updated. +Another possibility is that an exception may be raised before the variable is assigned, in which case the read should be protected by a check for nil. +

    + +     + + + + +
  • Wikipedia: Dead store.
    • + + + +     + diff --git a/ruby/ql/src/queries/variables/UninitializedLocal.ql b/ruby/ql/src/queries/variables/UninitializedLocal.ql index df8a275431a..5f0fb77872a 100644 --- a/ruby/ql/src/queries/variables/UninitializedLocal.ql +++ b/ruby/ql/src/queries/variables/UninitializedLocal.ql @@ -5,20 +5,71 @@ * @kind problem * @problem.severity error * @id rb/uninitialized-local-variable - * @tags reliability + * @tags quality + * reliability * correctness - * @precision low + * @precision high */ import codeql.ruby.AST import codeql.ruby.dataflow.SSA +private import codeql.ruby.dataflow.internal.DataFlowPublic +import codeql.ruby.controlflow.internal.Guards as Guards +import codeql.ruby.controlflow.CfgNodes + +predicate isInBooleanContext(Expr e) { + e = any(ConditionalExpr c).getCondition() + or + e = any(ConditionalLoop l).getCondition() + or + e = any(LogicalAndExpr n).getAnOperand() + or + e = any(LogicalOrExpr n).getAnOperand() + or + e = any(NotExpr n).getOperand() +} + +predicate isGuarded(LocalVariableReadAccess read) { + exists(AstCfgNode guard, boolean branch | + Guards::guardControlsBlock(guard, read.getAControlFlowNode().getBasicBlock(), branch) + | + // guard is `var` + guard.getAstNode() = read.getVariable().getAnAccess() and + branch = true + or + // guard is `!var` + guard.getAstNode().(NotExpr).getOperand() = read.getVariable().getAnAccess() and + branch = false + or + // guard is `var.nil?` + exists(MethodCall c | guard.getAstNode() = c | + c.getReceiver() = read.getVariable().getAnAccess() and + c.getMethodName() = "nil?" + ) and + branch = false + or + // guard is `!var.nil?` + exists(MethodCall c | guard.getAstNode().(NotExpr).getOperand() = c | + c.getReceiver() = read.getVariable().getAnAccess() and + c.getMethodName() = "nil?" + ) and + branch = true + ) +} + +predicate isNilChecked(LocalVariableReadAccess read) { + exists(MethodCall c | c.getReceiver() = read | + c.getMethodName() = "nil?" + or + c.isSafeNavigation() + ) +} class RelevantLocalVariableReadAccess extends LocalVariableReadAccess { RelevantLocalVariableReadAccess() { - not exists(MethodCall c | - c.getReceiver() = this and - c.getMethodName() = "nil?" - ) + not isInBooleanContext(this) and + not isNilChecked(this) and + not isGuarded(this) } } diff --git a/ruby/ql/src/queries/variables/examples/UninitializedLocal.rb b/ruby/ql/src/queries/variables/examples/UninitializedLocal.rb new file mode 100644 index 00000000000..f7c79410ffc --- /dev/null +++ b/ruby/ql/src/queries/variables/examples/UninitializedLocal.rb @@ -0,0 +1,14 @@ +def m + puts "m" +end + +def foo + m # calls m above + if false + m = 0 + m # reads local variable m + else + end + m # reads uninitialized local variable m, `nil` + m2 # undefined local variable or method 'm2' for main (NameError) +end \ No newline at end of file diff --git a/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.expected b/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.expected index 206af4ee3b4..e8ab4210760 100644 --- a/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.expected +++ b/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.expected @@ -1,14 +1,3 @@ | UninitializedLocal.rb:12:3:12:3 | m | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:8:7:8:7 | m | m | -| UninitializedLocal.rb:17:16:17:16 | a | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:17:7:17:7 | a | a | -| UninitializedLocal.rb:30:3:30:3 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:7:27:7 | b | b | -| UninitializedLocal.rb:31:3:31:3 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:7:27:7 | b | b | -| UninitializedLocal.rb:32:3:32:3 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:7:27:7 | b | b | -| UninitializedLocal.rb:32:8:32:8 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:7:27:7 | b | b | -| UninitializedLocal.rb:33:3:33:3 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:7:27:7 | b | b | -| UninitializedLocal.rb:33:14:33:14 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:7:27:7 | b | b | -| UninitializedLocal.rb:33:20:33:20 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:7:27:7 | b | b | -| UninitializedLocal.rb:34:3:34:3 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:7:27:7 | b | b | -| UninitializedLocal.rb:34:15:34:15 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:7:27:7 | b | b | -| UninitializedLocal.rb:34:21:34:21 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:7:27:7 | b | b | -| UninitializedLocal.rb:44:13:44:13 | a | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:40:11:40:11 | a | a | -| UninitializedLocal.rb:45:3:45:3 | a | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:40:11:40:11 | a | a | +| UninitializedLocal.rb:34:5:34:5 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:9:27:9 | b | b | +| UninitializedLocal.rb:34:23:34:23 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:9:27:9 | b | b | diff --git a/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.rb b/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.rb index bf591be5005..6682a4bc1e0 100644 --- a/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.rb +++ b/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.rb @@ -14,33 +14,57 @@ def foo end def test_guards - if (a = 3 && a) #$ Alert - a - end - if (a = 3) && a # OK - a is assigned in the previous conjunct - a - end - if !(a = 3) or a # OK - a is assigned in the previous conjunct - a - end - if false - b = 0 - end - b.nil? - b || 0 #$ SPURIOUS: Alert - b&.m #$ SPURIOUS: Alert - b if b #$ SPURIOUS: Alert - b.close if b && !b.closed #$ SPURIOUS: Alert - b.blowup if b || !b.blownup #$ Alert + if (a = 3 && a) # OK - a is in a Boolean context + a + end + if (a = 3) && a # OK - a is assigned in the previous conjunct + a + end + if !(a = 3) or a # OK - a is assigned in the previous conjunct + a + end + if false + b = 0 + end + b.nil? + b || 0 # OK + b&.m # OK - safe navigation + b if b # OK + b.close if b && !b.closed # OK + b.blowup if b || !b.blownup #$ Alert + + if false + c = 0 + end + unless c + return + end + c # OK - given above unless + + if false + d = 0 + end + if (d.nil?) + return + end + d # OK - given above check + + if false + e = 0 + end + unless (!e.nil?) + return + end + e # OK - given above unless end def test_loop - begin - if false - a = 0 - else - set_a - end - end until a #$ SPURIOUS: Alert - a #$ SPURIOUS: Alert + begin + if false + a = 0 + else + set_a + end + end until a # OK + a # OK - given previous until end \ No newline at end of file From 8555e8c8c817e97218fb11ffe58c13e6e62cd334 Mon Sep 17 00:00:00 2001 From: yoff Date: Thu, 3 Apr 2025 12:12:44 +0200 Subject: [PATCH 383/409] ruby: add change notes --- .../2025-04-02-adjust-uninitialized-local-alert-message.md | 4 ++++ .../2025-04-02-adjust-uninitialized-local-metadata.md | 4 ++++ ruby/ql/src/queries/variables/UninitializedLocal.ql | 2 +- 3 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 ruby/ql/src/change-notes/2025-04-02-adjust-uninitialized-local-alert-message.md create mode 100644 ruby/ql/src/change-notes/2025-04-02-adjust-uninitialized-local-metadata.md diff --git a/ruby/ql/src/change-notes/2025-04-02-adjust-uninitialized-local-alert-message.md b/ruby/ql/src/change-notes/2025-04-02-adjust-uninitialized-local-alert-message.md new file mode 100644 index 00000000000..201e6e8928a --- /dev/null +++ b/ruby/ql/src/change-notes/2025-04-02-adjust-uninitialized-local-alert-message.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* The query `rb/uninitialized-local-variable` now take various guards into account and should produce fewer false positives. It also now comes with a help file. diff --git a/ruby/ql/src/change-notes/2025-04-02-adjust-uninitialized-local-metadata.md b/ruby/ql/src/change-notes/2025-04-02-adjust-uninitialized-local-metadata.md new file mode 100644 index 00000000000..d6c5f353a53 --- /dev/null +++ b/ruby/ql/src/change-notes/2025-04-02-adjust-uninitialized-local-metadata.md @@ -0,0 +1,4 @@ +--- +category: queryMetadata +--- +* The query `rb/uninitialized-local-variable` now only produces alerts when it can find local flow; we have adjusted the precision to 'medium'. diff --git a/ruby/ql/src/queries/variables/UninitializedLocal.ql b/ruby/ql/src/queries/variables/UninitializedLocal.ql index 5f0fb77872a..aa001ac9bc4 100644 --- a/ruby/ql/src/queries/variables/UninitializedLocal.ql +++ b/ruby/ql/src/queries/variables/UninitializedLocal.ql @@ -8,7 +8,7 @@ * @tags quality * reliability * correctness - * @precision high + * @precision medium */ import codeql.ruby.AST From becea89a473cd891f1e3405d12213d5c5931c9c6 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Fri, 11 Apr 2025 08:26:48 +0200 Subject: [PATCH 384/409] Rust: refine `ql/test/setup.sh` --- rust/ql/test/setup.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/rust/ql/test/setup.sh b/rust/ql/test/setup.sh index 822097140bb..1c12456107a 100755 --- a/rust/ql/test/setup.sh +++ b/rust/ql/test/setup.sh @@ -5,13 +5,13 @@ set -euo pipefail # This script is run by the CI to set up the test environment for the Rust QL tests # We run this as rustup is not meant to be run in parallel, and will this setup will be run by rust-analyzer in the # parallel QL tests unless we do the setup prior to launching the tests. -# We do this for each `rust-toolchain.toml` we use in the tests (and the root one in `rust`) +# We do this for each `rust-toolchain.toml` we use in the tests (and the root one in `rust` last, so it becomes the +# default). +# Notice that we do not need to explicitly add the rust-std component as it's listed in ql/rust/rust-toolchain.toml. cd "$(dirname "$0")" -rustup install -rustup component add rust-src - find . -name rust-toolchain.toml \ - -execdir rustup install \; \ - -execdir rustup component add rust-src \; + -execdir rustup install \; + +rustup install From 208487f23618f3ca7249cba692537d72b18a7d14 Mon Sep 17 00:00:00 2001 From: Napalys Date: Fri, 11 Apr 2025 08:39:47 +0200 Subject: [PATCH 385/409] Added `middleware` test --- .../Security/CWE-918/Request/middleware.ts | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 javascript/ql/test/query-tests/Security/CWE-918/Request/middleware.ts diff --git a/javascript/ql/test/query-tests/Security/CWE-918/Request/middleware.ts b/javascript/ql/test/query-tests/Security/CWE-918/Request/middleware.ts new file mode 100644 index 00000000000..259e17d289d --- /dev/null +++ b/javascript/ql/test/query-tests/Security/CWE-918/Request/middleware.ts @@ -0,0 +1,12 @@ +import { NextRequest, NextResponse } from 'next/server'; + +export async function middleware(req: NextRequest) { + const target = req.nextUrl // $ MISSING : Source[js/request-forgery] + if (target) { + const res = await fetch(target) // $ MISSING: Alert[js/request-forgery] Sink[js/request-forgery] + const data = await res.text() + return new NextResponse(data) + } + return NextResponse.next() +} + \ No newline at end of file From 734ad2d767597c57bf71847f3db0034c5619507a Mon Sep 17 00:00:00 2001 From: Napalys Date: Fri, 11 Apr 2025 08:43:08 +0200 Subject: [PATCH 386/409] Removed legacy `Consistency` check as it is redundant now with inline test expectations. --- .../Security/CWE-918/Consistency.expected | 2 -- .../Security/CWE-918/Consistency.ql | 25 ------------------- 2 files changed, 27 deletions(-) delete mode 100644 javascript/ql/test/query-tests/Security/CWE-918/Consistency.expected delete mode 100644 javascript/ql/test/query-tests/Security/CWE-918/Consistency.ql diff --git a/javascript/ql/test/query-tests/Security/CWE-918/Consistency.expected b/javascript/ql/test/query-tests/Security/CWE-918/Consistency.expected deleted file mode 100644 index c2b63d9c942..00000000000 --- a/javascript/ql/test/query-tests/Security/CWE-918/Consistency.expected +++ /dev/null @@ -1,2 +0,0 @@ -consistencyIssue -resultInWrongFile diff --git a/javascript/ql/test/query-tests/Security/CWE-918/Consistency.ql b/javascript/ql/test/query-tests/Security/CWE-918/Consistency.ql deleted file mode 100644 index 5ae582db491..00000000000 --- a/javascript/ql/test/query-tests/Security/CWE-918/Consistency.ql +++ /dev/null @@ -1,25 +0,0 @@ -import javascript -import semmle.javascript.security.dataflow.RequestForgeryQuery as RequestForgery -import semmle.javascript.security.dataflow.ClientSideRequestForgeryQuery as ClientSideRequestForgery -deprecated import utils.test.ConsistencyChecking - -query predicate resultInWrongFile(DataFlow::Node node) { - exists(string filePattern | - RequestForgery::RequestForgeryFlow::flowTo(node) and - filePattern = ".*serverSide.*" - or - ClientSideRequestForgery::ClientSideRequestForgeryFlow::flowTo(node) and - filePattern = ".*clientSide.*" - | - not node.getFile().getRelativePath().regexpMatch(filePattern) - ) -} - -deprecated class Consistency extends ConsistencyConfiguration { - Consistency() { this = "Consistency" } - - override DataFlow::Node getAnAlert() { - RequestForgery::RequestForgeryFlow::flowTo(result) or - ClientSideRequestForgery::ClientSideRequestForgeryFlow::flowTo(result) - } -} From 6e09a65da07fd6cbaa7b887327fa6d2935e5f086 Mon Sep 17 00:00:00 2001 From: Napalys Date: Fri, 11 Apr 2025 08:43:36 +0200 Subject: [PATCH 387/409] Added support for `NextRequest` `middleware` SSRF. --- javascript/ql/lib/semmle/javascript/frameworks/Next.qll | 8 ++++++-- .../query-tests/Security/CWE-918/Request/middleware.ts | 4 ++-- .../query-tests/Security/CWE-918/RequestForgery.expected | 6 ++++++ 3 files changed, 14 insertions(+), 4 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Next.qll b/javascript/ql/lib/semmle/javascript/frameworks/Next.qll index 6333c9442d8..fad4f25e5f5 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/Next.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/Next.qll @@ -281,8 +281,12 @@ module NextJS { */ class NextAppRouteHandler extends DataFlow::FunctionNode, Http::Servers::StandardRouteHandler { NextAppRouteHandler() { - exists(Module mod | mod.getFile().getParentContainer() = apiFolder() | - this = mod.getAnExportedValue(any(Http::RequestMethodName m)).getAFunctionValue() and + exists(Module mod | + mod.getFile().getParentContainer() = apiFolder() or + mod.getFile().getBaseName() = ["middleware.ts", "middleware.js"] + | + this = + mod.getAnExportedValue([any(Http::RequestMethodName m), "middleware"]).getAFunctionValue() and ( this.getParameter(0).hasUnderlyingType("next/server", "NextRequest") or diff --git a/javascript/ql/test/query-tests/Security/CWE-918/Request/middleware.ts b/javascript/ql/test/query-tests/Security/CWE-918/Request/middleware.ts index 259e17d289d..e6bb7f8db60 100644 --- a/javascript/ql/test/query-tests/Security/CWE-918/Request/middleware.ts +++ b/javascript/ql/test/query-tests/Security/CWE-918/Request/middleware.ts @@ -1,9 +1,9 @@ import { NextRequest, NextResponse } from 'next/server'; export async function middleware(req: NextRequest) { - const target = req.nextUrl // $ MISSING : Source[js/request-forgery] + const target = req.nextUrl // $ Source[js/request-forgery] if (target) { - const res = await fetch(target) // $ MISSING: Alert[js/request-forgery] Sink[js/request-forgery] + const res = await fetch(target) // $ Alert[js/request-forgery] Sink[js/request-forgery] const data = await res.text() return new NextResponse(data) } diff --git a/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected b/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected index b8436fa6722..cf3b225e322 100644 --- a/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected +++ b/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected @@ -1,6 +1,7 @@ #select | Request/app/api/proxy/route2.serverSide.ts:5:21:5:30 | fetch(url) | Request/app/api/proxy/route2.serverSide.ts:4:25:4:34 | req.json() | Request/app/api/proxy/route2.serverSide.ts:5:27:5:29 | url | The $@ of this request depends on a $@. | Request/app/api/proxy/route2.serverSide.ts:5:27:5:29 | url | URL | Request/app/api/proxy/route2.serverSide.ts:4:25:4:34 | req.json() | user-provided value | | Request/app/api/proxy/route.serverSide.ts:3:21:3:30 | fetch(url) | Request/app/api/proxy/route.serverSide.ts:2:25:2:34 | req.json() | Request/app/api/proxy/route.serverSide.ts:3:27:3:29 | url | The $@ of this request depends on a $@. | Request/app/api/proxy/route.serverSide.ts:3:27:3:29 | url | URL | Request/app/api/proxy/route.serverSide.ts:2:25:2:34 | req.json() | user-provided value | +| Request/middleware.ts:6:25:6:37 | fetch(target) | Request/middleware.ts:4:20:4:30 | req.nextUrl | Request/middleware.ts:6:31:6:36 | target | The $@ of this request depends on a $@. | Request/middleware.ts:6:31:6:36 | target | URL | Request/middleware.ts:4:20:4:30 | req.nextUrl | user-provided value | | apollo.serverSide.ts:8:39:8:64 | get(fil ... => {}) | apollo.serverSide.ts:7:36:7:44 | { files } | apollo.serverSide.ts:8:43:8:50 | file.url | The $@ of this request depends on a $@. | apollo.serverSide.ts:8:43:8:50 | file.url | URL | apollo.serverSide.ts:7:36:7:44 | { files } | user-provided value | | apollo.serverSide.ts:18:37:18:62 | get(fil ... => {}) | apollo.serverSide.ts:17:34:17:42 | { files } | apollo.serverSide.ts:18:41:18:48 | file.url | The $@ of this request depends on a $@. | apollo.serverSide.ts:18:41:18:48 | file.url | URL | apollo.serverSide.ts:17:34:17:42 | { files } | user-provided value | | axiosInterceptors.serverSide.js:11:26:11:40 | userProvidedUrl | axiosInterceptors.serverSide.js:19:21:19:28 | req.body | axiosInterceptors.serverSide.js:11:26:11:40 | userProvidedUrl | The $@ of this request depends on a $@. | axiosInterceptors.serverSide.js:11:26:11:40 | userProvidedUrl | endpoint | axiosInterceptors.serverSide.js:19:21:19:28 | req.body | user-provided value | @@ -37,6 +38,8 @@ edges | Request/app/api/proxy/route.serverSide.ts:2:9:2:34 | url | Request/app/api/proxy/route.serverSide.ts:3:27:3:29 | url | provenance | | | Request/app/api/proxy/route.serverSide.ts:2:19:2:34 | await req.json() | Request/app/api/proxy/route.serverSide.ts:2:9:2:15 | { url } | provenance | | | Request/app/api/proxy/route.serverSide.ts:2:25:2:34 | req.json() | Request/app/api/proxy/route.serverSide.ts:2:19:2:34 | await req.json() | provenance | | +| Request/middleware.ts:4:11:4:30 | target | Request/middleware.ts:6:31:6:36 | target | provenance | | +| Request/middleware.ts:4:20:4:30 | req.nextUrl | Request/middleware.ts:4:11:4:30 | target | provenance | | | apollo.serverSide.ts:7:36:7:44 | files | apollo.serverSide.ts:8:13:8:17 | files | provenance | | | apollo.serverSide.ts:7:36:7:44 | { files } | apollo.serverSide.ts:7:36:7:44 | files | provenance | | | apollo.serverSide.ts:8:13:8:17 | files | apollo.serverSide.ts:8:28:8:31 | file | provenance | | @@ -111,6 +114,9 @@ nodes | Request/app/api/proxy/route.serverSide.ts:2:19:2:34 | await req.json() | semmle.label | await req.json() | | Request/app/api/proxy/route.serverSide.ts:2:25:2:34 | req.json() | semmle.label | req.json() | | Request/app/api/proxy/route.serverSide.ts:3:27:3:29 | url | semmle.label | url | +| Request/middleware.ts:4:11:4:30 | target | semmle.label | target | +| Request/middleware.ts:4:20:4:30 | req.nextUrl | semmle.label | req.nextUrl | +| Request/middleware.ts:6:31:6:36 | target | semmle.label | target | | apollo.serverSide.ts:7:36:7:44 | files | semmle.label | files | | apollo.serverSide.ts:7:36:7:44 | { files } | semmle.label | { files } | | apollo.serverSide.ts:8:13:8:17 | files | semmle.label | files | From db1203acb3a1a80f528b3168e223e99af07fa369 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Fri, 11 Apr 2025 08:56:35 +0200 Subject: [PATCH 388/409] Rust: reinstate adding `rust-src` for test toolchains --- rust/ql/test/setup.sh | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/rust/ql/test/setup.sh b/rust/ql/test/setup.sh index 1c12456107a..9b2d6b4f344 100755 --- a/rust/ql/test/setup.sh +++ b/rust/ql/test/setup.sh @@ -7,11 +7,12 @@ set -euo pipefail # parallel QL tests unless we do the setup prior to launching the tests. # We do this for each `rust-toolchain.toml` we use in the tests (and the root one in `rust` last, so it becomes the # default). -# Notice that we do not need to explicitly add the rust-std component as it's listed in ql/rust/rust-toolchain.toml. cd "$(dirname "$0")" find . -name rust-toolchain.toml \ - -execdir rustup install \; + -execdir rustup install \; \ + -execdir rustup component add rust-src \; +# no to install rust-src explicitly, it's listedin ql/rust/rust-toolchain.toml rustup install From 8674b61e5a886af7bd8f4d1c91cd5ed4670291ca Mon Sep 17 00:00:00 2001 From: Napalys Date: Fri, 11 Apr 2025 09:26:16 +0200 Subject: [PATCH 389/409] Added SSRF test case with `searchParams` for `NextRequest` --- .../test/query-tests/Security/CWE-918/Request/middleware.ts | 6 ++++++ .../query-tests/Security/CWE-918/RequestForgery.expected | 6 +++--- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/javascript/ql/test/query-tests/Security/CWE-918/Request/middleware.ts b/javascript/ql/test/query-tests/Security/CWE-918/Request/middleware.ts index e6bb7f8db60..2e6aa2746d6 100644 --- a/javascript/ql/test/query-tests/Security/CWE-918/Request/middleware.ts +++ b/javascript/ql/test/query-tests/Security/CWE-918/Request/middleware.ts @@ -2,11 +2,17 @@ import { NextRequest, NextResponse } from 'next/server'; export async function middleware(req: NextRequest) { const target = req.nextUrl // $ Source[js/request-forgery] + const target2 = target.searchParams.get('target'); // $ MISSING: Source[js/request-forgery] if (target) { const res = await fetch(target) // $ Alert[js/request-forgery] Sink[js/request-forgery] const data = await res.text() return new NextResponse(data) } + if (target2) { + const res = await fetch(target2); // $ MISSING: Alert[js/request-forgery] Sink[js/request-forgery] + const data = await res.text(); + return new NextResponse(data); + } return NextResponse.next() } \ No newline at end of file diff --git a/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected b/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected index cf3b225e322..387a6590fbd 100644 --- a/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected +++ b/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected @@ -1,7 +1,7 @@ #select | Request/app/api/proxy/route2.serverSide.ts:5:21:5:30 | fetch(url) | Request/app/api/proxy/route2.serverSide.ts:4:25:4:34 | req.json() | Request/app/api/proxy/route2.serverSide.ts:5:27:5:29 | url | The $@ of this request depends on a $@. | Request/app/api/proxy/route2.serverSide.ts:5:27:5:29 | url | URL | Request/app/api/proxy/route2.serverSide.ts:4:25:4:34 | req.json() | user-provided value | | Request/app/api/proxy/route.serverSide.ts:3:21:3:30 | fetch(url) | Request/app/api/proxy/route.serverSide.ts:2:25:2:34 | req.json() | Request/app/api/proxy/route.serverSide.ts:3:27:3:29 | url | The $@ of this request depends on a $@. | Request/app/api/proxy/route.serverSide.ts:3:27:3:29 | url | URL | Request/app/api/proxy/route.serverSide.ts:2:25:2:34 | req.json() | user-provided value | -| Request/middleware.ts:6:25:6:37 | fetch(target) | Request/middleware.ts:4:20:4:30 | req.nextUrl | Request/middleware.ts:6:31:6:36 | target | The $@ of this request depends on a $@. | Request/middleware.ts:6:31:6:36 | target | URL | Request/middleware.ts:4:20:4:30 | req.nextUrl | user-provided value | +| Request/middleware.ts:7:25:7:37 | fetch(target) | Request/middleware.ts:4:20:4:30 | req.nextUrl | Request/middleware.ts:7:31:7:36 | target | The $@ of this request depends on a $@. | Request/middleware.ts:7:31:7:36 | target | URL | Request/middleware.ts:4:20:4:30 | req.nextUrl | user-provided value | | apollo.serverSide.ts:8:39:8:64 | get(fil ... => {}) | apollo.serverSide.ts:7:36:7:44 | { files } | apollo.serverSide.ts:8:43:8:50 | file.url | The $@ of this request depends on a $@. | apollo.serverSide.ts:8:43:8:50 | file.url | URL | apollo.serverSide.ts:7:36:7:44 | { files } | user-provided value | | apollo.serverSide.ts:18:37:18:62 | get(fil ... => {}) | apollo.serverSide.ts:17:34:17:42 | { files } | apollo.serverSide.ts:18:41:18:48 | file.url | The $@ of this request depends on a $@. | apollo.serverSide.ts:18:41:18:48 | file.url | URL | apollo.serverSide.ts:17:34:17:42 | { files } | user-provided value | | axiosInterceptors.serverSide.js:11:26:11:40 | userProvidedUrl | axiosInterceptors.serverSide.js:19:21:19:28 | req.body | axiosInterceptors.serverSide.js:11:26:11:40 | userProvidedUrl | The $@ of this request depends on a $@. | axiosInterceptors.serverSide.js:11:26:11:40 | userProvidedUrl | endpoint | axiosInterceptors.serverSide.js:19:21:19:28 | req.body | user-provided value | @@ -38,7 +38,7 @@ edges | Request/app/api/proxy/route.serverSide.ts:2:9:2:34 | url | Request/app/api/proxy/route.serverSide.ts:3:27:3:29 | url | provenance | | | Request/app/api/proxy/route.serverSide.ts:2:19:2:34 | await req.json() | Request/app/api/proxy/route.serverSide.ts:2:9:2:15 | { url } | provenance | | | Request/app/api/proxy/route.serverSide.ts:2:25:2:34 | req.json() | Request/app/api/proxy/route.serverSide.ts:2:19:2:34 | await req.json() | provenance | | -| Request/middleware.ts:4:11:4:30 | target | Request/middleware.ts:6:31:6:36 | target | provenance | | +| Request/middleware.ts:4:11:4:30 | target | Request/middleware.ts:7:31:7:36 | target | provenance | | | Request/middleware.ts:4:20:4:30 | req.nextUrl | Request/middleware.ts:4:11:4:30 | target | provenance | | | apollo.serverSide.ts:7:36:7:44 | files | apollo.serverSide.ts:8:13:8:17 | files | provenance | | | apollo.serverSide.ts:7:36:7:44 | { files } | apollo.serverSide.ts:7:36:7:44 | files | provenance | | @@ -116,7 +116,7 @@ nodes | Request/app/api/proxy/route.serverSide.ts:3:27:3:29 | url | semmle.label | url | | Request/middleware.ts:4:11:4:30 | target | semmle.label | target | | Request/middleware.ts:4:20:4:30 | req.nextUrl | semmle.label | req.nextUrl | -| Request/middleware.ts:6:31:6:36 | target | semmle.label | target | +| Request/middleware.ts:7:31:7:36 | target | semmle.label | target | | apollo.serverSide.ts:7:36:7:44 | files | semmle.label | files | | apollo.serverSide.ts:7:36:7:44 | { files } | semmle.label | { files } | | apollo.serverSide.ts:8:13:8:17 | files | semmle.label | files | From 678eccb417b32aa38d6b3a0426b448bc4c99612d Mon Sep 17 00:00:00 2001 From: Napalys Date: Fri, 11 Apr 2025 09:27:54 +0200 Subject: [PATCH 390/409] Added `searchParams.get` as potential source for SSRF --- .../ql/lib/semmle/javascript/frameworks/Next.qll | 12 +++++++++++- .../Security/CWE-918/Request/middleware.ts | 4 ++-- .../Security/CWE-918/RequestForgery.expected | 6 ++++++ 3 files changed, 19 insertions(+), 3 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Next.qll b/javascript/ql/lib/semmle/javascript/frameworks/Next.qll index fad4f25e5f5..2921b6c4850 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/Next.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/Next.qll @@ -318,7 +318,17 @@ module NextJS { ) and kind = "body" or - this = handler.getRequest().getAPropertyRead(["url", "nextUrl"]) and kind = "url" + ( + this = handler.getRequest().getAPropertyRead(["url", "nextUrl"]) + or + this = + handler + .getRequest() + .getAPropertyRead("nextUrl") + .getAPropertyRead("searchParams") + .getAMemberCall("get") + ) and + kind = "url" or this = handler.getRequest().getAPropertyRead("headers") and kind = "headers" } diff --git a/javascript/ql/test/query-tests/Security/CWE-918/Request/middleware.ts b/javascript/ql/test/query-tests/Security/CWE-918/Request/middleware.ts index 2e6aa2746d6..3db3a4bae3b 100644 --- a/javascript/ql/test/query-tests/Security/CWE-918/Request/middleware.ts +++ b/javascript/ql/test/query-tests/Security/CWE-918/Request/middleware.ts @@ -2,14 +2,14 @@ import { NextRequest, NextResponse } from 'next/server'; export async function middleware(req: NextRequest) { const target = req.nextUrl // $ Source[js/request-forgery] - const target2 = target.searchParams.get('target'); // $ MISSING: Source[js/request-forgery] + const target2 = target.searchParams.get('target'); // $ Source[js/request-forgery] if (target) { const res = await fetch(target) // $ Alert[js/request-forgery] Sink[js/request-forgery] const data = await res.text() return new NextResponse(data) } if (target2) { - const res = await fetch(target2); // $ MISSING: Alert[js/request-forgery] Sink[js/request-forgery] + const res = await fetch(target2); // $ Alert[js/request-forgery] Sink[js/request-forgery] const data = await res.text(); return new NextResponse(data); } diff --git a/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected b/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected index 387a6590fbd..b3d3055cd86 100644 --- a/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected +++ b/javascript/ql/test/query-tests/Security/CWE-918/RequestForgery.expected @@ -2,6 +2,7 @@ | Request/app/api/proxy/route2.serverSide.ts:5:21:5:30 | fetch(url) | Request/app/api/proxy/route2.serverSide.ts:4:25:4:34 | req.json() | Request/app/api/proxy/route2.serverSide.ts:5:27:5:29 | url | The $@ of this request depends on a $@. | Request/app/api/proxy/route2.serverSide.ts:5:27:5:29 | url | URL | Request/app/api/proxy/route2.serverSide.ts:4:25:4:34 | req.json() | user-provided value | | Request/app/api/proxy/route.serverSide.ts:3:21:3:30 | fetch(url) | Request/app/api/proxy/route.serverSide.ts:2:25:2:34 | req.json() | Request/app/api/proxy/route.serverSide.ts:3:27:3:29 | url | The $@ of this request depends on a $@. | Request/app/api/proxy/route.serverSide.ts:3:27:3:29 | url | URL | Request/app/api/proxy/route.serverSide.ts:2:25:2:34 | req.json() | user-provided value | | Request/middleware.ts:7:25:7:37 | fetch(target) | Request/middleware.ts:4:20:4:30 | req.nextUrl | Request/middleware.ts:7:31:7:36 | target | The $@ of this request depends on a $@. | Request/middleware.ts:7:31:7:36 | target | URL | Request/middleware.ts:4:20:4:30 | req.nextUrl | user-provided value | +| Request/middleware.ts:12:27:12:40 | fetch(target2) | Request/middleware.ts:5:21:5:53 | target. ... arget') | Request/middleware.ts:12:33:12:39 | target2 | The $@ of this request depends on a $@. | Request/middleware.ts:12:33:12:39 | target2 | URL | Request/middleware.ts:5:21:5:53 | target. ... arget') | user-provided value | | apollo.serverSide.ts:8:39:8:64 | get(fil ... => {}) | apollo.serverSide.ts:7:36:7:44 | { files } | apollo.serverSide.ts:8:43:8:50 | file.url | The $@ of this request depends on a $@. | apollo.serverSide.ts:8:43:8:50 | file.url | URL | apollo.serverSide.ts:7:36:7:44 | { files } | user-provided value | | apollo.serverSide.ts:18:37:18:62 | get(fil ... => {}) | apollo.serverSide.ts:17:34:17:42 | { files } | apollo.serverSide.ts:18:41:18:48 | file.url | The $@ of this request depends on a $@. | apollo.serverSide.ts:18:41:18:48 | file.url | URL | apollo.serverSide.ts:17:34:17:42 | { files } | user-provided value | | axiosInterceptors.serverSide.js:11:26:11:40 | userProvidedUrl | axiosInterceptors.serverSide.js:19:21:19:28 | req.body | axiosInterceptors.serverSide.js:11:26:11:40 | userProvidedUrl | The $@ of this request depends on a $@. | axiosInterceptors.serverSide.js:11:26:11:40 | userProvidedUrl | endpoint | axiosInterceptors.serverSide.js:19:21:19:28 | req.body | user-provided value | @@ -40,6 +41,8 @@ edges | Request/app/api/proxy/route.serverSide.ts:2:25:2:34 | req.json() | Request/app/api/proxy/route.serverSide.ts:2:19:2:34 | await req.json() | provenance | | | Request/middleware.ts:4:11:4:30 | target | Request/middleware.ts:7:31:7:36 | target | provenance | | | Request/middleware.ts:4:20:4:30 | req.nextUrl | Request/middleware.ts:4:11:4:30 | target | provenance | | +| Request/middleware.ts:5:11:5:53 | target2 | Request/middleware.ts:12:33:12:39 | target2 | provenance | | +| Request/middleware.ts:5:21:5:53 | target. ... arget') | Request/middleware.ts:5:11:5:53 | target2 | provenance | | | apollo.serverSide.ts:7:36:7:44 | files | apollo.serverSide.ts:8:13:8:17 | files | provenance | | | apollo.serverSide.ts:7:36:7:44 | { files } | apollo.serverSide.ts:7:36:7:44 | files | provenance | | | apollo.serverSide.ts:8:13:8:17 | files | apollo.serverSide.ts:8:28:8:31 | file | provenance | | @@ -116,7 +119,10 @@ nodes | Request/app/api/proxy/route.serverSide.ts:3:27:3:29 | url | semmle.label | url | | Request/middleware.ts:4:11:4:30 | target | semmle.label | target | | Request/middleware.ts:4:20:4:30 | req.nextUrl | semmle.label | req.nextUrl | +| Request/middleware.ts:5:11:5:53 | target2 | semmle.label | target2 | +| Request/middleware.ts:5:21:5:53 | target. ... arget') | semmle.label | target. ... arget') | | Request/middleware.ts:7:31:7:36 | target | semmle.label | target | +| Request/middleware.ts:12:33:12:39 | target2 | semmle.label | target2 | | apollo.serverSide.ts:7:36:7:44 | files | semmle.label | files | | apollo.serverSide.ts:7:36:7:44 | { files } | semmle.label | { files } | | apollo.serverSide.ts:8:13:8:17 | files | semmle.label | files | From 2c4b3527b4bee7f97b071614d97b6a544911c5a6 Mon Sep 17 00:00:00 2001 From: Napalys Date: Fri, 11 Apr 2025 09:38:23 +0200 Subject: [PATCH 391/409] Added change note --- javascript/ql/lib/change-notes/2025-04-11-nextrequest.md | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 javascript/ql/lib/change-notes/2025-04-11-nextrequest.md diff --git a/javascript/ql/lib/change-notes/2025-04-11-nextrequest.md b/javascript/ql/lib/change-notes/2025-04-11-nextrequest.md new file mode 100644 index 00000000000..9db5c34e51b --- /dev/null +++ b/javascript/ql/lib/change-notes/2025-04-11-nextrequest.md @@ -0,0 +1,5 @@ +--- +category: minorAnalysis +--- +* Data passed to the [NextResponse](https://nextjs.org/docs/app/api-reference/functions/next-response) constructor is now treated as a sink for `js/reflected-xss`. +* Data received from [NextRequest](https://nextjs.org/docs/app/api-reference/functions/next-request) and [Request](https://developer.mozilla.org/en-US/docs/Web/API/Request) is now treated as a remote user input `source`. From 85940484ab91edf97eca320b927bb017cf384ada Mon Sep 17 00:00:00 2001 From: Arthur Baars Date: Fri, 11 Apr 2025 09:57:50 +0200 Subject: [PATCH 392/409] Update rust/ql/test/setup.sh --- rust/ql/test/setup.