mirror of
https://github.com/github/codeql.git
synced 2026-05-26 09:01:22 +02:00
Compare commits
2 Commits
esbena/sub
...
mbg/go/dep
| Author | SHA1 | Date | |
|---|---|---|---|
|
75900f05c9 | ||
|
|
114a875f3d |
7
.github/dependabot.yml
vendored
7
.github/dependabot.yml
vendored
@@ -22,5 +22,12 @@ updates:
|
||||
directory: "go/extractor"
|
||||
schedule:
|
||||
interval: "daily"
|
||||
allow:
|
||||
- dependency-name: "golang.org/x/mod"
|
||||
- dependency-name: "golang.org/x/tools"
|
||||
group:
|
||||
extractor-dependencies:
|
||||
patterns:
|
||||
- "golang.org/x/*"
|
||||
reviewers:
|
||||
- "github/codeql-go"
|
||||
|
||||
4
.github/workflows/compile-queries.yml
vendored
4
.github/workflows/compile-queries.yml
vendored
@@ -29,9 +29,9 @@ jobs:
|
||||
# run with --check-only if running in a PR (github.sha != main)
|
||||
if : ${{ github.event_name == 'pull_request' }}
|
||||
shell: bash
|
||||
run: codeql query compile -q -j0 */ql/{src,examples} --keep-going --warnings=error --check-only --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}" --compilation-cache-size=500
|
||||
run: codeql query compile -q -j0 */ql/{src,examples} --keep-going --warnings=error --check-only --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}"
|
||||
- name: compile queries - full
|
||||
# do full compile if running on main - this populates the cache
|
||||
if : ${{ github.event_name != 'pull_request' }}
|
||||
shell: bash
|
||||
run: codeql query compile -q -j0 */ql/{src,examples} --keep-going --warnings=error --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}" --compilation-cache-size=500
|
||||
run: codeql query compile -q -j0 */ql/{src,examples} --keep-going --warnings=error --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}"
|
||||
|
||||
2
.github/workflows/csharp-qltest.yml
vendored
2
.github/workflows/csharp-qltest.yml
vendored
@@ -91,7 +91,7 @@ jobs:
|
||||
run: |
|
||||
# Generate (Asp)NetCore stubs
|
||||
STUBS_PATH=stubs_output
|
||||
python3 ql/src/Stubs/make_stubs_nuget.py webapp Swashbuckle.AspNetCore.Swagger 6.5.0 "$STUBS_PATH"
|
||||
python3 ql/src/Stubs/make_stubs_nuget.py webapp Swashbuckle.AspNetCore.Swagger latest "$STUBS_PATH"
|
||||
rm -rf ql/test/resources/stubs/_frameworks
|
||||
# Update existing stubs in the repo with the freshly generated ones
|
||||
mv "$STUBS_PATH/output/stubs/_frameworks" ql/test/resources/stubs/
|
||||
|
||||
@@ -158,7 +158,9 @@ class NameQualifyingElement extends Element, @namequalifyingelement {
|
||||
/**
|
||||
* A special name-qualifying element. For example: `__super`.
|
||||
*/
|
||||
class SpecialNameQualifyingElement extends NameQualifyingElement, @specialnamequalifyingelement {
|
||||
library class SpecialNameQualifyingElement extends NameQualifyingElement,
|
||||
@specialnamequalifyingelement
|
||||
{
|
||||
/** Gets the name of this special qualifying element. */
|
||||
override string getName() { specialnamequalifyingelements(underlyingElement(this), result) }
|
||||
|
||||
|
||||
@@ -78,7 +78,7 @@ predicate parameterUsePair(Parameter p, VariableAccess va) {
|
||||
/**
|
||||
* Utility class: A definition or use of a stack variable.
|
||||
*/
|
||||
class DefOrUse extends ControlFlowNodeBase {
|
||||
library class DefOrUse extends ControlFlowNodeBase {
|
||||
DefOrUse() {
|
||||
// Uninstantiated templates are purely syntax, and only on instantiation
|
||||
// will they be complete with information about types, conversions, call
|
||||
@@ -140,7 +140,7 @@ class DefOrUse extends ControlFlowNodeBase {
|
||||
}
|
||||
|
||||
/** A definition of a stack variable. */
|
||||
class Def extends DefOrUse {
|
||||
library class Def extends DefOrUse {
|
||||
Def() { definition(_, this) }
|
||||
|
||||
override SemanticStackVariable getVariable(boolean isDef) {
|
||||
@@ -155,7 +155,7 @@ private predicate parameterIsOverwritten(Function f, Parameter p) {
|
||||
}
|
||||
|
||||
/** A definition of a parameter. */
|
||||
class ParameterDef extends DefOrUse {
|
||||
library class ParameterDef extends DefOrUse {
|
||||
ParameterDef() {
|
||||
// Optimization: parameters that are not overwritten do not require
|
||||
// reachability analysis
|
||||
@@ -169,7 +169,7 @@ class ParameterDef extends DefOrUse {
|
||||
}
|
||||
|
||||
/** A use of a stack variable. */
|
||||
class Use extends DefOrUse {
|
||||
library class Use extends DefOrUse {
|
||||
Use() { useOfVar(_, this) }
|
||||
|
||||
override SemanticStackVariable getVariable(boolean isDef) {
|
||||
|
||||
@@ -10,7 +10,7 @@ import SSAUtils
|
||||
* The SSA logic comes in two versions: the standard SSA and range-analysis RangeSSA.
|
||||
* This class provides the standard SSA logic.
|
||||
*/
|
||||
class StandardSsa extends SsaHelper {
|
||||
library class StandardSsa extends SsaHelper {
|
||||
StandardSsa() { this = 0 }
|
||||
}
|
||||
|
||||
|
||||
@@ -114,7 +114,7 @@ private predicate live_at_exit_of_bb(StackVariable v, BasicBlock b) {
|
||||
|
||||
/** Common SSA logic for standard SSA and range-analysis SSA. */
|
||||
cached
|
||||
class SsaHelper extends int {
|
||||
library class SsaHelper extends int {
|
||||
/* 0 = StandardSSA, 1 = RangeSSA */
|
||||
cached
|
||||
SsaHelper() { this in [0 .. 1] }
|
||||
|
||||
@@ -366,12 +366,12 @@ class CompileTimeConstantInt extends Expr {
|
||||
int getIntValue() { result = val }
|
||||
}
|
||||
|
||||
class CompileTimeVariableExpr extends Expr {
|
||||
library class CompileTimeVariableExpr extends Expr {
|
||||
CompileTimeVariableExpr() { not this instanceof CompileTimeConstantInt }
|
||||
}
|
||||
|
||||
/** A helper class for evaluation of expressions. */
|
||||
class ExprEvaluator extends int {
|
||||
library class ExprEvaluator extends int {
|
||||
/*
|
||||
* 0 = ConditionEvaluator,
|
||||
* 1 = SwitchEvaluator,
|
||||
@@ -956,7 +956,7 @@ private predicate returnStmt(Function f, Expr value) {
|
||||
}
|
||||
|
||||
/** A helper class for evaluation of conditions. */
|
||||
class ConditionEvaluator extends ExprEvaluator {
|
||||
library class ConditionEvaluator extends ExprEvaluator {
|
||||
ConditionEvaluator() { this = 0 }
|
||||
|
||||
override predicate interesting(Expr e) {
|
||||
@@ -967,7 +967,7 @@ class ConditionEvaluator extends ExprEvaluator {
|
||||
}
|
||||
|
||||
/** A helper class for evaluation of switch expressions. */
|
||||
class SwitchEvaluator extends ExprEvaluator {
|
||||
library class SwitchEvaluator extends ExprEvaluator {
|
||||
SwitchEvaluator() { this = 1 }
|
||||
|
||||
override predicate interesting(Expr e) { e = getASwitchExpr(_, _) }
|
||||
@@ -976,7 +976,7 @@ class SwitchEvaluator extends ExprEvaluator {
|
||||
private int getSwitchValue(Expr e) { exists(SwitchEvaluator x | result = x.getValue(e)) }
|
||||
|
||||
/** A helper class for evaluation of loop entry conditions. */
|
||||
class LoopEntryConditionEvaluator extends ExprEvaluator {
|
||||
library class LoopEntryConditionEvaluator extends ExprEvaluator {
|
||||
LoopEntryConditionEvaluator() { this in [2 .. 3] }
|
||||
|
||||
abstract override predicate interesting(Expr e);
|
||||
@@ -1149,7 +1149,7 @@ class LoopEntryConditionEvaluator extends ExprEvaluator {
|
||||
}
|
||||
|
||||
/** A helper class for evaluation of while-loop entry conditions. */
|
||||
class WhileLoopEntryConditionEvaluator extends LoopEntryConditionEvaluator {
|
||||
library class WhileLoopEntryConditionEvaluator extends LoopEntryConditionEvaluator {
|
||||
WhileLoopEntryConditionEvaluator() { this = 2 }
|
||||
|
||||
override predicate interesting(Expr e) { exists(WhileStmt while | e = while.getCondition()) }
|
||||
@@ -1162,7 +1162,7 @@ class WhileLoopEntryConditionEvaluator extends LoopEntryConditionEvaluator {
|
||||
}
|
||||
|
||||
/** A helper class for evaluation of for-loop entry conditions. */
|
||||
class ForLoopEntryConditionEvaluator extends LoopEntryConditionEvaluator {
|
||||
library class ForLoopEntryConditionEvaluator extends LoopEntryConditionEvaluator {
|
||||
ForLoopEntryConditionEvaluator() { this = 3 }
|
||||
|
||||
override predicate interesting(Expr e) { exists(ForStmt for | e = for.getCondition()) }
|
||||
|
||||
@@ -29,7 +29,7 @@ private import RangeAnalysisUtils
|
||||
* The SSA logic comes in two versions: the standard SSA and range-analysis RangeSSA.
|
||||
* This class provides the range-analysis SSA logic.
|
||||
*/
|
||||
class RangeSsa extends SsaHelper {
|
||||
library class RangeSsa extends SsaHelper {
|
||||
RangeSsa() { this = 1 }
|
||||
|
||||
/**
|
||||
|
||||
@@ -5,12 +5,10 @@
|
||||
* it should be moved before the dereference.
|
||||
* @kind path-problem
|
||||
* @problem.severity error
|
||||
* @security-severity 7.5
|
||||
* @precision high
|
||||
* @id cpp/redundant-null-check-simple
|
||||
* @tags reliability
|
||||
* correctness
|
||||
* security
|
||||
* external/cwe/cwe-476
|
||||
*/
|
||||
|
||||
|
||||
@@ -161,7 +161,7 @@ private predicate annotatesAtPosition(SalPosition pos, DeclarationEntry d, File
|
||||
* A SAL element, that is, a SAL annotation or a declaration entry
|
||||
* that may have SAL annotations.
|
||||
*/
|
||||
class SalElement extends Element {
|
||||
library class SalElement extends Element {
|
||||
SalElement() {
|
||||
containsSalAnnotation(this.(DeclarationEntry).getFile()) or
|
||||
this instanceof SalAnnotation
|
||||
|
||||
@@ -13,13 +13,15 @@
|
||||
|
||||
import cpp
|
||||
import semmle.code.cpp.commons.Environment
|
||||
import semmle.code.cpp.ir.dataflow.TaintTracking
|
||||
import semmle.code.cpp.ir.IR
|
||||
import Flow::PathGraph
|
||||
import semmle.code.cpp.ir.dataflow.internal.DefaultTaintTrackingImpl
|
||||
import TaintedWithPath
|
||||
|
||||
/** A call that prints its arguments to `stdout`. */
|
||||
class PrintStdoutCall extends FunctionCall {
|
||||
PrintStdoutCall() { this.getTarget().hasGlobalOrStdName(["puts", "printf"]) }
|
||||
PrintStdoutCall() {
|
||||
this.getTarget().hasGlobalOrStdName("puts") or
|
||||
this.getTarget().hasGlobalOrStdName("printf")
|
||||
}
|
||||
}
|
||||
|
||||
/** A read of the QUERY_STRING environment variable */
|
||||
@@ -27,25 +29,19 @@ class QueryString extends EnvironmentRead {
|
||||
QueryString() { this.getEnvironmentVariable() = "QUERY_STRING" }
|
||||
}
|
||||
|
||||
module Config implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node node) { node.asIndirectExpr() instanceof QueryString }
|
||||
class Configuration extends TaintTrackingConfiguration {
|
||||
override predicate isSource(Expr source) { source instanceof QueryString }
|
||||
|
||||
predicate isSink(DataFlow::Node node) {
|
||||
exists(PrintStdoutCall call | call.getAnArgument() = [node.asIndirectExpr(), node.asExpr()])
|
||||
override predicate isSink(Element tainted) {
|
||||
exists(PrintStdoutCall call | call.getAnArgument() = tainted)
|
||||
}
|
||||
|
||||
predicate isBarrier(DataFlow::Node node) {
|
||||
isSink(node) and node.asExpr().getUnspecifiedType() instanceof ArithmeticType
|
||||
or
|
||||
node.asInstruction().(StoreInstruction).getResultType() instanceof ArithmeticType
|
||||
override predicate isBarrier(Expr e) {
|
||||
super.isBarrier(e) or e.getUnspecifiedType() instanceof IntegralType
|
||||
}
|
||||
}
|
||||
|
||||
module Flow = TaintTracking::Global<Config>;
|
||||
|
||||
from QueryString query, Flow::PathNode sourceNode, Flow::PathNode sinkNode
|
||||
where
|
||||
Flow::flowPath(sourceNode, sinkNode) and
|
||||
query = sourceNode.getNode().asIndirectExpr()
|
||||
select sinkNode.getNode(), sourceNode, sinkNode, "Cross-site scripting vulnerability due to $@.",
|
||||
query, "this query data"
|
||||
from QueryString query, Element printedArg, PathNode sourceNode, PathNode sinkNode
|
||||
where taintedWithPath(query, printedArg, sourceNode, sinkNode)
|
||||
select printedArg, sourceNode, sinkNode, "Cross-site scripting vulnerability due to $@.", query,
|
||||
"this query data"
|
||||
|
||||
@@ -82,20 +82,36 @@ module ValidState {
|
||||
* library will perform, and visit all the places where the size argument is modified.
|
||||
* 2. Once that dataflow traversal is done, we accumulate the offsets added at each places
|
||||
* where the offset is modified (see `validStateImpl`).
|
||||
*
|
||||
* Because we want to guarantee that each place where we modify the offset has a `PathNode`
|
||||
* we "flip" a boolean flow state in each `isAdditionalFlowStep`. This ensures that the node
|
||||
* has a corresponding `PathNode`.
|
||||
*/
|
||||
private module ValidStateConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) { hasSize(_, source, _) }
|
||||
private module ValidStateConfig implements DataFlow::StateConfigSig {
|
||||
class FlowState = boolean;
|
||||
|
||||
predicate isSink(DataFlow::Node sink) { isSinkPairImpl(_, _, sink, _, _) }
|
||||
predicate isSource(DataFlow::Node source, FlowState state) {
|
||||
hasSize(_, source, _) and
|
||||
state = false
|
||||
}
|
||||
|
||||
predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
|
||||
isAdditionalFlowStep2(node1, node2, _)
|
||||
predicate isSink(DataFlow::Node sink, FlowState state) {
|
||||
isSinkPairImpl(_, _, sink, _, _) and
|
||||
state = [false, true]
|
||||
}
|
||||
|
||||
predicate isAdditionalFlowStep(
|
||||
DataFlow::Node node1, FlowState state1, DataFlow::Node node2, FlowState state2
|
||||
) {
|
||||
isAdditionalFlowStep2(node1, node2, _) and
|
||||
state1 = [false, true] and
|
||||
state2 = state1.booleanNot()
|
||||
}
|
||||
|
||||
predicate includeHiddenNodes() { any() }
|
||||
}
|
||||
|
||||
private import DataFlow::Global<ValidStateConfig>
|
||||
private import DataFlow::GlobalWithState<ValidStateConfig>
|
||||
|
||||
private predicate inLoop(PathNode n) { n.getASuccessor+() = n }
|
||||
|
||||
|
||||
@@ -1,6 +0,0 @@
|
||||
---
|
||||
category: newQuery
|
||||
---
|
||||
* The query `cpp/redundant-null-check-simple` has been promoted to Code Scanning. The query finds cases where a pointer is compared to null after it has already been dereferenced. Such comparisons likely indicate a bug at the place where the pointer is dereferenced, or where the pointer is compared to null.
|
||||
|
||||
Note: This query was incorrectly noted as being promoted to Code Scanning in CodeQL version 2.14.6.
