mirror of
https://github.com/github/codeql.git
synced 2026-07-05 03:25:31 +02:00
Compare commits
307 Commits
codeql-cli
...
aibaars-pa
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
5a2f66a221 | ||
|
|
1737d08145 | ||
|
|
b5d4a2d462 | ||
|
|
ed67fb0933 | ||
|
|
b50f4bc1a8 | ||
|
|
4ce100f9a3 | ||
|
|
45e14c96f2 | ||
|
|
13f2cf9003 | ||
|
|
daf1fa3c31 | ||
|
|
405d0fcd54 | ||
|
|
593ce01362 | ||
|
|
48e93b3654 | ||
|
|
22c5b7af4f | ||
|
|
34edb2537f | ||
|
|
5b1fe56d5f | ||
|
|
ec03ebbbfc | ||
|
|
6091f0dbce | ||
|
|
099ab0e0c2 | ||
|
|
604328ea5f | ||
|
|
652230d021 | ||
|
|
69633948ce | ||
|
|
065fecc57e | ||
|
|
50e1ffda64 | ||
|
|
a27b1ee33a | ||
|
|
5a59354d73 | ||
|
|
bce253920c | ||
|
|
afdd21eab7 | ||
|
|
295ecbb401 | ||
|
|
1806b8933f | ||
|
|
20b66eaf34 | ||
|
|
81e687ea98 | ||
|
|
a85d3f9b7f | ||
|
|
0c03935437 | ||
|
|
c4283dd23f | ||
|
|
9876c391fa | ||
|
|
e140d2ab4f | ||
|
|
985237ab2d | ||
|
|
1737ed50ba | ||
|
|
8cd2aeb65d | ||
|
|
7475f84ea5 | ||
|
|
e7f275382e | ||
|
|
8a36a2b563 | ||
|
|
ddf715e6a9 | ||
|
|
d547a417c9 | ||
|
|
cb006900cd | ||
|
|
7d7966e711 | ||
|
|
b491884996 | ||
|
|
76ea63ffbe | ||
|
|
ab1370cc8f | ||
|
|
e43755b34f | ||
|
|
9b26921cb6 | ||
|
|
7ca955a0e6 | ||
|
|
ebf650c0c0 | ||
|
|
70e6db3ce1 | ||
|
|
9e7fc1731f | ||
|
|
e179126abb | ||
|
|
cc423af8f1 | ||
|
|
f2670bcd61 | ||
|
|
f9bdca3079 | ||
|
|
30accecd8a | ||
|
|
5086841b46 | ||
|
|
42f462504e | ||
|
|
edc8f6f0f2 | ||
|
|
33f5620782 | ||
|
|
c56e0f7c0d | ||
|
|
95db81658b | ||
|
|
43ae5d4285 | ||
|
|
3f6925e7be | ||
|
|
715b0b3fb8 | ||
|
|
3af2e71932 | ||
|
|
8cd0a9d245 | ||
|
|
a61ec78f03 | ||
|
|
fe73601a4e | ||
|
|
681e58c8e0 | ||
|
|
cb3ebeedf9 | ||
|
|
db41ce5f76 | ||
|
|
6cfde70898 | ||
|
|
b4d762fb21 | ||
|
|
0c0ba925a7 | ||
|
|
f39ca1aad2 | ||
|
|
0a35f97074 | ||
|
|
c2710fb038 | ||
|
|
2c095cf166 | ||
|
|
a9d95a9418 | ||
|
|
23c19311fb | ||
|
|
4767d5a1ba | ||
|
|
43266b75a1 | ||
|
|
5f9a03f103 | ||
|
|
77401ded4e | ||
|
|
d44bf326f0 | ||
|
|
7e67338fb5 | ||
|
|
871b6515d5 | ||
|
|
1842bde879 | ||
|
|
c1a6ca5f94 | ||
|
|
486a394a7f | ||
|
|
8fabc06d37 | ||
|
|
cc958dc171 | ||
|
|
1399610bd4 | ||
|
|
5f96c92fac | ||
|
|
ed0325f162 | ||
|
|
7be106d7bb | ||
|
|
27be3dff54 | ||
|
|
8dae85e1b1 | ||
|
|
0a8ecd3cf7 | ||
|
|
388c9ffb74 | ||
|
|
ad8335d6f3 | ||
|
|
466eb4a845 | ||
|
|
a437fcbbcc | ||
|
|
9593ceeda5 | ||
|
|
1cbe26a54f | ||
|
|
4d0f6a0b96 | ||
|
|
a10370f813 | ||
|
|
b3f2159a7e | ||
|
|
17c80336f5 | ||
|
|
8d80e0332e | ||
|
|
a1d9228a66 | ||
|
|
694d6395d5 | ||
|
|
8c55a15fa6 | ||
|
|
6f74a2609c | ||
|
|
f54fc1a88d | ||
|
|
c2b7300709 | ||
|
|
e9e5d948b3 | ||
|
|
ca819573f5 | ||
|
|
3527897eff | ||
|
|
7620a6f653 | ||
|
|
aa53841466 | ||
|
|
018a76bb17 | ||
|
|
dcc76ddf36 | ||
|
|
0828474192 | ||
|
|
43a9b8960e | ||
|
|
cf23d338f3 | ||
|
|
6bc2fe513d | ||
|
|
b9bdee6651 | ||
|
|
03bf9eb166 | ||
|
|
bfe90413e2 | ||
|
|
dcbd82907f | ||
|
|
ec1d1eb547 | ||
|
|
962155fd61 | ||
|
|
9586259706 | ||
|
|
304203ad2f | ||
|
|
7b8603c89b | ||
|
|
f9b6ca76e5 | ||
|
|
fc00e56058 | ||
|
|
c9e5206396 | ||
|
|
541df9b550 | ||
|
|
336548f746 | ||
|
|
9474e63faf | ||
|
|
b136790efd | ||
|
|
0bd94a6307 | ||
|
|
4854679a40 | ||
|
|
39fb714ad1 | ||
|
|
e1bd4a78ff | ||
|
|
10b7b1f183 | ||
|
|
410167671f | ||
|
|
eebba36b18 | ||
|
|
98fc8812fc | ||
|
|
c779936ee8 | ||
|
|
c08c3955d6 | ||
|
|
78fc356feb | ||
|
|
dbd6607875 | ||
|
|
cc5f59f313 | ||
|
|
d4443592eb | ||
|
|
6b17890e4f | ||
|
|
eefa659503 | ||
|
|
fe789c8aa9 | ||
|
|
b897a40228 | ||
|
|
2f50549184 | ||
|
|
a1df1d1119 | ||
|
|
ee1c09329f | ||
|
|
d50816a284 | ||
|
|
0ee476129a | ||
|
|
5e74df3882 | ||
|
|
d13f9d5d71 | ||
|
|
7fbe4f8547 | ||
|
|
592ce3ec58 | ||
|
|
22ff8c2c7e | ||
|
|
3e06455ac1 | ||
|
|
21066d277f | ||
|
|
5ba4f6dae8 | ||
|
|
a7a9428dc1 | ||
|
|
47c9b446f0 | ||
|
|
380070f2e4 | ||
|
|
33fdcf1e4f | ||
|
|
855d4c2ea1 | ||
|
|
43a82004b2 | ||
|
|
18c5a8c8da | ||
|
|
da8123072d | ||
|
|
f1144b9672 | ||
|
|
d748cb483d | ||
|
|
4c53c341f6 | ||
|
|
62a10e20b2 | ||
|
|
8ca7d7d775 | ||
|
|
9d277027a3 | ||
|
|
3dd61cadf4 | ||
|
|
9a186ba5d2 | ||
|
|
ee79834cc8 | ||
|
|
ae634367c9 | ||
|
|
2cc703387b | ||
|
|
f5301aa478 | ||
|
|
f7c47b6c75 | ||
|
|
f7dca4d70f | ||
|
|
1fa2144716 | ||
|
|
fd10947ca0 | ||
|
|
49aab51893 | ||
|
|
ea95e2e1d0 | ||
|
|
b9fc82a741 | ||
|
|
4cfaa86d5d | ||
|
|
5f17d8370c | ||
|
|
63dcce9a31 | ||
|
|
b5a3d3c488 | ||
|
|
301914d80c | ||
|
|
706d1d2eee | ||
|
|
0dbb03f732 | ||
|
|
7df7b92d86 | ||
|
|
7129002573 | ||
|
|
b3f1a513d1 | ||
|
|
9a0a9491da | ||
|
|
2566ae9889 | ||
|
|
db5f63b208 | ||
|
|
7facc63699 | ||
|
|
74d6061082 | ||
|
|
a4adf06713 | ||
|
|
d929b1338b | ||
|
|
64343e00f4 | ||
|
|
8a48708014 | ||
|
|
2bac181094 | ||
|
|
a4e35a97ea | ||
|
|
a51d713925 | ||
|
|
48c71c9407 | ||
|
|
033b239b22 | ||
|
|
47a4cac8ee | ||
|
|
d5791e2d56 | ||
|
|
02e11b7ee9 | ||
|
|
ac05577966 | ||
|
|
e5702d0e15 | ||
|
|
7fc9ae6c49 | ||
|
|
5d89a5d164 | ||
|
|
156bc34cda | ||
|
|
ad7c3e7217 | ||
|
|
539fbbc126 | ||
|
|
39406436bf | ||
|
|
9ed7aa9fae | ||
|
|
74641ccfee | ||
|
|
7d5dd384c3 | ||
|
|
7c3cadc9b6 | ||
|
|
e8e8da1b31 | ||
|
|
5d3232c614 | ||
|
|
96e66c4a50 | ||
|
|
0435105d16 | ||
|
|
6aab970a9e | ||
|
|
bd50fd7f1e | ||
|
|
11e39aa030 | ||
|
|
940254d251 | ||
|
|
b4869158f2 | ||
|
|
2f1cfa816f | ||
|
|
f8994d04d6 | ||
|
|
01da877d0e | ||
|
|
dd1a9a22e3 | ||
|
|
f5c6b45014 | ||
|
|
56060e0610 | ||
|
|
e43e5810cf | ||
|
|
02dd933e5f | ||
|
|
5db2f9a768 | ||
|
|
c1302a90e0 | ||
|
|
6087bc6888 | ||
|
|
a7956ad422 | ||
|
|
82c9b8b494 | ||
|
|
c33690381e | ||
|
|
c1a2e2abe0 | ||
|
|
fd28397056 | ||
|
|
9cf48fc804 | ||
|
|
b1251f0c63 | ||
|
|
1788507571 | ||
|
|
a1fe8a5b2b | ||
|
|
882000afb3 | ||
|
|
3c9e743495 | ||
|
|
17d139c87d | ||
|
|
280c959dc8 | ||
|
|
d92430b0e7 | ||
|
|
9e4116618a | ||
|
|
c1515db09c | ||
|
|
03d0f66247 | ||
|
|
6ea1aad5fc | ||
|
|
ce2edd4b28 | ||
|
|
ca074e2275 | ||
|
|
cf36333082 | ||
|
|
45dd38df6e | ||
|
|
e838b83f5f | ||
|
|
995f365568 | ||
|
|
c767f241ad | ||
|
|
f6c4b5c44b | ||
|
|
990747cd22 | ||
|
|
53729f99c5 | ||
|
|
bbe17b3667 | ||
|
|
83b720d730 | ||
|
|
3478e7e910 | ||
|
|
0456870136 | ||
|
|
ecb2114b7b | ||
|
|
8b36191023 | ||
|
|
059c4d38ad | ||
|
|
8aa2602d9e | ||
|
|
6bef71ea2c | ||
|
|
7bdec98e6f | ||
|
|
c012c235c6 | ||
|
|
9c941dc7ab | ||
|
|
f0b90b391f | ||
|
|
85fab20086 |
5
.github/actions/fetch-codeql/action.yml
vendored
5
.github/actions/fetch-codeql/action.yml
vendored
@@ -13,6 +13,11 @@ runs:
|
|||||||
shell: bash
|
shell: bash
|
||||||
run: echo "GA_CODEQL_CLI_PLATFORM=osx64" >> $GITHUB_ENV
|
run: echo "GA_CODEQL_CLI_PLATFORM=osx64" >> $GITHUB_ENV
|
||||||
|
|
||||||
|
- name: Select platform - Windows
|
||||||
|
if: runner.os == 'Windows'
|
||||||
|
shell: bash
|
||||||
|
run: echo "GA_CODEQL_CLI_PLATFORM=win64" >> $GITHUB_ENV
|
||||||
|
|
||||||
- name: Fetch CodeQL
|
- name: Fetch CodeQL
|
||||||
shell: bash
|
shell: bash
|
||||||
run: |
|
run: |
|
||||||
|
|||||||
75
.github/workflows/ql-for-ql-build.yml
vendored
75
.github/workflows/ql-for-ql-build.yml
vendored
@@ -10,9 +10,10 @@ env:
|
|||||||
CARGO_TERM_COLOR: always
|
CARGO_TERM_COLOR: always
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
queries:
|
analyze:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest-xl
|
||||||
steps:
|
steps:
|
||||||
|
### Build the queries ###
|
||||||
- uses: actions/checkout@v3
|
- uses: actions/checkout@v3
|
||||||
- name: Find codeql
|
- name: Find codeql
|
||||||
id: find-codeql
|
id: find-codeql
|
||||||
@@ -48,11 +49,7 @@ jobs:
|
|||||||
name: query-pack-zip
|
name: query-pack-zip
|
||||||
path: ${{ runner.temp }}/query-pack.zip
|
path: ${{ runner.temp }}/query-pack.zip
|
||||||
|
|
||||||
extractors:
|
### Build the extractor ###
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
- name: Cache entire extractor
|
- name: Cache entire extractor
|
||||||
id: cache-extractor
|
id: cache-extractor
|
||||||
uses: actions/cache@v3
|
uses: actions/cache@v3
|
||||||
@@ -96,15 +93,8 @@ jobs:
|
|||||||
ql/target/release/ql-extractor
|
ql/target/release/ql-extractor
|
||||||
ql/target/release/ql-extractor.exe
|
ql/target/release/ql-extractor.exe
|
||||||
retention-days: 1
|
retention-days: 1
|
||||||
package:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
|
|
||||||
needs:
|
### Package the queries and extractor ###
|
||||||
- extractors
|
|
||||||
- queries
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
- uses: actions/download-artifact@v3
|
- uses: actions/download-artifact@v3
|
||||||
with:
|
with:
|
||||||
name: query-pack-zip
|
name: query-pack-zip
|
||||||
@@ -132,16 +122,8 @@ jobs:
|
|||||||
name: codeql-ql-pack
|
name: codeql-ql-pack
|
||||||
path: codeql-ql.zip
|
path: codeql-ql.zip
|
||||||
retention-days: 1
|
retention-days: 1
|
||||||
analyze:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
strategy:
|
|
||||||
matrix:
|
|
||||||
folder: [cpp, csharp, java, javascript, python, ql, ruby, swift, go]
|
|
||||||
|
|
||||||
needs:
|
### Run the analysis ###
|
||||||
- package
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- name: Download pack
|
- name: Download pack
|
||||||
uses: actions/download-artifact@v3
|
uses: actions/download-artifact@v3
|
||||||
with:
|
with:
|
||||||
@@ -161,14 +143,11 @@ jobs:
|
|||||||
env:
|
env:
|
||||||
PACK: ${{ runner.temp }}/pack
|
PACK: ${{ runner.temp }}/pack
|
||||||
|
|
||||||
- name: Checkout repository
|
|
||||||
uses: actions/checkout@v3
|
|
||||||
- name: Create CodeQL config file
|
- name: Create CodeQL config file
|
||||||
run: |
|
run: |
|
||||||
echo "paths:" > ${CONF}
|
|
||||||
echo " - ${FOLDER}" >> ${CONF}
|
|
||||||
echo "paths-ignore:" >> ${CONF}
|
echo "paths-ignore:" >> ${CONF}
|
||||||
echo " - ql/ql/test" >> ${CONF}
|
echo " - ql/ql/test" >> ${CONF}
|
||||||
|
echo " - \"*/ql/lib/upgrades/\"" >> ${CONF}
|
||||||
echo "disable-default-queries: true" >> ${CONF}
|
echo "disable-default-queries: true" >> ${CONF}
|
||||||
echo "packs:" >> ${CONF}
|
echo "packs:" >> ${CONF}
|
||||||
echo " - codeql/ql" >> ${CONF}
|
echo " - codeql/ql" >> ${CONF}
|
||||||
@@ -176,7 +155,6 @@ jobs:
|
|||||||
cat ${CONF}
|
cat ${CONF}
|
||||||
env:
|
env:
|
||||||
CONF: ./ql-for-ql-config.yml
|
CONF: ./ql-for-ql-config.yml
|
||||||
FOLDER: ${{ matrix.folder }}
|
|
||||||
- name: Initialize CodeQL
|
- name: Initialize CodeQL
|
||||||
uses: github/codeql-action/init@aa93aea877e5fb8841bcb1193f672abf6e9f2980
|
uses: github/codeql-action/init@aa93aea877e5fb8841bcb1193f672abf6e9f2980
|
||||||
with:
|
with:
|
||||||
@@ -187,39 +165,24 @@ jobs:
|
|||||||
- name: Perform CodeQL Analysis
|
- name: Perform CodeQL Analysis
|
||||||
uses: github/codeql-action/analyze@aa93aea877e5fb8841bcb1193f672abf6e9f2980
|
uses: github/codeql-action/analyze@aa93aea877e5fb8841bcb1193f672abf6e9f2980
|
||||||
with:
|
with:
|
||||||
category: "ql-for-ql-${{ matrix.folder }}"
|
category: "ql-for-ql"
|
||||||
- name: Copy sarif file to CWD
|
- name: Copy sarif file to CWD
|
||||||
run: cp ../results/ql.sarif ./${{ matrix.folder }}.sarif
|
run: cp ../results/ql.sarif ./ql-for-ql.sarif
|
||||||
- name: Fixup the $scema in sarif # Until https://github.com/microsoft/sarif-vscode-extension/pull/436/ is part in a stable release
|
- name: Fixup the $scema in sarif # Until https://github.com/microsoft/sarif-vscode-extension/pull/436/ is part in a stable release
|
||||||
run: |
|
run: |
|
||||||
sed -i 's/\$schema.*/\$schema": "https:\/\/raw.githubusercontent.com\/oasis-tcs\/sarif-spec\/master\/Schemata\/sarif-schema-2.1.0",/' ${{ matrix.folder }}.sarif
|
sed -i 's/\$schema.*/\$schema": "https:\/\/raw.githubusercontent.com\/oasis-tcs\/sarif-spec\/master\/Schemata\/sarif-schema-2.1.0",/' ql-for-ql.sarif
|
||||||
- name: Sarif as artifact
|
- name: Sarif as artifact
|
||||||
uses: actions/upload-artifact@v3
|
uses: actions/upload-artifact@v3
|
||||||
with:
|
with:
|
||||||
name: ${{ matrix.folder }}.sarif
|
name: ql-for-ql.sarif
|
||||||
path: ${{ matrix.folder }}.sarif
|
path: ql-for-ql.sarif
|
||||||
|
- name: Split out the sarif file into langs
|
||||||
combine:
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
needs:
|
|
||||||
- analyze
|
|
||||||
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v3
|
|
||||||
- name: Make a folder for artifacts.
|
|
||||||
run: mkdir -p results
|
|
||||||
- name: Download all sarif files
|
|
||||||
uses: actions/download-artifact@v3
|
|
||||||
with:
|
|
||||||
path: results
|
|
||||||
- uses: actions/setup-node@v3
|
|
||||||
with:
|
|
||||||
node-version: 16
|
|
||||||
- name: Combine all sarif files
|
|
||||||
run: |
|
run: |
|
||||||
node ./ql/scripts/merge-sarif.js results/**/*.sarif combined.sarif
|
mkdir split-sarif
|
||||||
- name: Upload combined sarif file
|
node ./ql/scripts/split-sarif.js ql-for-ql.sarif split-sarif
|
||||||
|
- name: Upload langs as artifacts
|
||||||
uses: actions/upload-artifact@v3
|
uses: actions/upload-artifact@v3
|
||||||
with:
|
with:
|
||||||
name: combined.sarif
|
name: ql-for-ql-langs
|
||||||
path: combined.sarif
|
path: split-sarif
|
||||||
|
retention-days: 1
|
||||||
@@ -0,0 +1,17 @@
|
|||||||
|
class Expr extends @expr {
|
||||||
|
string toString() { none() }
|
||||||
|
}
|
||||||
|
|
||||||
|
class Location extends @location_expr {
|
||||||
|
string toString() { none() }
|
||||||
|
}
|
||||||
|
|
||||||
|
predicate isExprWithNewBuiltin(Expr expr) {
|
||||||
|
exists(int kind | exprs(expr, kind, _) | 330 <= kind and kind <= 334)
|
||||||
|
}
|
||||||
|
|
||||||
|
from Expr expr, int kind, int kind_new, Location location
|
||||||
|
where
|
||||||
|
exprs(expr, kind, location) and
|
||||||
|
if isExprWithNewBuiltin(expr) then kind_new = 0 else kind_new = kind
|
||||||
|
select expr, kind_new, location
|
||||||
2125
cpp/downgrades/23f7cbb88a4eb29f30c3490363dc201bc054c5ff/old.dbscheme
Normal file
2125
cpp/downgrades/23f7cbb88a4eb29f30c3490363dc201bc054c5ff/old.dbscheme
Normal file
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1,3 @@
|
|||||||
|
description: Add new builtin operations
|
||||||
|
compatibility: partial
|
||||||
|
exprs.rel: run exprs.qlo
|
||||||
4
cpp/ql/lib/change-notes/2022-06-24-unique-variable.md
Normal file
4
cpp/ql/lib/change-notes/2022-06-24-unique-variable.md
Normal file
@@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
category: fix
|
||||||
|
---
|
||||||
|
* Under certain circumstances a variable declaration that is not also a definition could be associated with a `Variable` that did not have the definition as a `VariableDeclarationEntry`. This is now fixed, and a unique `Variable` will exist that has both the declaration and the definition as a `VariableDeclarationEntry`.
|
||||||
@@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
category: feature
|
||||||
|
---
|
||||||
|
* Added subclasses of `BuiltInOperations` for `__builtin_bit_cast`, `__builtin_shuffle`, `__has_unique_object_representations`, `__is_aggregate`, and `__is_assignable`.
|
||||||
@@ -1,5 +1,5 @@
|
|||||||
name: codeql/cpp-all
|
name: codeql/cpp-all
|
||||||
version: 0.3.1
|
version: 0.3.2-dev
|
||||||
groups: cpp
|
groups: cpp
|
||||||
dbscheme: semmlecode.cpp.dbscheme
|
dbscheme: semmlecode.cpp.dbscheme
|
||||||
extractor: cpp
|
extractor: cpp
|
||||||
|
|||||||
@@ -6,6 +6,7 @@
|
|||||||
import semmle.code.cpp.Location
|
import semmle.code.cpp.Location
|
||||||
private import semmle.code.cpp.Enclosing
|
private import semmle.code.cpp.Enclosing
|
||||||
private import semmle.code.cpp.internal.ResolveClass
|
private import semmle.code.cpp.internal.ResolveClass
|
||||||
|
private import semmle.code.cpp.internal.ResolveGlobalVariable
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get the `Element` that represents this `@element`.
|
* Get the `Element` that represents this `@element`.
|
||||||
@@ -28,9 +29,12 @@ Element mkElement(@element e) { unresolveElement(result) = e }
|
|||||||
pragma[inline]
|
pragma[inline]
|
||||||
@element unresolveElement(Element e) {
|
@element unresolveElement(Element e) {
|
||||||
not result instanceof @usertype and
|
not result instanceof @usertype and
|
||||||
|
not result instanceof @variable and
|
||||||
result = e
|
result = e
|
||||||
or
|
or
|
||||||
e = resolveClass(result)
|
e = resolveClass(result)
|
||||||
|
or
|
||||||
|
e = resolveGlobalVariable(result)
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@@ -6,6 +6,7 @@ import semmle.code.cpp.Element
|
|||||||
import semmle.code.cpp.exprs.Access
|
import semmle.code.cpp.exprs.Access
|
||||||
import semmle.code.cpp.Initializer
|
import semmle.code.cpp.Initializer
|
||||||
private import semmle.code.cpp.internal.ResolveClass
|
private import semmle.code.cpp.internal.ResolveClass
|
||||||
|
private import semmle.code.cpp.internal.ResolveGlobalVariable
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* A C/C++ variable. For example, in the following code there are four
|
* A C/C++ variable. For example, in the following code there are four
|
||||||
@@ -32,6 +33,8 @@ private import semmle.code.cpp.internal.ResolveClass
|
|||||||
* can have multiple declarations.