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rust/ql/test/setup.sh b/rust/ql/test/setup.sh index 9b2d6b4f344..f087e7bc32b 100755 --- a/rust/ql/test/setup.sh +++ b/rust/ql/test/setup.sh @@ -14,5 +14,5 @@ find . -name rust-toolchain.toml \ -execdir rustup install \; \ -execdir rustup component add rust-src \; -# no to install rust-src explicitly, it's listedin ql/rust/rust-toolchain.toml +# no to install rust-src explicitly, it's listed in ql/rust/rust-toolchain.toml rustup install From e3f1720f9c532d4afd24cb8de2beb5f173b890c1 Mon Sep 17 00:00:00 2001 From: Napalys Date: Fri, 11 Apr 2025 10:04:09 +0200 Subject: [PATCH 393/409] Renamed`DecodeLike` to `Decode` and updated `propagatesFlow` --- .../javascript/internal/flow_summaries/Decoders.qll | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Decoders.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Decoders.qll index 7e75d6482c5..2866c892608 100644 --- a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Decoders.qll +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Decoders.qll @@ -13,16 +13,16 @@ private class TextDecoderEntryPoint extends API::EntryPoint { pragma[nomagic] API::Node textDecoderConstructorRef() { result = any(TextDecoderEntryPoint e).getANode() } -class DecodeLike extends SummarizedCallable { - DecodeLike() { this = "TextDecoder#decode" } +class Decode extends SummarizedCallable { + Decode() { this = "TextDecoder#decode" } override InstanceCall getACall() { result = textDecoderConstructorRef().getInstance().getMember("decode").getACall() } override predicate propagatesFlow(string input, string output, boolean preservesValue) { - preservesValue = true and - input = "Argument[0]" and + preservesValue = false and + input = "Argument[0].ArrayElement" and output = "ReturnValue" } } From f675a143d6f62140318b299c4eecd33fa7f0a290 Mon Sep 17 00:00:00 2001 From: yoff Date: Fri, 11 Apr 2025 10:48:41 +0200 Subject: [PATCH 394/409] ruby: remove redundant cases The CFG handles the negation --- ruby/ql/src/queries/variables/UninitializedLocal.ql | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/ruby/ql/src/queries/variables/UninitializedLocal.ql b/ruby/ql/src/queries/variables/UninitializedLocal.ql index aa001ac9bc4..1633e20bee0 100644 --- a/ruby/ql/src/queries/variables/UninitializedLocal.ql +++ b/ruby/ql/src/queries/variables/UninitializedLocal.ql @@ -37,23 +37,12 @@ predicate isGuarded(LocalVariableReadAccess read) { guard.getAstNode() = read.getVariable().getAnAccess() and branch = true or - // guard is `!var` - guard.getAstNode().(NotExpr).getOperand() = read.getVariable().getAnAccess() and - branch = false - or // guard is `var.nil?` exists(MethodCall c | guard.getAstNode() = c | c.getReceiver() = read.getVariable().getAnAccess() and c.getMethodName() = "nil?" ) and branch = false - or - // guard is `!var.nil?` - exists(MethodCall c | guard.getAstNode().(NotExpr).getOperand() = c | - c.getReceiver() = read.getVariable().getAnAccess() and - c.getMethodName() = "nil?" - ) and - branch = true ) } From 4167e960580bc9692734451e202143d10ea85722 Mon Sep 17 00:00:00 2001 From: yoff Date: Fri, 11 Apr 2025 11:00:22 +0200 Subject: [PATCH 395/409] ruby: more complete impleemntation of `isInBooleanContext` Co-authored-by: Tom Hvitved --- .../queries/variables/UninitializedLocal.ql | 34 ++++++++++++++----- 1 file changed, 26 insertions(+), 8 deletions(-) diff --git a/ruby/ql/src/queries/variables/UninitializedLocal.ql b/ruby/ql/src/queries/variables/UninitializedLocal.ql index 1633e20bee0..93e5c9b3adb 100644 --- a/ruby/ql/src/queries/variables/UninitializedLocal.ql +++ b/ruby/ql/src/queries/variables/UninitializedLocal.ql @@ -17,19 +17,37 @@ private import codeql.ruby.dataflow.internal.DataFlowPublic import codeql.ruby.controlflow.internal.Guards as Guards import codeql.ruby.controlflow.CfgNodes -predicate isInBooleanContext(Expr e) { - e = any(ConditionalExpr c).getCondition() +private predicate isInBooleanContext(AstNode n) { + exists(ConditionalExpr i | + n = i.getCondition() + or + isInBooleanContext(i) and + n = i.getBranch(_) + ) or - e = any(ConditionalLoop l).getCondition() + n = any(ConditionalLoop parent).getCondition() or - e = any(LogicalAndExpr n).getAnOperand() + n = any(InClause parent).getCondition() or - e = any(LogicalOrExpr n).getAnOperand() + n = any(LogicalAndExpr op).getAnOperand() or - e = any(NotExpr n).getOperand() + n = any(LogicalOrExpr op).getAnOperand() + or + n = any(NotExpr op).getOperand() + or + n = any(StmtSequence parent | isInBooleanContext(parent)).getLastStmt() + or + exists(CaseExpr c, WhenClause w | + not exists(c.getValue()) and + c.getABranch() = w + | + w.getPattern(_) = n + or + w = n + ) } -predicate isGuarded(LocalVariableReadAccess read) { +private predicate isGuarded(LocalVariableReadAccess read) { exists(AstCfgNode guard, boolean branch | Guards::guardControlsBlock(guard, read.getAControlFlowNode().getBasicBlock(), branch) | @@ -46,7 +64,7 @@ predicate isGuarded(LocalVariableReadAccess read) { ) } -predicate isNilChecked(LocalVariableReadAccess read) { +private predicate isNilChecked(LocalVariableReadAccess read) { exists(MethodCall c | c.getReceiver() = read | c.getMethodName() = "nil?" or From d0dcf897cb82b4f44ccfd3edebeb048346b551cc Mon Sep 17 00:00:00 2001 From: Napalys Klicius Date: Fri, 11 Apr 2025 11:04:08 +0200 Subject: [PATCH 396/409] Update javascript/ql/lib/semmle/javascript/internal/flow_summaries/Strings.qll Co-authored-by: Asger F --- .../lib/semmle/javascript/internal/flow_summaries/Strings.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Strings.qll b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Strings.qll index 8c8ab1ac4ac..d18e2181965 100644 --- a/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Strings.qll +++ b/javascript/ql/lib/semmle/javascript/internal/flow_summaries/Strings.qll @@ -108,7 +108,7 @@ class StringFromCharCode extends SummarizedCallable { } override predicate propagatesFlow(string input, string output, boolean preservesValue) { - preservesValue = true and + preservesValue = false and ( input = "Argument[0..]" and output = "ReturnValue" From 92e4f112c01256d7bde118ce3e30c4a7b4b7e418 Mon Sep 17 00:00:00 2001 From: Napalys Klicius Date: Fri, 11 Apr 2025 11:08:40 +0200 Subject: [PATCH 397/409] Update javascript/ql/lib/semmle/javascript/frameworks/Next.qll Co-authored-by: Asger F --- javascript/ql/lib/semmle/javascript/frameworks/Next.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Next.qll b/javascript/ql/lib/semmle/javascript/frameworks/Next.qll index 2921b6c4850..b31da84a341 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/Next.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/Next.qll @@ -283,7 +283,7 @@ module NextJS { NextAppRouteHandler() { exists(Module mod | mod.getFile().getParentContainer() = apiFolder() or - mod.getFile().getBaseName() = ["middleware.ts", "middleware.js"] + mod.getFile().getStem() = "middleware" | this = mod.getAnExportedValue([any(Http::RequestMethodName m), "middleware"]).getAFunctionValue() and From 11abbf8c4ae5267a17d3b4692c991a5a316c971d Mon Sep 17 00:00:00 2001 From: Napalys Date: Fri, 11 Apr 2025 11:19:12 +0200 Subject: [PATCH 398/409] Now `nextUrl` is of type `parameter` and loosen the restriction for `NextAppRouteHandler` --- .../lib/semmle/javascript/frameworks/Next.qll | 26 +++++++------------ 1 file changed, 10 insertions(+), 16 deletions(-) diff --git a/javascript/ql/lib/semmle/javascript/frameworks/Next.qll b/javascript/ql/lib/semmle/javascript/frameworks/Next.qll index b31da84a341..551d325f26a 100644 --- a/javascript/ql/lib/semmle/javascript/frameworks/Next.qll +++ b/javascript/ql/lib/semmle/javascript/frameworks/Next.qll @@ -286,12 +286,7 @@ module NextJS { mod.getFile().getStem() = "middleware" | this = - mod.getAnExportedValue([any(Http::RequestMethodName m), "middleware"]).getAFunctionValue() and - ( - this.getParameter(0).hasUnderlyingType("next/server", "NextRequest") - or - this.getParameter(0).hasUnderlyingType("Request") - ) + mod.getAnExportedValue([any(Http::RequestMethodName m), "middleware"]).getAFunctionValue() ) } @@ -318,18 +313,17 @@ module NextJS { ) and kind = "body" or - ( - this = handler.getRequest().getAPropertyRead(["url", "nextUrl"]) - or - this = - handler - .getRequest() - .getAPropertyRead("nextUrl") - .getAPropertyRead("searchParams") - .getAMemberCall("get") - ) and + this = handler.getRequest().getAPropertyRead(["url", "nextUrl"]) and kind = "url" or + this = + handler + .getRequest() + .getAPropertyRead("nextUrl") + .getAPropertyRead("searchParams") + .getAMemberCall("get") and + kind = "parameter" + or this = handler.getRequest().getAPropertyRead("headers") and kind = "headers" } From 6e2cfab7b226e0c845ee36eb1deb31215000b4ce Mon Sep 17 00:00:00 2001 From: yoff Date: Fri, 11 Apr 2025 12:46:25 +0200 Subject: [PATCH 399/409] ruby: add test for `for` found during triage --- .../UninitializedLocal/UninitializedLocal.expected | 2 ++ .../variables/UninitializedLocal/UninitializedLocal.rb | 7 +++++++ 2 files changed, 9 insertions(+) diff --git a/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.expected b/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.expected index e8ab4210760..5d0cdddf964 100644 --- a/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.expected +++ b/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.expected @@ -1,3 +1,5 @@ | UninitializedLocal.rb:12:3:12:3 | m | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:8:7:8:7 | m | m | | UninitializedLocal.rb:34:5:34:5 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:9:27:9 | b | b | | UninitializedLocal.rb:34:23:34:23 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:9:27:9 | b | b | +| UninitializedLocal.rb:73:9:73:9 | i | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:73:9:73:9 | i | i | +| UninitializedLocal.rb:76:5:76:5 | i | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:73:9:73:9 | i | i | diff --git a/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.rb b/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.rb index 6682a4bc1e0..9761baac1da 100644 --- a/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.rb +++ b/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.rb @@ -67,4 +67,11 @@ def test_loop end end until a # OK a # OK - given previous until +end + +def test_for + for i in 0..10 #$ SPURIOUS: Alert + i + end + i #$ SPURIOUS: Alert end \ No newline at end of file From b641d5f177637cf4ac6cfbca3a97fb934a7cb5c4 Mon Sep 17 00:00:00 2001 From: yoff Date: Fri, 11 Apr 2025 13:22:42 +0200 Subject: [PATCH 400/409] ruby: fix FP --- ruby/ql/src/queries/variables/UninitializedLocal.ql | 5 +++-- .../variables/UninitializedLocal/UninitializedLocal.expected | 1 - .../variables/UninitializedLocal/UninitializedLocal.rb | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ruby/ql/src/queries/variables/UninitializedLocal.ql b/ruby/ql/src/queries/variables/UninitializedLocal.ql index 93e5c9b3adb..0e819cf8a90 100644 --- a/ruby/ql/src/queries/variables/UninitializedLocal.ql +++ b/ruby/ql/src/queries/variables/UninitializedLocal.ql @@ -13,9 +13,9 @@ import codeql.ruby.AST import codeql.ruby.dataflow.SSA -private import codeql.ruby.dataflow.internal.DataFlowPublic import codeql.ruby.controlflow.internal.Guards as Guards import codeql.ruby.controlflow.CfgNodes +import codeql.ruby.ast.internal.Variable private predicate isInBooleanContext(AstNode n) { exists(ConditionalExpr i | @@ -72,7 +72,8 @@ private predicate isNilChecked(LocalVariableReadAccess read) { ) } -class RelevantLocalVariableReadAccess extends LocalVariableReadAccess { +class RelevantLocalVariableReadAccess extends LocalVariableReadAccess instanceof TVariableAccessReal +{ RelevantLocalVariableReadAccess() { not isInBooleanContext(this) and not isNilChecked(this) and diff --git a/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.expected b/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.expected index 5d0cdddf964..174d0d348a2 100644 --- a/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.expected +++ b/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.expected @@ -1,5 +1,4 @@ | UninitializedLocal.rb:12:3:12:3 | m | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:8:7:8:7 | m | m | | UninitializedLocal.rb:34:5:34:5 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:9:27:9 | b | b | | UninitializedLocal.rb:34:23:34:23 | b | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:27:9:27:9 | b | b | -| UninitializedLocal.rb:73:9:73:9 | i | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:73:9:73:9 | i | i | | UninitializedLocal.rb:76:5:76:5 | i | Local variable $@ may be used before it is initialized. | UninitializedLocal.rb:73:9:73:9 | i | i | diff --git a/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.rb b/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.rb index 9761baac1da..9f4dc720ed0 100644 --- a/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.rb +++ b/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.rb @@ -70,7 +70,7 @@ def test_loop end def test_for - for i in 0..10 #$ SPURIOUS: Alert + for i in 0..10 # OK - since 0..10 cannot raise i end i #$ SPURIOUS: Alert From bfc494c0e1d08da309bf0c6872b677531ab409b1 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 11 Apr 2025 12:43:51 +0100 Subject: [PATCH 401/409] Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll Co-authored-by: Taus --- .../semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll index 1cf67dba1ee..6c096d098cd 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll @@ -462,7 +462,7 @@ newtype TPosition = TDirectPosition(int argumentIndex) { exists(any(CallInstruction c).getArgument(argumentIndex)) or - // Handle the rare case where the is a function definition but no call to + // Handle the rare case where there is a function definition but no call to // the function. exists(any(Cpp::Function f).getParameter(argumentIndex)) } or From deef95d3847c899e20deb9cb80794966860f06b6 Mon Sep 17 00:00:00 2001 From: Mathias Vorreiter Pedersen Date: Fri, 11 Apr 2025 12:43:59 +0100 Subject: [PATCH 402/409] Update cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll Co-authored-by: Taus --- .../semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll index 6c096d098cd..c5024d07dcb 100644 --- a/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll +++ b/cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/DataFlowPrivate.qll @@ -470,7 +470,7 @@ newtype TPosition = Ssa::hasIndirectOperand(any(CallInstruction call).getArgumentOperand(argumentIndex), indirectionIndex) or - // Handle the rare case where the is a function definition but no call to + // Handle the rare case where there is a function definition but no call to // the function. exists(Cpp::Function f, Cpp::Parameter p | p = f.getParameter(argumentIndex) and From 2477233508ef3db2671182f45cf699ec4097dae3 Mon Sep 17 00:00:00 2001 From: yoff Date: Fri, 11 Apr 2025 15:01:57 +0200 Subject: [PATCH 403/409] ruby: only report on method calls Interviewing a Ruby developer, I learned that dealing with nil is common practice. So alerts are mostly useful, if we can point to a place where this has gone wrong. --- .../variables/UninitializedLocal.qhelp | 9 ++-- .../queries/variables/UninitializedLocal.ql | 3 +- .../variables/examples/UninitializedLocal.rb | 4 +- .../UninitializedLocal/UninitializedLocal.rb | 42 +++++++++---------- 4 files changed, 30 insertions(+), 28 deletions(-) diff --git a/ruby/ql/src/queries/variables/UninitializedLocal.qhelp b/ruby/ql/src/queries/variables/UninitializedLocal.qhelp index d06bdc7087f..078775e803f 100644 --- a/ruby/ql/src/queries/variables/UninitializedLocal.qhelp +++ b/ruby/ql/src/queries/variables/UninitializedLocal.qhelp @@ -12,6 +12,8 @@ Consider the following example:

    This will generate an alert on the last access to m, where it is not clear that the programmer intended to read from the local variable. +In fact, the last access to m is a method call, and the value of the local variable is nil, +so this will raise a NoMethodError.

    @@ -19,8 +21,7 @@ This will generate an alert on the last access to m, where it is no

    Ensure that you check the control and data flow in the method carefully. -Check that the variable reference is spelled correctly, perhaps the variable has been renamed and the reference needs to be updated. -Another possibility is that an exception may be raised before the variable is assigned, in which case the read should be protected by a check for nil. +Add a check for nil before the read, or rewrite the code to ensure that the variable is always initialized before being read.

    @@ -28,8 +29,8 @@ Another possibility is that an exception may be raised before the variable is as -
  • Wikipedia: Dead store.
    • - +
  • https://www.rubyguides.com/: Nil.
    • +
  • https://ruby-doc.org/: NoMethodError.