|
||||
@@ -1,26 +1,26 @@
|
||||
edges
|
||||
| search.c:14:24:14:28 | query indirection | search.c:17:8:17:12 | query indirection |
|
||||
| search.c:22:24:22:28 | query indirection | search.c:23:39:23:43 | query indirection |
|
||||
| search.c:55:24:55:28 | query indirection | search.c:62:8:62:17 | query_text indirection |
|
||||
| search.c:67:21:67:26 | call to getenv indirection | search.c:71:17:71:25 | raw_query indirection |
|
||||
| search.c:67:21:67:26 | call to getenv indirection | search.c:73:17:73:25 | raw_query indirection |
|
||||
| search.c:67:21:67:26 | call to getenv indirection | search.c:77:17:77:25 | raw_query indirection |
|
||||
| search.c:71:17:71:25 | raw_query indirection | search.c:14:24:14:28 | query indirection |
|
||||
| search.c:73:17:73:25 | raw_query indirection | search.c:22:24:22:28 | query indirection |
|
||||
| search.c:77:17:77:25 | raw_query indirection | search.c:55:24:55:28 | query indirection |
|
||||
nodes
|
||||
| search.c:14:24:14:28 | query indirection | semmle.label | query indirection |
|
||||
| search.c:17:8:17:12 | query indirection | semmle.label | query indirection |
|
||||
| search.c:22:24:22:28 | query indirection | semmle.label | query indirection |
|
||||
| search.c:23:39:23:43 | query indirection | semmle.label | query indirection |
|
||||
| search.c:55:24:55:28 | query indirection | semmle.label | query indirection |
|
||||
| search.c:62:8:62:17 | query_text indirection | semmle.label | query_text indirection |
|
||||
| search.c:67:21:67:26 | call to getenv indirection | semmle.label | call to getenv indirection |
|
||||
| search.c:71:17:71:25 | raw_query indirection | semmle.label | raw_query indirection |
|
||||
| search.c:73:17:73:25 | raw_query indirection | semmle.label | raw_query indirection |
|
||||
| search.c:77:17:77:25 | raw_query indirection | semmle.label | raw_query indirection |
|
||||
| search.c:14:24:14:28 | query | search.c:17:8:17:12 | query |
|
||||
| search.c:14:24:14:28 | query | search.c:17:8:17:12 | query |
|
||||
| search.c:22:24:22:28 | query | search.c:23:39:23:43 | query |
|
||||
| search.c:22:24:22:28 | query | search.c:23:39:23:43 | query |
|
||||
| search.c:51:21:51:26 | call to getenv | search.c:55:17:55:25 | raw_query |
|
||||
| search.c:51:21:51:26 | call to getenv | search.c:55:17:55:25 | raw_query |
|
||||
| search.c:51:21:51:26 | call to getenv | search.c:57:17:57:25 | raw_query |
|
||||
| search.c:51:21:51:26 | call to getenv | search.c:57:17:57:25 | raw_query |
|
||||
| search.c:55:17:55:25 | raw_query | search.c:14:24:14:28 | query |
|
||||
| search.c:57:17:57:25 | raw_query | search.c:22:24:22:28 | query |
|
||||
subpaths
|
||||
nodes
|
||||
| search.c:14:24:14:28 | query | semmle.label | query |
|
||||
| search.c:17:8:17:12 | query | semmle.label | query |
|
||||
| search.c:17:8:17:12 | query | semmle.label | query |
|
||||
| search.c:22:24:22:28 | query | semmle.label | query |
|
||||
| search.c:23:39:23:43 | query | semmle.label | query |
|
||||
| search.c:23:39:23:43 | query | semmle.label | query |
|
||||
| search.c:51:21:51:26 | call to getenv | semmle.label | call to getenv |
|
||||
| search.c:51:21:51:26 | call to getenv | semmle.label | call to getenv |
|
||||
| search.c:55:17:55:25 | raw_query | semmle.label | raw_query |
|
||||
| search.c:57:17:57:25 | raw_query | semmle.label | raw_query |
|
||||
#select
|
||||
| search.c:17:8:17:12 | query indirection | search.c:67:21:67:26 | call to getenv indirection | search.c:17:8:17:12 | query indirection | Cross-site scripting vulnerability due to $@. | search.c:67:21:67:26 | call to getenv | this query data |
|
||||
| search.c:23:39:23:43 | query indirection | search.c:67:21:67:26 | call to getenv indirection | search.c:23:39:23:43 | query indirection | Cross-site scripting vulnerability due to $@. | search.c:67:21:67:26 | call to getenv | this query data |
|
||||
| search.c:62:8:62:17 | query_text indirection | search.c:67:21:67:26 | call to getenv indirection | search.c:62:8:62:17 | query_text indirection | Cross-site scripting vulnerability due to $@. | search.c:67:21:67:26 | call to getenv | this query data |
|
||||
| search.c:17:8:17:12 | query | search.c:51:21:51:26 | call to getenv | search.c:17:8:17:12 | query | Cross-site scripting vulnerability due to $@. | search.c:51:21:51:26 | call to getenv | this query data |
|
||||
| search.c:23:39:23:43 | query | search.c:51:21:51:26 | call to getenv | search.c:23:39:23:43 | query | Cross-site scripting vulnerability due to $@. | search.c:51:21:51:26 | call to getenv | this query data |
|
||||
|
||||
@@ -47,22 +47,6 @@ void good_server2(char* query) {
|
||||
printf("\n<p>%i</p>\n", i);
|
||||
}
|
||||
|
||||
typedef unsigned long size_t;
|
||||
size_t strlen(const char *s);
|
||||
char *strcpy(char *dst, const char *src);
|
||||
char *strcat(char *s1, const char *s2);
|
||||
|
||||
void bad_server3(char* query) {
|
||||
char query_text[strlen(query) + 8];
|
||||
strcpy(query_text, "query: ");
|
||||
strcat(query_text, query);
|
||||
|
||||
puts("<p>Query results for ");
|
||||
// BAD: Printing out an HTTP parameter with no escaping
|
||||
puts(query_text);
|
||||
puts("\n<p>\n");
|
||||
}
|
||||
|
||||
int main(int argc, char** argv) {
|
||||
char* raw_query = getenv("QUERY_STRING");
|
||||
if (strcmp("good1", argv[0]) == 0) {
|
||||
@@ -73,7 +57,5 @@ int main(int argc, char** argv) {
|
||||
bad_server2(raw_query);
|
||||
} else if (strcmp("good2", argv[0]) == 0) {
|
||||
good_server2(raw_query);
|
||||
} else if (strcmp("bad3", argv[0]) == 0) {
|
||||
bad_server3(raw_query);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -32,7 +32,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
|
||||
|
||||
/// <summary>
|
||||
/// The version number of the .NET Core framework that this assembly targets.
|
||||
///
|
||||
///
|
||||
/// This is extracted from the `TargetFrameworkAttribute` of the assembly, e.g.
|
||||
/// ```
|
||||
/// [assembly:TargetFramework(".NETCoreApp,Version=v7.0")]
|
||||
@@ -160,22 +160,11 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
|
||||
* loading the same assembly from different locations.
|
||||
*/
|
||||
using var pereader = new System.Reflection.PortableExecutable.PEReader(new FileStream(filename, FileMode.Open, FileAccess.Read, FileShare.Read));
|
||||
if (!pereader.HasMetadata)
|
||||
{
|
||||
throw new AssemblyLoadException();
|
||||
}
|
||||
|
||||
using var sha1 = SHA1.Create();
|
||||
var metadata = pereader.GetMetadata();
|
||||
|
||||
unsafe
|
||||
{
|
||||
var reader = new MetadataReader(metadata.Pointer, metadata.Length);
|
||||
if (!reader.IsAssembly)
|
||||
{
|
||||
throw new AssemblyLoadException();
|
||||
}
|
||||
|
||||
var def = reader.GetAssemblyDefinition();
|
||||
|
||||
// This is how you compute the public key token from the full public key.
|
||||
|
||||
@@ -47,12 +47,9 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
|
||||
this.progressMonitor = new ProgressMonitor(logger);
|
||||
this.sourceDir = new DirectoryInfo(srcDir);
|
||||
|
||||
packageDirectory = new TemporaryDirectory(ComputeTempDirectory(sourceDir.FullName));
|
||||
tempWorkingDirectory = new TemporaryDirectory(FileUtils.GetTemporaryWorkingDirectory(out cleanupTempWorkingDirectory));
|
||||
|
||||
try
|
||||
{
|
||||
this.dotnet = DotNet.Make(options, progressMonitor, tempWorkingDirectory);
|
||||
this.dotnet = DotNet.Make(options, progressMonitor);
|
||||
}
|
||||
catch
|
||||
{
|
||||
@@ -62,6 +59,8 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
|
||||
|
||||
this.progressMonitor.FindingFiles(srcDir);
|
||||
|
||||
packageDirectory = new TemporaryDirectory(ComputeTempDirectory(sourceDir.FullName));
|
||||
tempWorkingDirectory = new TemporaryDirectory(FileUtils.GetTemporaryWorkingDirectory(out cleanupTempWorkingDirectory));
|
||||
|
||||
var allFiles = GetAllFiles();
|
||||
var binaryFileExtensions = new HashSet<string>(new[] { ".dll", ".exe" }); // TODO: add more binary file extensions.
|
||||
@@ -78,6 +77,21 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
|
||||
? allFiles.SelectFileNamesByExtension(".dll").ToList()
|
||||
: options.DllDirs.Select(Path.GetFullPath).ToList();
|
||||
|
||||
// Find DLLs in the .Net / Asp.Net Framework
|
||||
if (options.ScanNetFrameworkDlls)
|
||||
{
|
||||
var runtime = new Runtime(dotnet);
|
||||
var runtimeLocation = runtime.GetRuntime(options.UseSelfContainedDotnet);
|
||||
progressMonitor.LogInfo($".NET runtime location selected: {runtimeLocation}");
|
||||
dllDirNames.Add(runtimeLocation);
|
||||
|
||||
if (fileContent.UseAspNetDlls && runtime.GetAspRuntime() is string aspRuntime)
|
||||
{
|
||||
progressMonitor.LogInfo($"ASP.NET runtime location selected: {aspRuntime}");
|
||||
dllDirNames.Add(aspRuntime);
|
||||
}
|
||||
}
|
||||
|
||||
if (options.UseNuGet)
|
||||
{
|
||||
dllDirNames.Add(packageDirectory.DirInfo.FullName);
|
||||
@@ -97,26 +111,6 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
|
||||
DownloadMissingPackages(allNonBinaryFiles);
|
||||
}
|
||||
|
||||
var existsNetCoreRefNugetPackage = false;
|
||||
var existsNetFrameworkRefNugetPackage = false;
|
||||
|
||||
// Find DLLs in the .Net / Asp.Net Framework
|
||||
// This block needs to come after the nuget restore, because the nuget restore might fetch the .NET Core/Framework reference assemblies.
|
||||
if (options.ScanNetFrameworkDlls)
|
||||
{
|
||||
existsNetCoreRefNugetPackage = IsNugetPackageAvailable("microsoft.netcore.app.ref");
|
||||
existsNetFrameworkRefNugetPackage = IsNugetPackageAvailable("microsoft.netframework.referenceassemblies");
|
||||
|
||||
if (existsNetCoreRefNugetPackage || existsNetFrameworkRefNugetPackage)
|
||||
{
|
||||
progressMonitor.LogInfo("Found .NET Core/Framework DLLs in NuGet packages. Not adding installation directory.");
|
||||
}
|
||||
else
|
||||
{
|
||||
AddNetFrameworkDlls(dllDirNames);
|
||||
}
|
||||
}
|
||||
|
||||
assemblyCache = new AssemblyCache(dllDirNames, progressMonitor);
|
||||
AnalyseSolutions(solutions);
|
||||
|
||||
@@ -125,7 +119,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
|
||||
UseReference(filename);
|
||||
}
|
||||
|
||||
RemoveUnnecessaryNugetPackages(existsNetCoreRefNugetPackage, existsNetFrameworkRefNugetPackage);
|
||||
RemoveRuntimeNugetPackageReferences();
|
||||
ResolveConflicts();
|
||||
|
||||
// Output the findings
|
||||
@@ -160,120 +154,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
|
||||
DateTime.Now - startTime);
|
||||
}
|
||||
|
||||
private void RemoveUnnecessaryNugetPackages(bool existsNetCoreRefNugetPackage, bool existsNetFrameworkRefNugetPackage)
|
||||
{
|
||||
RemoveNugetAnalyzerReferences();
|
||||
RemoveRuntimeNugetPackageReferences();
|
||||
|
||||
if (fileContent.IsNewProjectStructureUsed
|
||||
&& !fileContent.UseAspNetCoreDlls)
|
||||
{
|
||||
// This might have been restored by the CLI even though the project isn't an asp.net core one.
|
||||
RemoveNugetPackageReference("microsoft.aspnetcore.app.ref");
|
||||
}
|
||||
|
||||
if (existsNetCoreRefNugetPackage && existsNetFrameworkRefNugetPackage)
|
||||
{
|
||||
// Multiple packages are available, we keep only one:
|
||||
RemoveNugetPackageReference("microsoft.netframework.referenceassemblies.");
|
||||
}
|
||||
|
||||
// TODO: There could be multiple `microsoft.netframework.referenceassemblies` packages,
|
||||
// we could keep the newest one, but this is covered by the conflict resolution logic
|
||||
// (if the file names match)
|
||||
}
|
||||
|
||||
private void RemoveNugetAnalyzerReferences()
|
||||
{
|
||||
if (!options.UseNuGet)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
var packageFolder = packageDirectory.DirInfo.FullName.ToLowerInvariant();
|
||||
if (packageFolder == null)
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
foreach (var filename in usedReferences.Keys)
|
||||
{
|
||||
var lowerFilename = filename.ToLowerInvariant();
|
||||
|
||||
if (lowerFilename.StartsWith(packageFolder))
|
||||
{
|
||||
var firstDirectorySeparatorCharIndex = lowerFilename.IndexOf(Path.DirectorySeparatorChar, packageFolder.Length + 1);
|
||||
if (firstDirectorySeparatorCharIndex == -1)
|
||||
{
|
||||
continue;
|
||||
}
|
||||
var secondDirectorySeparatorCharIndex = lowerFilename.IndexOf(Path.DirectorySeparatorChar, firstDirectorySeparatorCharIndex + 1);
|
||||
if (secondDirectorySeparatorCharIndex == -1)
|
||||
{
|
||||
continue;
|
||||
}
|
||||
var subFolderIndex = secondDirectorySeparatorCharIndex + 1;
|
||||
var isInAnalyzersFolder = lowerFilename.IndexOf("analyzers", subFolderIndex) == subFolderIndex;
|
||||
if (isInAnalyzersFolder)
|
||||
{
|
||||
usedReferences.Remove(filename);
|
||||
progressMonitor.RemovedReference(filename);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
private void AddNetFrameworkDlls(List<string> dllDirNames)
|
||||
{
|
||||
var runtime = new Runtime(dotnet);
|
||||
string? runtimeLocation = null;
|
||||
|
||||
if (options.UseSelfContainedDotnet)
|
||||
{
|
||||
runtimeLocation = runtime.ExecutingRuntime;
|
||||
}
|
||||
else if (fileContent.IsNewProjectStructureUsed)
|
||||
{
|
||||
runtimeLocation = runtime.NetCoreRuntime;
|
||||
}
|
||||
else if (fileContent.IsLegacyProjectStructureUsed)
|
||||
{
|
||||
runtimeLocation = runtime.DesktopRuntime;
|
||||
}
|
||||
|
||||
runtimeLocation ??= runtime.ExecutingRuntime;
|
||||
|
||||
progressMonitor.LogInfo($".NET runtime location selected: {runtimeLocation}");
|
||||
dllDirNames.Add(runtimeLocation);
|
||||
|
||||
if (fileContent.IsNewProjectStructureUsed
|
||||
&& fileContent.UseAspNetCoreDlls
|
||||
&& runtime.AspNetCoreRuntime is string aspRuntime)
|
||||
{
|
||||
progressMonitor.LogInfo($"ASP.NET runtime location selected: {aspRuntime}");
|
||||
dllDirNames.Add(aspRuntime);
|
||||
}
|
||||
}
|
||||
|
||||
private void RemoveRuntimeNugetPackageReferences()
|
||||
{
|
||||
var runtimePackagePrefixes = new[]
|
||||
{
|
||||
"microsoft.netcore.app.runtime",
|
||||
"microsoft.aspnetcore.app.runtime",
|
||||
"microsoft.windowsdesktop.app.runtime",
|
||||
|
||||
// legacy runtime packages:
|
||||
"runtime.linux-x64.microsoft.netcore.app",
|
||||
"runtime.osx-x64.microsoft.netcore.app",
|
||||
"runtime.win-x64.microsoft.netcore.app",
|
||||
|
||||
// Internal implementation packages not meant for direct consumption:
|
||||
"runtime."
|
||||
};
|
||||
RemoveNugetPackageReference(runtimePackagePrefixes);
|
||||
}
|
||||
|
||||
private void RemoveNugetPackageReference(params string[] packagePrefixes)
|
||||
{
|
||||
if (!options.UseNuGet)
|
||||
{
|
||||
@@ -281,18 +162,23 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
|
||||
}
|
||||
|
||||
var packageFolder = packageDirectory.DirInfo.FullName.ToLowerInvariant();
|
||||
if (packageFolder == null)
|
||||
var runtimePackageNamePrefixes = new[]
|
||||
{
|
||||
return;
|
||||
}
|
||||
Path.Combine(packageFolder, "microsoft.netcore.app.runtime"),
|
||||
Path.Combine(packageFolder, "microsoft.aspnetcore.app.runtime"),
|
||||
Path.Combine(packageFolder, "microsoft.windowsdesktop.app.runtime"),
|
||||
|
||||
var packagePathPrefixes = packagePrefixes.Select(p => Path.Combine(packageFolder, p.ToLowerInvariant()));
|
||||
// legacy runtime packages:
|
||||
Path.Combine(packageFolder, "runtime.linux-x64.microsoft.netcore.app"),
|
||||
Path.Combine(packageFolder, "runtime.osx-x64.microsoft.netcore.app"),
|
||||
Path.Combine(packageFolder, "runtime.win-x64.microsoft.netcore.app"),
|
||||
};
|
||||
|
||||
foreach (var filename in usedReferences.Keys)
|
||||
{
|
||||
var lowerFilename = filename.ToLowerInvariant();
|
||||
|
||||
if (packagePathPrefixes.Any(prefix => lowerFilename.StartsWith(prefix)))
|
||||
if (runtimePackageNamePrefixes.Any(prefix => lowerFilename.StartsWith(prefix)))
|
||||
{
|
||||
usedReferences.Remove(filename);
|
||||
progressMonitor.RemovedReference(filename);
|
||||
@@ -300,18 +186,6 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
|
||||
}
|
||||
}
|
||||
|
||||
private bool IsNugetPackageAvailable(string packagePrefix)
|
||||
{
|
||||
if (!options.UseNuGet)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
return new DirectoryInfo(packageDirectory.DirInfo.FullName)
|
||||
.EnumerateDirectories(packagePrefix + "*", new EnumerationOptions { MatchCasing = MatchCasing.CaseInsensitive, RecurseSubdirectories = false })
|
||||
.Any();
|
||||
}
|
||||
|
||||
private void GenerateSourceFileFromImplicitUsings()
|
||||
{
|
||||
var usings = new HashSet<string>();
|
||||
@@ -324,7 +198,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
|
||||
usings.UnionWith(new[] { "System", "System.Collections.Generic", "System.IO", "System.Linq", "System.Net.Http", "System.Threading",
|
||||
"System.Threading.Tasks" });
|
||||
|
||||
if (fileContent.UseAspNetCoreDlls)
|
||||
if (fileContent.UseAspNetDlls)
|
||||
{
|
||||
usings.UnionWith(new[] { "System.Net.Http.Json", "Microsoft.AspNetCore.Builder", "Microsoft.AspNetCore.Hosting",
|
||||
"Microsoft.AspNetCore.Http", "Microsoft.AspNetCore.Routing", "Microsoft.Extensions.Configuration",
|
||||
@@ -587,11 +461,11 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
|
||||
|
||||
}
|
||||
|
||||
private bool RestoreProject(string project, bool forceDotnetRefAssemblyFetching, string? pathToNugetConfig = null) =>
|
||||
dotnet.RestoreProjectToDirectory(project, packageDirectory.DirInfo.FullName, forceDotnetRefAssemblyFetching, pathToNugetConfig);
|
||||
private bool RestoreProject(string project, string? pathToNugetConfig = null) =>
|
||||
dotnet.RestoreProjectToDirectory(project, packageDirectory.DirInfo.FullName, pathToNugetConfig);
|
||||
|
||||
private bool RestoreSolution(string solution, out IEnumerable<string> projects) =>
|
||||
dotnet.RestoreSolutionToDirectory(solution, packageDirectory.DirInfo.FullName, forceDotnetRefAssemblyFetching: true, out projects);
|
||||
dotnet.RestoreSolutionToDirectory(solution, packageDirectory.DirInfo.FullName, out projects);
|
||||
|
||||
/// <summary>
|
||||
/// Executes `dotnet restore` on all solution files in solutions.