|
* can have multiple declarations.
|
||||||
*/
|
*/
|
||||||
class Variable extends Declaration, @variable {
|
class Variable extends Declaration, @variable {
|
||||||
|
Variable() { isVariable(underlyingElement(this)) }
|
||||||
|
|
||||||
override string getAPrimaryQlClass() { result = "Variable" }
|
override string getAPrimaryQlClass() { result = "Variable" }
|
||||||
|
|
||||||
/** Gets the initializer of this variable, if any. */
|
/** Gets the initializer of this variable, if any. */
|
||||||
|
|||||||
@@ -121,7 +121,7 @@ class BuiltInNoOp extends BuiltInOperation, @noopexpr {
|
|||||||
/**
|
/**
|
||||||
* A C/C++ `__builtin_offsetof` built-in operation (used by some implementations
|
* A C/C++ `__builtin_offsetof` built-in operation (used by some implementations
|
||||||
* of `offsetof`). The operation retains its semantics even in the presence
|
* of `offsetof`). The operation retains its semantics even in the presence
|
||||||
* of an overloaded `operator &`). This is a GNU/Clang extension.
|
* of an overloaded `operator &`). This is a gcc/clang extension.
|
||||||
* ```
|
* ```
|
||||||
* struct S {
|
* struct S {
|
||||||
* int a, b;
|
* int a, b;
|
||||||
@@ -173,7 +173,7 @@ class BuiltInOperationHasAssign extends BuiltInOperation, @hasassignexpr {
|
|||||||
*
|
*
|
||||||
* Returns `true` if the type has a copy constructor.
|
* Returns `true` if the type has a copy constructor.
|
||||||
* ```
|
* ```
|
||||||
* std::integral_constant< bool, __has_copy(_Tp)> hc;
|
* std::integral_constant<bool, __has_copy(_Tp)> hc;
|
||||||
* ```
|
* ```
|
||||||
*/
|
*/
|
||||||
class BuiltInOperationHasCopy extends BuiltInOperation, @hascopyexpr {
|
class BuiltInOperationHasCopy extends BuiltInOperation, @hascopyexpr {
|
||||||
@@ -189,7 +189,7 @@ class BuiltInOperationHasCopy extends BuiltInOperation, @hascopyexpr {
|
|||||||
* Returns `true` if a copy assignment operator has an empty exception
|
* Returns `true` if a copy assignment operator has an empty exception
|
||||||
* specification.
|
* specification.
|
||||||
* ```
|
* ```
|
||||||
* std::integral_constant< bool, __has_nothrow_assign(_Tp)> hnta;
|
* std::integral_constant<bool, __has_nothrow_assign(_Tp)> hnta;
|
||||||
* ```
|
* ```
|
||||||
*/
|
*/
|
||||||
class BuiltInOperationHasNoThrowAssign extends BuiltInOperation, @hasnothrowassign {
|
class BuiltInOperationHasNoThrowAssign extends BuiltInOperation, @hasnothrowassign {
|
||||||
@@ -220,7 +220,7 @@ class BuiltInOperationHasNoThrowConstructor extends BuiltInOperation, @hasnothro
|
|||||||
*
|
*
|
||||||
* Returns `true` if the copy constructor has an empty exception specification.
|
* Returns `true` if the copy constructor has an empty exception specification.
|
||||||
* ```
|
* ```
|
||||||
* std::integral_constant< bool, __has_nothrow_copy(MyType) >;
|
* std::integral_constant<bool, __has_nothrow_copy(MyType) >;
|
||||||
* ```
|
* ```
|
||||||
*/
|
*/
|
||||||
class BuiltInOperationHasNoThrowCopy extends BuiltInOperation, @hasnothrowcopy {
|
class BuiltInOperationHasNoThrowCopy extends BuiltInOperation, @hasnothrowcopy {
|
||||||
@@ -266,7 +266,7 @@ class BuiltInOperationHasTrivialConstructor extends BuiltInOperation, @hastrivia
|
|||||||
*
|
*
|
||||||
* Returns true if the type has a trivial copy constructor.
|
* Returns true if the type has a trivial copy constructor.
|
||||||
* ```
|
* ```
|
||||||
* std::integral_constant< bool, __has_trivial_copy(MyType) > htc;
|
* std::integral_constant<bool, __has_trivial_copy(MyType)> htc;
|
||||||
* ```
|
* ```
|
||||||
*/
|
*/
|
||||||
class BuiltInOperationHasTrivialCopy extends BuiltInOperation, @hastrivialcopy {
|
class BuiltInOperationHasTrivialCopy extends BuiltInOperation, @hastrivialcopy {
|
||||||
@@ -468,7 +468,7 @@ class BuiltInOperationIsUnion extends BuiltInOperation, @isunionexpr {
|
|||||||
* ```
|
* ```
|
||||||
* template<typename _Tp1, typename _Tp2>
|
* template<typename _Tp1, typename _Tp2>
|
||||||
* struct types_compatible
|
* struct types_compatible
|
||||||
* : public integral_constant<bool, __builtin_types_compatible_p(_Tp1, _Tp2) >
|
* : public integral_constant<bool, __builtin_types_compatible_p(_Tp1, _Tp2)>
|
||||||
* { };
|
* { };
|
||||||
* ```
|
* ```
|
||||||
*/
|
*/
|
||||||
@@ -479,8 +479,7 @@ class BuiltInOperationBuiltInTypesCompatibleP extends BuiltInOperation, @typesco
|
|||||||
/**
|
/**
|
||||||
* A clang `__builtin_shufflevector` expression.
|
* A clang `__builtin_shufflevector` expression.
|
||||||
*
|
*
|
||||||
* It outputs a permutation of elements from one or two input vectors.
|
* It outputs a permutation of elements from one or two input vectors. See
|
||||||
* Please see
|
|
||||||
* https://releases.llvm.org/3.7.0/tools/clang/docs/LanguageExtensions.html#langext-builtin-shufflevector
|
* https://releases.llvm.org/3.7.0/tools/clang/docs/LanguageExtensions.html#langext-builtin-shufflevector
|
||||||
* for more information.
|
* for more information.
|
||||||
* ```
|
* ```
|
||||||
@@ -494,11 +493,29 @@ class BuiltInOperationBuiltInShuffleVector extends BuiltInOperation, @builtinshu
|
|||||||
override string getAPrimaryQlClass() { result = "BuiltInOperationBuiltInShuffleVector" }
|
override string getAPrimaryQlClass() { result = "BuiltInOperationBuiltInShuffleVector" }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* A gcc `__builtin_shuffle` expression.
|
||||||
|
*
|
||||||
|
* It outputs a permutation of elements from one or two input vectors.
|
||||||
|
* See https://gcc.gnu.org/onlinedocs/gcc/Vector-Extensions.html
|
||||||
|
* for more information.
|
||||||
|
* ```
|
||||||
|
* // Concatenate every other element of 4-element vectors V1 and V2.
|
||||||
|
* M = {0, 2, 4, 6};
|
||||||
|
* V3 = __builtin_shuffle(V1, V2, M);
|
||||||
|
* ```
|
||||||
|
*/
|
||||||
|
class BuiltInOperationBuiltInShuffle extends BuiltInOperation, @builtinshuffle {
|
||||||
|
override string toString() { result = "__builtin_shuffle" }
|
||||||
|
|
||||||
|
override string getAPrimaryQlClass() { result = "BuiltInOperationBuiltInShuffle" }
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* A clang `__builtin_convertvector` expression.
|
* A clang `__builtin_convertvector` expression.
|
||||||
*
|
*
|
||||||
* Allows for conversion of vectors of equal element count and compatible
|
* Allows for conversion of vectors of equal element count and compatible
|
||||||
* element types. Please see
|
* element types. See
|
||||||
* https://releases.llvm.org/3.7.0/tools/clang/docs/LanguageExtensions.html#builtin-convertvector
|
* https://releases.llvm.org/3.7.0/tools/clang/docs/LanguageExtensions.html#builtin-convertvector
|
||||||
* for more information.
|
* for more information.
|
||||||
* ```
|
* ```
|
||||||
@@ -547,7 +564,7 @@ class BuiltInOperationBuiltInAddressOf extends UnaryOperation, BuiltInOperation,
|
|||||||
* ```
|
* ```
|
||||||
* template<typename T, typename... Args>
|
* template<typename T, typename... Args>
|
||||||
* struct is_trivially_constructible
|
* struct is_trivially_constructible
|
||||||
* : public integral_constant<bool, __is_trivially_constructible(T, Args...) >
|
* : public integral_constant<bool, __is_trivially_constructible(T, Args...)>
|
||||||
* { };
|
* { };
|
||||||
* ```
|
* ```
|
||||||
*/
|
*/
|
||||||
@@ -612,13 +629,10 @@ class BuiltInOperationIsTriviallyDestructible extends BuiltInOperation, @istrivi
|
|||||||
* The `__is_trivially_assignable` built-in operation (used by some
|
* The `__is_trivially_assignable` built-in operation (used by some
|
||||||
* implementations of the `<type_traits>` header).
|
* implementations of the `<type_traits>` header).
|
||||||
*
|
*
|
||||||
* Returns `true` if the assignment operator `C::operator =(const C& c)` is
|
* Returns `true` if the assignment operator `C::operator =(const D& d)` is
|
||||||
* trivial.
|
* trivial (i.e., it will not call any operation that is non-trivial).
|
||||||
* ```
|
* ```
|
||||||
* template<typename T>
|
* bool v = __is_trivially_assignable(MyType1, MyType2);
|
||||||
* struct is_trivially_assignable
|
|
||||||
* : public integral_constant<bool, __is_trivially_assignable(T) >
|
|
||||||
* { };
|
|
||||||
* ```
|
* ```
|
||||||
*/
|
*/
|
||||||
class BuiltInOperationIsTriviallyAssignable extends BuiltInOperation, @istriviallyassignableexpr {
|
class BuiltInOperationIsTriviallyAssignable extends BuiltInOperation, @istriviallyassignableexpr {
|
||||||
@@ -631,10 +645,10 @@ class BuiltInOperationIsTriviallyAssignable extends BuiltInOperation, @istrivial
|
|||||||
* The `__is_nothrow_assignable` built-in operation (used by some
|
* The `__is_nothrow_assignable` built-in operation (used by some
|
||||||
* implementations of the `<type_traits>` header).
|
* implementations of the `<type_traits>` header).
|
||||||
*
|
*
|
||||||
* Returns true if there exists a `C::operator =(const C& c) nothrow`
|
* Returns true if there exists a `C::operator =(const D& d) nothrow`
|
||||||
* assignment operator (i.e, with an empty exception specification).
|
* assignment operator (i.e, with an empty exception specification).
|
||||||
* ```
|
* ```
|
||||||
* bool v = __is_nothrow_assignable(MyType);
|
* bool v = __is_nothrow_assignable(MyType1, MyType2);
|
||||||
* ```
|
* ```
|
||||||
*/
|
*/
|
||||||
class BuiltInOperationIsNothrowAssignable extends BuiltInOperation, @isnothrowassignableexpr {
|
class BuiltInOperationIsNothrowAssignable extends BuiltInOperation, @isnothrowassignableexpr {
|
||||||
@@ -643,15 +657,30 @@ class BuiltInOperationIsNothrowAssignable extends BuiltInOperation, @isnothrowas
|
|||||||
override string getAPrimaryQlClass() { result = "BuiltInOperationIsNothrowAssignable" }
|
override string getAPrimaryQlClass() { result = "BuiltInOperationIsNothrowAssignable" }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The `__is_assignable` built-in operation (used by some implementations
|
||||||
|
* of the `<type_traits>` header).
|
||||||
|
*
|
||||||
|
* Returns true if there exists a `C::operator =(const D& d)` assignment
|
||||||
|
* operator.
|
||||||
|
* ```
|
||||||
|
* bool v = __is_assignable(MyType1, MyType2);
|
||||||
|
* ```
|
||||||
|
*/
|
||||||
|
class BuiltInOperationIsAssignable extends BuiltInOperation, @isassignable {
|
||||||
|
override string toString() { result = "__is_assignable" }
|
||||||
|
|
||||||
|
override string getAPrimaryQlClass() { result = "BuiltInOperationIsAssignable" }
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The `__is_standard_layout` built-in operation (used by some implementations
|
* The `__is_standard_layout` built-in operation (used by some implementations
|
||||||
* of the `<type_traits>` header).
|
* of the `<type_traits>` header).
|
||||||
*
|
*
|
||||||
* Returns `true` if the type is a primitive type, or a `class`, `struct` or
|
* Returns `true` if the type is a primitive type, or a `class`, `struct` or
|
||||||
* `union` WITHOUT (1) virtual functions or base classes, (2) reference member
|
* `union` without (1) virtual functions or base classes, (2) reference member
|
||||||
* variable or (3) multiple occurrences of base `class` objects, among other
|
* variable, or (3) multiple occurrences of base `class` objects, among other
|
||||||
* restrictions. Please see
|
* restrictions. See https://en.cppreference.com/w/cpp/named_req/StandardLayoutType
|
||||||
* https://en.cppreference.com/w/cpp/named_req/StandardLayoutType
|
|
||||||
* for more information.
|
* for more information.
|
||||||
* ```
|
* ```
|
||||||
* bool v = __is_standard_layout(MyType);
|
* bool v = __is_standard_layout(MyType);
|
||||||
@@ -682,13 +711,13 @@ class BuiltInOperationIsTriviallyCopyable extends BuiltInOperation, @istrivially
|
|||||||
* the `<type_traits>` header).
|
* the `<type_traits>` header).
|
||||||
*
|
*
|
||||||
* Returns `true` if the type is a scalar type, a reference type or an array of
|
* Returns `true` if the type is a scalar type, a reference type or an array of
|
||||||
* literal types, among others. Please see
|
* literal types, among others. See
|
||||||
* https://en.cppreference.com/w/cpp/named_req/LiteralType
|
* https://en.cppreference.com/w/cpp/named_req/LiteralType
|
||||||
* for more information.
|
* for more information.
|
||||||
*
|
*
|
||||||
* ```
|
* ```
|
||||||
* template <typename _Tp>
|
* template <typename _Tp>
|
||||||
* std::integral_constant< bool, __is_literal_type(_Tp)> ilt;
|
* std::integral_constant<bool, __is_literal_type(_Tp)> ilt;
|
||||||
* ```
|
* ```
|
||||||
*/
|
*/
|
||||||
class BuiltInOperationIsLiteralType extends BuiltInOperation, @isliteraltypeexpr {
|
class BuiltInOperationIsLiteralType extends BuiltInOperation, @isliteraltypeexpr {
|
||||||
@@ -705,7 +734,7 @@ class BuiltInOperationIsLiteralType extends BuiltInOperation, @isliteraltypeexpr
|
|||||||
* compiler, with semantics of the `memcpy` operation.
|
* compiler, with semantics of the `memcpy` operation.
|
||||||
* ```
|
* ```
|
||||||
* template <typename _Tp>
|
* template <typename _Tp>
|
||||||
* std::integral_constant< bool, __has_trivial_move_constructor(_Tp)> htmc;
|
* std::integral_constant<bool, __has_trivial_move_constructor(_Tp)> htmc;
|
||||||
* ```
|
* ```
|
||||||
*/
|
*/
|
||||||
class BuiltInOperationHasTrivialMoveConstructor extends BuiltInOperation,
|
class BuiltInOperationHasTrivialMoveConstructor extends BuiltInOperation,
|
||||||
@@ -723,7 +752,7 @@ class BuiltInOperationHasTrivialMoveConstructor extends BuiltInOperation,
|
|||||||
* ```
|
* ```
|
||||||
* template<typename T>
|
* template<typename T>
|
||||||
* struct has_trivial_move_assign
|
* struct has_trivial_move_assign
|
||||||
* : public integral_constant<bool, __has_trivial_move_assign(T) >
|
* : public integral_constant<bool, __has_trivial_move_assign(T)>
|
||||||
* { };
|
* { };
|
||||||
* ```
|
* ```
|
||||||
*/
|
*/
|
||||||
@@ -758,7 +787,7 @@ class BuiltInOperationHasNothrowMoveAssign extends BuiltInOperation, @hasnothrow
|
|||||||
* ```
|
* ```
|
||||||
* template<typename T, typename... Args>
|
* template<typename T, typename... Args>
|
||||||
* struct is_constructible
|
* struct is_constructible
|
||||||
* : public integral_constant<bool, __is_constructible(T, Args...) >
|
* : public integral_constant<bool, __is_constructible(T, Args...)>
|
||||||
* { };
|
* { };
|
||||||
* ```
|
* ```
|
||||||
*/
|
*/
|
||||||
@@ -803,7 +832,7 @@ class BuiltInOperationHasFinalizer extends BuiltInOperation, @hasfinalizerexpr {
|
|||||||
* The `__is_delegate` built-in operation. This is a Microsoft extension.
|
* The `__is_delegate` built-in operation. This is a Microsoft extension.
|
||||||
*
|
*
|
||||||
* Returns `true` if the function has been declared as a `delegate`, used in
|
* Returns `true` if the function has been declared as a `delegate`, used in
|
||||||
* message forwarding. Please see
|
* message forwarding. See
|
||||||
* https://docs.microsoft.com/en-us/cpp/extensions/delegate-cpp-component-extensions
|
* https://docs.microsoft.com/en-us/cpp/extensions/delegate-cpp-component-extensions
|
||||||
* for more information.
|
* for more information.
|
||||||
*/
|
*/
|
||||||
@@ -816,7 +845,7 @@ class BuiltInOperationIsDelegate extends BuiltInOperation, @isdelegateexpr {
|
|||||||
/**
|
/**
|
||||||
* The `__is_interface_class` built-in operation. This is a Microsoft extension.
|
* The `__is_interface_class` built-in operation. This is a Microsoft extension.
|
||||||
*
|
*
|
||||||
* Returns `true` if the type has been declared as an `interface`. Please see
|
* Returns `true` if the type has been declared as an `interface`. See
|
||||||
* https://docs.microsoft.com/en-us/cpp/extensions/interface-class-cpp-component-extensions
|
* https://docs.microsoft.com/en-us/cpp/extensions/interface-class-cpp-component-extensions
|
||||||
* for more information.
|
* for more information.
|
||||||
*/
|
*/
|
||||||
@@ -829,7 +858,7 @@ class BuiltInOperationIsInterfaceClass extends BuiltInOperation, @isinterfacecla
|
|||||||
/**
|
/**
|
||||||
* The `__is_ref_array` built-in operation. This is a Microsoft extension.
|
* The `__is_ref_array` built-in operation. This is a Microsoft extension.
|
||||||
*
|
*
|
||||||
* Returns `true` if the object passed in is a _platform array_. Please see
|
* Returns `true` if the object passed in is a _platform array_. See
|
||||||
* https://docs.microsoft.com/en-us/cpp/extensions/arrays-cpp-component-extensions
|
* https://docs.microsoft.com/en-us/cpp/extensions/arrays-cpp-component-extensions
|
||||||
* for more information.
|
* for more information.
|
||||||
* ```
|
* ```
|
||||||
@@ -846,7 +875,7 @@ class BuiltInOperationIsRefArray extends BuiltInOperation, @isrefarrayexpr {
|
|||||||
/**
|
/**
|
||||||
* The `__is_ref_class` built-in operation. This is a Microsoft extension.
|
* The `__is_ref_class` built-in operation. This is a Microsoft extension.
|
||||||
*
|
*
|
||||||
* Returns `true` if the type is a _reference class_. Please see
|
* Returns `true` if the type is a _reference class_. See
|
||||||
* https://docs.microsoft.com/en-us/cpp/extensions/classes-and-structs-cpp-component-extensions
|
* https://docs.microsoft.com/en-us/cpp/extensions/classes-and-structs-cpp-component-extensions
|
||||||
* for more information.
|
* for more information.
|
||||||
* ```
|
* ```
|
||||||
@@ -900,7 +929,7 @@ class BuiltInOperationIsSimpleValueClass extends BuiltInOperation, @issimplevalu
|
|||||||
/**
|
/**
|
||||||
* The `__is_value_class` built-in operation. This is a Microsoft extension.
|
* The `__is_value_class` built-in operation. This is a Microsoft extension.
|
||||||
*
|
*
|
||||||
* Returns `true` if passed a value type. Please see
|
* Returns `true` if passed a value type. See
|
||||||
* https://docs.microsoft.com/en-us/cpp/extensions/classes-and-structs-cpp-component-extensions
|
* https://docs.microsoft.com/en-us/cpp/extensions/classes-and-structs-cpp-component-extensions
|
||||||
* For more information.
|
* For more information.
|
||||||
* ```
|
* ```
|
||||||
@@ -922,7 +951,7 @@ class BuiltInOperationIsValueClass extends BuiltInOperation, @isvalueclassexpr {
|
|||||||
* ```
|
* ```
|
||||||
* template<typename T>
|
* template<typename T>
|
||||||
* struct is_final
|
* struct is_final
|
||||||
* : public integral_constant<bool, __is_final(T) >
|
* : public integral_constant<bool, __is_final(T)>
|
||||||
* { };
|
* { };
|
||||||
* ```
|
* ```
|
||||||
*/
|
*/
|
||||||
@@ -933,7 +962,7 @@ class BuiltInOperationIsFinal extends BuiltInOperation, @isfinalexpr {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The `__builtin_choose_expr` expression. This is a GNU/Clang extension.
|
* The `__builtin_choose_expr` expression. This is a gcc/clang extension.
|
||||||
*
|
*
|
||||||
* The expression functions similarly to the ternary `?:` operator, except
|
* The expression functions similarly to the ternary `?:` operator, except
|
||||||
* that it is evaluated at compile-time.
|
* that it is evaluated at compile-time.
|
||||||
@@ -978,3 +1007,50 @@ class BuiltInComplexOperation extends BuiltInOperation, @builtincomplex {
|
|||||||
/** Gets the operand corresponding to the imaginary part of the complex number. */
|
/** Gets the operand corresponding to the imaginary part of the complex number. */
|
||||||
Expr getImaginaryOperand() { this.hasChild(result, 1) }
|
Expr getImaginaryOperand() { this.hasChild(result, 1) }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* A C++ `__is_aggregate` built-in operation (used by some implementations of the
|
||||||
|
* `<type_traits>` header).
|
||||||
|
*
|
||||||
|
* Returns `true` if the type has is an aggregate type.
|
||||||
|
* ```
|
||||||
|
* std::integral_constant<bool, __is_aggregate(_Tp)> ia;
|
||||||
|
* ```
|
||||||
|
*/
|
||||||
|
class BuiltInOperationIsAggregate extends BuiltInOperation, @isaggregate {
|
||||||
|
override string toString() { result = "__is_aggregate" }
|
||||||
|
|
||||||
|
override string getAPrimaryQlClass() { result = "BuiltInOperationIsAggregate" }
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* A C++ `__has_unique_object_representations` built-in operation (used by some
|
||||||
|
* implementations of the `<type_traits>` header).
|
||||||
|
*
|
||||||
|
* Returns `true` if the type is trivially copyable and if the object representation
|
||||||
|
* is unique for two objects with the same value.
|
||||||
|
* ```
|
||||||
|
* bool v = __has_unique_object_representations(MyType);
|
||||||
|
* ```
|
||||||
|
*/
|
||||||
|
class BuiltInOperationHasUniqueObjectRepresentations extends BuiltInOperation,
|
||||||
|
@hasuniqueobjectrepresentations {
|
||||||
|
override string toString() { result = "__has_unique_object_representations" }
|
||||||
|
|
||||||
|
override string getAPrimaryQlClass() { result = "BuiltInOperationHasUniqueObjectRepresentations" }
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* A C/C++ `__builtin_bit_cast` built-in operation (used by some implementations
|
||||||
|
* of `std::bit_cast`).
|
||||||
|
*
|
||||||
|
* Performs a bit cast from a value to a type.