    •  diff --git a/ruby/ql/src/queries/variables/UninitializedLocal.ql b/ruby/ql/src/queries/variables/UninitializedLocal.ql index 0e819cf8a90..1cd496c86be 100644 --- a/ruby/ql/src/queries/variables/UninitializedLocal.ql +++ b/ruby/ql/src/queries/variables/UninitializedLocal.ql @@ -77,7 +77,8 @@ class RelevantLocalVariableReadAccess extends LocalVariableReadAccess instanceof RelevantLocalVariableReadAccess() { not isInBooleanContext(this) and not isNilChecked(this) and - not isGuarded(this) + not isGuarded(this) and + this = any(MethodCall m).getReceiver() } } diff --git a/ruby/ql/src/queries/variables/examples/UninitializedLocal.rb b/ruby/ql/src/queries/variables/examples/UninitializedLocal.rb index f7c79410ffc..56172f4df70 100644 --- a/ruby/ql/src/queries/variables/examples/UninitializedLocal.rb +++ b/ruby/ql/src/queries/variables/examples/UninitializedLocal.rb @@ -5,10 +5,10 @@ end def foo m # calls m above if false - m = 0 + m = "0" m # reads local variable m else end - m # reads uninitialized local variable m, `nil` + m.strip # reads uninitialized local variable m, `nil`, and crashes m2 # undefined local variable or method 'm2' for main (NameError) end \ No newline at end of file diff --git a/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.rb b/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.rb index 9f4dc720ed0..7c82c8bf69e 100644 --- a/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.rb +++ b/ruby/ql/test/query-tests/variables/UninitializedLocal/UninitializedLocal.rb @@ -5,57 +5,57 @@ end def foo m # calls m above if false - m = 0 + m = "0" m # reads local variable m else end - m #$ Alert + m.strip #$ Alert m2 # undefined local variable or method 'm2' for main (NameError) end def test_guards - if (a = 3 && a) # OK - a is in a Boolean context - a + if (a = "3" && a) # OK - a is in a Boolean context + a.strip end - if (a = 3) && a # OK - a is assigned in the previous conjunct - a + if (a = "3") && a # OK - a is assigned in the previous conjunct + a.strip end - if !(a = 3) or a # OK - a is assigned in the previous conjunct - a + if !(a = "3") or a # OK - a is assigned in the previous conjunct + a.strip end if false - b = 0 + b = "0" end b.nil? b || 0 # OK - b&.m # OK - safe navigation - b if b # OK + b&.strip # OK - safe navigation + b.strip if b # OK b.close if b && !b.closed # OK b.blowup if b || !b.blownup #$ Alert if false - c = 0 + c = "0" end unless c return end - c # OK - given above unless + c.strip # OK - given above unless if false - d = 0 + d = "0" end if (d.nil?) return end - d # OK - given above check + d.strip # OK - given above check if false - e = 0 + e = "0" end unless (!e.nil?) return end - e # OK - given above unless + e.strip # OK - given above unless end def test_loop @@ -66,12 +66,12 @@ def test_loop set_a end end until a # OK - a # OK - given previous until + a.strip # OK - given previous until end def test_for - for i in 0..10 # OK - since 0..10 cannot raise - i + for i in ["foo", "bar"] # OK - since 0..10 cannot raise + puts i.strip end - i #$ SPURIOUS: Alert + i.strip #$ SPURIOUS: Alert end \ No newline at end of file From 6a76a40cf4385d2cd1b163a918cc16d795bc6c06 Mon Sep 17 00:00:00 2001 From: yoff Date: Fri, 11 Apr 2025 16:18:03 +0200 Subject: [PATCH 404/409] ruby: adjust change notes --- .../2025-04-02-adjust-uninitialized-local-alert-message.md | 4 ++-- .../2025-04-02-adjust-uninitialized-local-metadata.md | 2 +- ruby/ql/src/queries/variables/UninitializedLocal.ql | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/ruby/ql/src/change-notes/2025-04-02-adjust-uninitialized-local-alert-message.md b/ruby/ql/src/change-notes/2025-04-02-adjust-uninitialized-local-alert-message.md index 201e6e8928a..87b92ee51ce 100644 --- a/ruby/ql/src/change-notes/2025-04-02-adjust-uninitialized-local-alert-message.md +++ b/ruby/ql/src/change-notes/2025-04-02-adjust-uninitialized-local-alert-message.md @@ -1,4 +1,4 @@ --- -category: minorAnalysis +category: majorAnalysis --- -* The query `rb/uninitialized-local-variable` now take various guards into account and should produce fewer false positives. It also now comes with a help file. +* The query `rb/uninitialized-local-variable` now only produces alerts when the variable is the receiver of a method call and should produce very few false positives. It also now comes with a help file. diff --git a/ruby/ql/src/change-notes/2025-04-02-adjust-uninitialized-local-metadata.md b/ruby/ql/src/change-notes/2025-04-02-adjust-uninitialized-local-metadata.md index d6c5f353a53..61c223981d5 100644 --- a/ruby/ql/src/change-notes/2025-04-02-adjust-uninitialized-local-metadata.md +++ b/ruby/ql/src/change-notes/2025-04-02-adjust-uninitialized-local-metadata.md @@ -1,4 +1,4 @@ --- category: queryMetadata --- -* The query `rb/uninitialized-local-variable` now only produces alerts when it can find local flow; we have adjusted the precision to 'medium'. +* The query `rb/uninitialized-local-variable` now only produces alerts when the variable is the receiver of a method call; we have adjusted the precision to 'high'. diff --git a/ruby/ql/src/queries/variables/UninitializedLocal.ql b/ruby/ql/src/queries/variables/UninitializedLocal.ql index 1cd496c86be..c5b4fa18d62 100644 --- a/ruby/ql/src/queries/variables/UninitializedLocal.ql +++ b/ruby/ql/src/queries/variables/UninitializedLocal.ql @@ -8,7 +8,7 @@ * @tags quality * reliability * correctness - * @precision medium + * @precision high */ import codeql.ruby.AST From eb0f8e9572cca851f296c9b5cc427a10a4fe18b1 Mon Sep 17 00:00:00 2001 From: yoff Date: Fri, 11 Apr 2025 16:27:21 +0200 Subject: [PATCH 405/409] ruby: add `rb/uninitialized-local-variable` to quality suite --- ruby/ql/src/codeql-suites/ruby-code-quality.qls | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ruby/ql/src/codeql-suites/ruby-code-quality.qls b/ruby/ql/src/codeql-suites/ruby-code-quality.qls index 33be91082d0..2111c6979ef 100644 --- a/ruby/ql/src/codeql-suites/ruby-code-quality.qls +++ b/ruby/ql/src/codeql-suites/ruby-code-quality.qls @@ -2,4 +2,5 @@ - include: id: - rb/database-query-in-loop - - rb/useless-assignment-to-local \ No newline at end of file + - rb/useless-assignment-to-local + - rb/uninitialized-local-variable \ No newline at end of file From b988be8ff62ca0cfb544e557fae889c65d41ab98 Mon Sep 17 00:00:00 2001 From: yoff Date: Fri, 11 Apr 2025 21:29:01 +0200 Subject: [PATCH 406/409] ruby: improve help file This has improved autofixes I hope it also helps humans --- .../queries/variables/UninitializedLocal.md | 41 +++++++++++++++++++ .../variables/UninitializedLocal.qhelp | 37 ----------------- .../queries/variables/UninitializedLocal.ql | 13 +++++- 3 files changed, 53 insertions(+), 38 deletions(-) create mode 100644 ruby/ql/src/queries/variables/UninitializedLocal.md delete mode 100644 ruby/ql/src/queries/variables/UninitializedLocal.qhelp diff --git a/ruby/ql/src/queries/variables/UninitializedLocal.md b/ruby/ql/src/queries/variables/UninitializedLocal.md new file mode 100644 index 00000000000..c99b24b1101 --- /dev/null +++ b/ruby/ql/src/queries/variables/UninitializedLocal.md @@ -0,0 +1,41 @@ +# Method call on `nil` + +## Description +In Ruby, it is not necessary to explicitly initialize variables. +If a local variable has not been explicitly initialized, it will have the value `nil`. If this happens unintended, though, the variable will not represent an object with the expected methods, and a method call on the variable will raise a `NoMethodError`. + +## Recommendation + +Ensure that the variable cannot be `nil` at the point hightligted by the alert. +This can be achieved by using a safe navigation or adding a check for `nil`. + +Note: You do not need to explicitly initialize the variable, if you can make the program deal with the possible `nil` value. In particular, initializing the variable to `nil` will have no effect, as this is already the value of the variable. If `nil` is the only possibly default value, you need to handle the `nil` value instead of initializing the variable. + +## Examples + +In the following code, the call to `create_file` may fail and then the call `f.close` will raise a `NoMethodError` since `f` will be `nil` at that point. + +```ruby +def dump(x) + f = create_file + f.puts(x) +ensure + f.close +end +``` + +We can fix this by using safe navigation: +```ruby +def dump(x) + f = create_file + f.puts(x) +ensure + f&.close +end +``` + +## References + +- https://www.rubyguides.com/: [Nil](https://www.rubyguides.com/2018/01/ruby-nil/) +- https://ruby-doc.org/: [NoMethodError](https://ruby-doc.org/core-2.6.5/NoMethodError.html) + diff --git a/ruby/ql/src/queries/variables/UninitializedLocal.qhelp b/ruby/ql/src/queries/variables/UninitializedLocal.qhelp deleted file mode 100644 index 078775e803f..00000000000 --- a/ruby/ql/src/queries/variables/UninitializedLocal.qhelp +++ /dev/null @@ -1,37 +0,0 @@ - - - -

    -In Ruby, raw identifiers like x can be both local variable accesses and method calls. It is a local variable access iff it is syntactically preceded by something that binds it (like an assignment). -Consider the following example: -

    - - - -

    -This will generate an alert on the last access to m, where it is not clear that the programmer intended to read from the local variable. -In fact, the last access to m is a method call, and the value of the local variable is nil, -so this will raise a NoMethodError. -

    - -     - - -

    -Ensure that you check the control and data flow in the method carefully. -Add a check for nil before the read, or rewrite the code to ensure that the variable is always initialized before being read. -

    - -     - - - - -
  • https://www.rubyguides.com/: Nil.
    • -
  • https://ruby-doc.org/: NoMethodError.
    • - - -     -     diff --git a/ruby/ql/src/queries/variables/UninitializedLocal.ql b/ruby/ql/src/queries/variables/UninitializedLocal.ql index c5b4fa18d62..2f5a4b875aa 100644 --- a/ruby/ql/src/queries/variables/UninitializedLocal.ql +++ b/ruby/ql/src/queries/variables/UninitializedLocal.ql @@ -72,13 +72,24 @@ private predicate isNilChecked(LocalVariableReadAccess read) { ) } +/** + * Holds if `name` is the name of a method defined on `nil`. + * See https://ruby-doc.org/core-2.5.8/NilClass.html + */ +private predicate isNilMethodName(string name) { + name in [ + "inspect", "instance_of?", "is_a?", "kind_of?", "method", "nil?", "rationalize", "to_a", + "to_c", "to_f", "to_h", "to_i", "to_r", "to_s" + ] +} + class RelevantLocalVariableReadAccess extends LocalVariableReadAccess instanceof TVariableAccessReal { RelevantLocalVariableReadAccess() { not isInBooleanContext(this) and not isNilChecked(this) and not isGuarded(this) and - this = any(MethodCall m).getReceiver() + this = any(MethodCall m | not isNilMethodName(m.getMethodName())).getReceiver() } } From 7517272d34dcd965ba31c75eca363d87d38aabf4 Mon Sep 17 00:00:00 2001 From: yoff Date: Fri, 11 Apr 2025 23:01:15 +0200 Subject: [PATCH 407/409] ruby: remove repetitive change note --- .../2025-04-02-adjust-uninitialized-local-metadata.md | 4 ---- 1 file changed, 4 deletions(-) delete mode 100644 ruby/ql/src/change-notes/2025-04-02-adjust-uninitialized-local-metadata.md diff --git a/ruby/ql/src/change-notes/2025-04-02-adjust-uninitialized-local-metadata.md b/ruby/ql/src/change-notes/2025-04-02-adjust-uninitialized-local-metadata.md deleted file mode 100644 index 61c223981d5..00000000000 --- a/ruby/ql/src/change-notes/2025-04-02-adjust-uninitialized-local-metadata.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: queryMetadata ---- -* The query `rb/uninitialized-local-variable` now only produces alerts when the variable is the receiver of a method call; we have adjusted the precision to 'high'. From b961c5961da1158d79db48da7f1248d8ea11b10b Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 14 Apr 2025 09:53:06 +0000 Subject: [PATCH 408/409] Release preparation for version 2.21.1 --- actions/ql/lib/CHANGELOG.md | 4 ++++ actions/ql/lib/change-notes/released/0.4.7.md | 3 +++ actions/ql/lib/codeql-pack.release.yml | 2 +- actions/ql/lib/qlpack.yml | 2 +- actions/ql/src/CHANGELOG.md | 6 ++++++ .../0.5.4.md} | 9 +++++---- actions/ql/src/codeql-pack.release.yml | 2 +- actions/ql/src/qlpack.yml | 2 +- cpp/ql/lib/CHANGELOG.md | 7 +++++++ .../4.2.0.md} | 7 ++++--- cpp/ql/lib/codeql-pack.release.yml | 2 +- cpp/ql/lib/qlpack.yml | 2 +- cpp/ql/src/CHANGELOG.md | 4 ++++ cpp/ql/src/change-notes/released/1.3.8.md | 3 +++ cpp/ql/src/codeql-pack.release.yml | 2 +- cpp/ql/src/qlpack.yml | 2 +- csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md | 4 ++++ .../Solorigate/lib/change-notes/released/1.7.38.md | 3 +++ .../Solorigate/lib/codeql-pack.release.yml | 2 +- csharp/ql/campaigns/Solorigate/lib/qlpack.yml | 2 +- csharp/ql/campaigns/Solorigate/src/CHANGELOG.md | 4 ++++ .../Solorigate/src/change-notes/released/1.7.38.md | 3 +++ .../Solorigate/src/codeql-pack.release.yml | 2 +- csharp/ql/campaigns/Solorigate/src/qlpack.yml | 2 +- csharp/ql/lib/CHANGELOG.md | 7 +++++++ ...3-08-blazor-parameter-passing-string-literal.md | 4 ---- .../5.1.4.md} | 8 +++++--- csharp/ql/lib/codeql-pack.release.yml | 2 +- csharp/ql/lib/qlpack.yml | 2 +- csharp/ql/src/CHANGELOG.md | 7 +++++++ .../src/change-notes/2025-03-26-dotnet-models.md | 4 ---- .../1.1.1.md} | 8 +++++--- csharp/ql/src/codeql-pack.release.yml | 2 +- csharp/ql/src/qlpack.yml | 2 +- go/ql/consistency-queries/CHANGELOG.md | 4 ++++ .../change-notes/released/1.0.21.md | 3 +++ go/ql/consistency-queries/codeql-pack.release.yml | 2 +- go/ql/consistency-queries/qlpack.yml | 2 +- go/ql/lib/CHANGELOG.md | 6 ++++++ .../4.2.3.md} | 7 ++++--- go/ql/lib/codeql-pack.release.yml | 2 +- go/ql/lib/qlpack.yml | 2 +- go/ql/src/CHANGELOG.md | 4 ++++ go/ql/src/change-notes/released/1.1.12.md | 3 +++ go/ql/src/codeql-pack.release.yml | 2 +- go/ql/src/qlpack.yml | 2 +- java/ql/lib/CHANGELOG.md | 7 +++++++ .../change-notes/2025-04-01-jakarta-persistence.md | 4 ---- .../7.1.3.md} | 8 +++++--- java/ql/lib/codeql-pack.release.yml | 2 +- java/ql/lib/qlpack.yml | 2 +- java/ql/src/CHANGELOG.md | 4 ++++ java/ql/src/change-notes/released/1.4.1.md | 3 +++ java/ql/src/codeql-pack.release.yml | 2 +- java/ql/src/qlpack.yml | 2 +- javascript/ql/lib/CHANGELOG.md | 14 ++++++++++++++ .../ql/lib/change-notes/2025-04-02-mkdirp.md | 4 ---- .../ql/lib/change-notes/2025-04-02-rimraf.md | 4 ---- .../ql/lib/change-notes/2025-04-07-open-package.md | 4 ---- .../ql/lib/change-notes/2025-04-07-typed-arrays.md | 4 ---- .../ql/lib/change-notes/2025-04-07-websocket.md | 5 ----- .../ql/lib/change-notes/2025-04-09-make-dir.md | 4 ---- .../ql/lib/change-notes/2025-04-11-nextrequest.md | 5 ----- javascript/ql/lib/change-notes/released/2.6.1.md | 13 +++++++++++++ javascript/ql/lib/codeql-pack.release.yml | 2 +- javascript/ql/lib/qlpack.yml | 2 +- javascript/ql/src/CHANGELOG.md | 11 +++++++++++ ...2025-04-02-name-resolution-independent-fixes.md | 4 ---- .../ql/src/change-notes/2025-04-09-web-response.md | 4 ---- .../2025-04-10-json-array-trailing-comma.md | 4 ---- javascript/ql/src/change-notes/released/1.5.3.md | 10 ++++++++++ javascript/ql/src/codeql-pack.release.yml | 2 +- javascript/ql/src/qlpack.yml | 2 +- misc/suite-helpers/CHANGELOG.md | 4 ++++ misc/suite-helpers/change-notes/released/1.0.21.md | 3 +++ misc/suite-helpers/codeql-pack.release.yml | 2 +- misc/suite-helpers/qlpack.yml | 2 +- python/ql/lib/CHANGELOG.md | 4 ++++ python/ql/lib/change-notes/released/4.0.5.md | 3 +++ python/ql/lib/codeql-pack.release.yml | 2 +- python/ql/lib/qlpack.yml | 2 +- python/ql/src/CHANGELOG.md | 6 ++++++ .../1.4.7.md} | 6 +++--- python/ql/src/codeql-pack.release.yml | 2 +- python/ql/src/qlpack.yml | 2 +- ruby/ql/lib/CHANGELOG.md | 6 ++++++ .../4.1.4.md} | 7 ++++--- ruby/ql/lib/codeql-pack.release.yml | 2 +- ruby/ql/lib/qlpack.yml | 2 +- ruby/ql/src/CHANGELOG.md | 7 +++++++ .../change-notes/2025-04-04-refine-deadstore.md | 4 ---- .../1.2.0.md} | 8 +++++--- ruby/ql/src/codeql-pack.release.yml | 2 +- ruby/ql/src/qlpack.yml | 2 +- rust/ql/lib/CHANGELOG.md | 4 ++++ rust/ql/lib/change-notes/released/0.1.6.md | 3 +++ rust/ql/lib/codeql-pack.release.yml | 2 +- rust/ql/lib/qlpack.yml | 2 +- rust/ql/src/CHANGELOG.md | 4 ++++ rust/ql/src/change-notes/released/0.1.6.md | 3 +++ rust/ql/src/codeql-pack.release.yml | 2 +- rust/ql/src/qlpack.yml | 2 +- shared/controlflow/CHANGELOG.md | 4 ++++ shared/controlflow/change-notes/released/2.0.5.md | 3 +++ shared/controlflow/codeql-pack.release.yml | 2 +- shared/controlflow/qlpack.yml | 2 +- shared/dataflow/CHANGELOG.md | 4 ++++ shared/dataflow/change-notes/released/2.0.5.md | 3 +++ shared/dataflow/codeql-pack.release.yml | 2 +- shared/dataflow/qlpack.yml | 2 +- shared/mad/CHANGELOG.md | 4 ++++ shared/mad/change-notes/released/1.0.21.md | 3 +++ shared/mad/codeql-pack.release.yml | 2 +- shared/mad/qlpack.yml | 2 +- shared/rangeanalysis/CHANGELOG.md | 4 ++++ .../rangeanalysis/change-notes/released/1.0.21.md | 3 +++ shared/rangeanalysis/codeql-pack.release.yml | 2 +- shared/rangeanalysis/qlpack.yml | 2 +- shared/regex/CHANGELOG.md | 4 ++++ shared/regex/change-notes/released/1.0.21.md | 3 +++ shared/regex/codeql-pack.release.yml | 2 +- shared/regex/qlpack.yml | 2 +- shared/ssa/CHANGELOG.md | 6 ++++++ .../1.1.0.md} | 7 ++++--- shared/ssa/codeql-pack.release.yml | 2 +- shared/ssa/qlpack.yml | 2 +- shared/threat-models/CHANGELOG.md | 4 ++++ .../threat-models/change-notes/released/1.0.21.md | 3 +++ shared/threat-models/codeql-pack.release.yml | 2 +- shared/threat-models/qlpack.yml | 2 +- shared/tutorial/CHANGELOG.md | 4 ++++ shared/tutorial/change-notes/released/1.0.21.md | 3 +++ shared/tutorial/codeql-pack.release.yml | 2 +- shared/tutorial/qlpack.yml | 2 +- shared/typeflow/CHANGELOG.md | 4 ++++ shared/typeflow/change-notes/released/1.0.21.md | 3 +++ shared/typeflow/codeql-pack.release.yml | 2 +- shared/typeflow/qlpack.yml | 2 +- shared/typeinference/CHANGELOG.md | 4 ++++ .../typeinference/change-notes/released/0.0.2.md | 3 +++ shared/typeinference/codeql-pack.release.yml | 2 +- shared/typeinference/qlpack.yml | 2 +- shared/typetracking/CHANGELOG.md | 4 ++++ shared/typetracking/change-notes/released/2.0.5.md | 3 +++ shared/typetracking/codeql-pack.release.yml | 2 +- shared/typetracking/qlpack.yml | 2 +- shared/typos/CHANGELOG.md | 4 ++++ shared/typos/change-notes/released/1.0.21.md | 3 +++ shared/typos/codeql-pack.release.yml | 2 +- shared/typos/qlpack.yml | 2 +- shared/util/CHANGELOG.md | 4 ++++ shared/util/change-notes/released/2.0.8.md | 3 +++ shared/util/codeql-pack.release.yml | 2 +- shared/util/qlpack.yml | 2 +- shared/xml/CHANGELOG.md | 4 ++++ shared/xml/change-notes/released/1.0.21.md | 3 +++ shared/xml/codeql-pack.release.yml | 2 +- shared/xml/qlpack.yml | 2 +- shared/yaml/CHANGELOG.md | 4 ++++ shared/yaml/change-notes/released/1.0.21.md | 3 +++ shared/yaml/codeql-pack.release.yml | 2 +- shared/yaml/qlpack.yml | 2 +- swift/ql/lib/CHANGELOG.md | 4 ++++ swift/ql/lib/change-notes/released/4.1.4.md | 3 +++ swift/ql/lib/codeql-pack.release.yml | 2 +- swift/ql/lib/qlpack.yml | 2 +- swift/ql/src/CHANGELOG.md | 4 ++++ swift/ql/src/change-notes/released/1.1.1.md | 3 +++ swift/ql/src/codeql-pack.release.yml | 2 +- swift/ql/src/qlpack.yml | 2 +- 170 files changed, 424 insertions(+), 167 deletions(-) create mode 100644 actions/ql/lib/change-notes/released/0.4.7.md rename actions/ql/src/change-notes/{2025-02-04-suggest-actions-permissions.md => released/0.5.4.md} (83%) rename cpp/ql/lib/change-notes/{2025-03-31-calling-convention.md => released/4.2.0.md} (91%) create mode 100644 cpp/ql/src/change-notes/released/1.3.8.md create mode 100644 csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.38.md create mode 100644 csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.38.md delete mode 100644 csharp/ql/lib/change-notes/2025-03-08-blazor-parameter-passing-string-literal.md rename csharp/ql/lib/change-notes/{2025-03-21-string-interpolation.md => released/5.1.4.md} (56%) delete mode 100644 csharp/ql/src/change-notes/2025-03-26-dotnet-models.md rename csharp/ql/src/change-notes/{2025-04-02-simple-type-enum.md => released/1.1.1.md} (57%) create mode 100644 go/ql/consistency-queries/change-notes/released/1.0.21.md rename go/ql/lib/change-notes/{2025-03-27-database-local-source-models.md => released/4.2.3.md} (76%) create mode 100644 go/ql/src/change-notes/released/1.1.12.md delete mode 100644 java/ql/lib/change-notes/2025-04-01-jakarta-persistence.md rename java/ql/lib/change-notes/{2025-04-09-enum-type-exclusion.md => released/7.1.3.md} (56%) create mode 100644 java/ql/src/change-notes/released/1.4.1.md delete mode 100644 javascript/ql/lib/change-notes/2025-04-02-mkdirp.md delete mode 100644 javascript/ql/lib/change-notes/2025-04-02-rimraf.md delete mode 100644 javascript/ql/lib/change-notes/2025-04-07-open-package.md delete mode 100644 javascript/ql/lib/change-notes/2025-04-07-typed-arrays.md delete mode 100644 javascript/ql/lib/change-notes/2025-04-07-websocket.md delete mode 100644 javascript/ql/lib/change-notes/2025-04-09-make-dir.md delete mode 100644 javascript/ql/lib/change-notes/2025-04-11-nextrequest.md create mode 100644 javascript/ql/lib/change-notes/released/2.6.1.md delete mode 100644 javascript/ql/src/change-notes/2025-04-02-name-resolution-independent-fixes.md delete mode 100644 javascript/ql/src/change-notes/2025-04-09-web-response.md delete mode 100644 javascript/ql/src/change-notes/2025-04-10-json-array-trailing-comma.md create mode 100644 javascript/ql/src/change-notes/released/1.5.3.md create mode 100644 misc/suite-helpers/change-notes/released/1.0.21.md create mode 100644 python/ql/lib/change-notes/released/4.0.5.md rename python/ql/src/change-notes/{2025-03-27-modernize-mixed-tuple-returns-query.md => released/1.4.7.md} (79%) rename ruby/ql/lib/change-notes/{2025-04-07-implicit-super-args.md => released/4.1.4.md} (80%) delete mode 100644 ruby/ql/src/change-notes/2025-04-04-refine-deadstore.md rename ruby/ql/src/change-notes/{2025-04-02-adjust-uninitialized-local-alert-message.md => released/1.2.0.md} (54%) create mode 100644 rust/ql/lib/change-notes/released/0.1.6.md create mode 100644 rust/ql/src/change-notes/released/0.1.6.md create mode 100644 shared/controlflow/change-notes/released/2.0.5.md create mode 100644 shared/dataflow/change-notes/released/2.0.5.md create mode 100644 shared/mad/change-notes/released/1.0.21.md create mode 100644 shared/rangeanalysis/change-notes/released/1.0.21.md create mode 100644 shared/regex/change-notes/released/1.0.21.md rename shared/ssa/change-notes/{2025-04-03-definitionext-deprecation.md => released/1.1.0.md} (91%) create mode 100644 shared/threat-models/change-notes/released/1.0.21.md create mode 100644 shared/tutorial/change-notes/released/1.0.21.md create mode 100644 shared/typeflow/change-notes/released/1.0.21.md create mode 100644 shared/typeinference/change-notes/released/0.0.2.md create mode 100644 shared/typetracking/change-notes/released/2.0.5.md create mode 100644 shared/typos/change-notes/released/1.0.21.md create mode 100644 shared/util/change-notes/released/2.0.8.md create mode 100644 shared/xml/change-notes/released/1.0.21.md create mode 100644 shared/yaml/change-notes/released/1.0.21.md create mode 100644 swift/ql/lib/change-notes/released/4.1.4.md create mode 100644 swift/ql/src/change-notes/released/1.1.1.md diff --git a/actions/ql/lib/CHANGELOG.md b/actions/ql/lib/CHANGELOG.md index 6b69ddec1aa..dff1b84f1ad 100644 --- a/actions/ql/lib/CHANGELOG.md +++ b/actions/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.4.7 + +No user-facing changes. + ## 0.4.6 ### Bug Fixes diff --git a/actions/ql/lib/change-notes/released/0.4.7.md b/actions/ql/lib/change-notes/released/0.4.7.md new file mode 100644 index 00000000000..e9bb7a76bcb --- /dev/null +++ b/actions/ql/lib/change-notes/released/0.4.7.md @@ -0,0 +1,3 @@ +## 0.4.7 + +No user-facing changes. diff --git a/actions/ql/lib/codeql-pack.release.yml b/actions/ql/lib/codeql-pack.release.yml index 2b842473675..c5db8c0b276 100644 --- a/actions/ql/lib/codeql-pack.release.yml +++ b/actions/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.4.6 +lastReleaseVersion: 0.4.7 diff --git a/actions/ql/lib/qlpack.yml b/actions/ql/lib/qlpack.yml index aecd3607345..361f8bf995d 100644 --- a/actions/ql/lib/qlpack.yml +++ b/actions/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/actions-all -version: 0.4.7-dev +version: 0.4.7 library: true warnOnImplicitThis: true dependencies: diff --git a/actions/ql/src/CHANGELOG.md b/actions/ql/src/CHANGELOG.md index c2b0d353f18..4d8755d009e 100644 --- a/actions/ql/src/CHANGELOG.md +++ b/actions/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 0.5.4 + +### Bug Fixes + +* Alerts produced by the query `actions/missing-workflow-permissions` now include a minimal set of recommended permissions in the alert message, based on well-known actions seen within the workflow file. + ## 0.5.3 ### Bug Fixes diff --git a/actions/ql/src/change-notes/2025-02-04-suggest-actions-permissions.md b/actions/ql/src/change-notes/released/0.5.4.md similarity index 83% rename from actions/ql/src/change-notes/2025-02-04-suggest-actions-permissions.md rename to actions/ql/src/change-notes/released/0.5.4.md index c775b70274f..d34090f9955 100644 --- a/actions/ql/src/change-notes/2025-02-04-suggest-actions-permissions.md +++ b/actions/ql/src/change-notes/released/0.5.4.md @@ -1,4 +1,5 @@ ---- -category: fix ---- -* Alerts produced by the query `actions/missing-workflow-permissions` now include a minimal set of recommended permissions in the alert message, based on well-known actions seen within the workflow file. \ No newline at end of file +## 0.5.4 + +### Bug Fixes + +* Alerts produced by the query `actions/missing-workflow-permissions` now include a minimal set of recommended permissions in the alert message, based on well-known actions seen within the workflow file. diff --git a/actions/ql/src/codeql-pack.release.yml b/actions/ql/src/codeql-pack.release.yml index 2164e038a5d..cd3f72e2513 100644 --- a/actions/ql/src/codeql-pack.release.yml +++ b/actions/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.5.3 +lastReleaseVersion: 0.5.4 diff --git a/actions/ql/src/qlpack.yml b/actions/ql/src/qlpack.yml index f6eb8be1138..6e59f29dd11 100644 --- a/actions/ql/src/qlpack.yml +++ b/actions/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/actions-queries -version: 0.5.4-dev +version: 0.5.4 library: false warnOnImplicitThis: true groups: [actions, queries] diff --git a/cpp/ql/lib/CHANGELOG.md b/cpp/ql/lib/CHANGELOG.md index e958516a5a4..12e0280ec55 100644 --- a/cpp/ql/lib/CHANGELOG.md +++ b/cpp/ql/lib/CHANGELOG.md @@ -1,3 +1,10 @@ +## 4.2.0 + +### New Features + +* Calling conventions explicitly specified on function declarations (`__cdecl`, `__stdcall`, `__fastcall`, etc.) are now represented as specifiers of those declarations. +* A new class `CallingConventionSpecifier` extending the `Specifier` class was introduced, which represents explicitly specified calling conventions. + ## 4.1.0 ### New Features diff --git a/cpp/ql/lib/change-notes/2025-03-31-calling-convention.md b/cpp/ql/lib/change-notes/released/4.2.0.md similarity index 91% rename from cpp/ql/lib/change-notes/2025-03-31-calling-convention.md rename to cpp/ql/lib/change-notes/released/4.2.0.md index 12d9547eb03..00f9dee720d 100644 --- a/cpp/ql/lib/change-notes/2025-03-31-calling-convention.md +++ b/cpp/ql/lib/change-notes/released/4.2.0.md @@ -1,5 +1,6 @@ ---- -category: feature ---- +## 4.2.0 + +### New Features + * Calling conventions explicitly specified on function declarations (`__cdecl`, `__stdcall`, `__fastcall`, etc.) are now represented as specifiers of those declarations. * A new class `CallingConventionSpecifier` extending the `Specifier` class was introduced, which represents explicitly specified calling conventions. diff --git a/cpp/ql/lib/codeql-pack.release.yml b/cpp/ql/lib/codeql-pack.release.yml index d5b1bf88d10..9fc6933b429 100644 --- a/cpp/ql/lib/codeql-pack.release.yml +++ b/cpp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 4.1.0 +lastReleaseVersion: 4.2.0 diff --git a/cpp/ql/lib/qlpack.yml b/cpp/ql/lib/qlpack.yml index 5ee964c4b50..6ce41fd3e93 100644 --- a/cpp/ql/lib/qlpack.yml +++ b/cpp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-all -version: 4.1.1-dev +version: 4.2.0 groups: cpp dbscheme: semmlecode.cpp.dbscheme extractor: cpp diff --git a/cpp/ql/src/CHANGELOG.md b/cpp/ql/src/CHANGELOG.md index ab79d5cb46e..300c4ce9064 100644 --- a/cpp/ql/src/CHANGELOG.md +++ b/cpp/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.3.8 + +No user-facing changes. + ## 1.3.7 ### Minor Analysis Improvements diff --git a/cpp/ql/src/change-notes/released/1.3.8.md b/cpp/ql/src/change-notes/released/1.3.8.md new file mode 100644 index 00000000000..c7f5b27e47e --- /dev/null +++ b/cpp/ql/src/change-notes/released/1.3.8.md @@ -0,0 +1,3 @@ +## 1.3.8 + +No user-facing changes. diff --git a/cpp/ql/src/codeql-pack.release.yml b/cpp/ql/src/codeql-pack.release.yml index 2f4b67be43f..898725a6deb 100644 --- a/cpp/ql/src/codeql-pack.release.yml +++ b/cpp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.3.7 +lastReleaseVersion: 1.3.8 diff --git a/cpp/ql/src/qlpack.yml b/cpp/ql/src/qlpack.yml index 67293337da9..b6f5c9ad642 100644 --- a/cpp/ql/src/qlpack.yml +++ b/cpp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/cpp-queries -version: 1.3.8-dev +version: 1.3.8 groups: - cpp - queries diff --git a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md index 38009248e96..1edcbdb24a9 100644 --- a/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.38 + +No user-facing changes. + ## 1.7.37 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.38.md b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.38.md new file mode 100644 index 00000000000..a72e85a7f2d --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.7.38.md @@ -0,0 +1,3 @@ +## 1.7.38 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml index 4d975f78ff6..a51e8a3b31e 100644 --- a/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.37 +lastReleaseVersion: 1.7.38 diff --git a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml index eefe4e2fe57..fbd64509040 100644 --- a/csharp/ql/campaigns/Solorigate/lib/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-all -version: 1.7.38-dev +version: 1.7.38 groups: - csharp - solorigate diff --git a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md index 38009248e96..1edcbdb24a9 100644 --- a/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md +++ b/csharp/ql/campaigns/Solorigate/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.7.38 + +No user-facing changes. + ## 1.7.37 No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.38.md b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.38.md new file mode 100644 index 00000000000..a72e85a7f2d --- /dev/null +++ b/csharp/ql/campaigns/Solorigate/src/change-notes/released/1.7.38.md @@ -0,0 +1,3 @@ +## 1.7.38 + +No user-facing changes. diff --git a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml index 4d975f78ff6..a51e8a3b31e 100644 --- a/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml +++ b/csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.7.37 +lastReleaseVersion: 1.7.38 diff --git a/csharp/ql/campaigns/Solorigate/src/qlpack.yml b/csharp/ql/campaigns/Solorigate/src/qlpack.yml index a03f987c8c7..179247e4ef5 100644 --- a/csharp/ql/campaigns/Solorigate/src/qlpack.yml +++ b/csharp/ql/campaigns/Solorigate/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-solorigate-queries -version: 1.7.38-dev +version: 1.7.38 groups: - csharp - solorigate diff --git a/csharp/ql/lib/CHANGELOG.md b/csharp/ql/lib/CHANGELOG.md index 9b5f38e0ca5..a048eceacd5 100644 --- a/csharp/ql/lib/CHANGELOG.md +++ b/csharp/ql/lib/CHANGELOG.md @@ -1,3 +1,10 @@ +## 5.1.4 + +### Minor Analysis Improvements + +* The *alignment* and *format* clauses in string interpolation expressions are now extracted. That is, in `$"Hello {name,align:format}"` *name*, *align* and *format* are extracted as children of the string interpolation *insert* `{name,align:format}`. +* Blazor support can now better recognize when a property being set is specified with a string literal, rather than referenced in a `nameof` expression. + ## 5.1.3 ### Minor Analysis Improvements diff --git a/csharp/ql/lib/change-notes/2025-03-08-blazor-parameter-passing-string-literal.md b/csharp/ql/lib/change-notes/2025-03-08-blazor-parameter-passing-string-literal.md deleted file mode 100644 index 66ebd26f653..00000000000 --- a/csharp/ql/lib/change-notes/2025-03-08-blazor-parameter-passing-string-literal.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Blazor support can now better recognize when a property being set is specified with a string literal, rather than referenced in a `nameof` expression. \ No newline at end of file diff --git a/csharp/ql/lib/change-notes/2025-03-21-string-interpolation.md b/csharp/ql/lib/change-notes/released/5.1.4.md similarity index 56% rename from csharp/ql/lib/change-notes/2025-03-21-string-interpolation.md rename to csharp/ql/lib/change-notes/released/5.1.4.md index 3507d35b513..f99e1c2ca61 100644 --- a/csharp/ql/lib/change-notes/2025-03-21-string-interpolation.md +++ b/csharp/ql/lib/change-notes/released/5.1.4.md @@ -1,4 +1,6 @@ ---- -category: minorAnalysis ---- +## 5.1.4 + +### Minor Analysis Improvements + * The *alignment* and *format* clauses in string interpolation expressions are now extracted. That is, in `$"Hello {name,align:format}"` *name*, *align* and *format* are extracted as children of the string interpolation *insert* `{name,align:format}`. +* Blazor support can now better recognize when a property being set is specified with a string literal, rather than referenced in a `nameof` expression. diff --git a/csharp/ql/lib/codeql-pack.release.yml b/csharp/ql/lib/codeql-pack.release.yml index 8ffbc76d58a..bdf3511eb7a 100644 --- a/csharp/ql/lib/codeql-pack.release.yml +++ b/csharp/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 5.1.3 +lastReleaseVersion: 5.1.4 diff --git a/csharp/ql/lib/qlpack.yml b/csharp/ql/lib/qlpack.yml index 647655511ea..9d39196e6f6 100644 --- a/csharp/ql/lib/qlpack.yml +++ b/csharp/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-all -version: 5.1.4-dev +version: 5.1.4 groups: csharp dbscheme: semmlecode.csharp.dbscheme extractor: csharp diff --git a/csharp/ql/src/CHANGELOG.md b/csharp/ql/src/CHANGELOG.md index 125e6162253..7b5bee18298 100644 --- a/csharp/ql/src/CHANGELOG.md +++ b/csharp/ql/src/CHANGELOG.md @@ -1,3 +1,10 @@ +## 1.1.1 + +### Minor Analysis Improvements + +* Enums and `System.DateTimeOffset` are now treated as *simple* types, which means that they are considered to have a sanitizing effect. This impacts many queries, among others the `cs/log-forging` query. +* The MaD models for the .NET 9 Runtime have been re-generated after a fix related to `out`/`ref` parameters. + ## 1.1.0 ### New Queries diff --git a/csharp/ql/src/change-notes/2025-03-26-dotnet-models.md b/csharp/ql/src/change-notes/2025-03-26-dotnet-models.md deleted file mode 100644 index 3986145c5af..00000000000 --- a/csharp/ql/src/change-notes/2025-03-26-dotnet-models.