Compare commits

...

422 Commits

Author SHA1 Message Date
dependabot[bot]
5c80daa550 Bump actions/cache from 3 to 4
Bumps [actions/cache](https://github.com/actions/cache) from 3 to 4.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-01-18 03:06:15 +00:00
Michael B. Gale
4a71ddd8b6 Merge pull request #15355 from github/mbg/go/increase-test-robustness
Go: Improve robustness of integration tests
2024-01-17 16:45:30 +00:00
Michael B. Gale
783f006d62 Go: Update go clean -modcache comment 2024-01-17 16:04:13 +00:00
Sid Shankar
2d71294f61 Merge pull request #15256 from sidshank/change/adjust-extracted-files-diagnostics
Js/Py/Rb: Report any extracted file as successfully extracted
2024-01-17 11:04:06 -05:00
Max Schaefer
3ae484868a Merge pull request #15326 from github/max-schaefer/automodel-negative-sink-models
Automodel: Apply negative characteristics only to endpoints of the right kind.
2024-01-17 15:54:28 +00:00
Calum Grant
4660a25d44 Merge pull request #15354 from github/calumgrant/shared-diagnostics
C++/Swift: Create shared library and share Diagnostics
2024-01-17 15:40:12 +00:00
Erik Krogh Kristensen
17466385e0 Merge pull request #15351 from erik-krogh/zero-to-question
JS/PY/JAVA/RB: mark the range [0-?] as good in the overly-large-range query
2024-01-17 15:51:42 +01:00
Michael B. Gale
c00520011c Go: Install integration test dependencies to local GOPATH 2024-01-17 14:51:06 +00:00
Michael B. Gale
afc673324f Go: Move integration test sources to subdirectories 2024-01-17 14:50:57 +00:00
Calum Grant
d57fc3d7db C++: Remove unneeded includes 2024-01-17 14:34:28 +00:00
Sid Shankar
2c683c910f Merge branch 'change/adjust-extracted-files-diagnostics' of https://github.com/sidshank/codeql into change/adjust-extracted-files-diagnostics 2024-01-17 14:32:36 +00:00
Sid Shankar
0824ab77e9 Adds change notes 2024-01-17 14:31:40 +00:00
Max Schaefer
8614d7bddb Address review feedback. 2024-01-17 14:29:52 +00:00
Calum Grant
51c5afff8b Create shared/cpp library and move Diagnostics there 2024-01-17 14:23:18 +00:00
AlexDenisov
8610c950e1 Merge pull request #15329 from github/alexdenisov/duplicate-destructor-calls
C++: update tests to pick up destructor changes
2024-01-17 15:05:30 +01:00
erik-krogh
1a8a70dc1b mark the range [0-?] as good in the overly-large-range query 2024-01-17 13:11:57 +01:00
Mathias Vorreiter Pedersen
b7a7963d05 Merge pull request #15348 from MathiasVP/remove-bad-magic-swift 2024-01-17 12:00:22 +00:00
Alex Denisov
f1049a4431 C++: update tests to pick up destructor changes 2024-01-17 12:05:30 +01:00
Michael B. Gale
5cf9bc2a76 Merge pull request #15341 from github/mbg/go/simplify-tests 2024-01-17 10:56:34 +00:00
Sid Shankar
59098be8c4 Merge branch 'main' into change/adjust-extracted-files-diagnostics 2024-01-16 21:51:41 -05:00
Mathias Vorreiter Pedersen
6391346ade Swift: Add 'nomagic'. 2024-01-16 23:08:20 +00:00
Mathias Vorreiter Pedersen
1fba345fb3 Merge pull request #15219 from rdmarsh2/rdmarsh2/swift/parameterized-cfg-library
Swift: switch to shared, parameterized CFG library
2024-01-16 21:54:05 +00:00
Shati Patel
e50a0ee7f9 Merge pull request #15333 from github/shati-patel/settings-telemetry
Add note about telemetry for CodeQL extension settings
2024-01-16 17:05:45 +00:00
Michael B. Gale
08c4dc1ea5 Go: Exclude all FlowSummaryNodes from test results 2024-01-16 15:51:40 +00:00
Alexander Eyers-Taylor
934474681d Merge pull request #15254 from github/post-release-prep/codeql-cli-2.16.0
Post-release preparation for codeql-cli-2.16.0
2024-01-16 14:50:40 +00:00
Calum Grant
e18ee790f2 Merge pull request #15322 from github/calumgrant/swift-diagnostics
Swift extractor: Generalise SwiftDiagnostics
2024-01-16 14:30:17 +00:00
AlexDenisov
696a72a127 Merge pull request #15259 from github/alexdenisov/swift-5.9.2
Swift: upgrade to 5.9.2
2024-01-16 12:49:13 +01:00
Calum Grant
7cadb0a574 Swift extractor: Simplify declarations back 2024-01-16 11:31:15 +00:00
Calum Grant
f400a5f49f Swift extractor: Fix Linux build 2024-01-16 11:05:05 +00:00
Calum Grant
2cc574dc70 Swift extractor: Use a global variable for the extractor name 2024-01-16 10:56:18 +00:00
Rasmus Wriedt Larsen
6f45de1095 Merge pull request #15325 from RasmusWL/c#-filter-order
C#: Respect order of `LGTM_INDEX_FILTERS` in buildless extraction
2024-01-16 09:28:44 +01:00
Tony Torralba
2246c969a3 Merge pull request #15244 from Marcono1234/marcono1234/regex-flags
Java: Improve Regex flag parsing
2024-01-16 08:25:49 +01:00
Shati Patel
c445b2b547 Add note about telemetry for CodeQL extension settings 2024-01-15 16:32:27 +00:00
Mathias Vorreiter Pedersen
c38ae93640 Swift: Fix import. 2024-01-15 15:42:51 +00:00
Mathias Vorreiter Pedersen
e735ced751 Swift: Autoformat. 2024-01-15 15:24:27 +00:00
Michael B. Gale
6c9f79cc32 Merge pull request #15327 from github/mbg/go/handle-pre-release-versions
Go: Better handle pre-release versions
2024-01-15 15:24:23 +00:00
github-actions[bot]
57df8b92df Post-release preparation for codeql-cli-2.16.0 2024-01-15 15:00:50 +00:00
Rasmus Wriedt Larsen
13c236227f C#: Apply suggestions from code review
Co-authored-by: Michael B. Gale <mbg@github.com>
2024-01-15 15:51:36 +01:00
Rasmus Wriedt Larsen
086e4f7f12 C#: Adjust test for LGTM_INDEX_FILTERS 2024-01-15 15:50:25 +01:00
Michael B. Gale
8c13429163 Go: Ensure getEnvGoSemVer returns a canonical SemVer 2024-01-15 14:20:48 +00:00
Michael B. Gale
a64c001637 Go: Remove unnecessary call to Canonical 2024-01-15 14:19:55 +00:00
Owen Mansel-Chan
63a914a324 Merge pull request #15324 from owen-mc/go/add-fasthttp-to-frameworks-for-coverage
Go: add fasthttp to frameworks for coverage
2024-01-15 14:15:19 +00:00
Michael B. Gale
42dcb5f94d Go: Better handle pre-release versions 2024-01-15 14:00:56 +00:00
Max Schaefer
90a4552c4f Fix omittable exists. 2024-01-15 13:45:03 +00:00
Max Schaefer
fee44074f7 Autoformat. 2024-01-15 13:44:45 +00:00
Max Schaefer
3befce98b3 When checking whether an endpoint has already been modelled, make sure to take the extensibleType into account. 2024-01-15 12:09:39 +00:00
Max Schaefer
68cf9aca12 Remove a few getExtensibleType checks which are now unnecessary. 2024-01-15 11:50:59 +00:00
Rasmus Wriedt Larsen
59d239b230 C#: Respect order of LGTM_INDEX_FILTERS in buildless extraction
That is, using `exclude:**/*\ninclude:**/*` should include everything.
2024-01-15 11:45:58 +01:00
Owen Mansel-Chan
d85628e6a6 Update Go coverage reports 2024-01-15 10:17:48 +00:00
Owen Mansel-Chan
216464f382 Add fasthttp framework to the coverage reports 2024-01-15 10:14:06 +00:00
Calum Grant
39edfa3c14 Swift extractor: Rename a SwiftDiagnostic to Diagnostic 2024-01-15 09:34:28 +00:00
Calum Grant
f82c29ee37 Swift extractor: Generalize SwiftDiagnostics 2024-01-15 09:12:26 +00:00
Owen Mansel-Chan
057ee85cd0 Merge pull request #14123 from am0o0/amammad-go-fastHttp
Go: fasthttp
2024-01-14 20:12:31 +00:00
Ian Lynagh
ff2b40a53d Merge pull request #15315 from igfoo/igfoo/typo
C++: Fix typo
2024-01-12 18:28:32 +00:00
Ian Lynagh
e357d18d35 C++: Fix typo 2024-01-12 17:57:34 +00:00
Max Schaefer
919330fb53 Some more performance refactoring. 2024-01-12 17:38:58 +00:00
Max Schaefer
bb63fcde43 Refactor to avoid bad join order. 2024-01-12 15:24:24 +00:00
Michael Nebel
275822f80d Merge pull request #15296 from michaelnebel/csharp/getruntimeargument
C#: Improve getRuntimeArgumentForParameter to consider named arguments.
2024-01-12 15:57:17 +01:00
Michael Nebel
9becd0876f Merge pull request #15179 from michaelnebel/modelgenrespectmanual
C#/Java: Increase precision of model generation.
2024-01-12 15:12:21 +01:00
Max Schaefer
45ca301593 Rename a predicate. 2024-01-12 13:18:05 +00:00
Michael Nebel
dcce93ac4c C#: Address more review comments. 2024-01-12 14:07:27 +01:00
Michael Nebel
37a21ec548 Java: Address review comments. 2024-01-12 13:36:23 +01:00
Michael Nebel
74cdcab6d8 Java: Update expected test output. 2024-01-12 13:36:23 +01:00
Michael Nebel
6af0bca777 Java: Avoid generating contradicting summary and neutral summary models. 2024-01-12 13:36:23 +01:00
Michael Nebel
03d4025b99 Java: Add a testcase where both a neutral summary and summary is being generated. 2024-01-12 13:36:23 +01:00
Michael Nebel
c7045fbb99 C#: Add some test cases for excluding methods for model generation. 2024-01-12 13:35:23 +01:00
Michael Nebel
8702293878 C#: Update expected test output for type based model generator. 2024-01-12 13:35:23 +01:00
Michael Nebel
81de9d35af C#/Java: Don't generate models if there exist a manual summary or neutral summary. 2024-01-12 13:35:22 +01:00
Max Schaefer
ea26e21454 Extend negative characteristics for exceptions to source models. 2024-01-12 12:20:22 +00:00
Max Schaefer
06ba5ea9f8 Eliminate GetCallable modules and use getCallable instead. 2024-01-12 12:03:49 +00:00
Max Schaefer
76b84301e3 Share some code. 2024-01-12 12:03:49 +00:00
Max Schaefer
9f443d4f83 Make Unexploitable*Characteristic more precise. 2024-01-12 12:03:41 +00:00
Mathias Vorreiter Pedersen
6bd31deb00 Merge pull request #15282 from MathiasVP/fix-duplicate-final-global-value
C++: Fix duplicate "final global value" nodes
2024-01-12 11:05:19 +00:00
Max Schaefer
a8336328fd Merge pull request #15176 from github/max-schaefer/py-url-redirection-qhelp
Python: Mention more sanitisation options in py/url-redirection qhelp.
2024-01-12 10:50:33 +00:00
Michael Nebel
c68f9b05cd C#: Address review comments. 2024-01-12 11:24:37 +01:00
Mathias Vorreiter Pedersen
8f36584bd9 C++: Fix Code Scanning errors. 2024-01-12 10:20:20 +00:00
Mathias Vorreiter Pedersen
34980bfe20 C++: Add more QLDoc. 2024-01-12 10:12:34 +00:00
Tony Torralba
448439e76b Merge pull request #15294 from atorralba/atorralba/go/insecure-randomness-index-flowstep
Go: Recognize unsafe candidate selection in `go/insecure-randomness`
2024-01-12 11:08:56 +01:00
Owen Mansel-Chan
6945289afc Merge pull request #15246 from owen-mc/java/manual-neutral-overrides-generated
C#/Java: Manual neutral summaries should block generated summaries
2024-01-12 10:05:18 +00:00
Owen Mansel-Chan
ed4843f397 Merge pull request #15302 from github/dependabot/go_modules/go/extractor/extractor-dependencies-159a68acba
Bump the extractor-dependencies group in /go/extractor with 1 update
2024-01-12 10:03:58 +00:00
Michael Nebel
9f14c7c408 Merge pull request #15297 from michaelnebel/csharp/typealias
C# 12: Type alias [Test only]
2024-01-12 11:03:25 +01:00
Felicity Chapman
e408078eaa Merge pull request #15235 from github/docs-11486-security-severity
Replace blog link with link to GitHub user docs
2024-01-12 09:21:08 +00:00
Tony Torralba
87c6a3e38c Merge pull request #15301 from github/workflow/coverage/update
Update CSV framework coverage reports
2024-01-12 09:31:27 +01:00
Tony Torralba
31c11add85 Updated change note 2024-01-12 08:55:24 +01:00
dependabot[bot]
dd08c31dc5 Bump the extractor-dependencies group in /go/extractor with 1 update
Bumps the extractor-dependencies group in /go/extractor with 1 update: [golang.org/x/tools](https://github.com/golang/tools).


Updates `golang.org/x/tools` from 0.16.1 to 0.17.0
- [Release notes](https://github.com/golang/tools/releases)
- [Commits](https://github.com/golang/tools/compare/v0.16.1...v0.17.0)

---
updated-dependencies:
- dependency-name: golang.org/x/tools
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: extractor-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-01-12 03:24:29 +00:00
github-actions[bot]
add9c4e489 Add changed framework coverage reports 2024-01-12 00:16:38 +00:00
Jeroen Ketema
1c9f5b8b74 Merge pull request #15300 from github/sashabu/uuidof
C++: Add a test with `__uuidof` in a template.
2024-01-12 00:05:49 +01:00
Felicity Chapman
f06cca8eff Merge branch 'main' into docs-11486-security-severity 2024-01-11 22:28:30 +00:00
Alexandre Boulgakov
3493252321 C++: Add a test with __uuidof in a template. 2024-01-11 22:11:50 +01:00
Andrew Eisenberg
42f6dbe0b1 Merge pull request #15288 from github/aeisenberg/problem.severity
Update query-metadata-style-guide.md clarify problem.severity
2024-01-11 12:53:13 -08:00
Asger F
59c9ac735a Merge pull request #15295 from asgerf/js/type-model-export
JS: Include sink nodes as base-case when resolving types
2024-01-11 20:47:32 +01:00
Tony Torralba
12c5b46a0a Reduce FPs
* Restrict allowed types in the flow step

* Discard more non-crypto-related TLS APIs
2024-01-11 16:20:46 +01:00
Michael Nebel
0fa2067c3f C#: Update expected test output. 2024-01-11 16:19:24 +01:00
Michael Nebel
b03eecb5ab C#: Add support for named arguments in getRuntimeArgumentForParameter. 2024-01-11 16:19:24 +01:00
Michael Nebel
85f0ad623b C#: Add testexample of using named arguments when calling a delegate. 2024-01-11 16:19:24 +01:00
Michael Nebel
8b464fbc4a Merge pull request #15249 from michaelnebel/csharp/lambdadefaultparams
C# 12: Support for lambda `param` parameter and parameter defaults.
2024-01-11 16:18:03 +01:00
Owen Mansel-Chan
5e9ddd8c63 Apply suggestions from code review on change notes
Co-authored-by: Michael Nebel <michaelnebel@github.com>
2024-01-11 15:15:21 +00:00
Michael Nebel
ef73fc3a6f C#: Add a test for type alias. 2024-01-11 16:13:35 +01:00
Owen Mansel-Chan
3c369f88bb Add change notes 2024-01-11 14:00:17 +00:00
Erik Krogh Kristensen
d782bd9b1f Merge pull request #13624 from jorgectf/seclab/dotjs
JS: Add `dot.js` support
2024-01-11 14:57:19 +01:00
Owen Mansel-Chan
def957e814 Accept review suggestion fixing a comment
Co-authored-by: Michael Nebel <michaelnebel@github.com>
2024-01-11 13:56:27 +00:00
Tom Hvitved
a1036c81ee Merge pull request #15273 from hvitved/ruby/captured-yield
Ruby: Handle captured `yield` calls
2024-01-11 14:34:34 +01:00
Owen Mansel-Chan
2f01688319 Merge pull request #15280 from owen-mc/java/add-manual-models-for-df-generation
Java: improve models for some important JDK methods
2024-01-11 12:47:37 +00:00
Asger F
82cee61999 JS: Include sink nodes as base-case when resolving types 2024-01-11 13:41:21 +01:00
Max Schaefer
6e9c90a6bb Properly distinguish negative source and sink characteristics.
In particular, `IsSanitizerCharacteristic` is a negative _source_ characteristic (not a negative sink characteristic), while `NeutralModelCharacteristic` is both.

This eliminates the erroneous test results.
2024-01-11 12:36:48 +00:00
Max Schaefer
ff4555ac5b Get rid of negative sink types.
Instead of positively implying the negative sink type, negative sink characteristics now negatively imply all sink types (but not source types). This is simpler and sice we will never have a huge number of sink types it doesn't impact performance either.

Changes to test results:

- The call to `createDirectories` at `Test.java:87` is now correctly classified as a source candidate, having previously been erroneously excluded by a negative _sink_ characteristic.
- The call to `compareTo` at `Test.java:48` is now erroneously classified as a source candidate; it should be suppressed by `IsSanitizerCharacteristic`, which is a negative sink characteristic, but should really be a negative source characteristic.
- In framework mode, several endpoints are now erroneously classified as source candidates even though they have neutral models, because `NeutralModelCharacteristic` is currently only a negative sink characteristic and not a negative source characteristic.
2024-01-11 12:19:53 +00:00
Max Schaefer
bcf4f4febd Drop a conjunct which is now spurious. 2024-01-11 11:56:59 +00:00
Max Schaefer
03ca244df2 Associate endpoints with their potential endpoint types and check these when determining candidates.
This prevents us from associating a sink candidate with a source type and vice versa.

However, this does not fix the problem of negative characteristics for sink types excluding source candidates.
2024-01-11 11:44:14 +00:00
Max Schaefer
a6d996b478 Add an example of a missed source candidate.
`Files.list` has a taint step from its first argument to its result, so that first argument should not be considered a sink candidate (and it is not). However, due to a bug in `IsMaDTaintStepCharacteristic` it is also not considered a source candidate, which is wrong: as the example shows, if that argument is a call we do very much want to consider it as a source candidate.
2024-01-11 11:27:34 +00:00
Max Schaefer
8e429bd399 Rename isSinkCandidate (and a related predicate) to isCandidate.
This reflects the fact that these predicates also deal with source candidates.
2024-01-11 11:20:51 +00:00
Tony Torralba
05b487e3a6 Go: Recognize unsafe candidate selection in go/insecure-randomness 2024-01-11 11:58:12 +01:00
Max Schaefer
dba2e06a1d Merge pull request #15283 from github/max-schaefer/release-automodel-query-pack
Release automodel extraction queries v0.0.12.
2024-01-11 10:28:55 +00:00
Tony Torralba
8ccacafb59 Merge pull request #15289 from github/workflow/coverage/update
Update CSV framework coverage reports
2024-01-11 10:15:34 +01:00
Michael Nebel
1770beea25 C#: Update QL doc for getRuntimeArgumentForParameter. 2024-01-11 09:07:15 +01:00
Michael Nebel
4c1e84b992 C#: Address review comments. 2024-01-11 09:07:15 +01:00
Michael Nebel
4dedc454ae C#: Add change-note. 2024-01-11 09:07:15 +01:00
Michael Nebel
e18534e748 C#: Force population of compiler generated delegates used for lambdas. 2024-01-11 09:07:15 +01:00
Michael Nebel
9a64e2a9b0 C#: Add test for lambda default parameters. 2024-01-11 09:07:15 +01:00
Michael Nebel
71c996a0be C#: Update lambdaArgument expected output. 2024-01-11 09:07:14 +01:00
Michael Nebel
b2faf3618c C#: Add support for params parameters in getRuntimeArgumentForParameter. 2024-01-11 09:07:14 +01:00
Michael Nebel
f0852c89bc C#: Add test for lambda arguments. 2024-01-11 09:07:14 +01:00
Paolo Tranquilli
482b5f3b29 Merge pull request #15265 from github/redsun82/def-to-non-header-include-exceptions
C++: add `.def` to exceptions to AV rule 32
2024-01-11 08:34:43 +01:00
github-actions[bot]
7db46b6ab6 Add changed framework coverage reports 2024-01-11 00:16:44 +00:00
Andrew Eisenberg
2f190d6552 Update docs/query-metadata-style-guide.md
Co-authored-by: Angela P Wen <angelapwen@github.com>
2024-01-10 14:27:00 -08:00
Owen Mansel-Chan
3767348dec Update test expectations 2024-01-10 22:25:08 +00:00
Owen Mansel-Chan
7824e60acd Manual neutral summaries should block generated summaries 2024-01-10 22:25:06 +00:00
Owen Mansel-Chan
52563b01b7 Factor logic out into interpretNeutral 2024-01-10 22:25:04 +00:00
Owen Mansel-Chan
370a32da8b Test summary models and neutral models, manual and generated 2024-01-10 22:25:02 +00:00
Andrew Eisenberg
303272d0d4 Update query-metadata-style-guide.md clarify problem.severity 2024-01-10 13:47:35 -08:00
Erik Krogh Kristensen
51fe477ed1 Merge pull request #15271 from erik-krogh/fastTS
JS: faster TypeScript extraction
2024-01-10 21:02:34 +01:00
Owen Mansel-Chan
9e2e01ff89 Update Top JDK APIs test expectation 2024-01-10 17:07:33 +00:00
Owen Mansel-Chan
33030417b4 Add change note 2024-01-10 15:48:28 +00:00
Tony Torralba
52d3e3da31 Merge pull request #15268 from atorralba/atorralba/go/cleartext-logging-src-and-sink-improvs
Go: Adds sources and sinks to `go/clear-text-logging`
2024-01-10 15:52:40 +01:00
Tom Hvitved
ad75562b55 CPP: Update expected test output 2024-01-10 15:27:22 +01:00
Ian Wright
3534bfca9c Merge pull request #15251 from github/z80coder/dry-run
Support dry-run of publishing script
2024-01-10 14:16:10 +00:00
Philip Ginsbach
a732199317 Merge pull request #15261 from github/ginsbach/WeakAliasesInLanguageReference
document weak aliases in the language reference
2024-01-10 13:55:10 +00:00
Ian Lynagh
f111fba4b7 Merge pull request #15269 from igfoo/igfoo/ktfmt
Kotlin: Reformat code
2024-01-10 13:35:35 +00:00
Tom Hvitved
295198744b Ruby: Handle captured yield calls 2024-01-10 14:25:15 +01:00
Tom Hvitved
55be4c39ef Ruby: Add data flow call sensitivity test 2024-01-10 14:25:12 +01:00
Paolo Tranquilli
1034c3d2f9 Merge pull request #15277 from github/redsun82/swift-fix-upgrade
Swift: fix upgrade and downgrade scripts
2024-01-10 14:19:25 +01:00
Tony Torralba
5e8c63c3aa Use arg position instead of arg as class field to reduce number of instances 2024-01-10 14:12:29 +01:00
Owen Mansel-Chan
28aa9b2b3c C#: Emulate that some methods don't have a body (so generated summaries will be applied) 2024-01-10 12:54:33 +00:00
erik-krogh
06c1fff770 address review comments 2024-01-10 13:53:54 +01:00
Tony Torralba
78c0cdfa2c Apply suggestions from code review
co-authored-by: Owen Mansel-Chan <owen-mc@github.com>
2024-01-10 13:33:41 +01:00
Tony Torralba
3534f692dc Fix test expectations
Barrier-in addition removes an overlapping path
2024-01-10 13:33:41 +01:00
Tony Torralba
80526e509e Go: Adds sources and sinks to go/clear-text-logging 2024-01-10 13:33:41 +01:00
Tony Torralba
ca0a1dc7ae Merge pull request #15267 from atorralba/atorralba/go/fmt-appenderorsprinter-mad
Go: Migrate AppenderOrSprinter model to models-as-data
2024-01-10 13:31:19 +01:00
Paolo Tranquilli
e64ce228bb Merge pull request #15276 from github/redsun82/cmake-drop-internal-transition
Bazel/CMake: drop confusing `_INTERNAL_TRANSITION` suffix
2024-01-10 13:18:33 +01:00
Mathias Vorreiter Pedersen
7a0cbb4e5a C++: Accept test changes. 2024-01-10 11:55:53 +00:00
Mathias Vorreiter Pedersen
0c3ea6c5df C++: Fix conflation issue. 2024-01-10 11:55:39 +00:00
Mathias Vorreiter Pedersen
259bf27334 C++: Add pointer/pointee conflation test. 2024-01-10 11:51:40 +00:00
Ian Wright
75545db97c restore files, whether overriding or not 2024-01-10 11:40:31 +00:00
Tony Torralba
46df5857ec Update test expectations 2024-01-10 12:31:02 +01:00
Max Schaefer
8d56ee4a56 Release automodel extraction queries v0.0.12. 2024-01-10 11:29:36 +00:00
Paolo Tranquilli
796c862623 Swift: fix downgrade script 2024-01-10 12:23:48 +01:00
Paolo Tranquilli
1d483cff1d Swift: fix upgrade script 2024-01-10 12:09:11 +01:00
Ian Wright
f793ce1e49 remove temp testing comments 2024-01-10 11:07:06 +00:00
Ian Wright
ed8422a2da remove need for CODEQL_DIST path 2024-01-10 11:07:06 +00:00
Ian Wright
0d2ec2d632 install codeql extension 2024-01-10 11:07:06 +00:00
Ian Wright
62bdaf069b use gh tool to access codeql 2024-01-10 11:07:05 +00:00
Ian Wright
30e5be68c9 temp comment for testing 2024-01-10 11:07:05 +00:00
Ian Wright
9895114e05 temp comment for testing 2024-01-10 11:07:05 +00:00
Ian Wright
0f76fbad36 better processing of args 2024-01-10 11:07:05 +00:00
Ian Wright
749f8b9807 fix help message 2024-01-10 11:07:05 +00:00
Ian Wright
00f4991648 support dry-run
fix