|
||||||
|
* ```
|
||||||
|
* __builtin_bit_cast(Type, value);
|
||||||
|
* ```
|
||||||
|
*/
|
||||||
|
class BuiltInBitCast extends BuiltInOperation, @builtinbitcast {
|
||||||
|
override string toString() { result = "__builtin_bit_cast" }
|
||||||
|
|
||||||
|
override string getAPrimaryQlClass() { result = "BuiltInBitCast" }
|
||||||
|
}
|
||||||
|
|||||||
@@ -596,9 +596,12 @@ class ParenthesisExpr extends Conversion, @parexpr {
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* A C/C++ expression that has not been resolved.
|
* A C/C++ expression that could not be resolved, or that can no longer be
|
||||||
|
* represented due to a database upgrade or downgrade.
|
||||||
*
|
*
|
||||||
* It is assigned `ErroneousType` as its type.
|
* If the expression could not be resolved, it has type `ErroneousType`. In the
|
||||||
|
* case of a database upgrade or downgrade, the original type from before the
|
||||||
|
* upgrade or downgrade is kept if that type can be represented.
|
||||||
*/
|
*/
|
||||||
class ErrorExpr extends Expr, @errorexpr {
|
class ErrorExpr extends Expr, @errorexpr {
|
||||||
override string toString() { result = "<error expr>" }
|
override string toString() { result = "<error expr>" }
|
||||||
|
|||||||
@@ -0,0 +1,57 @@
|
|||||||
|
private predicate hasDefinition(@globalvariable g) {
|
||||||
|
exists(@var_decl vd | var_decls(vd, g, _, _, _) | var_def(vd))
|
||||||
|
}
|
||||||
|
|
||||||
|
private predicate onlyOneCompleteGlobalVariableExistsWithMangledName(@mangledname name) {
|
||||||
|
strictcount(@globalvariable g | hasDefinition(g) and mangled_name(g, name)) = 1
|
||||||
|
}
|
||||||
|
|
||||||
|
/** Holds if `g` is a unique global variable with a definition named `name`. */
|
||||||
|
private predicate isGlobalWithMangledNameAndWithDefinition(@mangledname name, @globalvariable g) {
|
||||||
|
hasDefinition(g) and
|
||||||
|
mangled_name(g, name) and
|
||||||
|
onlyOneCompleteGlobalVariableExistsWithMangledName(name)
|
||||||
|
}
|
||||||
|
|
||||||
|
/** Holds if `g` is a global variable without a definition named `name`. */
|
||||||
|
private predicate isGlobalWithMangledNameAndWithoutDefinition(@mangledname name, @globalvariable g) {
|
||||||
|
not hasDefinition(g) and
|
||||||
|
mangled_name(g, name)
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Holds if `incomplete` is a global variable without a definition, and there exists
|
||||||
|
* a unique global variable `complete` with the same name that does have a definition.
|
||||||
|
*/
|
||||||
|
private predicate hasTwinWithDefinition(@globalvariable incomplete, @globalvariable complete) {
|
||||||
|
exists(@mangledname name |
|
||||||
|
not variable_instantiation(incomplete, complete) and
|
||||||
|
isGlobalWithMangledNameAndWithoutDefinition(name, incomplete) and
|
||||||
|
isGlobalWithMangledNameAndWithDefinition(name, complete)
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
import Cached
|
||||||
|
|
||||||
|
cached
|
||||||
|
private module Cached {
|
||||||
|
/**
|
||||||
|
* If `v` is a global variable without a definition, and there exists a unique
|
||||||
|
* global variable with the same name that does have a definition, then the
|
||||||
|
* result is that unique global variable. Otherwise, the result is `v`.
|
||||||
|
*/
|
||||||
|
cached
|
||||||
|
@variable resolveGlobalVariable(@variable v) {
|
||||||
|
hasTwinWithDefinition(v, result)
|
||||||
|
or
|
||||||
|
not hasTwinWithDefinition(v, _) and
|
||||||
|
result = v
|
||||||
|
}
|
||||||
|
|
||||||
|
cached
|
||||||
|
predicate isVariable(@variable v) {
|
||||||
|
not v instanceof @globalvariable
|
||||||
|
or
|
||||||
|
v = resolveGlobalVariable(_)
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -1650,6 +1650,11 @@ case @expr.kind of
|
|||||||
| 327 = @co_await
|
| 327 = @co_await
|
||||||
| 328 = @co_yield
|
| 328 = @co_yield
|
||||||
| 329 = @temp_init
|
| 329 = @temp_init
|
||||||
|
| 330 = @isassignable
|
||||||
|
| 331 = @isaggregate
|
||||||
|
| 332 = @hasuniqueobjectrepresentations
|
||||||
|
| 333 = @builtinbitcast
|
||||||
|
| 334 = @builtinshuffle
|
||||||
;
|
;
|
||||||
|
|
||||||
@var_args_expr = @vastartexpr
|
@var_args_expr = @vastartexpr
|
||||||
@@ -1711,6 +1716,11 @@ case @expr.kind of
|
|||||||
| @isfinalexpr
|
| @isfinalexpr
|
||||||
| @builtinchooseexpr
|
| @builtinchooseexpr
|
||||||
| @builtincomplex
|
| @builtincomplex
|
||||||
|
| @isassignable
|
||||||
|
| @isaggregate
|
||||||
|
| @hasuniqueobjectrepresentations
|
||||||
|
| @builtinbitcast
|
||||||
|
| @builtinshuffle
|
||||||
;
|
;
|
||||||
|
|
||||||
new_allocated_type(
|
new_allocated_type(
|
||||||
|
|||||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1,2 @@
|
|||||||
|
description: Add new builtin operations
|
||||||
|
compatibility: backwards
|
||||||
@@ -74,13 +74,12 @@ class ReturnStackAllocatedMemoryConfig extends MustFlowConfiguration {
|
|||||||
|
|
||||||
from
|
from
|
||||||
MustFlowPathNode source, MustFlowPathNode sink, VariableAddressInstruction var,
|
MustFlowPathNode source, MustFlowPathNode sink, VariableAddressInstruction var,
|
||||||
ReturnStackAllocatedMemoryConfig conf, Function f
|
ReturnStackAllocatedMemoryConfig conf
|
||||||
where
|
where
|
||||||
conf.hasFlowPath(source, sink) and
|
conf.hasFlowPath(pragma[only_bind_into](source), pragma[only_bind_into](sink)) and
|
||||||
source.getNode().asInstruction() = var and
|
source.getNode().asInstruction() = var and
|
||||||
// Only raise an alert if we're returning from the _same_ callable as the on that
|
// Only raise an alert if we're returning from the _same_ callable as the on that
|
||||||
// declared the stack variable.
|
// declared the stack variable.
|
||||||
var.getEnclosingFunction() = pragma[only_bind_into](f) and
|
var.getEnclosingFunction() = sink.getNode().getEnclosingCallable()
|
||||||
sink.getNode().getEnclosingCallable() = pragma[only_bind_into](f)
|
|
||||||
select sink.getNode(), source, sink, "May return stack-allocated memory from $@.", var.getAst(),
|
select sink.getNode(), source, sink, "May return stack-allocated memory from $@.", var.getAst(),
|
||||||
var.getAst().toString()
|
var.getAst().toString()
|
||||||
|
|||||||
@@ -77,7 +77,7 @@ class ExecState extends DataFlow::FlowState {
|
|||||||
ExecState() {
|
ExecState() {
|
||||||
this =
|
this =
|
||||||
"ExecState (" + fst.getLocation() + " | " + fst + ", " + snd.getLocation() + " | " + snd + ")" and
|
"ExecState (" + fst.getLocation() + " | " + fst + ", " + snd.getLocation() + " | " + snd + ")" and
|
||||||
interestingConcatenation(fst, snd)
|
interestingConcatenation(pragma[only_bind_into](fst), pragma[only_bind_into](snd))
|
||||||
}
|
}
|
||||||
|
|
||||||
DataFlow::Node getFstNode() { result = fst }
|
DataFlow::Node getFstNode() { result = fst }
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
name: codeql/cpp-queries
|
name: codeql/cpp-queries
|
||||||
version: 0.3.0
|
version: 0.3.1-dev
|
||||||
groups:
|
groups:
|
||||||
- cpp
|
- cpp
|
||||||
- queries
|
- queries
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
|
// semmle-extractor-options: --clang
|
||||||
struct mystruct {
|
struct mystruct {
|
||||||
int f1;
|
int f1;
|
||||||
int f2;
|
int f2;
|
||||||
@@ -13,3 +13,6 @@ void f(void) {
|
|||||||
int i2 = edg_offsetof(struct mystruct,f2);
|
int i2 = edg_offsetof(struct mystruct,f2);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void g(void) {
|
||||||
|
double f = __builtin_bit_cast(double,42l);
|
||||||
|
}
|
||||||
|
|||||||
@@ -13,3 +13,6 @@
|
|||||||
| edg.c:13:14:13:45 | (size_t)... | 0 | 0 |
|
| edg.c:13:14:13:45 | (size_t)... | 0 | 0 |
|
||||||
| edg.c:13:14:13:45 | __INTADDR__ | 1 | 1 |
|
| edg.c:13:14:13:45 | __INTADDR__ | 1 | 1 |
|
||||||
| edg.c:13:43:13:44 | f2 | 0 | 0 |
|
| edg.c:13:43:13:44 | f2 | 0 | 0 |
|
||||||
|
| edg.c:17:16:17:45 | __builtin_bit_cast | 1 | 1 |
|
||||||
|
| edg.c:17:16:17:45 | double | 0 | 0 |
|
||||||
|
| edg.c:17:42:17:44 | 42 | 1 | 1 |
|
||||||
|
|||||||
@@ -296,3 +296,20 @@
|
|||||||
| ms.cpp:255:24:255:43 | a_struct | | <none> |
|
| ms.cpp:255:24:255:43 | a_struct | | <none> |
|
||||||
| ms.cpp:256:24:256:49 | __is_final | a_final_struct | 1 |
|
| ms.cpp:256:24:256:49 | __is_final | a_final_struct | 1 |
|
||||||
| ms.cpp:256:24:256:49 | a_final_struct | | <none> |
|
| ms.cpp:256:24:256:49 | a_final_struct | | <none> |
|
||||||
|
| ms.cpp:258:29:258:62 | __is_assignable | a_struct,a_struct | 1 |
|
||||||
|
| ms.cpp:258:29:258:62 | a_struct | | <none> |
|
||||||
|
| ms.cpp:258:29:258:62 | a_struct | | <none> |
|
||||||
|
| ms.cpp:259:29:259:59 | __is_assignable | a_struct,empty | 0 |
|
||||||
|
| ms.cpp:259:29:259:59 | a_struct | | <none> |
|
||||||
|
| ms.cpp:259:29:259:59 | empty | | <none> |
|
||||||
|
| ms.cpp:260:29:260:57 | __is_assignable | a_struct,int | 0 |
|
||||||
|
| ms.cpp:260:29:260:57 | a_struct | | <none> |
|
||||||
|
| ms.cpp:260:29:260:57 | int | | <none> |
|
||||||
|
| ms.cpp:262:28:262:51 | __is_aggregate | a_struct | 1 |
|
||||||
|
| ms.cpp:262:28:262:51 | a_struct | | <none> |
|
||||||
|
| ms.cpp:263:28:263:46 | __is_aggregate | int | 0 |
|
||||||
|
| ms.cpp:263:28:263:46 | int | | <none> |
|
||||||
|
| ms.cpp:265:49:265:88 | __has_unique_object_representations | int | 1 |
|
||||||
|
| ms.cpp:265:49:265:88 | int | | <none> |
|
||||||
|
| ms.cpp:266:49:266:90 | __has_unique_object_representations | float | 0 |
|
||||||
|
| ms.cpp:266:49:266:90 | float | | <none> |
|
||||||
|
|||||||
@@ -254,5 +254,14 @@ void f(void) {
|
|||||||
|
|
||||||
bool b_is_final1 = __is_final(a_struct);
|
bool b_is_final1 = __is_final(a_struct);
|
||||||
bool b_is_final2 = __is_final(a_final_struct);
|
bool b_is_final2 = __is_final(a_final_struct);
|
||||||
}
|
|
||||||
|
|
||||||
|
bool b_is_assignable1 = __is_assignable(a_struct,a_struct);
|
||||||
|
bool b_is_assignable2 = __is_assignable(a_struct,empty);
|
||||||
|
bool b_is_assignable3 = __is_assignable(a_struct,int);
|
||||||
|
|
||||||
|
bool b_is_aggregate1 = __is_aggregate(a_struct);
|
||||||
|
bool b_is_aggregate2 = __is_aggregate(int);
|
||||||
|
|
||||||
|
bool b_has_unique_object_representations1 = __has_unique_object_representations(int);
|
||||||
|
bool b_has_unique_object_representations2 = __has_unique_object_representations(float);
|
||||||
|
}
|
||||||
|
|||||||
@@ -4,11 +4,7 @@
|
|||||||
| c.c:6:5:6:6 | ls | array of 4 {int} | 1 |
|
| c.c:6:5:6:6 | ls | array of 4 {int} | 1 |
|
||||||
| c.c:8:5:8:7 | iss | array of 4 {array of 2 {int}} | 1 |
|
| c.c:8:5:8:7 | iss | array of 4 {array of 2 {int}} | 1 |
|
||||||
| c.c:12:11:12:11 | i | typedef {int} as "int_alias" | 1 |
|
| c.c:12:11:12:11 | i | typedef {int} as "int_alias" | 1 |
|
||||||
| c.h:4:12:4:13 | ks | array of {int} | 1 |
|
|
||||||
| c.h:8:12:8:14 | iss | array of {array of 2 {int}} | 1 |
|
|
||||||
| c.h:10:12:10:12 | i | int | 1 |
|
|
||||||
| d.cpp:3:7:3:8 | xs | array of {int} | 1 |
|
| d.cpp:3:7:3:8 | xs | array of {int} | 1 |
|
||||||
| d.h:3:14:3:15 | xs | array of 2 {int} | 1 |
|
|
||||||
| file://:0:0:0:0 | (unnamed parameter 0) | reference to {const {struct __va_list_tag}} | 1 |
|
| file://:0:0:0:0 | (unnamed parameter 0) | reference to {const {struct __va_list_tag}} | 1 |
|
||||||
| file://:0:0:0:0 | (unnamed parameter 0) | rvalue reference to {struct __va_list_tag} | 1 |
|
| file://:0:0:0:0 | (unnamed parameter 0) | rvalue reference to {struct __va_list_tag} | 1 |
|
||||||
| file://:0:0:0:0 | fp_offset | unsigned int | 1 |
|
| file://:0:0:0:0 | fp_offset | unsigned int | 1 |
|
||||||
|
|||||||
@@ -1,2 +1,4 @@
|
|||||||
|
| vector_types2.cpp:10:15:10:42 | __builtin_shuffle |
|
||||||
|
| vector_types2.cpp:11:15:11:45 | __builtin_shuffle |
|
||||||
| vector_types.cpp:31:13:31:49 | __builtin_shufflevector |
|
| vector_types.cpp:31:13:31:49 | __builtin_shufflevector |
|
||||||
| vector_types.cpp:58:10:58:52 | __builtin_convertvector |
|
| vector_types.cpp:58:10:58:52 | __builtin_convertvector |
|
||||||
|
|||||||
@@ -13,6 +13,12 @@
|
|||||||
| file://:0:0:0:0 | gp_offset | gp_offset | file://:0:0:0:0 | unsigned int | 4 |
|
| file://:0:0:0:0 | gp_offset | gp_offset | file://:0:0:0:0 | unsigned int | 4 |
|
||||||
| file://:0:0:0:0 | overflow_arg_area | overflow_arg_area | file://:0:0:0:0 | void * | 8 |
|
| file://:0:0:0:0 | overflow_arg_area | overflow_arg_area | file://:0:0:0:0 | void * | 8 |
|
||||||
| file://:0:0:0:0 | reg_save_area | reg_save_area | file://:0:0:0:0 | void * | 8 |
|
| file://:0:0:0:0 | reg_save_area | reg_save_area | file://:0:0:0:0 | void * | 8 |
|
||||||
|
| vector_types2.cpp:5:7:5:7 | a | a | vector_types2.cpp:2:13:2:15 | v4i | 16 |
|
||||||
|
| vector_types2.cpp:6:7:6:7 | b | b | vector_types2.cpp:2:13:2:15 | v4i | 16 |
|
||||||
|
| vector_types2.cpp:7:7:7:12 | mask_1 | mask_1 | vector_types2.cpp:2:13:2:15 | v4i | 16 |
|
||||||
|
| vector_types2.cpp:8:7:8:12 | mask_2 | mask_2 | vector_types2.cpp:2:13:2:15 | v4i | 16 |
|
||||||
|
| vector_types2.cpp:10:7:10:11 | res_1 | res_1 | vector_types2.cpp:2:13:2:15 | v4i | 16 |
|
||||||
|
| vector_types2.cpp:11:7:11:11 | res_2 | res_2 | vector_types2.cpp:2:13:2:15 | v4i | 16 |
|
||||||
| vector_types.cpp:9:21:9:21 | x | x | vector_types.cpp:6:15:6:17 | v4f | 16 |
|
| vector_types.cpp:9:21:9:21 | x | x | vector_types.cpp:6:15:6:17 | v4f | 16 |
|
||||||
| vector_types.cpp:14:18:14:20 | lhs | lhs | vector_types.cpp:6:15:6:17 | v4f | 16 |
|
| vector_types.cpp:14:18:14:20 | lhs | lhs | vector_types.cpp:6:15:6:17 | v4f | 16 |
|
||||||
| vector_types.cpp:14:27:14:29 | rhs | rhs | vector_types.cpp:6:15:6:17 | v4f | 16 |
|
| vector_types.cpp:14:27:14:29 | rhs | rhs | vector_types.cpp:6:15:6:17 | v4f | 16 |
|
||||||
|
|||||||
12
cpp/ql/test/library-tests/vector_types/vector_types2.cpp
Normal file
12
cpp/ql/test/library-tests/vector_types/vector_types2.cpp
Normal file
@@ -0,0 +1,12 @@
|
|||||||
|
// semmle-extractor-options: --gnu --gnu_version 80000
|
||||||
|
typedef int v4i __attribute__((vector_size (16)));
|
||||||
|
|
||||||
|
void f() {
|
||||||
|
v4i a = {1,2,3,4};
|
||||||
|
v4i b = {5,6,7,8};
|
||||||
|
v4i mask_1 = {3,0,1,2};
|
||||||
|
v4i mask_2 = {3,5,4,2};
|
||||||
|
|
||||||
|
v4i res_1 = __builtin_shuffle(a, mask_1);
|
||||||
|
v4i res_2 = __builtin_shuffle(a, b, mask_2);
|
||||||
|
}
|
||||||
@@ -1,5 +1,5 @@
|
|||||||
name: codeql/csharp-solorigate-all
|
name: codeql/csharp-solorigate-all
|
||||||
version: 1.2.1
|
version: 1.2.2-dev
|
||||||
groups:
|
groups:
|
||||||
- csharp
|
- csharp
|
||||||
- solorigate
|
- solorigate
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
name: codeql/csharp-solorigate-queries
|
name: codeql/csharp-solorigate-queries
|
||||||
version: 1.2.1
|
version: 1.2.2-dev
|
||||||
groups:
|
groups:
|
||||||
- csharp
|
- csharp
|
||||||
- solorigate
|
- solorigate
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
name: codeql/csharp-all
|
name: codeql/csharp-all
|
||||||
version: 0.3.1
|
version: 0.3.2-dev
|
||||||
groups: csharp
|
groups: csharp
|
||||||
dbscheme: semmlecode.csharp.dbscheme
|
dbscheme: semmlecode.csharp.dbscheme
|
||||||
extractor: csharp
|
extractor: csharp
|
||||||
|
|||||||
@@ -881,7 +881,12 @@ import Cached
|
|||||||
* graph is restricted to nodes from `RelevantNode`.
|
* graph is restricted to nodes from `RelevantNode`.
|
||||||
*/
|
*/
|
||||||
module TestOutput {
|
module TestOutput {
|
||||||
abstract class RelevantNode extends Node { }
|
abstract class RelevantNode extends Node {
|
||||||
|
/**
|
||||||
|
* Gets a string used to resolve ties in node and edge ordering.
|
||||||
|
*/
|
||||||
|
string getOrderDisambuigation() { result = "" }
|
||||||
|
}
|
||||||
|
|
||||||
query predicate nodes(RelevantNode n, string attr, string val) {
|
query predicate nodes(RelevantNode n, string attr, string val) {
|
||||||
attr = "semmle.order" and
|
attr = "semmle.order" and
|
||||||
@@ -894,7 +899,8 @@ module TestOutput {
|
|||||||
p
|
p
|
||||||
order by
|
order by
|
||||||
l.getFile().getBaseName(), l.getFile().getAbsolutePath(), l.getStartLine(),
|
l.getFile().getBaseName(), l.getFile().getAbsolutePath(), l.getStartLine(),
|
||||||
l.getStartColumn(), l.getEndLine(), l.getEndColumn(), p.toString()
|
l.getStartColumn(), l.getEndLine(), l.getEndColumn(), p.toString(),
|
||||||
|
p.getOrderDisambuigation()
|
||||||
)
|
)
|
||||||
).toString()
|
).toString()
|
||||||
}
|
}
|
||||||
@@ -916,7 +922,8 @@ module TestOutput {
|
|||||||
s
|
s
|
||||||
order by
|
order by
|
||||||
l.getFile().getBaseName(), l.getFile().getAbsolutePath(), l.getStartLine(),
|
l.getFile().getBaseName(), l.getFile().getAbsolutePath(), l.getStartLine(),
|
||||||
l.getStartColumn(), l.getEndLine(), l.getEndColumn(), t.toString()
|
l.getStartColumn(), l.getEndLine(), l.getEndColumn(), t.toString(), s.toString(),
|
||||||
|
s.getOrderDisambuigation()
|
||||||
)
|
)
|
||||||
).toString()
|
).toString()
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -0,0 +1,44 @@
|
|||||||
|
|
||||||
|
{
|
||||||
|
SymmetricKey aesKey = new SymmetricKey(kid: "symencryptionkey");
|
||||||
|
|
||||||
|
// BAD: Using the outdated client side encryption version V1_0
|
||||||
|
BlobEncryptionPolicy uploadPolicy = new BlobEncryptionPolicy(key: aesKey, keyResolver: null);
|
||||||
|
BlobRequestOptions uploadOptions = new BlobRequestOptions() { EncryptionPolicy = uploadPolicy };
|
||||||
|
|
||||||
|
MemoryStream stream = new MemoryStream(buffer);
|
||||||
|
blob.UploadFromStream(stream, length: size, accessCondition: null, options: uploadOptions);
|
||||||
|
}
|
||||||
|
|
||||||
|
var client = new BlobClient(myConnectionString, new SpecializedBlobClientOptions()
|
||||||
|
{
|
||||||
|
// BAD: Using an outdated SDK that does not support client side encryption version V2_0
|
||||||
|
ClientSideEncryption = new ClientSideEncryptionOptions()
|
||||||
|
{
|
||||||
|
KeyEncryptionKey = myKey,
|
||||||
|
KeyResolver = myKeyResolver,
|
||||||
|
KeyWrapAlgorihm = myKeyWrapAlgorithm
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
var client = new BlobClient(myConnectionString, new SpecializedBlobClientOptions()
|
||||||
|
{
|
||||||
|
// BAD: Using the outdated client side encryption version V1_0
|
||||||
|
ClientSideEncryption = new ClientSideEncryptionOptions(ClientSideEncryptionVersion.V1_0)
|
||||||
|
{
|
||||||
|
KeyEncryptionKey = myKey,
|
||||||
|
KeyResolver = myKeyResolver,
|
||||||
|
KeyWrapAlgorihm = myKeyWrapAlgorithm
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
|
var client = new BlobClient(myConnectionString, new SpecializedBlobClientOptions()
|
||||||
|
{
|
||||||
|
// GOOD: Using client side encryption version V2_0
|
||||||
|
ClientSideEncryption = new ClientSideEncryptionOptions(ClientSideEncryptionVersion.V2_0)
|
||||||
|
{
|
||||||
|
KeyEncryptionKey = myKey,
|
||||||
|
KeyResolver = myKeyResolver,
|
||||||
|
KeyWrapAlgorihm = myKeyWrapAlgorithm
|
||||||
|
}
|
||||||
|
});
|
||||||
@@ -0,0 +1,29 @@
|
|||||||
|
<!DOCTYPE qhelp PUBLIC "-//Semmle//qhelp//EN" "qhelp.dtd">
|
||||||
|
<qhelp>
|
||||||
|
|
||||||
|
|
||||||
|
<overview>
|
||||||
|
<p>Azure Storage .NET, Java, and Python SDKs support encryption on the client with a customer-managed key that is maintained in Azure Key Vault or another key store.</p>
|
||||||
|
<p>Current release versions of the Azure Storage SDKs use cipher block chaining (CBC mode) for client-side encryption (referred to as <code>v1</code>).</p>
|
||||||
|
|
||||||
|
</overview>
|
||||||
|
<recommendation>
|
||||||
|
|
||||||
|
<p>Consider switching to <code>v2</code> client-side encryption.</p>
|
||||||
|
|
||||||
|
</recommendation>
|
||||||
|
<example>
|
||||||
|
|
||||||
|
<sample src="UnsafeUsageOfClientSideEncryptionVersion.cs" />
|
||||||
|
|
||||||
|
</example>
|
||||||
|
<references>
|
||||||
|
<li>
|
||||||
|
<a href="http://aka.ms/azstorageclientencryptionblog">Azure Storage Client Encryption Blog.</a>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30187">CVE-2022-30187</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
</references>
|
||||||
|
</qhelp>
|
||||||
@@ -0,0 +1,81 @@
|
|||||||
|
/**
|
||||||
|
* @name Unsafe usage of v1 version of Azure Storage client-side encryption (CVE-2022-30187).