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* The MaD models for the .NET 9 Runtime have been re-generated after a fix related to `out`/`ref` parameters. diff --git a/csharp/ql/src/change-notes/2025-04-02-simple-type-enum.md b/csharp/ql/src/change-notes/released/1.1.1.md similarity index 57% rename from csharp/ql/src/change-notes/2025-04-02-simple-type-enum.md rename to csharp/ql/src/change-notes/released/1.1.1.md index ac93bd31b3e..34d5e39c244 100644 --- a/csharp/ql/src/change-notes/2025-04-02-simple-type-enum.md +++ b/csharp/ql/src/change-notes/released/1.1.1.md @@ -1,4 +1,6 @@ ---- -category: minorAnalysis ---- +## 1.1.1 + +### Minor Analysis Improvements + * Enums and `System.DateTimeOffset` are now treated as *simple* types, which means that they are considered to have a sanitizing effect. This impacts many queries, among others the `cs/log-forging` query. +* The MaD models for the .NET 9 Runtime have been re-generated after a fix related to `out`/`ref` parameters. diff --git a/csharp/ql/src/codeql-pack.release.yml b/csharp/ql/src/codeql-pack.release.yml index 2ac15439f56..1a19084be3f 100644 --- a/csharp/ql/src/codeql-pack.release.yml +++ b/csharp/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.1.0 +lastReleaseVersion: 1.1.1 diff --git a/csharp/ql/src/qlpack.yml b/csharp/ql/src/qlpack.yml index d6f04fe6575..f87c44597d3 100644 --- a/csharp/ql/src/qlpack.yml +++ b/csharp/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/csharp-queries -version: 1.1.1-dev +version: 1.1.1 groups: - csharp - queries diff --git a/go/ql/consistency-queries/CHANGELOG.md b/go/ql/consistency-queries/CHANGELOG.md index b20db016231..4ede7cf63b2 100644 --- a/go/ql/consistency-queries/CHANGELOG.md +++ b/go/ql/consistency-queries/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.21 + +No user-facing changes. + ## 1.0.20 No user-facing changes. diff --git a/go/ql/consistency-queries/change-notes/released/1.0.21.md b/go/ql/consistency-queries/change-notes/released/1.0.21.md new file mode 100644 index 00000000000..aeb4f416f69 --- /dev/null +++ b/go/ql/consistency-queries/change-notes/released/1.0.21.md @@ -0,0 +1,3 @@ +## 1.0.21 + +No user-facing changes. diff --git a/go/ql/consistency-queries/codeql-pack.release.yml b/go/ql/consistency-queries/codeql-pack.release.yml index 7af2d1347ff..81b5ecacf44 100644 --- a/go/ql/consistency-queries/codeql-pack.release.yml +++ b/go/ql/consistency-queries/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.20 +lastReleaseVersion: 1.0.21 diff --git a/go/ql/consistency-queries/qlpack.yml b/go/ql/consistency-queries/qlpack.yml index 78d52739d9e..8cba3ce7a4f 100644 --- a/go/ql/consistency-queries/qlpack.yml +++ b/go/ql/consistency-queries/qlpack.yml @@ -1,5 +1,5 @@ name: codeql-go-consistency-queries -version: 1.0.21-dev +version: 1.0.21 groups: - go - queries diff --git a/go/ql/lib/CHANGELOG.md b/go/ql/lib/CHANGELOG.md index 27ad374e374..9193892f389 100644 --- a/go/ql/lib/CHANGELOG.md +++ b/go/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 4.2.3 + +### Minor Analysis Improvements + +* Local source models for APIs reading from databases have been added for `github.com/gogf/gf/database/gdb` and `github.com/uptrace/bun`. + ## 4.2.2 ### Minor Analysis Improvements diff --git a/go/ql/lib/change-notes/2025-03-27-database-local-source-models.md b/go/ql/lib/change-notes/released/4.2.3.md similarity index 76% rename from go/ql/lib/change-notes/2025-03-27-database-local-source-models.md rename to go/ql/lib/change-notes/released/4.2.3.md index 95f08d00b9c..e85de0badf8 100644 --- a/go/ql/lib/change-notes/2025-03-27-database-local-source-models.md +++ b/go/ql/lib/change-notes/released/4.2.3.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 4.2.3 + +### Minor Analysis Improvements + * Local source models for APIs reading from databases have been added for `github.com/gogf/gf/database/gdb` and `github.com/uptrace/bun`. diff --git a/go/ql/lib/codeql-pack.release.yml b/go/ql/lib/codeql-pack.release.yml index 18bc0770993..5bf06624029 100644 --- a/go/ql/lib/codeql-pack.release.yml +++ b/go/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 4.2.2 +lastReleaseVersion: 4.2.3 diff --git a/go/ql/lib/qlpack.yml b/go/ql/lib/qlpack.yml index 34ba33332a2..4306f3f8b43 100644 --- a/go/ql/lib/qlpack.yml +++ b/go/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-all -version: 4.2.3-dev +version: 4.2.3 groups: go dbscheme: go.dbscheme extractor: go diff --git a/go/ql/src/CHANGELOG.md b/go/ql/src/CHANGELOG.md index ff91b3d9ce8..46bb7c9055f 100644 --- a/go/ql/src/CHANGELOG.md +++ b/go/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.1.12 + +No user-facing changes. + ## 1.1.11 ### Minor Analysis Improvements diff --git a/go/ql/src/change-notes/released/1.1.12.md b/go/ql/src/change-notes/released/1.1.12.md new file mode 100644 index 00000000000..2d7f915e29b --- /dev/null +++ b/go/ql/src/change-notes/released/1.1.12.md @@ -0,0 +1,3 @@ +## 1.1.12 + +No user-facing changes. diff --git a/go/ql/src/codeql-pack.release.yml b/go/ql/src/codeql-pack.release.yml index 121f8cf035d..f5b135d0193 100644 --- a/go/ql/src/codeql-pack.release.yml +++ b/go/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.1.11 +lastReleaseVersion: 1.1.12 diff --git a/go/ql/src/qlpack.yml b/go/ql/src/qlpack.yml index 3e3b248716d..0804625f085 100644 --- a/go/ql/src/qlpack.yml +++ b/go/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/go-queries -version: 1.1.12-dev +version: 1.1.12 groups: - go - queries diff --git a/java/ql/lib/CHANGELOG.md b/java/ql/lib/CHANGELOG.md index 4e5f40cbc84..8061e31bc38 100644 --- a/java/ql/lib/CHANGELOG.md +++ b/java/ql/lib/CHANGELOG.md @@ -1,3 +1,10 @@ +## 7.1.3 + +### Minor Analysis Improvements + +* Enum-typed values are now assumed to be safe by most queries. This means that queries may return fewer results where an enum value is used in a sensitive context, e.g. pasted into a query string. +* All existing modelling and support for `javax.persistence` now applies to `jakarta.persistence` as well. + ## 7.1.2 ### Minor Analysis Improvements diff --git a/java/ql/lib/change-notes/2025-04-01-jakarta-persistence.md b/java/ql/lib/change-notes/2025-04-01-jakarta-persistence.md deleted file mode 100644 index 0a5759ec3db..00000000000 --- a/java/ql/lib/change-notes/2025-04-01-jakarta-persistence.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* All existing modelling and support for `javax.persistence` now applies to `jakarta.persistence` as well. diff --git a/java/ql/lib/change-notes/2025-04-09-enum-type-exclusion.md b/java/ql/lib/change-notes/released/7.1.3.md similarity index 56% rename from java/ql/lib/change-notes/2025-04-09-enum-type-exclusion.md rename to java/ql/lib/change-notes/released/7.1.3.md index 9b120e84ff7..7ae2a7da4a7 100644 --- a/java/ql/lib/change-notes/2025-04-09-enum-type-exclusion.md +++ b/java/ql/lib/change-notes/released/7.1.3.md @@ -1,4 +1,6 @@ ---- -category: minorAnalysis ---- +## 7.1.3 + +### Minor Analysis Improvements + * Enum-typed values are now assumed to be safe by most queries. This means that queries may return fewer results where an enum value is used in a sensitive context, e.g. pasted into a query string. +* All existing modelling and support for `javax.persistence` now applies to `jakarta.persistence` as well. diff --git a/java/ql/lib/codeql-pack.release.yml b/java/ql/lib/codeql-pack.release.yml index 547681cc440..8c4f0b31433 100644 --- a/java/ql/lib/codeql-pack.release.yml +++ b/java/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 7.1.2 +lastReleaseVersion: 7.1.3 diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index 1037ae7708a..d1e431b431d 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-all -version: 7.1.3-dev +version: 7.1.3 groups: java dbscheme: config/semmlecode.dbscheme extractor: java diff --git a/java/ql/src/CHANGELOG.md b/java/ql/src/CHANGELOG.md index d27571c724d..b81d3ca7bf9 100644 --- a/java/ql/src/CHANGELOG.md +++ b/java/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.4.1 + +No user-facing changes. + ## 1.4.0 ### New Queries diff --git a/java/ql/src/change-notes/released/1.4.1.md b/java/ql/src/change-notes/released/1.4.1.md new file mode 100644 index 00000000000..38987aa49cd --- /dev/null +++ b/java/ql/src/change-notes/released/1.4.1.md @@ -0,0 +1,3 @@ +## 1.4.1 + +No user-facing changes. diff --git a/java/ql/src/codeql-pack.release.yml b/java/ql/src/codeql-pack.release.yml index b8b2e97d508..43ccf4467be 100644 --- a/java/ql/src/codeql-pack.release.yml +++ b/java/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.4.0 +lastReleaseVersion: 1.4.1 diff --git a/java/ql/src/qlpack.yml b/java/ql/src/qlpack.yml index e7c3a7da88e..1a1ed7fac40 100644 --- a/java/ql/src/qlpack.yml +++ b/java/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/java-queries -version: 1.4.1-dev +version: 1.4.1 groups: - java - queries diff --git a/javascript/ql/lib/CHANGELOG.md b/javascript/ql/lib/CHANGELOG.md index 995666b2916..b4d80c515da 100644 --- a/javascript/ql/lib/CHANGELOG.md +++ b/javascript/ql/lib/CHANGELOG.md @@ -1,3 +1,17 @@ +## 2.6.1 + +### Minor Analysis Improvements + +* Data passed to the [NextResponse](https://nextjs.org/docs/app/api-reference/functions/next-response) constructor is now treated as a sink for `js/reflected-xss`. +* Data received from [NextRequest](https://nextjs.org/docs/app/api-reference/functions/next-request) and [Request](https://developer.mozilla.org/en-US/docs/Web/API/Request) is now treated as a remote user input `source`. +* Added support for the `make-dir` package. +* Added support for the `open` package. +* Added taint propagation for `Uint8Array`, `ArrayBuffer`, `SharedArrayBuffer` and `TextDecoder.decode()`. +* Improved detection of `WebSocket` and `SockJS` usage. +* Added data received from `WebSocket` clients as a remote flow source. +* Added support for additional `mkdirp` methods as sinks in path-injection queries. +* Added support for additional `rimraf` methods as sinks in path-injection queries. + ## 2.6.0 ### New Features diff --git a/javascript/ql/lib/change-notes/2025-04-02-mkdirp.md b/javascript/ql/lib/change-notes/2025-04-02-mkdirp.md deleted file mode 100644 index 132bbf0cbe4..00000000000 --- a/javascript/ql/lib/change-notes/2025-04-02-mkdirp.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added support for additional `mkdirp` methods as sinks in path-injection queries. diff --git a/javascript/ql/lib/change-notes/2025-04-02-rimraf.md b/javascript/ql/lib/change-notes/2025-04-02-rimraf.md deleted file mode 100644 index 3d0521643d5..00000000000 --- a/javascript/ql/lib/change-notes/2025-04-02-rimraf.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added support for additional `rimraf` methods as sinks in path-injection queries. diff --git a/javascript/ql/lib/change-notes/2025-04-07-open-package.md b/javascript/ql/lib/change-notes/2025-04-07-open-package.md deleted file mode 100644 index a4c02f0d6d9..00000000000 --- a/javascript/ql/lib/change-notes/2025-04-07-open-package.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added support for the `open` package. diff --git a/javascript/ql/lib/change-notes/2025-04-07-typed-arrays.md b/javascript/ql/lib/change-notes/2025-04-07-typed-arrays.md deleted file mode 100644 index f09e6831743..00000000000 --- a/javascript/ql/lib/change-notes/2025-04-07-typed-arrays.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added taint propagation for `Uint8Array`, `ArrayBuffer`, `SharedArrayBuffer` and `TextDecoder.decode()`. diff --git a/javascript/ql/lib/change-notes/2025-04-07-websocket.md b/javascript/ql/lib/change-notes/2025-04-07-websocket.md deleted file mode 100644 index 1d6cdb8e6b1..00000000000 --- a/javascript/ql/lib/change-notes/2025-04-07-websocket.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- -* Improved detection of `WebSocket` and `SockJS` usage. -* Added data received from `WebSocket` clients as a remote flow source. diff --git a/javascript/ql/lib/change-notes/2025-04-09-make-dir.md b/javascript/ql/lib/change-notes/2025-04-09-make-dir.md deleted file mode 100644 index fd056bbc98d..00000000000 --- a/javascript/ql/lib/change-notes/2025-04-09-make-dir.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Added support for the `make-dir` package. diff --git a/javascript/ql/lib/change-notes/2025-04-11-nextrequest.md b/javascript/ql/lib/change-notes/2025-04-11-nextrequest.md deleted file mode 100644 index 9db5c34e51b..00000000000 --- a/javascript/ql/lib/change-notes/2025-04-11-nextrequest.md +++ /dev/null @@ -1,5 +0,0 @@ ---- -category: minorAnalysis ---- -* Data passed to the [NextResponse](https://nextjs.org/docs/app/api-reference/functions/next-response) constructor is now treated as a sink for `js/reflected-xss`. -* Data received from [NextRequest](https://nextjs.org/docs/app/api-reference/functions/next-request) and [Request](https://developer.mozilla.org/en-US/docs/Web/API/Request) is now treated as a remote user input `source`. diff --git a/javascript/ql/lib/change-notes/released/2.6.1.md b/javascript/ql/lib/change-notes/released/2.6.1.md new file mode 100644 index 00000000000..9356c1ea56e --- /dev/null +++ b/javascript/ql/lib/change-notes/released/2.6.1.md @@ -0,0 +1,13 @@ +## 2.6.1 + +### Minor Analysis Improvements + +* Data passed to the [NextResponse](https://nextjs.org/docs/app/api-reference/functions/next-response) constructor is now treated as a sink for `js/reflected-xss`. +* Data received from [NextRequest](https://nextjs.org/docs/app/api-reference/functions/next-request) and [Request](https://developer.mozilla.org/en-US/docs/Web/API/Request) is now treated as a remote user input `source`. +* Added support for the `make-dir` package. +* Added support for the `open` package. +* Added taint propagation for `Uint8Array`, `ArrayBuffer`, `SharedArrayBuffer` and `TextDecoder.decode()`. +* Improved detection of `WebSocket` and `SockJS` usage. +* Added data received from `WebSocket` clients as a remote flow source. +* Added support for additional `mkdirp` methods as sinks in path-injection queries. +* Added support for additional `rimraf` methods as sinks in path-injection queries. diff --git a/javascript/ql/lib/codeql-pack.release.yml b/javascript/ql/lib/codeql-pack.release.yml index 29308d70232..d9d6a8bbe18 100644 --- a/javascript/ql/lib/codeql-pack.release.yml +++ b/javascript/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.6.0 +lastReleaseVersion: 2.6.1 diff --git a/javascript/ql/lib/qlpack.yml b/javascript/ql/lib/qlpack.yml index 80004cfa6a0..5b5e10e0c0d 100644 --- a/javascript/ql/lib/qlpack.yml +++ b/javascript/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-all -version: 2.6.1-dev +version: 2.6.1 groups: javascript dbscheme: semmlecode.javascript.dbscheme extractor: javascript diff --git a/javascript/ql/src/CHANGELOG.md b/javascript/ql/src/CHANGELOG.md index fef8edd5c80..32be26faf9c 100644 --- a/javascript/ql/src/CHANGELOG.md +++ b/javascript/ql/src/CHANGELOG.md @@ -1,3 +1,14 @@ +## 1.5.3 + +### Minor Analysis Improvements + +* Data passed to the [Response](https://developer.mozilla.org/en-US/docs/Web/API/Response) constructor is now treated as a sink for `js/reflected-xss`. +* Slightly improved detection of DOM element references, leading to XSS results being detected in more cases. + +### Bug Fixes + +* Fixed a bug that would prevent extraction of `tsconfig.json` files when it contained an array literal with a trailing comma. + ## 1.5.2 ### Bug Fixes diff --git a/javascript/ql/src/change-notes/2025-04-02-name-resolution-independent-fixes.md b/javascript/ql/src/change-notes/2025-04-02-name-resolution-independent-fixes.md deleted file mode 100644 index 4773744a984..00000000000 --- a/javascript/ql/src/change-notes/2025-04-02-name-resolution-independent-fixes.