fix

temp

temp

better support for dry-run

fix

fix

fix

fix

reinstate exits
2024-01-10 11:07:05 +00:00
Paolo Tranquilli
b93d108400 Bazel/CMake: drop confusing _INTERNAL_TRANSITION suffix 2024-01-10 12:00:40 +01:00
Tony Torralba
dc911c3f28 Apply suggestions from code review
co-authored-by: Owen Mansel-Chan <owen-mc@github.com>
2024-01-10 11:53:53 +01:00
Philip Ginsbach
d38d4aadf2 try to be clearer about weak and strong aliases in the language reference 2024-01-10 10:53:20 +00:00
Tom Hvitved
c9cf2a899c Merge pull request #15260 from hvitved/dataflow/may-benefit-from-cctx-simplify
Data flow: Remove column from `mayBenefitFromCallContext`
2024-01-10 11:43:15 +01:00
Philip Ginsbach
29e4623d02 fix typos and other small improvements from review 2024-01-10 10:42:04 +00:00
Max Schaefer
ac8e92eec5 Merge pull request #15264 from github/max-schaefer/automodel-exclude-generated-calls
Automodel: Do not generate features for compiler-generated program elements.
2024-01-10 10:22:00 +00:00
Erik Krogh Kristensen
77b0c7f025 Merge pull request #15221 from erik-krogh/react-step
JS: promote `PropsTaintStep` to a `PreCallGraphStep`
2024-01-10 10:17:32 +01:00
Erik Krogh Kristensen
3000b4b9b3 rename PropsTaintStep to PropsFlowStep
Co-authored-by: Asger F <asgerf@github.com>
2024-01-10 09:45:29 +01:00
Tony Torralba
d6082f8446 Merge pull request #14926 from ebickle/fix/update-gson-model
Java: Improve Gson parse, get, and stream models
2024-01-10 09:11:01 +01:00
Michael Nebel
94bf5a41e6 Merge pull request #15225 from michaelnebel/java/modeldiffworkflow
Java: Bring the Model Diff workflow back into a working state.
2024-01-10 08:50:31 +01:00
Philip Ginsbach
1284fc529f documentation: update definition of applicativeness in the specification 2024-01-09 17:09:05 +00:00
Philip Ginsbach
b393bc9a88 documentation: update definition of definite environment in the specification 2024-01-09 17:08:59 +00:00
Philip Ginsbach
805e9d8910 documentation: weak and strong aliases in the specification 2024-01-09 17:00:45 +00:00
Max Schaefer
9b7cfd88cd Clarify relationship of isFromSource and Element::fromSource. 2024-01-09 16:21:36 +00:00
Tony Torralba
a0f6b5ea10 Update test expectations 2024-01-09 17:00:20 +01:00
Tony Torralba
da4049e25c Go: Migrate AppenderOrSprinter model to models-as-data 2024-01-09 16:35:47 +01:00
Ian Lynagh
bf611feab3 Kotlin: Reformat code
Using:
    java -jar ktfmt-0.46-jar-with-dependencies.jar --kotlinlang-style java/kotlin-extractor/**/*.kt
2024-01-09 15:33:41 +00:00
Paolo Tranquilli
27160b8861 C++: add change note 2024-01-09 15:31:43 +01:00
erik-krogh
d0fcb7d1ed faster TypeScript extraction by not having to compute the "type-string" for a type every time 2024-01-09 15:30:55 +01:00
Paolo Tranquilli
0bfeadbf1f C++: add .def to exception to test 2024-01-09 15:30:27 +01:00
Paolo Tranquilli
270df940ff C++: add .def to exceptions to AV rule 32
This is used as textual includes in several projects for macro
metaprogramming, for example in `llvm-project` and in `swift` (and since
some time in our internal codebase as well).
2024-01-09 15:18:13 +01:00
Max Schaefer
3e8775daaa Automodel: Do not generate features for compiler-generated program elements.
These have dummy locations, which breaks certain invariants that break downstream processing.
2024-01-09 13:39:46 +00:00
Ian Lynagh
0bc1463ab0 Merge pull request #14941 from igfoo/igfoo/dff
Kotlin 2: Accept some location changes
2024-01-09 12:20:37 +00:00
Ian Lynagh
95f336c05b Merge pull request #14393 from igfoo/igfoo/no1.4
Kotlin: Remove 1.4 compatibility
2024-01-09 12:20:15 +00:00
Mathias Vorreiter Pedersen
1c81c9b6e3 Merge pull request #15262 from MathiasVP/fix-qldoc-on-cmpWithLinearBound
C++: Fix QLDoc on `cmpWithLinearBound`
2024-01-09 11:16:42 +00:00
Philip Ginsbach
225aff47ed documentation: update section on applicativity 2024-01-09 10:39:18 +00:00
Philip Ginsbach
493158a3f5 documentation: add section no strong and weak aliases 2024-01-09 10:39:18 +00:00
Tom Hvitved
f90201eb56 Data flow: Remove column from mayBenefitFromCallContext 2024-01-09 11:34:43 +01:00
Mathias Vorreiter Pedersen
f5e1e49761 C++: Fix QLDoc on 'cmpWithLinearBound' as a response to #15248. 2024-01-09 10:07:22 +00:00
Alex Denisov
0e73531aa9 Swift: upgrade to 5.9.2 2024-01-09 09:23:32 +01:00
Tony Torralba
3224b5c1b9 Merge pull request #15257 from github/workflow/coverage/update
Update CSV framework coverage reports
2024-01-09 08:57:28 +01:00
github-actions[bot]
384cf90e8f Add changed framework coverage reports 2024-01-09 00:17:10 +00:00
Eric Bickle
f6fa7120d9 Merge branch 'main' into fix/update-gson-model 2024-01-08 15:46:14 -08:00
Sid Shankar
b26fef816a Rb: Report any extracted file as successfully extracted 2024-01-08 22:21:30 +00:00
Sid Shankar
fb660b8f05 Py: Report any extracted file as successfully extracted 2024-01-08 22:20:51 +00:00
Sid Shankar
e30a0d1e83 JS: Report any extracted file as successfully extracted 2024-01-08 22:19:33 +00:00
Robert Marsh
ec6d8da6b6 Swift: merge ControlFlowGraphParameter into ControlFlowGraphImplSpecific 2024-01-08 21:31:15 +00:00
Eric Bickle
929ce65af1 Remove zero width space characters. 2024-01-08 13:15:38 -08:00
Jeroen Ketema
9330afbe8a Merge pull request #15252 from jketema/builtin-rm
C++: Remove test that is no longer relevant
2024-01-08 20:38:46 +01:00
Edward Minnix III
e9467fe2d6 Merge pull request #14724 from egregius313/egregius313/java/environment-variable-injection
Java: Environment variable injection query
2024-01-08 13:06:31 -05:00
Mathias Vorreiter Pedersen
18bd0d0ad0 Merge pull request #14954 from microsoft/32-cpp-string-concatenation-library
32 cpp string concatenation library
2024-01-08 18:42:31 +01:00
Geoffrey White
2f6f376d2d Merge pull request #15230 from geoffw0/swiftui
Swift: Add dataflow tests for property wrappers and SwiftUI
2024-01-08 17:41:43 +00:00
Cornelius Riemenschneider
c84e85d35d Merge pull request #15232 from github/criemen/bump-bazel-rules
Bazel: Bump dependant rules versions.
2024-01-08 17:49:21 +01:00
Ian Lynagh
d7cdad04dd Merge pull request #14895 from igfoo/igfoo/kt-snap
Kotlin: Add a 2.0.255 snapshot
2024-01-08 16:13:03 +00:00
Ed Minnix
55da62e9cf Remove stray comma
Co-authored-by: Felicity Chapman <felicitymay@github.com>
2024-01-08 11:09:11 -05:00
Alex Ford
ef8ca55d92 Merge pull request #15203 from pwntester/patch-3
Ruby: Update Kernel.qll to include `Object.send` aliases
2024-01-08 15:32:57 +00:00
Chuan-kai Lin
a743fca3a5 Merge pull request #15243 from github/cklin/upgrade-delete-fixes-ruby
Ruby: Fix upgrade delete directives
2024-01-08 07:27:59 -08:00
Chuan-kai Lin
c4e5506a2c Merge pull request #15242 from github/cklin/upgrade-delete-fixes-csharp
C#: Fix upgrade delete directives
2024-01-08 07:27:40 -08:00
Chuan-kai Lin
d7e22b2ddd Merge pull request #15241 from github/cklin/upgrade-delete-fixes-cpp
C++: Fix upgrade delete directives
2024-01-08 07:27:27 -08:00
Chris Smowton
b7158ab1d7 Merge pull request #15231 from github/smowton/admin/note-java-21-support
Note Java 21 support
2024-01-08 15:19:48 +00:00
Ed Minnix
b8466b45be Update change note date 2024-01-08 09:39:11 -05:00
Edward Minnix III
2440075402 Remove off-topic reference
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
2024-01-08 09:39:10 -05:00
Edward Minnix III
3816271b3e Remove redundant CWE link
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
2024-01-08 09:39:10 -05:00
Ed Minnix
2eff6b351c Add comment 2024-01-08 09:39:09 -05:00
Ed Minnix
16bb19e176 Add OWASP and CERT references 2024-01-08 09:39:08 -05:00
Ed Minnix
9f974415c0 Add references to CWE-454 (External Initialization of Trusted Variables) 2024-01-08 09:39:07 -05:00
Ed Minnix
97b29bb965 Add Java Tutorial reference 2024-01-08 09:39:06 -05:00
Edward Minnix III
938d52b86f Docs review suggestions
Co-authored-by: Felicity Chapman <felicitymay@github.com>
2024-01-08 09:39:05 -05:00
Ed Minnix
a528db8958 Use MapMutation instead of MethodCall 2024-01-08 09:39:05 -05:00
Ed Minnix
e14be0e971 Add BAD markers to samples 2024-01-08 09:39:04 -05:00
Ed Minnix
709649e9df Model replace and putIfAbsent 2024-01-08 09:39:03 -05:00
Ed Minnix
1544330f3f Minor fixes for code review 2024-01-08 09:38:53 -05:00
Ed Minnix
4b9b27c395 change note 2024-01-08 09:38:52 -05:00
Edward Minnix III
18e8a27fca Reworded name and description 2024-01-08 09:38:51 -05:00
Edward Minnix III
1f37e70d83 Fix typos
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
2024-01-08 09:38:51 -05:00
Ed Minnix
51006aa088 Formatting fix 2024-01-08 09:38:50 -05:00
Ed Minnix
6eff72f99a Include other map mutations 2024-01-08 09:38:49 -05:00
Ed Minnix
4fc6f710a4 Fix alert message 2024-01-08 09:38:48 -05:00
Ed Minnix
1550f5df2a Environment variable injection query documentation 2024-01-08 09:38:47 -05:00
Ed Minnix
f1f0f50c92 TaintedEnvironmentVariableQuery docs 2024-01-08 09:38:47 -05:00
Ed Minnix
818c5de8d5 security-severity metadata 2024-01-08 09:38:46 -05:00
Ed Minnix
d4e2b84348 Cleanup helper dataflow configuration 2024-01-08 09:38:45 -05:00
Ed Minnix
f05f16116b Testing for Environment variable injection 2024-01-08 09:38:45 -05:00
Ed Minnix
8ed3f3c865 Move to library 2024-01-08 09:38:44 -05:00
Ed Minnix
65d05bf3de Add environment-injection to Model Validation 2024-01-08 09:38:43 -05:00
Ed Minnix
814885f7f6 Hudson environment variables models 2024-01-08 09:38:43 -05:00
Ed Minnix
028bd49211 org.apache.commons.exec models 2024-01-08 09:38:42 -05:00
Ed Minnix
b482b36b5f Initial ProcessBuilder support 2024-01-08 09:38:41 -05:00
Ed Minnix
ad32b81492 environment-injection sink 2024-01-08 09:38:41 -05:00
Ed Minnix
93025cc8cf Argument injection initial commit 2024-01-08 09:38:40 -05:00
Tony Torralba
7e6f2d1fc5 Merge pull request #14681 from atorralba/atorralba/java/weak-randomness-cve-coverage
Java: Add more sinks to the Insecure Randomness query
2024-01-08 15:33:03 +01:00
Robert Marsh
51acd1169c Swift: accept test output 2024-01-08 14:29:51 +00:00
Jeroen Ketema
e772531bb3 C++: Remove test that is no longer relevant 2024-01-08 15:24:41 +01:00
Geoffrey White
6636c76af8 Merge pull request #15122 from geoffw0/pwhash
Swift: Query for Use of an inappropriate cryptographic hashing algorithm on passwords
2024-01-08 14:11:02 +00:00
Ian Lynagh
02734be287 Kotlin: Fix building with 2.0.255 snapshots
A couple of extension functions were moved
2024-01-08 13:25:25 +00:00
Ian Lynagh
9bc0167566 Kotlin: Add a 2.0.255 snapshot
The current master isn't compatible with the 2.0.0-Beta1
2024-01-08 13:25:25 +00:00
Cornelius Riemenschneider
b0599edb7e Bazel: Bump dependant rules versions.
This doesn't bump rules_python, as there's some incompatible changes in that
which will need further addressing.
2024-01-08 11:21:02 +01:00
Alvaro Muñoz
dbefc132de Apply suggestions from code review
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
2024-01-07 10:31:50 +01:00
Marcono1234
3edfdc5ceb Java: Improve Regex flag parsing
Fixes:
- Flag `d` not being recognized
- Syntax for disabling flags (`-`) not being recognized
- Non-capturing group with flags erroneously containing `:` as literal
2024-01-06 04:15:09 +01:00
Chuan-kai Lin
66d2b9b7d2 Ruby: Fix upgrade delete directives 2024-01-05 14:21:52 -08:00
Chuan-kai Lin
6e25fb129b C#: Fix upgrade delete directives 2024-01-05 14:21:08 -08:00
Chuan-kai Lin
6f5bce046c C++: Fix upgrade delete directives 2024-01-05 14:20:30 -08:00
Robert Marsh
80452cc9f7 Swift: redirect consistency queries to new module 2024-01-05 21:28:21 +00:00
Robert Marsh
2d457e17d6 Swift: autoformat for CFG library 2024-01-05 21:28:07 +00:00
Robert Marsh
86f59a1c13 Swift: add AnnotatedExitNode to cfg to match prior interface 2024-01-05 21:25:08 +00:00
Robert Marsh
ea4855bc06 Swift: add change note for parameterized CFG library 2024-01-05 21:24:44 +00:00
Robert Marsh
2f0d052558 Swift: header comment for ControlFlowGraphParameter 2024-01-05 21:19:46 +00:00
Felicity Chapman
8fdeb5691b Fix bad table formatting 2024-01-05 14:50:16 +00:00
Felicity Chapman
222c498ded Replace blog link with link to GitHub user docs 2024-01-05 14:13:38 +00:00
Geoffrey White
0aec2b1bf4 Swift: Improve consistency of phrasing arouaround 'computationally hard'. 2024-01-05 13:21:01 +00:00
Ben Rodes
250ed48bf3 Update cpp/ql/lib/semmle/code/cpp/commons/StringConcatenation.qll
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
2024-01-05 08:19:11 -05:00
Geoffrey White
a0ea7148cb Swift: Add GOOD and BAD comments in the sensitive data hashing examples as well. 2024-01-05 13:17:21 +00:00
Geoffrey White
80afa65751 Swift: Add GOOD and BAD comments. 2024-01-05 13:16:41 +00:00
Geoffrey White
657e4d4132 Apply suggestions from code review
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
2024-01-05 13:04:47 +00:00
Chris Smowton
48d48c16ab Note Java 21 support
Supported as of CodeQL release 2.15.4
2024-01-05 11:26:23 +00:00
Geoffrey White
2ab5e6f64c Swift: Add link / reference to CryptoSwift. 2024-01-05 11:02:55 +00:00
Michael Nebel
04a724f373 Java: Update the model diff workflow. 2024-01-05 11:28:47 +01:00
Michael Nebel
8fe73f72cc Java: Trigger Models as Data diff workflow on changes to the shared scripts. 2024-01-05 09:22:49 +01:00
Ben Rodes
2b325e99ce Merge branch 'main' into 32-cpp-string-concatenation-library 2024-01-04 15:28:28 -05:00
Benjamin Rodes
ed788e0a7a Updating test output. 2024-01-04 15:27:29 -05:00
Benjamin Rodes
e9bb3b4b28 Limiting << operator to ostream, and putting this check at the same location as the check for basic_string for + operator. 2024-01-04 15:25:47 -05:00
Geoffrey White
4016033f88 Swift: Add dataflow test cases for property wrappers. 2024-01-04 15:39:20 +00:00
Ben Rodes
8d84540a54 Update cpp/ql/lib/semmle/code/cpp/commons/StringConcatenation.qll
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
2024-01-04 09:09:20 -05:00
Geoffrey White
fb77e3733b Swift: Add a test of SwiftUI secure fields as a sensitive data source. 2024-01-04 12:34:33 +00:00
Owen Mansel-Chan
ce3097e9ce Fix manual models for String.valueOf(Object)
Add a neutral model for it, but also a summary model for `String.valueOf(CharSequence)`
2024-01-04 11:31:20 +00:00
Owen Mansel-Chan
0076f06ce7 Improve manual models of java.lang.Exception 2024-01-04 11:31:18 +00:00
Owen Mansel-Chan
e415c54c5e Reorder manual models of java.lang.Throwable 2024-01-04 11:31:16 +00:00
Owen Mansel-Chan
f52ea5c2fd Improve manual models of java.lang.Throwable 2024-01-04 11:31:14 +00:00
erik-krogh
58dc14d5bb update expected output 2024-01-04 11:38:58 +01:00
erik-krogh
a9f2b3fad6 promote PropsTaintStep to a PreCallGraphStep 2024-01-04 10:45:22 +01:00
Geoffrey White
31af8b9024 Swift: Test SwiftUI flow sources. 2024-01-04 09:28:10 +00:00
Robert Marsh
41ac0fca85 Swift: use toString and Location from shared CFG library 2024-01-03 21:11:15 +00:00
Eric Bickle
4fa5b2ae41 Add change nodes for GSON coverage 2024-01-02 14:17:23 -08:00
Eric Bickle
0cd89bf815 Merge branch 'main' into fix/update-gson-model 2024-01-02 14:05:33 -08:00
Alvaro Muñoz
2964aef083 Update Kernel.qll to include send aliases
Add `public_send` and `__send__` as Code Injection sinks as proposed by @vcsjones
2023-12-28 19:08:03 +01:00
Robert Marsh
a9c917010f Swift: fix missing keypath CFGs 2023-12-22 17:55:00 +00:00
erik-krogh
fe3e768414 update expected output of tests 2023-12-20 14:10:36 +01:00
Max Schaefer
66fe32ab82 Python: Mention more sanitisation options in py/url-redirection qhelp. 2023-12-20 11:31:07 +00:00
Benjamin Rodes
f26330e6bd Removing redundant/bad string type check. 2023-12-19 09:41:29 -05:00
Benjamin Rodes
6fb01925d0 Updating test ql file and applying formatting. 2023-12-19 09:39:46 -05:00
Benjamin Rodes
48866e5358 Updates to address PR comments. 2023-12-19 09:33:07 -05:00
Ben Rodes
387eddadad Update cpp/ql/lib/semmle/code/cpp/commons/StringConcatenation.qll
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
2023-12-19 08:48:51 -05:00
Ben Rodes
29a0da6cd9 Update cpp/ql/lib/semmle/code/cpp/commons/StringConcatenation.qll
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
2023-12-19 08:48:20 -05:00
Ben Rodes
49728571cf Update cpp/ql/lib/semmle/code/cpp/commons/StringConcatenation.qll
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
2023-12-19 08:47:58 -05:00
Ben Rodes
66f725dd05 Update cpp/ql/lib/semmle/code/cpp/commons/StringConcatenation.qll
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
2023-12-19 08:47:48 -05:00
Jorge
f8cfd698fa Merge branch 'main' into seclab/dotjs 2023-12-19 10:44:52 +01:00
Jorge
b81fbd7669 Add change note 2023-12-18 12:55:30 +01:00
Eric Bickle
95ce7c9ba4 Merge branch 'main' into fix/update-gson-model 2023-12-15 10:15:53 -08:00
Geoffrey White
f6a4970012 Swift: Autoformat. 2023-12-15 14:58:11 +00:00
Geoffrey White
0b04e4abe5 Swift: Address QL-for-QL alerts. 2023-12-15 14:48:30 +00:00
Geoffrey White
034daa9b35 Swift: Address false positives. 2023-12-15 13:29:49 +00:00
Geoffrey White
326242a1fb Swift: Change note. 2023-12-15 11:39:09 +00:00
Geoffrey White
b7a533f879 Swift: Update .qhelp for Swift. 2023-12-15 11:32:14 +00:00
Geoffrey White
0ff84b467f Swift: Create examples for the .qhelp in Swift, and test them. 2023-12-15 11:14:05 +00:00
Geoffrey White
363ec0a917 Swift: Update swift/summary/query-sinks. 2023-12-14 20:22:36 +00:00
Geoffrey White
9ec08c1c4b Swift: Add a couple of sinks missing from sensitive data hashing as well. 2023-12-14 18:04:35 +00:00
Geoffrey White
3a900f1f8b Swift: Fix some inconsistencies in the test cases. 2023-12-14 18:04:34 +00:00
Geoffrey White
7ba18e64a0 Swift: Add sinks for algorithms that are OK for sensitive data hashing but not for password hashing. 2023-12-14 18:04:34 +00:00
Geoffrey White
c2d49c0fff Swift: Address a weakness in the sensitive data regexs. 2023-12-14 18:04:34 +00:00
Geoffrey White
87eb96ed3b Swift: Add more cases to test. 2023-12-14 18:04:34 +00:00
Geoffrey White
22ed20dd7c Swift: Upgrade SecKeyCopyExternalRepresentation source to be considered a password / key rather than a miscellaneous credential. 2023-12-14 18:04:34 +00:00
Robert Marsh
3738e19db6 Swift: fix compilation failures outside CFG code 2023-12-14 16:39:51 +00:00
Geoffrey White
10b4c98e80 Swift: Move password sources to be reported by the new query. 2023-12-14 16:09:47 +00:00
Geoffrey White
5faa25fc6c Swift: Make passwords their own sensitive data type. 2023-12-14 16:09:47 +00:00
Geoffrey White
b5a45c64ff Swift: Define barriers, additional flow steps and sinks. 2023-12-14 16:09:47 +00:00
Geoffrey White
e5bf929cdb Swift: Split off WeakPasswordHashingExtensions.qll as we normally do. 2023-12-14 16:09:46 +00:00
Geoffrey White
db1508d108 Swift: Trivial changes - query ID / metadata, imports. 2023-12-14 16:09:46 +00:00
Geoffrey White
9774c3cb4f Swift: Copy WeakPasswordHashing query from csharp. 2023-12-14 16:09:45 +00:00
Geoffrey White
be7d0acfea Swift: Minor fixes for the existing weak sensitive data hashing query (naming consistency, remove unused import). 2023-12-14 16:09:45 +00:00
amammad
4d9aad92a1 remove a duplicate test 2023-12-14 17:08:18 +01:00
amammad
d84333dad8 added *ReadBody* Methods as UntrustedFlowSource 2023-12-14 15:31:09 +01:00
Robert Marsh
0e5255ea88 Swift: switch to shared, parameterized CFG library 2023-12-13 20:13:11 +00:00
Tony Torralba
66b54f03b7 Rename test 2023-12-13 11:15:27 +01:00
Tony Torralba
d955dce72a Improve source of randomness detection
Also sanitize flow out of sinks to avoid overlapping paths
2023-12-13 11:15:27 +01:00
Tony Torralba
fc45621ab1 Add pac4j JWT cryptographic key sinks 2023-12-13 11:15:27 +01:00
Tony Torralba
7bc907840c Fix tests 2023-12-13 11:15:27 +01:00
Tony Torralba
3a5d711711 Add cookie sinks 2023-12-13 11:15:27 +01:00
Tony Torralba
435d1f97a3 Add sink for OpenSAML's RequestType.setID 2023-12-13 11:15:27 +01:00
amammad
bfa0fb6d74 remove a duplicate test 2023-12-10 22:08:12 +01:00
amammad
cc5416406f added more sinks related to io.Writer of BodyWriter 2023-12-10 22:06:27 +01:00
amammad
b6aaff2e64 use SimpleGlobal with source and sink to find BodyWriter successors globally 2023-12-10 15:45:42 +01:00
amammad
a3fbc3c20c fix ResponseBody Class issues 2023-12-07 19:36:27 +01:00
amammad
dbf01a9284 fix an issue in ResponseBody, change isHTMLEscape to isHtmlEscape 2023-12-07 08:52:55 +01:00
amammad
20a3211d06 move sanitizers from sharedxss::sanitizer to EscapeFunction::Range, added proper inline tests 2023-12-06 16:19:34 +01:00
amammad
3e0ed0090f added BodyWriter Sink, added proper content-type header in tests to comply new changed xss strategy 2023-12-06 16:00:36 +01:00
amammad
d3099ff482 fix tests, move from SharedXss::Sink to Http::* classes 2023-12-06 15:52:50 +01:00
Jorge
8abd1d9855 Merge branch 'main' into seclab/dotjs 2023-11-30 19:42:18 +01:00
Jorge
91bc043f30 Add .html.dot to Autobuild.java 2023-11-30 19:38:24 +01:00
Benjamin Rodes
94a0420040 Updated getResultExpr to getResultNode. Added strlcat. Added tests. 2023-11-29 16:03:41 -05:00
Benjamin Rodes
4919c4a424 Added StringConcatenation.qll 2023-11-29 13:00:57 -05:00
Ian Lynagh
429c550151 Kotlin 2: Accept some location changes 2023-11-28 15:57:48 +00:00
Eric Bickle
aab7ff919e Java: Improve Gson parse, get, and stream models 2023-11-27 12:26:28 -08:00
amammad
ffe2e398c9 fix tests, add support for Response.BodyWriter() Thanks to @owen-mc 2023-11-25 15:36:37 +01:00
amammad
accc09fd8c Lists of strings should be in alphabetical order. In a QLDoc, there should be a full stop at the end of each sentence. shorter model summary. change target from getACall() to getACall().getResult(.). better tests 2023-11-25 13:36:06 +01:00
Owen Mansel-Chan
b147bacd48 Merge branch 'main' into amammad-go-fastHttp 2023-11-21 21:36:11 +00:00
amammad
2ad59a5403 fix SSRF sinks 2023-11-21 18:46:35 +01:00
amammad
c361caf0b0 fix tests for FileSystemAccess, add comments for adding some functions in future, remove old comments 2023-11-08 14:15:26 +01:00
amammad
f58462bee9 fix tests 2023-11-07 06:32:15 +01:00
Jorge
b08d57a85f Add {{! to TEMPLATE_EXPR_OPENING_TAG 2023-11-06 20:40:00 +00:00
amammad
0d670f81fb fix type assertion errors and create more source()s for better tests 2023-11-06 10:39:30 +01:00
amammad
ea40081204 Merge branch 'amammad-go-fastHttp' of https://github.com/amammad/codeql into amammad-go-fastHttp 2023-11-06 10:38:18 +01:00
amammad
2624f365c3 update inline flow tests of AddittionalTaintSteps 2023-11-05 17:49:32 +03:30
amammad
88e75a6ec8 add flow summary instead of additional flow steps 2023-11-05 17:49:32 +03:30
amammad
23f7f9a24a fix some grammer mistakes, an unnecessary import, put blank like after go generate 2023-11-05 17:49:32 +03:30
amammad
2f86c2588b fix autoformatting 2023-11-05 17:49:32 +03:30
amammad
56bcbf3a41 add additional taint steps to SSRF query 2023-11-05 17:49:32 +03:30
amammad
e38cb0f36e fix a issue in fasthttp library, add SSRF inline queires 2023-11-05 17:49:32 +03:30
amammad
7bc07d959b add additional taint steps inline tests 2023-11-05 17:49:32 +03:30
amammad
3bc24c3534 add inline tests for open redirect,xss, fix some issues in fasthttp.qll 2023-11-05 17:49:32 +03:30
amammad
29219922ac add inline tests for UntrustedFlowSource, and fix some not necessarily flow sources 2023-11-05 17:49:32 +03:30
amammad
defe964f3a update tests 2023-11-05 17:49:32 +03:30
amammad
5232d28617 fix a mistake: replaces tests after gofmt 2023-11-05 17:49:32 +03:30
amammad
c6acb1012c perfomed gofmt on fasthttp.go 2023-11-05 17:49:32 +03:30
amammad
1ff1c5cfe0 fix two bugs, make package path more neat 2023-11-05 17:49:32 +03:30
amammad
345fdf12e5 added the go generate commands for depstubber 2023-11-05 17:49:32 +03:30
amammad
2048d8945b fix qldoc and tests 2023-11-05 17:49:32 +03:30
amammad
8aba71f678 upgrade tests 2023-11-05 17:49:32 +03:30
amammad
1c657a62c1 fix stub 2023-11-05 17:49:32 +03:30
amammad
de391ffa4d fix qlDOC one missed mistake 2023-11-05 17:49:32 +03:30
amammad
b7ef215504 fix change notes 2023-11-05 17:49:32 +03:30
amammad
693539a604 fix qhelps 2023-11-05 17:49:32 +03:30
amammad
2ac906395f fix tests 2023-11-05 17:49:32 +03:30
amammad
1fc7758dfb add change note 2023-11-05 17:49:32 +03:30
amammad
80e5fb81bc fix library-tests 2023-11-05 17:49:32 +03:30
amammad
2ee2ac383d fix some mistakes:( 2023-11-05 17:49:32 +03:30
amammad
377d1f55be add proper test cases 2023-11-05 17:49:32 +03:30
amammad
543684904f fix go.mod 2023-11-05 17:49:32 +03:30
amammad
c25bb3cde0 remove tmp test 2023-11-05 17:49:32 +03:30
amammad
3226184547 add tests 2023-11-05 17:49:32 +03:30
amammad
cddd27c5f8 V1 2023-11-05 17:49:32 +03:30
amammad
d1926f9061 update inline flow tests of AddittionalTaintSteps 2023-11-05 15:17:06 +01:00
amammad
9f8871746b add flow summary instead of additional flow steps 2023-11-02 20:12:50 +01:00
amammad
fc3b90915b fix some grammer mistakes, an unnecessary import, put blank like after go generate 2023-11-02 17:29:11 +01:00
amammad
9d4a16750c fix autoformatting 2023-10-17 01:02:16 +02:00
amammad
b3be2a4929 add additional taint steps to SSRF query 2023-10-17 01:00:25 +02:00
amammad
cc1b8b2e02 fix a issue in fasthttp library, add SSRF inline queires 2023-10-12 09:55:14 +02:00
amammad
b5c4b5e482 add additional taint steps inline tests 2023-10-12 09:45:25 +02:00
amammad
acee50c9df add inline tests for open redirect,xss, fix some issues in fasthttp.qll 2023-10-12 09:10:16 +02:00
amammad
720565f442 add inline tests for UntrustedFlowSource, and fix some not necessarily flow sources 2023-10-12 08:32:33 +02:00
amammad
3926fd7333 update tests 2023-10-11 19:27:57 +02:00
Ian Lynagh
d34b85cf03 Kotlin: Remove 1.4 compatibility
We now only build with >= 1.5
2023-10-06 15:17:32 +01:00
amammad
8ef969fcb9 fix a mistake: replaces tests after gofmt 2023-09-30 22:16:59 +10:00
amammad
e3c89011a9 perfomed gofmt on fasthttp.go 2023-09-29 00:57:17 +10:00
amammad
f2505eada8 fix two bugs, make package path more neat 2023-09-27 23:35:56 +10:00
amammad
32f41de3be Merge branch 'main' into amammad-go-fastHttp 2023-09-27 23:33:51 +10:00
amammad
bb30689a6e added the go generate commands for depstubber 2023-09-27 06:41:09 +10:00
amammad
ad999a0174 fix qldoc and tests 2023-09-27 04:21:49 +10:00
amammad
c3213e4de3 upgrade tests 2023-09-26 00:02:45 +10:00
amammad
c1398f2b60 fix stub 2023-09-25 21:48:10 +10:00
amammad
875817222c fix qlDOC one missed mistake 2023-09-25 21:20:33 +10:00
amammad
69c2d9ed5c fix change notes 2023-09-19 22:24:52 +10:00
amammad
3585459548 fix qhelps 2023-09-19 06:17:31 +10:00
amammad
a6996c5d21 fix tests 2023-09-19 03:48:31 +10:00
amammad
c195a9f05d Merge branch 'main' into amammad-go-fastHttp 2023-09-19 03:07:27 +10:00
amammad
6f5aa58d82 add change note 2023-09-18 23:38:32 +10:00
amammad
09aee3081e fix library-tests 2023-09-18 23:29:45 +10:00
amammad
0d3b944207 fix some mistakes:( 2023-09-14 23:39:28 +10:00
amammad
b5a257ca7c add proper test cases 2023-09-03 04:09:56 +10:00
amammad
8f11543e9d fix go.mod 2023-09-02 22:47:35 +10:00
amammad
9b8f43bf63 remove tmp test 2023-09-02 22:41:39 +10:00
amammad
6af82526dc add tests 2023-09-02 22:40:18 +10:00
amammad
a8a9edcacd V1 2023-09-02 22:27:08 +10:00
Asger F
213cabccc0 JS: Test with file more extensions 2023-08-04 14:24:51 +02:00
Asger F
ea2ddf8905 JS: Do not parse the initial ! or = as part of the template expression 2023-08-04 14:24:38 +02:00
Kevin Stubbings
a36a555b7a Quick change 2023-08-04 00:59:28 -07:00
Kevin Stubbings
9f4389cbb5 Search for html.dot extension instead of dot 2023-08-04 00:55:51 -07:00
jorgectf
f1f3d8e18a Add dot.jssupport
Co-authored-by: Kevin Stubbings <Kwstubbs@users.noreply.github.com>
2023-06-29 19:17:37 +02:00
529 changed files with 17339 additions and 8490 deletions