|
||||||
|
* @description Unsafe usage of v1 version of Azure Storage client-side encryption, please refer to http://aka.ms/azstorageclientencryptionblog
|
||||||
|
* @kind problem
|
||||||
|
* @tags security
|
||||||
|
* cryptography
|
||||||
|
* external/cwe/cwe-327
|
||||||
|
* @id cs/azure-storage/unsafe-usage-of-client-side-encryption-version
|
||||||
|
* @problem.severity error
|
||||||
|
* @precision high
|
||||||
|
*/
|
||||||
|
|
||||||
|
import csharp
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Holds if `oc` is creating an object of type `c` = `Azure.Storage.ClientSideEncryptionOptions`
|
||||||
|
* and `e` is the `version` argument to the constructor
|
||||||
|
*/
|
||||||
|
predicate isCreatingAzureClientSideEncryptionObject(ObjectCreation oc, Class c, Expr e) {
|
||||||
|
exists(Parameter p | p.hasName("version") |
|
||||||
|
c.hasQualifiedName("Azure.Storage.ClientSideEncryptionOptions") and
|
||||||
|
oc.getTarget() = c.getAConstructor() and
|
||||||
|
e = oc.getArgumentForParameter(p)
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Holds if `oc` is an object creation of the outdated type `c` = `Microsoft.Azure.Storage.Blob.BlobEncryptionPolicy`
|
||||||
|
*/
|
||||||
|
predicate isCreatingOutdatedAzureClientSideEncryptionObject(ObjectCreation oc, Class c) {
|
||||||
|
c.hasQualifiedName("Microsoft.Azure.Storage.Blob.BlobEncryptionPolicy") and
|
||||||
|
oc.getTarget() = c.getAConstructor()
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Holds if the Azure.Storage assembly for `c` is a version known to support
|
||||||
|
* version 2+ for client-side encryption
|
||||||
|
*/
|
||||||
|
predicate doesAzureStorageAssemblySupportSafeClientSideEncryption(Assembly asm) {
|
||||||
|
exists(int versionCompare |
|
||||||
|
versionCompare = asm.getVersion().compareTo("12.12.0.0") and
|
||||||
|
versionCompare >= 0
|
||||||
|
) and
|
||||||
|
asm.getName() = "Azure.Storage.Common"
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Holds if the Azure.Storage assembly for `c` is a version known to support
|
||||||
|
* version 2+ for client-side encryption and if the argument for the constructor `version`
|
||||||
|
* is set to a secure value.
|
||||||
|
*/
|
||||||
|
predicate isObjectCreationArgumentSafeAndUsingSafeVersionOfAssembly(Expr versionExpr, Assembly asm) {
|
||||||
|
// Check if the Azure.Storage assembly version has the fix
|
||||||
|
doesAzureStorageAssemblySupportSafeClientSideEncryption(asm) and
|
||||||
|
// and that the version argument for the constructor is guaranteed to be Version2
|
||||||
|
isExprAnAccessToSafeClientSideEncryptionVersionValue(versionExpr)
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Holds if the expression `e` is an access to a safe version of the enum `ClientSideEncryptionVersion`
|
||||||
|
* or an equivalent numeric value
|
||||||
|
*/
|
||||||
|
predicate isExprAnAccessToSafeClientSideEncryptionVersionValue(Expr e) {
|
||||||
|
exists(EnumConstant ec |
|
||||||
|
ec.hasQualifiedName("Azure.Storage.ClientSideEncryptionVersion.V2_0") and
|
||||||
|
ec.getAnAccess() = e
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
from Expr e, Class c, Assembly asm
|
||||||
|
where
|
||||||
|
asm = c.getLocation() and
|
||||||
|
(
|
||||||
|
exists(Expr e2 |
|
||||||
|
isCreatingAzureClientSideEncryptionObject(e, c, e2) and
|
||||||
|
not isObjectCreationArgumentSafeAndUsingSafeVersionOfAssembly(e2, asm)
|
||||||
|
)
|
||||||
|
or
|
||||||
|
isCreatingOutdatedAzureClientSideEncryptionObject(e, c)
|
||||||
|
)
|
||||||
|
select e, "Unsafe usage of v1 version of Azure Storage client-side encryption."
|
||||||
@@ -1,5 +1,5 @@
|
|||||||
name: codeql/csharp-queries
|
name: codeql/csharp-queries
|
||||||
version: 0.3.0
|
version: 0.3.1-dev
|
||||||
groups:
|
groups:
|
||||||
- csharp
|
- csharp
|
||||||
- queries
|
- queries
|
||||||
|
|||||||
@@ -2,7 +2,54 @@ function RegisterExtractorPack(id)
|
|||||||
local extractor = GetPlatformToolsDirectory() ..
|
local extractor = GetPlatformToolsDirectory() ..
|
||||||
'Semmle.Extraction.CSharp.Driver'
|
'Semmle.Extraction.CSharp.Driver'
|
||||||
if OperatingSystem == 'windows' then extractor = extractor .. '.exe' end
|
if OperatingSystem == 'windows' then extractor = extractor .. '.exe' end
|
||||||
|
|
||||||
|
function DotnetMatcherBuild(compilerName, compilerPath, compilerArguments,
|
||||||
|
_languageId)
|
||||||
|
if compilerName ~= 'dotnet' and compilerName ~= 'dotnet.exe' then
|
||||||
|
return nil
|
||||||
|
end
|
||||||
|
|
||||||
|
-- The dotnet CLI has the following usage instructions:
|
||||||
|
-- dotnet [sdk-options] [command] [command-options] [arguments]
|
||||||
|
-- we are interested in dotnet build, which has the following usage instructions:
|
||||||
|
-- dotnet [options] build [<PROJECT | SOLUTION>...]
|
||||||
|
-- For now, parse the command line as follows:
|
||||||
|
-- Everything that starts with `-` (or `/`) will be ignored.
|
||||||
|
-- The first non-option argument is treated as the command.
|
||||||
|
-- if that's `build`, we append `/p:UseSharedCompilation=false` to the command line,
|
||||||
|
-- otherwise we do nothing.
|
||||||
|
local match = false
|
||||||
|
local argv = compilerArguments.argv
|
||||||
|
if OperatingSystem == 'windows' then
|
||||||
|
-- let's hope that this split matches the escaping rules `dotnet` applies to command line arguments
|
||||||
|
-- or, at least, that it is close enough
|
||||||
|
argv =
|
||||||
|
NativeArgumentsToArgv(compilerArguments.nativeArgumentPointer)
|
||||||
|
end
|
||||||
|
for i, arg in ipairs(argv) do
|
||||||
|
-- dotnet options start with either - or / (both are legal)
|
||||||
|
local firstCharacter = string.sub(arg, 1, 1)
|
||||||
|
if not (firstCharacter == '-') and not (firstCharacter == '/') then
|
||||||
|
Log(1, 'Dotnet subcommand detected: %s', arg)
|
||||||
|
if arg == 'build' then match = true end
|
||||||
|
break
|
||||||
|
end
|
||||||
|
end
|
||||||
|
if match then
|
||||||
|
return {
|
||||||
|
order = ORDER_REPLACE,
|
||||||
|
invocation = BuildExtractorInvocation(id, compilerPath,
|
||||||
|
compilerPath,
|
||||||
|
compilerArguments, nil, {
|
||||||
|
'/p:UseSharedCompilation=false'
|
||||||
|
})
|
||||||
|
}
|
||||||
|
end
|
||||||
|
return nil
|
||||||
|
end
|
||||||
|
|
||||||
local windowsMatchers = {
|
local windowsMatchers = {
|
||||||
|
DotnetMatcherBuild,
|
||||||
CreatePatternMatcher({'^dotnet%.exe$'}, MatchCompilerName, extractor, {
|
CreatePatternMatcher({'^dotnet%.exe$'}, MatchCompilerName, extractor, {
|
||||||
prepend = {'--dotnetexec', '--cil'},
|
prepend = {'--dotnetexec', '--cil'},
|
||||||
order = ORDER_BEFORE
|
order = ORDER_BEFORE
|
||||||
@@ -10,22 +57,21 @@ function RegisterExtractorPack(id)
|
|||||||
CreatePatternMatcher({'^csc.*%.exe$'}, MatchCompilerName, extractor, {
|
CreatePatternMatcher({'^csc.*%.exe$'}, MatchCompilerName, extractor, {
|
||||||
prepend = {'--compiler', '"${compiler}"', '--cil'},
|
prepend = {'--compiler', '"${compiler}"', '--cil'},
|
||||||
order = ORDER_BEFORE
|
order = ORDER_BEFORE
|
||||||
|
|
||||||
}),
|
}),
|
||||||
CreatePatternMatcher({'^fakes.*%.exe$', 'moles.*%.exe'},
|
CreatePatternMatcher({'^fakes.*%.exe$', 'moles.*%.exe'},
|
||||||
MatchCompilerName, nil, {trace = false})
|
MatchCompilerName, nil, {trace = false})
|
||||||
}
|
}
|
||||||
local posixMatchers = {
|
local posixMatchers = {
|
||||||
CreatePatternMatcher({'^mcs%.exe$', '^csc%.exe$'}, MatchCompilerName,
|
DotnetMatcherBuild,
|
||||||
extractor, {
|
|
||||||
prepend = {'--compiler', '"${compiler}"', '--cil'},
|
|
||||||
order = ORDER_BEFORE
|
|
||||||
|
|
||||||
}),
|
|
||||||
CreatePatternMatcher({'^mono', '^dotnet$'}, MatchCompilerName,
|
CreatePatternMatcher({'^mono', '^dotnet$'}, MatchCompilerName,
|
||||||
extractor, {
|
extractor, {
|
||||||
prepend = {'--dotnetexec', '--cil'},
|
prepend = {'--dotnetexec', '--cil'},
|
||||||
order = ORDER_BEFORE
|
order = ORDER_BEFORE
|
||||||
|
}),
|
||||||
|
CreatePatternMatcher({'^mcs%.exe$', '^csc%.exe$'}, MatchCompilerName,
|
||||||
|
extractor, {
|
||||||
|
prepend = {'--compiler', '"${compiler}"', '--cil'},
|
||||||
|
order = ORDER_BEFORE
|
||||||
}), function(compilerName, compilerPath, compilerArguments, _languageId)
|
}), function(compilerName, compilerPath, compilerArguments, _languageId)
|
||||||
if MatchCompilerName('^msbuild$', compilerName, compilerPath,
|
if MatchCompilerName('^msbuild$', compilerName, compilerPath,
|
||||||
compilerArguments) or
|
compilerArguments) or
|
||||||
@@ -49,7 +95,6 @@ function RegisterExtractorPack(id)
|
|||||||
else
|
else
|
||||||
return posixMatchers
|
return posixMatchers
|
||||||
end
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
||||||
-- Return a list of minimum supported versions of the configuration file format
|
-- Return a list of minimum supported versions of the configuration file format
|
||||||
|
|||||||
@@ -11,14 +11,17 @@ CodeQL.
|
|||||||
Languages and compilers
|
Languages and compilers
|
||||||
#######################
|
#######################
|
||||||
|
|
||||||
CodeQL supports the following languages and compilers.
|
The current versions of the CodeQL CLI (`changelog <https://github.com/github/codeql-cli-binaries/blob/main/CHANGELOG.md>`__, `releases <https://github.com/github/codeql-cli-binaries/releases>`__),
|
||||||
|
CodeQL library packs (`source <https://github.com/github/codeql/tree/codeql-cli/latest>`__),
|
||||||
|
and CodeQL bundle (`releases <https://github.com/github/codeql-action/releases>`__)
|
||||||
|
support the following languages and compilers.
|
||||||
|
|
||||||
.. include:: ../support/reusables/versions-compilers.rst
|
.. include:: ../support/reusables/versions-compilers.rst
|
||||||
|
|
||||||
Frameworks and libraries
|
Frameworks and libraries
|
||||||
########################
|
########################
|
||||||
|
|
||||||
The libraries and queries in the current version of CodeQL have been explicitly checked against the libraries and frameworks listed below.
|
The current versions of the CodeQL library and query packs (`source <https://github.com/github/codeql/tree/codeql-cli/latest>`__) have been explicitly checked against the libraries and frameworks listed below.
|
||||||
|
|
||||||
.. pull-quote::
|
.. pull-quote::
|
||||||
|
|
||||||
|
|||||||
@@ -3,7 +3,9 @@ CodeQL query help for C and C++
|
|||||||
|
|
||||||
.. include:: ../reusables/query-help-overview.rst
|
.. include:: ../reusables/query-help-overview.rst
|
||||||
|
|
||||||
For shorter queries that you can use as building blocks when writing your own queries, see the `example queries in the CodeQL repository <https://github.com/github/codeql/tree/main/cpp/ql/examples>`__.
|
These queries are published in the CodeQL query pack ``codeql/cpp-queries`` (`changelog <https://github.com/github/codeql/tree/codeql-cli/latest/cpp/ql/src/CHANGELOG.md>`__, `source <https://github.com/github/codeql/tree/codeql-cli/latest/cpp/ql/src>`__).
|
||||||
|
|
||||||
|
For shorter queries that you can use as building blocks when writing your own queries, see the `example queries in the CodeQL repository <https://github.com/github/codeql/tree/codeql-cli/latest/cpp/ql/examples>`__.
|
||||||
|
|
||||||
.. include:: toc-cpp.rst
|
.. include:: toc-cpp.rst
|
||||||
|
|
||||||
@@ -3,6 +3,8 @@ CodeQL query help for C#
|
|||||||
|
|
||||||
.. include:: ../reusables/query-help-overview.rst
|
.. include:: ../reusables/query-help-overview.rst
|
||||||
|
|
||||||
For shorter queries that you can use as building blocks when writing your own queries, see the `example queries in the CodeQL repository <https://github.com/github/codeql/tree/main/csharp/ql/examples>`__.
|
These queries are published in the CodeQL query pack ``codeql/csharp-queries`` (`changelog <https://github.com/github/codeql/tree/codeql-cli/latest/csharp/ql/src/CHANGELOG.md>`__, `source <https://github.com/github/codeql/tree/codeql-cli/latest/csharp/ql/src>`__).
|
||||||
|
|
||||||
|
For shorter queries that you can use as building blocks when writing your own queries, see the `example queries in the CodeQL repository <https://github.com/github/codeql/tree/codeql-cli/latest/csharp/ql/examples>`__.
|
||||||
|
|
||||||
.. include:: toc-csharp.rst
|
.. include:: toc-csharp.rst
|
||||||
@@ -3,6 +3,8 @@ CodeQL query help for Go
|
|||||||
|
|
||||||
.. include:: ../reusables/query-help-overview.rst
|
.. include:: ../reusables/query-help-overview.rst
|
||||||
|
|
||||||
For shorter queries that you can use as building blocks when writing your own queries, see the `example queries in the CodeQL repository <https://github.com/github/codeql/tree/main/go/ql/examples>`__.
|
These queries are published in the CodeQL query pack ``codeql/go-queries`` (`changelog <https://github.com/github/codeql/tree/codeql-cli/latest/go/ql/src/CHANGELOG.md>`__, `source <https://github.com/github/codeql/tree/codeql-cli/latest/go/ql/src>`__).
|
||||||
|
|
||||||
|
For shorter queries that you can use as building blocks when writing your own queries, see the `example queries in the CodeQL repository <https://github.com/github/codeql/tree/codeql-cli/latest/go/ql/examples>`__.
|
||||||
|
|
||||||
.. include:: toc-go.rst
|
.. include:: toc-go.rst
|
||||||
|
|||||||
@@ -3,6 +3,8 @@ CodeQL query help for Java
|
|||||||
|
|
||||||
.. include:: ../reusables/query-help-overview.rst
|
.. include:: ../reusables/query-help-overview.rst
|
||||||
|
|
||||||
For shorter queries that you can use as building blocks when writing your own queries, see the `example queries in the CodeQL repository <https://github.com/github/codeql/tree/main/java/ql/examples>`__.
|
These queries are published in the CodeQL query pack ``codeql/java-queries`` (`changelog <https://github.com/github/codeql/tree/codeql-cli/latest/java/ql/src/CHANGELOG.md>`__, `source <https://github.com/github/codeql/tree/codeql-cli/latest/java/ql/src>`__).
|
||||||
|
|
||||||
|
For shorter queries that you can use as building blocks when writing your own queries, see the `example queries in the CodeQL repository <https://github.com/github/codeql/tree/codeql-cli/latest/java/ql/examples>`__.
|
||||||
|
|
||||||
.. include:: toc-java.rst
|
.. include:: toc-java.rst
|
||||||
|
|||||||
@@ -3,6 +3,8 @@ CodeQL query help for JavaScript
|
|||||||
|
|
||||||
.. include:: ../reusables/query-help-overview.rst
|
.. include:: ../reusables/query-help-overview.rst
|
||||||
|
|
||||||
For shorter queries that you can use as building blocks when writing your own queries, see the `example queries in the CodeQL repository <https://github.com/github/codeql/tree/main/javascript/ql/examples>`__.
|
These queries are published in the CodeQL query pack ``codeql/javascript-queries`` (`changelog <https://github.com/github/codeql/tree/codeql-cli/latest/javascript/ql/src/CHANGELOG.md>`__, `source <https://github.com/github/codeql/tree/codeql-cli/latest/javascript/ql/src>`__).
|
||||||
|
|
||||||
|
For shorter queries that you can use as building blocks when writing your own queries, see the `example queries in the CodeQL repository <https://github.com/github/codeql/tree/codeql-cli/latest/javascript/ql/examples>`__.
|
||||||
|
|
||||||
.. include:: toc-javascript.rst
|
.. include:: toc-javascript.rst
|
||||||
@@ -3,6 +3,8 @@ CodeQL query help for Python
|
|||||||
|
|
||||||
.. include:: ../reusables/query-help-overview.rst
|
.. include:: ../reusables/query-help-overview.rst
|
||||||
|
|
||||||
For shorter queries that you can use as building blocks when writing your own queries, see the `example queries in the CodeQL repository <https://github.com/github/codeql/tree/main/python/ql/examples>`__.
|
These queries are published in the CodeQL query pack ``codeql/python-queries`` (`changelog <https://github.com/github/codeql/tree/codeql-cli/latest/python/ql/src/CHANGELOG.md>`__, `source <https://github.com/github/codeql/tree/codeql-cli/latest/python/ql/src>`__).
|
||||||
|
|
||||||
|
For shorter queries that you can use as building blocks when writing your own queries, see the `example queries in the CodeQL repository <https://github.com/github/codeql/tree/codeql-cli/latest/python/ql/examples>`__.
|
||||||
|
|
||||||
.. include:: toc-python.rst
|
.. include:: toc-python.rst
|
||||||
@@ -3,6 +3,8 @@ CodeQL query help for Ruby
|
|||||||
|
|
||||||
.. include:: ../reusables/query-help-overview.rst
|
.. include:: ../reusables/query-help-overview.rst
|
||||||
|
|
||||||
For shorter queries that you can use as building blocks when writing your own queries, see the `example queries in the CodeQL repository <https://github.com/github/codeql/tree/main/ruby/ql/examples>`__.
|
These queries are published in the CodeQL query pack ``codeql/ruby-queries`` (`changelog <https://github.com/github/codeql/tree/codeql-cli/latest/ruby/ql/src/CHANGELOG.md>`__, `source <https://github.com/github/codeql/tree/codeql-cli/latest/ruby/ql/src>`__).
|
||||||
|
|
||||||
|
For shorter queries that you can use as building blocks when writing your own queries, see the `example queries in the CodeQL repository <https://github.com/github/codeql/tree/codeql-cli/latest/ruby/ql/examples>`__.
|
||||||
|
|
||||||
.. include:: toc-ruby.rst
|
.. include:: toc-ruby.rst
|
||||||
|
|||||||
@@ -1,6 +1,10 @@
|
|||||||
C and C++ built-in support
|
C and C++ built-in support
|
||||||
================================
|
================================
|
||||||
|
|
||||||
|
Provided by the current versions of the
|
||||||
|
CodeQL query pack ``codeql/cpp-queries`` (`changelog <https://github.com/github/codeql/tree/codeql-cli/latest/cpp/ql/src/CHANGELOG.md>`__, `source <https://github.com/github/codeql/tree/codeql-cli/latest/cpp/ql/src>`__)
|
||||||
|
and the CodeQL library pack ``codeql/cpp-all`` (`changelog <https://github.com/github/codeql/tree/codeql-cli/latest/cpp/ql/lib/CHANGELOG.md>`__, `source <https://github.com/github/codeql/tree/codeql-cli/latest/cpp/ql/lib>`__).
|
||||||
|
|
||||||
.. csv-table::
|
.. csv-table::
|
||||||
:header-rows: 1
|
:header-rows: 1
|
||||||
:class: fullWidthTable
|
:class: fullWidthTable
|
||||||
@@ -14,6 +18,10 @@ C and C++ built-in support
|
|||||||
C# built-in support
|
C# built-in support
|
||||||
================================
|
================================
|
||||||
|
|
||||||
|
Provided by the current versions of the
|
||||||
|
CodeQL query pack ``codeql/csharp-queries`` (`changelog <https://github.com/github/codeql/tree/codeql-cli/latest/csharp/ql/src/CHANGELOG.md>`__, `source <https://github.com/github/codeql/tree/codeql-cli/latest/csharp/ql/src>`__)
|
||||||
|
and the CodeQL library pack ``codeql/csharp-all`` (`changelog <https://github.com/github/codeql/tree/codeql-cli/latest/csharp/ql/lib/CHANGELOG.md>`__, `source <https://github.com/github/codeql/tree/codeql-cli/latest/csharp/ql/lib>`__).
|
||||||
|
|
||||||
.. csv-table::
|
.. csv-table::
|
||||||
:header-rows: 1
|
:header-rows: 1
|
||||||
:class: fullWidthTable
|
:class: fullWidthTable
|
||||||
@@ -33,6 +41,10 @@ C# built-in support
|
|||||||
Go built-in support
|
Go built-in support
|
||||||
================================
|
================================
|
||||||
|
|
||||||
|
Provided by the current versions of the
|
||||||
|
CodeQL query pack ``codeql/go-queries`` (`changelog <https://github.com/github/codeql/tree/codeql-cli/latest/go/ql/src/CHANGELOG.md>`__, `source <https://github.com/github/codeql/tree/codeql-cli/latest/go/ql/src>`__)
|
||||||
|
and the CodeQL library pack ``codeql/go-all`` (`changelog <https://github.com/github/codeql/tree/codeql-cli/latest/go/ql/lib/CHANGELOG.md>`__, `source <https://github.com/github/codeql/tree/codeql-cli/latest/go/ql/lib>`__).