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Slightly improved detection of DOM element references, leading to XSS results being detected in more cases. diff --git a/javascript/ql/src/change-notes/2025-04-09-web-response.md b/javascript/ql/src/change-notes/2025-04-09-web-response.md deleted file mode 100644 index 3afebf1b6a7..00000000000 --- a/javascript/ql/src/change-notes/2025-04-09-web-response.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: minorAnalysis ---- -* Data passed to the [Response](https://developer.mozilla.org/en-US/docs/Web/API/Response) constructor is now treated as a sink for `js/reflected-xss`. diff --git a/javascript/ql/src/change-notes/2025-04-10-json-array-trailing-comma.md b/javascript/ql/src/change-notes/2025-04-10-json-array-trailing-comma.md deleted file mode 100644 index 7a0acd541e1..00000000000 --- a/javascript/ql/src/change-notes/2025-04-10-json-array-trailing-comma.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: fix ---- -* Fixed a bug that would prevent extraction of `tsconfig.json` files when it contained an array literal with a trailing comma. diff --git a/javascript/ql/src/change-notes/released/1.5.3.md b/javascript/ql/src/change-notes/released/1.5.3.md new file mode 100644 index 00000000000..3642084aaa8 --- /dev/null +++ b/javascript/ql/src/change-notes/released/1.5.3.md @@ -0,0 +1,10 @@ +## 1.5.3 + +### Minor Analysis Improvements + +* Data passed to the [Response](https://developer.mozilla.org/en-US/docs/Web/API/Response) constructor is now treated as a sink for `js/reflected-xss`. +* Slightly improved detection of DOM element references, leading to XSS results being detected in more cases. + +### Bug Fixes + +* Fixed a bug that would prevent extraction of `tsconfig.json` files when it contained an array literal with a trailing comma. diff --git a/javascript/ql/src/codeql-pack.release.yml b/javascript/ql/src/codeql-pack.release.yml index 7eb901bae56..232224b0e26 100644 --- a/javascript/ql/src/codeql-pack.release.yml +++ b/javascript/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.5.2 +lastReleaseVersion: 1.5.3 diff --git a/javascript/ql/src/qlpack.yml b/javascript/ql/src/qlpack.yml index 3a5ecb85b4f..1239092b279 100644 --- a/javascript/ql/src/qlpack.yml +++ b/javascript/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/javascript-queries -version: 1.5.3-dev +version: 1.5.3 groups: - javascript - queries diff --git a/misc/suite-helpers/CHANGELOG.md b/misc/suite-helpers/CHANGELOG.md index 03ff9963412..74c5e6933ed 100644 --- a/misc/suite-helpers/CHANGELOG.md +++ b/misc/suite-helpers/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.21 + +No user-facing changes. + ## 1.0.20 No user-facing changes. diff --git a/misc/suite-helpers/change-notes/released/1.0.21.md b/misc/suite-helpers/change-notes/released/1.0.21.md new file mode 100644 index 00000000000..aeb4f416f69 --- /dev/null +++ b/misc/suite-helpers/change-notes/released/1.0.21.md @@ -0,0 +1,3 @@ +## 1.0.21 + +No user-facing changes. diff --git a/misc/suite-helpers/codeql-pack.release.yml b/misc/suite-helpers/codeql-pack.release.yml index 7af2d1347ff..81b5ecacf44 100644 --- a/misc/suite-helpers/codeql-pack.release.yml +++ b/misc/suite-helpers/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.20 +lastReleaseVersion: 1.0.21 diff --git a/misc/suite-helpers/qlpack.yml b/misc/suite-helpers/qlpack.yml index 28a36682869..fa098c1e805 100644 --- a/misc/suite-helpers/qlpack.yml +++ b/misc/suite-helpers/qlpack.yml @@ -1,4 +1,4 @@ name: codeql/suite-helpers -version: 1.0.21-dev +version: 1.0.21 groups: shared warnOnImplicitThis: true diff --git a/python/ql/lib/CHANGELOG.md b/python/ql/lib/CHANGELOG.md index 8ea99e00e05..1d7bcb46b1e 100644 --- a/python/ql/lib/CHANGELOG.md +++ b/python/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 4.0.5 + +No user-facing changes. + ## 4.0.4 ### Minor Analysis Improvements diff --git a/python/ql/lib/change-notes/released/4.0.5.md b/python/ql/lib/change-notes/released/4.0.5.md new file mode 100644 index 00000000000..dda2a2d3bf4 --- /dev/null +++ b/python/ql/lib/change-notes/released/4.0.5.md @@ -0,0 +1,3 @@ +## 4.0.5 + +No user-facing changes. diff --git a/python/ql/lib/codeql-pack.release.yml b/python/ql/lib/codeql-pack.release.yml index b207094e2b3..b08843b96ce 100644 --- a/python/ql/lib/codeql-pack.release.yml +++ b/python/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 4.0.4 +lastReleaseVersion: 4.0.5 diff --git a/python/ql/lib/qlpack.yml b/python/ql/lib/qlpack.yml index 020415470fe..a269f6ea946 100644 --- a/python/ql/lib/qlpack.yml +++ b/python/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-all -version: 4.0.5-dev +version: 4.0.5 groups: python dbscheme: semmlecode.python.dbscheme extractor: python diff --git a/python/ql/src/CHANGELOG.md b/python/ql/src/CHANGELOG.md index 33e8046917e..4b1ca7a734b 100644 --- a/python/ql/src/CHANGELOG.md +++ b/python/ql/src/CHANGELOG.md @@ -1,3 +1,9 @@ +## 1.4.7 + +### Minor Analysis Improvements + +- The `py/mixed-tuple-returns` query no longer flags instances where the tuple is passed into the function as an argument, as this led to too many false positives. + ## 1.4.6 ### Minor Analysis Improvements diff --git a/python/ql/src/change-notes/2025-03-27-modernize-mixed-tuple-returns-query.md b/python/ql/src/change-notes/released/1.4.7.md similarity index 79% rename from python/ql/src/change-notes/2025-03-27-modernize-mixed-tuple-returns-query.md rename to python/ql/src/change-notes/released/1.4.7.md index 57cf5c69a13..bc5ef332ab0 100644 --- a/python/ql/src/change-notes/2025-03-27-modernize-mixed-tuple-returns-query.md +++ b/python/ql/src/change-notes/released/1.4.7.md @@ -1,5 +1,5 @@ ---- -category: minorAnalysis ---- +## 1.4.7 + +### Minor Analysis Improvements - The `py/mixed-tuple-returns` query no longer flags instances where the tuple is passed into the function as an argument, as this led to too many false positives. diff --git a/python/ql/src/codeql-pack.release.yml b/python/ql/src/codeql-pack.release.yml index 3b00bbce928..163362bd632 100644 --- a/python/ql/src/codeql-pack.release.yml +++ b/python/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.4.6 +lastReleaseVersion: 1.4.7 diff --git a/python/ql/src/qlpack.yml b/python/ql/src/qlpack.yml index 2d3896cc57f..88b09575d0c 100644 --- a/python/ql/src/qlpack.yml +++ b/python/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/python-queries -version: 1.4.7-dev +version: 1.4.7 groups: - python - queries diff --git a/ruby/ql/lib/CHANGELOG.md b/ruby/ql/lib/CHANGELOG.md index 5eabfa99ba6..527d5c3fd17 100644 --- a/ruby/ql/lib/CHANGELOG.md +++ b/ruby/ql/lib/CHANGELOG.md @@ -1,3 +1,9 @@ +## 4.1.4 + +### Minor Analysis Improvements + +* Calls to `super` without explict arguments now have their implicit arguments generated. For example, in `def foo(x, y) { super } end` the call to `super` becomes `super(x, y)`. + ## 4.1.3 No user-facing changes. diff --git a/ruby/ql/lib/change-notes/2025-04-07-implicit-super-args.md b/ruby/ql/lib/change-notes/released/4.1.4.md similarity index 80% rename from ruby/ql/lib/change-notes/2025-04-07-implicit-super-args.md rename to ruby/ql/lib/change-notes/released/4.1.4.md index 7570dffb740..1b944c56640 100644 --- a/ruby/ql/lib/change-notes/2025-04-07-implicit-super-args.md +++ b/ruby/ql/lib/change-notes/released/4.1.4.md @@ -1,4 +1,5 @@ ---- -category: minorAnalysis ---- +## 4.1.4 + +### Minor Analysis Improvements + * Calls to `super` without explict arguments now have their implicit arguments generated. For example, in `def foo(x, y) { super } end` the call to `super` becomes `super(x, y)`. diff --git a/ruby/ql/lib/codeql-pack.release.yml b/ruby/ql/lib/codeql-pack.release.yml index cdfb1853324..de92bc2ecc3 100644 --- a/ruby/ql/lib/codeql-pack.release.yml +++ b/ruby/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 4.1.3 +lastReleaseVersion: 4.1.4 diff --git a/ruby/ql/lib/qlpack.yml b/ruby/ql/lib/qlpack.yml index 639f6fb35f1..4bc89e7863a 100644 --- a/ruby/ql/lib/qlpack.yml +++ b/ruby/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-all -version: 4.1.4-dev +version: 4.1.4 groups: ruby extractor: ruby dbscheme: ruby.dbscheme diff --git a/ruby/ql/src/CHANGELOG.md b/ruby/ql/src/CHANGELOG.md index 7877bdb6a79..b06acc1c9df 100644 --- a/ruby/ql/src/CHANGELOG.md +++ b/ruby/ql/src/CHANGELOG.md @@ -1,3 +1,10 @@ +## 1.2.0 + +### Major Analysis Improvements + +* The query `rb/useless-assignment-to-local` now comes with query help and has been tweaked to produce fewer false positives. +* The query `rb/uninitialized-local-variable` now only produces alerts when the variable is the receiver of a method call and should produce very few false positives. It also now comes with a help file. + ## 1.1.15 No user-facing changes. diff --git a/ruby/ql/src/change-notes/2025-04-04-refine-deadstore.md b/ruby/ql/src/change-notes/2025-04-04-refine-deadstore.md deleted file mode 100644 index c0bff9adf21..00000000000 --- a/ruby/ql/src/change-notes/2025-04-04-refine-deadstore.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: majorAnalysis ---- -* The query `rb/useless-assignment-to-local` now comes with query help and has been tweaked to produce fewer false positives. diff --git a/ruby/ql/src/change-notes/2025-04-02-adjust-uninitialized-local-alert-message.md b/ruby/ql/src/change-notes/released/1.2.0.md similarity index 54% rename from ruby/ql/src/change-notes/2025-04-02-adjust-uninitialized-local-alert-message.md rename to ruby/ql/src/change-notes/released/1.2.0.md index 87b92ee51ce..61491d76fde 100644 --- a/ruby/ql/src/change-notes/2025-04-02-adjust-uninitialized-local-alert-message.md +++ b/ruby/ql/src/change-notes/released/1.2.0.md @@ -1,4 +1,6 @@ ---- -category: majorAnalysis ---- +## 1.2.0 + +### Major Analysis Improvements + +* The query `rb/useless-assignment-to-local` now comes with query help and has been tweaked to produce fewer false positives. * The query `rb/uninitialized-local-variable` now only produces alerts when the variable is the receiver of a method call and should produce very few false positives. It also now comes with a help file. diff --git a/ruby/ql/src/codeql-pack.release.yml b/ruby/ql/src/codeql-pack.release.yml index 9ec2e68cbd3..75430e73d1c 100644 --- a/ruby/ql/src/codeql-pack.release.yml +++ b/ruby/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.1.15 +lastReleaseVersion: 1.2.0 diff --git a/ruby/ql/src/qlpack.yml b/ruby/ql/src/qlpack.yml index ca0617aa13e..6003cc96ddf 100644 --- a/ruby/ql/src/qlpack.yml +++ b/ruby/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ruby-queries -version: 1.1.16-dev +version: 1.2.0 groups: - ruby - queries diff --git a/rust/ql/lib/CHANGELOG.md b/rust/ql/lib/CHANGELOG.md index 85c1fc61056..2755640d9ea 100644 --- a/rust/ql/lib/CHANGELOG.md +++ b/rust/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.6 + +No user-facing changes. + ## 0.1.5 No user-facing changes. diff --git a/rust/ql/lib/change-notes/released/0.1.6.md b/rust/ql/lib/change-notes/released/0.1.6.md new file mode 100644 index 00000000000..b856f15fe69 --- /dev/null +++ b/rust/ql/lib/change-notes/released/0.1.6.md @@ -0,0 +1,3 @@ +## 0.1.6 + +No user-facing changes. diff --git a/rust/ql/lib/codeql-pack.release.yml b/rust/ql/lib/codeql-pack.release.yml index 157cff8108d..d271632b3dd 100644 --- a/rust/ql/lib/codeql-pack.release.yml +++ b/rust/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.5 +lastReleaseVersion: 0.1.6 diff --git a/rust/ql/lib/qlpack.yml b/rust/ql/lib/qlpack.yml index 603ede342c7..5a7ba107f7a 100644 --- a/rust/ql/lib/qlpack.yml +++ b/rust/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rust-all -version: 0.1.6-dev +version: 0.1.6 groups: rust extractor: rust dbscheme: rust.dbscheme diff --git a/rust/ql/src/CHANGELOG.md b/rust/ql/src/CHANGELOG.md index 85c1fc61056..2755640d9ea 100644 --- a/rust/ql/src/CHANGELOG.md +++ b/rust/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.1.6 + +No user-facing changes. + ## 0.1.5 No user-facing changes. diff --git a/rust/ql/src/change-notes/released/0.1.6.md b/rust/ql/src/change-notes/released/0.1.6.md new file mode 100644 index 00000000000..b856f15fe69 --- /dev/null +++ b/rust/ql/src/change-notes/released/0.1.6.md @@ -0,0 +1,3 @@ +## 0.1.6 + +No user-facing changes. diff --git a/rust/ql/src/codeql-pack.release.yml b/rust/ql/src/codeql-pack.release.yml index 157cff8108d..d271632b3dd 100644 --- a/rust/ql/src/codeql-pack.release.yml +++ b/rust/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.1.5 +lastReleaseVersion: 0.1.6 diff --git a/rust/ql/src/qlpack.yml b/rust/ql/src/qlpack.yml index 4b0296c0af8..f7afd1d4c99 100644 --- a/rust/ql/src/qlpack.yml +++ b/rust/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rust-queries -version: 0.1.6-dev +version: 0.1.6 groups: - rust - queries diff --git a/shared/controlflow/CHANGELOG.md b/shared/controlflow/CHANGELOG.md index 06ae926fe11..ce221ede189 100644 --- a/shared/controlflow/CHANGELOG.md +++ b/shared/controlflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.5 + +No user-facing changes. + ## 2.0.4 No user-facing changes. diff --git a/shared/controlflow/change-notes/released/2.0.5.md b/shared/controlflow/change-notes/released/2.0.5.md new file mode 100644 index 00000000000..8bce5b7ca75 --- /dev/null +++ b/shared/controlflow/change-notes/released/2.0.5.md @@ -0,0 +1,3 @@ +## 2.0.5 + +No user-facing changes. diff --git a/shared/controlflow/codeql-pack.release.yml b/shared/controlflow/codeql-pack.release.yml index 0f306f8bd3b..6c269316f27 100644 --- a/shared/controlflow/codeql-pack.release.yml +++ b/shared/controlflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.4 +lastReleaseVersion: 2.0.5 diff --git a/shared/controlflow/qlpack.yml b/shared/controlflow/qlpack.yml index 5b1c8278c8a..91c33675bab 100644 --- a/shared/controlflow/qlpack.yml +++ b/shared/controlflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/controlflow -version: 2.0.5-dev +version: 2.0.5 groups: shared library: true dependencies: diff --git a/shared/dataflow/CHANGELOG.md b/shared/dataflow/CHANGELOG.md index 19d6b3ed909..ac1750c1e2f 100644 --- a/shared/dataflow/CHANGELOG.md +++ b/shared/dataflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.5 + +No user-facing changes. + ## 2.0.4 No user-facing changes. diff --git a/shared/dataflow/change-notes/released/2.0.5.md b/shared/dataflow/change-notes/released/2.0.5.md new file mode 100644 index 00000000000..8bce5b7ca75 --- /dev/null +++ b/shared/dataflow/change-notes/released/2.0.5.md @@ -0,0 +1,3 @@ +## 2.0.5 + +No user-facing changes. diff --git a/shared/dataflow/codeql-pack.release.yml b/shared/dataflow/codeql-pack.release.yml index 0f306f8bd3b..6c269316f27 100644 --- a/shared/dataflow/codeql-pack.release.yml +++ b/shared/dataflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.4 +lastReleaseVersion: 2.0.5 diff --git a/shared/dataflow/qlpack.yml b/shared/dataflow/qlpack.yml index 86a58593efd..82b137f996d 100644 --- a/shared/dataflow/qlpack.yml +++ b/shared/dataflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/dataflow -version: 2.0.5-dev +version: 2.0.5 groups: shared library: true dependencies: diff --git a/shared/mad/CHANGELOG.md b/shared/mad/CHANGELOG.md index 428eb375a90..609a9cdaff6 100644 --- a/shared/mad/CHANGELOG.md +++ b/shared/mad/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.21 + +No user-facing changes. + ## 1.0.20 No user-facing changes. diff --git a/shared/mad/change-notes/released/1.0.21.md b/shared/mad/change-notes/released/1.0.21.md new file mode 100644 index 00000000000..aeb4f416f69 --- /dev/null +++ b/shared/mad/change-notes/released/1.0.21.md @@ -0,0 +1,3 @@ +## 1.0.21 + +No user-facing changes. diff --git a/shared/mad/codeql-pack.release.yml b/shared/mad/codeql-pack.release.yml index 7af2d1347ff..81b5ecacf44 100644 --- a/shared/mad/codeql-pack.release.yml +++ b/shared/mad/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.20 +lastReleaseVersion: 1.0.21 diff --git a/shared/mad/qlpack.yml b/shared/mad/qlpack.yml index 0c7d0f8fb14..bd73c23bb12 100644 --- a/shared/mad/qlpack.yml +++ b/shared/mad/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/mad -version: 1.0.21-dev +version: 1.0.21 groups: shared library: true dependencies: diff --git a/shared/rangeanalysis/CHANGELOG.md b/shared/rangeanalysis/CHANGELOG.md index 8ca74122cc4..2757232c21a 100644 --- a/shared/rangeanalysis/CHANGELOG.md +++ b/shared/rangeanalysis/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.21 + +No user-facing changes. + ## 1.0.20 No user-facing changes. diff --git a/shared/rangeanalysis/change-notes/released/1.0.21.md b/shared/rangeanalysis/change-notes/released/1.0.21.md new file mode 100644 index 00000000000..aeb4f416f69 --- /dev/null +++ b/shared/rangeanalysis/change-notes/released/1.0.21.md @@ -0,0 +1,3 @@ +## 1.0.21 + +No user-facing changes. diff --git a/shared/rangeanalysis/codeql-pack.release.yml b/shared/rangeanalysis/codeql-pack.release.yml index 7af2d1347ff..81b5ecacf44 100644 --- a/shared/rangeanalysis/codeql-pack.release.yml +++ b/shared/rangeanalysis/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.20 +lastReleaseVersion: 1.0.21 diff --git a/shared/rangeanalysis/qlpack.yml b/shared/rangeanalysis/qlpack.yml index 