View File

@@ -12,6 +12,7 @@ on:
- main
paths:
- "java/ql/src/utils/modelgenerator/**/*.*"
- "misc/scripts/models-as-data/*.*"
- ".github/workflows/mad_modelDiff.yml"
permissions:
@@ -61,8 +62,9 @@ jobs:
DATABASE=$2
cd codeql-$QL_VARIANT
SHORTNAME=`basename $DATABASE`
python java/ql/src/utils/modelgenerator/GenerateFlowModel.py --with-summaries --with-sinks $DATABASE ${SHORTNAME}.temp.model.yml
mv java/ql/lib/ext/generated/${SHORTNAME}.temp.model.yml $MODELS/${SHORTNAME}Generated_${QL_VARIANT}.model.yml
python java/ql/src/utils/modelgenerator/GenerateFlowModel.py --with-summaries --with-sinks $DATABASE $SHORTNAME/$QL_VARIANT
mkdir -p $MODELS/$SHORTNAME
mv java/ql/lib/ext/generated/$SHORTNAME/$QL_VARIANT $MODELS/$SHORTNAME
cd ..
}
@@ -85,16 +87,16 @@ jobs:
set -x
MODELS=`pwd`/tmp-models
ls -1 tmp-models/
for m in $MODELS/*_main.model.yml ; do
for m in $MODELS/*/main/*.model.yml ; do
t="${m/main/"pr"}"
basename=`basename $m`
name="diff_${basename/_main.model.yml/""}"
name="diff_${basename/.model.yml/""}"
(diff -w -u $m $t | diff2html -i stdin -F $MODELS/$name.html) || true
done
- uses: actions/upload-artifact@v3
with:
name: models
path: tmp-models/*.model.yml
path: tmp-models/**/**/*.model.yml
retention-days: 20
- uses: actions/upload-artifact@v3
with:

View File

@@ -27,7 +27,7 @@ jobs:
### Build the extractor ###
- name: Cache entire extractor
id: cache-extractor
uses: actions/cache@v3
uses: actions/cache@v4
with:
path: |
ql/extractor-pack/
@@ -35,7 +35,7 @@ jobs:
key: ${{ runner.os }}-${{ steps.os_version.outputs.version }}-extractor-${{ hashFiles('ql/**/Cargo.lock') }}-${{ hashFiles('shared/tree-sitter-extractor') }}-${{ hashFiles('ql/**/*.rs') }}
- name: Cache cargo
if: steps.cache-extractor.outputs.cache-hit != 'true'
uses: actions/cache@v3
uses: actions/cache@v4
with:
path: |
~/.cargo/registry

View File

@@ -30,7 +30,7 @@ jobs:
languages: javascript # does not matter
- uses: ./.github/actions/os-version
id: os_version
- uses: actions/cache@v3
- uses: actions/cache@v4
with:
path: |
~/.cargo/registry

View File

@@ -29,7 +29,7 @@ jobs:
languages: javascript # does not matter
- uses: ./.github/actions/os-version
id: os_version
- uses: actions/cache@v3
- uses: actions/cache@v4
with:
path: |
~/.cargo/registry
@@ -74,7 +74,7 @@ jobs:
languages: javascript # does not matter
- uses: ./.github/actions/os-version
id: os_version
- uses: actions/cache@v3
- uses: actions/cache@v4
with:
path: |
~/.cargo/registry

View File

@@ -54,7 +54,7 @@ jobs:
- uses: ./.github/actions/os-version
id: os_version
- name: Cache entire extractor
uses: actions/cache@v3
uses: actions/cache@v4
id: cache-extractor
with:
path: |
@@ -62,7 +62,7 @@ jobs:
ruby/extractor/target/release/codeql-extractor-ruby.exe
ruby/extractor/ql/lib/codeql/ruby/ast/internal/TreeSitter.qll
key: ${{ runner.os }}-${{ steps.os_version.outputs.version }}-ruby-extractor-${{ hashFiles('ruby/extractor/rust-toolchain.toml', 'ruby/extractor/Cargo.lock') }}-${{ hashFiles('shared/tree-sitter-extractor') }}-${{ hashFiles('ruby/extractor/**/*.rs') }}
- uses: actions/cache@v3
- uses: actions/cache@v4
if: steps.cache-extractor.outputs.cache-hit != 'true'
with:
path: |

View File

@@ -1,5 +1,6 @@
description: Support C++17 if and switch initializers
compatibility: partial
constexpr_if_initialization.rel: delete
if_initialization.rel: delete
switch_initialization.rel: delete
exprparents.rel: run exprparents.qlo

View File

@@ -1,5 +1,5 @@
name: codeql/cpp-all
version: 0.12.3
version: 0.12.4-dev
groups: cpp
dbscheme: semmlecode.cpp.dbscheme
extractor: cpp

View File

@@ -0,0 +1,101 @@
/**
* A library for detecting general string concatenations.
*/
import cpp
import semmle.code.cpp.models.implementations.Strcat
import semmle.code.cpp.models.interfaces.FormattingFunction
private import semmle.code.cpp.dataflow.new.DataFlow
/**
* A call that performs a string concatenation. A string can be either a C
* string (i.e., a value of type `char*`), or a C++ string (i.e., a value of
* type `std::string`).
*/
class StringConcatenation extends Call {
StringConcatenation() {
// sprintf-like functions, i.e., concat through formatting
this instanceof FormattingFunctionCall
or
this.getTarget() instanceof StrcatFunction
or
this.getTarget() instanceof StrlcatFunction
or
// operator+ and ostream (<<) concat
exists(Call call, Operator op |
call.getTarget() = op and
op.hasQualifiedName(["std", "bsl"], ["operator+", "operator<<"]) and
op.getType()
.stripType()
.(UserType)
.hasQualifiedName(["std", "bsl"], ["basic_string", "basic_ostream"]) and
this = call
)
}
/**
* Gets an operand of this concatenation (one of the string operands being
* concatenated).
* Will not return out param for sprintf-like functions, but will consider the format string
* to be part of the operands.
*/
Expr getAnOperand() {
// The result is an argument of 'this' (a call)
result = this.getAnArgument() and
// addresses odd behavior with overloaded operators
// i.e., "call to operator+" appearing as an operand
// occurs in cases like `string s = s1 + s2 + s3`, which is represented as
// `string s = (s1.operator+(s2)).operator+(s3);`
// By limiting to non-calls we get the leaf operands (the variables or raw strings)
// also, by not enumerating allowed types (variables and strings) we avoid issues
// with missed corner cases or extensions/changes to CodeQL in the future which might
// invalidate that approach.
not result instanceof Call and
// Limit the result type to string
(
result.getUnderlyingType().stripType().getName() = "char"
or
result
.getType()
.getUnspecifiedType()
.(UserType)
.hasQualifiedName(["std", "bsl"], "basic_string")
) and
// when 'this' is a `FormattingFunctionCall` the result must be the format string argument
// or one of the formatting arguments
(
this instanceof FormattingFunctionCall
implies
(
result = this.(FormattingFunctionCall).getFormat()
or
exists(int n |
result = this.getArgument(n) and
n >= this.(FormattingFunctionCall).getTarget().getFirstFormatArgumentIndex()
)
)
)
}
/**
* Gets the data flow node representing the concatenation result.
*/
DataFlow::Node getResultNode() {
if this.getTarget() instanceof StrcatFunction
then
result.asDefiningArgument() =
this.getArgument(this.getTarget().(StrcatFunction).getParamDest())
or
// Hardcoding it is also the return
result.asExpr() = this.(Call)
else
if this.getTarget() instanceof StrlcatFunction
then (
result.asDefiningArgument() =
this.getArgument(this.getTarget().(StrlcatFunction).getParamDest())
) else
if this instanceof FormattingFunctionCall
then result.asDefiningArgument() = this.(FormattingFunctionCall).getOutputArgument(_)
else result.asExpr() = this.(Call)
}
}

View File

@@ -54,18 +54,6 @@ private predicate functionSignature(Function f, string qualifiedName, int nparam
not f.isStatic()
}
/**
* Holds if the set of viable implementations that can be called by `call`
* might be improved by knowing the call context.
*/
predicate mayBenefitFromCallContext(DataFlowCall call, Function f) { none() }
/**
* Gets a viable dispatch target of `call` in the context `ctx`. This is
* restricted to those `call`s for which a context might make a difference.
*/
Function viableImplInCallContext(DataFlowCall call, DataFlowCall ctx) { none() }
/** A parameter position represented by an integer. */
class ParameterPosition extends int {
ParameterPosition() { any(ParameterNode p).isParameterOf(_, this) }

View File

@@ -249,9 +249,7 @@ private predicate functionSignature(Function f, string qualifiedName, int nparam
* Holds if the set of viable implementations that can be called by `call`
* might be improved by knowing the call context.
*/
predicate mayBenefitFromCallContext(DataFlowCall call, DataFlowCallable f) {
mayBenefitFromCallContext(call, f, _)
}
predicate mayBenefitFromCallContext(DataFlowCall call) { mayBenefitFromCallContext(call, _, _) }
/**
* Holds if `call` is a call through a function pointer, and the pointer

View File

@@ -22,4 +22,8 @@ module CppDataFlow implements InputSig {
predicate getAdditionalFlowIntoCallNodeTerm = Private::getAdditionalFlowIntoCallNodeTerm/2;
predicate validParameterAliasStep = Private::validParameterAliasStep/2;
predicate mayBenefitFromCallContext = Private::mayBenefitFromCallContext/1;
predicate viableImplInCallContext = Private::viableImplInCallContext/2;
}

View File

@@ -149,11 +149,16 @@ private newtype TDefOrUseImpl =
private predicate isGlobalUse(
GlobalLikeVariable v, IRFunction f, int indirection, int indirectionIndex
) {
exists(VariableAddressInstruction vai |
vai.getEnclosingIRFunction() = f and
vai.getAstVariable() = v and
isDef(_, _, _, vai, indirection, indirectionIndex)
)
// Generate a "global use" at the end of the function body if there's a
// direct definition somewhere in the body of the function
indirection =
min(int cand, VariableAddressInstruction vai |
vai.getEnclosingIRFunction() = f and
vai.getAstVariable() = v and
isDef(_, _, _, vai, cand, indirectionIndex)
|
cand
)
}
private predicate isGlobalDefImpl(
@@ -447,6 +452,57 @@ class FinalParameterUse extends UseImpl, TFinalParameterUse {
}
}
/**
* A use that models a synthetic "last use" of a global variable just before a
* function returns.
*
* We model global variable flow by:
* - Inserting a last use of any global variable that's modified by a function
* - Flowing from the last use to the `VariableNode` that represents the global
* variable.
* - Flowing from the `VariableNode` to an "initial def" of the global variable
* in any function that may read the global variable.
* - Flowing from the initial definition to any subsequent uses of the global
* variable in the function body.
*
* For example, consider the following pair of functions:
* ```cpp
* int global;
* int source();
* void sink(int);
*
* void set_global() {
* global = source();
* }
*
* void read_global() {
* sink(global);
* }
* ```
* we insert global uses and defs so that (from the point-of-view of dataflow)
* the above scenario looks like:
* ```cpp
* int global; // (1)
* int source();
* void sink(int);
*
* void set_global() {
* global = source();
* __global_use(global); // (2)
* }
*
* void read_global() {
* global = __global_def; // (3)
* sink(global); // (4)
* }
* ```
* and flow from `source()` to the argument of `sink` is then modeled as
* follows:
* 1. Flow from `source()` to `(2)` (via SSA).
* 2. Flow from `(2)` to `(1)` (via a `jumpStep`).
* 3. Flow from `(1)` to `(3)` (via a `jumpStep`).
* 4. Flow from `(3)` to `(4)` (via SSA).
*/
class GlobalUse extends UseImpl, TGlobalUse {
GlobalLikeVariable global;
IRFunction f;
@@ -494,6 +550,12 @@ class GlobalUse extends UseImpl, TGlobalUse {
override BaseSourceVariableInstruction getBase() { none() }
}
/**
* A definition that models a synthetic "initial definition" of a global
* variable just after the function entry point.
*
* See the QLDoc for `GlobalUse` for how this is used.
*/
class GlobalDefImpl extends DefOrUseImpl, TGlobalDefImpl {
GlobalLikeVariable global;
IRFunction f;

View File

@@ -355,13 +355,13 @@ private predicate linearAccessImpl(Expr expr, VariableAccess v, float p, float q
* `cmpWithLinearBound(guard, v, Greater(), true)` and
* `cmpWithLinearBound(guard, v, Lesser(), false)` hold.
* If `guard` is `4 - v > 5` then
* `cmpWithLinearBound(guard, v, Lesser(), false)` and
* `cmpWithLinearBound(guard, v, Greater(), true)` hold.
* `cmpWithLinearBound(guard, v, Lesser(), true)` and
* `cmpWithLinearBound(guard, v, Greater(), false)` hold.
*
* A more sophisticated predicate, such as `boundFromGuard`, is needed
* to compute an actual bound for `v`. This predicate can be used if
* you just want to check whether a variable is bounded, or to restrict
* a more expensive analysis to just guards that bound a variable.
* If an actual bound for `v` is needed, use `upperBound` or `lowerBound`.
* This predicate can be used if you just want to check whether a variable
* is bounded, or to restrict a more expensive analysis to just guards that
* bound a variable.
*/
predicate cmpWithLinearBound(
ComparisonOperation guard, VariableAccess v,

View File

@@ -1,3 +1,6 @@
description: Remove the old CFG tables
compatibility: full
falsecond.rel: delete
successors.rel: delete
truecond.rel: delete

View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* The `cpp/include-non-header` style query will now ignore the `.def` extension for textual header inclusions.

View File

@@ -60,7 +60,7 @@ predicate computeHeuristicType(Type t) {
/**
* Holds if `e` is an operation that is common in encryption-like computations.
* Looking for clusters of these tends to find things like encrpytion,
* Looking for clusters of these tends to find things like encryption,
* compression, random number generation, graphics processing and other compute
* heavy algorithms.
*/

View File

@@ -18,6 +18,7 @@ from Include i, File f, string extension
where
f = i.getIncludedFile() and
extension = f.getExtension().toLowerCase() and
extension != "def" and
extension != "inc" and
extension != "inl" and
extension != "tcc" and

View File

@@ -1,5 +1,5 @@
name: codeql/cpp-queries
version: 0.9.2
version: 0.9.3-dev
groups:
- cpp
- queries

View File

@@ -1,2 +0,0 @@
__builtin_foobar(i)i
__builtin_malloc(i,i,i,f*)f

View File

@@ -1,4 +0,0 @@
| file://:0:0:0:0 | __builtin_add_overflow | true | 0 | file://:0:0:0:0 | bool |
| file://:0:0:0:0 | __builtin_foobar | true | 1 | file://:0:0:0:0 | int |
| file://:0:0:0:0 | __builtin_malloc | true | 4 | file://:0:0:0:0 | float |
| test.c:1:6:1:6 | f | false | 3 | file://:0:0:0:0 | long |

View File

@@ -1,5 +0,0 @@
import cpp
from Function f, boolean isBuiltin
where if f instanceof BuiltInFunction then isBuiltin = true else isBuiltin = false
select f, isBuiltin, f.getNumberOfParameters(), f.getType()

View File

@@ -1,20 +0,0 @@
long f(int a, int b, int c) {
// A builtin from the builtin_functions_file.
int i1 = __builtin_foobar(a);
// A builtin that's not in the file, but the extractor should handle, given the
// --gnu_version flag we pass in.
int i2;
__builtin_add_overflow(a, b, &i2);
// A builtin that would normally be defined by the extractor with a type
// expecting it to be called like this:
//void* x = __builtin_malloc(a);
// But we override the type in the builtin_functions_file so it's called like
// this:
float f1, f2;
f1 = __builtin_malloc(a, b, c, &f2);
return 42;
}
// semmle-extractor-options: --gnu_version 50100 --edg --builtin_functions_file --edg ${testdir}/builtins.txt