|
||||||
|
|
||||||
.. csv-table::
|
.. csv-table::
|
||||||
:header-rows: 1
|
:header-rows: 1
|
||||||
:class: fullWidthTable
|
:class: fullWidthTable
|
||||||
@@ -84,6 +96,10 @@ Go built-in support
|
|||||||
Java built-in support
|
Java built-in support
|
||||||
==================================
|
==================================
|
||||||
|
|
||||||
|
Provided by the current versions of the
|
||||||
|
CodeQL query pack ``codeql/java-queries`` (`changelog <https://github.com/github/codeql/tree/codeql-cli/latest/java/ql/src/CHANGELOG.md>`__, `source <https://github.com/github/codeql/tree/codeql-cli/latest/java/ql/src>`__)
|
||||||
|
and the CodeQL library pack ``codeql/java-all`` (`changelog <https://github.com/github/codeql/tree/codeql-cli/latest/java/ql/lib/CHANGELOG.md>`__, `source <https://github.com/github/codeql/tree/codeql-cli/latest/java/ql/lib>`__).
|
||||||
|
|
||||||
.. csv-table::
|
.. csv-table::
|
||||||
:header-rows: 1
|
:header-rows: 1
|
||||||
:class: fullWidthTable
|
:class: fullWidthTable
|
||||||
@@ -113,6 +129,10 @@ Java built-in support
|
|||||||
JavaScript and TypeScript built-in support
|
JavaScript and TypeScript built-in support
|
||||||
=======================================================
|
=======================================================
|
||||||
|
|
||||||
|
Provided by the current versions of the
|
||||||
|
CodeQL query pack ``codeql/javascript-queries`` (`changelog <https://github.com/github/codeql/tree/codeql-cli/latest/javascript/ql/src/CHANGELOG.md>`__, `source <https://github.com/github/codeql/tree/codeql-cli/latest/javascript/ql/src>`__)
|
||||||
|
and the CodeQL library pack ``codeql/javascript-all`` (`changelog <https://github.com/github/codeql/tree/codeql-cli/latest/javascript/ql/lib/CHANGELOG.md>`__, `source <https://github.com/github/codeql/tree/codeql-cli/latest/javascript/ql/lib>`__).
|
||||||
|
|
||||||
.. csv-table::
|
.. csv-table::
|
||||||
:header-rows: 1
|
:header-rows: 1
|
||||||
:class: fullWidthTable
|
:class: fullWidthTable
|
||||||
@@ -156,6 +176,10 @@ JavaScript and TypeScript built-in support
|
|||||||
Python built-in support
|
Python built-in support
|
||||||
====================================
|
====================================
|
||||||
|
|
||||||
|
Provided by the current versions of the
|
||||||
|
CodeQL query pack ``codeql/python-queries`` (`changelog <https://github.com/github/codeql/tree/codeql-cli/latest/python/ql/src/CHANGELOG.md>`__, `source <https://github.com/github/codeql/tree/codeql-cli/latest/python/ql/src>`__)
|
||||||
|
and the CodeQL library pack ``codeql/python-all`` (`changelog <https://github.com/github/codeql/tree/codeql-cli/latest/python/ql/lib/CHANGELOG.md>`__, `source <https://github.com/github/codeql/tree/codeql-cli/latest/python/ql/lib>`__).
|
||||||
|
|
||||||
.. csv-table::
|
.. csv-table::
|
||||||
:header-rows: 1
|
:header-rows: 1
|
||||||
:class: fullWidthTable
|
:class: fullWidthTable
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
name: codeql/go-all
|
name: codeql/go-all
|
||||||
version: 0.2.1
|
version: 0.2.2-dev
|
||||||
groups: go
|
groups: go
|
||||||
dbscheme: go.dbscheme
|
dbscheme: go.dbscheme
|
||||||
extractor: go
|
extractor: go
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
name: codeql/go-queries
|
name: codeql/go-queries
|
||||||
version: 0.2.1
|
version: 0.2.2-dev
|
||||||
groups:
|
groups:
|
||||||
- go
|
- go
|
||||||
- queries
|
- queries
|
||||||
|
|||||||
@@ -36,7 +36,7 @@ java.lang,13,,58,,,,,,,,,,,8,,,,,4,,,1,,,,,,,,,,,,,,,46,12
|
|||||||
java.net,10,3,7,,,,,,,,,,,,,,10,,,,,,,,,,,,,,,,,,,3,7,
|
java.net,10,3,7,,,,,,,,,,,,,,10,,,,,,,,,,,,,,,,,,,3,7,
|
||||||
java.nio,15,,6,,13,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,6,
|
java.nio,15,,6,,13,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,6,
|
||||||
java.sql,11,,,,,,,,,4,,,,,,,,,,,,,,,,7,,,,,,,,,,,,
|
java.sql,11,,,,,,,,,4,,,,,,,,,,,,,,,,7,,,,,,,,,,,,
|
||||||
java.util,44,,438,,,,,,,,,,,34,,,,,,5,2,,1,2,,,,,,,,,,,,,24,414
|
java.util,44,,458,,,,,,,,,,,34,,,,,,5,2,,1,2,,,,,,,,,,,,,36,422
|
||||||
javax.faces.context,2,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,7,,
|
javax.faces.context,2,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,7,,
|
||||||
javax.jms,,9,57,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,57,
|
javax.jms,,9,57,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,57,
|
||||||
javax.json,,,123,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,23
|
javax.json,,,123,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,23
|
||||||
|
|||||||
|
@@ -15,9 +15,9 @@ Java framework & library support
|
|||||||
`Apache HttpComponents <https://hc.apache.org/>`_,"``org.apache.hc.core5.*``, ``org.apache.http``",5,136,28,,,3,,,,25
|
`Apache HttpComponents <https://hc.apache.org/>`_,"``org.apache.hc.core5.*``, ``org.apache.http``",5,136,28,,,3,,,,25
|
||||||
`Google Guava <https://guava.dev/>`_,``com.google.common.*``,,728,39,,6,,,,,
|
`Google Guava <https://guava.dev/>`_,``com.google.common.*``,,728,39,,6,,,,,
|
||||||
`JSON-java <https://github.com/stleary/JSON-java>`_,``org.json``,,236,,,,,,,,
|
`JSON-java <https://github.com/stleary/JSON-java>`_,``org.json``,,236,,,,,,,,
|
||||||
Java Standard Library,``java.*``,3,549,130,28,,,7,,,10
|
Java Standard Library,``java.*``,3,569,130,28,,,7,,,10
|
||||||
Java extensions,"``javax.*``, ``jakarta.*``",63,609,32,,,4,,1,1,2
|
Java extensions,"``javax.*``, ``jakarta.*``",63,609,32,,,4,,1,1,2
|
||||||
`Spring <https://spring.io/>`_,``org.springframework.*``,29,476,101,,,,19,14,,29
|
`Spring <https://spring.io/>`_,``org.springframework.*``,29,476,101,,,,19,14,,29
|
||||||
Others,"``androidx.slice``, ``cn.hutool.core.codec``, ``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.fasterxml.jackson.core``, ``com.fasterxml.jackson.databind``, ``com.opensymphony.xwork2.ognl``, ``com.rabbitmq.client``, ``com.unboundid.ldap.sdk``, ``com.zaxxer.hikari``, ``flexjson``, ``groovy.lang``, ``groovy.util``, ``jodd.json``, ``kotlin.jvm.internal``, ``net.sf.saxon.s9api``, ``ognl``, ``okhttp3``, ``org.apache.commons.codec``, ``org.apache.commons.jexl2``, ``org.apache.commons.jexl3``, ``org.apache.commons.logging``, ``org.apache.commons.ognl``, ``org.apache.directory.ldap.client.api``, ``org.apache.ibatis.jdbc``, ``org.apache.log4j``, ``org.apache.logging.log4j``, ``org.apache.shiro.codec``, ``org.apache.shiro.jndi``, ``org.codehaus.groovy.control``, ``org.dom4j``, ``org.hibernate``, ``org.jboss.logging``, ``org.jdbi.v3.core``, ``org.jooq``, ``org.mvel2``, ``org.scijava.log``, ``org.slf4j``, ``org.xml.sax``, ``org.xmlpull.v1``, ``play.mvc``, ``ratpack.core.form``, ``ratpack.core.handling``, ``ratpack.core.http``, ``ratpack.exec``, ``ratpack.form``, ``ratpack.func``, ``ratpack.handling``, ``ratpack.http``, ``ratpack.util``, ``retrofit2``",65,395,932,,,,14,18,,3
|
Others,"``androidx.slice``, ``cn.hutool.core.codec``, ``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.fasterxml.jackson.core``, ``com.fasterxml.jackson.databind``, ``com.opensymphony.xwork2.ognl``, ``com.rabbitmq.client``, ``com.unboundid.ldap.sdk``, ``com.zaxxer.hikari``, ``flexjson``, ``groovy.lang``, ``groovy.util``, ``jodd.json``, ``kotlin.jvm.internal``, ``net.sf.saxon.s9api``, ``ognl``, ``okhttp3``, ``org.apache.commons.codec``, ``org.apache.commons.jexl2``, ``org.apache.commons.jexl3``, ``org.apache.commons.logging``, ``org.apache.commons.ognl``, ``org.apache.directory.ldap.client.api``, ``org.apache.ibatis.jdbc``, ``org.apache.log4j``, ``org.apache.logging.log4j``, ``org.apache.shiro.codec``, ``org.apache.shiro.jndi``, ``org.codehaus.groovy.control``, ``org.dom4j``, ``org.hibernate``, ``org.jboss.logging``, ``org.jdbi.v3.core``, ``org.jooq``, ``org.mvel2``, ``org.scijava.log``, ``org.slf4j``, ``org.xml.sax``, ``org.xmlpull.v1``, ``play.mvc``, ``ratpack.core.form``, ``ratpack.core.handling``, ``ratpack.core.http``, ``ratpack.exec``, ``ratpack.form``, ``ratpack.func``, ``ratpack.handling``, ``ratpack.http``, ``ratpack.util``, ``retrofit2``",65,395,932,,,,14,18,,3
|
||||||
Totals,,217,6410,1474,117,6,10,107,33,1,84
|
Totals,,217,6430,1474,117,6,10,107,33,1,84
|
||||||
|
|
||||||
|
|||||||
@@ -888,6 +888,10 @@ open class KotlinFileExtractor(
|
|||||||
if (shortName.nameInDB != shortName.kotlinName) {
|
if (shortName.nameInDB != shortName.kotlinName) {
|
||||||
tw.writeKtFunctionOriginalNames(methodId, shortName.kotlinName)
|
tw.writeKtFunctionOriginalNames(methodId, shortName.kotlinName)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (f.hasInterfaceParent() && f.body != null) {
|
||||||
|
addModifiers(id, "default") // The actual output class file may or may not have this modifier, depending on the -Xjvm-default setting.
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
tw.writeHasLocation(id, locId)
|
tw.writeHasLocation(id, locId)
|
||||||
@@ -1386,7 +1390,8 @@ open class KotlinFileExtractor(
|
|||||||
dispatchReceiver: IrExpression?,
|
dispatchReceiver: IrExpression?,
|
||||||
extensionReceiver: IrExpression?,
|
extensionReceiver: IrExpression?,
|
||||||
typeArguments: List<IrType> = listOf(),
|
typeArguments: List<IrType> = listOf(),
|
||||||
extractClassTypeArguments: Boolean = false) {
|
extractClassTypeArguments: Boolean = false,
|
||||||
|
superQualifierSymbol: IrClassSymbol? = null) {
|
||||||
|
|
||||||
val locId = tw.getLocation(callsite)
|
val locId = tw.getLocation(callsite)
|
||||||
|
|
||||||
@@ -1404,7 +1409,8 @@ open class KotlinFileExtractor(
|
|||||||
dispatchReceiver?.let { { callId -> extractExpressionExpr(dispatchReceiver, enclosingCallable, callId, -1, enclosingStmt) } },
|
dispatchReceiver?.let { { callId -> extractExpressionExpr(dispatchReceiver, enclosingCallable, callId, -1, enclosingStmt) } },
|
||||||
extensionReceiver?.let { { argParent -> extractExpressionExpr(extensionReceiver, enclosingCallable, argParent, 0, enclosingStmt) } },
|
extensionReceiver?.let { { argParent -> extractExpressionExpr(extensionReceiver, enclosingCallable, argParent, 0, enclosingStmt) } },
|
||||||
typeArguments,
|
typeArguments,
|
||||||
extractClassTypeArguments
|
extractClassTypeArguments,
|
||||||
|
superQualifierSymbol
|
||||||
)
|
)
|
||||||
|
|
||||||
}
|
}
|
||||||
@@ -1424,7 +1430,8 @@ open class KotlinFileExtractor(
|
|||||||
extractDispatchReceiver: ((Label<out DbExpr>) -> Unit)?,
|
extractDispatchReceiver: ((Label<out DbExpr>) -> Unit)?,
|
||||||
extractExtensionReceiver: ((Label<out DbExpr>) -> Unit)?,
|
extractExtensionReceiver: ((Label<out DbExpr>) -> Unit)?,
|
||||||
typeArguments: List<IrType> = listOf(),
|
typeArguments: List<IrType> = listOf(),
|
||||||
extractClassTypeArguments: Boolean = false) {
|
extractClassTypeArguments: Boolean = false,
|
||||||
|
superQualifierSymbol: IrClassSymbol? = null) {
|
||||||
|
|
||||||
val callTarget = syntacticCallTarget.target.realOverrideTarget
|
val callTarget = syntacticCallTarget.target.realOverrideTarget
|
||||||
val id = tw.getFreshIdLabel<DbMethodaccess>()
|
val id = tw.getFreshIdLabel<DbMethodaccess>()
|
||||||
@@ -1483,6 +1490,8 @@ open class KotlinFileExtractor(
|
|||||||
|
|
||||||
if (callTarget.shouldExtractAsStatic) {
|
if (callTarget.shouldExtractAsStatic) {
|
||||||
extractStaticTypeAccessQualifier(callTarget, id, locId, enclosingCallable, enclosingStmt)
|
extractStaticTypeAccessQualifier(callTarget, id, locId, enclosingCallable, enclosingStmt)
|
||||||
|
} else if (superQualifierSymbol != null) {
|
||||||
|
extractSuperAccess(superQualifierSymbol.typeWith(), enclosingCallable, id, -1, enclosingStmt, locId)
|
||||||
} else if (extractDispatchReceiver != null) {
|
} else if (extractDispatchReceiver != null) {
|
||||||
extractDispatchReceiver(id)
|
extractDispatchReceiver(id)
|
||||||
}
|
}
|
||||||
@@ -1744,7 +1753,7 @@ open class KotlinFileExtractor(
|
|||||||
else
|
else
|
||||||
listOf()
|
listOf()
|
||||||
|
|
||||||
extractRawMethodAccess(syntacticCallTarget, c, callable, parent, idx, enclosingStmt, (0 until c.valueArgumentsCount).map { c.getValueArgument(it) }, c.dispatchReceiver, c.extensionReceiver, typeArgs, extractClassTypeArguments)
|
extractRawMethodAccess(syntacticCallTarget, c, callable, parent, idx, enclosingStmt, (0 until c.valueArgumentsCount).map { c.getValueArgument(it) }, c.dispatchReceiver, c.extensionReceiver, typeArgs, extractClassTypeArguments, c.superQualifierSymbol)
|
||||||
}
|
}
|
||||||
|
|
||||||
fun extractSpecialEnumFunction(fnName: String){
|
fun extractSpecialEnumFunction(fnName: String){
|
||||||
@@ -2124,7 +2133,13 @@ open class KotlinFileExtractor(
|
|||||||
}
|
}
|
||||||
isFunction(target, "kotlin", "(some array type)", { isArrayType(it) }, "iterator") && c.origin == IrStatementOrigin.FOR_LOOP_ITERATOR -> {
|
isFunction(target, "kotlin", "(some array type)", { isArrayType(it) }, "iterator") && c.origin == IrStatementOrigin.FOR_LOOP_ITERATOR -> {
|
||||||
findTopLevelFunctionOrWarn("kotlin.jvm.internal.iterator", "kotlin.jvm.internal.ArrayIteratorKt", c)?.let { iteratorFn ->
|
findTopLevelFunctionOrWarn("kotlin.jvm.internal.iterator", "kotlin.jvm.internal.ArrayIteratorKt", c)?.let { iteratorFn ->
|
||||||
extractRawMethodAccess(iteratorFn, c, callable, parent, idx, enclosingStmt, listOf(c.dispatchReceiver), null, null, listOf((c.dispatchReceiver!!.type as IrSimpleType).arguments.first().typeOrNull!!))
|
val typeArgs = (c.dispatchReceiver!!.type as IrSimpleType).arguments.map {
|
||||||
|
when(it) {
|
||||||
|
is IrTypeProjection -> it.type
|
||||||
|
else -> pluginContext.irBuiltIns.anyNType
|
||||||
|
}
|
||||||
|
}
|
||||||
|
extractRawMethodAccess(iteratorFn, c, callable, parent, idx, enclosingStmt, listOf(c.dispatchReceiver), null, null, typeArgs)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
isFunction(target, "kotlin", "(some array type)", { isArrayType(it) }, "get") && c.origin == IrStatementOrigin.GET_ARRAY_ELEMENT -> {
|
isFunction(target, "kotlin", "(some array type)", { isArrayType(it) }, "get") && c.origin == IrStatementOrigin.GET_ARRAY_ELEMENT -> {
|
||||||
@@ -3060,6 +3075,17 @@ open class KotlinFileExtractor(
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private fun extractSuperAccess(irType: IrType, callable: Label<out DbCallable>, parent: Label<out DbExprparent>, idx: Int, enclosingStmt: Label<out DbStmt>, locId: Label<out DbLocation>) =
|
||||||
|
tw.getFreshIdLabel<DbSuperaccess>().also {
|
||||||
|
val type = useType(irType)
|
||||||
|
tw.writeExprs_superaccess(it, type.javaResult.id, parent, idx)
|
||||||
|
tw.writeExprsKotlinType(it, type.kotlinResult.id)
|
||||||
|
tw.writeHasLocation(it, locId)
|
||||||
|
tw.writeCallableEnclosingExpr(it, callable)
|
||||||
|
tw.writeStatementEnclosingExpr(it, enclosingStmt)
|
||||||
|
extractTypeAccessRecursive(irType, locId, it, 0)
|
||||||
|
}
|
||||||
|
|
||||||
private fun extractThisAccess(e: IrGetValue, exprParent: ExprParent, callable: Label<out DbCallable>) {
|
private fun extractThisAccess(e: IrGetValue, exprParent: ExprParent, callable: Label<out DbCallable>) {
|
||||||
val containingDeclaration = declarationStack.peek()
|
val containingDeclaration = declarationStack.peek()
|
||||||
val locId = tw.getLocation(e)
|
val locId = tw.getLocation(e)
|
||||||
@@ -4014,7 +4040,7 @@ open class KotlinFileExtractor(
|
|||||||
/**
|
/**
|
||||||
* Extracts a single wildcard type access expression with no enclosing callable and statement.
|
* Extracts a single wildcard type access expression with no enclosing callable and statement.
|
||||||
*/
|
*/
|
||||||
private fun extractWildcardTypeAccess(type: TypeResults, location: Label<DbLocation>, parent: Label<out DbExprparent>, idx: Int): Label<out DbExpr> {
|
private fun extractWildcardTypeAccess(type: TypeResults, location: Label<out DbLocation>, parent: Label<out DbExprparent>, idx: Int): Label<out DbExpr> {
|
||||||
val id = tw.getFreshIdLabel<DbWildcardtypeaccess>()
|
val id = tw.getFreshIdLabel<DbWildcardtypeaccess>()
|
||||||
tw.writeExprs_wildcardtypeaccess(id, type.javaResult.id, parent, idx)
|
tw.writeExprs_wildcardtypeaccess(id, type.javaResult.id, parent, idx)
|
||||||
tw.writeExprsKotlinType(id, type.kotlinResult.id)
|
tw.writeExprsKotlinType(id, type.kotlinResult.id)
|
||||||
@@ -4025,7 +4051,7 @@ open class KotlinFileExtractor(
|
|||||||
/**
|
/**
|
||||||
* Extracts a single type access expression with no enclosing callable and statement.
|
* Extracts a single type access expression with no enclosing callable and statement.
|
||||||
*/
|
*/
|
||||||
private fun extractTypeAccess(type: TypeResults, location: Label<DbLocation>, parent: Label<out DbExprparent>, idx: Int): Label<out DbExpr> {
|
private fun extractTypeAccess(type: TypeResults, location: Label<out DbLocation>, parent: Label<out DbExprparent>, idx: Int): Label<out DbExpr> {
|
||||||
// TODO: elementForLocation allows us to give some sort of
|
// TODO: elementForLocation allows us to give some sort of
|
||||||
// location, but a proper location for the type access will
|
// location, but a proper location for the type access will
|
||||||
// require upstream changes
|
// require upstream changes
|
||||||
@@ -4051,7 +4077,7 @@ open class KotlinFileExtractor(
|
|||||||
* `extractTypeAccessRecursive` if the argument is invariant.
|
* `extractTypeAccessRecursive` if the argument is invariant.
|
||||||
* No enclosing callable and statement is extracted, this is useful for type access extraction in field declarations.
|
* No enclosing callable and statement is extracted, this is useful for type access extraction in field declarations.
|
||||||
*/
|
*/
|
||||||
private fun extractWildcardTypeAccessRecursive(t: IrTypeArgument, location: Label<DbLocation>, parent: Label<out DbExprparent>, idx: Int) {
|
private fun extractWildcardTypeAccessRecursive(t: IrTypeArgument, location: Label<out DbLocation>, parent: Label<out DbExprparent>, idx: Int) {
|
||||||
val typeLabels by lazy { TypeResults(getTypeArgumentLabel(t), TypeResult(fakeKotlinType(), "TODO", "TODO")) }
|
val typeLabels by lazy { TypeResults(getTypeArgumentLabel(t), TypeResult(fakeKotlinType(), "TODO", "TODO")) }
|
||||||
when (t) {
|
when (t) {
|
||||||
is IrStarProjection -> extractWildcardTypeAccess(typeLabels, location, parent, idx)
|
is IrStarProjection -> extractWildcardTypeAccess(typeLabels, location, parent, idx)
|
||||||
@@ -4071,7 +4097,7 @@ open class KotlinFileExtractor(
|
|||||||
* Extracts a type access expression and its child type access expressions in case of a generic type. Nested generics are also handled.
|
* Extracts a type access expression and its child type access expressions in case of a generic type. Nested generics are also handled.
|
||||||
* No enclosing callable and statement is extracted, this is useful for type access extraction in field declarations.
|
* No enclosing callable and statement is extracted, this is useful for type access extraction in field declarations.
|
||||||
*/
|
*/
|
||||||
private fun extractTypeAccessRecursive(t: IrType, location: Label<DbLocation>, parent: Label<out DbExprparent>, idx: Int, typeContext: TypeContext = TypeContext.OTHER): Label<out DbExpr> {
|
private fun extractTypeAccessRecursive(t: IrType, location: Label<out DbLocation>, parent: Label<out DbExprparent>, idx: Int, typeContext: TypeContext = TypeContext.OTHER): Label<out DbExpr> {
|
||||||
val typeAccessId = extractTypeAccess(useType(t, typeContext), location, parent, idx)
|
val typeAccessId = extractTypeAccess(useType(t, typeContext), location, parent, idx)
|
||||||
if (t is IrSimpleType) {
|
if (t is IrSimpleType) {
|
||||||
t.arguments.forEachIndexed { argIdx, arg ->
|
t.arguments.forEachIndexed { argIdx, arg ->
|
||||||
|
|||||||
@@ -51,6 +51,8 @@ private val specialFunctions = mapOf(
|
|||||||
makeDescription(FqName("java.lang.Number"), "toFloat") to "floatValue",
|
makeDescription(FqName("java.lang.Number"), "toFloat") to "floatValue",
|
||||||
makeDescription(StandardNames.FqNames.number.toSafe(), "toDouble") to "doubleValue",
|
makeDescription(StandardNames.FqNames.number.toSafe(), "toDouble") to "doubleValue",
|
||||||
makeDescription(FqName("java.lang.Number"), "toDouble") to "doubleValue",
|
makeDescription(FqName("java.lang.Number"), "toDouble") to "doubleValue",
|
||||||
|
makeDescription(StandardNames.FqNames.string.toSafe(), "get") to "charAt",
|
||||||
|
makeDescription(FqName("java.lang.String"), "get") to "charAt",
|
||||||
)
|
)
|
||||||
|
|
||||||
private val specialFunctionShortNames = specialFunctions.keys.map { it.functionName }.toSet()
|
private val specialFunctionShortNames = specialFunctions.keys.map { it.functionName }.toSet()
|
||||||
|
|||||||
@@ -12,6 +12,8 @@ Type getAMentionedType(RefType type) {
|
|||||||
result = getAMentionedType(type).(InstantiatedType).getATypeArgument()
|
result = getAMentionedType(type).(InstantiatedType).getATypeArgument()
|
||||||
or
|
or
|
||||||
result = getAMentionedType(type).(NestedType).getEnclosingType()
|
result = getAMentionedType(type).(NestedType).getEnclosingType()
|
||||||
|
or
|
||||||
|
result = getAMentionedType(type).(Wildcard).getATypeBound().getType()
|
||||||
}
|
}
|
||||||
|
|
||||||
Type getATypeUsedInClass(RefType type) {
|
Type getATypeUsedInClass(RefType type) {
|
||||||
|
|||||||
@@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
category: feature
|
||||||
|
---
|
||||||
|
* The QL predicate `Expr::getUnderlyingExpr` has been added. It can be used to look through casts and not-null expressions and obtain the underlying expression to which they apply.