|
||||
@@ -617,7 +491,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
|
||||
{
|
||||
Parallel.ForEach(projects, new ParallelOptions { MaxDegreeOfParallelism = options.Threads }, project =>
|
||||
{
|
||||
RestoreProject(project, forceDotnetRefAssemblyFetching: true);
|
||||
RestoreProject(project);
|
||||
});
|
||||
}
|
||||
|
||||
@@ -662,7 +536,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
|
||||
return;
|
||||
}
|
||||
|
||||
success = RestoreProject(tempDir.DirInfo.FullName, forceDotnetRefAssemblyFetching: false, pathToNugetConfig: nugetConfig);
|
||||
success = RestoreProject(tempDir.DirInfo.FullName, nugetConfig);
|
||||
// TODO: the restore might fail, we could retry with a prerelease (*-* instead of *) version of the package.
|
||||
if (!success)
|
||||
{
|
||||
@@ -690,25 +564,9 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
|
||||
|
||||
public void Dispose()
|
||||
{
|
||||
try
|
||||
{
|
||||
packageDirectory?.Dispose();
|
||||
}
|
||||
catch (Exception exc)
|
||||
{
|
||||
progressMonitor.LogInfo("Couldn't delete package directory: " + exc.Message);
|
||||
}
|
||||
packageDirectory?.Dispose();
|
||||
if (cleanupTempWorkingDirectory)
|
||||
{
|
||||
try
|
||||
{
|
||||
tempWorkingDirectory?.Dispose();
|
||||
}
|
||||
catch (Exception exc)
|
||||
{
|
||||
progressMonitor.LogInfo("Couldn't delete temporary working directory: " + exc.Message);
|
||||
}
|
||||
}
|
||||
tempWorkingDirectory?.Dispose();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -3,7 +3,6 @@ using System.Collections.Generic;
|
||||
using System.IO;
|
||||
using System.Linq;
|
||||
using System.Text.RegularExpressions;
|
||||
using Semmle.Util;
|
||||
|
||||
namespace Semmle.Extraction.CSharp.DependencyFetching
|
||||
{
|
||||
@@ -14,21 +13,19 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
|
||||
{
|
||||
private readonly IDotNetCliInvoker dotnetCliInvoker;
|
||||
private readonly ProgressMonitor progressMonitor;
|
||||
private readonly TemporaryDirectory? tempWorkingDirectory;
|
||||
|
||||
private DotNet(IDotNetCliInvoker dotnetCliInvoker, ProgressMonitor progressMonitor, TemporaryDirectory? tempWorkingDirectory = null)
|
||||
private DotNet(IDotNetCliInvoker dotnetCliInvoker, ProgressMonitor progressMonitor)
|
||||
{
|
||||
this.progressMonitor = progressMonitor;
|
||||
this.tempWorkingDirectory = tempWorkingDirectory;
|
||||
this.dotnetCliInvoker = dotnetCliInvoker;
|
||||
Info();
|
||||
}
|
||||
|
||||
private DotNet(IDependencyOptions options, ProgressMonitor progressMonitor, TemporaryDirectory tempWorkingDirectory) : this(new DotNetCliInvoker(progressMonitor, Path.Combine(options.DotNetPath ?? string.Empty, "dotnet")), progressMonitor, tempWorkingDirectory) { }
|
||||
private DotNet(IDependencyOptions options, ProgressMonitor progressMonitor) : this(new DotNetCliInvoker(progressMonitor, Path.Combine(options.DotNetPath ?? string.Empty, "dotnet")), progressMonitor) { }
|
||||
|
||||
internal static IDotNet Make(IDotNetCliInvoker dotnetCliInvoker, ProgressMonitor progressMonitor) => new DotNet(dotnetCliInvoker, progressMonitor);
|
||||
|
||||
public static IDotNet Make(IDependencyOptions options, ProgressMonitor progressMonitor, TemporaryDirectory tempWorkingDirectory) => new DotNet(options, progressMonitor, tempWorkingDirectory);
|
||||
public static IDotNet Make(IDependencyOptions options, ProgressMonitor progressMonitor) => new DotNet(options, progressMonitor);
|
||||
|
||||
private void Info()
|
||||
{
|
||||
@@ -40,29 +37,12 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
|
||||
}
|
||||
}
|
||||
|
||||
private string GetRestoreArgs(string projectOrSolutionFile, string packageDirectory, bool forceDotnetRefAssemblyFetching)
|
||||
private static string GetRestoreArgs(string projectOrSolutionFile, string packageDirectory) =>
|
||||
$"restore --no-dependencies \"{projectOrSolutionFile}\" --packages \"{packageDirectory}\" /p:DisableImplicitNuGetFallbackFolder=true";
|
||||
|
||||
public bool RestoreProjectToDirectory(string projectFile, string packageDirectory, string? pathToNugetConfig = null)
|
||||
{
|
||||
var args = $"restore --no-dependencies \"{projectOrSolutionFile}\" --packages \"{packageDirectory}\" /p:DisableImplicitNuGetFallbackFolder=true";
|
||||
|
||||
if (forceDotnetRefAssemblyFetching)
|
||||
{
|
||||
// Ugly hack: we set the TargetFrameworkRootPath and NetCoreTargetingPackRoot properties to an empty folder:
|
||||
var path = ".empty";
|
||||
if (tempWorkingDirectory != null)
|
||||
{
|
||||
path = Path.Combine(tempWorkingDirectory.ToString(), "emptyFakeDotnetRoot");
|
||||
Directory.CreateDirectory(path);
|
||||
}
|
||||
|
||||
args += $" /p:TargetFrameworkRootPath=\"{path}\" /p:NetCoreTargetingPackRoot=\"{path}\"";
|
||||
}
|
||||
|
||||
return args;
|
||||
}
|
||||
|
||||
public bool RestoreProjectToDirectory(string projectFile, string packageDirectory, bool forceDotnetRefAssemblyFetching, string? pathToNugetConfig = null)
|
||||
{
|
||||
var args = GetRestoreArgs(projectFile, packageDirectory, forceDotnetRefAssemblyFetching);
|
||||
var args = GetRestoreArgs(projectFile, packageDirectory);
|
||||
if (pathToNugetConfig != null)
|
||||
{
|
||||
args += $" --configfile \"{pathToNugetConfig}\"";
|
||||
@@ -71,9 +51,9 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
|
||||
return dotnetCliInvoker.RunCommand(args);
|
||||
}
|
||||
|
||||
public bool RestoreSolutionToDirectory(string solutionFile, string packageDirectory, bool forceDotnetRefAssemblyFetching, out IEnumerable<string> projects)
|
||||
public bool RestoreSolutionToDirectory(string solutionFile, string packageDirectory, out IEnumerable<string> projects)
|
||||
{
|
||||
var args = GetRestoreArgs(solutionFile, packageDirectory, forceDotnetRefAssemblyFetching);
|
||||
var args = GetRestoreArgs(solutionFile, packageDirectory);
|
||||
args += " --verbosity normal";
|
||||
if (dotnetCliInvoker.RunCommand(args, out var output))
|
||||
{
|
||||
|
||||
@@ -31,21 +31,21 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
|
||||
}
|
||||
}
|
||||
|
||||
private bool useAspNetCoreDlls = false;
|
||||
private bool useAspNetDlls = false;
|
||||
|
||||
/// <summary>
|
||||
/// True if any file in the source directory indicates that ASP.NET Core is used.
|
||||
/// The following heuristic is used to decide, if ASP.NET Core is used:
|
||||
/// True if any file in the source directory indicates that ASP.NET is used.
|
||||
/// The following heuristic is used to decide, if ASP.NET is used:
|
||||
/// If any file in the source directory contains something like (this will most like be a .csproj file)
|
||||
/// <Project Sdk="Microsoft.NET.Sdk.Web">
|
||||
/// <FrameworkReference Include="Microsoft.AspNetCore.App"/>
|
||||
/// </summary>
|
||||
public bool UseAspNetCoreDlls
|
||||
public bool UseAspNetDlls
|
||||
{
|
||||
get
|
||||
{
|
||||
initialize.Run();
|
||||
return useAspNetCoreDlls;
|
||||
return useAspNetDlls;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -60,27 +60,6 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
|
||||
}
|
||||
}
|
||||
|
||||
private bool isLegacyProjectStructureUsed = false;
|
||||
|
||||
public bool IsLegacyProjectStructureUsed
|
||||
{
|
||||
get
|
||||
{
|
||||
initialize.Run();
|
||||
return isLegacyProjectStructureUsed;
|
||||
}
|
||||
}
|
||||
|
||||
private bool isNewProjectStructureUsed = false;
|
||||
public bool IsNewProjectStructureUsed
|
||||
{
|
||||
get
|
||||
{
|
||||
initialize.Run();
|
||||
return isNewProjectStructureUsed;
|
||||
}
|
||||
}
|
||||
|
||||
public HashSet<string> CustomImplicitUsings
|
||||
{
|
||||
get
|
||||
@@ -162,15 +141,19 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
|
||||
}
|
||||
|
||||
// Determine if ASP.NET is used.
|
||||
useAspNetCoreDlls = useAspNetCoreDlls
|
||||
|| IsGroupMatch(line, ProjectSdk(), "Sdk", "Microsoft.NET.Sdk.Web")
|
||||
|| IsGroupMatch(line, FrameworkReference(), "Include", "Microsoft.AspNetCore.App");
|
||||
|
||||
if (!useAspNetDlls)
|
||||
{
|
||||
useAspNetDlls =
|
||||
IsGroupMatch(line, ProjectSdk(), "Sdk", "Microsoft.NET.Sdk.Web") ||
|
||||
IsGroupMatch(line, FrameworkReference(), "Include", "Microsoft.AspNetCore.App");
|
||||
}
|
||||
|
||||
// Determine if implicit usings are used.
|
||||
useImplicitUsings = useImplicitUsings
|
||||
|| line.Contains("<ImplicitUsings>enable</ImplicitUsings>".AsSpan(), StringComparison.Ordinal)
|
||||
|| line.Contains("<ImplicitUsings>true</ImplicitUsings>".AsSpan(), StringComparison.Ordinal);
|
||||
if (!useImplicitUsings)
|
||||
{
|
||||
useImplicitUsings = line.Contains("<ImplicitUsings>enable</ImplicitUsings>".AsSpan(), StringComparison.Ordinal) ||
|
||||
line.Contains("<ImplicitUsings>true</ImplicitUsings>".AsSpan(), StringComparison.Ordinal);
|
||||
}
|
||||
|
||||
// Find all custom implicit usings.
|
||||
foreach (var valueMatch in CustomImplicitUsingDeclarations().EnumerateMatches(line))
|
||||
@@ -181,13 +164,6 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
|
||||
implicitUsingNamespaces.Add(ns);
|
||||
}
|
||||
}
|
||||
|
||||
// Determine project structure:
|
||||
isLegacyProjectStructureUsed = isLegacyProjectStructureUsed || MicrosoftCSharpTargets().IsMatch(line);
|
||||
isNewProjectStructureUsed = isNewProjectStructureUsed
|
||||
|| ProjectSdk().IsMatch(line)
|
||||
|| FrameworkReference().IsMatch(line);
|
||||
// TODO: we could also check `<Sdk Name="Microsoft.NET.Sdk" />`
|
||||
}
|
||||
}
|
||||
catch (Exception ex)
|
||||
@@ -208,9 +184,6 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
|
||||
|
||||
[GeneratedRegex("<Using.*\\sInclude=\"(.*?)\".*/?>", RegexOptions.IgnoreCase | RegexOptions.Compiled | RegexOptions.Singleline)]
|
||||
private static partial Regex CustomImplicitUsingDeclarations();
|
||||
|
||||
[GeneratedRegex("<Import.*\\sProject=\".*Microsoft\\.CSharp\\.targets\".*/?>", RegexOptions.IgnoreCase | RegexOptions.Compiled | RegexOptions.Singleline)]
|
||||
private static partial Regex MicrosoftCSharpTargets();
|
||||
}
|
||||
|
||||
internal interface IUnsafeFileReader
|
||||
|
||||
@@ -4,8 +4,8 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
|
||||
{
|
||||
internal interface IDotNet
|
||||
{
|
||||
bool RestoreProjectToDirectory(string project, string directory, bool forceDotnetRefAssemblyFetching, string? pathToNugetConfig = null);
|
||||
bool RestoreSolutionToDirectory(string solutionFile, string packageDirectory, bool forceDotnetRefAssemblyFetching, out IEnumerable<string> projects);
|
||||
bool RestoreProjectToDirectory(string project, string directory, string? pathToNugetConfig = null);
|
||||
bool RestoreSolutionToDirectory(string solutionFile, string packageDirectory, out IEnumerable<string> projects);
|
||||
bool New(string folder);
|
||||
bool AddPackage(string folder, string package);
|
||||
IList<string> GetListedRuntimes();
|
||||
|
||||
@@ -55,10 +55,10 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
|
||||
LogInfo($"Restoring {package}...");
|
||||
|
||||
public void ResolvedReference(string filename) =>
|
||||
LogInfo($"Resolved reference {filename}");
|
||||
LogInfo($"Resolved {filename}");
|
||||
|
||||
public void RemovedReference(string filename) =>
|
||||
LogInfo($"Removed reference {filename}");
|
||||
LogInfo($"Reference {filename} has been removed");
|
||||
|
||||
public void Summary(int existingSources, int usedSources, int missingSources,
|
||||
int references, int unresolvedReferences,
|
||||
|
||||
@@ -19,6 +19,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
|
||||
private readonly IDotNet dotNet;
|
||||
private readonly Lazy<Dictionary<string, DotNetVersion>> newestRuntimes;
|
||||
private Dictionary<string, DotNetVersion> NewestRuntimes => newestRuntimes.Value;
|
||||
private static string ExecutingRuntime => RuntimeEnvironment.GetRuntimeDirectory();
|
||||
|
||||
public Runtime(IDotNet dotNet)
|
||||
{
|
||||
@@ -69,17 +70,17 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
|
||||
{
|
||||
get
|
||||
{
|
||||
var monoPath = FileUtils.FindProgramOnPath(Win32.IsWindows() ? "mono.exe" : "mono");
|
||||
var monoDirs = monoPath is not null
|
||||
? new[] { monoPath }
|
||||
: new[] { "/usr/lib/mono", @"C:\Program Files\Mono\lib\mono" };
|
||||
|
||||
if (Directory.Exists(@"C:\Windows\Microsoft.NET\Framework64"))
|
||||
{
|
||||
return Directory.EnumerateDirectories(@"C:\Windows\Microsoft.NET\Framework64", "v*")
|
||||
.OrderByDescending(Path.GetFileName);
|
||||
}
|
||||
|
||||
var monoPath = FileUtils.FindProgramOnPath(Win32.IsWindows() ? "mono.exe" : "mono");
|
||||
var monoDirs = monoPath is not null
|
||||
? new[] { Path.GetFullPath(Path.Combine(monoPath, "..", "lib", "mono")), monoPath }
|
||||
: new[] { "/usr/lib/mono", "/usr/local/mono", "/usr/local/bin/mono", @"C:\Program Files\Mono\lib\mono" };
|
||||
|
||||
var dir = monoDirs.FirstOrDefault(Directory.Exists);
|
||||
|
||||
if (dir is not null)
|
||||
@@ -106,23 +107,33 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Gets the Dotnet Core location.
|
||||
/// Gets the .NET runtime location to use for extraction.
|
||||
/// </summary>
|
||||
public string? NetCoreRuntime => GetVersion(netCoreApp);
|
||||
public string GetRuntime(bool useSelfContained)
|
||||
{
|
||||
if (useSelfContained)
|
||||
{
|
||||
return ExecutingRuntime;
|
||||
}
|
||||
|
||||
// Location of the newest .NET Core Runtime.
|
||||
if (GetVersion(netCoreApp) is string path)
|
||||
{
|
||||
return path;
|
||||
}
|
||||
|
||||
if (DesktopRuntimes.Any())
|
||||
{
|
||||
return DesktopRuntimes.First();
|
||||
}
|
||||
|
||||
// A bad choice if it's the self-contained runtime distributed in codeql dist.
|
||||
return ExecutingRuntime;
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Gets the .NET Framework location. Either the installation folder on Windows or Mono
|
||||
/// Gets the ASP.NET runtime location to use for extraction, if one exists.
|
||||
/// </summary>
|
||||
public string? DesktopRuntime => DesktopRuntimes?.FirstOrDefault();
|
||||
|
||||
/// <summary>
|
||||
/// Gets the executing runtime location, this is the self contained runtime shipped in the CodeQL CLI bundle.
|
||||
/// </summary>
|
||||
public string ExecutingRuntime => RuntimeEnvironment.GetRuntimeDirectory();
|
||||
|
||||
/// <summary>
|
||||
/// Gets the ASP.NET Core location.