View File

@@ -1,384 +1,388 @@
| C::C | false | 493 | 493 | C |
| C::C | false | 682 | 682 | C |
| C::operator= | false | 675 | 675 | operator= |
| C::~C | false | 614 | 614 | ~C |
| Error::Error | false | 259 | 259 | Error |
| Error::Error | false | 272 | 272 | Error |
| Error::Error | false | 277 | 277 | return ... |
| Error::Error | false | 279 | 279 | { ... } |
| Error::Error | true | 277 | 272 | |
| Error::Error | true | 279 | 277 | |
| Error::operator= | false | 253 | 253 | operator= |
| Error::~Error | false | 263 | 263 | ~Error |
| Error::~Error | false | 268 | 268 | return ... |
| Error::~Error | false | 270 | 270 | { ... } |
| Error::~Error | true | 268 | 263 | |
| Error::~Error | true | 270 | 268 | |
| __va_list_tag::operator= | false | 140 | 140 | operator= |
| __va_list_tag::operator= | false | 147 | 147 | operator= |
| f | false | 477 | 477 | f |
| f | false | 488 | 488 | declaration |
| f | false | 491 | 491 | call to C |
| f | false | 496 | 496 | 102 |
| f | false | 497 | 497 | initializer for c102 |
| f | false | 501 | 501 | call to C |
| f | false | 505 | 505 | 103 |
| f | false | 506 | 506 | initializer for c103 |
| f | false | 509 | 509 | declaration |
| f | false | 511 | 511 | b1 |
| f | false | 513 | 513 | (bool)... |
| f | false | 516 | 516 | 1 |
| f | false | 517 | 517 | throw ... |
| f | false | 519 | 519 | ExprStmt |
| f | false | 521 | 521 | { ... } |
| f | false | 523 | 523 | if (...) ... |
| f | false | 525 | 525 | declaration |
| f | false | 527 | 527 | { ... } |
| f | false | 534 | 534 | 1 |
| f | false | 536 | 536 | call to C |
| f | false | 540 | 540 | 104 |
| f | false | 541 | 541 | initializer for c104 |
| f | false | 544 | 544 | declaration |
| f | false | 546 | 546 | { ... } |
| f | false | 548 | 548 | __try { ... } __except( ... ) { ... } |
| f | false | 550 | 550 | declaration |
| C::C | false | 499 | 499 | C |
| C::C | false | 690 | 690 | C |
| C::operator= | false | 681 | 681 | operator= |
| C::~C | false | 647 | 647 | ~C |
| Error::Error | false | 205 | 205 | Error |
| Error::Error | false | 219 | 219 | Error |
| Error::Error | false | 224 | 224 | return ... |
| Error::Error | false | 226 | 226 | { ... } |
| Error::Error | true | 224 | 219 | |
| Error::Error | true | 226 | 224 | |
| Error::operator= | false | 197 | 197 | operator= |
| Error::~Error | false | 209 | 209 | ~Error |
| Error::~Error | false | 215 | 215 | return ... |
| Error::~Error | false | 217 | 217 | { ... } |
| Error::~Error | true | 215 | 209 | |
| Error::~Error | true | 217 | 215 | |
| __va_list_tag::operator= | false | 66 | 66 | operator= |
| __va_list_tag::operator= | false | 72 | 72 | operator= |
| f | false | 483 | 483 | f |
| f | false | 494 | 494 | declaration |
| f | false | 497 | 497 | call to C |
| f | false | 502 | 502 | 101 |
| f | false | 503 | 503 | initializer for c101 |
| f | false | 506 | 506 | __try { ... } __except( ... ) { ... } |
| f | false | 509 | 509 | call to C |
| f | false | 513 | 513 | 102 |
| f | false | 514 | 514 | initializer for c102 |
| f | false | 518 | 518 | call to C |
| f | false | 522 | 522 | 103 |
| f | false | 523 | 523 | initializer for c103 |
| f | false | 526 | 526 | declaration |
| f | false | 528 | 528 | if (...) ... |
| f | false | 530 | 530 | b1 |
| f | false | 532 | 532 | (bool)... |
| f | false | 533 | 533 | ExprStmt |
| f | false | 537 | 537 | 1 |
| f | false | 538 | 538 | throw ... |
| f | false | 540 | 540 | { ... } |
| f | false | 542 | 542 | declaration |
| f | false | 544 | 544 | { ... } |
| f | false | 551 | 551 | 1 |
| f | false | 553 | 553 | call to C |
| f | false | 557 | 557 | 106 |
| f | false | 558 | 558 | initializer for c106 |
| f | false | 562 | 562 | call to C |
| f | false | 566 | 566 | 107 |
| f | false | 567 | 567 | initializer for c107 |
| f | false | 570 | 570 | declaration |
| f | false | 572 | 572 | b2 |
| f | false | 574 | 574 | (bool)... |
| f | false | 577 | 577 | 2 |
| f | false | 578 | 578 | throw ... |
| f | false | 580 | 580 | ExprStmt |
| f | false | 582 | 582 | { ... } |
| f | false | 584 | 584 | if (...) ... |
| f | false | 586 | 586 | declaration |
| f | false | 588 | 588 | { ... } |
| f | false | 591 | 591 | call to C |
| f | false | 595 | 595 | 108 |
| f | false | 596 | 596 | initializer for c108 |
| f | false | 599 | 599 | declaration |
| f | false | 601 | 601 | { ... } |
| f | false | 603 | 603 | __try { ... } __finally { ... } |
| f | false | 605 | 605 | declaration |
| f | false | 607 | 607 | return ... |
| f | false | 609 | 609 | { ... } |
| f | false | 611 | 611 | c101 |
| f | false | 613 | 613 | call to c101.~C |
| f | false | 615 | 615 | c105 |
| f | false | 616 | 616 | call to c105.~C |
| f | false | 617 | 617 | c109 |
| f | false | 618 | 618 | call to c109.~C |
| f | false | 619 | 619 | c101 |
| f | false | 620 | 620 | call to c101.~C |
| f | false | 621 | 621 | c105 |
| f | false | 622 | 622 | call to c105.~C |
| f | false | 623 | 623 | c108 |
| f | false | 625 | 625 | call to c108.~C |
| f | false | 626 | 626 | c106 |
| f | false | 628 | 628 | call to c106.~C |
| f | false | 629 | 629 | c107 |
| f | false | 630 | 630 | call to c107.~C |
| f | false | 631 | 631 | c106 |
| f | false | 632 | 632 | call to c106.~C |
| f | false | 633 | 633 | c104 |
| f | false | 635 | 635 | call to c104.~C |
| f | false | 636 | 636 | c102 |
| f | false | 638 | 638 | call to c102.~C |
| f | false | 639 | 639 | c103 |
| f | false | 640 | 640 | call to c103.~C |
| f | false | 641 | 641 | c102 |
| f | false | 642 | 642 | call to c102.~C |
| f | false | 644 | 644 | call to C |
| f | false | 648 | 648 | 101 |
| f | false | 649 | 649 | initializer for c101 |
| f | false | 653 | 653 | call to C |
| f | false | 657 | 657 | 105 |
| f | false | 658 | 658 | initializer for c105 |
| f | false | 662 | 662 | call to C |
| f | false | 666 | 666 | 109 |
| f | false | 667 | 667 | initializer for c109 |
| f | true | 488 | 649 | |
| f | true | 491 | 523 | |
| f | true | 496 | 491 | |
| f | true | 497 | 496 | |
| f | true | 501 | 639 | |
| f | true | 505 | 501 | |
| f | true | 506 | 505 | |
| f | true | 509 | 497 | |
| f | true | 511 | 521 | T |
| f | true | 511 | 525 | F |
| f | true | 516 | 517 | |
| f | true | 517 | 641 | |
| f | true | 519 | 516 | |
| f | true | 521 | 519 | |
| f | true | 523 | 511 | |
| f | true | 525 | 506 | |
| f | true | 527 | 509 | |
| f | true | 534 | 546 | T |
| f | true | 536 | 633 | |
| f | true | 540 | 536 | |
| f | true | 541 | 540 | |
| f | true | 544 | 541 | |
| f | true | 546 | 544 | |
| f | true | 548 | 527 | |
| f | true | 550 | 658 | |
| f | true | 553 | 584 | |
| f | false | 557 | 557 | 104 |
| f | false | 558 | 558 | initializer for c104 |
| f | false | 561 | 561 | declaration |
| f | false | 563 | 563 | { ... } |
| f | false | 565 | 565 | declaration |
| f | false | 568 | 568 | call to C |
| f | false | 572 | 572 | 105 |
| f | false | 573 | 573 | initializer for c105 |
| f | false | 576 | 576 | __try { ... } __finally { ... } |
| f | false | 579 | 579 | call to C |
| f | false | 583 | 583 | 106 |
| f | false | 584 | 584 | initializer for c106 |
| f | false | 588 | 588 | call to C |
| f | false | 592 | 592 | 107 |
| f | false | 593 | 593 | initializer for c107 |
| f | false | 596 | 596 | declaration |
| f | false | 598 | 598 | if (...) ... |
| f | false | 600 | 600 | b2 |
| f | false | 602 | 602 | (bool)... |
| f | false | 603 | 603 | ExprStmt |
| f | false | 607 | 607 | 2 |
| f | false | 608 | 608 | throw ... |
| f | false | 610 | 610 | { ... } |
| f | false | 612 | 612 | declaration |
| f | false | 614 | 614 | { ... } |
| f | false | 617 | 617 | call to C |
| f | false | 621 | 621 | 108 |
| f | false | 622 | 622 | initializer for c108 |
| f | false | 625 | 625 | declaration |
| f | false | 627 | 627 | { ... } |
| f | false | 629 | 629 | declaration |
| f | false | 632 | 632 | call to C |
| f | false | 636 | 636 | 109 |
| f | false | 637 | 637 | initializer for c109 |
| f | false | 640 | 640 | return ... |
| f | false | 642 | 642 | { ... } |
| f | false | 644 | 644 | c104 |
| f | false | 646 | 646 | call to c104.~C |
| f | false | 648 | 648 | c101 |
| f | false | 650 | 650 | call to c101.~C |
| f | false | 651 | 651 | c102 |
| f | false | 653 | 653 | call to c102.~C |
| f | false | 654 | 654 | c103 |
| f | false | 655 | 655 | call to c103.~C |
| f | false | 656 | 656 | c102 |
| f | false | 657 | 657 | call to c102.~C |
| f | false | 658 | 658 | c101 |
| f | false | 659 | 659 | call to c101.~C |
| f | false | 660 | 660 | c105 |
| f | false | 661 | 661 | call to c105.~C |
| f | false | 662 | 662 | c108 |
| f | false | 664 | 664 | call to c108.~C |
| f | false | 665 | 665 | c106 |
| f | false | 667 | 667 | call to c106.~C |
| f | false | 668 | 668 | c107 |
| f | false | 669 | 669 | call to c107.~C |
| f | false | 670 | 670 | c106 |
| f | false | 671 | 671 | call to c106.~C |
| f | false | 672 | 672 | c101 |
| f | false | 673 | 673 | call to c101.~C |
| f | false | 674 | 674 | c105 |
| f | false | 675 | 675 | call to c105.~C |
| f | false | 676 | 676 | c109 |
| f | false | 677 | 677 | call to c109.~C |
| f | true | 494 | 503 | |
| f | true | 497 | 506 | |
| f | true | 502 | 497 | |
| f | true | 503 | 502 | |
| f | true | 506 | 544 | |
| f | true | 509 | 528 | |
| f | true | 513 | 509 | |
| f | true | 514 | 513 | |
| f | true | 518 | 654 | |
| f | true | 522 | 518 | |
| f | true | 523 | 522 | |
| f | true | 526 | 514 | |
| f | true | 528 | 530 | |
| f | true | 530 | 540 | T |
| f | true | 530 | 542 | F |
| f | true | 533 | 537 | |
| f | true | 537 | 538 | |
| f | true | 538 | 656 | |
| f | true | 540 | 533 | |
| f | true | 542 | 523 | |
| f | true | 544 | 526 | |
| f | true | 551 | 563 | T |
| f | true | 553 | 644 | |
| f | true | 557 | 553 | |
| f | true | 558 | 557 | |
| f | true | 562 | 629 | |
| f | true | 566 | 562 | |
| f | true | 567 | 566 | |
| f | true | 570 | 558 | |
| f | true | 572 | 582 | T |
| f | true | 572 | 586 | F |
| f | true | 577 | 578 | |
| f | true | 578 | 631 | |
| f | true | 580 | 577 | |
| f | true | 582 | 580 | |
| f | true | 584 | 572 | |
| f | true | 586 | 567 | |
| f | true | 588 | 570 | |
| f | true | 591 | 623 | |
| f | true | 595 | 591 | |
| f | true | 596 | 595 | |
| f | true | 599 | 596 | |
| f | true | 601 | 599 | |
| f | true | 603 | 588 | |
| f | true | 605 | 667 | |
| f | true | 607 | 617 | |
| f | true | 609 | 488 | |
| f | true | 611 | 613 | |
| f | true | 613 | 477 | |
| f | true | 615 | 616 | |
| f | true | 616 | 611 | |
| f | true | 617 | 618 | |
| f | true | 618 | 615 | |
| f | true | 619 | 620 | |
| f | true | 620 | 477 | |
| f | true | 621 | 622 | |
| f | true | 622 | 619 | |
| f | true | 623 | 625 | |
| f | true | 625 | 605 | |
| f | true | 625 | 621 | |
| f | true | 626 | 628 | |
| f | true | 628 | 601 | |
| f | true | 629 | 630 | |
| f | true | 630 | 626 | |
| f | true | 631 | 632 | |
| f | true | 632 | 601 | |
| f | true | 633 | 635 | |
| f | true | 635 | 550 | |
| f | true | 636 | 638 | |
| f | true | 638 | 550 | |
| f | true | 639 | 640 | |
| f | true | 640 | 636 | |
| f | true | 641 | 642 | |
| f | true | 642 | 534 | |
| f | true | 644 | 548 | |
| f | true | 648 | 644 | |
| f | true | 649 | 648 | |
| f | true | 653 | 603 | |
| f | true | 657 | 653 | |
| f | true | 658 | 657 | |
| f | true | 662 | 607 | |
| f | true | 666 | 662 | |
| f | true | 667 | 666 | |
| f1 | false | 292 | 292 | f1 |
| f2 | false | 299 | 299 | f2 |
| f3 | false | 304 | 304 | f3 |
| f4 | false | 309 | 309 | f4 |
| f4 | false | 433 | 433 | return ... |
| f4 | false | 435 | 435 | { ... } |
| f4 | true | 433 | 309 | |
| f4 | true | 435 | 433 | |
| f5 | false | 314 | 314 | f5 |
| f5 | false | 422 | 422 | 3 |
| f5 | false | 423 | 423 | throw ... |
| f5 | false | 425 | 425 | ExprStmt |
| f5 | false | 427 | 427 | { ... } |
| f5 | true | 422 | 423 | |
| f5 | true | 423 | 314 | |
| f5 | true | 425 | 422 | |
| f5 | true | 427 | 425 | |
| fun | false | 287 | 287 | fun |
| fun | false | 295 | 295 | call to f1 |
| f | true | 561 | 558 | |
| f | true | 563 | 561 | |
| f | true | 565 | 573 | |
| f | true | 568 | 576 | |
| f | true | 572 | 568 | |
| f | true | 573 | 572 | |
| f | true | 576 | 614 | |
| f | true | 579 | 598 | |
| f | true | 583 | 579 | |
| f | true | 584 | 583 | |
| f | true | 588 | 668 | |
| f | true | 592 | 588 | |
| f | true | 593 | 592 | |
| f | true | 596 | 584 | |
| f | true | 598 | 600 | |
| f | true | 600 | 610 | T |
| f | true | 600 | 612 | F |
| f | true | 603 | 607 | |
| f | true | 607 | 608 | |
| f | true | 608 | 670 | |
| f | true | 610 | 603 | |
| f | true | 612 | 593 | |
| f | true | 614 | 596 | |
| f | true | 617 | 662 | |
| f | true | 621 | 617 | |
| f | true | 622 | 621 | |
| f | true | 625 | 622 | |
| f | true | 627 | 625 | |
| f | true | 629 | 637 | |
| f | true | 632 | 640 | |
| f | true | 636 | 632 | |
| f | true | 637 | 636 | |
| f | true | 640 | 676 | |
| f | true | 642 | 494 | |
| f | true | 644 | 646 | |
| f | true | 646 | 565 | |
| f | true | 648 | 650 | |
| f | true | 650 | 483 | |
| f | true | 651 | 653 | |
| f | true | 653 | 565 | |
| f | true | 654 | 655 | |
| f | true | 655 | 651 | |
| f | true | 656 | 657 | |
| f | true | 657 | 551 | |
| f | true | 658 | 659 | |
| f | true | 659 | 483 | |
| f | true | 660 | 661 | |
| f | true | 661 | 658 | |
| f | true | 662 | 664 | |
| f | true | 664 | 629 | |
| f | true | 664 | 660 | |
| f | true | 665 | 667 | |
| f | true | 667 | 627 | |
| f | true | 668 | 669 | |
| f | true | 669 | 665 | |
| f | true | 670 | 671 | |
| f | true | 671 | 627 | |
| f | true | 672 | 673 | |
| f | true | 673 | 483 | |
| f | true | 674 | 675 | |
| f | true | 675 | 672 | |
| f | true | 676 | 677 | |
| f | true | 677 | 674 | |
| f1 | false | 287 | 287 | f1 |
| f2 | false | 294 | 294 | f2 |
| f3 | false | 299 | 299 | f3 |
| f4 | false | 304 | 304 | f4 |
| f4 | false | 422 | 422 | return ... |
| f4 | false | 424 | 424 | { ... } |
| f4 | true | 422 | 304 | |
| f4 | true | 424 | 422 | |
| f5 | false | 309 | 309 | f5 |
| f5 | false | 409 | 409 | ExprStmt |
| f5 | false | 413 | 413 | 3 |
| f5 | false | 414 | 414 | throw ... |
| f5 | false | 416 | 416 | { ... } |
| f5 | true | 409 | 413 | |
| f5 | true | 413 | 414 | |
| f5 | true | 414 | 309 | |
| f5 | true | 416 | 409 | |
| fun | false | 276 | 276 | fun |
| fun | false | 281 | 281 | try { ... } |
| fun | false | 283 | 283 | try { ... } |
| fun | false | 285 | 285 | ExprStmt |
| fun | false | 290 | 290 | call to f1 |
| fun | false | 292 | 292 | ExprStmt |
| fun | false | 295 | 295 | call to f2 |
| fun | false | 297 | 297 | ExprStmt |
| fun | false | 300 | 300 | call to f2 |
| fun | false | 300 | 300 | call to f3 |
| fun | false | 302 | 302 | ExprStmt |
| fun | false | 305 | 305 | call to f3 |
| fun | false | 305 | 305 | call to f4 |
| fun | false | 307 | 307 | ExprStmt |
| fun | false | 310 | 310 | call to f4 |
| fun | false | 310 | 310 | call to f5 |
| fun | false | 312 | 312 | ExprStmt |
| fun | false | 315 | 315 | call to f5 |
| fun | false | 317 | 317 | ExprStmt |
| fun | false | 321 | 321 | 5 |
| fun | false | 322 | 322 | throw ... |
| fun | false | 324 | 324 | ExprStmt |
| fun | false | 327 | 327 | call to g |
| fun | false | 316 | 316 | 5 |
| fun | false | 317 | 317 | throw ... |
| fun | false | 319 | 319 | ExprStmt |
| fun | false | 322 | 322 | call to g |
| fun | false | 324 | 324 | { ... } |
| fun | false | 329 | 329 | ExprStmt |
| fun | false | 331 | 331 | { ... } |
| fun | false | 337 | 337 | call to h |
| fun | false | 339 | 339 | ExprStmt |
| fun | false | 341 | 341 | { ... } |
| fun | false | 343 | 343 | <handler> |
| fun | false | 344 | 344 | try { ... } |
| fun | false | 346 | 346 | { ... } |
| fun | false | 352 | 352 | call to i |
| fun | false | 354 | 354 | ExprStmt |
| fun | false | 356 | 356 | { ... } |
| fun | false | 362 | 362 | call to j |
| fun | false | 364 | 364 | ExprStmt |
| fun | false | 366 | 366 | { ... } |
| fun | false | 368 | 368 | <handler> |
| fun | false | 369 | 369 | <handler> |
| fun | false | 370 | 370 | try { ... } |
| fun | false | 373 | 373 | call to k |
| fun | false | 375 | 375 | ExprStmt |
| fun | false | 379 | 379 | 7 |
| fun | false | 380 | 380 | throw ... |
| fun | false | 382 | 382 | ExprStmt |
| fun | false | 384 | 384 | { ... } |
| fun | false | 390 | 390 | call to l |
| fun | false | 392 | 392 | ExprStmt |
| fun | false | 394 | 394 | { ... } |
| fun | false | 397 | 397 | call to m |
| fun | false | 399 | 399 | ExprStmt |
| fun | false | 401 | 401 | { ... } |
| fun | false | 403 | 403 | <handler> |
| fun | false | 404 | 404 | <handler> |
| fun | false | 405 | 405 | try { ... } |
| fun | false | 408 | 408 | call to n |
| fun | false | 410 | 410 | ExprStmt |
| fun | false | 412 | 412 | return ... |
| fun | false | 414 | 414 | { ... } |
| fun | true | 295 | 302 | |
| fun | true | 297 | 295 | |
| fun | true | 300 | 307 | |
| fun | true | 302 | 300 | |
| fun | true | 305 | 312 | |
| fun | true | 307 | 305 | |
| fun | true | 310 | 317 | |
| fun | true | 312 | 310 | |
| fun | true | 317 | 315 | |
| fun | true | 321 | 322 | |
| fun | true | 322 | 343 | |
| fun | true | 324 | 321 | |
| fun | true | 327 | 375 | |
| fun | true | 329 | 327 | |
| fun | true | 331 | 297 | |
| fun | true | 337 | 375 | |
| fun | true | 339 | 337 | |
| fun | true | 341 | 339 | |
| fun | true | 343 | 341 | |
| fun | true | 343 | 368 | |
| fun | true | 344 | 331 | |
| fun | true | 346 | 344 | |
| fun | true | 352 | 375 | |
| fun | true | 354 | 352 | |
| fun | true | 356 | 354 | |
| fun | true | 362 | 375 | |
| fun | true | 364 | 362 | |
| fun | true | 366 | 364 | |
| fun | true | 368 | 356 | |
| fun | true | 368 | 369 | |
| fun | true | 369 | 287 | |
| fun | true | 369 | 366 | |
| fun | true | 370 | 346 | |
| fun | true | 373 | 405 | |
| fun | true | 375 | 373 | |
| fun | true | 379 | 380 | |
| fun | true | 380 | 403 | |
| fun | true | 382 | 379 | |
| fun | true | 384 | 382 | |
| fun | true | 390 | 410 | |
| fun | true | 392 | 390 | |
| fun | true | 394 | 392 | |
| fun | true | 397 | 410 | |
| fun | true | 399 | 397 | |
| fun | true | 401 | 399 | |
| fun | true | 403 | 394 | |
| fun | true | 403 | 404 | |
| fun | true | 404 | 401 | |
| fun | true | 405 | 384 | |
| fun | true | 408 | 412 | |
| fun | true | 410 | 408 | |
| fun | true | 412 | 287 | |
| fun | true | 414 | 370 | |
| fun2 | false | 204 | 204 | fun2 |
| fun2 | false | 215 | 215 | fun2 |
| fun2 | false | 218 | 218 | { ... } |
| fun2 | false | 223 | 223 | re-throw exception |
| fun2 | false | 225 | 225 | ExprStmt |
| fun2 | false | 227 | 227 | { ... } |
| fun2 | false | 231 | 231 | 1 |
| fun2 | false | 232 | 232 | return ... |
| fun2 | false | 234 | 234 | { ... } |
| fun2 | false | 236 | 236 | <handler> |
| fun2 | false | 237 | 237 | <handler> |
| fun2 | false | 238 | 238 | try { ... } |
| fun2 | false | 242 | 242 | 0 |
| fun2 | false | 243 | 243 | return ... |
| fun2 | false | 245 | 245 | { ... } |
| fun2 | false | 702 | 702 | { ... } |
| fun2 | false | 707 | 707 | re-throw exception |
| fun2 | false | 708 | 708 | ExprStmt |
| fun2 | false | 709 | 709 | { ... } |
| fun2 | false | 711 | 711 | 1 |
| fun2 | false | 712 | 712 | return ... |
| fun2 | false | 713 | 713 | { ... } |
| fun2 | false | 714 | 714 | <handler> |
| fun2 | false | 715 | 715 | <handler> |
| fun2 | false | 716 | 716 | try { ... } |
| fun2 | false | 718 | 718 | 0 |
| fun2 | false | 719 | 719 | return ... |
| fun2 | false | 720 | 720 | { ... } |
| fun2 | true | 218 | 243 | |
| fun2 | true | 223 | 215 | |
| fun2 | true | 225 | 223 | |
| fun2 | true | 227 | 225 | |
| fun2 | true | 231 | 215 | |
| fun2 | true | 232 | 231 | |
| fun2 | true | 234 | 232 | |
| fun2 | true | 236 | 227 | |
| fun2 | true | 236 | 237 | |
| fun2 | true | 237 | 234 | |
| fun2 | true | 238 | 218 | |
| fun2 | true | 242 | 215 | |
| fun2 | true | 243 | 242 | |
| fun2 | true | 245 | 238 | |
| fun2 | true | 702 | 719 | |
| fun2 | true | 707 | 204 | |
| fun2 | true | 708 | 707 | |
| fun2 | true | 709 | 708 | |
| fun2 | true | 711 | 204 | |
| fun2 | true | 712 | 711 | |
| fun2 | true | 713 | 712 | |
| fun2 | true | 714 | 709 | |
| fun2 | true | 714 | 715 | |
| fun2 | true | 715 | 713 | |
| fun2 | true | 716 | 702 | |
| fun2 | true | 718 | 204 | |
| fun2 | true | 719 | 718 | |
| fun2 | true | 720 | 716 | |
| g | false | 326 | 326 | g |
| h | false | 336 | 336 | h |
| i | false | 351 | 351 | i |
| j | false | 361 | 361 | j |
| k | false | 372 | 372 | k |
| l | false | 389 | 389 | l |
| m | false | 396 | 396 | m |
| n | false | 407 | 407 | n |
| run_fun2 | false | 199 | 199 | run_fun2 |
| run_fun2 | false | 207 | 207 | call to fun2 |
| run_fun2 | false | 209 | 209 | ExprStmt |
| run_fun2 | false | 211 | 211 | return ... |
| run_fun2 | false | 213 | 213 | { ... } |
| run_fun2 | true | 207 | 211 | |
| run_fun2 | true | 209 | 207 | |
| run_fun2 | true | 211 | 199 | |
| run_fun2 | true | 213 | 209 | |
| fun | false | 332 | 332 | call to h |
| fun | false | 334 | 334 | { ... } |
| fun | false | 336 | 336 | <handler> |
| fun | false | 337 | 337 | { ... } |
| fun | false | 342 | 342 | ExprStmt |
| fun | false | 345 | 345 | call to i |
| fun | false | 347 | 347 | { ... } |
| fun | false | 352 | 352 | ExprStmt |
| fun | false | 355 | 355 | call to j |
| fun | false | 357 | 357 | { ... } |
| fun | false | 359 | 359 | <handler> |
| fun | false | 360 | 360 | <handler> |
| fun | false | 361 | 361 | ExprStmt |
| fun | false | 364 | 364 | call to k |
| fun | false | 366 | 366 | try { ... } |
| fun | false | 368 | 368 | ExprStmt |
| fun | false | 372 | 372 | 7 |
| fun | false | 373 | 373 | throw ... |
| fun | false | 375 | 375 | { ... } |
| fun | false | 380 | 380 | ExprStmt |
| fun | false | 383 | 383 | call to l |
| fun | false | 385 | 385 | { ... } |
| fun | false | 387 | 387 | ExprStmt |
| fun | false | 390 | 390 | call to m |
| fun | false | 392 | 392 | { ... } |
| fun | false | 394 | 394 | <handler> |
| fun | false | 395 | 395 | <handler> |
| fun | false | 396 | 396 | ExprStmt |
| fun | false | 399 | 399 | call to n |
| fun | false | 401 | 401 | return ... |
| fun | false | 403 | 403 | { ... } |
| fun | true | 281 | 337 | |
| fun | true | 283 | 324 | |
| fun | true | 285 | 290 | |
| fun | true | 290 | 292 | |
| fun | true | 292 | 295 | |
| fun | true | 295 | 297 | |
| fun | true | 297 | 300 | |
| fun | true | 300 | 302 | |
| fun | true | 302 | 305 | |
| fun | true | 305 | 307 | |
| fun | true | 307 | 310 | |
| fun | true | 312 | 316 | |
| fun | true | 316 | 317 | |
| fun | true | 317 | 336 | |
| fun | true | 319 | 322 | |
| fun | true | 322 | 361 | |
| fun | true | 324 | 285 | |
| fun | true | 329 | 332 | |
| fun | true | 332 | 361 | |
| fun | true | 334 | 329 | |
| fun | true | 336 | 334 | |
| fun | true | 336 | 359 | |
| fun | true | 337 | 283 | |
| fun | true | 342 | 345 | |
| fun | true | 345 | 361 | |
| fun | true | 347 | 342 | |
| fun | true | 352 | 355 | |
| fun | true | 355 | 361 | |
| fun | true | 357 | 352 | |
| fun | true | 359 | 347 | |
| fun | true | 359 | 360 | |
| fun | true | 360 | 276 | |
| fun | true | 360 | 357 | |
| fun | true | 361 | 364 | |
| fun | true | 364 | 366 | |
| fun | true | 366 | 375 | |
| fun | true | 368 | 372 | |
| fun | true | 372 | 373 | |
| fun | true | 373 | 394 | |
| fun | true | 375 | 368 | |
| fun | true | 380 | 383 | |
| fun | true | 383 | 396 | |
| fun | true | 385 | 380 | |
| fun | true | 387 | 390 | |
| fun | true | 390 | 396 | |
| fun | true | 392 | 387 | |
| fun | true | 394 | 385 | |
| fun | true | 394 | 395 | |
| fun | true | 395 | 392 | |
| fun | true | 396 | 399 | |
| fun | true | 399 | 401 | |
| fun | true | 401 | 276 | |
| fun | true | 403 | 281 | |
| fun2 | false | 149 | 149 | fun2 |
| fun2 | false | 159 | 159 | fun2 |
| fun2 | false | 162 | 162 | try { ... } |
| fun2 | false | 164 | 164 | { ... } |
| fun2 | false | 172 | 172 | ExprStmt |
| fun2 | false | 174 | 174 | re-throw exception |
| fun2 | false | 176 | 176 | { ... } |
| fun2 | false | 178 | 178 | return ... |
| fun2 | false | 182 | 182 | 1 |
| fun2 | false | 183 | 183 | { ... } |
| fun2 | false | 185 | 185 | <handler> |
| fun2 | false | 186 | 186 | <handler> |
| fun2 | false | 187 | 187 | return ... |
| fun2 | false | 191 | 191 | 0 |
| fun2 | false | 192 | 192 | { ... } |
| fun2 | false | 257 | 257 | try { ... } |
| fun2 | false | 258 | 258 | { ... } |
| fun2 | false | 261 | 261 | ExprStmt |
| fun2 | false | 262 | 262 | re-throw exception |
| fun2 | false | 263 | 263 | { ... } |
| fun2 | false | 264 | 264 | return ... |
| fun2 | false | 266 | 266 | 1 |
| fun2 | false | 267 | 267 | { ... } |
| fun2 | false | 268 | 268 | <handler> |
| fun2 | false | 269 | 269 | <handler> |
| fun2 | false | 270 | 270 | return ... |
| fun2 | false | 272 | 272 | 0 |
| fun2 | false | 273 | 273 | { ... } |
| fun2 | true | 162 | 164 | |
| fun2 | true | 164 | 187 | |
| fun2 | true | 172 | 174 | |
| fun2 | true | 174 | 159 | |
| fun2 | true | 176 | 172 | |
| fun2 | true | 178 | 182 | |
| fun2 | true | 182 | 159 | |
| fun2 | true | 183 | 178 | |
| fun2 | true | 185 | 176 | |
| fun2 | true | 185 | 186 | |
| fun2 | true | 186 | 183 | |
| fun2 | true | 187 | 191 | |
| fun2 | true | 191 | 159 | |
| fun2 | true | 192 | 162 | |
| fun2 | true | 257 | 258 | |
| fun2 | true | 258 | 270 | |
| fun2 | true | 261 | 262 | |
| fun2 | true | 262 | 149 | |
| fun2 | true | 263 | 261 | |
| fun2 | true | 264 | 266 | |
| fun2 | true | 266 | 149 | |
| fun2 | true | 267 | 264 | |
| fun2 | true | 268 | 263 | |
| fun2 | true | 268 | 269 | |
| fun2 | true | 269 | 267 | |
| fun2 | true | 270 | 272 | |
| fun2 | true | 272 | 149 | |
| fun2 | true | 273 | 257 | |
| g | false | 321 | 321 | g |
| h | false | 331 | 331 | h |
| i | false | 344 | 344 | i |
| j | false | 354 | 354 | j |
| k | false | 363 | 363 | k |
| l | false | 382 | 382 | l |
| m | false | 389 | 389 | m |
| n | false | 398 | 398 | n |
| run_fun2 | false | 142 | 142 | run_fun2 |
| run_fun2 | false | 147 | 147 | ExprStmt |
| run_fun2 | false | 152 | 152 | call to fun2 |
| run_fun2 | false | 154 | 154 | return ... |
| run_fun2 | false | 156 | 156 | { ... } |
| run_fun2 | true | 147 | 152 | |
| run_fun2 | true | 152 | 154 | |
| run_fun2 | true | 154 | 142 | |
| run_fun2 | true | 156 | 147 | |

View File

@@ -1,2 +1,3 @@
| exceptions.cpp:25:13:25:19 | ExprStmt |
| exceptions.cpp:26:13:26:13 | ExprStmt |
| ms.cpp:38:1:38:1 | c101 |

View File

@@ -159,6 +159,9 @@ postWithInFlow
| test.cpp:808:5:808:21 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:808:6:808:21 | global_indirect1 [inner post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:832:5:832:17 | global_direct [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:931:5:931:18 | global_pointer [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:932:5:932:19 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
| test.cpp:932:6:932:19 | global_pointer [inner post update] | PostUpdateNode should not be the target of local flow. |
viableImplInCallContextTooLarge
uniqueParameterNodeAtPosition
uniqueParameterNodePosition
@@ -166,3 +169,4 @@ uniqueContentApprox
identityLocalStep
missingArgumentCall
multipleArgumentCall
lambdaCallEnclosingCallableMismatch

View File

@@ -31,3 +31,4 @@ uniqueContentApprox
identityLocalStep
missingArgumentCall
multipleArgumentCall
lambdaCallEnclosingCallableMismatch

View File

@@ -300,6 +300,7 @@ irFlow
| test.cpp:902:56:902:75 | *indirect_source(2) | test.cpp:911:19:911:48 | *global_array_static_indirect_2 |
| test.cpp:914:46:914:53 | source | test.cpp:919:10:919:30 | global_pointer_static |
| test.cpp:915:57:915:76 | *indirect_source(1) | test.cpp:921:19:921:50 | *global_pointer_static_indirect_1 |
| test.cpp:932:23:932:28 | call to source | test.cpp:937:10:937:24 | * ... |
| true_upon_entry.cpp:9:11:9:16 | call to source | true_upon_entry.cpp:13:8:13:8 | x |
| true_upon_entry.cpp:17:11:17:16 | call to source | true_upon_entry.cpp:21:8:21:8 | x |
| true_upon_entry.cpp:27:9:27:14 | call to source | true_upon_entry.cpp:29:8:29:8 | x |

View File

@@ -923,3 +923,17 @@ namespace GlobalArrays {
indirect_sink(global_pointer_static_indirect_2); // clean: global_pointer_static_indirect_2 does not have 2 indirections
}
}
namespace global_variable_conflation_test {
int* global_pointer;
void def() {
global_pointer = nullptr;
*global_pointer = source();
}
void use() {
sink(global_pointer); // clean
sink(*global_pointer); // $ ir MISSING: ast
}
}

View File

@@ -193,3 +193,4 @@ uniqueContentApprox
identityLocalStep
missingArgumentCall
multipleArgumentCall
lambdaCallEnclosingCallableMismatch

View File

@@ -27,3 +27,4 @@ uniqueContentApprox
identityLocalStep
missingArgumentCall
multipleArgumentCall
lambdaCallEnclosingCallableMismatch