|
||||||
4
java/ql/lib/change-notes/2022-07-26-scanner-models.md
Normal file
4
java/ql/lib/change-notes/2022-07-26-scanner-models.md
Normal file
@@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
category: minorAnalysis
|
||||||
|
---
|
||||||
|
* Added data flow models for `java.util.Scanner`.
|
||||||
5
java/ql/lib/change-notes/2022-07-27-nullness-junit5.md
Normal file
5
java/ql/lib/change-notes/2022-07-27-nullness-junit5.md
Normal file
@@ -0,0 +1,5 @@
|
|||||||
|
---
|
||||||
|
category: minorAnalysis
|
||||||
|
---
|
||||||
|
* The JUnit5 version of `AssertNotNull` is now recognized, which removes
|
||||||
|
related false positives in the nullness queries.
|
||||||
@@ -1,5 +1,5 @@
|
|||||||
name: codeql/java-all
|
name: codeql/java-all
|
||||||
version: 0.3.1
|
version: 0.3.2-dev
|
||||||
groups: java
|
groups: java
|
||||||
dbscheme: config/semmlecode.dbscheme
|
dbscheme: config/semmlecode.dbscheme
|
||||||
extractor: java
|
extractor: java
|
||||||
|
|||||||
@@ -100,6 +100,18 @@ class Expr extends ExprParent, @expr {
|
|||||||
|
|
||||||
/** Holds if this expression is parenthesized. */
|
/** Holds if this expression is parenthesized. */
|
||||||
predicate isParenthesized() { isParenthesized(this, _) }
|
predicate isParenthesized() { isParenthesized(this, _) }
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Gets the underlying expression looking through casts and not-nulls, if any.
|
||||||
|
* Otherwise just gets this expression.
|
||||||
|
*/
|
||||||
|
Expr getUnderlyingExpr() {
|
||||||
|
if this instanceof CastingExpr or this instanceof NotNullExpr
|
||||||
|
then
|
||||||
|
result = this.(CastingExpr).getExpr().getUnderlyingExpr() or
|
||||||
|
result = this.(NotNullExpr).getExpr().getUnderlyingExpr()
|
||||||
|
else result = this
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@@ -244,8 +244,26 @@ private class ContainerFlowSummaries extends SummaryModelCsv {
|
|||||||
"java.util;Properties;true;getProperty;(String);;Argument[-1].MapValue;ReturnValue;value;manual",
|
"java.util;Properties;true;getProperty;(String);;Argument[-1].MapValue;ReturnValue;value;manual",
|
||||||
"java.util;Properties;true;getProperty;(String,String);;Argument[-1].MapValue;ReturnValue;value;manual",
|
"java.util;Properties;true;getProperty;(String,String);;Argument[-1].MapValue;ReturnValue;value;manual",
|
||||||
"java.util;Properties;true;getProperty;(String,String);;Argument[1];ReturnValue;value;manual",
|
"java.util;Properties;true;getProperty;(String,String);;Argument[1];ReturnValue;value;manual",
|
||||||
"java.util;Scanner;true;next;(Pattern);;Argument[-1];ReturnValue;taint;manual",
|
"java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual",
|
||||||
"java.util;Scanner;true;next;(String);;Argument[-1];ReturnValue;taint;manual",
|
"java.util;Scanner;true;findInLine;;;Argument[-1];ReturnValue;taint;manual",
|
||||||
|
"java.util;Scanner;true;findWithinHorizon;;;Argument[-1];ReturnValue;taint;manual",
|
||||||
|
"java.util;Scanner;true;findWithinHorizon;;;Argument[-1];ReturnValue;taint;manual",
|
||||||
|
"java.util;Scanner;true;next;;;Argument[-1];ReturnValue;taint;manual",
|
||||||
|
"java.util;Scanner;true;nextBigDecimal;;;Argument[-1];ReturnValue;taint;manual",
|
||||||
|
"java.util;Scanner;true;nextBigInteger;;;Argument[-1];ReturnValue;taint;manual",
|
||||||
|
"java.util;Scanner;true;nextBoolean;;;Argument[-1];ReturnValue;taint;manual",
|
||||||
|
"java.util;Scanner;true;nextByte;;;Argument[-1];ReturnValue;taint;manual",
|
||||||
|
"java.util;Scanner;true;nextDouble;;;Argument[-1];ReturnValue;taint;manual",
|
||||||
|
"java.util;Scanner;true;nextFloat;;;Argument[-1];ReturnValue;taint;manual",
|
||||||
|
"java.util;Scanner;true;nextInt;;;Argument[-1];ReturnValue;taint;manual",
|
||||||
|
"java.util;Scanner;true;nextLine;;;Argument[-1];ReturnValue;taint;manual",
|
||||||
|
"java.util;Scanner;true;nextLong;;;Argument[-1];ReturnValue;taint;manual",
|
||||||
|
"java.util;Scanner;true;nextShort;;;Argument[-1];ReturnValue;taint;manual",
|
||||||
|
"java.util;Scanner;true;reset;;;Argument[-1];ReturnValue;value;manual",
|
||||||
|
"java.util;Scanner;true;skip;;;Argument[-1];ReturnValue;value;manual",
|
||||||
|
"java.util;Scanner;true;useDelimiter;;;Argument[-1];ReturnValue;value;manual",
|
||||||
|
"java.util;Scanner;true;useLocale;;;Argument[-1];ReturnValue;value;manual",
|
||||||
|
"java.util;Scanner;true;useRadix;;;Argument[-1];ReturnValue;value;manual",
|
||||||
"java.util;SortedMap;true;headMap;(Object);;Argument[-1].MapKey;ReturnValue.MapKey;value;manual",
|
"java.util;SortedMap;true;headMap;(Object);;Argument[-1].MapKey;ReturnValue.MapKey;value;manual",
|
||||||
"java.util;SortedMap;true;headMap;(Object);;Argument[-1].MapValue;ReturnValue.MapValue;value;manual",
|
"java.util;SortedMap;true;headMap;(Object);;Argument[-1].MapValue;ReturnValue.MapValue;value;manual",
|
||||||
"java.util;SortedMap;true;subMap;(Object,Object);;Argument[-1].MapKey;ReturnValue.MapKey;value;manual",
|
"java.util;SortedMap;true;subMap;(Object,Object);;Argument[-1].MapKey;ReturnValue.MapKey;value;manual",
|
||||||
|
|||||||
@@ -2,7 +2,8 @@
|
|||||||
* A library providing uniform access to various assertion frameworks.
|
* A library providing uniform access to various assertion frameworks.
|
||||||
*
|
*
|
||||||
* Currently supports `org.junit.Assert`, `junit.framework.*`,
|
* Currently supports `org.junit.Assert`, `junit.framework.*`,
|
||||||
* `com.google.common.base.Preconditions`, and `java.util.Objects`.
|
* `org.junit.jupiter.api.Assertions`, `com.google.common.base.Preconditions`,
|
||||||
|
* and `java.util.Objects`.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
import java
|
import java
|
||||||
@@ -17,7 +18,11 @@ private newtype AssertKind =
|
|||||||
private predicate assertionMethod(Method m, AssertKind kind) {
|
private predicate assertionMethod(Method m, AssertKind kind) {
|
||||||
exists(RefType junit |
|
exists(RefType junit |
|
||||||
m.getDeclaringType() = junit and
|
m.getDeclaringType() = junit and
|
||||||
(junit.hasQualifiedName("org.junit", "Assert") or junit.hasQualifiedName("junit.framework", _))
|
(
|
||||||
|
junit.hasQualifiedName("org.junit", "Assert") or
|
||||||
|
junit.hasQualifiedName("junit.framework", _) or
|
||||||
|
junit.hasQualifiedName("org.junit.jupiter.api", "Assertions")
|
||||||
|
)
|
||||||
|
|
|
|
||||||
m.hasName("assertNotNull") and kind = AssertKindNotNull()
|
m.hasName("assertNotNull") and kind = AssertKindNotNull()
|
||||||
or
|
or
|
||||||
|
|||||||
@@ -51,7 +51,7 @@ private predicate sharedPreferencesInput(DataFlow::Node editor, Expr input) {
|
|||||||
exists(MethodAccess m |
|
exists(MethodAccess m |
|
||||||
m.getMethod() instanceof PutSharedPreferenceMethod and
|
m.getMethod() instanceof PutSharedPreferenceMethod and
|
||||||
input = m.getArgument(1) and
|
input = m.getArgument(1) and
|
||||||
editor.asExpr() = m.getQualifier()
|
editor.asExpr() = m.getQualifier().getUnderlyingExpr()
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -61,7 +61,7 @@ private predicate sharedPreferencesInput(DataFlow::Node editor, Expr input) {
|
|||||||
*/
|
*/
|
||||||
private predicate sharedPreferencesStore(DataFlow::Node editor, MethodAccess m) {
|
private predicate sharedPreferencesStore(DataFlow::Node editor, MethodAccess m) {
|
||||||
m.getMethod() instanceof StoreSharedPreferenceMethod and
|
m.getMethod() instanceof StoreSharedPreferenceMethod and
|
||||||
editor.asExpr() = m.getQualifier()
|
editor.asExpr() = m.getQualifier().getUnderlyingExpr()
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Flow from `SharedPreferences.Editor` to either a setter or a store method. */
|
/** Flow from `SharedPreferences.Editor` to either a setter or a store method. */
|
||||||
|
|||||||
@@ -75,6 +75,8 @@ private predicate webViewLoadUrl(Argument urlArg, WebViewRef webview) {
|
|||||||
loadUrl.getArgument(0) = urlArg and
|
loadUrl.getArgument(0) = urlArg and
|
||||||
loadUrl.getMethod() instanceof WebViewLoadUrlMethod
|
loadUrl.getMethod() instanceof WebViewLoadUrlMethod
|
||||||
|
|
|
|
||||||
|
webview.getAnAccess() = DataFlow::exprNode(loadUrl.getQualifier().getUnderlyingExpr())
|
||||||
|
or
|
||||||
webview.getAnAccess() = DataFlow::getInstanceArgument(loadUrl)
|
webview.getAnAccess() = DataFlow::getInstanceArgument(loadUrl)
|
||||||
or
|
or
|
||||||
// `webview` is received as a parameter of an event method in a custom `WebViewClient`,
|
// `webview` is received as a parameter of an event method in a custom `WebViewClient`,
|
||||||
@@ -82,8 +84,9 @@ private predicate webViewLoadUrl(Argument urlArg, WebViewRef webview) {
|
|||||||
exists(WebViewClientEventMethod eventMethod, MethodAccess setWebClient |
|
exists(WebViewClientEventMethod eventMethod, MethodAccess setWebClient |
|
||||||
setWebClient.getMethod() instanceof WebViewSetWebViewClientMethod and
|
setWebClient.getMethod() instanceof WebViewSetWebViewClientMethod and
|
||||||
setWebClient.getArgument(0).getType() = eventMethod.getDeclaringType() and
|
setWebClient.getArgument(0).getType() = eventMethod.getDeclaringType() and
|
||||||
loadUrl.getQualifier() = eventMethod.getWebViewParameter().getAnAccess()
|
loadUrl.getQualifier().getUnderlyingExpr() = eventMethod.getWebViewParameter().getAnAccess()
|
||||||
|
|
|
|
||||||
|
webview.getAnAccess() = DataFlow::exprNode(setWebClient.getQualifier().getUnderlyingExpr()) or
|
||||||
webview.getAnAccess() = DataFlow::getInstanceArgument(setWebClient)
|
webview.getAnAccess() = DataFlow::getInstanceArgument(setWebClient)
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
|
|||||||
@@ -0,0 +1,46 @@
|
|||||||
|
|
||||||
|
// BAD: Using an outdated SDK that does not support client side encryption version V2_0
|
||||||
|
new EncryptedBlobClientBuilder()
|
||||||
|
.blobClient(blobClient)
|
||||||
|
.key(resolver.buildAsyncKeyEncryptionKey(keyid).block(), keyWrapAlgorithm)
|
||||||
|
.buildEncryptedBlobClient()
|
||||||
|
.uploadWithResponse(new BlobParallelUploadOptions(data)
|
||||||
|
.setMetadata(metadata)
|
||||||
|
.setHeaders(headers)
|
||||||
|
.setTags(tags)
|
||||||
|
.setTier(tier)
|
||||||
|
.setRequestConditions(requestConditions)
|
||||||
|
.setComputeMd5(computeMd5)
|
||||||
|
.setParallelTransferOptions(parallelTransferOptions),
|
||||||
|
timeout, context);
|
||||||
|
|
||||||
|
// BAD: Using the deprecatedd client side encryption version V1_0
|
||||||
|
new EncryptedBlobClientBuilder(EncryptionVersion.V1)
|
||||||
|
.blobClient(blobClient)
|
||||||
|
.key(resolver.buildAsyncKeyEncryptionKey(keyid).block(), keyWrapAlgorithm)
|
||||||
|
.buildEncryptedBlobClient()
|
||||||
|
.uploadWithResponse(new BlobParallelUploadOptions(data)
|
||||||
|
.setMetadata(metadata)
|
||||||
|
.setHeaders(headers)
|
||||||
|
.setTags(tags)
|
||||||
|
.setTier(tier)
|
||||||
|
.setRequestConditions(requestConditions)
|
||||||
|
.setComputeMd5(computeMd5)
|
||||||
|
.setParallelTransferOptions(parallelTransferOptions),
|
||||||
|
timeout, context);
|
||||||
|
|
||||||
|
|
||||||
|
// GOOD: Using client side encryption version V2_0
|
||||||
|
new EncryptedBlobClientBuilder(EncryptionVersion.V2)
|
||||||
|
.blobClient(blobClient)
|
||||||
|
.key(resolver.buildAsyncKeyEncryptionKey(keyid).block(), keyWrapAlgorithm)
|
||||||
|
.buildEncryptedBlobClient()
|
||||||
|
.uploadWithResponse(new BlobParallelUploadOptions(data)
|
||||||
|
.setMetadata(metadata)
|
||||||
|
.setHeaders(headers)
|
||||||
|
.setTags(tags)
|
||||||
|
.setTier(tier)
|
||||||
|
.setRequestConditions(requestConditions)
|
||||||
|
.setComputeMd5(computeMd5)
|
||||||
|
.setParallelTransferOptions(parallelTransferOptions),
|
||||||
|
timeout, context);
|
||||||
@@ -0,0 +1,29 @@
|
|||||||
|
<!DOCTYPE qhelp PUBLIC "-//Semmle//qhelp//EN" "qhelp.dtd">
|
||||||
|
<qhelp>
|
||||||
|
|
||||||
|
|
||||||
|
<overview>
|
||||||
|
<p>Azure Storage .NET, Java, and Python SDKs support encryption on the client with a customer-managed key that is maintained in Azure Key Vault or another key store.</p>
|
||||||
|
<p>The Azure Storage SDK version 12.18.0 or later supports version <code>V2</code> for client-side encryption. All previous versions of Azure Storage SDK only support client-side encryption <code>V1</code> which is unsafe.</p>
|
||||||
|
|
||||||
|
</overview>
|
||||||
|
<recommendation>
|
||||||
|
|
||||||
|
<p>Consider switching to <code>V2</code> client-side encryption.</p>
|
||||||
|
|
||||||
|
</recommendation>
|
||||||
|
<example>
|
||||||
|
|
||||||
|
<sample src="UnsafeUsageOfClientSideEncryptionVersion.java" />
|
||||||
|
|
||||||
|
</example>
|
||||||
|
<references>
|
||||||
|
<li>
|
||||||
|
<a href="http://aka.ms/azstorageclientencryptionblog">Azure Storage Client Encryption Blog.</a>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30187">CVE-2022-30187</a>
|
||||||
|
</li>
|
||||||
|
|
||||||
|
</references>
|
||||||
|
</qhelp>
|
||||||
@@ -0,0 +1,92 @@
|
|||||||
|
/**
|
||||||
|
* @name Unsafe usage of v1 version of Azure Storage client-side encryption (CVE-2022-30187).
|
||||||
|
* @description Unsafe usage of v1 version of Azure Storage client-side encryption, please refer to http://aka.ms/azstorageclientencryptionblog
|
||||||
|
* @kind problem
|
||||||
|
* @tags security
|
||||||
|
* cryptography
|
||||||
|
* external/cwe/cwe-327
|
||||||
|
* @id java/azure-storage/unsafe-client-side-encryption-in-use
|
||||||
|
* @problem.severity error
|
||||||
|
* @precision high
|
||||||
|
*/
|
||||||
|
|
||||||
|
import java
|
||||||
|
import semmle.code.java.dataflow.DataFlow
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Holds if `call` is an object creation for a class `EncryptedBlobClientBuilder`
|
||||||
|
* that takes no arguments, which means that it is using V1 encryption.
|
||||||
|
*/
|
||||||
|
predicate isCreatingOutdatedAzureClientSideEncryptionObject(Call call, Class c) {
|
||||||
|
exists(string package, string type, Constructor constructor |
|
||||||
|
c.hasQualifiedName(package, type) and
|
||||||
|
c.getAConstructor() = constructor and
|
||||||
|
call.getCallee() = constructor and
|
||||||
|
(
|
||||||
|
type = "EncryptedBlobClientBuilder" and
|
||||||
|
package = "com.azure.storage.blob.specialized.cryptography" and
|
||||||
|
constructor.hasNoParameters()
|
||||||
|
or
|
||||||
|
type = "BlobEncryptionPolicy" and package = "com.microsoft.azure.storage.blob"
|
||||||
|
)
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Holds if `call` is an object creation for a class `EncryptedBlobClientBuilder`
|
||||||
|
* that takes `versionArg` as the argument specifying the encryption version.
|
||||||
|
*/
|
||||||
|
predicate isCreatingAzureClientSideEncryptionObjectNewVersion(Call call, Class c, Expr versionArg) {
|
||||||
|
exists(string package, string type, Constructor constructor |
|
||||||
|
c.hasQualifiedName(package, type) and
|
||||||
|
c.getAConstructor() = constructor and
|
||||||
|
call.getCallee() = constructor and
|
||||||
|
type = "EncryptedBlobClientBuilder" and
|
||||||
|
package = "com.azure.storage.blob.specialized.cryptography" and
|
||||||
|
versionArg = call.getArgument(0)
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* A dataflow config that tracks `EncryptedBlobClientBuilder.version` argument initialization.
|
||||||
|
*/
|
||||||
|
private class EncryptedBlobClientBuilderSafeEncryptionVersionConfig extends DataFlow::Configuration {
|
||||||
|
EncryptedBlobClientBuilderSafeEncryptionVersionConfig() {
|
||||||
|
this = "EncryptedBlobClientBuilderSafeEncryptionVersionConfig"
|
||||||
|
}
|
||||||
|
|
||||||
|
override predicate isSource(DataFlow::Node source) {
|
||||||
|
exists(FieldRead fr, Field f | fr = source.asExpr() |
|
||||||
|
f.getAnAccess() = fr and
|
||||||
|
f.hasQualifiedName("com.azure.storage.blob.specialized.cryptography", "EncryptionVersion",
|
||||||
|
"V2")
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
override predicate isSink(DataFlow::Node sink) {
|
||||||
|
isCreatingAzureClientSideEncryptionObjectNewVersion(_, _, sink.asExpr())
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Holds if `call` is an object creation for a class `EncryptedBlobClientBuilder`
|
||||||
|
* that takes `versionArg` as the argument specifying the encryption version, and that version is safe.
|
||||||
|
*/
|
||||||
|
predicate isCreatingSafeAzureClientSideEncryptionObject(Call call, Class c, Expr versionArg) {
|
||||||
|
isCreatingAzureClientSideEncryptionObjectNewVersion(call, c, versionArg) and
|
||||||
|
exists(EncryptedBlobClientBuilderSafeEncryptionVersionConfig config, DataFlow::Node sink |
|
||||||
|
sink.asExpr() = versionArg
|
||||||
|
|
|
||||||
|
config.hasFlow(_, sink)
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
from Expr e, Class c
|
||||||
|
where
|
||||||
|
exists(Expr argVersion |
|
||||||
|
isCreatingAzureClientSideEncryptionObjectNewVersion(e, c, argVersion) and
|
||||||
|
not isCreatingSafeAzureClientSideEncryptionObject(e, c, argVersion)
|
||||||
|
)
|
||||||
|
or
|
||||||
|
isCreatingOutdatedAzureClientSideEncryptionObject(e, c)
|
||||||
|
select e, "Unsafe usage of v1 version of Azure Storage client-side encryption."