|
||||
/// </summary>
|
||||
public string? AspNetCoreRuntime => GetVersion(aspNetCoreApp);
|
||||
public string? GetAspRuntime() => GetVersion(aspNetCoreApp);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -8,7 +8,6 @@
|
||||
<AllowUnsafeBlocks>true</AllowUnsafeBlocks>
|
||||
<RuntimeIdentifiers>win-x64;linux-x64;osx-x64</RuntimeIdentifiers>
|
||||
<Nullable>enable</Nullable>
|
||||
<NoWarn>$(NoWarn);CA1822</NoWarn>
|
||||
</PropertyGroup>
|
||||
|
||||
<ItemGroup>
|
||||
|
||||
@@ -99,7 +99,7 @@ namespace Semmle.Extraction.Tests
|
||||
var dotnet = MakeDotnet(dotnetCliInvoker);
|
||||
|
||||
// Execute
|
||||
dotnet.RestoreProjectToDirectory("myproject.csproj", "mypackages", false);
|
||||
dotnet.RestoreProjectToDirectory("myproject.csproj", "mypackages");
|
||||
|
||||
// Verify
|
||||
var lastArgs = dotnetCliInvoker.GetLastArgs();
|
||||
@@ -114,7 +114,7 @@ namespace Semmle.Extraction.Tests
|
||||
var dotnet = MakeDotnet(dotnetCliInvoker);
|
||||
|
||||
// Execute
|
||||
dotnet.RestoreProjectToDirectory("myproject.csproj", "mypackages", false, "myconfig.config");
|
||||
dotnet.RestoreProjectToDirectory("myproject.csproj", "mypackages", "myconfig.config");
|
||||
|
||||
// Verify
|
||||
var lastArgs = dotnetCliInvoker.GetLastArgs();
|
||||
@@ -129,7 +129,7 @@ namespace Semmle.Extraction.Tests
|
||||
var dotnet = MakeDotnet(dotnetCliInvoker);
|
||||
|
||||
// Execute
|
||||
dotnet.RestoreSolutionToDirectory("mysolution.sln", "mypackages", false, out var projects);
|
||||
dotnet.RestoreSolutionToDirectory("mysolution.sln", "mypackages", out var projects);
|
||||
|
||||
// Verify
|
||||
var lastArgs = dotnetCliInvoker.GetLastArgs();
|
||||
@@ -148,7 +148,7 @@ namespace Semmle.Extraction.Tests
|
||||
dotnetCliInvoker.Success = false;
|
||||
|
||||
// Execute
|
||||
dotnet.RestoreSolutionToDirectory("mysolution.sln", "mypackages", false, out var projects);
|
||||
dotnet.RestoreSolutionToDirectory("mysolution.sln", "mypackages", out var projects);
|
||||
|
||||
// Verify
|
||||
var lastArgs = dotnetCliInvoker.GetLastArgs();
|
||||
|
||||
@@ -1,5 +1,4 @@
|
||||
using Xunit;
|
||||
using System;
|
||||
using System.Collections.Generic;
|
||||
using Semmle.Extraction.CSharp.DependencyFetching;
|
||||
|
||||
@@ -7,9 +6,9 @@ namespace Semmle.Extraction.Tests
|
||||
{
|
||||
internal class UnsafeFileReaderStub : IUnsafeFileReader
|
||||
{
|
||||
private readonly IEnumerable<string> lines;
|
||||
private readonly List<string> lines;
|
||||
|
||||
public UnsafeFileReaderStub(IEnumerable<string> lines)
|
||||
public UnsafeFileReaderStub(List<string> lines)
|
||||
{
|
||||
this.lines = lines;
|
||||
}
|
||||
@@ -25,7 +24,7 @@ namespace Semmle.Extraction.Tests
|
||||
|
||||
internal class TestFileContent : FileContent
|
||||
{
|
||||
public TestFileContent(IEnumerable<string> lines) : base(new ProgressMonitor(new LoggerStub()),
|
||||
public TestFileContent(List<string> lines) : base(new ProgressMonitor(new LoggerStub()),
|
||||
new List<string>() { "test1.cs" },
|
||||
new UnsafeFileReaderStub(lines))
|
||||
{ }
|
||||
@@ -49,7 +48,7 @@ namespace Semmle.Extraction.Tests
|
||||
|
||||
// Execute
|
||||
var allPackages = fileContent.AllPackages;
|
||||
var useAspNetDlls = fileContent.UseAspNetCoreDlls;
|
||||
var useAspNetDlls = fileContent.UseAspNetDlls;
|
||||
|
||||
// Verify
|
||||
Assert.False(useAspNetDlls);
|
||||
@@ -73,7 +72,7 @@ namespace Semmle.Extraction.Tests
|
||||
var fileContent = new TestFileContent(lines);
|
||||
|
||||
// Execute
|
||||
var useAspNetDlls = fileContent.UseAspNetCoreDlls;
|
||||
var useAspNetDlls = fileContent.UseAspNetDlls;
|
||||
var allPackages = fileContent.AllPackages;
|
||||
|
||||
// Verify
|
||||
@@ -137,53 +136,5 @@ namespace Semmle.Extraction.Tests
|
||||
Assert.Contains("Ns0.Ns1", customImplicitUsings);
|
||||
Assert.Contains("Ns2", customImplicitUsings);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public void TestFileContent_LegacyProjectStructure()
|
||||
{
|
||||
// Setup
|
||||
var input =
|
||||
"""
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<Project ToolsVersion="12.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
||||
<Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
|
||||
<Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
|
||||
""";
|
||||
var lines = input.Split(Environment.NewLine);
|
||||
var fileContent = new TestFileContent(lines);
|
||||
|
||||
// Execute
|
||||
var isLegacy = fileContent.IsLegacyProjectStructureUsed;
|
||||
var isNew = fileContent.IsNewProjectStructureUsed;
|
||||
|
||||
// Verify
|
||||
Assert.True(isLegacy);
|
||||
Assert.False(isNew);
|
||||
}
|
||||
|
||||
[Fact]
|
||||
public void TestFileContent_NewProjectStructure()
|
||||
{
|
||||
// Setup
|
||||
var input =
|
||||
"""
|
||||
<Project Sdk="Microsoft.NET.Sdk">
|
||||
<PropertyGroup>
|
||||
<TargetFrameworks>net461;net70</TargetFrameworks>
|
||||
</PropertyGroup>
|
||||
</Project>
|
||||
""";
|
||||
var lines = input.Split(Environment.NewLine);
|
||||
|
||||
var fileContent = new TestFileContent(lines);
|
||||
|
||||
// Execute
|
||||
var isLegacy = fileContent.IsLegacyProjectStructureUsed;
|
||||
var isNew = fileContent.IsNewProjectStructureUsed;
|
||||
|
||||
// Verify
|
||||
Assert.True(isNew);
|
||||
Assert.False(isLegacy);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -19,9 +19,9 @@ namespace Semmle.Extraction.Tests
|
||||
|
||||
public bool New(string folder) => true;
|
||||
|
||||
public bool RestoreProjectToDirectory(string project, string directory, bool forceDotnetRefAssemblyFetching, string? pathToNugetConfig = null) => true;
|
||||
public bool RestoreProjectToDirectory(string project, string directory, string? pathToNugetConfig = null) => true;
|
||||
|
||||
public bool RestoreSolutionToDirectory(string solution, string directory, bool forceDotnetRefAssemblyFetching, out IEnumerable<string> projects)
|
||||
public bool RestoreSolutionToDirectory(string solution, string directory, out IEnumerable<string> projects)
|
||||
{
|
||||
projects = Array.Empty<string>();
|
||||
return true;
|
||||
|
||||
@@ -1,235 +0,0 @@
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Accessibility.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/CustomMarshalers.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/Microsoft.Win32.Primitives.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.AppContext.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Collections.Concurrent.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Collections.NonGeneric.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Collections.Specialized.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Collections.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.ComponentModel.Annotations.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.ComponentModel.EventBasedAsync.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.ComponentModel.Primitives.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.ComponentModel.TypeConverter.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.ComponentModel.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Console.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Data.Common.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Diagnostics.Contracts.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Diagnostics.Debug.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Diagnostics.FileVersionInfo.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Diagnostics.Process.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Diagnostics.StackTrace.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Diagnostics.TextWriterTraceListener.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Diagnostics.Tools.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Diagnostics.TraceSource.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Drawing.Primitives.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Dynamic.Runtime.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Globalization.Calendars.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Globalization.Extensions.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Globalization.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.IO.Compression.ZipFile.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.IO.FileSystem.DriveInfo.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.IO.FileSystem.Primitives.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.IO.FileSystem.Watcher.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.IO.FileSystem.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.IO.IsolatedStorage.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.IO.MemoryMappedFiles.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.IO.Pipes.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.IO.UnmanagedMemoryStream.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.IO.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Linq.Expressions.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Linq.Parallel.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Linq.Queryable.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Linq.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Net.Http.Rtc.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Net.NameResolution.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Net.NetworkInformation.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Net.Ping.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Net.Primitives.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Net.Requests.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Net.Security.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Net.Sockets.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Net.WebHeaderCollection.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Net.WebSockets.Client.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Net.WebSockets.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.ObjectModel.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Reflection.Emit.ILGeneration.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Reflection.Emit.Lightweight.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Reflection.Emit.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Reflection.Extensions.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Reflection.Primitives.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Reflection.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Resources.Reader.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Resources.ResourceManager.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Resources.Writer.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Runtime.CompilerServices.VisualC.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Runtime.Extensions.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Runtime.Handles.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Runtime.InteropServices.RuntimeInformation.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Runtime.InteropServices.WindowsRuntime.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Runtime.InteropServices.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Runtime.Numerics.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Runtime.Serialization.Formatters.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Runtime.Serialization.Json.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Runtime.Serialization.Primitives.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Runtime.Serialization.Xml.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Runtime.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Security.Claims.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Security.Cryptography.Algorithms.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Security.Cryptography.Csp.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Security.Cryptography.Encoding.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Security.Cryptography.Primitives.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Security.Cryptography.X509Certificates.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Security.Principal.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Security.SecureString.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.ServiceModel.Duplex.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.ServiceModel.Http.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.ServiceModel.NetTcp.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.ServiceModel.Primitives.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.ServiceModel.Security.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Text.Encoding.Extensions.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Text.Encoding.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Text.RegularExpressions.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Threading.Overlapped.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Threading.Tasks.Parallel.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Threading.Tasks.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Threading.Thread.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Threading.ThreadPool.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Threading.Timer.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Threading.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.ValueTuple.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Xml.ReaderWriter.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Xml.XDocument.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Xml.XPath.XDocument.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Xml.XPath.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Xml.XmlDocument.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/System.Xml.XmlSerializer.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Facades/netstandard.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/ISymWrapper.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Microsoft.Activities.Build.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Microsoft.Build.Conversion.v4.0.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Microsoft.Build.Engine.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Microsoft.Build.Framework.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Microsoft.Build.Tasks.v4.0.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Microsoft.Build.Utilities.v4.0.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Microsoft.Build.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Microsoft.CSharp.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Microsoft.JScript.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Microsoft.VisualBasic.Compatibility.Data.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Microsoft.VisualBasic.Compatibility.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Microsoft.VisualBasic.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Microsoft.VisualC.STLCLR.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/Microsoft.VisualC.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/PresentationBuildTasks.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/PresentationCore.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/PresentationFramework.Aero2.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/PresentationFramework.Aero.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/PresentationFramework.AeroLite.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/PresentationFramework.Classic.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/PresentationFramework.Luna.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/PresentationFramework.Royale.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/PresentationFramework.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/ReachFramework.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Activities.Core.Presentation.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Activities.DurableInstancing.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Activities.Presentation.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Activities.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.AddIn.Contract.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.AddIn.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.ComponentModel.Composition.Registration.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.ComponentModel.Composition.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.ComponentModel.DataAnnotations.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Configuration.Install.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Configuration.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Core.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Data.DataSetExtensions.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Data.Entity.Design.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Data.Entity.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Data.Linq.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Data.OracleClient.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Data.Services.Client.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Data.Services.Design.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Data.Services.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Data.SqlXml.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Data.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Deployment.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Design.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Device.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Diagnostics.Tracing.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.DirectoryServices.AccountManagement.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.DirectoryServices.Protocols.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.DirectoryServices.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Drawing.Design.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Drawing.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Dynamic.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.EnterpriseServices.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.IO.Compression.FileSystem.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.IO.Compression.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.IO.Log.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.IdentityModel.Selectors.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.IdentityModel.Services.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.IdentityModel.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Management.Instrumentation.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Management.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Messaging.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Net.Http.WebRequest.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Net.Http.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Net.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Numerics.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Printing.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Reflection.Context.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Runtime.Caching.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Runtime.DurableInstancing.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Runtime.Remoting.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Runtime.Serialization.Formatters.Soap.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Runtime.Serialization.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Security.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.ServiceModel.Activation.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.ServiceModel.Activities.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.ServiceModel.Channels.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.ServiceModel.Discovery.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.ServiceModel.Routing.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.ServiceModel.Web.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.ServiceModel.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.ServiceProcess.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Speech.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Transactions.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Web.Abstractions.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Web.ApplicationServices.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Web.DataVisualization.Design.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Web.DataVisualization.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Web.DynamicData.Design.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Web.DynamicData.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Web.Entity.Design.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Web.Entity.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Web.Extensions.Design.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Web.Extensions.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Web.Mobile.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Web.RegularExpressions.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Web.Routing.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Web.Services.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Web.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Windows.Controls.Ribbon.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Windows.Forms.DataVisualization.Design.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Windows.Forms.DataVisualization.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Windows.Forms.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Windows.Input.Manipulations.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Windows.Presentation.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Windows.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Workflow.Activities.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Workflow.ComponentModel.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Workflow.Runtime.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.WorkflowServices.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Xaml.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Xml.Linq.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Xml.Serialization.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.Xml.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/System.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/UIAutomationClient.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/UIAutomationClientsideProviders.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/UIAutomationProvider.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/UIAutomationTypes.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/WindowsBase.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/WindowsFormsIntegration.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/XamlBuildTask.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/mscorlib.dll |
|
||||
| /microsoft.netframework.referenceassemblies.net48/1.0.3/build/.NETFramework/v4.8/sysglobl.dll |
|
||||
@@ -1,15 +0,0 @@
|
||||
import csharp
|
||||
|
||||
private string getPath(Assembly a) {
|
||||
not a.getCompilation().getOutputAssembly() = a and
|
||||
exists(string s | s = a.getFile().getAbsolutePath() |
|
||||
result =
|
||||
s.substring(s.indexOf("GitHub/packages/") + "GitHub/packages/".length() + 16, s.length())
|
||||
or
|
||||
result = s and
|
||||
not exists(s.indexOf("GitHub/packages/"))
|
||||
)
|
||||
}
|
||||
|
||||
from Assembly a
|
||||
select getPath(a)
|
||||
@@ -1,6 +0,0 @@
|
||||
class Program
|
||||
{
|
||||
static void Main(string[] args)
|
||||
{
|
||||
}
|
||||
}
|
||||
@@ -1,5 +0,0 @@
|
||||
{
|
||||
"sdk": {
|
||||
"version": "7.0.401"
|
||||
}
|
||||
}
|
||||
@@ -1,12 +0,0 @@
|
||||
<Project Sdk="Microsoft.NET.Sdk">
|
||||
|
||||
<PropertyGroup>
|
||||
<OutputType>Exe</OutputType>
|
||||
<TargetFrameworks>net48</TargetFrameworks>
|
||||
</PropertyGroup>
|
||||
|
||||
<Target Name="DeleteBinObjFolders" BeforeTargets="Clean">
|
||||
<RemoveDir Directories=".\bin" />
|
||||
<RemoveDir Directories=".\obj" />
|
||||
</Target>
|
||||
</Project>
|
||||
@@ -1,3 +0,0 @@
|
||||
from create_database_utils import *
|
||||
|
||||
run_codeql_database_create([], lang="csharp", extra_args=["--extractor-option=buildless=true", "--extractor-option=cil=false"])
|
||||
@@ -1,173 +0,0 @@
|
||||
| /avalara.avatax/21.10.0/lib/net20/Avalara.AvaTax.RestClient.net20.dll |
|
||||
| /avalara.avatax/21.10.0/lib/net45/Avalara.AvaTax.RestClient.net45.dll |
|
||||
| /avalara.avatax/21.10.0/lib/net461/Avalara.AvaTax.RestClient.net461.dll |
|
||||
| /avalara.avatax/21.10.0/lib/netstandard16/Avalara.AvaTax.netstandard11.dll |
|
||||
| /avalara.avatax/21.10.0/lib/netstandard20/Avalara.AvaTax.netstandard20.dll |
|
||||
| /microsoft.bcl.asyncinterfaces/6.0.0/lib/netstandard2.1/Microsoft.Bcl.AsyncInterfaces.dll |
|
||||
| /microsoft.netcore.app.ref/3.1.0/ref/netcoreapp3.1/System.Runtime.InteropServices.WindowsRuntime.dll |
|
||||
| /microsoft.netcore.app.ref/6.0.13/ref/net6.0/System.Data.dll |
|
||||
| /microsoft.netcore.app.ref/6.0.13/ref/net6.0/System.Xml.dll |
|
||||
| /microsoft.netcore.app.ref/6.0.13/ref/net6.0/System.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/Microsoft.CSharp.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/Microsoft.VisualBasic.Core.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/Microsoft.VisualBasic.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/Microsoft.Win32.Primitives.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/Microsoft.Win32.Registry.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.AppContext.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Buffers.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Collections.Concurrent.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Collections.Immutable.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Collections.NonGeneric.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Collections.Specialized.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Collections.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.ComponentModel.Annotations.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.ComponentModel.DataAnnotations.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.ComponentModel.EventBasedAsync.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.ComponentModel.Primitives.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.ComponentModel.TypeConverter.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.ComponentModel.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Configuration.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Console.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Core.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Data.Common.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Data.DataSetExtensions.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.Contracts.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.Debug.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.DiagnosticSource.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.FileVersionInfo.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.Process.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.StackTrace.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.TextWriterTraceListener.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.Tools.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.TraceSource.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.Tracing.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Drawing.Primitives.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Drawing.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Dynamic.Runtime.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Formats.Asn1.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Formats.Tar.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Globalization.Calendars.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Globalization.Extensions.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Globalization.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.Compression.Brotli.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.Compression.FileSystem.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.Compression.ZipFile.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.Compression.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.FileSystem.AccessControl.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.FileSystem.DriveInfo.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.FileSystem.Primitives.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.FileSystem.Watcher.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.FileSystem.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.IsolatedStorage.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.MemoryMappedFiles.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.Pipes.AccessControl.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.Pipes.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.UnmanagedMemoryStream.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Linq.Expressions.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Linq.Parallel.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Linq.Queryable.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Linq.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Memory.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.Http.Json.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.Http.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.HttpListener.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.Mail.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.NameResolution.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.NetworkInformation.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.Ping.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.Primitives.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.Quic.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.Requests.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.Security.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.ServicePoint.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.Sockets.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.WebClient.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.WebHeaderCollection.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.WebProxy.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.WebSockets.Client.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.WebSockets.