View File

@@ -1,255 +1,263 @@
| C::C | false | 197 | 197 | C |
| C::C | false | 398 | 398 | C |
| C::operator= | false | 391 | 391 | operator= |
| C::~C | false | 331 | 331 | ~C |
| Class2::Class2 | false | 538 | 538 | Class2 |
| Class2::Class2 | false | 544 | 544 | return ... |
| Class2::Class2 | false | 546 | 546 | { ... } |
| C::C | false | 181 | 181 | C |
| C::C | false | 384 | 384 | C |
| C::operator= | false | 375 | 375 | operator= |
| C::~C | false | 333 | 333 | ~C |
| Class2::Class2 | false | 547 | 547 | Class2 |
| Class2::Class2 | true | 544 | 538 | |
| Class2::Class2 | true | 546 | 544 | |
| Class2::operator= | false | 532 | 532 | operator= |
| Class2::~Class2 | false | 467 | 467 | ~Class2 |
| Outer::Inner::Inner | false | 488 | 488 | Inner |
| Outer::Inner::Inner | false | 509 | 509 | Inner |
| Outer::Inner::Inner | false | 528 | 528 | return ... |
| Outer::Inner::Inner | false | 530 | 530 | { ... } |
| Outer::Inner::Inner | true | 528 | 488 | |
| Outer::Inner::Inner | true | 530 | 528 | |
| Outer::Inner::operator= | false | 502 | 502 | operator= |
| Outer::Inner::~Inner | false | 470 | 470 | ~Inner |
| Outer::Inner::~Inner | false | 517 | 517 | return ... |
| Outer::Inner::~Inner | false | 519 | 519 | { ... } |
| Outer::Inner::~Inner | true | 517 | 470 | |
| Outer::Inner::~Inner | true | 519 | 517 | |
| Outer::f2 | false | 439 | 439 | f2 |
| Outer::f2 | false | 447 | 447 | declaration |
| Outer::f2 | false | 449 | 449 | i |
| Outer::f2 | false | 451 | 451 | (bool)... |
| Outer::f2 | false | 452 | 452 | return ... |
| Outer::f2 | false | 454 | 454 | { ... } |
| Outer::f2 | false | 456 | 456 | if (...) ... |
| Outer::f2 | false | 458 | 458 | declaration |
| Outer::f2 | false | 460 | 460 | return ... |
| Outer::f2 | false | 462 | 462 | { ... } |
| Outer::f2 | false | 464 | 464 | c |
| Outer::f2 | false | 466 | 466 | call to c.~Class2 |
| Outer::f2 | false | 468 | 468 | inner |
| Outer::f2 | false | 469 | 469 | call to inner.~Inner |
| Outer::f2 | false | 474 | 474 | call to getClass2 |
| Outer::f2 | false | 476 | 476 | initializer for c |
| Outer::f2 | false | 481 | 481 | call to Inner |
| Outer::f2 | false | 490 | 490 | c |
| Outer::f2 | false | 492 | 492 | (const Class2)... |
| Outer::f2 | false | 493 | 493 | (reference to) |
| Outer::f2 | false | 494 | 494 | initializer for inner |
| Outer::f2 | true | 447 | 476 | |
| Outer::f2 | true | 449 | 454 | T |
| Outer::f2 | true | 449 | 458 | F |
| Outer::f2 | true | 452 | 464 | |
| Outer::f2 | true | 454 | 452 | |
| Outer::f2 | true | 456 | 449 | |
| Outer::f2 | true | 458 | 494 | |
| Outer::f2 | true | 460 | 468 | |
| Outer::f2 | true | 462 | 447 | |
| Class2::Class2 | false | 554 | 554 | return ... |
| Class2::Class2 | false | 556 | 556 | { ... } |
| Class2::Class2 | false | 557 | 557 | Class2 |
| Class2::Class2 | true | 554 | 547 | |
| Class2::Class2 | true | 556 | 554 | |
| Class2::operator= | false | 541 | 541 | operator= |
| Class2::~Class2 | false | 499 | 499 | ~Class2 |
| Outer::Inner::Inner | false | 481 | 481 | Inner |
| Outer::Inner::Inner | false | 517 | 517 | Inner |
| Outer::Inner::Inner | false | 537 | 537 | return ... |
| Outer::Inner::Inner | false | 539 | 539 | { ... } |
| Outer::Inner::Inner | true | 537 | 481 | |
| Outer::Inner::Inner | true | 539 | 537 | |
| Outer::Inner::operator= | false | 508 | 508 | operator= |
| Outer::Inner::~Inner | false | 504 | 504 | ~Inner |
| Outer::Inner::~Inner | false | 526 | 526 | return ... |
| Outer::Inner::~Inner | false | 528 | 528 | { ... } |
| Outer::Inner::~Inner | true | 526 | 504 | |
| Outer::Inner::~Inner | true | 528 | 526 | |
| Outer::f2 | false | 444 | 444 | f2 |
| Outer::f2 | false | 453 | 453 | declaration |
| Outer::f2 | false | 458 | 458 | call to getClass2 |
| Outer::f2 | false | 460 | 460 | initializer for c |
| Outer::f2 | false | 464 | 464 | if (...) ... |
| Outer::f2 | false | 466 | 466 | i |
| Outer::f2 | false | 468 | 468 | (bool)... |
| Outer::f2 | false | 469 | 469 | return ... |
| Outer::f2 | false | 471 | 471 | { ... } |
| Outer::f2 | false | 473 | 473 | declaration |
| Outer::f2 | false | 476 | 476 | call to Inner |
| Outer::f2 | false | 482 | 482 | c |
| Outer::f2 | false | 485 | 485 | (const Class2)... |
| Outer::f2 | false | 488 | 488 | (reference to) |
| Outer::f2 | false | 489 | 489 | initializer for inner |
| Outer::f2 | false | 492 | 492 | return ... |
| Outer::f2 | false | 494 | 494 | { ... } |
| Outer::f2 | false | 496 | 496 | c |
| Outer::f2 | false | 498 | 498 | call to c.~Class2 |
| Outer::f2 | false | 500 | 500 | c |
| Outer::f2 | false | 501 | 501 | call to c.~Class2 |
| Outer::f2 | false | 502 | 502 | inner |
| Outer::f2 | false | 503 | 503 | call to inner.~Inner |
| Outer::f2 | true | 453 | 460 | |
| Outer::f2 | true | 458 | 464 | |
| Outer::f2 | true | 460 | 458 | |
| Outer::f2 | true | 464 | 466 | |
| Outer::f2 | true | 466 | 439 | |
| Outer::f2 | true | 468 | 469 | |
| Outer::f2 | true | 469 | 464 | |
| Outer::f2 | true | 474 | 456 | |
| Outer::f2 | true | 476 | 474 | |
| Outer::f2 | true | 481 | 460 | |
| Outer::f2 | true | 490 | 481 | |
| Outer::f2 | true | 494 | 490 | |
| Outer::operator= | false | 424 | 424 | operator= |
| Outer::operator= | false | 435 | 435 | operator= |
| __va_list_tag::operator= | false | 93 | 93 | operator= |
| __va_list_tag::operator= | false | 100 | 100 | operator= |
| f | false | 181 | 181 | f |
| f | false | 192 | 192 | declaration |
| f | false | 195 | 195 | call to C |
| f | false | 200 | 200 | 120 |
| f | false | 201 | 201 | initializer for c20 |
| f | false | 205 | 205 | call to C |
| f | false | 209 | 209 | 121 |
| f | false | 210 | 210 | initializer for c21 |
| f | false | 213 | 213 | declaration |
| f | false | 216 | 216 | call to C |
| f | false | 220 | 220 | 130 |
| f | false | 221 | 221 | initializer for c30 |
| f | false | 224 | 224 | declaration |
| f | false | 226 | 226 | { ... } |
| f | false | 229 | 229 | call to C |
| f | false | 233 | 233 | 131 |
| f | false | 234 | 234 | initializer for c31 |
| f | false | 238 | 238 | call to C |
| f | false | 242 | 242 | 132 |
| f | false | 243 | 243 | initializer for c32 |
| f | false | 247 | 247 | call to C |
| f | false | 251 | 251 | 133 |
| f | false | 252 | 252 | initializer for c33 |
| f | false | 255 | 255 | declaration |
| f | false | 257 | 257 | b1 |
| f | false | 259 | 259 | (bool)... |
| f | false | 260 | 260 | goto ... |
| f | false | 262 | 262 | if (...) ... |
| f | false | 264 | 264 | declaration |
| f | false | 266 | 266 | b2 |
| f | false | 268 | 268 | (bool)... |
| f | false | 269 | 269 | return ... |
| f | false | 271 | 271 | if (...) ... |
| f | false | 273 | 273 | declaration |
| f | false | 275 | 275 | { ... } |
| f | false | 278 | 278 | call to C |
| f | false | 282 | 282 | 134 |
| f | false | 283 | 283 | initializer for c34 |
| f | false | 286 | 286 | declaration |
| f | false | 288 | 288 | { ... } |
| f | false | 290 | 290 | declaration |
| f | false | 292 | 292 | { ... } |
| f | false | 295 | 295 | call to C |
| f | false | 299 | 299 | 122 |
| f | false | 300 | 300 | initializer for c22 |
| f | false | 303 | 303 | declaration |
| f | false | 305 | 305 | { ... } |
| f | false | 308 | 308 | call to C |
| f | false | 312 | 312 | 123 |
| f | false | 313 | 313 | initializer for c23 |
| f | false | 316 | 316 | label ...: |
| f | false | 318 | 318 | declaration |
| f | false | 320 | 320 | { ... } |
| f | false | 322 | 322 | declaration |
| f | false | 324 | 324 | return ... |
| f | false | 326 | 326 | { ... } |
| f | false | 328 | 328 | c10 |
| f | false | 330 | 330 | call to c10.~C |
| f | false | 332 | 332 | c11 |
| f | false | 333 | 333 | call to c11.~C |
| f | false | 334 | 334 | c23 |
| f | false | 336 | 336 | call to c23.~C |
| f | false | 337 | 337 | c22 |
| f | false | 339 | 339 | call to c22.~C |
| f | false | 340 | 340 | c20 |
| f | false | 342 | 342 | call to c20.~C |
| f | false | 343 | 343 | c21 |
| f | false | 344 | 344 | call to c21.~C |
| f | false | 345 | 345 | c34 |
| f | false | 347 | 347 | call to c34.~C |
| Outer::f2 | true | 466 | 471 | T |
| Outer::f2 | true | 466 | 473 | F |
| Outer::f2 | true | 469 | 496 | |
| Outer::f2 | true | 471 | 469 | |
| Outer::f2 | true | 473 | 489 | |
| Outer::f2 | true | 476 | 492 | |
| Outer::f2 | true | 482 | 476 | |
| Outer::f2 | true | 489 | 482 | |
| Outer::f2 | true | 492 | 502 | |
| Outer::f2 | true | 494 | 453 | |
| Outer::f2 | true | 496 | 498 | |
| Outer::f2 | true | 498 | 444 | |
| Outer::f2 | true | 500 | 501 | |
| Outer::f2 | true | 501 | 444 | |
| Outer::f2 | true | 502 | 503 | |
| Outer::f2 | true | 503 | 500 | |
| Outer::operator= | false | 428 | 428 | operator= |
| Outer::operator= | false | 438 | 438 | operator= |
| __va_list_tag::operator= | false | 66 | 66 | operator= |
| __va_list_tag::operator= | false | 72 | 72 | operator= |
| f | false | 165 | 165 | f |
| f | false | 176 | 176 | declaration |
| f | false | 179 | 179 | call to C |
| f | false | 184 | 184 | 110 |
| f | false | 185 | 185 | initializer for c10 |
| f | false | 189 | 189 | call to C |
| f | false | 193 | 193 | 120 |
| f | false | 194 | 194 | initializer for c20 |
| f | false | 198 | 198 | call to C |
| f | false | 202 | 202 | 121 |
| f | false | 203 | 203 | initializer for c21 |
| f | false | 206 | 206 | declaration |
| f | false | 209 | 209 | call to C |
| f | false | 213 | 213 | 130 |
| f | false | 214 | 214 | initializer for c30 |
| f | false | 217 | 217 | declaration |
| f | false | 219 | 219 | { ... } |
| f | false | 222 | 222 | call to C |
| f | false | 226 | 226 | 131 |
| f | false | 227 | 227 | initializer for c31 |
| f | false | 231 | 231 | call to C |
| f | false | 235 | 235 | 132 |
| f | false | 236 | 236 | initializer for c32 |
| f | false | 240 | 240 | call to C |
| f | false | 244 | 244 | 133 |
| f | false | 245 | 245 | initializer for c33 |
| f | false | 248 | 248 | declaration |
| f | false | 250 | 250 | if (...) ... |
| f | false | 252 | 252 | b1 |
| f | false | 254 | 254 | (bool)... |
| f | false | 255 | 255 | goto ... |
| f | false | 257 | 257 | declaration |
| f | false | 259 | 259 | if (...) ... |
| f | false | 261 | 261 | b2 |
| f | false | 263 | 263 | (bool)... |
| f | false | 264 | 264 | return ... |
| f | false | 266 | 266 | declaration |
| f | false | 268 | 268 | { ... } |
| f | false | 271 | 271 | call to C |
| f | false | 275 | 275 | 134 |
| f | false | 276 | 276 | initializer for c34 |
| f | false | 279 | 279 | declaration |
| f | false | 281 | 281 | { ... } |
| f | false | 283 | 283 | declaration |
| f | false | 285 | 285 | { ... } |
| f | false | 288 | 288 | call to C |
| f | false | 292 | 292 | 122 |
| f | false | 293 | 293 | initializer for c22 |
| f | false | 296 | 296 | declaration |
| f | false | 298 | 298 | { ... } |
| f | false | 301 | 301 | call to C |
| f | false | 305 | 305 | 123 |
| f | false | 306 | 306 | initializer for c23 |
| f | false | 309 | 309 | label ...: |
| f | false | 311 | 311 | declaration |
| f | false | 313 | 313 | { ... } |
| f | false | 315 | 315 | declaration |
| f | false | 318 | 318 | call to C |
| f | false | 322 | 322 | 111 |
| f | false | 323 | 323 | initializer for c11 |
| f | false | 326 | 326 | return ... |
| f | false | 328 | 328 | { ... } |
| f | false | 330 | 330 | c20 |
| f | false | 332 | 332 | call to c20.~C |
| f | false | 334 | 334 | c21 |
| f | false | 335 | 335 | call to c21.~C |
| f | false | 336 | 336 | c30 |
| f | false | 338 | 338 | call to c30.~C |
| f | false | 339 | 339 | c31 |
| f | false | 341 | 341 | call to c31.~C |
| f | false | 342 | 342 | c32 |
| f | false | 343 | 343 | call to c32.~C |
| f | false | 344 | 344 | c33 |
| f | false | 345 | 345 | call to c33.~C |
| f | false | 346 | 346 | c20 |
| f | false | 347 | 347 | call to c20.~C |
| f | false | 348 | 348 | c31 |
| f | false | 350 | 350 | call to c31.~C |
| f | false | 351 | 351 | c32 |
| f | false | 352 | 352 | call to c32.~C |
| f | false | 353 | 353 | c33 |
| f | false | 354 | 354 | call to c33.~C |
| f | false | 355 | 355 | c20 |
| f | false | 356 | 356 | call to c20.~C |
| f | false | 357 | 357 | c31 |
| f | false | 358 | 358 | call to c31.~C |
| f | false | 359 | 359 | c32 |
| f | false | 360 | 360 | call to c32.~C |
| f | false | 361 | 361 | c20 |
| f | false | 362 | 362 | call to c20.~C |
| f | false | 363 | 363 | c31 |
| f | false | 364 | 364 | call to c31.~C |
| f | false | 365 | 365 | c30 |
| f | false | 367 | 367 | call to c30.~C |
| f | false | 369 | 369 | call to C |
| f | false | 373 | 373 | 110 |
| f | false | 374 | 374 | initializer for c10 |
| f | false | 378 | 378 | call to C |
| f | false | 382 | 382 | 111 |
| f | false | 383 | 383 | initializer for c11 |
| f | true | 192 | 374 | |
| f | true | 195 | 226 | |
| f | true | 200 | 195 | |
| f | true | 201 | 200 | |
| f | true | 205 | 343 | |
| f | true | 209 | 205 | |
| f | true | 210 | 209 | |
| f | true | 213 | 201 | |
| f | true | 216 | 365 | |
| f | true | 220 | 216 | |
| f | true | 221 | 220 | |
| f | true | 224 | 221 | |
| f | true | 226 | 224 | |
| f | true | 229 | 262 | |
| f | true | 233 | 229 | |
| f | true | 234 | 233 | |
| f | true | 238 | 271 | |
| f | true | 242 | 238 | |
| f | true | 243 | 242 | |
| f | true | 247 | 353 | |
| f | true | 251 | 247 | |
| f | true | 252 | 251 | |
| f | true | 255 | 234 | |
| f | true | 257 | 260 | T |
| f | true | 257 | 264 | F |
| f | true | 260 | 363 | |
| f | true | 262 | 257 | |
| f | true | 264 | 243 | |
| f | true | 266 | 269 | T |
| f | true | 266 | 273 | F |
| f | true | 269 | 359 | |
| f | true | 271 | 266 | |
| f | true | 273 | 252 | |
| f | true | 275 | 255 | |
| f | true | 278 | 345 | |
| f | true | 282 | 278 | |
| f | true | 283 | 282 | |
| f | true | 286 | 283 | |
| f | true | 288 | 286 | |
| f | true | 290 | 210 | |
| f | true | 292 | 213 | |
| f | true | 295 | 337 | |
| f | true | 299 | 295 | |
| f | true | 300 | 299 | |
| f | true | 303 | 300 | |
| f | true | 305 | 303 | |
| f | true | 308 | 334 | |
| f | true | 312 | 308 | |
| f | true | 313 | 312 | |
| f | true | 316 | 318 | |
| f | true | 318 | 313 | |
| f | true | 320 | 316 | |
| f | true | 322 | 383 | |
| f | true | 324 | 332 | |
| f | true | 326 | 192 | |
| f | true | 328 | 330 | |
| f | true | 330 | 181 | |
| f | true | 332 | 333 | |
| f | true | 333 | 328 | |
| f | true | 334 | 336 | |
| f | true | 336 | 322 | |
| f | true | 337 | 339 | |
| f | true | 339 | 320 | |
| f | true | 340 | 342 | |
| f | true | 342 | 305 | |
| f | true | 343 | 344 | |
| f | true | 344 | 340 | |
| f | true | 345 | 347 | |
| f | true | 347 | 290 | |
| f | true | 348 | 350 | |
| f | true | 350 | 288 | |
| f | true | 351 | 352 | |
| f | true | 352 | 348 | |
| f | false | 349 | 349 | call to c31.~C |
| f | false | 350 | 350 | c10 |
| f | false | 352 | 352 | call to c10.~C |
| f | false | 353 | 353 | c20 |
| f | false | 354 | 354 | call to c20.~C |
| f | false | 355 | 355 | c31 |
| f | false | 356 | 356 | call to c31.~C |
| f | false | 357 | 357 | c32 |
| f | false | 358 | 358 | call to c32.~C |
| f | false | 359 | 359 | c34 |
| f | false | 361 | 361 | call to c34.~C |
| f | false | 362 | 362 | c22 |
| f | false | 364 | 364 | call to c22.~C |
| f | false | 365 | 365 | c23 |
| f | false | 367 | 367 | call to c23.~C |
| f | false | 368 | 368 | c10 |
| f | false | 369 | 369 | call to c10.~C |
| f | false | 370 | 370 | c11 |
| f | false | 371 | 371 | call to c11.~C |
| f | true | 176 | 185 | |
| f | true | 179 | 285 | |
| f | true | 184 | 179 | |
| f | true | 185 | 184 | |
| f | true | 189 | 219 | |
| f | true | 193 | 189 | |
| f | true | 194 | 193 | |
| f | true | 198 | 334 | |
| f | true | 202 | 198 | |
| f | true | 203 | 202 | |
| f | true | 206 | 194 | |
| f | true | 209 | 336 | |
| f | true | 213 | 209 | |
| f | true | 214 | 213 | |
| f | true | 217 | 214 | |
| f | true | 219 | 217 | |
| f | true | 222 | 250 | |
| f | true | 226 | 222 | |
| f | true | 227 | 226 | |
| f | true | 231 | 259 | |
| f | true | 235 | 231 | |
| f | true | 236 | 235 | |
| f | true | 240 | 344 | |
| f | true | 244 | 240 | |
| f | true | 245 | 244 | |
| f | true | 248 | 227 | |
| f | true | 250 | 252 | |
| f | true | 252 | 255 | T |
| f | true | 252 | 257 | F |
| f | true | 255 | 348 | |
| f | true | 257 | 236 | |
| f | true | 259 | 261 | |
| f | true | 261 | 264 | T |
| f | true | 261 | 266 | F |
| f | true | 264 | 357 | |
| f | true | 266 | 245 | |
| f | true | 268 | 248 | |
| f | true | 271 | 359 | |
| f | true | 275 | 271 | |
| f | true | 276 | 275 | |
| f | true | 279 | 276 | |
| f | true | 281 | 279 | |
| f | true | 283 | 203 | |
| f | true | 285 | 206 | |
| f | true | 288 | 362 | |
| f | true | 292 | 288 | |
| f | true | 293 | 292 | |
| f | true | 296 | 293 | |
| f | true | 298 | 296 | |
| f | true | 301 | 365 | |
| f | true | 305 | 301 | |
| f | true | 306 | 305 | |
| f | true | 309 | 311 | |
| f | true | 311 | 306 | |
| f | true | 313 | 309 | |
| f | true | 315 | 323 | |
| f | true | 318 | 326 | |
| f | true | 322 | 318 | |
| f | true | 323 | 322 | |
| f | true | 326 | 370 | |
| f | true | 328 | 176 | |
| f | true | 330 | 332 | |
| f | true | 332 | 298 | |
| f | true | 334 | 335 | |
| f | true | 335 | 330 | |
| f | true | 336 | 338 | |
| f | true | 338 | 268 | |
| f | true | 339 | 341 | |
| f | true | 341 | 281 | |
| f | true | 342 | 343 | |
| f | true | 343 | 339 | |
| f | true | 344 | 345 | |
| f | true | 345 | 342 | |
| f | true | 346 | 347 | |
| f | true | 347 | 309 | |
| f | true | 348 | 349 | |
| f | true | 349 | 346 | |
| f | true | 350 | 352 | |
| f | true | 352 | 165 | |
| f | true | 353 | 354 | |
| f | true | 354 | 351 | |
| f | true | 354 | 350 | |
| f | true | 355 | 356 | |
| f | true | 356 | 328 | |
| f | true | 356 | 353 | |
| f | true | 357 | 358 | |
| f | true | 358 | 355 | |
| f | true | 359 | 360 | |
| f | true | 360 | 357 | |
| f | true | 361 | 362 | |
| f | true | 362 | 316 | |
| f | true | 363 | 364 | |
| f | true | 364 | 361 | |
| f | true | 359 | 361 | |
| f | true | 361 | 283 | |
| f | true | 362 | 364 | |
| f | true | 364 | 313 | |
| f | true | 365 | 367 | |
| f | true | 367 | 275 | |
| f | true | 369 | 292 | |
| f | true | 373 | 369 | |
| f | true | 374 | 373 | |
| f | true | 378 | 324 | |
| f | true | 382 | 378 | |
| f | true | 383 | 382 | |
| getClass2 | false | 420 | 420 | getClass2 |
| f | true | 367 | 315 | |
| f | true | 368 | 369 | |
| f | true | 369 | 165 | |
| f | true | 370 | 371 | |
| f | true | 371 | 368 | |
| getClass2 | false | 425 | 425 | getClass2 |

View File

@@ -1,14 +1,14 @@
| destructors2.cpp:5:7:5:7 | Class2 | 5 | return ... | 3 | 5 | Class2 |
| destructors2.cpp:17:9:17:13 | Inner | 17 | return ... | 3 | 17 | Inner |
| destructors2.cpp:18:9:18:14 | ~Inner | 18 | return ... | 3 | 18 | ~Inner |
| destructors2.cpp:21:10:21:11 | f2 | 24 | return ... | 16 | 27 | c |
| destructors2.cpp:21:10:21:11 | f2 | 24 | return ... | 17 | 27 | call to ~Class2 |
| destructors2.cpp:21:10:21:11 | f2 | 24 | return ... | 18 | 21 | f2 |
| destructors2.cpp:21:10:21:11 | f2 | 24 | return ... | 9 | 27 | c |
| destructors2.cpp:21:10:21:11 | f2 | 24 | return ... | 10 | 27 | call to ~Class2 |
| destructors2.cpp:21:10:21:11 | f2 | 24 | return ... | 20 | 21 | f2 |
| destructors2.cpp:21:10:21:11 | f2 | 27 | return ... | 12 | 27 | inner |
| destructors2.cpp:21:10:21:11 | f2 | 27 | return ... | 13 | 27 | call to ~Inner |
| destructors2.cpp:21:10:21:11 | f2 | 27 | return ... | 16 | 27 | c |
| destructors2.cpp:21:10:21:11 | f2 | 27 | return ... | 17 | 27 | call to ~Class2 |
| destructors2.cpp:21:10:21:11 | f2 | 27 | return ... | 18 | 21 | f2 |
| destructors2.cpp:21:10:21:11 | f2 | 27 | return ... | 14 | 27 | c |
| destructors2.cpp:21:10:21:11 | f2 | 27 | return ... | 15 | 27 | call to ~Class2 |
| destructors2.cpp:21:10:21:11 | f2 | 27 | return ... | 20 | 21 | f2 |
| destructors.cpp:8:6:8:6 | f | 17 | goto ... | 26 | 21 | c31 |
| destructors.cpp:8:6:8:6 | f | 17 | goto ... | 27 | 21 | call to ~C |
| destructors.cpp:8:6:8:6 | f | 17 | goto ... | 28 | 26 | c20 |
@@ -19,11 +19,11 @@
| destructors.cpp:8:6:8:6 | f | 19 | return ... | 35 | 21 | call to ~C |
| destructors.cpp:8:6:8:6 | f | 19 | return ... | 36 | 26 | c20 |
| destructors.cpp:8:6:8:6 | f | 19 | return ... | 37 | 26 | call to ~C |
| destructors.cpp:8:6:8:6 | f | 19 | return ... | 90 | 35 | c10 |
| destructors.cpp:8:6:8:6 | f | 19 | return ... | 91 | 35 | call to ~C |
| destructors.cpp:8:6:8:6 | f | 19 | return ... | 92 | 8 | f |
| destructors.cpp:8:6:8:6 | f | 19 | return ... | 38 | 35 | c10 |
| destructors.cpp:8:6:8:6 | f | 19 | return ... | 39 | 35 | call to ~C |
| destructors.cpp:8:6:8:6 | f | 19 | return ... | 94 | 8 | f |
| destructors.cpp:8:6:8:6 | f | 35 | return ... | 81 | 35 | c11 |
| destructors.cpp:8:6:8:6 | f | 35 | return ... | 82 | 35 | call to ~C |
| destructors.cpp:8:6:8:6 | f | 35 | return ... | 90 | 35 | c10 |
| destructors.cpp:8:6:8:6 | f | 35 | return ... | 91 | 35 | call to ~C |
| destructors.cpp:8:6:8:6 | f | 35 | return ... | 92 | 8 | f |
| destructors.cpp:8:6:8:6 | f | 35 | return ... | 83 | 35 | c10 |
| destructors.cpp:8:6:8:6 | f | 35 | return ... | 84 | 35 | call to ~C |
| destructors.cpp:8:6:8:6 | f | 35 | return ... | 94 | 8 | f |

View File

@@ -17,4 +17,9 @@ void GetUUID() {
uuid = __uuidof(s);
uuid = __uuidof(0);
}
template <typename Placeholder, typename ...>
auto Wrapper = __uuidof(Placeholder);
auto inst = Wrapper<S>;
// semmle-extractor-options: --microsoft

View File

@@ -12,3 +12,5 @@ uuidofOperators
| uuidof.cpp:15:12:15:29 | __uuidof(S) | const _GUID | 01234567-89ab-cdef-0123-456789abcdef |
| uuidof.cpp:17:12:17:22 | __uuidof(S) | const _GUID | 01234567-89ab-cdef-0123-456789abcdef |
| uuidof.cpp:18:12:18:22 | __uuidof(0) | const _GUID | 00000000-0000-0000-0000-000000000000 |
| uuidof.cpp:22:16:22:36 | __uuidof(Placeholder) | const _GUID | |
| uuidof.cpp:22:16:22:36 | __uuidof(S) | const _GUID | 01234567-89ab-cdef-0123-456789abcdef |

View File

@@ -5,6 +5,6 @@ query predicate classUuids(Class cls, string uuid) {
}
query predicate uuidofOperators(UuidofOperator op, string type, string uuid) {
uuid = op.getValue() and
(if exists(op.getValue()) then uuid = op.getValue() else uuid = "") and
type = op.getType().toString()
}

View File

@@ -0,0 +1,62 @@
// #include <iostream>
// #include <string>
// #include <stdio.h>
// #include <string.h>
// #include <sstream>
#include "stl.h"
int sprintf(char *s, const char *format, ...);
char *strcat(char * s1, const char * s2);
using namespace std;
void test1(){
string str1 = "Hello";
string str2 = "World";
string str3 = "!";
string str4 = "Concatenation";
string str5 = "is";
string str6 = "fun";
// Using the + operator
string result1 = str1 + " " + str2 + str3;
// Using the append() function
//----TODO: currently not modeled----
// string result2 = str4.append(" ") + str5.append(" ") + str6;
// Using the insert() function
//----TODO: currently not modeled----
// string result3 = str1.insert(5, " ") + str2.insert(5, "! ");
// Using the replace() function
//----TODO: currently not modeled----
// string result4 = str1.replace(0, 5, "Hi") + str2.replace(0, 5, "There");
// Using the push_back() function
//----TODO: currently not modeled----
// string result5;
// for (char c : str1) {
// result5.push_back(c);
// }
// Using the stream operator
string result6;
std::stringstream ss;
ss << str1 << " " << str2 << str3;
}
void test2(char* ucstr) {
char str1[20] = "Hello";
char str2[20] = "World";
char result[40];
char *result2;
// Using sprintf
sprintf(result, "%s %s %s", str1, str2, ucstr);
// Using strcat
strcat(str1, ucstr);
}