|
||||||
@@ -1,5 +1,5 @@
|
|||||||
name: codeql/java-queries
|
name: codeql/java-queries
|
||||||
version: 0.3.0
|
version: 0.3.1-dev
|
||||||
groups:
|
groups:
|
||||||
- java
|
- java
|
||||||
- queries
|
- queries
|
||||||
|
|||||||
@@ -20,3 +20,15 @@ private class KtExpectationComment extends KtComment, ExpectationComment {
|
|||||||
|
|
||||||
override string getContents() { result = this.getText().suffix(2).trim() }
|
override string getContents() { result = this.getText().suffix(2).trim() }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private class XmlExpectationComment extends ExpectationComment instanceof XMLComment {
|
||||||
|
override string getContents() { result = this.(XMLComment).getText().trim() }
|
||||||
|
|
||||||
|
override Location getLocation() { result = this.(XMLComment).getLocation() }
|
||||||
|
|
||||||
|
override predicate hasLocationInfo(string path, int sl, int sc, int el, int ec) {
|
||||||
|
this.(XMLComment).hasLocationInfo(path, sl, sc, el, ec)
|
||||||
|
}
|
||||||
|
|
||||||
|
override string toString() { result = this.(XMLComment).toString() }
|
||||||
|
}
|
||||||
|
|||||||
@@ -0,0 +1,9 @@
|
|||||||
|
| test.kt:5:14:5:14 | hasNext(...) |
|
||||||
|
| test.kt:5:14:5:14 | iterator(...) |
|
||||||
|
| test.kt:5:14:5:14 | next(...) |
|
||||||
|
| test.kt:6:14:6:14 | hasNext(...) |
|
||||||
|
| test.kt:6:14:6:14 | iterator(...) |
|
||||||
|
| test.kt:6:14:6:14 | next(...) |
|
||||||
|
| test.kt:7:14:7:14 | hasNext(...) |
|
||||||
|
| test.kt:7:14:7:14 | iterator(...) |
|
||||||
|
| test.kt:7:14:7:14 | next(...) |
|
||||||
@@ -0,0 +1,11 @@
|
|||||||
|
fun test(x: Array<String>, y: Array<*>, z: IntArray): Int {
|
||||||
|
|
||||||
|
var ret = 0
|
||||||
|
|
||||||
|
for (el in x) { ret += 1 }
|
||||||
|
for (el in y) { ret += 1 }
|
||||||
|
for (el in z) { ret += 1 }
|
||||||
|
|
||||||
|
return ret
|
||||||
|
|
||||||
|
}
|
||||||
@@ -0,0 +1,4 @@
|
|||||||
|
import java
|
||||||
|
|
||||||
|
from MethodAccess ma
|
||||||
|
select ma
|
||||||
@@ -14,8 +14,8 @@ calls
|
|||||||
| test.kt:22:15:22:33 | setter(...) | test.kt:12:1:25:1 | user | test.kt:0:0:0:0 | TestKt | file:///!unknown-binary-location/Generic.class:0:0:0:0 | setter | file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic<? super String> |
|
| test.kt:22:15:22:33 | setter(...) | test.kt:12:1:25:1 | user | test.kt:0:0:0:0 | TestKt | file:///!unknown-binary-location/Generic.class:0:0:0:0 | setter | file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic<? super String> |
|
||||||
| test.kt:23:15:23:22 | getter(...) | test.kt:12:1:25:1 | user | test.kt:0:0:0:0 | TestKt | file:///!unknown-binary-location/Generic.class:0:0:0:0 | getter | file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic<? super String> |
|
| test.kt:23:15:23:22 | getter(...) | test.kt:12:1:25:1 | user | test.kt:0:0:0:0 | TestKt | file:///!unknown-binary-location/Generic.class:0:0:0:0 | getter | file:///!unknown-binary-location/Generic.class:0:0:0:0 | Generic<? super String> |
|
||||||
constructors
|
constructors
|
||||||
| Generic2.class:0:0:0:0 | Generic2<? extends String> | Generic2.class:0:0:0:0 | Generic2<? extends String> | Generic2<? extends String>(java.lang.String) | ? extends String | void | Test.java:1:7:1:14 | Generic2 | Test.java:3:10:3:17 | Generic2 |
|
| Generic2.class:0:0:0:0 | Generic2<? extends String> | Generic2.class:0:0:0:0 | Generic2<? extends String> | Generic2<? extends String>(<nulltype>) | <nulltype> | void | Test.java:1:7:1:14 | Generic2 | Test.java:3:10:3:17 | Generic2 |
|
||||||
| Generic2.class:0:0:0:0 | Generic2<? super String> | Generic2.class:0:0:0:0 | Generic2<? super String> | Generic2<? super String>(java.lang.Object) | ? super String | void | Test.java:1:7:1:14 | Generic2 | Test.java:3:10:3:17 | Generic2 |
|
| Generic2.class:0:0:0:0 | Generic2<? super String> | Generic2.class:0:0:0:0 | Generic2<? super String> | Generic2<? super String>(java.lang.String) | String | void | Test.java:1:7:1:14 | Generic2 | Test.java:3:10:3:17 | Generic2 |
|
||||||
| Generic2.class:0:0:0:0 | Generic2<String> | Generic2.class:0:0:0:0 | Generic2<String> | Generic2<String>(java.lang.String) | String | void | Test.java:1:7:1:14 | Generic2 | Test.java:3:10:3:17 | Generic2 |
|
| Generic2.class:0:0:0:0 | Generic2<String> | Generic2.class:0:0:0:0 | Generic2<String> | Generic2<String>(java.lang.String) | String | void | Test.java:1:7:1:14 | Generic2 | Test.java:3:10:3:17 | Generic2 |
|
||||||
| Test.java:1:7:1:14 | Generic2 | Test.java:3:10:3:17 | Generic2 | Generic2(java.lang.Object) | T | void | Test.java:1:7:1:14 | Generic2 | Test.java:3:10:3:17 | Generic2 |
|
| Test.java:1:7:1:14 | Generic2 | Test.java:3:10:3:17 | Generic2 | Generic2(java.lang.Object) | T | void | Test.java:1:7:1:14 | Generic2 | Test.java:3:10:3:17 | Generic2 |
|
||||||
| Test.java:14:14:14:17 | Test | Test.java:14:14:14:17 | Test | Test() | No parameters | void | Test.java:14:14:14:17 | Test | Test.java:14:14:14:17 | Test |
|
| Test.java:14:14:14:17 | Test | Test.java:14:14:14:17 | Test | Test() | No parameters | void | Test.java:14:14:14:17 | Test | Test.java:14:14:14:17 | Test |
|
||||||
@@ -34,14 +34,14 @@ refTypes
|
|||||||
| test.kt:1:1:10:1 | Generic |
|
| test.kt:1:1:10:1 | Generic |
|
||||||
| test.kt:1:15:1:15 | T |
|
| test.kt:1:15:1:15 | T |
|
||||||
#select
|
#select
|
||||||
| Generic2.class:0:0:0:0 | Generic2<? extends String> | Generic2.class:0:0:0:0 | getter | getter() | No parameters | ? extends String | Test.java:1:7:1:14 | Generic2 | Test.java:9:5:9:10 | getter |
|
| Generic2.class:0:0:0:0 | Generic2<? extends String> | Generic2.class:0:0:0:0 | getter | getter() | No parameters | String | Test.java:1:7:1:14 | Generic2 | Test.java:9:5:9:10 | getter |
|
||||||
| Generic2.class:0:0:0:0 | Generic2<? extends String> | Generic2.class:0:0:0:0 | identity | identity(java.lang.String) | ? extends String | ? extends String | Test.java:1:7:1:14 | Generic2 | Test.java:8:5:8:12 | identity |
|
| Generic2.class:0:0:0:0 | Generic2<? extends String> | Generic2.class:0:0:0:0 | identity | identity(<nulltype>) | <nulltype> | String | Test.java:1:7:1:14 | Generic2 | Test.java:8:5:8:12 | identity |
|
||||||
| Generic2.class:0:0:0:0 | Generic2<? extends String> | Generic2.class:0:0:0:0 | identity2 | identity2(java.lang.String) | ? extends String | ? extends String | Test.java:1:7:1:14 | Generic2 | Test.java:7:5:7:13 | identity2 |
|
| Generic2.class:0:0:0:0 | Generic2<? extends String> | Generic2.class:0:0:0:0 | identity2 | identity2(<nulltype>) | <nulltype> | String | Test.java:1:7:1:14 | Generic2 | Test.java:7:5:7:13 | identity2 |
|
||||||
| Generic2.class:0:0:0:0 | Generic2<? extends String> | Generic2.class:0:0:0:0 | setter | setter(java.lang.String) | ? extends String | void | Test.java:1:7:1:14 | Generic2 | Test.java:10:8:10:13 | setter |
|
| Generic2.class:0:0:0:0 | Generic2<? extends String> | Generic2.class:0:0:0:0 | setter | setter(<nulltype>) | <nulltype> | void | Test.java:1:7:1:14 | Generic2 | Test.java:10:8:10:13 | setter |
|
||||||
| Generic2.class:0:0:0:0 | Generic2<? super String> | Generic2.class:0:0:0:0 | getter | getter() | No parameters | ? super String | Test.java:1:7:1:14 | Generic2 | Test.java:9:5:9:10 | getter |
|
| Generic2.class:0:0:0:0 | Generic2<? super String> | Generic2.class:0:0:0:0 | getter | getter() | No parameters | Object | Test.java:1:7:1:14 | Generic2 | Test.java:9:5:9:10 | getter |
|
||||||
| Generic2.class:0:0:0:0 | Generic2<? super String> | Generic2.class:0:0:0:0 | identity | identity(java.lang.Object) | ? super String | ? super String | Test.java:1:7:1:14 | Generic2 | Test.java:8:5:8:12 | identity |
|
| Generic2.class:0:0:0:0 | Generic2<? super String> | Generic2.class:0:0:0:0 | identity | identity(java.lang.String) | String | Object | Test.java:1:7:1:14 | Generic2 | Test.java:8:5:8:12 | identity |
|
||||||
| Generic2.class:0:0:0:0 | Generic2<? super String> | Generic2.class:0:0:0:0 | identity2 | identity2(java.lang.Object) | ? super String | ? super String | Test.java:1:7:1:14 | Generic2 | Test.java:7:5:7:13 | identity2 |
|
| Generic2.class:0:0:0:0 | Generic2<? super String> | Generic2.class:0:0:0:0 | identity2 | identity2(java.lang.String) | String | Object | Test.java:1:7:1:14 | Generic2 | Test.java:7:5:7:13 | identity2 |
|
||||||
| Generic2.class:0:0:0:0 | Generic2<? super String> | Generic2.class:0:0:0:0 | setter | setter(java.lang.Object) | ? super String | void | Test.java:1:7:1:14 | Generic2 | Test.java:10:8:10:13 | setter |
|
| Generic2.class:0:0:0:0 | Generic2<? super String> | Generic2.class:0:0:0:0 | setter | setter(java.lang.String) | String | void | Test.java:1:7:1:14 | Generic2 | Test.java:10:8:10:13 | setter |
|
||||||
| Generic2.class:0:0:0:0 | Generic2<String> | Generic2.class:0:0:0:0 | getter | getter() | No parameters | String | Test.java:1:7:1:14 | Generic2 | Test.java:9:5:9:10 | getter |
|
| Generic2.class:0:0:0:0 | Generic2<String> | Generic2.class:0:0:0:0 | getter | getter() | No parameters | String | Test.java:1:7:1:14 | Generic2 | Test.java:9:5:9:10 | getter |
|
||||||
| Generic2.class:0:0:0:0 | Generic2<String> | Generic2.class:0:0:0:0 | identity | identity(java.lang.String) | String | String | Test.java:1:7:1:14 | Generic2 | Test.java:8:5:8:12 | identity |
|
| Generic2.class:0:0:0:0 | Generic2<String> | Generic2.class:0:0:0:0 | identity | identity(java.lang.String) | String | String | Test.java:1:7:1:14 | Generic2 | Test.java:8:5:8:12 | identity |
|
||||||
| Generic2.class:0:0:0:0 | Generic2<String> | Generic2.class:0:0:0:0 | identity2 | identity2(java.lang.String) | String | String | Test.java:1:7:1:14 | Generic2 | Test.java:7:5:7:13 | identity2 |
|
| Generic2.class:0:0:0:0 | Generic2<String> | Generic2.class:0:0:0:0 | identity2 | identity2(java.lang.String) | String | String | Test.java:1:7:1:14 | Generic2 | Test.java:7:5:7:13 | identity2 |
|
||||||
|
|||||||
@@ -8,7 +8,7 @@ reflection.kt:
|
|||||||
# 46| 0: [TypeAccess] String
|
# 46| 0: [TypeAccess] String
|
||||||
# 47| 5: [BlockStmt] { ... }
|
# 47| 5: [BlockStmt] { ... }
|
||||||
# 47| 0: [ReturnStmt] return ...
|
# 47| 0: [ReturnStmt] return ...
|
||||||
# 47| 0: [MethodAccess] get(...)
|
# 47| 0: [MethodAccess] charAt(...)
|
||||||
# 47| -1: [ExtensionReceiverAccess] this
|
# 47| -1: [ExtensionReceiverAccess] this
|
||||||
# 47| 0: [SubExpr] ... - ...
|
# 47| 0: [SubExpr] ... - ...
|
||||||
# 47| 0: [MethodAccess] length(...)
|
# 47| 0: [MethodAccess] length(...)
|
||||||
|
|||||||
@@ -0,0 +1,5 @@
|
|||||||
|
public class Test {
|
||||||
|
|
||||||
|
public char f(String s) { return s.charAt(0); }
|
||||||
|
|
||||||
|
}
|
||||||
@@ -0,0 +1,2 @@
|
|||||||
|
| Test.java:3:36:3:46 | charAt(...) |
|
||||||
|
| test.kt:2:20:2:23 | charAt(...) |
|
||||||
2
java/ql/test/kotlin/library-tests/string-charat/test.kt
Normal file
2
java/ql/test/kotlin/library-tests/string-charat/test.kt
Normal file
@@ -0,0 +1,2 @@
|
|||||||
|
|
||||||
|
fun f(x: String) = x[0]
|
||||||
4
java/ql/test/kotlin/library-tests/string-charat/test.ql
Normal file
4
java/ql/test/kotlin/library-tests/string-charat/test.ql
Normal file
@@ -0,0 +1,4 @@
|
|||||||
|
import java
|
||||||
|
|
||||||
|
from MethodAccess ma
|
||||||
|
select ma
|
||||||
@@ -0,0 +1,2 @@
|
|||||||
|
| test.kt:31:17:31:24 | source(...) | test.kt:31:15:31:25 | f(...) |
|
||||||
|
| test.kt:32:17:32:24 | source(...) | test.kt:32:15:32:25 | g(...) |
|
||||||
36
java/ql/test/kotlin/library-tests/super-method-calls/test.kt
Normal file
36
java/ql/test/kotlin/library-tests/super-method-calls/test.kt
Normal file
@@ -0,0 +1,36 @@
|
|||||||
|
open class A {
|
||||||
|
|
||||||
|
open fun f(x: String) = x
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
interface B {
|
||||||
|
|
||||||
|
fun g(x: String) = x
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
interface C {
|
||||||
|
|
||||||
|
fun g(x: String) = x
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
class User : A(), B, C {
|
||||||
|
|
||||||
|
override fun f(x: String) = super.f(x)
|
||||||
|
|
||||||
|
override fun g(x: String) = super<B>.g(x)
|
||||||
|
|
||||||
|
fun source() = "tainted"
|
||||||
|
|
||||||
|
fun sink(s: String) { }
|
||||||
|
|
||||||
|
fun test() {
|
||||||
|
|
||||||
|
sink(this.f(source()))
|
||||||
|
sink(this.g(source()))
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
18
java/ql/test/kotlin/library-tests/super-method-calls/test.ql
Normal file
18
java/ql/test/kotlin/library-tests/super-method-calls/test.ql
Normal file
@@ -0,0 +1,18 @@
|
|||||||
|
import java
|
||||||
|
import semmle.code.java.dataflow.DataFlow
|
||||||
|
|
||||||
|
class Config extends DataFlow::Configuration {
|
||||||
|
Config() { this = "abc" }
|
||||||
|
|
||||||
|
override predicate isSource(DataFlow::Node n) {
|
||||||
|
n.asExpr().(MethodAccess).getMethod().getName() = "source"
|
||||||
|
}
|
||||||
|
|
||||||
|
override predicate isSink(DataFlow::Node n) {
|
||||||
|
n.asExpr().(Argument).getCall().getCallee().getName() = "sink"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
from Config c, DataFlow::Node n1, DataFlow::Node n2
|
||||||
|
where c.hasFlow(n1, n2)
|
||||||
|
select n1, n2
|
||||||
328
java/ql/test/library-tests/scanner/Test.java
Normal file
328
java/ql/test/library-tests/scanner/Test.java
Normal file
@@ -0,0 +1,328 @@
|
|||||||
|
package generatedtest;
|
||||||
|
|
||||||
|
import java.io.File;
|
||||||
|
import java.io.InputStream;
|
||||||
|
import java.math.BigDecimal;
|
||||||
|
import java.math.BigInteger;
|
||||||
|
import java.nio.channels.ReadableByteChannel;
|
||||||
|
import java.nio.charset.Charset;
|
||||||
|
import java.nio.file.Path;
|
||||||
|
import java.util.Scanner;
|
||||||
|
import java.util.regex.Pattern;
|
||||||
|
|
||||||
|
// Test case generated by GenerateFlowTestCase.ql
|
||||||
|
public class Test {
|
||||||
|
|
||||||
|
Object source() {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
void sink(Object o) {}
|
||||||
|
|
||||||
|
public void test() throws Exception {
|
||||||
|
|
||||||
|
{
|
||||||
|
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
|
||||||
|
Scanner out = null;
|
||||||
|
File in = (File) source();
|
||||||
|
out = new Scanner(in);
|
||||||
|
sink(out); // $ hasTaintFlow
|
||||||
|
}
|
||||||
|
{
|
||||||
|
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
|
||||||
|
Scanner out = null;
|
||||||
|
File in = (File) source();
|
||||||
|
out = new Scanner(in, (Charset) null);
|
||||||
|
sink(out); // $ hasTaintFlow
|
||||||
|
}
|
||||||
|
{
|
||||||
|
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
|
||||||
|
Scanner out = null;
|
||||||
|
File in = (File) source();
|
||||||
|
out = new Scanner(in, (String) null);
|
||||||
|
sink(out); // $ hasTaintFlow
|
||||||
|
}
|
||||||
|
{
|
||||||
|
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
|
||||||
|
Scanner out = null;
|
||||||
|
InputStream in = (InputStream) source();
|
||||||
|
out = new Scanner(in);
|
||||||
|
sink(out); // $ hasTaintFlow
|
||||||
|
}
|
||||||
|
{
|
||||||
|
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
|
||||||
|
Scanner out = null;
|
||||||
|
InputStream in = (InputStream) source();
|
||||||
|
out = new Scanner(in, (Charset) null);
|
||||||
|
sink(out); // $ hasTaintFlow
|
||||||
|
}
|
||||||
|
{
|
||||||
|
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
|
||||||
|
Scanner out = null;
|
||||||
|
InputStream in = (InputStream) source();
|
||||||
|
out = new Scanner(in, (String) null);
|
||||||
|
sink(out); // $ hasTaintFlow
|
||||||
|
}
|
||||||
|
{
|
||||||
|
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
|
||||||
|
Scanner out = null;
|
||||||
|
Path in = (Path) source();
|
||||||
|
out = new Scanner(in);
|
||||||
|
sink(out); // $ hasTaintFlow
|
||||||
|
}
|
||||||
|
{
|
||||||
|
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
|
||||||
|
Scanner out = null;
|
||||||
|
Path in = (Path) source();
|
||||||
|
out = new Scanner(in, (Charset) null);
|
||||||
|
sink(out); // $ hasTaintFlow
|
||||||
|
}
|
||||||
|
{
|
||||||
|
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
|
||||||
|
Scanner out = null;
|
||||||
|
Path in = (Path) source();
|
||||||
|
out = new Scanner(in, (String) null);
|
||||||
|
sink(out); // $ hasTaintFlow
|
||||||
|
}
|
||||||
|
{
|
||||||
|
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
|
||||||
|
Scanner out = null;
|
||||||
|
Readable in = (Readable) source();
|
||||||
|
out = new Scanner(in);
|
||||||
|
sink(out); // $ hasTaintFlow
|
||||||
|
}
|
||||||
|
{
|
||||||
|
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
|
||||||
|
Scanner out = null;
|
||||||
|
ReadableByteChannel in = (ReadableByteChannel) source();
|
||||||
|
out = new Scanner(in);
|
||||||
|
sink(out); // $ hasTaintFlow
|
||||||
|
}
|
||||||
|
{
|
||||||
|
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
|
||||||
|
Scanner out = null;
|
||||||
|
ReadableByteChannel in = (ReadableByteChannel) source();
|
||||||
|
out = new Scanner(in, (Charset) null);
|
||||||
|
sink(out); // $ hasTaintFlow
|
||||||
|
}
|
||||||
|
{
|
||||||
|
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
|
||||||
|
Scanner out = null;
|
||||||
|
ReadableByteChannel in = (ReadableByteChannel) source();
|
||||||
|
out = new Scanner(in, (String) null);
|
||||||
|
sink(out); // $ hasTaintFlow
|
||||||
|
}
|
||||||
|
{
|
||||||
|
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
|
||||||
|
Scanner out = null;
|
||||||
|
String in = (String) source();
|
||||||
|
out = new Scanner(in);
|
||||||
|
sink(out); // $ hasTaintFlow
|
||||||
|
}
|
||||||
|
{
|
||||||
|
// "java.util;Scanner;true;findInLine;;;Argument[-1];ReturnValue;taint;manual"
|
||||||
|
String out = null;
|
||||||
|
Scanner in = (Scanner) source();
|
||||||
|
out = in.findInLine((Pattern) null);
|
||||||
|
sink(out); // $ hasTaintFlow
|
||||||
|
}
|
||||||
|
{
|
||||||
|
// "java.util;Scanner;true;findInLine;;;Argument[-1];ReturnValue;taint;manual"
|
||||||
|
String out = null;
|
||||||
|
Scanner in = (Scanner) source();
|
||||||
|
out = in.findInLine((String) null);
|
||||||
|
sink(out); // $ hasTaintFlow
|
||||||
|
}
|
||||||
|
{
|
||||||
|
// "java.util;Scanner;true;findWithinHorizon;;;Argument[-1];ReturnValue;taint;manual"
|
||||||
|
String out = null;
|
||||||
|
Scanner in = (Scanner) source();
|
||||||
|
out = in.findWithinHorizon((Pattern) null, 0);
|
||||||
|
sink(out); // $ hasTaintFlow
|
||||||
|
}
|
||||||
|
{
|
||||||
|
// "java.util;Scanner;true;findWithinHorizon;;;Argument[-1];ReturnValue;taint;manual"
|
||||||
|
String out = null;
|
||||||
|
Scanner in = (Scanner) source();
|
||||||
|
out = in.findWithinHorizon((String) null, 0);
|
||||||
|
sink(out); // $ hasTaintFlow
|
||||||
|
}
|
||||||
|
{
|
||||||
|
// "java.util;Scanner;true;next;;;Argument[-1];ReturnValue;taint;manual"
|
||||||
|
String out = null;
|
||||||
|
Scanner in = (Scanner) source();
|
||||||
|
out = in.next((Pattern) null);
|
||||||
|
sink(out); // $ hasTaintFlow
|
||||||
|
}
|
||||||
|
{
|
||||||
|
// "java.util;Scanner;true;next;;;Argument[-1];ReturnValue;taint;manual"
|
||||||
|
String out = null;
|
||||||
|
Scanner in = (Scanner) source();
|
||||||
|
out = in.next((String) null);
|
||||||
|
sink(out); // $ hasTaintFlow
|
||||||
|
}
|
||||||
|
{
|
||||||
|
// "java.util;Scanner;true;next;;;Argument[-1];ReturnValue;taint;manual"
|
||||||
|
String out = null;
|
||||||
|
Scanner in = (Scanner) source();
|
||||||
|
out = in.next();
|
||||||
|
sink(out); // $ hasTaintFlow
|
||||||
|
}
|
||||||
|
{
|
||||||
|
// "java.util;Scanner;true;nextBigDecimal;;;Argument[-1];ReturnValue;taint;manual"
|
||||||
|
BigDecimal out = null;
|
||||||
|
Scanner in = (Scanner) source();
|
||||||
|
out = in.nextBigDecimal();
|
||||||
|
sink(out); // $ hasTaintFlow
|
||||||
|
}
|
||||||
|
{
|
||||||
|
// "java.util;Scanner;true;nextBigInteger;;;Argument[-1];ReturnValue;taint;manual"
|
||||||
|
BigInteger out = null;
|
||||||
|
Scanner in = (Scanner) source();
|
||||||
|
out = in.nextBigInteger();
|
||||||
|
sink(out); // $ hasTaintFlow
|
||||||
|
}
|
||||||