258e34f4416..76a9eeb5196 100644 --- a/shared/rangeanalysis/qlpack.yml +++ b/shared/rangeanalysis/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/rangeanalysis -version: 1.0.21-dev +version: 1.0.21 groups: shared library: true dependencies: diff --git a/shared/regex/CHANGELOG.md b/shared/regex/CHANGELOG.md index 06d3215edb5..3ab9e968cc0 100644 --- a/shared/regex/CHANGELOG.md +++ b/shared/regex/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.21 + +No user-facing changes. + ## 1.0.20 No user-facing changes. diff --git a/shared/regex/change-notes/released/1.0.21.md b/shared/regex/change-notes/released/1.0.21.md new file mode 100644 index 00000000000..aeb4f416f69 --- /dev/null +++ b/shared/regex/change-notes/released/1.0.21.md @@ -0,0 +1,3 @@ +## 1.0.21 + +No user-facing changes. diff --git a/shared/regex/codeql-pack.release.yml b/shared/regex/codeql-pack.release.yml index 7af2d1347ff..81b5ecacf44 100644 --- a/shared/regex/codeql-pack.release.yml +++ b/shared/regex/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.20 +lastReleaseVersion: 1.0.21 diff --git a/shared/regex/qlpack.yml b/shared/regex/qlpack.yml index fb48dd895fe..b32c38cae91 100644 --- a/shared/regex/qlpack.yml +++ b/shared/regex/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/regex -version: 1.0.21-dev +version: 1.0.21 groups: shared library: true dependencies: diff --git a/shared/ssa/CHANGELOG.md b/shared/ssa/CHANGELOG.md index fb40fb4db74..cb86b03f5bf 100644 --- a/shared/ssa/CHANGELOG.md +++ b/shared/ssa/CHANGELOG.md @@ -1,3 +1,9 @@ +## 1.1.0 + +### Deprecated APIs + +* All references to the `DefinitionExt` and `PhiReadNode` classes in the SSA library have been deprecated. The concept of phi-read nodes is now strictly an internal implementation detail. Their sole use-case is to improve the structure of the use-use flow relation for data flow, and this use-case remains supported by the `DataFlowIntegration` module. + ## 1.0.20 No user-facing changes. diff --git a/shared/ssa/change-notes/2025-04-03-definitionext-deprecation.md b/shared/ssa/change-notes/released/1.1.0.md similarity index 91% rename from shared/ssa/change-notes/2025-04-03-definitionext-deprecation.md rename to shared/ssa/change-notes/released/1.1.0.md index 0f0db7c81a1..1eedd5d911c 100644 --- a/shared/ssa/change-notes/2025-04-03-definitionext-deprecation.md +++ b/shared/ssa/change-notes/released/1.1.0.md @@ -1,4 +1,5 @@ ---- -category: deprecated ---- +## 1.1.0 + +### Deprecated APIs + * All references to the `DefinitionExt` and `PhiReadNode` classes in the SSA library have been deprecated. The concept of phi-read nodes is now strictly an internal implementation detail. Their sole use-case is to improve the structure of the use-use flow relation for data flow, and this use-case remains supported by the `DataFlowIntegration` module. diff --git a/shared/ssa/codeql-pack.release.yml b/shared/ssa/codeql-pack.release.yml index 7af2d1347ff..2ac15439f56 100644 --- a/shared/ssa/codeql-pack.release.yml +++ b/shared/ssa/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.20 +lastReleaseVersion: 1.1.0 diff --git a/shared/ssa/qlpack.yml b/shared/ssa/qlpack.yml index c5e5a147085..1fa4f9cd719 100644 --- a/shared/ssa/qlpack.yml +++ b/shared/ssa/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/ssa -version: 1.0.21-dev +version: 1.1.0 groups: shared library: true dependencies: diff --git a/shared/threat-models/CHANGELOG.md b/shared/threat-models/CHANGELOG.md index b20db016231..4ede7cf63b2 100644 --- a/shared/threat-models/CHANGELOG.md +++ b/shared/threat-models/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.21 + +No user-facing changes. + ## 1.0.20 No user-facing changes. diff --git a/shared/threat-models/change-notes/released/1.0.21.md b/shared/threat-models/change-notes/released/1.0.21.md new file mode 100644 index 00000000000..aeb4f416f69 --- /dev/null +++ b/shared/threat-models/change-notes/released/1.0.21.md @@ -0,0 +1,3 @@ +## 1.0.21 + +No user-facing changes. diff --git a/shared/threat-models/codeql-pack.release.yml b/shared/threat-models/codeql-pack.release.yml index 7af2d1347ff..81b5ecacf44 100644 --- a/shared/threat-models/codeql-pack.release.yml +++ b/shared/threat-models/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.20 +lastReleaseVersion: 1.0.21 diff --git a/shared/threat-models/qlpack.yml b/shared/threat-models/qlpack.yml index 2698ba75fe4..ca7ab6760c8 100644 --- a/shared/threat-models/qlpack.yml +++ b/shared/threat-models/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/threat-models -version: 1.0.21-dev +version: 1.0.21 library: true groups: shared dataExtensions: diff --git a/shared/tutorial/CHANGELOG.md b/shared/tutorial/CHANGELOG.md index 2f7a36a4d8b..24702110474 100644 --- a/shared/tutorial/CHANGELOG.md +++ b/shared/tutorial/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.21 + +No user-facing changes. + ## 1.0.20 No user-facing changes. diff --git a/shared/tutorial/change-notes/released/1.0.21.md b/shared/tutorial/change-notes/released/1.0.21.md new file mode 100644 index 00000000000..aeb4f416f69 --- /dev/null +++ b/shared/tutorial/change-notes/released/1.0.21.md @@ -0,0 +1,3 @@ +## 1.0.21 + +No user-facing changes. diff --git a/shared/tutorial/codeql-pack.release.yml b/shared/tutorial/codeql-pack.release.yml index 7af2d1347ff..81b5ecacf44 100644 --- a/shared/tutorial/codeql-pack.release.yml +++ b/shared/tutorial/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.20 +lastReleaseVersion: 1.0.21 diff --git a/shared/tutorial/qlpack.yml b/shared/tutorial/qlpack.yml index 239783afe11..0735fce8bb1 100644 --- a/shared/tutorial/qlpack.yml +++ b/shared/tutorial/qlpack.yml @@ -1,7 +1,7 @@ name: codeql/tutorial description: Library for the CodeQL detective tutorials, helping new users learn to write CodeQL queries. -version: 1.0.21-dev +version: 1.0.21 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/typeflow/CHANGELOG.md b/shared/typeflow/CHANGELOG.md index 4c72a93118e..3d66ee2aafa 100644 --- a/shared/typeflow/CHANGELOG.md +++ b/shared/typeflow/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.21 + +No user-facing changes. + ## 1.0.20 No user-facing changes. diff --git a/shared/typeflow/change-notes/released/1.0.21.md b/shared/typeflow/change-notes/released/1.0.21.md new file mode 100644 index 00000000000..aeb4f416f69 --- /dev/null +++ b/shared/typeflow/change-notes/released/1.0.21.md @@ -0,0 +1,3 @@ +## 1.0.21 + +No user-facing changes. diff --git a/shared/typeflow/codeql-pack.release.yml b/shared/typeflow/codeql-pack.release.yml index 7af2d1347ff..81b5ecacf44 100644 --- a/shared/typeflow/codeql-pack.release.yml +++ b/shared/typeflow/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.20 +lastReleaseVersion: 1.0.21 diff --git a/shared/typeflow/qlpack.yml b/shared/typeflow/qlpack.yml index 243dbbefacc..b918a6647d4 100644 --- a/shared/typeflow/qlpack.yml +++ b/shared/typeflow/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typeflow -version: 1.0.21-dev +version: 1.0.21 groups: shared library: true dependencies: diff --git a/shared/typeinference/CHANGELOG.md b/shared/typeinference/CHANGELOG.md index 59b60bad0f3..7668a5ba39d 100644 --- a/shared/typeinference/CHANGELOG.md +++ b/shared/typeinference/CHANGELOG.md @@ -1,3 +1,7 @@ +## 0.0.2 + +No user-facing changes. + ## 0.0.1 No user-facing changes. diff --git a/shared/typeinference/change-notes/released/0.0.2.md b/shared/typeinference/change-notes/released/0.0.2.md new file mode 100644 index 00000000000..5ab250998ed --- /dev/null +++ b/shared/typeinference/change-notes/released/0.0.2.md @@ -0,0 +1,3 @@ +## 0.0.2 + +No user-facing changes. diff --git a/shared/typeinference/codeql-pack.release.yml b/shared/typeinference/codeql-pack.release.yml index c6933410b71..55dc06fbd76 100644 --- a/shared/typeinference/codeql-pack.release.yml +++ b/shared/typeinference/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 0.0.1 +lastReleaseVersion: 0.0.2 diff --git a/shared/typeinference/qlpack.yml b/shared/typeinference/qlpack.yml index 4606888741a..e53d74a0f0b 100644 --- a/shared/typeinference/qlpack.yml +++ b/shared/typeinference/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typeinference -version: 0.0.2-dev +version: 0.0.2 groups: shared library: true dependencies: diff --git a/shared/typetracking/CHANGELOG.md b/shared/typetracking/CHANGELOG.md index c31f7b82d8b..cb26fd51732 100644 --- a/shared/typetracking/CHANGELOG.md +++ b/shared/typetracking/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.5 + +No user-facing changes. + ## 2.0.4 No user-facing changes. diff --git a/shared/typetracking/change-notes/released/2.0.5.md b/shared/typetracking/change-notes/released/2.0.5.md new file mode 100644 index 00000000000..8bce5b7ca75 --- /dev/null +++ b/shared/typetracking/change-notes/released/2.0.5.md @@ -0,0 +1,3 @@ +## 2.0.5 + +No user-facing changes. diff --git a/shared/typetracking/codeql-pack.release.yml b/shared/typetracking/codeql-pack.release.yml index 0f306f8bd3b..6c269316f27 100644 --- a/shared/typetracking/codeql-pack.release.yml +++ b/shared/typetracking/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.4 +lastReleaseVersion: 2.0.5 diff --git a/shared/typetracking/qlpack.yml b/shared/typetracking/qlpack.yml index 387f2df0850..3a49c131870 100644 --- a/shared/typetracking/qlpack.yml +++ b/shared/typetracking/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typetracking -version: 2.0.5-dev +version: 2.0.5 groups: shared library: true dependencies: diff --git a/shared/typos/CHANGELOG.md b/shared/typos/CHANGELOG.md index 4365eb52a38..236eb0d974a 100644 --- a/shared/typos/CHANGELOG.md +++ b/shared/typos/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.21 + +No user-facing changes. + ## 1.0.20 No user-facing changes. diff --git a/shared/typos/change-notes/released/1.0.21.md b/shared/typos/change-notes/released/1.0.21.md new file mode 100644 index 00000000000..aeb4f416f69 --- /dev/null +++ b/shared/typos/change-notes/released/1.0.21.md @@ -0,0 +1,3 @@ +## 1.0.21 + +No user-facing changes. diff --git a/shared/typos/codeql-pack.release.yml b/shared/typos/codeql-pack.release.yml index 7af2d1347ff..81b5ecacf44 100644 --- a/shared/typos/codeql-pack.release.yml +++ b/shared/typos/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.20 +lastReleaseVersion: 1.0.21 diff --git a/shared/typos/qlpack.yml b/shared/typos/qlpack.yml index b84e528b13a..9f9eb31e03f 100644 --- a/shared/typos/qlpack.yml +++ b/shared/typos/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/typos -version: 1.0.21-dev +version: 1.0.21 groups: shared library: true warnOnImplicitThis: true diff --git a/shared/util/CHANGELOG.md b/shared/util/CHANGELOG.md index fa3c9ff7fb4..17de0802307 100644 --- a/shared/util/CHANGELOG.md +++ b/shared/util/CHANGELOG.md @@ -1,3 +1,7 @@ +## 2.0.8 + +No user-facing changes. + ## 2.0.7 No user-facing changes. diff --git a/shared/util/change-notes/released/2.0.8.md b/shared/util/change-notes/released/2.0.8.md new file mode 100644 index 00000000000..4d6867c721b --- /dev/null +++ b/shared/util/change-notes/released/2.0.8.md @@ -0,0 +1,3 @@ +## 2.0.8 + +No user-facing changes. diff --git a/shared/util/codeql-pack.release.yml b/shared/util/codeql-pack.release.yml index 08d5e959449..7ffb2d9f65b 100644 --- a/shared/util/codeql-pack.release.yml +++ b/shared/util/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 2.0.7 +lastReleaseVersion: 2.0.8 diff --git a/shared/util/qlpack.yml b/shared/util/qlpack.yml index cec325c5327..8f17062384d 100644 --- a/shared/util/qlpack.yml +++ b/shared/util/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/util -version: 2.0.8-dev +version: 2.0.8 groups: shared library: true dependencies: null diff --git a/shared/xml/CHANGELOG.md b/shared/xml/CHANGELOG.md index 5551a042e15..a9a8e312ea2 100644 --- a/shared/xml/CHANGELOG.md +++ b/shared/xml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.21 + +No user-facing changes. + ## 1.0.20 No user-facing changes. diff --git a/shared/xml/change-notes/released/1.0.21.md b/shared/xml/change-notes/released/1.0.21.md new file mode 100644 index 00000000000..aeb4f416f69 --- /dev/null +++ b/shared/xml/change-notes/released/1.0.21.md @@ -0,0 +1,3 @@ +## 1.0.21 + +No user-facing changes. diff --git a/shared/xml/codeql-pack.release.yml b/shared/xml/codeql-pack.release.yml index 7af2d1347ff..81b5ecacf44 100644 --- a/shared/xml/codeql-pack.release.yml +++ b/shared/xml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.20 +lastReleaseVersion: 1.0.21 diff --git a/shared/xml/qlpack.yml b/shared/xml/qlpack.yml index ddd183347db..36d5e9aaf98 100644 --- a/shared/xml/qlpack.yml +++ b/shared/xml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/xml -version: 1.0.21-dev +version: 1.0.21 groups: shared library: true dependencies: diff --git a/shared/yaml/CHANGELOG.md b/shared/yaml/CHANGELOG.md index 2aff70a053b..430e21d3e50 100644 --- a/shared/yaml/CHANGELOG.md +++ b/shared/yaml/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.0.21 + +No user-facing changes. + ## 1.0.20 No user-facing changes. diff --git a/shared/yaml/change-notes/released/1.0.21.md b/shared/yaml/change-notes/released/1.0.21.md new file mode 100644 index 00000000000..aeb4f416f69 --- /dev/null +++ b/shared/yaml/change-notes/released/1.0.21.md @@ -0,0 +1,3 @@ +## 1.0.21 + +No user-facing changes. diff --git a/shared/yaml/codeql-pack.release.yml b/shared/yaml/codeql-pack.release.yml index 7af2d1347ff..81b5ecacf44 100644 --- a/shared/yaml/codeql-pack.release.yml +++ b/shared/yaml/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.0.20 +lastReleaseVersion: 1.0.21 diff --git a/shared/yaml/qlpack.yml b/shared/yaml/qlpack.yml index bfb8003b745..2a582f48a94 100644 --- a/shared/yaml/qlpack.yml +++ b/shared/yaml/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/yaml -version: 1.0.21-dev +version: 1.0.21 groups: shared library: true warnOnImplicitThis: true diff --git a/swift/ql/lib/CHANGELOG.md b/swift/ql/lib/CHANGELOG.md index d11c1a7a776..32abbe5cc8e 100644 --- a/swift/ql/lib/CHANGELOG.md +++ b/swift/ql/lib/CHANGELOG.md @@ -1,3 +1,7 @@ +## 4.1.4 + +No user-facing changes. + ## 4.1.3 No user-facing changes. diff --git a/swift/ql/lib/change-notes/released/4.1.4.md b/swift/ql/lib/change-notes/released/4.1.4.md new file mode 100644 index 00000000000..d2d878b3429 --- /dev/null +++ b/swift/ql/lib/change-notes/released/4.1.4.md @@ -0,0 +1,3 @@ +## 4.1.4 + +No user-facing changes. diff --git a/swift/ql/lib/codeql-pack.release.yml b/swift/ql/lib/codeql-pack.release.yml index cdfb1853324..de92bc2ecc3 100644 --- a/swift/ql/lib/codeql-pack.release.yml +++ b/swift/ql/lib/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 4.1.3 +lastReleaseVersion: 4.1.4 diff --git a/swift/ql/lib/qlpack.yml b/swift/ql/lib/qlpack.yml index a8937945393..a4a4492d599 100644 --- a/swift/ql/lib/qlpack.yml +++ b/swift/ql/lib/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-all -version: 4.1.4-dev +version: 4.1.4 groups: swift extractor: swift dbscheme: swift.dbscheme diff --git a/swift/ql/src/CHANGELOG.md b/swift/ql/src/CHANGELOG.md index ee24a514d14..6b5f800619e 100644 --- a/swift/ql/src/CHANGELOG.md +++ b/swift/ql/src/CHANGELOG.md @@ -1,3 +1,7 @@ +## 1.1.1 + +No user-facing changes. + ## 1.1.0 ### New Queries diff --git a/swift/ql/src/change-notes/released/1.1.1.md b/swift/ql/src/change-notes/released/1.1.1.md new file mode 100644 index 00000000000..7fb56d36610 --- /dev/null +++ b/swift/ql/src/change-notes/released/1.1.1.md @@ -0,0 +1,3 @@ +## 1.1.1 + +No user-facing changes. diff --git a/swift/ql/src/codeql-pack.release.yml b/swift/ql/src/codeql-pack.release.yml index 2ac15439f56..1a19084be3f 100644 --- a/swift/ql/src/codeql-pack.release.yml +++ b/swift/ql/src/codeql-pack.release.yml @@ -1,2 +1,2 @@ --- -lastReleaseVersion: 1.1.0 +lastReleaseVersion: 1.1.1 diff --git a/swift/ql/src/qlpack.yml b/swift/ql/src/qlpack.yml index 65d542ab524..a99b65317ee 100644 --- a/swift/ql/src/qlpack.yml +++ b/swift/ql/src/qlpack.yml @@ -1,5 +1,5 @@ name: codeql/swift-queries -version: 1.1.1-dev +version: 1.1.1 groups: - swift - queries From b75e0ed02eaafb8b8f1830ce0541f986a2e3b412 Mon Sep 17 00:00:00 2001 From: Ian Lynagh Date: Tue, 15 Apr 2025 14:25:39 +0100 Subject: [PATCH 409/409] actions: Fix spelling error in UnmaskedSecretExposure.md Corrects "know" to "known" in the description of the UnmaskedSecretExposure document. --- actions/ql/src/Security/CWE-312/UnmaskedSecretExposure.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/actions/ql/src/Security/CWE-312/UnmaskedSecretExposure.md b/actions/ql/src/Security/CWE-312/UnmaskedSecretExposure.md index 6c681856a7b..3c56374f993 100644 --- a/actions/ql/src/Security/CWE-312/UnmaskedSecretExposure.md +++ b/actions/ql/src/Security/CWE-312/UnmaskedSecretExposure.md @@ -2,7 +2,7 @@ ## Description -Secrets derived from other secrets are not know to the workflow runner and therefore not masked unless explicitly registered. +Secrets derived from other secrets are not known to the workflow runner and therefore not masked unless explicitly registered. ## Recommendations