View File

@@ -0,0 +1,644 @@
typedef unsigned long size_t;
#include "type_traits.h"
namespace std
{
template<class T> constexpr T&& forward(remove_reference_t<T>& t) noexcept;
template<class T> constexpr T&& forward(remove_reference_t<T>&& t) noexcept;
}
// --- iterator ---
namespace std {
struct ptrdiff_t;
template<class I> struct iterator_traits;
template <class Category,
class value_type,
class difference_type = ptrdiff_t,
class pointer_type = value_type*,
class reference_type = value_type&>
struct iterator {
typedef Category iterator_category;
iterator();
iterator(iterator<Category, remove_const_t<value_type> > const &other); // non-const -> const conversion constructor
iterator &operator++();
iterator operator++(int);
iterator &operator--();
iterator operator--(int);
bool operator==(iterator other) const;
bool operator!=(iterator other) const;
reference_type operator*() const;
pointer_type operator->() const;
iterator operator+(int);
iterator operator-(int);
iterator &operator+=(int);
iterator &operator-=(int);
int operator-(iterator);
reference_type operator[](int);
};
struct input_iterator_tag {};
struct forward_iterator_tag : public input_iterator_tag {};
struct bidirectional_iterator_tag : public forward_iterator_tag {};
struct random_access_iterator_tag : public bidirectional_iterator_tag {};
struct output_iterator_tag {};
template<class Container>
class back_insert_iterator {
protected:
Container* container = nullptr;
public:
using iterator_category = output_iterator_tag;
using value_type = void;
using difference_type = ptrdiff_t;
using pointer = void;
using reference = void;
using container_type = Container;
constexpr back_insert_iterator() noexcept = default;
constexpr explicit back_insert_iterator(Container& x);
back_insert_iterator& operator=(const typename Container::value_type& value);
back_insert_iterator& operator=(typename Container::value_type&& value);
back_insert_iterator& operator*();
back_insert_iterator& operator++();
back_insert_iterator operator++(int);
};
template<class Container>
constexpr back_insert_iterator<Container> back_inserter(Container& x) {
return back_insert_iterator<Container>(x);
}
template<class Container>
class front_insert_iterator {
protected:
Container* container = nullptr;
public:
using iterator_category = output_iterator_tag;
using value_type = void;
using difference_type = ptrdiff_t;
using pointer = void;
using reference = void;
using container_type = Container;
constexpr front_insert_iterator() noexcept = default;
constexpr explicit front_insert_iterator(Container& x);
constexpr front_insert_iterator& operator=(const typename Container::value_type& value);
constexpr front_insert_iterator& operator=(typename Container::value_type&& value);
constexpr front_insert_iterator& operator*();
constexpr front_insert_iterator& operator++();
constexpr front_insert_iterator operator++(int);
};
template<class Container>
constexpr front_insert_iterator<Container> front_inserter(Container& x) {
return front_insert_iterator<Container>(x);
}
}
// --- string ---
namespace std
{
template<class charT> struct char_traits;
typedef size_t streamsize;
template <class T> class allocator {
public:
allocator() throw();
typedef size_t size_type;
};
template<class charT, class traits = char_traits<charT>, class Allocator = allocator<charT> >
class basic_string {
public:
using value_type = charT;
using reference = value_type&;
using const_reference = const value_type&;
typedef typename Allocator::size_type size_type;
static const size_type npos = -1;
explicit basic_string(const Allocator& a = Allocator());
basic_string(const charT* s, const Allocator& a = Allocator());
template<class InputIterator> basic_string(InputIterator begin, InputIterator end, const Allocator& a = Allocator());
const charT* c_str() const;
charT* data() noexcept;
size_t length() const;
typedef std::iterator<random_access_iterator_tag, charT> iterator;
typedef std::iterator<random_access_iterator_tag, const charT> const_iterator;
iterator begin();
iterator end();
const_iterator begin() const;
const_iterator end() const;
const_iterator cbegin() const;
const_iterator cend() const;
void push_back(charT c);
const charT& front() const;
charT& front();
const charT& back() const;
charT& back();
const_reference operator[](size_type pos) const;
reference operator[](size_type pos);
const_reference at(size_type n) const;
reference at(size_type n);
template<class T> basic_string& operator+=(const T& t);
basic_string& operator+=(const charT* s);
basic_string& append(const basic_string& str);
basic_string& append(const charT* s);
basic_string& append(size_type n, charT c);
template<class InputIterator> basic_string& append(InputIterator first, InputIterator last);
basic_string& assign(const basic_string& str);
basic_string& assign(size_type n, charT c);
template<class InputIterator> basic_string& assign(InputIterator first, InputIterator last);
basic_string& insert(size_type pos, const basic_string& str);
basic_string& insert(size_type pos, size_type n, charT c);
basic_string& insert(size_type pos, const charT* s);
iterator insert(const_iterator p, size_type n, charT c);
template<class InputIterator> iterator insert(const_iterator p, InputIterator first, InputIterator last);
basic_string& replace(size_type pos1, size_type n1, const basic_string& str);
basic_string& replace(size_type pos1, size_type n1, size_type n2, charT c);
size_type copy(charT* s, size_type n, size_type pos = 0) const;
void clear() noexcept;
basic_string substr(size_type pos = 0, size_type n = npos) const;
void swap(basic_string& s) noexcept/*(allocator_traits<Allocator>::propagate_on_container_swap::value || allocator_traits<Allocator>::is_always_equal::value)*/;
};
template<class charT, class traits, class Allocator> basic_string<charT, traits, Allocator> operator+(const basic_string<charT, traits, Allocator>& lhs, const basic_string<charT, traits, Allocator>& rhs);
template<class charT, class traits, class Allocator> basic_string<charT, traits, Allocator> operator+(const basic_string<charT, traits, Allocator>& lhs, const charT* rhs);
typedef basic_string<char> string;
}
// --- istring / ostream / stringstream ---
namespace std
{
template <class charT, class traits = char_traits<charT> >
class basic_istream /*: virtual public basic_ios<charT,traits> - not needed for this test */ {
public:
using char_type = charT;
using int_type = int; //typename traits::int_type;
basic_istream<charT, traits>& operator>>(int& n);
int_type get();
basic_istream<charT, traits>& get(char_type& c);
basic_istream<charT, traits>& get(char_type* s, streamsize n);
int_type peek();
basic_istream<charT, traits>& read (char_type* s, streamsize n);
streamsize readsome(char_type* s, streamsize n);
basic_istream<charT, traits>& putback(char_type c);
basic_istream<charT,traits>& unget();
basic_istream<charT,traits>& getline(char_type* s, streamsize n);
basic_istream<charT,traits>& getline(char_type* s, streamsize n, char_type delim);
};
template<class charT, class traits> basic_istream<charT, traits>& operator>>(basic_istream<charT, traits>&, charT*);
template<class charT, class traits, class Allocator> basic_istream<charT, traits>& operator>>(basic_istream<charT, traits>& is, basic_string<charT, traits, Allocator>& str);
template<class charT, class traits, class Allocator> basic_istream<charT,traits>& getline(basic_istream<charT,traits>& is, basic_string<charT,traits,Allocator>& str, charT delim);
template<class charT, class traits, class Allocator> basic_istream<charT,traits>& getline(basic_istream<charT,traits>& is, basic_string<charT,traits,Allocator>& str);
template <class charT, class traits = char_traits<charT> >
class basic_ostream /*: virtual public basic_ios<charT,traits> - not needed for this test */ {
public:
typedef charT char_type;
basic_ostream<charT, traits>& operator<<(int n);
basic_ostream<charT, traits>& put(char_type c);
basic_ostream<charT, traits>& write(const char_type* s, streamsize n);
basic_ostream<charT,traits>& flush();
};
template<class charT, class traits> basic_ostream<charT,traits>& operator<<(basic_ostream<charT,traits>&, const charT*);
template<class charT, class traits, class Allocator> basic_ostream<charT, traits>& operator<<(basic_ostream<charT, traits>& os, const basic_string<charT, traits, Allocator>& str);
template<class charT, class traits = char_traits<charT>>
class basic_iostream : public basic_istream<charT, traits>, public basic_ostream<charT, traits> {
public:
};
template<class charT, class traits = char_traits<charT>, class Allocator = allocator<charT>>
class basic_stringstream : public basic_iostream<charT, traits> {
public:
explicit basic_stringstream(/*ios_base::openmode which = ios_base::out|ios_base::in - not needed for this test*/);
explicit basic_stringstream( const basic_string<charT, traits, Allocator>& str/*, ios_base::openmode which = ios_base::out | ios_base::in*/);
basic_stringstream(const basic_stringstream& rhs) = delete;
basic_stringstream(basic_stringstream&& rhs);
basic_stringstream& operator=(const basic_stringstream& rhs) = delete;
basic_stringstream& operator=(basic_stringstream&& rhs);
void swap(basic_stringstream& rhs);
basic_string<charT, traits, Allocator> str() const;
void str(const basic_string<charT, traits, Allocator>& str);
};
typedef basic_istream<char> istream;
typedef basic_ostream<char> ostream;
extern istream cin;
extern ostream cout;
using stringstream = basic_stringstream<char>;
}
// --- vector ---
namespace std {
template<class T, class Allocator = allocator<T>>
class vector {
public:
using value_type = T;
using reference = value_type&;
using const_reference = const value_type&;
using size_type = unsigned int;
using iterator = std::iterator<random_access_iterator_tag, T>;
using const_iterator = std::iterator<random_access_iterator_tag, const T>;
vector() noexcept(noexcept(Allocator())) : vector(Allocator()) { }
explicit vector(const Allocator&) noexcept;
explicit vector(size_type n, const Allocator& = Allocator());
vector(size_type n, const T& value, const Allocator& = Allocator());
template<class InputIterator, class IteratorCategory = typename InputIterator::iterator_category> vector(InputIterator first, InputIterator last, const Allocator& = Allocator());
// use of `iterator_category` makes sure InputIterator is (probably) an iterator, and not an `int` or
// similar that should match a different overload (SFINAE).
~vector();
vector& operator=(const vector& x);
vector& operator=(vector&& x) noexcept/*(allocator_traits<Allocator>::propagate_on_container_move_assignment::value || allocator_traits<Allocator>::is_always_equal::value)*/;
template<class InputIterator, class IteratorCategory = typename InputIterator::iterator_category> void assign(InputIterator first, InputIterator last);
// use of `iterator_category` makes sure InputIterator is (probably) an iterator, and not an `int` or
// similar that should match a different overload (SFINAE).
void assign(size_type n, const T& u);
iterator begin() noexcept;
const_iterator begin() const noexcept;
iterator end() noexcept;
const_iterator end() const noexcept;
size_type size() const noexcept;
reference operator[](size_type n);
const_reference operator[](size_type n) const;
const_reference at(size_type n) const;
reference at(size_type n);
reference front();
const_reference front() const;
reference back();
const_reference back() const;
T* data() noexcept;
const T* data() const noexcept;
void push_back(const T& x);
void push_back(T&& x);
iterator insert(const_iterator position, const T& x);
iterator insert(const_iterator position, T&& x);
iterator insert(const_iterator position, size_type n, const T& x);
template<class InputIterator> iterator insert(const_iterator position, InputIterator first, InputIterator last);
template <class... Args> iterator emplace (const_iterator position, Args&&... args);
template <class... Args> void emplace_back (Args&&... args);
void swap(vector&) noexcept/*(allocator_traits<Allocator>::propagate_on_container_swap::value || allocator_traits<Allocator>::is_always_equal::value)*/;
void clear() noexcept;
};
}
// --- make_shared / make_unique ---
namespace std {
template<typename T>
class shared_ptr {
public:
shared_ptr() noexcept;
explicit shared_ptr(T*);
shared_ptr(const shared_ptr&) noexcept;
template<class U> shared_ptr(const shared_ptr<U>&) noexcept;
template<class U> shared_ptr(shared_ptr<U>&&) noexcept;
shared_ptr<T>& operator=(const shared_ptr<T>&) noexcept;
shared_ptr<T>& operator=(shared_ptr<T>&&) noexcept;
T& operator*() const noexcept;
T* operator->() const noexcept;
T* get() const noexcept;
};
template<typename T>
class unique_ptr {
public:
constexpr unique_ptr() noexcept;
explicit unique_ptr(T*) noexcept;
unique_ptr(unique_ptr<T>&&) noexcept;
unique_ptr<T>& operator=(unique_ptr<T>&&) noexcept;
T& operator*() const;
T* operator->() const noexcept;
T* get() const noexcept;
};
template<typename T, class... Args> unique_ptr<T> make_unique(Args&&...);
template<typename T, class... Args> shared_ptr<T> make_shared(Args&&...);
}
// --- pair ---
namespace std {
template <class T1, class T2>
struct pair {
typedef T1 first_type;
typedef T2 second_type;
T1 first;
T2 second;
pair();
pair(const T1& x, const T2& y) : first(x), second(y) {};
template<class U, class V> pair(const pair<U, V> &p);
void swap(pair& p) /*noexcept(...)*/;
};
template<class T1, class T2> constexpr pair<decay_t<T1>, decay_t<T2>> make_pair(T1&& x, T2&& y) {
return pair<decay_t<T1>, decay_t<T2>>(std::forward<T1>(x), std::forward<T2>(y));
}
}
// --- map ---
namespace std {
template<class T = void> struct less;
template<class Key, class T, class Compare = less<Key>, class Allocator = allocator<pair<const Key, T>>>
class map {
public:
using key_type = Key;
using mapped_type = T;
using value_type = pair<const Key, T>;
using iterator = std::iterator<random_access_iterator_tag, value_type >;
using const_iterator = std::iterator<random_access_iterator_tag, const value_type >;
map() /*: map(Compare()) { }*/;
map(const map& x);
map(map&& x);
~map();
map& operator=(const map& x);
map& operator=(map&& x) /*noexcept(allocator_traits<Allocator>::is_always_equal::value && is_nothrow_move_assignable_v<Compare>)*/;
iterator begin() noexcept;
const_iterator begin() const noexcept;
iterator end() noexcept;
const_iterator end() const noexcept;
T& operator[](const key_type& x);
T& operator[](key_type&& x);
T& at(const key_type& x);
const T& at(const key_type& x) const;
template<class... Args> pair<iterator, bool> emplace(Args&&... args);
template<class... Args> iterator emplace_hint(const_iterator position, Args&&... args);
pair<iterator, bool> insert(const value_type& x);
pair<iterator, bool> insert(value_type&& x);
iterator insert(const_iterator position, const value_type& x);
iterator insert(const_iterator position, value_type&& x);
template<class... Args> pair<iterator, bool> try_emplace(const key_type& k, Args&&... args);
template<class... Args> pair<iterator, bool> try_emplace(key_type&& k, Args&&... args);
template<class... Args> iterator try_emplace(const_iterator hint, const key_type& k, Args&&... args);
template<class... Args> iterator try_emplace(const_iterator hint, key_type&& k, Args&&... args);
template<class M> pair<iterator, bool> insert_or_assign(const key_type& k, M&& obj);
template<class M> pair<iterator, bool> insert_or_assign(key_type&& k, M&& obj);
template<class M> iterator insert_or_assign(const_iterator hint, const key_type& k, M&& obj);
template<class M> iterator insert_or_assign(const_iterator hint, key_type&& k, M&& obj);
iterator erase(iterator position);
iterator erase(const_iterator position);
iterator erase(const_iterator first, const_iterator last);
void swap(map&) /*noexcept(/*==allocator_traits<Allocator>::is_always_equal::value && is_nothrow_swappable_v<Compare>)*/;
void clear() noexcept;
template<class C2> void merge(map<Key, T, C2, Allocator>& source);
template<class C2> void merge(map<Key, T, C2, Allocator>&& source);
iterator find(const key_type& x);
const_iterator find(const key_type& x) const;
iterator lower_bound(const key_type& x);
const_iterator lower_bound(const key_type& x) const;
iterator upper_bound(const key_type& x);
const_iterator upper_bound(const key_type& x) const;
pair<iterator, iterator> equal_range(const key_type& x);
pair<const_iterator, const_iterator> equal_range(const key_type& x) const;
};
template<class T> struct hash;
template<class T = void> struct equal_to;
template<class Key, class T, class Hash = hash<Key>, class Pred = equal_to<Key>, class Allocator = allocator<pair<const Key, T>>>
class unordered_map {
public:
using key_type = Key;
using mapped_type = T;
using value_type = pair<const Key, T>;
using iterator = std::iterator<random_access_iterator_tag, value_type >;
using const_iterator = std::iterator<random_access_iterator_tag, const value_type >;
unordered_map();
unordered_map(const unordered_map&);
unordered_map(unordered_map&&);
~unordered_map();
unordered_map& operator=(const unordered_map&);
unordered_map& operator=(unordered_map&&) /*noexcept(allocator_traits<Allocator>::is_always_equal::value && is_nothrow_move_assignable_v<Hash> && is_nothrow_move_assignable_v<Pred>)*/;
iterator begin() noexcept;
const_iterator begin() const noexcept;
iterator end() noexcept;
const_iterator end() const noexcept;
mapped_type& operator[](const key_type& k);
mapped_type& operator[](key_type&& k);
mapped_type& at(const key_type& k);
const mapped_type& at(const key_type& k) const;
template<class... Args> pair<iterator, bool> emplace(Args&&... args);
template<class... Args> iterator emplace_hint(const_iterator position, Args&&... args);
pair<iterator, bool> insert(const value_type& obj);
pair<iterator, bool> insert(value_type&& obj);
iterator insert(const_iterator hint, const value_type& obj);
iterator insert(const_iterator hint, value_type&& obj);
template<class... Args> pair<iterator, bool> try_emplace(const key_type& k, Args&&... args);
template<class... Args> pair<iterator, bool> try_emplace(key_type&& k, Args&&... args);
template<class... Args> iterator try_emplace(const_iterator hint, const key_type& k, Args&&... args);
template<class... Args> iterator try_emplace(const_iterator hint, key_type&& k, Args&&... args);
template<class M> pair<iterator, bool> insert_or_assign(const key_type& k, M&& obj);
template<class M> pair<iterator, bool> insert_or_assign(key_type&& k, M&& obj);
template<class M> iterator insert_or_assign(const_iterator hint, const key_type& k, M&& obj);
template<class M> iterator insert_or_assign(const_iterator hint, key_type&& k, M&& obj);
iterator erase(iterator position);
iterator erase(const_iterator position);
iterator erase(const_iterator first, const_iterator last);
void swap(unordered_map&) /*noexcept(allocator_traits<Allocator>::is_always_equal::value && is_nothrow_swappable_v<Hash> && is_nothrow_swappable_v<Pred>)*/;
void clear() noexcept;
template<class H2, class P2> void merge(unordered_map<Key, T, H2, P2, Allocator>& source);
template<class H2, class P2> void merge(unordered_map<Key, T, H2, P2, Allocator>&& source);
iterator find(const key_type& k);
const_iterator find(const key_type& k) const;
pair<iterator, iterator> equal_range(const key_type& k);
pair<const_iterator, const_iterator> equal_range(const key_type& k) const;
};
};
// --- set ---
namespace std {
template<class Key, class Compare = less<Key>, class Allocator = allocator<Key>>
class set {
public:
using key_type = Key;
using value_type = Key;
using size_type = size_t;
using allocator_type = Allocator;
using iterator = std::iterator<random_access_iterator_tag, value_type >;
using const_iterator = std::iterator<random_access_iterator_tag, const value_type >;
set() /*: set(Compare())*/ { }
set(const set& x);
set(set&& x);
template<class InputIterator> set(InputIterator first, InputIterator last/*, const Compare& comp = Compare(), const Allocator& = Allocator()*/);
~set();
set& operator=(const set& x);
set& operator=(set&& x) noexcept/*(allocator_traits<Allocator>::is_always_equal::value && is_nothrow_move_assignable_v<Compare>)*/;
iterator begin() noexcept;
const_iterator begin() const noexcept;
iterator end() noexcept;
const_iterator end() const noexcept;
template<class... Args> pair<iterator, bool> emplace(Args&&... args);
template<class... Args> iterator emplace_hint(const_iterator position, Args&&... args);
pair<iterator,bool> insert(const value_type& x);
pair<iterator,bool> insert(value_type&& x);
iterator insert(const_iterator position, const value_type& x);
iterator insert(const_iterator position, value_type&& x);
template<class InputIterator> void insert(InputIterator first, InputIterator last);
iterator erase(iterator position);
iterator erase(const_iterator position);
iterator erase(const_iterator first, const_iterator last);
void swap(set&) noexcept/*(allocator_traits<Allocator>::is_always_equal::value && is_nothrow_swappable_v<Compare>)*/;
void clear() noexcept;
template<class C2> void merge(set<Key, C2, Allocator>& source);
template<class C2> void merge(set<Key, C2, Allocator>&& source);
iterator find(const key_type& x);
const_iterator find(const key_type& x) const;
iterator lower_bound(const key_type& x);
const_iterator lower_bound(const key_type& x) const;
iterator upper_bound(const key_type& x);
const_iterator upper_bound(const key_type& x) const;
pair<iterator, iterator> equal_range(const key_type& x);
pair<const_iterator, const_iterator> equal_range(const key_type& x) const;
};
template<class Key, class Hash = hash<Key>, class Pred = equal_to<Key>, class Allocator = allocator<Key>>
class unordered_set {
public:
using key_type = Key;
using value_type = Key;
using hasher = Hash;
using key_equal = Pred;
using allocator_type = Allocator;
using size_type = size_t;
using iterator = std::iterator<random_access_iterator_tag, value_type >;
using const_iterator = std::iterator<random_access_iterator_tag, const value_type >;
unordered_set();
unordered_set(const unordered_set&);
unordered_set(unordered_set&&);
template<class InputIterator> unordered_set(InputIterator f, InputIterator l, size_type n = 0/*, const hasher& hf = hasher(), const key_equal& eql = key_equal(), const allocator_type& a = allocator_type()*/);
~unordered_set();
unordered_set& operator=(const unordered_set&);
unordered_set& operator=(unordered_set&&) noexcept/*(allocator_traits<Allocator>::is_always_equal::value && is_nothrow_move_assignable_v<Hash> && is_nothrow_move_assignable_v<Pred>)*/;
iterator begin() noexcept;
const_iterator begin() const noexcept;
iterator end() noexcept;
const_iterator end() const noexcept;
template<class... Args> pair<iterator, bool> emplace(Args&&... args);
template<class... Args> iterator emplace_hint(const_iterator position, Args&&... args);
pair<iterator, bool> insert(const value_type& obj);
pair<iterator, bool> insert(value_type&& obj);
iterator insert(const_iterator hint, const value_type& obj);
iterator insert(const_iterator hint, value_type&& obj);
template<class InputIterator> void insert(InputIterator first, InputIterator last);
iterator erase(iterator position);
iterator erase(const_iterator position);
iterator erase(const_iterator first, const_iterator last);
void swap(unordered_set&) noexcept/*(allocator_traits<Allocator>::is_always_equal::value && is_nothrow_swappable_v<Hash> && is_nothrow_swappable_v<Pred>)*/;
void clear() noexcept;
template<class H2, class P2> void merge(unordered_set<Key, H2, P2, Allocator>& source);
template<class H2, class P2> void merge(unordered_set<Key, H2, P2, Allocator>&& source);
iterator find(const key_type& k);
const_iterator find(const key_type& k) const;
pair<iterator, iterator> equal_range(const key_type& k);
pair<const_iterator, const_iterator> equal_range(const key_type& k) const;
};
}

View File

@@ -0,0 +1,22 @@
| concat.cpp:23:27:23:27 | call to operator+ | concat.cpp:23:22:23:25 | str1 | concat.cpp:23:22:23:31 | call to operator+ |
| concat.cpp:23:27:23:27 | call to operator+ | concat.cpp:23:22:23:25 | str1 | concat.cpp:23:22:23:31 | call to operator+ |
| concat.cpp:23:27:23:27 | call to operator+ | concat.cpp:23:22:23:25 | str1 | concat.cpp:23:27:23:27 | call to operator+ |
| concat.cpp:23:27:23:27 | call to operator+ | concat.cpp:23:29:23:31 | | concat.cpp:23:22:23:31 | call to operator+ |
| concat.cpp:23:27:23:27 | call to operator+ | concat.cpp:23:29:23:31 | | concat.cpp:23:22:23:31 | call to operator+ |
| concat.cpp:23:27:23:27 | call to operator+ | concat.cpp:23:29:23:31 | | concat.cpp:23:27:23:27 | call to operator+ |
| concat.cpp:23:33:23:33 | call to operator+ | concat.cpp:23:35:23:38 | str2 | concat.cpp:23:22:23:38 | call to operator+ |
| concat.cpp:23:33:23:33 | call to operator+ | concat.cpp:23:35:23:38 | str2 | concat.cpp:23:22:23:38 | call to operator+ |
| concat.cpp:23:33:23:33 | call to operator+ | concat.cpp:23:35:23:38 | str2 | concat.cpp:23:33:23:33 | call to operator+ |
| concat.cpp:23:40:23:40 | call to operator+ | concat.cpp:23:42:23:45 | str3 | concat.cpp:23:40:23:40 | call to operator+ |
| concat.cpp:47:8:47:8 | call to operator<< | concat.cpp:47:11:47:14 | str1 | concat.cpp:47:8:47:17 | call to operator<< |
| concat.cpp:47:16:47:16 | call to operator<< | concat.cpp:47:19:47:21 | | concat.cpp:47:16:47:24 | call to operator<< |
| concat.cpp:47:23:47:23 | call to operator<< | concat.cpp:47:26:47:29 | str2 | concat.cpp:47:23:47:32 | call to operator<< |
| concat.cpp:47:31:47:31 | call to operator<< | concat.cpp:47:34:47:37 | str3 | concat.cpp:47:31:47:38 | call to operator<< |
| concat.cpp:58:5:58:11 | call to sprintf | concat.cpp:58:21:58:30 | %s %s %s | concat.cpp:58:13:58:18 | sprintf output argument |
| concat.cpp:58:5:58:11 | call to sprintf | concat.cpp:58:33:58:36 | str1 | concat.cpp:58:13:58:18 | sprintf output argument |
| concat.cpp:58:5:58:11 | call to sprintf | concat.cpp:58:39:58:42 | str2 | concat.cpp:58:13:58:18 | sprintf output argument |
| concat.cpp:58:5:58:11 | call to sprintf | concat.cpp:58:45:58:49 | ucstr | concat.cpp:58:13:58:18 | sprintf output argument |
| concat.cpp:61:5:61:10 | call to strcat | concat.cpp:61:12:61:15 | str1 | concat.cpp:61:5:61:10 | call to strcat |
| concat.cpp:61:5:61:10 | call to strcat | concat.cpp:61:12:61:15 | str1 | concat.cpp:61:12:61:15 | strcat output argument |
| concat.cpp:61:5:61:10 | call to strcat | concat.cpp:61:18:61:22 | ucstr | concat.cpp:61:5:61:10 | call to strcat |
| concat.cpp:61:5:61:10 | call to strcat | concat.cpp:61:18:61:22 | ucstr | concat.cpp:61:12:61:15 | strcat output argument |

View File

@@ -0,0 +1,10 @@
import cpp
import semmle.code.cpp.commons.StringConcatenation
import semmle.code.cpp.dataflow.new.DataFlow
from StringConcatenation s, Expr op, DataFlow::Node res
where
s.getLocation().getFile().getBaseName() = "concat.cpp" and
op = s.getAnOperand() and
res = s.getResultNode()
select s, op, res

View File

@@ -0,0 +1,35 @@
template<class T>
struct remove_const { typedef T type; };
template<class T>
struct remove_const<const T> { typedef T type; };
// `remove_const_t<T>` removes any `const` specifier from `T`
template<class T>
using remove_const_t = typename remove_const<T>::type;
template<class T>
struct remove_reference { typedef T type; };
template<class T>
struct remove_reference<T &> { typedef T type; };
template<class T>
struct remove_reference<T &&> { typedef T type; };
// `remove_reference_t<T>` removes any `&` from `T`
template<class T>
using remove_reference_t = typename remove_reference<T>::type;
template<class T>
struct decay_impl {
typedef T type;
};
template<class T, size_t t_size>
struct decay_impl<T[t_size]> {
typedef T* type;
};
template<class T>
using decay_t = typename decay_impl<remove_reference_t<T>>::type;

View File

@@ -99,3 +99,4 @@ uniqueContentApprox
identityLocalStep
missingArgumentCall
multipleArgumentCall
lambdaCallEnclosingCallableMismatch

View File

@@ -42,3 +42,4 @@ uniqueContentApprox
identityLocalStep
missingArgumentCall
multipleArgumentCall
lambdaCallEnclosingCallableMismatch

View File

@@ -1,3 +1,4 @@
#include "test.H"
#include "test.xpm"
#include "test2.c"
#include "test.H" // GOOD
#include "test.xpm" // GOOD
#include "test2.c" // BAD
#include "test.def" // GOOD

View File

@@ -74,16 +74,18 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
includeByDefault)
});
// Move included pathfilters to the front of the list:
pathFilters.Sort((pf1, pf2) => -1 * pf1.Include.CompareTo(pf2.Include));
return unfilteredResult.Where(f =>
{
var include = f.FileInclusion.Include;
foreach (var pathFilter in pathFilters)
// LGTM_INDEX_FILTERS is a prioritized list, where later filters take
// priority over earlier ones.
for (int i = pathFilters.Count - 1; i >= 0; i--)
{
var pathFilter = pathFilters[i];
if (pathFilter.Regex.IsMatch(f.FileInclusion.Path))
{
include = pathFilter.Include;
break;
}
}

View File

@@ -18,7 +18,12 @@ namespace Semmle.Extraction.CSharp.Entities
public IMethodSymbol SourceDeclaration => Symbol.OriginalDefinition;
public override Microsoft.CodeAnalysis.Location ReportingLocation => Symbol.GetSymbolLocation();
public override Microsoft.CodeAnalysis.Location ReportingLocation =>
IsCompilerGeneratedDelegate()
? Symbol.ContainingType.GetSymbolLocation()
: Symbol.GetSymbolLocation();
public override bool NeedsPopulation => base.NeedsPopulation || IsCompilerGeneratedDelegate();
public override void Populate(TextWriter trapFile)
{
@@ -47,6 +52,13 @@ namespace Semmle.Extraction.CSharp.Entities
ExtractCompilerGenerated(trapFile);
}
private bool IsCompilerGeneratedDelegate() =>
// Lambdas with parameter defaults or a `params` parameter are implemented
// using compiler generated delegate types.
Symbol.MethodKind == MethodKind.DelegateInvoke &&
Symbol.ContainingType is INamedTypeSymbol nt &&
nt.IsImplicitlyDeclared;
public static new OrdinaryMethod Create(Context cx, IMethodSymbol method)
{
if (method.MethodKind == MethodKind.ReducedExtension)

View File

@@ -165,6 +165,7 @@ namespace Semmle.Extraction.Tests
{
(var testSubject, var progressMonitor, var files) = TestSetup();
// NOTE: the ordering DOES matter, later filters takes priority, so the exclude will end up not mattering at all.
Environment.SetEnvironmentVariable("LGTM_INDEX_FILTERS", """
exclude:c/x/z
include:c/x
@@ -174,7 +175,8 @@ namespace Semmle.Extraction.Tests
var expected = GetExpected(
[
"/a/b/c/x/y/i.cs"
"/a/b/c/x/y/i.cs",
"/a/b/c/x/z/i.cs"
]);
AssertFileInfoEquivalence(expected, filtered);

View File

@@ -1,5 +1,5 @@
name: codeql/csharp-solorigate-all
version: 1.7.6
version: 1.7.7-dev
groups:
- csharp
- solorigate

View File

@@ -1,5 +1,5 @@
name: codeql/csharp-solorigate-queries
version: 1.7.6
version: 1.7.7-dev
groups:
- csharp
- solorigate

View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* C# 12: Add extractor support for lambda expressions with parameter defaults like `(int x, int y = 1) => ...` and lambda expressions with a `param` parameter like `(params int[] x) => ...)`.