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Numerics.Vectors.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Numerics.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.ObjectModel.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Reflection.DispatchProxy.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Reflection.Emit.ILGeneration.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Reflection.Emit.Lightweight.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Reflection.Emit.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Reflection.Extensions.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Reflection.Metadata.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Reflection.Primitives.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Reflection.TypeExtensions.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Reflection.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Resources.Reader.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Resources.ResourceManager.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Resources.Writer.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.CompilerServices.Unsafe.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.CompilerServices.VisualC.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.Extensions.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.Handles.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.InteropServices.JavaScript.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.InteropServices.RuntimeInformation.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.InteropServices.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.Intrinsics.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.Loader.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.Numerics.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.Serialization.Formatters.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.Serialization.Json.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.Serialization.Primitives.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.Serialization.Xml.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.Serialization.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.AccessControl.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Claims.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Cryptography.Algorithms.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Cryptography.Cng.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Cryptography.Csp.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Cryptography.Encoding.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Cryptography.OpenSsl.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Cryptography.Primitives.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Cryptography.X509Certificates.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Cryptography.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Principal.Windows.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Principal.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.SecureString.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.ServiceModel.Web.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.ServiceProcess.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Text.Encoding.CodePages.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Text.Encoding.Extensions.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Text.Encoding.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Text.Encodings.Web.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Text.Json.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Text.RegularExpressions.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Threading.Channels.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Threading.Overlapped.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Threading.Tasks.Dataflow.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Threading.Tasks.Extensions.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Threading.Tasks.Parallel.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Threading.Tasks.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Threading.Thread.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Threading.ThreadPool.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Threading.Timer.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Threading.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Transactions.Local.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Transactions.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.ValueTuple.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Web.HttpUtility.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Web.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Windows.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Xml.Linq.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Xml.ReaderWriter.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Xml.Serialization.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Xml.XDocument.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Xml.XPath.XDocument.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Xml.XPath.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Xml.XmlDocument.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Xml.XmlSerializer.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/WindowsBase.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/mscorlib.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/netstandard.dll |
|
||||
| /netstandard.library/2.0.3/build/netstandard2.0/ref/System.ComponentModel.Composition.dll |
|
||||
| /newtonsoft.json/12.0.1/lib/portable-net45+win8+wp8+wpa81/Newtonsoft.Json.dll |
|
||||
| /nunit/3.13.3/lib/netstandard2.0/nunit.framework.dll |
|
||||
@@ -1,15 +0,0 @@
|
||||
import csharp
|
||||
|
||||
private string getPath(Assembly a) {
|
||||
not a.getCompilation().getOutputAssembly() = a and
|
||||
exists(string s | s = a.getFile().getAbsolutePath() |
|
||||
result =
|
||||
s.substring(s.indexOf("GitHub/packages/") + "GitHub/packages/".length() + 16, s.length())
|
||||
or
|
||||
result = s and
|
||||
not exists(s.indexOf("GitHub/packages/"))
|
||||
)
|
||||
}
|
||||
|
||||
from Assembly a
|
||||
select getPath(a)
|
||||
@@ -1,6 +0,0 @@
|
||||
class Program
|
||||
{
|
||||
static void Main(string[] args)
|
||||
{
|
||||
}
|
||||
}
|
||||
@@ -1,5 +0,0 @@
|
||||
{
|
||||
"sdk": {
|
||||
"version": "7.0.102"
|
||||
}
|
||||
}
|
||||
@@ -1,19 +0,0 @@
|
||||
<Project Sdk="Microsoft.NET.Sdk">
|
||||
|
||||
<PropertyGroup>
|
||||
<OutputType>Exe</OutputType>
|
||||
<TargetFrameworks>net7.0;net6.0;netcoreapp3.1;netstandard2.0;net48</TargetFrameworks>
|
||||
</PropertyGroup>
|
||||
|
||||
<Target Name="DeleteBinObjFolders" BeforeTargets="Clean">
|
||||
<RemoveDir Directories=".\bin" />
|
||||
<RemoveDir Directories=".\obj" />
|
||||
</Target>
|
||||
|
||||
<ItemGroup>
|
||||
<PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="6.0.0" />
|
||||
<!-- The below causes DB-CHECK errors: -->
|
||||
<!-- <PackageReference Include="NUnit" Version="3.10.1" /> -->
|
||||
<PackageReference Include="Avalara.AvaTax" Version="21.10.0" />
|
||||
</ItemGroup>
|
||||
</Project>
|
||||
@@ -1,3 +0,0 @@
|
||||
from create_database_utils import *
|
||||
|
||||
run_codeql_database_create([], lang="csharp", extra_args=["--extractor-option=buildless=true", "--extractor-option=cil=false"])
|
||||
@@ -1,217 +0,0 @@
|
||||
| /avalara.avatax/21.10.0/lib/net20/Avalara.AvaTax.RestClient.net20.dll |
|
||||
| /avalara.avatax/21.10.0/lib/net45/Avalara.AvaTax.RestClient.net45.dll |
|
||||
| /avalara.avatax/21.10.0/lib/net461/Avalara.AvaTax.RestClient.net461.dll |
|
||||
| /avalara.avatax/21.10.0/lib/netstandard16/Avalara.AvaTax.netstandard11.dll |
|
||||
| /avalara.avatax/21.10.0/lib/netstandard20/Avalara.AvaTax.netstandard20.dll |
|
||||
| /microsoft.bcl.asyncinterfaces/6.0.0/lib/netstandard2.1/Microsoft.Bcl.AsyncInterfaces.dll |
|
||||
| /microsoft.netcore.app.ref/3.1.0/ref/netcoreapp3.1/System.Runtime.InteropServices.WindowsRuntime.dll |
|
||||
| /microsoft.netcore.app.ref/6.0.13/ref/net6.0/System.Data.dll |
|
||||
| /microsoft.netcore.app.ref/6.0.13/ref/net6.0/System.Xml.dll |
|
||||
| /microsoft.netcore.app.ref/6.0.13/ref/net6.0/System.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/Microsoft.CSharp.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/Microsoft.VisualBasic.Core.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/Microsoft.Win32.Primitives.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/Microsoft.Win32.Registry.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.AppContext.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Buffers.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Collections.Concurrent.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Collections.Immutable.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Collections.NonGeneric.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Collections.Specialized.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Collections.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.ComponentModel.Annotations.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.ComponentModel.DataAnnotations.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.ComponentModel.EventBasedAsync.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.ComponentModel.Primitives.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.ComponentModel.TypeConverter.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.ComponentModel.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Configuration.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Console.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Core.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Data.Common.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Data.DataSetExtensions.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.Contracts.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.Debug.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.DiagnosticSource.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.FileVersionInfo.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.Process.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.StackTrace.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.TextWriterTraceListener.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.Tools.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.TraceSource.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Diagnostics.Tracing.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Drawing.Primitives.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Dynamic.Runtime.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Formats.Asn1.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Formats.Tar.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Globalization.Calendars.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Globalization.Extensions.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Globalization.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.Compression.Brotli.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.Compression.FileSystem.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.Compression.ZipFile.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.Compression.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.FileSystem.AccessControl.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.FileSystem.DriveInfo.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.FileSystem.Primitives.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.FileSystem.Watcher.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.FileSystem.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.IsolatedStorage.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.MemoryMappedFiles.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.Pipes.AccessControl.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.Pipes.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.UnmanagedMemoryStream.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.IO.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Linq.Expressions.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Linq.Parallel.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Linq.Queryable.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Linq.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Memory.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.Http.Json.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.Http.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.HttpListener.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.Mail.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.NameResolution.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.NetworkInformation.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.Ping.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.Primitives.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.Quic.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.Requests.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.Security.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.ServicePoint.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.Sockets.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.WebClient.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.WebHeaderCollection.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.WebProxy.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.WebSockets.Client.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.WebSockets.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Net.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Numerics.Vectors.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Numerics.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.ObjectModel.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Reflection.DispatchProxy.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Reflection.Emit.ILGeneration.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Reflection.Emit.Lightweight.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Reflection.Emit.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Reflection.Extensions.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Reflection.Metadata.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Reflection.Primitives.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Reflection.TypeExtensions.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Reflection.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Resources.Reader.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Resources.ResourceManager.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Resources.Writer.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.CompilerServices.Unsafe.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.CompilerServices.VisualC.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.Extensions.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.Handles.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.InteropServices.JavaScript.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.InteropServices.RuntimeInformation.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.InteropServices.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.Intrinsics.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.Loader.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.Numerics.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.Serialization.Formatters.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.Serialization.Json.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.Serialization.Primitives.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.Serialization.Xml.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.Serialization.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Runtime.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.AccessControl.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Claims.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Cryptography.Algorithms.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Cryptography.Cng.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Cryptography.Csp.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Cryptography.Encoding.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Cryptography.OpenSsl.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Cryptography.Primitives.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Cryptography.X509Certificates.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Cryptography.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Principal.Windows.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.Principal.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.SecureString.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Security.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.ServiceModel.Web.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.ServiceProcess.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Text.Encoding.CodePages.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Text.Encoding.Extensions.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Text.Encoding.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Text.Encodings.Web.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Text.Json.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Text.RegularExpressions.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Threading.Channels.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Threading.Overlapped.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Threading.Tasks.Dataflow.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Threading.Tasks.Extensions.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Threading.Tasks.Parallel.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Threading.Tasks.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Threading.Thread.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Threading.ThreadPool.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Threading.Timer.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Threading.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Transactions.Local.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Transactions.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.ValueTuple.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Web.HttpUtility.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Web.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Windows.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Xml.Linq.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Xml.ReaderWriter.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Xml.Serialization.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Xml.XDocument.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Xml.XPath.XDocument.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Xml.XPath.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Xml.XmlDocument.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/System.Xml.XmlSerializer.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/mscorlib.dll |
|
||||
| /microsoft.netcore.app.ref/7.0.2/ref/net7.0/netstandard.dll |
|
||||
| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/Accessibility.dll |
|
||||
| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/Microsoft.VisualBasic.Forms.dll |
|
||||
| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/Microsoft.VisualBasic.dll |
|
||||
| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/Microsoft.Win32.Registry.AccessControl.dll |
|
||||
| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/Microsoft.Win32.SystemEvents.dll |
|
||||
| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/PresentationCore.dll |
|
||||
| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/PresentationFramework.Aero2.dll |
|
||||
| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/PresentationFramework.Aero.dll |
|
||||
| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/PresentationFramework.AeroLite.dll |
|
||||
| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/PresentationFramework.Classic.dll |
|
||||
| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/PresentationFramework.Luna.dll |
|
||||
| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/PresentationFramework.Royale.dll |
|
||||
| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/PresentationFramework.dll |
|
||||
| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/PresentationUI.dll |
|
||||
| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/ReachFramework.dll |
|
||||
| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.CodeDom.dll |
|
||||
| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.Configuration.ConfigurationManager.dll |
|
||||
| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.Design.dll |
|
||||
| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.Diagnostics.EventLog.dll |
|
||||
| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.Diagnostics.PerformanceCounter.dll |
|
||||
| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.DirectoryServices.dll |
|
||||
| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.Drawing.Common.dll |
|
||||
| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.Drawing.Design.dll |
|
||||
| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.Drawing.dll |
|
||||
| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.IO.Packaging.dll |
|
||||
| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.Printing.dll |
|
||||
| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.Resources.Extensions.dll |
|
||||
| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.Security.Cryptography.Pkcs.dll |
|
||||
| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.Security.Cryptography.ProtectedData.dll |
|
||||
| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.Security.Cryptography.Xml.dll |
|
||||
| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.Security.Permissions.dll |
|
||||
| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.Threading.AccessControl.dll |
|
||||
| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.Windows.Controls.Ribbon.dll |
|
||||
| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.Windows.Extensions.dll |
|
||||
| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.Windows.Forms.Design.Editors.dll |
|
||||
| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.Windows.Forms.Design.dll |
|
||||
| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.Windows.Forms.Primitives.dll |
|
||||
| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.Windows.Forms.dll |
|
||||
| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.Windows.Input.Manipulations.dll |
|
||||
| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.Windows.Presentation.dll |
|
||||
| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/System.Xaml.dll |
|
||||
| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/UIAutomationClient.dll |
|
||||
| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/UIAutomationClientSideProviders.dll |
|
||||
| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/UIAutomationProvider.dll |
|
||||
| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/UIAutomationTypes.dll |
|
||||
| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/WindowsBase.dll |
|
||||
| /microsoft.windowsdesktop.app.ref/7.0.2/ref/net7.0/WindowsFormsIntegration.dll |
|
||||
| /netstandard.library/2.0.3/build/netstandard2.0/ref/System.ComponentModel.Composition.dll |
|
||||
| /newtonsoft.json/12.0.1/lib/portable-net45+win8+wp8+wpa81/Newtonsoft.Json.dll |
|
||||
| /nunit/3.13.3/lib/netstandard2.0/nunit.framework.dll |
|
||||
@@ -1,15 +0,0 @@
|
||||
import csharp
|
||||
|
||||
private string getPath(Assembly a) {
|
||||
not a.getCompilation().getOutputAssembly() = a and
|
||||
exists(string s | s = a.getFile().getAbsolutePath() |
|
||||
result =
|
||||
s.substring(s.indexOf("GitHub/packages/") + "GitHub/packages/".length() + 16, s.length())
|
||||
or
|
||||
result = s and
|
||||
not exists(s.indexOf("GitHub/packages/"))
|
||||
)
|
||||
}
|
||||
|
||||
from Assembly a
|
||||
select getPath(a)
|
||||
@@ -1,6 +0,0 @@
|
||||
class Program
|
||||
{
|
||||
static void Main(string[] args)
|
||||
{
|
||||
}
|
||||
}
|
||||
@@ -1,5 +0,0 @@
|
||||
{
|
||||
"sdk": {
|
||||
"version": "7.0.102"
|
||||
}
|
||||
}
|
||||
@@ -1,19 +0,0 @@
|
||||
<Project Sdk="Microsoft.NET.Sdk">
|
||||
|
||||
<PropertyGroup>
|
||||
<OutputType>Exe</OutputType>
|
||||
<TargetFrameworks>net7.0;net6.0;netcoreapp3.1;netstandard2.0;net48</TargetFrameworks>
|
||||
</PropertyGroup>
|
||||
|
||||
<Target Name="DeleteBinObjFolders" BeforeTargets="Clean">
|
||||
<RemoveDir Directories=".\bin" />
|
||||
<RemoveDir Directories=".\obj" />
|
||||
</Target>
|
||||
|
||||
<ItemGroup>
|
||||
<PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="6.0.0" />
|
||||
<!-- The below causes DB-CHECK errors: -->
|
||||
<!-- <PackageReference Include="NUnit" Version="3.10.1" /> -->
|
||||
<PackageReference Include="Avalara.AvaTax" Version="21.10.0" />
|
||||
</ItemGroup>
|
||||
</Project>
|
||||
@@ -1,3 +0,0 @@
|
||||
from create_database_utils import *
|
||||
|
||||
run_codeql_database_create([], lang="csharp", extra_args=["--extractor-option=buildless=true", "--extractor-option=cil=false"])
|
||||
@@ -398,7 +398,7 @@ class MemberConstantAccess extends FieldAccess {
|
||||
* An internal helper class to share logic between `PropertyAccess` and
|
||||
* `PropertyCall`.
|
||||
*/
|
||||
class PropertyAccessExpr extends Expr, @property_access_expr {
|
||||
library class PropertyAccessExpr extends Expr, @property_access_expr {
|
||||
/** Gets the target of this property access. */
|
||||
Property getProperty() { expr_access(this, result) }
|
||||
|
||||
@@ -540,7 +540,7 @@ class ElementWrite extends ElementAccess, AssignableWrite { }
|
||||
* An internal helper class to share logic between `IndexerAccess` and
|
||||
* `IndexerCall`.
|
||||
*/
|
||||
class IndexerAccessExpr extends Expr, @indexer_access_expr {
|
||||
library class IndexerAccessExpr extends Expr, @indexer_access_expr {
|
||||
/** Gets the target of this indexer access. */
|
||||
Indexer getIndexer() { expr_access(this, result) }
|
||||
|
||||
@@ -628,7 +628,7 @@ class VirtualIndexerAccess extends IndexerAccess {
|
||||
* An internal helper class to share logic between `EventAccess` and
|
||||
* `EventCall`.
|
||||
*/
|
||||
class EventAccessExpr extends Expr, @event_access_expr {
|
||||
library class EventAccessExpr extends Expr, @event_access_expr {
|
||||
/** Gets the target of this event access. */
|
||||
Event getEvent() { expr_access(this, result) }
|
||||
|
||||
|
||||
@@ -654,7 +654,7 @@ class DisposeMethod extends Method {
|
||||
}
|
||||
|
||||
/** A method with the signature `void Dispose(bool)`. */
|
||||
class DisposeBoolMethod extends Method {
|
||||
library class DisposeBoolMethod extends Method {
|
||||
DisposeBoolMethod() {
|
||||
this.hasName("Dispose") and
|
||||
this.getReturnType() instanceof VoidType and
|
||||
|
||||
@@ -51,33 +51,31 @@ private predicate callsPlus(Callable c1, Callable c2) = fastTC(calls/2)(c1, c2)
|
||||
/** Holds if `m`, its containing class, or a parent class has an attribute that extends `AuthorizeAttribute` */
|
||||
private predicate hasAuthorizeAttribute(ActionMethod m) {
|
||||
exists(Attribute attr |
|
||||
getAnUnboundBaseType*(attr.getType())
|
||||
attr.getType()
|
||||
.getABaseType*()
|
||||
.hasQualifiedName([
|
||||
"Microsoft.AspNetCore.Authorization", "System.Web.Mvc", "System.Web.Http"
|
||||
], "AuthorizeAttribute")
|
||||
|
|
||||
attr = m.getOverridee*().getAnAttribute() or
|
||||
attr = getAnUnboundBaseType*(m.getDeclaringType()).getAnAttribute()
|
||||
attr = m.getDeclaringType().getABaseType*().getAnAttribute()
|
||||
)
|
||||
}
|
||||
|
||||
/** Holds if `m`, its containing class, or a parent class has an attribute that extends `AllowAnonymousAttribute` */
|
||||
private predicate hasAllowAnonymousAttribute(ActionMethod m) {
|
||||
exists(Attribute attr |
|
||||
getAnUnboundBaseType*(attr.getType())
|
||||
attr.getType()
|
||||
.getABaseType*()
|
||||
.hasQualifiedName([
|
||||
"Microsoft.AspNetCore.Authorization", "System.Web.Mvc", "System.Web.Http"
|
||||
], "AllowAnonymousAttribute")
|
||||
|
|
||||
attr = m.getOverridee*().getAnAttribute() or
|
||||
attr = getAnUnboundBaseType*(m.getDeclaringType()).getAnAttribute()
|
||||
attr = m.getDeclaringType().getABaseType*().getAnAttribute()
|
||||
)
|
||||
}
|
||||
|
||||
private ValueOrRefType getAnUnboundBaseType(ValueOrRefType t) {
|
||||
result = t.getABaseType().getUnboundDeclaration()
|
||||
}
|
||||
|
||||
/** Holds if `m` is authorized via an `Authorize` attribute */
|
||||
private predicate isAuthorizedViaAttribute(ActionMethod m) {
|
||||
hasAuthorizeAttribute(m) and
|
||||
|
||||
@@ -82,15 +82,11 @@ predicate hasAuthViaXml(ActionMethod m) {
|
||||
/** Holds if the given action has an attribute that indications authorization. */
|
||||
predicate hasAuthViaAttribute(ActionMethod m) {
|
||||
exists(Attribute attr | attr.getType().getName().toLowerCase().matches("%auth%") |
|
||||
attr = m.getOverridee*().getAnAttribute() or
|
||||
attr = getAnUnboundBaseType*(m.getDeclaringType()).getAnAttribute()
|
||||
attr = m.getAnAttribute() or
|
||||
attr = m.getDeclaringType().getABaseType*().getAnAttribute()
|
||||
)
|
||||
}
|
||||
|
||||
private ValueOrRefType getAnUnboundBaseType(ValueOrRefType t) {
|
||||
result = t.getABaseType().getUnboundDeclaration()
|
||||
}
|
||||
|
||||
/** Holds if `m` is a method that should have an auth check, but is missing it. */
|
||||
predicate missingAuth(ActionMethod m) {
|
||||
needsAuth(m) and
|
||||
|
||||
@@ -193,7 +193,7 @@ for framework in frameworks:
|
||||
pf.write('</Project>\n')
|
||||
|
||||
for pathInfo in pathInfos:
|
||||
if framework.lower() + '.ref' in pathInfo.lower():
|
||||
if 'packs/' + framework.lower() in pathInfo.lower():
|
||||
copiedFiles.add(pathInfo)
|
||||
shutil.copy2(pathInfos[pathInfo], os.path.join(
|
||||
frameworksDir, framework))
|
||||
@@ -207,7 +207,7 @@ with open(os.path.join(frameworksDir, 'Microsoft.NETCore.App', 'Microsoft.NETCor
|
||||
pf.write('</Project>\n')
|
||||
|
||||
for pathInfo in pathInfos:
|
||||
if 'microsoft.netcore.app.ref/' in pathInfo.lower():
|
||||
if 'packs/microsoft.netcore.app.ref/' in pathInfo.lower():
|
||||
copiedFiles.add(pathInfo)
|
||||
shutil.copy2(pathInfos[pathInfo], frameworkDir)
|
||||
|
||||
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The `cs/web/insecure-direct-object-reference` and `cs/web/missing-function-level-access-control` have been improved to better recognize attributes on generic classes.