|
{
|
||||||
|
// "java.util;Scanner;true;nextBigInteger;;;Argument[-1];ReturnValue;taint;manual"
|
||||||
|
BigInteger out = null;
|
||||||
|
Scanner in = (Scanner) source();
|
||||||
|
out = in.nextBigInteger(0);
|
||||||
|
sink(out); // $ hasTaintFlow
|
||||||
|
}
|
||||||
|
{
|
||||||
|
// "java.util;Scanner;true;nextBoolean;;;Argument[-1];ReturnValue;taint;manual"
|
||||||
|
boolean out = false;
|
||||||
|
Scanner in = (Scanner) source();
|
||||||
|
out = in.nextBoolean();
|
||||||
|
sink(out); // $ hasTaintFlow
|
||||||
|
}
|
||||||
|
{
|
||||||
|
// "java.util;Scanner;true;nextByte;;;Argument[-1];ReturnValue;taint;manual"
|
||||||
|
byte out = 0;
|
||||||
|
Scanner in = (Scanner) source();
|
||||||
|
out = in.nextByte();
|
||||||
|
sink(out); // $ hasTaintFlow
|
||||||
|
}
|
||||||
|
{
|
||||||
|
// "java.util;Scanner;true;nextByte;;;Argument[-1];ReturnValue;taint;manual"
|
||||||
|
byte out = 0;
|
||||||
|
Scanner in = (Scanner) source();
|
||||||
|
out = in.nextByte(0);
|
||||||
|
sink(out); // $ hasTaintFlow
|
||||||
|
}
|
||||||
|
{
|
||||||
|
// "java.util;Scanner;true;nextDouble;;;Argument[-1];ReturnValue;taint;manual"
|
||||||
|
double out = 0;
|
||||||
|
Scanner in = (Scanner) source();
|
||||||
|
out = in.nextDouble();
|
||||||
|
sink(out); // $ hasTaintFlow
|
||||||
|
}
|
||||||
|
{
|
||||||
|
// "java.util;Scanner;true;nextFloat;;;Argument[-1];ReturnValue;taint;manual"
|
||||||
|
float out = 0;
|
||||||
|
Scanner in = (Scanner) source();
|
||||||
|
out = in.nextFloat();
|
||||||
|
sink(out); // $ hasTaintFlow
|
||||||
|
}
|
||||||
|
{
|
||||||
|
// "java.util;Scanner;true;nextInt;;;Argument[-1];ReturnValue;taint;manual"
|
||||||
|
int out = 0;
|
||||||
|
Scanner in = (Scanner) source();
|
||||||
|
out = in.nextInt();
|
||||||
|
sink(out); // $ hasTaintFlow
|
||||||
|
}
|
||||||
|
{
|
||||||
|
// "java.util;Scanner;true;nextInt;;;Argument[-1];ReturnValue;taint;manual"
|
||||||
|
int out = 0;
|
||||||
|
Scanner in = (Scanner) source();
|
||||||
|
out = in.nextInt(0);
|
||||||
|
sink(out); // $ hasTaintFlow
|
||||||
|
}
|
||||||
|
{
|
||||||
|
// "java.util;Scanner;true;nextLine;;;Argument[-1];ReturnValue;taint;manual"
|
||||||
|
String out = null;
|
||||||
|
Scanner in = (Scanner) source();
|
||||||
|
out = in.nextLine();
|
||||||
|
sink(out); // $ hasTaintFlow
|
||||||
|
}
|
||||||
|
{
|
||||||
|
// "java.util;Scanner;true;nextLong;;;Argument[-1];ReturnValue;taint;manual"
|
||||||
|
long out = 0;
|
||||||
|
Scanner in = (Scanner) source();
|
||||||
|
out = in.nextLong();
|
||||||
|
sink(out); // $ hasTaintFlow
|
||||||
|
}
|
||||||
|
{
|
||||||
|
// "java.util;Scanner;true;nextLong;;;Argument[-1];ReturnValue;taint;manual"
|
||||||
|
long out = 0;
|
||||||
|
Scanner in = (Scanner) source();
|
||||||
|
out = in.nextLong(0);
|
||||||
|
sink(out); // $ hasTaintFlow
|
||||||
|
}
|
||||||
|
{
|
||||||
|
// "java.util;Scanner;true;nextShort;;;Argument[-1];ReturnValue;taint;manual"
|
||||||
|
short out = 0;
|
||||||
|
Scanner in = (Scanner) source();
|
||||||
|
out = in.nextShort();
|
||||||
|
sink(out); // $ hasTaintFlow
|
||||||
|
}
|
||||||
|
{
|
||||||
|
// "java.util;Scanner;true;nextShort;;;Argument[-1];ReturnValue;taint;manual"
|
||||||
|
short out = 0;
|
||||||
|
Scanner in = (Scanner) source();
|
||||||
|
out = in.nextShort(0);
|
||||||
|
sink(out); // $ hasTaintFlow
|
||||||
|
}
|
||||||
|
{
|
||||||
|
// "java.util;Scanner;true;reset;;;Argument[-1];ReturnValue;value;manual"
|
||||||
|
Scanner out = null;
|
||||||
|
Scanner in = (Scanner) source();
|
||||||
|
out = in.reset();
|
||||||
|
sink(out); // $ hasValueFlow
|
||||||
|
}
|
||||||
|
{
|
||||||
|
// "java.util;Scanner;true;skip;;;Argument[-1];ReturnValue;value;manual"
|
||||||
|
Scanner out = null;
|
||||||
|
Scanner in = (Scanner) source();
|
||||||
|
out = in.skip((Pattern) null);
|
||||||
|
sink(out); // $ hasValueFlow
|
||||||
|
}
|
||||||
|
{
|
||||||
|
// "java.util;Scanner;true;skip;;;Argument[-1];ReturnValue;value;manual"
|
||||||
|
Scanner out = null;
|
||||||
|
Scanner in = (Scanner) source();
|
||||||
|
out = in.skip((String) null);
|
||||||
|
sink(out); // $ hasValueFlow
|
||||||
|
}
|
||||||
|
{
|
||||||
|
// "java.util;Scanner;true;useDelimiter;;;Argument[-1];ReturnValue;value;manual"
|
||||||
|
Scanner out = null;
|
||||||
|
Scanner in = (Scanner) source();
|
||||||
|
out = in.useDelimiter((Pattern) null);
|
||||||
|
sink(out); // $ hasValueFlow
|
||||||
|
}
|
||||||
|
{
|
||||||
|
// "java.util;Scanner;true;useDelimiter;;;Argument[-1];ReturnValue;value;manual"
|
||||||
|
Scanner out = null;
|
||||||
|
Scanner in = (Scanner) source();
|
||||||
|
out = in.useDelimiter((String) null);
|
||||||
|
sink(out); // $ hasValueFlow
|
||||||
|
}
|
||||||
|
{
|
||||||
|
// "java.util;Scanner;true;useLocale;;;Argument[-1];ReturnValue;value;manual"
|
||||||
|
Scanner out = null;
|
||||||
|
Scanner in = (Scanner) source();
|
||||||
|
out = in.useLocale(null);
|
||||||
|
sink(out); // $ hasValueFlow
|
||||||
|
}
|
||||||
|
{
|
||||||
|
// "java.util;Scanner;true;useRadix;;;Argument[-1];ReturnValue;value;manual"
|
||||||
|
Scanner out = null;
|
||||||
|
Scanner in = (Scanner) source();
|
||||||
|
out = in.useRadix(0);
|
||||||
|
sink(out); // $ hasValueFlow
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
2
java/ql/test/library-tests/scanner/test.ql
Normal file
2
java/ql/test/library-tests/scanner/test.ql
Normal file
@@ -0,0 +1,2 @@
|
|||||||
|
import java
|
||||||
|
import TestUtilities.InlineFlowTest
|
||||||
20
java/ql/test/library-tests/wildcard-substitution/Lib.java
Normal file
20
java/ql/test/library-tests/wildcard-substitution/Lib.java
Normal file
@@ -0,0 +1,20 @@
|
|||||||
|
import java.util.List;
|
||||||
|
|
||||||
|
public class Lib<T> {
|
||||||
|
|
||||||
|
public void takesVar(T t) { }
|
||||||
|
public void takesInvar(List<T> lt) { }
|
||||||
|
public void takesUnbound(List<?> lt) { }
|
||||||
|
public void takesExtends(List<? extends T> lt) { }
|
||||||
|
public void takesSuper(List<? super T> lt) { }
|
||||||
|
|
||||||
|
public T returnsVar() { return null; }
|
||||||
|
public List<T> returnsInvar() { return null; }
|
||||||
|
public List<?> returnsUnbound() { return null; }
|
||||||
|
public List<? extends T> returnsExtends() { return null; }
|
||||||
|
public List<? super T> returnsSuper() { return null; }
|
||||||
|
|
||||||
|
public void takesArray(T[] ts) { }
|
||||||
|
public T[] returnsArray() { return null; }
|
||||||
|
|
||||||
|
}
|
||||||
12
java/ql/test/library-tests/wildcard-substitution/User.java
Normal file
12
java/ql/test/library-tests/wildcard-substitution/User.java
Normal file
@@ -0,0 +1,12 @@
|
|||||||
|
public class User {
|
||||||
|
|
||||||
|
public static void test(Lib<CharSequence> invarLib, Lib<? extends CharSequence> extendsLib, Lib<? super CharSequence> superLib, Lib<?> unboundLib) {
|
||||||
|
|
||||||
|
invarLib.takesVar(null);
|
||||||
|
extendsLib.takesVar(null);
|
||||||
|
superLib.takesVar(null);
|
||||||
|
unboundLib.takesVar(null);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
@@ -0,0 +1,64 @@
|
|||||||
|
| Lib.class:0:0:0:0 | Lib<? extends CharSequence> | Lib.class:0:0:0:0 | returnsArray | CharSequence[] |
|
||||||
|
| Lib.class:0:0:0:0 | Lib<? extends CharSequence> | Lib.class:0:0:0:0 | returnsExtends | List<? extends CharSequence> |
|
||||||
|
| Lib.class:0:0:0:0 | Lib<? extends CharSequence> | Lib.class:0:0:0:0 | returnsInvar | List<? extends CharSequence> |
|
||||||
|
| Lib.class:0:0:0:0 | Lib<? extends CharSequence> | Lib.class:0:0:0:0 | returnsSuper | List<?> |
|
||||||
|
| Lib.class:0:0:0:0 | Lib<? extends CharSequence> | Lib.class:0:0:0:0 | returnsUnbound | List<?> |
|
||||||
|
| Lib.class:0:0:0:0 | Lib<? extends CharSequence> | Lib.class:0:0:0:0 | returnsVar | CharSequence |
|
||||||
|
| Lib.class:0:0:0:0 | Lib<? extends CharSequence> | Lib.class:0:0:0:0 | takesArray | <nulltype>[] |
|
||||||
|
| Lib.class:0:0:0:0 | Lib<? extends CharSequence> | Lib.class:0:0:0:0 | takesExtends | List<? extends CharSequence> |
|
||||||
|
| Lib.class:0:0:0:0 | Lib<? extends CharSequence> | Lib.class:0:0:0:0 | takesInvar | List<? extends CharSequence> |
|
||||||
|
| Lib.class:0:0:0:0 | Lib<? extends CharSequence> | Lib.class:0:0:0:0 | takesSuper | List<?> |
|
||||||
|
| Lib.class:0:0:0:0 | Lib<? extends CharSequence> | Lib.class:0:0:0:0 | takesUnbound | List<?> |
|
||||||
|
| Lib.class:0:0:0:0 | Lib<? extends CharSequence> | Lib.class:0:0:0:0 | takesVar | <nulltype> |
|
||||||
|
| Lib.class:0:0:0:0 | Lib<? super CharSequence> | Lib.class:0:0:0:0 | returnsArray | Object[] |
|
||||||
|
| Lib.class:0:0:0:0 | Lib<? super CharSequence> | Lib.class:0:0:0:0 | returnsExtends | List<?> |
|
||||||
|
| Lib.class:0:0:0:0 | Lib<? super CharSequence> | Lib.class:0:0:0:0 | returnsInvar | List<? super CharSequence> |
|
||||||
|
| Lib.class:0:0:0:0 | Lib<? super CharSequence> | Lib.class:0:0:0:0 | returnsSuper | List<? super CharSequence> |
|
||||||
|
| Lib.class:0:0:0:0 | Lib<? super CharSequence> | Lib.class:0:0:0:0 | returnsUnbound | List<?> |
|
||||||
|
| Lib.class:0:0:0:0 | Lib<? super CharSequence> | Lib.class:0:0:0:0 | returnsVar | Object |
|
||||||
|
| Lib.class:0:0:0:0 | Lib<? super CharSequence> | Lib.class:0:0:0:0 | takesArray | CharSequence[] |
|
||||||
|
| Lib.class:0:0:0:0 | Lib<? super CharSequence> | Lib.class:0:0:0:0 | takesExtends | List<?> |
|
||||||
|
| Lib.class:0:0:0:0 | Lib<? super CharSequence> | Lib.class:0:0:0:0 | takesInvar | List<? super CharSequence> |
|
||||||
|
| Lib.class:0:0:0:0 | Lib<? super CharSequence> | Lib.class:0:0:0:0 | takesSuper | List<? super CharSequence> |
|
||||||
|
| Lib.class:0:0:0:0 | Lib<? super CharSequence> | Lib.class:0:0:0:0 | takesUnbound | List<?> |
|
||||||
|
| Lib.class:0:0:0:0 | Lib<? super CharSequence> | Lib.class:0:0:0:0 | takesVar | CharSequence |
|
||||||
|
| Lib.class:0:0:0:0 | Lib<?> | Lib.class:0:0:0:0 | returnsArray | Object[] |
|
||||||
|
| Lib.class:0:0:0:0 | Lib<?> | Lib.class:0:0:0:0 | returnsExtends | List<? extends Object> |
|
||||||
|
| Lib.class:0:0:0:0 | Lib<?> | Lib.class:0:0:0:0 | returnsInvar | List<?> |
|
||||||
|
| Lib.class:0:0:0:0 | Lib<?> | Lib.class:0:0:0:0 | returnsSuper | List<?> |
|
||||||
|
| Lib.class:0:0:0:0 | Lib<?> | Lib.class:0:0:0:0 | returnsUnbound | List<?> |
|
||||||
|
| Lib.class:0:0:0:0 | Lib<?> | Lib.class:0:0:0:0 | returnsVar | Object |
|
||||||
|
| Lib.class:0:0:0:0 | Lib<?> | Lib.class:0:0:0:0 | takesArray | <nulltype>[] |
|
||||||
|
| Lib.class:0:0:0:0 | Lib<?> | Lib.class:0:0:0:0 | takesExtends | List<? extends Object> |
|
||||||
|
| Lib.class:0:0:0:0 | Lib<?> | Lib.class:0:0:0:0 | takesInvar | List<?> |
|
||||||
|
| Lib.class:0:0:0:0 | Lib<?> | Lib.class:0:0:0:0 | takesSuper | List<?> |
|
||||||
|
| Lib.class:0:0:0:0 | Lib<?> | Lib.class:0:0:0:0 | takesUnbound | List<?> |
|
||||||
|
| Lib.class:0:0:0:0 | Lib<?> | Lib.class:0:0:0:0 | takesVar | <nulltype> |
|
||||||
|
| Lib.class:0:0:0:0 | Lib<CharSequence> | Lib.class:0:0:0:0 | returnsArray | CharSequence[] |
|
||||||
|
| Lib.class:0:0:0:0 | Lib<CharSequence> | Lib.class:0:0:0:0 | returnsExtends | List<? extends CharSequence> |
|
||||||
|
| Lib.class:0:0:0:0 | Lib<CharSequence> | Lib.class:0:0:0:0 | returnsInvar | List<CharSequence> |
|
||||||
|
| Lib.class:0:0:0:0 | Lib<CharSequence> | Lib.class:0:0:0:0 | returnsSuper | List<? super CharSequence> |
|
||||||
|
| Lib.class:0:0:0:0 | Lib<CharSequence> | Lib.class:0:0:0:0 | returnsUnbound | List<?> |
|
||||||
|
| Lib.class:0:0:0:0 | Lib<CharSequence> | Lib.class:0:0:0:0 | returnsVar | CharSequence |
|
||||||
|
| Lib.class:0:0:0:0 | Lib<CharSequence> | Lib.class:0:0:0:0 | takesArray | CharSequence[] |
|
||||||
|
| Lib.class:0:0:0:0 | Lib<CharSequence> | Lib.class:0:0:0:0 | takesExtends | List<? extends CharSequence> |
|
||||||
|
| Lib.class:0:0:0:0 | Lib<CharSequence> | Lib.class:0:0:0:0 | takesInvar | List<CharSequence> |
|
||||||
|
| Lib.class:0:0:0:0 | Lib<CharSequence> | Lib.class:0:0:0:0 | takesSuper | List<? super CharSequence> |
|
||||||
|
| Lib.class:0:0:0:0 | Lib<CharSequence> | Lib.class:0:0:0:0 | takesUnbound | List<?> |
|
||||||
|
| Lib.class:0:0:0:0 | Lib<CharSequence> | Lib.class:0:0:0:0 | takesVar | CharSequence |
|
||||||
|
| Lib.java:3:14:3:16 | Lib | Lib.java:5:15:5:22 | takesVar | T |
|
||||||
|
| Lib.java:3:14:3:16 | Lib | Lib.java:6:15:6:24 | takesInvar | List<T> |
|
||||||
|
| Lib.java:3:14:3:16 | Lib | Lib.java:7:15:7:26 | takesUnbound | List<?> |
|
||||||
|
| Lib.java:3:14:3:16 | Lib | Lib.java:8:15:8:26 | takesExtends | List<? extends T> |
|
||||||
|
| Lib.java:3:14:3:16 | Lib | Lib.java:9:15:9:24 | takesSuper | List<? super T> |
|
||||||
|
| Lib.java:3:14:3:16 | Lib | Lib.java:11:12:11:21 | returnsVar | T |
|
||||||
|
| Lib.java:3:14:3:16 | Lib | Lib.java:12:18:12:29 | returnsInvar | List<T> |
|
||||||
|
| Lib.java:3:14:3:16 | Lib | Lib.java:13:18:13:31 | returnsUnbound | List<?> |
|
||||||
|
| Lib.java:3:14:3:16 | Lib | Lib.java:14:28:14:41 | returnsExtends | List<? extends T> |
|
||||||
|
| Lib.java:3:14:3:16 | Lib | Lib.java:15:26:15:37 | returnsSuper | List<? super T> |
|
||||||
|
| Lib.java:3:14:3:16 | Lib | Lib.java:17:15:17:24 | takesArray | T[] |
|
||||||
|
| Lib.java:3:14:3:16 | Lib | Lib.java:18:14:18:25 | returnsArray | T[] |
|
||||||
|
| User.java:1:14:1:17 | User | User.java:3:22:3:25 | test | Lib<? extends CharSequence> |
|
||||||
|
| User.java:1:14:1:17 | User | User.java:3:22:3:25 | test | Lib<? super CharSequence> |
|
||||||
|
| User.java:1:14:1:17 | User | User.java:3:22:3:25 | test | Lib<?> |
|
||||||
|
| User.java:1:14:1:17 | User | User.java:3:22:3:25 | test | Lib<CharSequence> |
|
||||||
7
java/ql/test/library-tests/wildcard-substitution/test.ql
Normal file
7
java/ql/test/library-tests/wildcard-substitution/test.ql
Normal file
@@ -0,0 +1,7 @@
|
|||||||
|
import java
|
||||||
|
|
||||||
|
Type notVoid(Type t) { result = t and not result instanceof VoidType }
|
||||||
|
|
||||||
|
from Callable c
|
||||||
|
where c.getSourceDeclaration().fromSource()
|
||||||
|
select c.getDeclaringType(), c, notVoid([c.getAParamType(), c.getReturnType()]).toString()
|
||||||
3
java/ql/test/library-tests/xml/Test.java
Normal file
3
java/ql/test/library-tests/xml/Test.java
Normal file
@@ -0,0 +1,3 @@
|
|||||||
|
public class Test {
|
||||||
|
|
||||||
|
}
|
||||||
2
java/ql/test/library-tests/xml/XMLTest.expected
Normal file
2
java/ql/test/library-tests/xml/XMLTest.expected
Normal file
@@ -0,0 +1,2 @@
|
|||||||
|
| test.xml:4:5:4:32 | attribute=value | Unexpected result: hasXmlResult= |
|
||||||
|
| test.xml:5:29:5:52 | $ hasXmlResult | Missing result:hasXmlResult= |
|
||||||
17
java/ql/test/library-tests/xml/XMLTest.ql
Normal file
17
java/ql/test/library-tests/xml/XMLTest.ql
Normal file
@@ -0,0 +1,17 @@
|
|||||||
|
import semmle.code.xml.XML
|
||||||
|
import TestUtilities.InlineExpectationsTest
|
||||||
|
|
||||||
|
class XmlTest extends InlineExpectationsTest {
|
||||||
|
XmlTest() { this = "XmlTest" }
|
||||||
|
|
||||||
|
override string getARelevantTag() { result = "hasXmlResult" }
|
||||||
|
|
||||||
|
override predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||||
|
tag = "hasXmlResult" and
|
||||||
|
exists(XMLAttribute a |
|
||||||
|
a.getLocation() = location and
|
||||||
|
element = a.toString() and
|
||||||
|
value = ""
|
||||||
|
)
|
||||||
|
}
|
||||||
|
}
|
||||||
6
java/ql/test/library-tests/xml/test.xml
Normal file
6
java/ql/test/library-tests/xml/test.xml
Normal file
@@ -0,0 +1,6 @@
|
|||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
<document>
|
||||||
|
<element attribute="value">Text</element> <!-- $ hasXmlResult -->
|
||||||
|
<element attribute="value">Text</element> <!-- Missing -->
|
||||||
|
<element>Text</element> <!-- $ hasXmlResult --> <!-- Spurious -->
|
||||||
|
</document>
|
||||||
@@ -0,0 +1,11 @@
|
|||||||
|
import android.app.Activity
|
||||||
|
import android.content.Context
|
||||||
|
import android.content.SharedPreferences
|
||||||
|
|
||||||
|
class CleartextStorageSharedPrefsTestKt : Activity() {
|
||||||
|
fun testSetSharedPrefs1(context: Context, name: String, password: String) {
|
||||||
|
val sharedPrefs = context.getSharedPreferences("user_prefs", Context.MODE_PRIVATE);
|
||||||
|
sharedPrefs.edit().putString("name", name).apply(); // Safe
|
||||||
|
sharedPrefs.edit().putString("password", password).apply(); // $ hasCleartextStorageSharedPrefs
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -1 +1,2 @@
|
|||||||
// semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/google-android-9.0.0
|
// semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/google-android-9.0.0
|
||||||
|
// codeql-extractor-kotlin-options: ${testdir}/../../../stubs/google-android-9.0.0
|
||||||
|
|||||||
@@ -44,6 +44,7 @@
|
|||||||
|
|
||||||
<activity android:name=".UnsafeActivity3" android:exported="true" />
|
<activity android:name=".UnsafeActivity3" android:exported="true" />
|
||||||
<activity android:name=".UnsafeActivity4" android:exported="true" />
|
<activity android:name=".UnsafeActivity4" android:exported="true" />
|
||||||
|
<activity android:name=".UnsafeActivityKt" android:exported="true" />
|
||||||
|
|
||||||
<receiver android:name=".UnsafeAndroidBroadcastReceiver" android:exported="true" />
|
<receiver android:name=".UnsafeAndroidBroadcastReceiver" android:exported="true" />
|
||||||
</application>
|
</application>
|
||||||
|
|||||||
@@ -0,0 +1,20 @@
|
|||||||
|
package com.example.app
|
||||||
|
|
||||||
|
import android.app.Activity
|
||||||
|
import android.os.Bundle
|
||||||
|
import android.webkit.WebSettings
|
||||||
|
import android.webkit.WebView
|
||||||
|
import android.webkit.WebViewClient
|
||||||
|
|
||||||
|
class UnsafeActivityKt : Activity() {
|
||||||
|
override fun onCreate(savedInstanceState : Bundle) {
|
||||||
|
|
||||||
|
val wv = findViewById<WebView>(-1)
|
||||||
|
// Implicit not-nulls happening here
|
||||||
|
wv.settings.setJavaScriptEnabled(true)
|
||||||
|
wv.settings.setAllowFileAccessFromFileURLs(true)
|
||||||
|
|
||||||
|
val thisUrl : String = intent.extras.getString("url")
|
||||||
|
wv.loadUrl(thisUrl) // $ hasUnsafeAndroidAccess
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -1 +1,2 @@
|
|||||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/android
|
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/google-android-9.0.0
|
||||||
|
//codeql-extractor-kotlin-options: ${testdir}/../../../stubs/google-android-9.0.0
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
name: codeql/javascript-all
|
name: codeql/javascript-all
|
||||||
version: 0.2.1
|
version: 0.2.2-dev
|
||||||
groups: javascript
|
groups: javascript
|
||||||
dbscheme: semmlecode.javascript.dbscheme
|
dbscheme: semmlecode.javascript.dbscheme
|
||||||
extractor: javascript
|
extractor: javascript
|
||||||
|
|||||||
@@ -28,6 +28,9 @@ module Actions {
|
|||||||
/** Gets the `jobs` mapping from job IDs to job definitions in this workflow. */
|
/** Gets the `jobs` mapping from job IDs to job definitions in this workflow. */
|
||||||
YAMLMapping getJobs() { result = this.lookup("jobs") }
|
YAMLMapping getJobs() { result = this.lookup("jobs") }
|
||||||
|
|
||||||
|
/** Gets the name of the workflow. */
|
||||||
|
string getName() { result = this.lookup("name").(YAMLString).getValue() }
|
||||||
|
|
||||||
/** Gets the name of the workflow file. */
|
/** Gets the name of the workflow file. */
|
||||||
string getFileName() { result = this.getFile().getBaseName() }
|
string getFileName() { result = this.getFile().getBaseName() }
|
||||||
|
|
||||||
@@ -129,6 +132,9 @@ module Actions {
|
|||||||
|
|
||||||
/** Gets the value of the `if` field in this step, if any. */
|
/** Gets the value of the `if` field in this step, if any. */
|
||||||
StepIf getIf() { result.getStep() = this }
|
StepIf getIf() { result.getStep() = this }
|
||||||
|
|
||||||
|
/** Gets the ID of this step, if any. */
|
||||||
|
string getId() { result = this.lookup("id").(YAMLString).getValue() }
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user