View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* A manual neutral summary model for a callable now blocks all generated summary models for that callable from having any effect.

View File

@@ -1,5 +1,5 @@
name: codeql/csharp-all
version: 0.8.6
version: 0.8.7-dev
groups: csharp
dbscheme: semmlecode.csharp.dbscheme
extractor: csharp

View File

@@ -148,17 +148,17 @@ private module Cached {
import Cached
private module DispatchImpl {
/**
* Holds if the set of viable implementations that can be called by `call`
* might be improved by knowing the call context. This is the case if the
* call is a delegate call, or if the qualifier accesses a parameter of
* the enclosing callable `c` (including the implicit `this` parameter).
*/
predicate mayBenefitFromCallContext(DataFlowCall call, DataFlowCallable c) {
private predicate mayBenefitFromCallContext(DataFlowCall call, DataFlowCallable c) {
c = call.getEnclosingCallable() and
call.(NonDelegateDataFlowCall).getDispatchCall().mayBenefitFromCallContext()
}
/**
* Holds if the set of viable implementations that can be called by `call`
* might be improved by knowing the call context.
*/
predicate mayBenefitFromCallContext(DataFlowCall call) { mayBenefitFromCallContext(call, _) }
/**
* Gets a viable dispatch target of `call` in the context `ctx`. This is
* restricted to those `call`s for which a context might make a difference.

View File

@@ -20,4 +20,8 @@ module CsharpDataFlow implements InputSig {
Node exprNode(DataFlowExpr e) { result = Public::exprNode(e) }
predicate accessPathLimit = Private::accessPathLimit/0;
predicate mayBenefitFromCallContext = Private::mayBenefitFromCallContext/1;
predicate viableImplInCallContext = Private::viableImplInCallContext/2;
}

View File

@@ -529,6 +529,13 @@ private predicate interpretSummary(
)
}
private predicate interpretNeutral(UnboundCallable c, string kind, string provenance) {
exists(string namespace, string type, string name, string signature |
neutralModel(namespace, type, name, signature, kind, provenance) and
c = interpretElement(namespace, type, false, name, signature, "")
)
}
// adapter class for converting Mad summaries to `SummarizedCallable`s
private class SummarizedCallableAdapter extends SummarizedCallable {
SummarizedCallableAdapter() { interpretSummary(this, _, _, _, _) }
@@ -544,6 +551,10 @@ private class SummarizedCallableAdapter extends SummarizedCallable {
exists(Provenance provenance |
interpretSummary(this, input, output, kind, provenance) and
provenance.isGenerated()
) and
not exists(Provenance provenance |
interpretNeutral(this, "summary", provenance) and
provenance.isManual()
)
}
@@ -568,12 +579,7 @@ private class NeutralCallableAdapter extends NeutralCallable {
string kind;
string provenance_;
NeutralCallableAdapter() {
exists(string namespace, string type, string name, string signature |
neutralModel(namespace, type, name, signature, kind, provenance_) and
this = interpretElement(namespace, type, false, name, signature, "")
)
}
NeutralCallableAdapter() { interpretNeutral(this, kind, provenance_) }
override string getKind() { result = kind }

View File

@@ -60,18 +60,17 @@ class Call extends DotNet::Call, Expr, @call {
*/
cached
override Expr getArgumentForParameter(DotNet::Parameter p) {
// Appears in the positional part of the call
result = this.getImplicitArgument(p)
or
// Appears in the named part of the call
this.getTarget().getAParameter() = p and
(
// Appears in the positional part of the call
result = this.getImplicitArgument(p)
or
// Appears in the named part of the call
result = this.getExplicitArgument(p.getName())
)
result = this.getExplicitArgument(p.getName())
}
pragma[noinline]
private Expr getImplicitArgument(DotNet::Parameter p) {
this.getTarget().getAParameter() = p and
not exists(result.getExplicitArgumentName()) and
(
p.(Parameter).isParams() and
@@ -182,15 +181,39 @@ class Call extends DotNet::Call, Expr, @call {
/**
* Gets the argument that corresponds to parameter `p` of a potential
* run-time target of this call.
*
* This takes into account both positional and named arguments, but does not
* consider default arguments.
*/
cached
Expr getRuntimeArgumentForParameter(Parameter p) {
exists(Callable c |
c = this.getARuntimeTarget() and
p = c.getAParameter() and
// Appears in the positional part of the call
result = this.getImplicitRuntimeArgument(p)
or
// Appears in the named part of the call
this.getARuntimeTarget().getAParameter() = p and
result = this.getExplicitRuntimeArgument(p.getName())
}
pragma[noinline]
private Expr getImplicitRuntimeArgument(Parameter p) {
this.getARuntimeTarget().getAParameter() = p and
not exists(result.getExplicitArgumentName()) and
(
p.isParams() and
result = this.getRuntimeArgument(any(int i | i >= p.getPosition()))
or
not p.isParams() and
result = this.getRuntimeArgument(p.getPosition())
)
}
pragma[nomagic]
private Expr getExplicitRuntimeArgument(string name) {
result = this.getARuntimeArgument() and
result.getExplicitArgumentName() = name
}
/**
* Gets the argument that corresponds to a parameter named `name` of a potential
* run-time target of this call.

View File

@@ -1,2 +1,7 @@
description: Remove unused VCS relations.
compatibility: backwards
svnaffectedfiles.rel: delete
svnchurn.rel: delete
svnentries.rel: delete
svnentrymsg.rel: delete

View File

@@ -2,3 +2,5 @@ description: Support type annotations
compatibility: backwards
type_annotation.rel: run type_annotation.qlo
ref_readonly_returns.rel: delete
ref_returns.rel: delete

View File

@@ -1,2 +1,5 @@
description: Implement structured nullability
compatibility: backwards
specific_type_parameter_annotation.rel: delete
type_argument_annotation.rel: delete

View File

@@ -1,5 +1,5 @@
name: codeql/csharp-queries
version: 0.8.6
version: 0.8.7-dev
groups:
- csharp
- queries

View File

@@ -1,15 +0,0 @@
/**
* @name Capture discarded summary models.
* @description Finds summary models that are discarded as handwritten counterparts exist.
* @id cs/utils/modelgenerator/discarded-summary-models
*/
import semmle.code.csharp.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
import internal.CaptureModels
import internal.CaptureSummaryFlowQuery
from DataFlowTargetApi api, string flow
where
flow = captureFlow(api) and
api.(FlowSummaryImpl::Public::SummarizedCallable).applyManualModel()
select flow order by flow

View File

@@ -11,7 +11,5 @@ import internal.CaptureModels
import internal.CaptureSummaryFlowQuery
from DataFlowTargetApi api, string noflow
where
noflow = captureNoFlow(api) and
not api.(FlowSummaryImpl::Public::SummarizedCallable).applyManualModel()
where noflow = captureNoFlow(api)
select noflow order by noflow

View File

@@ -11,7 +11,5 @@ import internal.CaptureModels
import internal.CaptureSummaryFlowQuery
from DataFlowTargetApi api, string flow
where
flow = captureFlow(api) and
not api.(FlowSummaryImpl::Public::SummarizedCallable).applyManualModel()
where flow = captureFlow(api)
select flow order by flow

View File

@@ -7,6 +7,7 @@ private import dotnet
private import semmle.code.csharp.commons.Util as Util
private import semmle.code.csharp.commons.Collections as Collections
private import semmle.code.csharp.dataflow.internal.DataFlowDispatch
private import semmle.code.csharp.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
private import semmle.code.csharp.frameworks.system.linq.Expressions
import semmle.code.csharp.dataflow.internal.ExternalFlow as ExternalFlow
import semmle.code.csharp.dataflow.internal.DataFlowImplCommon as DataFlowImplCommon
@@ -37,7 +38,10 @@ private predicate isRelevantForModels(CS::Callable api) {
not api instanceof Util::MainMethod and
not api instanceof CS::Destructor and
not api instanceof CS::AnonymousFunctionExpr and
not api.(CS::Constructor).isParameterless()
not api.(CS::Constructor).isParameterless() and
// Disregard all APIs that have a manual model.
not api = any(FlowSummaryImpl::Public::SummarizedCallable sc | sc.applyManualModel()) and
not api = any(FlowSummaryImpl::Public::NeutralSummaryCallable sc | sc.hasManualModel())
}
/**

View File

@@ -353,3 +353,98 @@ arguments.cs:
# 93| 0: [Parameter] b
# 93| -1: [TypeMention] bool
# 93| 4: [BlockStmt] {...}
lambdas.cs:
# 3| [Class] LambdaArgumentsTest
# 5| 5: [Method] M1
# 5| -1: [TypeMention] Void
# 6| 4: [BlockStmt] {...}
# 7| 0: [LocalVariableDeclStmt] ... ...;
# 7| 0: [LocalVariableDeclAndInitExpr] Func<Int32,Int32> l1 = ...
# 7| -1: [TypeMention] Func<int, int>
# 7| 0: [LocalVariableAccess] access to local variable l1
# 7| 1: [LambdaExpr] (...) => ...
#-----| 2: (Parameters)
# 7| 0: [Parameter] x
# 7| -1: [TypeMention] int
# 7| 4: [AddExpr] ... + ...
# 7| 0: [ParameterAccess] access to parameter x
# 7| 1: [IntLiteral] 1
# 8| 1: [ExprStmt] ...;
# 8| 0: [DelegateCall] delegate call
# 8| -1: [LocalVariableAccess] access to local variable l1
# 8| 0: [IntLiteral] 1
# 10| 2: [LocalVariableDeclStmt] ... ...;
# 10| 0: [LocalVariableDeclAndInitExpr] <>__AnonType0<> l2 = ...
# 10| -1: [TypeMention] <>__AnonType0<>
# 10| 0: [LocalVariableAccess] access to local variable l2
# 10| 1: [LambdaExpr] (...) => ...
#-----| 2: (Parameters)
# 10| 0: [Parameter] x
# 10| -1: [TypeMention] int
# 10| 1: [Parameter] y
# 10| -1: [TypeMention] int
# 10| 1: [IntLiteral] 1
# 10| 4: [AddExpr] ... + ...
# 10| 0: [ParameterAccess] access to parameter x
# 10| 1: [ParameterAccess] access to parameter y
# 11| 3: [ExprStmt] ...;
# 11| 0: [DelegateCall] delegate call
# 11| -1: [LocalVariableAccess] access to local variable l2
# 11| 0: [IntLiteral] 2
# 11| 1: [IntLiteral] 3
# 12| 4: [ExprStmt] ...;
# 12| 0: [DelegateCall] delegate call
# 12| -1: [LocalVariableAccess] access to local variable l2
# 12| 0: [IntLiteral] 4
# 13| 5: [ExprStmt] ...;
# 13| 0: [DelegateCall] delegate call
# 13| -1: [LocalVariableAccess] access to local variable l2
# 13| 0: [IntLiteral] 5
# 13| 1: [IntLiteral] 6
# 15| 6: [LocalVariableDeclStmt] ... ...;
# 15| 0: [LocalVariableDeclAndInitExpr] <>__AnonType0<> l3 = ...
# 15| -1: [TypeMention] <>__AnonType0<>
# 15| 0: [LocalVariableAccess] access to local variable l3
# 15| 1: [LambdaExpr] (...) => ...
#-----| 2: (Parameters)
# 15| 0: [Parameter] x
# 15| -1: [TypeMention] Int32[]
# 15| 1: [TypeMention] int
# 15| 4: [PropertyCall] access to property Length
# 15| -1: [ParameterAccess] access to parameter x
# 16| 7: [ExprStmt] ...;
# 16| 0: [DelegateCall] delegate call
# 16| -1: [LocalVariableAccess] access to local variable l3
# 17| 8: [ExprStmt] ...;
# 17| 0: [DelegateCall] delegate call
# 17| -1: [LocalVariableAccess] access to local variable l3
# 17| 0: [IntLiteral] 7
# 17| 1: [IntLiteral] 8
# 17| 2: [IntLiteral] 9
# 20| 6: [DelegateType] MyDelegate
#-----| 2: (Parameters)
# 20| 0: [Parameter] x
# 20| -1: [TypeMention] int
# 20| 1: [Parameter] y
# 20| -1: [TypeMention] int
# 22| 7: [Method] M2
# 22| -1: [TypeMention] Void
# 23| 4: [BlockStmt] {...}
# 24| 0: [LocalVariableDeclStmt] ... ...;
# 24| 0: [LocalVariableDeclAndInitExpr] MyDelegate sum = ...
# 24| -1: [TypeMention] MyDelegate
# 24| 0: [LocalVariableAccess] access to local variable sum
# 24| 1: [LambdaExpr] (...) => ...
#-----| 2: (Parameters)
# 24| 0: [Parameter] x
# 24| -1: [TypeMention] int
# 24| 1: [Parameter] y
# 24| -1: [TypeMention] int
# 24| 4: [AddExpr] ... + ...
# 24| 0: [ParameterAccess] access to parameter x
# 24| 1: [ParameterAccess] access to parameter y
# 25| 1: [ExprStmt] ...;
# 25| 0: [DelegateCall] delegate call
# 25| -1: [LocalVariableAccess] access to local variable sum
# 25| 0: [IntLiteral] 4
# 25| 1: [IntLiteral] 5

View File

@@ -11,3 +11,5 @@
| arguments.cs:70:36:70:36 | 0 | x |
| arguments.cs:78:18:78:21 | access to parameter args | args |
| arguments.cs:78:27:78:27 | 0 | o |
| lambdas.cs:25:16:25:16 | 4 | y |
| lambdas.cs:25:22:25:22 | 5 | x |

View File

@@ -70,3 +70,14 @@
| arguments.cs:84:23:84:43 | array creation of type Double[] | 0 |
| arguments.cs:85:20:85:20 | 0 | 0 |
| arguments.cs:85:23:85:43 | array creation of type Double[] | 0 |
| lambdas.cs:8:12:8:12 | 1 | 0 |
| lambdas.cs:11:12:11:12 | 2 | 0 |
| lambdas.cs:11:15:11:15 | 3 | 0 |
| lambdas.cs:12:12:12:12 | 4 | 0 |
| lambdas.cs:13:12:13:12 | 5 | 0 |
| lambdas.cs:13:15:13:15 | 6 | 0 |
| lambdas.cs:17:12:17:12 | 7 | 0 |
| lambdas.cs:17:15:17:15 | 8 | 0 |
| lambdas.cs:17:18:17:18 | 9 | 0 |
| lambdas.cs:25:16:25:16 | 4 | 0 |
| lambdas.cs:25:22:25:22 | 5 | 0 |

View File

@@ -0,0 +1,11 @@
| lambdas.cs:8:9:8:13 | delegate call | lambdas.cs:7:23:7:23 | x | lambdas.cs:8:12:8:12 | 1 |
| lambdas.cs:11:9:11:16 | delegate call | lambdas.cs:10:23:10:23 | x | lambdas.cs:11:12:11:12 | 2 |
| lambdas.cs:11:9:11:16 | delegate call | lambdas.cs:10:30:10:30 | y | lambdas.cs:11:15:11:15 | 3 |
| lambdas.cs:12:9:12:13 | delegate call | lambdas.cs:10:23:10:23 | x | lambdas.cs:12:12:12:12 | 4 |
| lambdas.cs:13:9:13:16 | delegate call | lambdas.cs:10:23:10:23 | x | lambdas.cs:13:12:13:12 | 5 |
| lambdas.cs:13:9:13:16 | delegate call | lambdas.cs:10:30:10:30 | y | lambdas.cs:13:15:13:15 | 6 |
| lambdas.cs:17:9:17:19 | delegate call | lambdas.cs:15:32:15:32 | x | lambdas.cs:17:12:17:12 | 7 |
| lambdas.cs:17:9:17:19 | delegate call | lambdas.cs:15:32:15:32 | x | lambdas.cs:17:15:17:15 | 8 |
| lambdas.cs:17:9:17:19 | delegate call | lambdas.cs:15:32:15:32 | x | lambdas.cs:17:18:17:18 | 9 |
| lambdas.cs:25:9:25:23 | delegate call | lambdas.cs:24:31:24:31 | x | lambdas.cs:25:22:25:22 | 5 |
| lambdas.cs:25:9:25:23 | delegate call | lambdas.cs:24:38:24:38 | y | lambdas.cs:25:16:25:16 | 4 |

View File

@@ -0,0 +1,7 @@
import csharp
from Call call, Parameter p, Expr arg
where
call.getARuntimeTarget() instanceof LambdaExpr and
arg = call.getRuntimeArgumentForParameter(p)
select call, p, arg

View File

@@ -0,0 +1,28 @@
using System;
class LambdaArgumentsTest
{
void M1()
{
var l1 = (int x) => x + 1;
l1(1);
var l2 = (int x, int y = 1) => x + y;
l2(2, 3);
l2(4);
l2(5, 6);
var l3 = (params int[] x) => x.Length;
l3();
l3(7, 8, 9);
}
delegate int MyDelegate(int x, int y);
void M2()
{
MyDelegate sum = (int x, int y) => x + y;
sum(y: 4, x: 5);
}
}

View File

@@ -206,12 +206,25 @@ namespace My.Qltest
Sink(MixedFlowArgs(null, o2));
}
void M4()
{
var o1 = new object();
Sink(GeneratedFlowWithGeneratedNeutral(o1));
var o2 = new object();
Sink(GeneratedFlowWithManualNeutral(o2)); // no flow because the modelled method has a manual neutral summary model
}
object GeneratedFlow(object o) => throw null;
object GeneratedFlowArgs(object o1, object o2) => throw null;
object MixedFlowArgs(object o1, object o2) => throw null;
object GeneratedFlowWithGeneratedNeutral(object o) => throw null;
object GeneratedFlowWithManualNeutral(object o) => throw null;
static void Sink(object o) { }
}

View File

@@ -63,9 +63,11 @@ edges
| ExternalFlow.cs:120:18:120:18 | access to local variable b : null [element] : Object | ExternalFlow.cs:120:18:120:21 | access to array element |
| ExternalFlow.cs:205:22:205:33 | object creation of type Object : Object | ExternalFlow.cs:206:38:206:39 | access to local variable o2 : Object |
| ExternalFlow.cs:206:38:206:39 | access to local variable o2 : Object | ExternalFlow.cs:206:18:206:40 | call to method MixedFlowArgs |
| ExternalFlow.cs:231:21:231:28 | object creation of type HC : HC | ExternalFlow.cs:232:21:232:21 | access to local variable h : HC |
| ExternalFlow.cs:232:21:232:21 | access to local variable h : HC | ExternalFlow.cs:232:21:232:39 | call to method ExtensionMethod : HC |
| ExternalFlow.cs:232:21:232:39 | call to method ExtensionMethod : HC | ExternalFlow.cs:233:18:233:18 | access to local variable o |
| ExternalFlow.cs:211:22:211:33 | object creation of type Object : Object | ExternalFlow.cs:212:52:212:53 | access to local variable o1 : Object |
| ExternalFlow.cs:212:52:212:53 | access to local variable o1 : Object | ExternalFlow.cs:212:18:212:54 | call to method GeneratedFlowWithGeneratedNeutral |
| ExternalFlow.cs:244:21:244:28 | object creation of type HC : HC | ExternalFlow.cs:245:21:245:21 | access to local variable h : HC |
| ExternalFlow.cs:245:21:245:21 | access to local variable h : HC | ExternalFlow.cs:245:21:245:39 | call to method ExtensionMethod : HC |
| ExternalFlow.cs:245:21:245:39 | call to method ExtensionMethod : HC | ExternalFlow.cs:246:18:246:18 | access to local variable o |
nodes
| ExternalFlow.cs:9:27:9:38 | object creation of type Object : Object | semmle.label | object creation of type Object : Object |
| ExternalFlow.cs:10:18:10:33 | call to method StepArgRes | semmle.label | call to method StepArgRes |
@@ -148,10 +150,13 @@ nodes
| ExternalFlow.cs:205:22:205:33 | object creation of type Object : Object | semmle.label | object creation of type Object : Object |
| ExternalFlow.cs:206:18:206:40 | call to method MixedFlowArgs | semmle.label | call to method MixedFlowArgs |
| ExternalFlow.cs:206:38:206:39 | access to local variable o2 : Object | semmle.label | access to local variable o2 : Object |
| ExternalFlow.cs:231:21:231:28 | object creation of type HC : HC | semmle.label | object creation of type HC : HC |
| ExternalFlow.cs:232:21:232:21 | access to local variable h : HC | semmle.label | access to local variable h : HC |
| ExternalFlow.cs:232:21:232:39 | call to method ExtensionMethod : HC | semmle.label | call to method ExtensionMethod : HC |
| ExternalFlow.cs:233:18:233:18 | access to local variable o | semmle.label | access to local variable o |
| ExternalFlow.cs:211:22:211:33 | object creation of type Object : Object | semmle.label | object creation of type Object : Object |
| ExternalFlow.cs:212:18:212:54 | call to method GeneratedFlowWithGeneratedNeutral | semmle.label | call to method GeneratedFlowWithGeneratedNeutral |
| ExternalFlow.cs:212:52:212:53 | access to local variable o1 : Object | semmle.label | access to local variable o1 : Object |
| ExternalFlow.cs:244:21:244:28 | object creation of type HC : HC | semmle.label | object creation of type HC : HC |
| ExternalFlow.cs:245:21:245:21 | access to local variable h : HC | semmle.label | access to local variable h : HC |
| ExternalFlow.cs:245:21:245:39 | call to method ExtensionMethod : HC | semmle.label | call to method ExtensionMethod : HC |
| ExternalFlow.cs:246:18:246:18 | access to local variable o | semmle.label | access to local variable o |
subpaths
#select
| ExternalFlow.cs:10:18:10:33 | call to method StepArgRes | ExternalFlow.cs:9:27:9:38 | object creation of type Object : Object | ExternalFlow.cs:10:18:10:33 | call to method StepArgRes | $@ | ExternalFlow.cs:9:27:9:38 | object creation of type Object : Object | object creation of type Object : Object |
@@ -175,4 +180,5 @@ subpaths
| ExternalFlow.cs:112:18:112:25 | access to property MyProp | ExternalFlow.cs:111:24:111:35 | object creation of type Object : Object | ExternalFlow.cs:112:18:112:25 | access to property MyProp | $@ | ExternalFlow.cs:111:24:111:35 | object creation of type Object : Object | object creation of type Object : Object |
| ExternalFlow.cs:120:18:120:21 | access to array element | ExternalFlow.cs:117:36:117:47 | object creation of type Object : Object | ExternalFlow.cs:120:18:120:21 | access to array element | $@ | ExternalFlow.cs:117:36:117:47 | object creation of type Object : Object | object creation of type Object : Object |
| ExternalFlow.cs:206:18:206:40 | call to method MixedFlowArgs | ExternalFlow.cs:205:22:205:33 | object creation of type Object : Object | ExternalFlow.cs:206:18:206:40 | call to method MixedFlowArgs | $@ | ExternalFlow.cs:205:22:205:33 | object creation of type Object : Object | object creation of type Object : Object |
| ExternalFlow.cs:233:18:233:18 | access to local variable o | ExternalFlow.cs:231:21:231:28 | object creation of type HC : HC | ExternalFlow.cs:233:18:233:18 | access to local variable o | $@ | ExternalFlow.cs:231:21:231:28 | object creation of type HC : HC | object creation of type HC : HC |
| ExternalFlow.cs:212:18:212:54 | call to method GeneratedFlowWithGeneratedNeutral | ExternalFlow.cs:211:22:211:33 | object creation of type Object : Object | ExternalFlow.cs:212:18:212:54 | call to method GeneratedFlowWithGeneratedNeutral | $@ | ExternalFlow.cs:211:22:211:33 | object creation of type Object : Object | object creation of type Object : Object |
| ExternalFlow.cs:246:18:246:18 | access to local variable o | ExternalFlow.cs:244:21:244:28 | object creation of type HC : HC | ExternalFlow.cs:246:18:246:18 | access to local variable o | $@ | ExternalFlow.cs:244:21:244:28 | object creation of type HC : HC | object creation of type HC : HC |

View File

@@ -29,4 +29,13 @@ extensions:
- ["My.Qltest", "G", false, "GeneratedFlowArgs", "(System.Object,System.Object)", "", "Argument[1]", "ReturnValue", "value", "df-generated"]
- ["My.Qltest", "G", false, "MixedFlowArgs", "(System.Object,System.Object)", "", "Argument[0]", "ReturnValue", "value", "df-generated"]
- ["My.Qltest", "G", false, "MixedFlowArgs", "(System.Object,System.Object)", "", "Argument[1]", "ReturnValue", "value", "manual"]
- ["My.Qltest", "G", false, "GeneratedFlowWithGeneratedNeutral", "(System.Object)", "", "Argument[0]", "ReturnValue", "value", "df-generated"]
- ["My.Qltest", "G", false, "GeneratedFlowWithManualNeutral", "(System.Object)", "", "Argument[0]", "ReturnValue", "value", "df-generated"]
- ["My.Qltest", "HE", false, "ExtensionMethod", "(My.Qltest.HI)", "", "Argument[0]", "ReturnValue", "value", "manual"]
- addsTo:
pack: codeql/csharp-all
extensible: neutralModel
# "namespace", "type", "name", "signature", "kind", "provenance"
data:
- ["My.Qltest", "G", "GeneratedFlowWithGeneratedNeutral", "(System.Object)", "summary", "df-generated"]
- ["My.Qltest", "G", "GeneratedFlowWithManualNeutral", "(System.Object)", "summary", "manual"]

View File

@@ -21,11 +21,18 @@ module TaintConfig implements DataFlow::ConfigSig {
module Taint = TaintTracking::Global<TaintConfig>;
/**
* Simulate that methods with summaries are not included in the source code.
* This is relevant for dataflow analysis using summaries tagged as generated.
* Emulate that methods with summaries do not have a body.
* This is relevant for dataflow analysis using summaries with a generated like
* provenance as generated summaries are only applied, if a
* callable does not have a body.
*/
private class MyMethod extends Method {
override predicate fromSource() { none() }
private class MethodsWithGeneratedModels extends Method {
MethodsWithGeneratedModels() {
this.hasFullyQualifiedName("My.Qltest", "G",
["MixedFlowArgs", "GeneratedFlowWithGeneratedNeutral", "GeneratedFlowWithManualNeutral"])
}
override predicate hasBody() { none() }
}
from Taint::PathNode source, Taint::PathNode sink