|
||||
@@ -1,6 +1,6 @@
|
||||
/**
|
||||
* @name Framework coverage
|
||||
* @description The number of API endpoints covered by MaD models sorted by
|
||||
* @description The number of API endpoints covered by CSV models sorted by
|
||||
* package and source-, sink-, and summary-kind.
|
||||
* @kind table
|
||||
* @id cs/meta/framework-coverage
|
||||
|
||||
@@ -27,30 +27,4 @@ public class ProfileController : Controller {
|
||||
return View();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
[Authorize]
|
||||
public class AuthBaseController : Controller {
|
||||
protected void doThings() { }
|
||||
}
|
||||
|
||||
public class SubController : AuthBaseController {
|
||||
// GOOD: The Authorize attribute is used on the base class.
|
||||
public ActionResult Delete4(int id) {
|
||||
doThings();
|
||||
return View();
|
||||
}
|
||||
}
|
||||
|
||||
[Authorize]
|
||||
public class AuthBaseGenericController<T> : Controller {
|
||||
protected void doThings() { }
|
||||
}
|
||||
|
||||
public class SubGenericController : AuthBaseGenericController<string> {
|
||||
// GOOD: The Authorize attribute is used on the base class.
|
||||
public ActionResult Delete5(int id) {
|
||||
doThings();
|
||||
return View();
|
||||
}
|
||||
}
|
||||
@@ -43,14 +43,4 @@ public class CController : BaseAnonController {
|
||||
// BAD - AllowAnonymous is inherited from base class and overrides Authorize
|
||||
[Authorize]
|
||||
public ActionResult Edit4(int id) { return View(); }
|
||||
}
|
||||
|
||||
[Authorize]
|
||||
public class BaseGenController<T> : Controller {
|
||||
|
||||
}
|
||||
|
||||
public class SubGenController : BaseGenController<string> {
|
||||
// GOOD - Authorize is inherited from parent class
|
||||
public ActionResult Edit5(int id) { return View(); }
|
||||
}
|
||||
@@ -135,5 +135,5 @@ There are two methods for using CodeQL model packs with code scanning:
|
||||
For more information, see the following articles on the GitHub Docs site:
|
||||
|
||||
- Default setup of code scanning: `Extending CodeQL coverage with CodeQL model packs in default setup <https://docs.github.com/en/code-security/code-scanning/managing-your-code-scanning-configuration/editing-your-configuration-of-default-setup#extending-codeql-coverage-with-codeql-model-packs-in-default-setup>`__
|
||||
- Advanced setup of code scanning: `Extending CodeQL coverage with CodeQL model packs <https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-codeql-model-packs>`__
|
||||
- Advanced setup of code scanning: `Extending CodeQL coverage with CodeQL model packs <https://docs.github.com//en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#extending-codeql-coverage-with-codeql-model-packs>`__
|
||||
- CodeQL CLI setup in external CI system: `Using model packs to analyze calls to custom dependencies <https://docs.github.com/en/code-security/code-scanning/using-codeql-code-scanning-with-your-existing-ci-system/configuring-codeql-cli-in-your-ci-system#using-model-packs-to-analyze-calls-to-custom-dependencies>`__
|
||||
|
||||
@@ -1993,10 +1993,6 @@ The following built-in predicates are members of type ``int``:
|
||||
+-------------------------+-------------+----------------+----------------------------------------------------------------------------------------------------------------+
|
||||
| ``toUnicode`` | string | | The result is the unicode character for the receiver seen as a unicode code point. |
|
||||
+-------------------------+-------------+----------------+----------------------------------------------------------------------------------------------------------------+
|
||||
| ``codePointAt`` | int | int | The result is the unicode code point at the index given by the argument. |
|
||||
+-------------------------+-------------+----------------+----------------------------------------------------------------------------------------------------------------+
|
||||
| ``codePointCount`` | int | int, int | The result is the number of unicode code points in the receiver between the given indices. |
|
||||
+-------------------------+-------------+----------------+----------------------------------------------------------------------------------------------------------------+
|
||||
|
||||
The leftmost bit after ``bitShiftRightSigned`` depends on sign extension, whereas after ``bitShiftRight`` it is zero.
|
||||
|
||||
|
||||
@@ -1,96 +0,0 @@
|
||||
package,source,summary,source:remote,summary:taint,summary:value
|
||||
,,2,,,2
|
||||
archive/tar,,5,,5,
|
||||
archive/zip,,6,,6,
|
||||
bufio,,17,,17,
|
||||
bytes,,43,,43,
|
||||
compress/bzip2,,1,,1,
|
||||
compress/flate,,4,,4,
|
||||
compress/gzip,,3,,3,
|
||||
compress/lzw,,1,,1,
|
||||
compress/zlib,,4,,4,
|
||||
container/heap,,5,,5,
|
||||
container/list,,20,,20,
|
||||
container/ring,,5,,5,
|
||||
context,,5,,5,
|
||||
crypto,,1,,1,
|
||||
crypto/cipher,,3,,3,
|
||||
crypto/rsa,,2,,2,
|
||||
crypto/tls,,3,,3,
|
||||
crypto/x509,,1,,1,
|
||||
database/sql,,7,,7,
|
||||
database/sql/driver,,4,,4,
|
||||
encoding,,4,,4,
|
||||
encoding/ascii85,,2,,2,
|
||||
encoding/asn1,,8,,8,
|
||||
encoding/base32,,3,,3,
|
||||
encoding/base64,,3,,3,
|
||||
encoding/binary,,2,,2,
|
||||
encoding/csv,,5,,5,
|
||||
encoding/gob,,7,,7,
|
||||
encoding/hex,,3,,3,
|
||||
encoding/json,,14,,14,
|
||||
encoding/pem,,3,,3,
|
||||
encoding/xml,,23,,23,
|
||||
errors,,3,,3,
|
||||
expvar,,6,,6,
|
||||
fmt,,5,,5,
|
||||
github.com/astaxie/beego,,7,,7,
|
||||
github.com/astaxie/beego/context,,1,,1,
|
||||
github.com/astaxie/beego/utils,,13,,13,
|
||||
github.com/beego/beego/core/utils,,13,,13,
|
||||
github.com/beego/beego/server/web,,7,,7,
|
||||
github.com/beego/beego/server/web/context,,1,,1,
|
||||
github.com/couchbase/gocb,,18,,18,
|
||||
github.com/couchbaselabs/gocb,,18,,18,
|
||||
github.com/elazarl/goproxy,,2,,2,
|
||||
github.com/evanphx/json-patch,,12,,12,
|
||||
github.com/gin-gonic/gin,,2,,2,
|
||||
github.com/go-pg/pg/$ANYVERSION/orm,,6,,6,
|
||||
github.com/golang/protobuf/$ANYVERSION/proto,,4,,4,
|
||||
github.com/json-iterator/go,,4,,4,
|
||||
github.com/labstack/echo,,2,,2,
|
||||
github.com/revel/revel,,10,,10,
|
||||
github.com/robfig/revel,,10,,10,
|
||||
github.com/sendgrid/sendgrid-go/$ANYVERSION/helpers/mail,,1,,1,
|
||||
go.uber.org/zap,,11,,11,
|
||||
golang.org/x/net/$ANYVERSION/html,,16,,16,
|
||||
golang.org/x/net/context,,5,,5,
|
||||
google.golang.org/protobuf/$ANYVERSION/internal/encoding/text,,1,,1,
|
||||
google.golang.org/protobuf/$ANYVERSION/internal/impl,,2,,2,
|
||||
google.golang.org/protobuf/$ANYVERSION/proto,,8,,8,
|
||||
google.golang.org/protobuf/$ANYVERSION/reflect/protoreflect,,1,,1,
|
||||
gopkg.in/couchbase/gocb,,18,,18,
|
||||
gopkg.in/macaron,,1,,1,
|
||||
gopkg.in/yaml,,9,,9,
|
||||
html,,2,,2,
|
||||
html/template,,6,,6,
|
||||
io,,19,,19,
|
||||
io/fs,,12,,12,
|
||||
io/ioutil,,2,,2,
|
||||
k8s.io/api/core,,10,,10,
|
||||
k8s.io/apimachinery/$ANYVERSION/pkg/runtime,,47,,47,
|
||||
log,,3,,3,
|
||||
mime,,5,,5,
|
||||
mime/multipart,,8,,8,
|
||||
mime/quotedprintable,,1,,1,
|
||||
net,,20,,20,
|
||||
net/http,8,22,8,22,
|
||||
net/http/httputil,,10,,10,
|
||||
net/mail,,6,,6,
|
||||
net/textproto,,19,,19,
|
||||
net/url,,23,,23,
|
||||
os,,4,,4,
|
||||
path,,5,,5,
|
||||
path/filepath,,13,,13,
|
||||
reflect,,37,,37,
|
||||
regexp,,20,,20,
|
||||
sort,,1,,1,
|
||||
strconv,,9,,9,
|
||||
strings,,34,,34,
|
||||
sync,,10,,10,
|
||||
sync/atomic,,24,,24,
|
||||
syscall,,8,,8,
|
||||
text/scanner,,3,,3,
|
||||
text/tabwriter,,1,,1,
|
||||
text/template,,6,,6,
|
||||
|
@@ -1,12 +0,0 @@
|
||||
Go framework & library support
|
||||
================================
|
||||
|
||||
.. csv-table::
|
||||
:header-rows: 1
|
||||
:class: fullWidthTable
|
||||
:widths: auto
|
||||
|
||||
Framework / library,Package,Flow sources,Taint & value steps,Sinks (total)
|
||||
Others,"````, ``archive/tar``, ``archive/zip``, ``bufio``, ``bytes``, ``compress/bzip2``, ``compress/flate``, ``compress/gzip``, ``compress/lzw``, ``compress/zlib``, ``container/heap``, ``container/list``, ``container/ring``, ``context``, ``crypto``, ``crypto/cipher``, ``crypto/rsa``, ``crypto/tls``, ``crypto/x509``, ``database/sql``, ``database/sql/driver``, ``encoding``, ``encoding/ascii85``, ``encoding/asn1``, ``encoding/base32``, ``encoding/base64``, ``encoding/binary``, ``encoding/csv``, ``encoding/gob``, ``encoding/hex``, ``encoding/json``, ``encoding/pem``, ``encoding/xml``, ``errors``, ``expvar``, ``fmt``, ``github.com/astaxie/beego``, ``github.com/astaxie/beego/context``, ``github.com/astaxie/beego/utils``, ``github.com/beego/beego/core/utils``, ``github.com/beego/beego/server/web``, ``github.com/beego/beego/server/web/context``, ``github.com/couchbase/gocb``, ``github.com/couchbaselabs/gocb``, ``github.com/elazarl/goproxy``, ``github.com/evanphx/json-patch``, ``github.com/gin-gonic/gin``, ``github.com/go-pg/pg/$ANYVERSION/orm``, ``github.com/golang/protobuf/$ANYVERSION/proto``, ``github.com/json-iterator/go``, ``github.com/labstack/echo``, ``github.com/revel/revel``, ``github.com/robfig/revel``, ``github.com/sendgrid/sendgrid-go/$ANYVERSION/helpers/mail``, ``go.uber.org/zap``, ``golang.org/x/net/$ANYVERSION/html``, ``golang.org/x/net/context``, ``google.golang.org/protobuf/$ANYVERSION/internal/encoding/text``, ``google.golang.org/protobuf/$ANYVERSION/internal/impl``, ``google.golang.org/protobuf/$ANYVERSION/proto``, ``google.golang.org/protobuf/$ANYVERSION/reflect/protoreflect``, ``gopkg.in/couchbase/gocb``, ``gopkg.in/macaron``, ``gopkg.in/yaml``, ``html``, ``html/template``, ``io``, ``io/fs``, ``io/ioutil``, ``k8s.io/api/core``, ``k8s.io/apimachinery/$ANYVERSION/pkg/runtime``, ``log``, ``mime``, ``mime/multipart``, ``mime/quotedprintable``, ``net``, ``net/http``, ``net/http/httputil``, ``net/mail``, ``net/textproto``, ``net/url``, ``os``, ``path``, ``path/filepath``, ``reflect``, ``regexp``, ``sort``, ``strconv``, ``strings``, ``sync``, ``sync/atomic``, ``syscall``, ``text/scanner``, ``text/tabwriter``, ``text/template``",8,826,
|
||||
Totals,,8,826,
|
||||
|
||||
@@ -1 +0,0 @@
|
||||
CWE,Sink identifier,Label
|
||||
|
@@ -1 +0,0 @@
|
||||
Framework name,URL,Package prefixes
|
||||
|
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added `GoKit.qll` to `go.qll` enabling the GoKit framework by default
|
||||
@@ -42,7 +42,6 @@ import semmle.go.frameworks.Encoding
|
||||
import semmle.go.frameworks.Fiber
|
||||
import semmle.go.frameworks.Gin
|
||||
import semmle.go.frameworks.Glog
|
||||
import semmle.go.frameworks.GoKit
|
||||
import semmle.go.frameworks.GoMicro
|
||||
import semmle.go.frameworks.GoRestfulHttp
|
||||
import semmle.go.frameworks.Gqlgen
|
||||
|
||||
@@ -82,6 +82,14 @@ private import internal.AccessPathSyntax
|
||||
private import FlowSummary
|
||||
private import codeql.mad.ModelValidation as SharedModelVal
|
||||
|
||||
/**
|
||||
* A module importing the frameworks that provide external flow data,
|
||||
* ensuring that they are visible to the taint tracking / data flow library.
|
||||
*/
|
||||
private module Frameworks {
|
||||
private import semmle.go.frameworks.Stdlib
|
||||
}
|
||||
|
||||
/** Holds if a source model exists for the given parameters. */
|
||||
predicate sourceModel = Extensions::sourceModel/9;
|
||||
|
||||
|
||||
@@ -1,5 +1,8 @@
|
||||
/**
|
||||
* Provides classes for working with concepts relating to the [github.com/go-kit/kit](https://pkg.go.dev/github.com/go-kit/kit) package.
|
||||
*
|
||||
* Note that these models are not included by default; to include them, add `import semmle.go.frameworks.GoKit` to your query or to
|
||||
* `Customizations.qll`.
|
||||
*/
|
||||
|
||||
import go
|
||||
|
||||
@@ -1,14 +0,0 @@
|
||||
/**
|
||||
* @name Framework coverage
|
||||
* @description The number of API endpoints covered by MaD models sorted by
|
||||
* package and source-, sink-, and summary-kind.
|
||||
* @kind table
|
||||
* @id go/meta/framework-coverage
|
||||
*/
|
||||
|
||||
import go
|
||||
import semmle.go.dataflow.ExternalFlow
|
||||
|
||||
from string package, int pkgs, string kind, string part, int n
|
||||
where modelCoverage(package, pkgs, kind, part, n)
|
||||
select package, pkgs, kind, part, n
|
||||
@@ -1,4 +1,5 @@
|
||||
import go
|
||||
import semmle.go.frameworks.GoKit
|
||||
import TestUtilities.InlineExpectationsTest
|
||||
|
||||
module UntrustedFlowSourceTest implements TestSig {
|
||||
|
||||
@@ -49,8 +49,6 @@ import com.semmle.util.trap.dependencies.TrapDependencies;
|
||||
import com.semmle.util.trap.dependencies.TrapSet;
|
||||
import com.semmle.util.trap.pathtransformers.PathTransformer;
|
||||
|
||||
import com.github.codeql.Compression;
|
||||
|
||||
public class OdasaOutput {
|
||||
private final File trapFolder;
|
||||
private final File sourceArchiveFolder;
|
||||
@@ -65,18 +63,16 @@ public class OdasaOutput {
|
||||
private final boolean trackClassOrigins;
|
||||
|
||||
private final Logger log;
|
||||
private final Compression compression;
|
||||
|
||||
/** DEBUG only: just use the given file as the root for TRAP, source archive etc */
|
||||
OdasaOutput(File outputRoot, Compression compression, Logger log) {
|
||||
OdasaOutput(File outputRoot, Logger log) {
|
||||
this.trapFolder = new File(outputRoot, "trap");
|
||||
this.sourceArchiveFolder = new File(outputRoot, "src_archive");
|
||||
this.trackClassOrigins = false;
|
||||
this.log = log;
|
||||
this.compression = compression;
|
||||
}
|
||||
|
||||
public OdasaOutput(boolean trackClassOrigins, Compression compression, Logger log) {
|
||||
public OdasaOutput(boolean trackClassOrigins, Logger log) {
|
||||
String trapFolderVar = Env.systemEnv().getFirstNonEmpty("CODEQL_EXTRACTOR_JAVA_TRAP_DIR", Var.TRAP_FOLDER.name());
|
||||
if (trapFolderVar == null) {
|
||||
throw new ResourceError("CODEQL_EXTRACTOR_JAVA_TRAP_DIR was not set");
|
||||
@@ -89,7 +85,6 @@ public class OdasaOutput {
|
||||
this.sourceArchiveFolder = new File(sourceArchiveVar);
|
||||
this.trackClassOrigins = trackClassOrigins;
|
||||
this.log = log;
|
||||
this.compression = compression;
|
||||
}
|
||||
|
||||
public File getTrapFolder() {
|
||||
@@ -185,18 +180,18 @@ public class OdasaOutput {
|
||||
return null;
|
||||
return FileUtil.appendAbsolutePath(
|
||||
currentSpecFileEntry.getTrapFolder(),
|
||||
JARS_DIR + "/" + PathTransformer.std().fileAsDatabaseString(jarFile) + ".trap" + compression.getExtension());
|
||||
JARS_DIR + "/" + PathTransformer.std().fileAsDatabaseString(jarFile) + ".trap.gz");
|
||||
}
|
||||
|
||||
private File getTrapFileForModule(String moduleName) {
|
||||
return FileUtil.appendAbsolutePath(
|
||||
currentSpecFileEntry.getTrapFolder(),
|
||||
MODULES_DIR + "/" + moduleName + ".trap" + compression.getExtension());
|
||||
MODULES_DIR + "/" + moduleName + ".trap.gz");
|
||||
}
|
||||
|
||||
private File trapFileFor(File file) {
|
||||
return FileUtil.appendAbsolutePath(currentSpecFileEntry.getTrapFolder(),
|
||||
PathTransformer.std().fileAsDatabaseString(file) + ".trap" + compression.getExtension());
|
||||
PathTransformer.std().fileAsDatabaseString(file) + ".trap.gz");
|
||||
}
|
||||
|
||||
private File getTrapFileForDecl(IrElement sym, String signature) {
|
||||
@@ -219,7 +214,7 @@ public class OdasaOutput {
|
||||
binaryName.replace('.', '/') +
|
||||
signature +
|
||||
".members" +
|
||||
".trap" + compression.getExtension();
|
||||
".trap.gz";
|
||||
return result;
|
||||
}
|
||||
|
||||
@@ -250,7 +245,7 @@ public class OdasaOutput {
|
||||
// don't need to rewrite it only to rename it
|
||||
// again.
|
||||
File trapFileDir = trap.getParentFile();
|
||||
File trapOld = new File(trapFileDir, trap.getName().replace(".trap" + compression.getExtension(), ".trap-old" + compression.getExtension()));
|
||||
File trapOld = new File(trapFileDir, trap.getName().replace(".trap.gz", ".trap-old.gz"));
|
||||
if (trapOld.exists()) {
|
||||
log.trace("Not rewriting trap file for " + trap.toString() + " as the trap-old exists");
|
||||
return null;
|
||||
@@ -277,7 +272,7 @@ public class OdasaOutput {
|
||||
}
|
||||
|
||||
private TrapFileManager trapWriter(File trapFile, IrElement sym, String signature) {
|
||||
if (!trapFile.getName().endsWith(".trap" + compression.getExtension()))
|
||||
if (!trapFile.getName().endsWith(".trap.gz"))
|
||||
throw new CatastrophicError("OdasaOutput only supports writing to compressed trap files");
|
||||
String relative = FileUtil.relativePath(trapFile, currentSpecFileEntry.getTrapFolder());
|
||||
trapFile.getParentFile().mkdirs();
|
||||
@@ -326,7 +321,7 @@ public class OdasaOutput {
|
||||
writeTrapDependencies(trapDependenciesForClass);
|
||||
}
|
||||
private void writeTrapDependencies(TrapDependencies trapDependencies) {
|
||||
String dep = trapDependencies.trapFile().replace(".trap" + compression.getExtension(), ".dep");
|
||||
String dep = trapDependencies.trapFile().replace(".trap.gz", ".dep");
|
||||
trapDependencies.save(
|
||||
currentSpecFileEntry.getTrapFolder().toPath().resolve(dep));
|
||||
}
|
||||
@@ -340,7 +335,7 @@ public class OdasaOutput {
|
||||
* Trap file locking.
|
||||
*/
|
||||
|
||||
private final Pattern selectClassVersionComponents = Pattern.compile("(.*)#(-?[0-9]+)\\.(-?[0-9]+)-(-?[0-9]+)-(.*)\\.trap.*");
|
||||
private final Pattern selectClassVersionComponents = Pattern.compile("(.*)#(-?[0-9]+)\\.(-?[0-9]+)-(-?[0-9]+)-(.*)\\.trap\\.gz");
|
||||
|
||||
/**
|
||||
* <b>CAUTION</b>: to avoid the potential for deadlock between multiple concurrent extractor processes,
|
||||
@@ -417,12 +412,12 @@ public class OdasaOutput {
|
||||
trapFileVersion = new TrapClassVersion(0, 0, 0, "kotlin");
|
||||
else
|
||||
trapFileVersion = TrapClassVersion.fromSymbol(sym, log);
|
||||
String baseName = normalTrapFile.getName().replace(".trap" + compression.getExtension(), "");
|
||||
String baseName = normalTrapFile.getName().replace(".trap.gz", "");
|
||||
// If a class has lots of inner classes, then we get lots of files
|
||||
// in a single directory. This makes our directory listings later slow.
|
||||
// To avoid this, rather than using files named .../Foo*, we use .../Foo/Foo*.
|
||||
trapFileBase = new File(new File(normalTrapFile.getParentFile(), baseName), baseName);
|
||||
trapFile = new File(trapFileBase.getPath() + '#' + trapFileVersion.toString() + ".trap" + compression.getExtension());
|
||||
trapFile = new File(trapFileBase.getPath() + '#' + trapFileVersion.toString() + ".trap.gz");
|
||||
}
|
||||
}
|
||||
private TrapLocker(File jarFile) {
|
||||
@@ -493,7 +488,7 @@ public class OdasaOutput {
|
||||
for (Pair<File, TrapClassVersion> p: pairs) {
|
||||
if (!latestVersion.equals(p.snd())) {
|
||||
File f = p.fst();
|
||||
File fOld = new File(f.getParentFile(), f.getName().replace(".trap" + compression.getExtension(), ".trap-old" + compression.getExtension()));
|
||||
File fOld = new File(f.getParentFile(), f.getName().replace(".trap.gz", ".trap-old.gz"));
|
||||
// We aren't interested in whether or not this succeeds;
|
||||
// it may fail because a concurrent extractor has already
|
||||
// renamed it.
|
||||
|
||||
@@ -14,7 +14,7 @@ import java.util.ArrayList
|
||||
import java.util.HashSet
|
||||
import java.util.zip.GZIPOutputStream
|
||||
|
||||
class ExternalDeclExtractor(val logger: FileLogger, val compression: Compression, val invocationTrapFile: String, val sourceFilePath: String, val primitiveTypeMapping: PrimitiveTypeMapping, val pluginContext: IrPluginContext, val globalExtensionState: KotlinExtractorGlobalState, val diagnosticTrapWriter: DiagnosticTrapWriter) {
|
||||
class ExternalDeclExtractor(val logger: FileLogger, val invocationTrapFile: String, val sourceFilePath: String, val primitiveTypeMapping: PrimitiveTypeMapping, val pluginContext: IrPluginContext, val globalExtensionState: KotlinExtractorGlobalState, val diagnosticTrapWriter: DiagnosticTrapWriter) {
|
||||
|
||||
val declBinaryNames = HashMap<IrDeclaration, String>()
|
||||
val externalDeclsDone = HashSet<Pair<String, String>>()
|
||||
@@ -23,7 +23,7 @@ class ExternalDeclExtractor(val logger: FileLogger, val compression: Compression
|
||||
val propertySignature = ";property"
|
||||
val fieldSignature = ";field"
|
||||
|
||||
val output = OdasaOutput(false, compression, logger).also {
|
||||
val output = OdasaOutput(false, logger).also {
|
||||
it.setCurrentSourceFile(File(sourceFilePath))
|
||||
}
|
||||
|
||||
@@ -65,7 +65,7 @@ class ExternalDeclExtractor(val logger: FileLogger, val compression: Compression
|
||||
val trapFile = manager.file
|
||||
val trapTmpFile = File.createTempFile("${trapFile.nameWithoutExtension}.", ".${trapFile.extension}.tmp", trapFile.parentFile)
|
||||
try {
|
||||
compression.bufferedWriter(trapTmpFile).use {
|
||||
GZIPOutputStream(trapTmpFile.outputStream()).bufferedWriter().use {
|
||||
extractorFn(it, signature, manager)
|
||||
}
|
||||
|
||||
|
||||
@@ -334,7 +334,7 @@ private fun doFile(
|
||||
// Now elevate to a SourceFileTrapWriter, and populate the
|
||||
// file information
|
||||
val sftw = tw.makeSourceFileTrapWriter(srcFile, true)
|
||||
val externalDeclExtractor = ExternalDeclExtractor(logger, compression, invocationTrapFile, srcFilePath, primitiveTypeMapping, pluginContext, globalExtensionState, fileTrapWriter.getDiagnosticTrapWriter())
|
||||
val externalDeclExtractor = ExternalDeclExtractor(logger, invocationTrapFile, srcFilePath, primitiveTypeMapping, pluginContext, globalExtensionState, fileTrapWriter.getDiagnosticTrapWriter())
|
||||
val linesOfCode = LinesOfCode(logger, sftw, srcFile)
|
||||
val fileExtractor = KotlinFileExtractor(logger, sftw, linesOfCode, srcFilePath, null, externalDeclExtractor, primitiveTypeMapping, pluginContext, KotlinFileExtractor.DeclarationStack(), globalExtensionState)
|
||||
|
||||
@@ -362,19 +362,7 @@ private fun doFile(
|
||||
}
|
||||
}
|
||||
|
||||
enum class Compression(val extension: String) {
|
||||
NONE("") {
|
||||
override fun bufferedWriter(file: File): BufferedWriter {
|
||||
return file.bufferedWriter()
|
||||
}
|
||||
},
|
||||
GZIP(".gz") {
|
||||
override fun bufferedWriter(file: File): BufferedWriter {
|
||||
return GZIPOutputStream(file.outputStream()).bufferedWriter()
|
||||
}
|
||||
};
|
||||
abstract fun bufferedWriter(file: File): BufferedWriter
|
||||
}
|
||||
enum class Compression { NONE, GZIP }
|
||||
|
||||
private fun getTrapFileWriter(compression: Compression, logger: FileLogger, trapFileName: String): TrapFileWriter {
|
||||
return when (compression) {
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
from create_database_utils import *
|
||||
|
||||
def check_extensions(directory, counts):
|
||||
def check_extension(directory, expected_extension):
|
||||
if platform.system() == 'Windows':
|
||||
# It's important that the path is a Unicode path on Windows, so
|
||||
# that the right system calls get used.
|
||||
@@ -8,59 +8,48 @@ def check_extensions(directory, counts):
|
||||
if not directory.startswith("\\\\?\\"):
|
||||
directory = "\\\\?\\" + os.path.abspath(directory)
|
||||
|
||||
check_extensions_worker(counts, directory)
|
||||
check_counts('non-compressed', counts.expected_none, counts.count_none)
|
||||
check_counts('gzipped', counts.expected_gzip, counts.count_gzip)
|
||||
if expected_extension == '.trap':
|
||||
# We start TRAP files with a comment
|
||||
expected_start = b'//'
|
||||
elif expected_extension == '.trap.gz':
|
||||
# The GZip magic numbers
|
||||
expected_start = b'\x1f\x8b'
|
||||
else:
|
||||
raise Exception('Unknown expected extension ' + expected_extension)
|
||||
count = check_extension_worker(directory, expected_extension, expected_start)
|
||||
if count != 1:
|
||||
raise Exception('Expected 1 relevant file, but found ' + str(count) + ' in ' + directory)
|
||||
|
||||
def check_counts(name, expected, count):
|
||||
if expected == -1:
|
||||
if count < 10:
|
||||
raise Exception('Expected lots of ' + name + ' files, but got ' + str(count))
|
||||
elif expected != count:
|
||||
raise Exception('Expected ' + str(expected) + ' ' + name + ' files, but got ' + str(count))
|
||||
|
||||
class Counts:
|
||||
def __init__(self, expected_none, expected_gzip):
|
||||
self.expected_none = expected_none
|
||||
self.expected_gzip = expected_gzip
|
||||
self.count_none = 0
|
||||
self.count_gzip = 0
|
||||
|
||||
def check_extensions_worker(counts, directory):
|
||||
def check_extension_worker(directory, expected_extension, expected_start):
|
||||
count = 0
|
||||
for f in os.listdir(directory):
|
||||
x = os.path.join(directory, f)
|
||||
if os.path.isdir(x):
|
||||
check_extensions_worker(counts, x)
|
||||
elif f.endswith('.trap'):
|
||||
counts.count_none += 1
|
||||
if not startsWith(x, b'//'): # We start TRAP files with a comment
|
||||
raise Exception("TRAP file that doesn't start with a comment: " + f)
|
||||
elif f.endswith('.trap.gz'):
|
||||
counts.count_gzip += 1
|
||||
if not startsWith(x, b'\x1f\x8b'): # The GZip magic numbers
|
||||
raise Exception("GZipped TRAP file that doesn't start with GZip magic numbers: " + f)
|
||||
count += check_extension_worker(x, expected_extension, expected_start)
|
||||
else:
|
||||
if f.startswith('test.kt') and not f.endswith('.set'):
|
||||
if f.endswith(expected_extension):
|
||||
with open(x, 'rb') as f_in:
|
||||
content = f_in.read()
|
||||
if content.startswith(expected_start):
|
||||
count += 1
|
||||
else:
|
||||
raise Exception('Unexpected start to content of ' + x)
|
||||
else:
|
||||
raise Exception('Expected test.kt TRAP file to have extension ' + expected_extension + ', but found ' + x)
|
||||
return count
|
||||
|
||||
def startsWith(f, b):
|
||||
with open(f, 'rb') as f_in:
|
||||
content = f_in.read()
|
||||
return content.startswith(b)
|
||||
|
||||
# In the counts, we expect lots of files of the compression type chosen
|
||||
# (so expected count is -1), but the diagnostic TRAP files will always
|
||||
# be uncompressed (so count_none is always 1 or -1) and the
|
||||
# sourceLocationPrefix TRAP file is always gzipped (so count_gzip is
|
||||
# always 1 or -1).
|
||||
run_codeql_database_create(['kotlinc test.kt'], test_db="default-db", db=None, lang="java")
|
||||
check_extensions('default-db/trap', Counts(1, -1))
|
||||
check_extension('default-db/trap', '.trap.gz')
|
||||
os.environ["CODEQL_EXTRACTOR_JAVA_OPTION_TRAP_COMPRESSION"] = "nOnE"
|
||||
run_codeql_database_create(['kotlinc test.kt'], test_db="none-db", db=None, lang="java")
|
||||
check_extensions('none-db/trap', Counts(-1, 1))
|
||||
check_extension('none-db/trap', '.trap')
|
||||
os.environ["CODEQL_EXTRACTOR_JAVA_OPTION_TRAP_COMPRESSION"] = "gzip"
|
||||
run_codeql_database_create(['kotlinc test.kt'], test_db="gzip-db", db=None, lang="java")
|
||||
check_extensions('gzip-db/trap', Counts(1, -1))
|
||||
check_extension('gzip-db/trap', '.trap.gz')
|
||||
os.environ["CODEQL_EXTRACTOR_JAVA_OPTION_TRAP_COMPRESSION"] = "brotli"
|
||||
run_codeql_database_create(['kotlinc test.kt'], test_db="brotli-db", db=None, lang="java")
|
||||
check_extensions('brotli-db/trap', Counts(1, -1))
|
||||
check_extension('brotli-db/trap', '.trap.gz')
|
||||
os.environ["CODEQL_EXTRACTOR_JAVA_OPTION_TRAP_COMPRESSION"] = "invalidValue"
|
||||
run_codeql_database_create(['kotlinc test.kt'], test_db="invalid-db", db=None, lang="java")
|
||||
check_extensions('invalid-db/trap', Counts(1, -1))
|
||||
check_extension('invalid-db/trap', '.trap.gz')
|
||||
|
||||
@@ -44,7 +44,7 @@ abstract class GeneratedFile extends File { }
|
||||
/**
|
||||
* A file detected as generated based on commonly-used marker comments.
|
||||
*/
|
||||
class MarkerCommentGeneratedFile extends GeneratedFile {
|
||||
library class MarkerCommentGeneratedFile extends GeneratedFile {
|
||||
MarkerCommentGeneratedFile() { any(GeneratedFileMarker t).getFile() = this }
|
||||
}
|
||||
|
||||
|
||||
@@ -86,7 +86,7 @@ class ReflectiveAccessAnnotation extends Annotation {
|
||||
*/
|
||||
abstract class NonReflectiveAnnotation extends Annotation { }
|
||||
|
||||
class StandardNonReflectiveAnnotation extends NonReflectiveAnnotation {
|
||||
library class StandardNonReflectiveAnnotation extends NonReflectiveAnnotation {
|
||||
StandardNonReflectiveAnnotation() {
|
||||
this.getType()
|
||||
.hasQualifiedName("java.lang", ["Override", "Deprecated", "SuppressWarnings", "SafeVarargs"])
|
||||
|
||||
@@ -24,7 +24,7 @@ abstract class DeserializableField extends Field { }
|
||||
* A non-`transient` field in a type that (directly or indirectly) implements the `Serializable` interface
|
||||
* and may be read or written via serialization.
|
||||
*/
|
||||
class StandardSerializableField extends SerializableField, DeserializableField {
|
||||
library class StandardSerializableField extends SerializableField, DeserializableField {
|
||||
StandardSerializableField() {
|
||||
this.getDeclaringType().getAnAncestor() instanceof TypeSerializable and
|
||||
not this.isTransient()
|
||||
|
||||
@@ -140,7 +140,7 @@ class NamespaceClass extends RefType {
|
||||
* This represents the set of classes and interfaces for which we will determine liveness. Each
|
||||
* `SourceClassOrInterfacce` will either be a `LiveClass` or `DeadClass`.
|
||||
*/
|
||||
class SourceClassOrInterface extends ClassOrInterface {
|
||||
library class SourceClassOrInterface extends ClassOrInterface {
|
||||
SourceClassOrInterface() { this.fromSource() }
|
||||
}
|
||||
|
||||
|
||||
@@ -9,7 +9,7 @@ import semmle.code.java.frameworks.jackson.JacksonSerializability
|
||||
*
|
||||
* This defines the set of fields for which we will determine liveness.
|
||||
*/
|
||||
class SourceField extends Field {
|
||||
library class SourceField extends Field {
|
||||
SourceField() { this.fromSource() }
|
||||
}
|
||||
|
||||
|
||||
@@ -94,7 +94,7 @@ abstract class ReflectivelyConstructedClass extends EntryPoint, Class {
|
||||
/**
|
||||
* Classes that are deserialized by Jackson are reflectively constructed.
|
||||
*/
|
||||
class JacksonReflectivelyConstructedClass extends ReflectivelyConstructedClass instanceof JacksonDeserializableType
|
||||
library class JacksonReflectivelyConstructedClass extends ReflectivelyConstructedClass instanceof JacksonDeserializableType
|
||||
{
|
||||
override Callable getALiveCallable() {
|
||||
// Constructors may be called by Jackson, if they are a no-arg, they have a suitable annotation,
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
import semmle.code.java.Type
|
||||
|
||||
class JaxbElement extends Class {
|
||||
library class JaxbElement extends Class {
|
||||
JaxbElement() {
|
||||
this.getAnAncestor().getQualifiedName() = "javax.xml.bind.JAXBElement" or
|
||||
this.getAnAnnotation().getType().getName() = "XmlRootElement"
|
||||
@@ -12,7 +12,7 @@ class JaxbElement extends Class {
|
||||
/** DEPRECATED: Alias for JaxbElement */
|
||||
deprecated class JAXBElement = JaxbElement;
|
||||
|
||||
class JaxbMarshalMethod extends Method {
|
||||
library class JaxbMarshalMethod extends Method {
|
||||
JaxbMarshalMethod() {
|
||||
this.getDeclaringType().getQualifiedName() = "javax.xml.bind.Marshaller" and
|
||||
this.getName() = "marshal"
|
||||
@@ -151,7 +151,7 @@ class JaxbBoundField extends Field {
|
||||
/**
|
||||
* A getter or setter method, as defined by whether the method name starts with "set" or "get".