View File

@@ -42,6 +42,12 @@ namespace My.Qltest
gen.StepGeneric2(false);
new Sub().StepOverride("string");
object arg4 = new object();
this.StepArgQualGenerated(arg4);
object arg5 = new object();
this.StepArgQualGeneratedIgnored(arg5);
}
object StepArgRes(object x) { return null; }
@@ -50,6 +56,10 @@ namespace My.Qltest
void StepArgQual(object x) { }
void StepArgQualGenerated(object x) { }
void StepArgQualGeneratedIgnored(object x) { }
object StepQualRes() { return null; }
void StepQualArg(object @out) { }

View File

@@ -11,11 +11,12 @@ summaryThroughStep
| Steps.cs:41:29:41:29 | 0 | Steps.cs:41:13:41:30 | call to method StepGeneric | true |
| Steps.cs:42:30:42:34 | false | Steps.cs:42:13:42:35 | call to method StepGeneric2<Boolean> | true |
| Steps.cs:44:36:44:43 | "string" | Steps.cs:44:13:44:44 | call to method StepOverride | true |
| Steps.cs:47:39:47:42 | access to local variable arg4 | Steps.cs:47:13:47:16 | [post] this access | false |
summaryGetterStep
| Steps.cs:28:13:28:16 | this access | Steps.cs:28:13:28:34 | call to method StepFieldGetter | Steps.cs:57:13:57:17 | field Field |
| Steps.cs:32:13:32:16 | this access | Steps.cs:32:13:32:37 | call to method StepPropertyGetter | Steps.cs:63:13:63:20 | property Property |
| Steps.cs:28:13:28:16 | this access | Steps.cs:28:13:28:34 | call to method StepFieldGetter | Steps.cs:67:13:67:17 | field Field |
| Steps.cs:32:13:32:16 | this access | Steps.cs:32:13:32:37 | call to method StepPropertyGetter | Steps.cs:73:13:73:20 | property Property |
| Steps.cs:36:13:36:16 | this access | Steps.cs:36:13:36:36 | call to method StepElementGetter | file://:0:0:0:0 | element |
summarySetterStep
| Steps.cs:30:34:30:34 | 0 | Steps.cs:30:13:30:16 | [post] this access | Steps.cs:57:13:57:17 | field Field |
| Steps.cs:34:37:34:37 | 0 | Steps.cs:34:13:34:16 | [post] this access | Steps.cs:63:13:63:20 | property Property |
| Steps.cs:30:34:30:34 | 0 | Steps.cs:30:13:30:16 | [post] this access | Steps.cs:67:13:67:17 | field Field |
| Steps.cs:34:37:34:37 | 0 | Steps.cs:34:13:34:16 | [post] this access | Steps.cs:73:13:73:20 | property Property |
| Steps.cs:38:36:38:36 | 0 | Steps.cs:38:13:38:16 | [post] this access | file://:0:0:0:0 | element |

View File

@@ -18,3 +18,13 @@ extensions:
- ["My.Qltest", "C+Generic<T,U>", false, "StepGeneric", "(T)", "", "Argument[0]", "ReturnValue", "value", "manual"]
- ["My.Qltest", "C+Generic<T,U>", false, "StepGeneric2<S>", "(S)", "", "Argument[0]", "ReturnValue", "value", "manual"]
- ["My.Qltest", "C+Base<T>", true, "StepOverride", "(T)", "", "Argument[0]", "ReturnValue", "value", "manual"]
- ["My.Qltest", "C", false, "StepArgQualGenerated", "(System.Object)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- ["My.Qltest", "C", false, "StepArgQualGeneratedIgnored", "(System.Object)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
- addsTo:
pack: codeql/csharp-all
extensible: neutralModel
# "namespace", "type", "name", "signature", "kind", "provenance"
data:
- ["My.Qltest", "C", "StepArgQualGenerated", "(System.Object)", "summary", "df-generated"]
- ["My.Qltest", "C", "StepArgQualGeneratedIgnored", "(System.Object)", "summary", "manual"]

View File

@@ -6,6 +6,22 @@ import semmle.code.csharp.dataflow.FlowSummary
import semmle.code.csharp.dataflow.internal.DataFlowDispatch as DataFlowDispatch
import semmle.code.csharp.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
/**
* Emulate that methods with summaries do not have a body.
* This is relevant for dataflow analysis using summaries with a generated like
* provenance as generated summaries are only applied, if a
* callable does not have a body.
*/
private class StepArgQualGenerated extends Method {
StepArgQualGenerated() {
exists(string name |
this.hasFullyQualifiedName("My.Qltest", "C", name) and name.matches("StepArgQualGenerated%")
)
}
override predicate hasBody() { none() }
}
query predicate summaryThroughStep(
DataFlow::Node node1, DataFlow::Node node2, boolean preservesValue
) {

View File

@@ -0,0 +1,15 @@
using System;
using System.Runtime.InteropServices;
using System.Runtime.CompilerServices;
public class LambdaParameters
{
public void M1()
{
var l1 = (int x, int y = 1) => x + y;
var l2 = (object? o = default) => o;
var l3 = (int x, int y = 1, int z = 2) => x + y + z;
var l4 = ([Optional, DefaultParameterValue(7)] int x) => x;
var l5 = ([Optional, DateTimeConstant(14L)] DateTime x) => x;
}
}

View File

@@ -1,4 +1,6 @@
noDefaultValue
| LambdaParameters.cs:9:18:9:44 | (...) => ... | LambdaParameters.cs:9:23:9:23 | x | 0 |
| LambdaParameters.cs:11:18:11:59 | (...) => ... | LambdaParameters.cs:11:23:11:23 | x | 0 |
| Parameters.cs:7:17:7:18 | M1 | Parameters.cs:7:24:7:24 | a | 0 |
| Parameters.cs:7:17:7:18 | M1 | Parameters.cs:7:34:7:34 | b | 1 |
| Parameters.cs:7:17:7:18 | M1 | Parameters.cs:7:44:7:44 | c | 2 |
@@ -16,6 +18,12 @@ noDefaultValue
| Parameters.dll:0:0:0:0 | implicit conversion | Parameters.dll:0:0:0:0 | i | 0 |
| Parameters.dll:0:0:0:0 | implicit conversion | Parameters.dll:0:0:0:0 | s | 0 |
withDefaultValue
| LambdaParameters.cs:9:18:9:44 | (...) => ... | LambdaParameters.cs:9:30:9:30 | y | 1 | LambdaParameters.cs:9:34:9:34 | 1 | 1 |
| LambdaParameters.cs:10:18:10:43 | (...) => ... | LambdaParameters.cs:10:27:10:27 | o | 0 | LambdaParameters.cs:10:31:10:37 | default | null |
| LambdaParameters.cs:11:18:11:59 | (...) => ... | LambdaParameters.cs:11:30:11:30 | y | 1 | LambdaParameters.cs:11:34:11:34 | 1 | 1 |
| LambdaParameters.cs:11:18:11:59 | (...) => ... | LambdaParameters.cs:11:41:11:41 | z | 2 | LambdaParameters.cs:11:45:11:45 | 2 | 2 |
| LambdaParameters.cs:12:18:12:66 | (...) => ... | LambdaParameters.cs:12:60:12:60 | x | 0 | LambdaParameters.cs:12:19:12:60 | 7 | 7 |
| LambdaParameters.cs:13:18:13:68 | (...) => ... | LambdaParameters.cs:13:62:13:62 | x | 0 | LambdaParameters.cs:13:19:13:62 | object creation of type DateTime | - |
| Parameters.cs:8:17:8:18 | M2 | Parameters.cs:8:34:8:34 | b | 1 | Parameters.cs:8:38:8:41 | null | null |
| Parameters.cs:8:17:8:18 | M2 | Parameters.cs:8:51:8:51 | c | 2 | Parameters.cs:8:55:8:70 | "default string" | default string |
| Parameters.cs:9:17:9:18 | M3 | Parameters.cs:9:24:9:24 | a | 0 | Parameters.cs:9:28:9:28 | 1 | 1 |
@@ -81,6 +89,7 @@ withDefaultValue
| Parameters.dll:0:0:0:0 | M23 | Parameters.dll:0:0:0:0 | arg12 | 0 | Parameters.dll:0:0:0:0 | (...) ... | 0 |
| Parameters.dll:0:0:0:0 | M24 | Parameters.dll:0:0:0:0 | arg13 | 0 | Parameters.dll:0:0:0:0 | (...) ... | 7 |
dateTimeDefaults
| LambdaParameters.cs:13:18:13:68 | (...) => ... | LambdaParameters.cs:13:62:13:62 | x | LambdaParameters.cs:13:19:13:62 | object creation of type DateTime | DateTime(long) | 14 |
| Parameters.cs:22:17:22:19 | M14 | Parameters.cs:22:64:22:67 | arg4 | Parameters.cs:22:21:22:67 | object creation of type DateTime | DateTime(long) | 14 |
| Parameters.cs:23:17:23:19 | M15 | Parameters.cs:23:68:23:71 | arg5 | Parameters.cs:23:21:23:71 | object creation of type DateTime | DateTime(long) | 10001 |
| Parameters.dll:0:0:0:0 | M14 | Parameters.dll:0:0:0:0 | arg4 | Parameters.dll:0:0:0:0 | object creation of type DateTime | DateTime(long) | 14 |

View File

@@ -0,0 +1,30 @@
using System;
using TupleType1 = (int, object);
using TupleType2 = (int, string);
using TupleType3 = (int, object);
using Point = (int x, int y);
public class TupleMethods
{
public void M1(TupleType1 t)
{
var x = t.Item1;
var y = t.Item2;
}
public void M2(TupleType2 t)
{
var x = t.Item1;
var y = t.Item2;
M1(t);
}
public void M3(Point p)
{
var x = p.x;
var y = p.y;
}
public void M4(TupleType3 t) { }
}

View File

@@ -0,0 +1,4 @@
| alias.cs:10:17:10:18 | M1 | alias.cs:10:31:10:31 | t | (Int32,Object) |
| alias.cs:16:17:16:18 | M2 | alias.cs:16:31:16:31 | t | (Int32,String) |
| alias.cs:23:17:23:18 | M3 | alias.cs:23:26:23:26 | p | (Int32,Int32) |
| alias.cs:29:17:29:18 | M4 | alias.cs:29:31:29:31 | t | (Int32,Object) |

View File

@@ -0,0 +1,8 @@
import csharp
from Method m, Parameter p, Type t
where
m.fromSource() and
p = m.getAParameter() and
p.getType() = t
select m, p, t.toString()

View File

@@ -0,0 +1,6 @@
extensions:
- addsTo:
pack: codeql/csharp-all
extensible: neutralModel
data:
- [ "NoSummaries", "ManuallyModelled", "HasNeutralSummaryNoFlow", "(System.Object)", "summary", "manual"]

View File

@@ -0,0 +1,12 @@
extensions:
- addsTo:
pack: codeql/csharp-all
extensible: summaryModel
data:
- [ "NoSummaries", "ManuallyModelled", False, "HasSummary", "(System.Object)", "", "Argument[0]", "ReturnValue", "value", "manual"]
- addsTo:
pack: codeql/csharp-all
extensible: neutralModel
data:
- [ "NoSummaries", "ManuallyModelled", "HasNeutralSummary", "(System.Object)", "summary", "manual"]

View File

@@ -143,3 +143,22 @@ public class ParameterlessConstructor
IsInitialized = true;
}
}
// No models should be created, if there exist either a manual summary or neutral summary.
public class ManuallyModelled
{
public object HasSummary(object o)
{
return o;
}
public object HasNeutralSummary(object o)
{
return o;
}
public object HasNeutralSummaryNoFlow(object o)
{
return null;
}
}

View File

@@ -124,7 +124,6 @@
| Summaries;TypeBasedCollection<T>;false;Add;(T);;Argument[0];Argument[this].Element;value;tb-generated |
| Summaries;TypeBasedCollection<T>;false;AddMany;(System.Collections.Generic.IEnumerable<T>);;Argument[0].Element;Argument[this].Element;value;tb-generated |
| Summaries;TypeBasedCollection<T>;false;First;();;Argument[this].Element;ReturnValue;value;tb-generated |
| Summaries;TypeBasedCollection<T>;false;GetEnumerator;();;Argument[this].Element;ReturnValue.SyntheticField[ArgType0];value;tb-generated |
| Summaries;TypeBasedCollection<T>;false;GetMany;();;Argument[this].Element;ReturnValue.Element;value;tb-generated |
| Summaries;TypeBasedComplex<T>;false;AddMany;(System.Collections.Generic.IEnumerable<T>);;Argument[0].Element;Argument[this].SyntheticField[ArgType0];value;tb-generated |
| Summaries;TypeBasedComplex<T>;false;Apply;(System.Func<T,System.Int32>);;Argument[this].SyntheticField[ArgType0];Argument[0].Parameter[0];value;tb-generated |

View File

@@ -30,6 +30,7 @@ If you opt in, GitHub collects the following information related to the usage of
- Randomly generated GUID that uniquely identifies a CodeQL extension installation. (Discarded before aggregation.)
- IP address of the client sending the telemetry data. (Discarded before aggregation.)
- Whether or not the ``codeQL.canary`` setting is enabled and set to ``true``.
- Whether any :doc:`CodeQL extension settings <customizing-settings>` are configured.
How long data is retained
--------------------------

View File

@@ -124,3 +124,19 @@ You could give the predicate a more descriptive name as follows:
.. code-block:: ql
predicate lessThanTen = isSmall/1;
.. _weak_strong_aliases:
Strong and weak aliases
=======================
Every alias definition is either **strong** or **weak**.
An alias definition is **strong** if and only if it is a :ref:`type alias <type-aliases>` definition with
:ref:`annotation <annotations>` ``final``.
During :ref:`name resolution <name-resolution>`, ambiguity between aliases from **weak** alias definitions
for the same module/type/predicate is allowed, but ambiguity between between aliases from distinct **strong**
alias definitions is invalid QL.
Likewise, for the purpose of applicative instantiation of :ref:`parameterised modules <parameterized-modules>`
and `:ref:`parameterised module signatures <parameterized-module-signatures>`, aliases from **weak** alias
definitions for instantiation arguments do not result in separate instantiations, but aliases from **strong**
alias definitions for instantiation arguments do.

View File

@@ -180,7 +180,8 @@ For example, in the previous two snippets, we relied on the predicate signature
signature int transformer(int x);
The instantiation of parameterized modules is applicative.
That is, if you instantiate a parameterized module twice with identical arguments, the resulting object is the same.
That is, if you instantiate a parameterized module twice with equivalent arguments, the resulting object is the same.
Arguments are considered equivalent in this context if they differ only by :ref:`weak aliasing <weak_strong_aliases>`.
This is particularly relevant for type definitions inside parameterized modules as :ref:`classes <classes>`
or via :ref:`newtype <algebraic-datatypes>`, because the duplication of such type definitions would result in
incompatible types.

View File

@@ -115,7 +115,7 @@ Environments may be combined as follows:
- *Union*. This takes the union of the entry sets of the two environments.
- *Overriding union*. This takes the union of two environments, but if there are entries for a key in the first map, then no additional entries for that key are included from the second map.
A *definite* environment has at most one entry for each key. Resolution is unique in a definite environment.
A *definite* environment has only values that are *equal modulo weak aliasing* for each key.
Global environments
~~~~~~~~~~~~~~~~~~~
@@ -334,7 +334,7 @@ For a *completely uninstantiated* parameter, the *bottom-up instantiation-resolu
An entity is called *fully instantiated* if none of the *bottom-up instantiation-resolutions* of the parameters in the *relevant set of parameters* of the entity's *underlying completely uninstantiated* entity are parameters.
Two *instantiated modules* or two *instantiation-nested* entities are considered *equivalent* if they have the same *underlying completely uninstantiated* entity and each parameter in its *relevant set of parameters* has the same *bottom-up instantiation-resolution* relative to either *instantiated module*.
Two *instantiated modules* or two *instantiation-nested* entities are considered *equivalent* if they have the same *underlying completely uninstantiated* entity and each parameter in its *relevant set of parameters* has *bottom-up instantiation-resolution*s relative both *instantiated module*s that are *equivalent modulo weak aliases*.
Module instantiation is applicative, meaning that *equivalent* *instantiated modules* and *equivalent* *instantiation-nested* entities are indistinguishable.
@@ -1763,7 +1763,7 @@ The grammar given in this section is disambiguated first by precedence, and seco
Aliases
-------
Aliases define new names for existing QL entities.
Aliases define new names for existing QL bindings.
::
@@ -1772,7 +1772,19 @@ Aliases define new names for existing QL entities.
| qldoc? annotations "module" modulename "=" moduleExpr ";"
An alias introduces a binding from the new name to the entity referred to by the right-hand side in the current module's declared predicate, type, or module environment respectively.
An alias introduces a binding from the new name to the binding referred to by the right-hand side in the current module's visible predicate, type, or module environment respectively.
An alias is called a *strong alias* if and only if it has the ``final`` annotation. Otherwise, it is called a *weak alias*.
Two bindings `A`, `B` are called *equal modulo weak aliasing* if and only if one of the following conditions are satisfied:
- `A` and `B` are the same binding or
- `A`` is introduced by a *weak alias* for `C`, where `B` and `C` are *equal modulo weak aliasing* (or vice versa) or
- `A` and `B` are introduced by the same strong alias and they are aliases for bindings that are *equal modulo weak aliasing*.
Note that the third condition is only relevant in :ref:`Parameterized modules`, where the binding introduced by the alias can depend on instantiation parameters.
Built-ins
---------

View File

@@ -49,7 +49,7 @@ The following properties are supported by all query files:
| | | ``warning`` | |
| | | ``recommendation`` | |
+-----------------------+---------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| ``@security-severity``| ``<score>`` | Defines the level of severity, between 0.0 and 10.0, for queries with ``@tags security``. For more information about calculating ``@security-severity``, see the `GitHub changelog <https://gh.io/2021-07-19-codeql-security-severity>`__. |
| ``@security-severity``| ``<score>`` | Defines the level of severity, between 0.0 and 10.0, for queries with ``@tags security``. For more information, see the `GitHub user documentation <https://docs.github.com/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts#about-alert-severity-and-security-severity-levels>`__. |
+-----------------------+---------------------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
Example

View File

@@ -588,18 +588,17 @@ However, joining the virtual dispatch relation with itself in this way is
usually way too big to be feasible. Instead, the relation above should only be
defined for those values of `call` for which the set of resulting dispatch
targets might be reduced. To do this, define the set of `call`s that might for
some reason benefit from a call context as the following predicate (the `c`
column should be `call.getEnclosingCallable()`):
some reason benefit from a call context as the following predicate:
```ql
predicate mayBenefitFromCallContext(DataFlowCall call, DataFlowCallable c)
predicate mayBenefitFromCallContext(DataFlowCall call)
```
And then define `DataFlowCallable viableImplInCallContext(DataFlowCall call,
DataFlowCall ctx)` as sketched above, but restricted to
`mayBenefitFromCallContext(call, _)`.
`mayBenefitFromCallContext(call)`.
The shared implementation will then compare counts of virtual dispatch targets
using `viableCallable` and `viableImplInCallContext` for each `call` in
`mayBenefitFromCallContext(call, _)` and track call contexts during flow
`mayBenefitFromCallContext(call)` and track call contexts during flow
calculation when differences in these counts show an improved precision in
further calls.

View File

@@ -113,11 +113,11 @@ Alert queries (`@kind problem` or `path-problem`) support two further properties
* `medium`
* `high`
* `very-high`
* `@problem.severity`defines the level of severity of non-security alerts:
* `@problem.severity`defines the likelihood that an alert, either security-related or not, causes an actual problem such as incorrect program behavior:
* `error`an issue that is likely to cause incorrect program behavior, for example a crash or vulnerability.
* `warning`an issue that indicates a potential problem in the code, or makes the code fragile if another (unrelated) part of code is changed.
* `recommendation`an issue where the code behaves correctly, but it could be improved.
* `@security-severity`-defines the level of severity, between 0.0 and 10.0, for queries with `@tags security`. For more information about calculating `@security-severity`, see the [GitHub changelog](https://github.blog/changelog/2021-07-19-codeql-code-scanning-new-severity-levels-for-security-alerts/).
* `@security-severity`-defines the level of severity, between 0.0 and 10.0, for queries with `@tags security`. For more information about how this value is calculated and then used in code scanning analysis, see [About alert severity and security severity levels](https://docs.github.com/code-security/code-scanning/managing-code-scanning-alerts/about-code-scanning-alerts#about-alert-severity-and-security-severity-levels) in the GitHub user documentation.
## Query tags `@tags`
@@ -155,7 +155,10 @@ If your query is a security query, use one or more `@tags` to associate it with
||`external/cwe/cwe-036` |
||`external/cwe/cwe-073` |
When you tag a query like this, the associated CWE pages from [MITRE.org](https://cwe.mitre.org/index.html) will automatically appear in the reference section of its associated qhelp file.
When you tag a query like this, the associated CWE pages from [MITRE.org](https://cwe.mitre.org/index.html) will automatically appear in the references section of its associated qhelp file.
> [!NOTE]
> The automatic addition of CWE reference links works only if the qhelp file already contains a `<references>` section.
#### Metric/summary `@tags`
@@ -203,5 +206,3 @@ The `select` clause of a summary metric query must have one of the following res
- This indicates a metric without a specific location in the codebase, for example the total lines of code in a codebase.
- A code `entity` followed by a `number`
- This indicates a metric with a specific location in the codebase, for example the lines of code within a file. The `entity` here must have a valid location in the source code.

View File

@@ -34,7 +34,7 @@ encoding/pem,,3,,3,
encoding/xml,,23,,23,
errors,,3,,3,
expvar,,6,,6,
fmt,,5,,5,
fmt,,16,,16,
github.com/astaxie/beego,,7,,7,
github.com/astaxie/beego/context,,1,,1,
github.com/astaxie/beego/utils,,13,,13,
@@ -53,6 +53,7 @@ github.com/labstack/echo,,2,,2,
github.com/revel/revel,,10,,10,
github.com/robfig/revel,,10,,10,
github.com/sendgrid/sendgrid-go/$ANYVERSION/helpers/mail,,1,,1,
github.com/valyala/fasthttp,,5,,5,
go.uber.org/zap,,11,,11,
golang.org/x/net/$ANYVERSION/html,,16,,16,
golang.org/x/net/context,,5,,5,
1 package source summary source:remote summary:taint summary:value
34 encoding/xml 23 23
35 errors 3 3
36 expvar 6 6
37 fmt 5 16 5 16
38 github.com/astaxie/beego 7 7
39 github.com/astaxie/beego/context 1 1
40 github.com/astaxie/beego/utils 13 13
53 github.com/revel/revel 10 10
54 github.com/robfig/revel 10 10
55 github.com/sendgrid/sendgrid-go/$ANYVERSION/helpers/mail 1 1
56 github.com/valyala/fasthttp 5 5
57 go.uber.org/zap 11 11
58 golang.org/x/net/$ANYVERSION/html 16 16
59 golang.org/x/net/context 5 5

View File

@@ -15,8 +15,9 @@ Go framework & library support
`Macaron <https://gopkg.in/macaron.v1>`_,``gopkg.in/macaron*``,,1,
`Revel <http://revel.github.io/>`_,"``github.com/revel/revel*``, ``github.com/robfig/revel*``",,20,
`SendGrid <https://github.com/sendgrid/sendgrid-go>`_,``github.com/sendgrid/sendgrid-go*``,,1,
`Standard library <https://pkg.go.dev/std>`_,"````, ``archive/*``, ``bufio``, ``bytes``, ``cmp``, ``compress/*``, ``container/*``, ``context``, ``crypto``, ``crypto/*``, ``database/*``, ``debug/*``, ``embed``, ``encoding``, ``encoding/*``, ``errors``, ``expvar``, ``flag``, ``fmt``, ``go/*``, ``hash``, ``hash/*``, ``html``, ``html/*``, ``image``, ``image/*``, ``index/*``, ``io``, ``io/*``, ``log``, ``log/*``, ``maps``, ``math``, ``math/*``, ``mime``, ``mime/*``, ``net``, ``net/*``, ``os``, ``os/*``, ``path``, ``path/*``, ``plugin``, ``reflect``, ``reflect/*``, ``regexp``, ``regexp/*``, ``slices``, ``sort``, ``strconv``, ``strings``, ``sync``, ``sync/*``, ``syscall``, ``syscall/*``, ``testing``, ``testing/*``, ``text/*``, ``time``, ``time/*``, ``unicode``, ``unicode/*``, ``unsafe``",8,566,
`Standard library <https://pkg.go.dev/std>`_,"````, ``archive/*``, ``bufio``, ``bytes``, ``cmp``, ``compress/*``, ``container/*``, ``context``, ``crypto``, ``crypto/*``, ``database/*``, ``debug/*``, ``embed``, ``encoding``, ``encoding/*``, ``errors``, ``expvar``, ``flag``, ``fmt``, ``go/*``, ``hash``, ``hash/*``, ``html``, ``html/*``, ``image``, ``image/*``, ``index/*``, ``io``, ``io/*``, ``log``, ``log/*``, ``maps``, ``math``, ``math/*``, ``mime``, ``mime/*``, ``net``, ``net/*``, ``os``, ``os/*``, ``path``, ``path/*``, ``plugin``, ``reflect``, ``reflect/*``, ``regexp``, ``regexp/*``, ``slices``, ``sort``, ``strconv``, ``strings``, ``sync``, ``sync/*``, ``syscall``, ``syscall/*``, ``testing``, ``testing/*``, ``text/*``, ``time``, ``time/*``, ``unicode``, ``unicode/*``, ``unsafe``",8,577,
`beego <https://beego.me/>`_,"``github.com/astaxie/beego*``, ``github.com/beego/beego*``",,42,
`fasthttp <https://github.com/valyala/fasthttp>`_,``github.com/valyala/fasthttp*``,,5,
`go-pg <https://pg.uptrace.dev/>`_,``github.com/go-pg/pg*``,,6,
`golang.org/x/net <https://pkg.go.dev/golang.org/x/net>`_,``golang.org/x/net*``,,21,
`goproxy <https://github.com/elazarl/goproxy>`_,``github.com/elazarl/goproxy*``,,2,
@@ -25,5 +26,5 @@ Go framework & library support
`protobuf <https://pkg.go.dev/google.golang.org/protobuf>`_,"``github.com/golang/protobuf*``, ``google.golang.org/protobuf*``",,16,
`yaml <https://gopkg.in/yaml.v3>`_,``gopkg.in/yaml*``,,9,
`zap <https://go.uber.org/zap>`_,``go.uber.org/zap*``,,11,
Totals,,8,826,
Totals,,8,842,

View File

@@ -4,6 +4,7 @@ beego,https://beego.me/,github.com/astaxie/beego* github.com/beego/beego*
Couchbase official client(gocb),https://github.com/couchbase/gocb,github.com/couchbase/gocb* gopkg.in/couchbase/gocb*
Couchbase unofficial client,http://www.github.com/couchbase/go-couchbase,github.com/couchbaselabs/gocb*
Echo,https://echo.labstack.com/,github.com/labstack/echo*
fasthttp,https://github.com/valyala/fasthttp,github.com/valyala/fasthttp*
Gin,https://github.com/gin-gonic/gin,github.com/gin-gonic/gin*
go-pg,https://pg.uptrace.dev/,github.com/go-pg/pg*
golang.org/x/net,https://pkg.go.dev/golang.org/x/net,golang.org/x/net*
1 Framework name URL Package prefixes
4 Couchbase official client(gocb) https://github.com/couchbase/gocb github.com/couchbase/gocb* gopkg.in/couchbase/gocb*
5 Couchbase unofficial client http://www.github.com/couchbase/go-couchbase github.com/couchbaselabs/gocb*
6 Echo https://echo.labstack.com/ github.com/labstack/echo*
7 fasthttp https://github.com/valyala/fasthttp github.com/valyala/fasthttp*
8 Gin https://github.com/gin-gonic/gin github.com/gin-gonic/gin*
9 go-pg https://pg.uptrace.dev/ github.com/go-pg/pg*
10 golang.org/x/net https://pkg.go.dev/golang.org/x/net golang.org/x/net*

View File

@@ -96,7 +96,15 @@ func getEnvGoSemVer() string {
if !strings.HasPrefix(goVersion, "go") {
log.Fatalf("Expected 'go version' output of the form 'go1.2.3'; got '%s'", goVersion)
}
return "v" + goVersion[2:]
// Go versions don't follow the SemVer format, but the only exception we normally care about
// is release candidates; so this is a horrible hack to convert e.g. `go1.22rc1` into `go1.22-rc1`
// which is compatible with the SemVer specification
rcIndex := strings.Index(goVersion, "rc")
if rcIndex != -1 {
return semver.Canonical("v"+goVersion[2:rcIndex]) + "-" + goVersion[rcIndex:]
} else {
return semver.Canonical("v" + goVersion[2:])
}
}
// Returns the import path of the package being built, or "" if it cannot be determined.

View File

@@ -4,5 +4,5 @@ go 1.21
require (
golang.org/x/mod v0.14.0
golang.org/x/tools v0.16.1
golang.org/x/tools v0.17.0
)

Some files were not shown because too many files have changed in this diff Show More