|
||||
*/
|
||||
class GetterOrSetterMethod extends Method {
|
||||
library class GetterOrSetterMethod extends Method {
|
||||
GetterOrSetterMethod() { this.getName().matches("get%") or this.getName().matches("set%") }
|
||||
|
||||
Field getField() {
|
||||
|
||||
@@ -301,7 +301,7 @@ private int mockableParameterCount(Constructor constructor) {
|
||||
/**
|
||||
* A class which is referenced by an `@InjectMocks` field.
|
||||
*/
|
||||
class MockitoMockInjectedClass extends Class {
|
||||
library class MockitoMockInjectedClass extends Class {
|
||||
MockitoMockInjectedClass() {
|
||||
// There must be an `@InjectMock` field that has `this` as the type.
|
||||
exists(MockitoInjectedField injectedField | this = injectedField.getType())
|
||||
|
||||
@@ -19,7 +19,7 @@ import java
|
||||
import semmle.code.java.Reflection
|
||||
import semmle.code.java.frameworks.spring.Spring
|
||||
|
||||
class CamelAnnotation extends Annotation {
|
||||
library class CamelAnnotation extends Annotation {
|
||||
CamelAnnotation() { this.getType().getPackage().hasName("org.apache.camel") }
|
||||
}
|
||||
|
||||
|
||||
@@ -21,7 +21,7 @@ import semmle.code.java.frameworks.spring.Spring
|
||||
/**
|
||||
* A method call to a ProcessorDefinition element.
|
||||
*/
|
||||
class ProcessorDefinitionElement extends MethodAccess {
|
||||
library class ProcessorDefinitionElement extends MethodAccess {
|
||||
ProcessorDefinitionElement() {
|
||||
this.getMethod()
|
||||
.getDeclaringType()
|
||||
|
||||
@@ -7,7 +7,7 @@ import semmle.code.java.frameworks.javaee.jsf.JSFFacesContextXML
|
||||
/**
|
||||
* A method that is visible to faces, if the instance type is visible to faces.
|
||||
*/
|
||||
class FacesVisibleMethod extends Method {
|
||||
library class FacesVisibleMethod extends Method {
|
||||
FacesVisibleMethod() { this.isPublic() and not this.isStatic() }
|
||||
}
|
||||
|
||||
|
||||
@@ -6,7 +6,7 @@ import semmle.code.xml.MavenPom
|
||||
/**
|
||||
* A Maven dependency on the Struts 2 convention plugin.
|
||||
*/
|
||||
class Struts2ConventionDependency extends Dependency {
|
||||
library class Struts2ConventionDependency extends Dependency {
|
||||
Struts2ConventionDependency() {
|
||||
this.getGroup().getValue() = "org.apache.struts" and
|
||||
this.getArtifact().getValue() = "struts2-convention-plugin"
|
||||
|
||||
@@ -6,7 +6,7 @@ import semmle.code.java.dataflow.SSA
|
||||
/**
|
||||
* The kind of bound that is known to hold for some variable.
|
||||
*/
|
||||
class BoundKind extends string {
|
||||
library class BoundKind extends string {
|
||||
BoundKind() { this = ["=", "!=", ">=", "<="] }
|
||||
|
||||
predicate isEqual() { this = "=" }
|
||||
|
||||
@@ -22,7 +22,7 @@ module ThreadResourceAbuseConfig implements DataFlow::ConfigSig {
|
||||
predicate isSink(DataFlow::Node sink) { sink instanceof PauseThreadSink }
|
||||
|
||||
predicate isAdditionalFlowStep(DataFlow::Node pred, DataFlow::Node succ) {
|
||||
any(ThreadResourceAbuseAdditionalTaintStep c).step(pred, succ)
|
||||
any(AdditionalValueStep r).step(pred, succ)
|
||||
}
|
||||
|
||||
predicate isBarrier(DataFlow::Node node) {
|
||||
|
||||
@@ -3,7 +3,6 @@
|
||||
import java
|
||||
import semmle.code.java.dataflow.DataFlow
|
||||
private import semmle.code.java.dataflow.ExternalFlow
|
||||
import semmle.code.java.arithmetic.Overflow
|
||||
import semmle.code.java.dataflow.FlowSteps
|
||||
import semmle.code.java.controlflow.Guards
|
||||
|
||||
@@ -62,34 +61,3 @@ private class ApacheFileUploadProgressUpdateStep extends AdditionalValueStep {
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* A unit class for adding additional taint steps.
|
||||
*
|
||||
* Extend this class to add additional taint steps that should apply to the `ThreadResourceAbuseConfig`.
|
||||
*/
|
||||
class ThreadResourceAbuseAdditionalTaintStep extends Unit {
|
||||
/**
|
||||
* Holds if the step from `node1` to `node2` should be considered a taint
|
||||
* step for the `ThreadResourceAbuseConfig` configuration.
|
||||
*/
|
||||
abstract predicate step(DataFlow::Node node1, DataFlow::Node node2);
|
||||
}
|
||||
|
||||
/** A set of additional taint steps to consider when taint tracking thread resource abuse related data flows. */
|
||||
private class DefaultThreadResourceAbuseAdditionalTaintStep extends ThreadResourceAbuseAdditionalTaintStep
|
||||
{
|
||||
override predicate step(DataFlow::Node node1, DataFlow::Node node2) {
|
||||
threadResourceAbuseArithmeticTaintStep(node1, node2)
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if the step `node1` -> `node2` is an additional taint-step that performs an addition, multiplication,
|
||||
* subtraction, or division.
|
||||
*/
|
||||
private predicate threadResourceAbuseArithmeticTaintStep(
|
||||
DataFlow::Node fromNode, DataFlow::Node toNode
|
||||
) {
|
||||
toNode.asExpr().(ArithExpr).getAnOperand() = fromNode.asExpr()
|
||||
}
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
/**
|
||||
* @name Framework coverage
|
||||
* @description The number of API endpoints covered by MaD models sorted by
|
||||
* @description The number of API endpoints covered by CSV models sorted by
|
||||
* package and source-, sink-, and summary-kind.
|
||||
* @kind table
|
||||
* @id java/meta/framework-coverage
|
||||
|
||||
@@ -17,11 +17,6 @@ edges
|
||||
| ThreadResourceAbuse.java:209:30:209:87 | new UploadListener(...) : UploadListener [slowUploads] : Number | UploadListener.java:28:14:28:19 | parameter this : UploadListener [slowUploads] : Number |
|
||||
| ThreadResourceAbuse.java:209:49:209:59 | uploadDelay : Number | ThreadResourceAbuse.java:209:30:209:87 | new UploadListener(...) : UploadListener [slowUploads] : Number |
|
||||
| ThreadResourceAbuse.java:209:49:209:59 | uploadDelay : Number | UploadListener.java:15:24:15:44 | sleepMilliseconds : Number |
|
||||
| ThreadResourceAbuse.java:215:19:215:50 | getHeader(...) : String | ThreadResourceAbuse.java:219:17:219:26 | retryAfter : Number |
|
||||
| ThreadResourceAbuse.java:219:17:219:26 | retryAfter : Number | ThreadResourceAbuse.java:219:17:219:33 | ... * ... |
|
||||
| ThreadResourceAbuse.java:227:19:227:50 | getHeader(...) : String | ThreadResourceAbuse.java:230:3:230:12 | retryAfter : Number |
|
||||
| ThreadResourceAbuse.java:230:3:230:12 | retryAfter : Number | ThreadResourceAbuse.java:230:3:230:20 | ...*=... : Number |
|
||||
| ThreadResourceAbuse.java:230:3:230:20 | ...*=... : Number | ThreadResourceAbuse.java:233:17:233:26 | retryAfter |
|
||||
| UploadListener.java:15:24:15:44 | sleepMilliseconds : Number | UploadListener.java:16:17:16:33 | sleepMilliseconds : Number |
|
||||
| UploadListener.java:16:17:16:33 | sleepMilliseconds : Number | UploadListener.java:16:3:16:13 | this <.field> [post update] : UploadListener [slowUploads] : Number |
|
||||
| UploadListener.java:28:14:28:19 | parameter this : UploadListener [slowUploads] : Number | UploadListener.java:29:3:29:11 | this <.field> : UploadListener [slowUploads] : Number |
|
||||
@@ -51,13 +46,6 @@ nodes
|
||||
| ThreadResourceAbuse.java:206:28:206:56 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| ThreadResourceAbuse.java:209:30:209:87 | new UploadListener(...) : UploadListener [slowUploads] : Number | semmle.label | new UploadListener(...) : UploadListener [slowUploads] : Number |
|
||||
| ThreadResourceAbuse.java:209:49:209:59 | uploadDelay : Number | semmle.label | uploadDelay : Number |
|
||||
| ThreadResourceAbuse.java:215:19:215:50 | getHeader(...) : String | semmle.label | getHeader(...) : String |
|
||||
| ThreadResourceAbuse.java:219:17:219:26 | retryAfter : Number | semmle.label | retryAfter : Number |
|
||||
| ThreadResourceAbuse.java:219:17:219:33 | ... * ... | semmle.label | ... * ... |
|
||||
| ThreadResourceAbuse.java:227:19:227:50 | getHeader(...) : String | semmle.label | getHeader(...) : String |
|
||||
| ThreadResourceAbuse.java:230:3:230:12 | retryAfter : Number | semmle.label | retryAfter : Number |
|
||||
| ThreadResourceAbuse.java:230:3:230:20 | ...*=... : Number | semmle.label | ...*=... : Number |
|
||||
| ThreadResourceAbuse.java:233:17:233:26 | retryAfter | semmle.label | retryAfter |
|
||||
| UploadListener.java:15:24:15:44 | sleepMilliseconds : Number | semmle.label | sleepMilliseconds : Number |
|
||||
| UploadListener.java:16:3:16:13 | this <.field> [post update] : UploadListener [slowUploads] : Number | semmle.label | this <.field> [post update] : UploadListener [slowUploads] : Number |
|
||||
| UploadListener.java:16:17:16:33 | sleepMilliseconds : Number | semmle.label | sleepMilliseconds : Number |
|
||||
@@ -77,6 +65,4 @@ subpaths
|
||||
| ThreadResourceAbuse.java:74:18:74:25 | waitTime | ThreadResourceAbuse.java:29:82:29:114 | getParameter(...) : String | ThreadResourceAbuse.java:74:18:74:25 | waitTime | Vulnerability of uncontrolled resource consumption due to $@. | ThreadResourceAbuse.java:29:82:29:114 | getParameter(...) | user-provided value |
|
||||
| ThreadResourceAbuse.java:144:34:144:42 | delayTime | ThreadResourceAbuse.java:141:27:141:43 | getValue(...) : String | ThreadResourceAbuse.java:144:34:144:42 | delayTime | Vulnerability of uncontrolled resource consumption due to $@. | ThreadResourceAbuse.java:141:27:141:43 | getValue(...) | user-provided value |
|
||||
| ThreadResourceAbuse.java:176:17:176:26 | retryAfter | ThreadResourceAbuse.java:172:19:172:50 | getHeader(...) : String | ThreadResourceAbuse.java:176:17:176:26 | retryAfter | Vulnerability of uncontrolled resource consumption due to $@. | ThreadResourceAbuse.java:172:19:172:50 | getHeader(...) | user-provided value |
|
||||
| ThreadResourceAbuse.java:219:17:219:33 | ... * ... | ThreadResourceAbuse.java:215:19:215:50 | getHeader(...) : String | ThreadResourceAbuse.java:219:17:219:33 | ... * ... | Vulnerability of uncontrolled resource consumption due to $@. | ThreadResourceAbuse.java:215:19:215:50 | getHeader(...) | user-provided value |
|
||||
| ThreadResourceAbuse.java:233:17:233:26 | retryAfter | ThreadResourceAbuse.java:227:19:227:50 | getHeader(...) : String | ThreadResourceAbuse.java:233:17:233:26 | retryAfter | Vulnerability of uncontrolled resource consumption due to $@. | ThreadResourceAbuse.java:227:19:227:50 | getHeader(...) | user-provided value |
|
||||
| UploadListener.java:35:18:35:28 | slowUploads | ThreadResourceAbuse.java:206:28:206:56 | getParameter(...) : String | UploadListener.java:35:18:35:28 | slowUploads | Vulnerability of uncontrolled resource consumption due to $@. | ThreadResourceAbuse.java:206:28:206:56 | getParameter(...) | user-provided value |
|
||||
|
||||
@@ -209,30 +209,4 @@ public class ThreadResourceAbuse extends HttpServlet {
|
||||
UploadListener listener = new UploadListener(uploadDelay, getContentLength(request));
|
||||
} catch (Exception e) { }
|
||||
}
|
||||
|
||||
protected void doHead5(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
|
||||
// BAD: Get thread pause time from request header with binary multiplication expression and without validation
|
||||
String header = request.getHeader("Retry-After");
|
||||
int retryAfter = Integer.parseInt(header);
|
||||
|
||||
try {
|
||||
Thread.sleep(retryAfter * 1000);
|
||||
} catch (InterruptedException ignore) {
|
||||
// ignore
|
||||
}
|
||||
}
|
||||
|
||||
protected void doHead6(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
|
||||
// BAD: Get thread pause time from request header with multiplication assignment operator and without validation
|
||||
String header = request.getHeader("Retry-After");
|
||||
int retryAfter = Integer.parseInt(header);
|
||||
|
||||
retryAfter *= 1000;
|
||||
|
||||
try {
|
||||
Thread.sleep(retryAfter);
|
||||
} catch (InterruptedException ignore) {
|
||||
// ignore
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -314,9 +314,8 @@ public class ESNextParser extends JSXParser {
|
||||
this.parseExportSpecifiersMaybe(specifiers, exports);
|
||||
}
|
||||
Literal source = (Literal) this.parseExportFrom(specifiers, null, true);
|
||||
Expression attributes = this.parseImportOrExportAttributesAndSemicolon();
|
||||
return this.finishNode(
|
||||
new ExportNamedDeclaration(exportStart, null, specifiers, source, attributes));
|
||||
Expression assertion = this.parseImportOrExportAssertionAndSemicolon();
|
||||
return this.finishNode(new ExportNamedDeclaration(exportStart, null, specifiers, source, assertion));
|
||||
}
|
||||
|
||||
return super.parseExportRest(exportStart, exports);
|
||||
@@ -332,9 +331,8 @@ public class ESNextParser extends JSXParser {
|
||||
List<ExportSpecifier> specifiers = CollectionUtil.makeList(nsSpec);
|
||||
this.parseExportSpecifiersMaybe(specifiers, exports);
|
||||
Literal source = (Literal) this.parseExportFrom(specifiers, null, true);
|
||||
Expression attributes = this.parseImportOrExportAttributesAndSemicolon();
|
||||
return this.finishNode(
|
||||
new ExportNamedDeclaration(exportStart, null, specifiers, source, attributes));
|
||||
Expression assertion = this.parseImportOrExportAssertionAndSemicolon();
|
||||
return this.finishNode(new ExportNamedDeclaration(exportStart, null, specifiers, source, assertion));
|
||||
}
|
||||
|
||||
return super.parseExportAll(exportStart, starLoc, exports);
|
||||
|
||||
@@ -3447,7 +3447,7 @@ public class Parser {
|
||||
Statement declaration;
|
||||
List<ExportSpecifier> specifiers;
|
||||
Expression source = null;
|
||||
Expression attributes = null;
|
||||
Expression assertion = null;
|
||||
if (this.shouldParseExportStatement()) {
|
||||
declaration = this.parseStatement(true, false);
|
||||
if (declaration == null) return null;
|
||||
@@ -3463,10 +3463,10 @@ public class Parser {
|
||||
declaration = null;
|
||||
specifiers = this.parseExportSpecifiers(exports);
|
||||
source = parseExportFrom(specifiers, source, false);
|
||||
attributes = parseImportOrExportAttributesAndSemicolon();
|
||||
assertion = parseImportOrExportAssertionAndSemicolon();
|
||||
}
|
||||
return this.finishNode(
|
||||
new ExportNamedDeclaration(loc, declaration, specifiers, (Literal) source, attributes));
|
||||
new ExportNamedDeclaration(loc, declaration, specifiers, (Literal) source, assertion));
|
||||
}
|
||||
|
||||
/** Parses the 'from' clause of an export, not including the assertion or semicolon. */
|
||||
@@ -3494,8 +3494,8 @@ public class Parser {
|
||||
protected ExportDeclaration parseExportAll(
|
||||
SourceLocation loc, Position starLoc, Set<String> exports) {
|
||||
Expression source = parseExportFrom(null, null, true);
|
||||
Expression attributes = parseImportOrExportAttributesAndSemicolon();
|
||||
return this.finishNode(new ExportAllDeclaration(loc, (Literal) source, attributes));
|
||||
Expression assertion = parseImportOrExportAssertionAndSemicolon();
|
||||
return this.finishNode(new ExportAllDeclaration(loc, (Literal) source, assertion));
|
||||
}
|
||||
|
||||
private void checkExport(Set<String> exports, String name, Position pos) {
|
||||
@@ -3560,12 +3560,10 @@ public class Parser {
|
||||
return parseImportRest(loc);
|
||||
}
|
||||
|
||||
protected Expression parseImportOrExportAttributesAndSemicolon() {
|
||||
protected Expression parseImportOrExportAssertionAndSemicolon() {
|
||||
Expression result = null;
|
||||
if (!this.eagerlyTrySemicolon()) {
|
||||
if (!this.eatContextual("assert")) {
|
||||
this.expect(TokenType._with);
|
||||
}
|
||||
this.expectContextual("assert");
|
||||
result = this.parseObj(false, null);
|
||||
this.semicolon();
|
||||
}
|
||||
@@ -3585,9 +3583,9 @@ public class Parser {
|
||||
if (this.type != TokenType.string) this.unexpected();
|
||||
source = (Literal) this.parseExprAtom(null);
|
||||
}
|
||||
Expression attributes = this.parseImportOrExportAttributesAndSemicolon();
|
||||
Expression assertion = this.parseImportOrExportAssertionAndSemicolon();
|
||||
if (specifiers == null) return null;
|
||||
return this.finishNode(new ImportDeclaration(loc, specifiers, source, attributes));
|
||||
return this.finishNode(new ImportDeclaration(loc, specifiers, source, assertion));
|
||||
}
|
||||
|
||||
// Parses a comma-separated list of module imports.
|
||||
|
||||
@@ -943,12 +943,12 @@ public class FlowParser extends ESNextParser {
|
||||
// `export type { foo, bar };`
|
||||
List<ExportSpecifier> specifiers = this.parseExportSpecifiers(exports);
|
||||
this.parseExportFrom(specifiers, null, false);
|
||||
this.parseImportOrExportAttributesAndSemicolon();
|
||||
this.parseImportOrExportAssertionAndSemicolon();
|
||||
return null;
|
||||
} else if (this.eat(TokenType.star)) {
|
||||
if (this.eatContextual("as")) this.parseIdent(true);
|
||||
this.parseExportFrom(null, null, true);
|
||||
this.parseImportOrExportAttributesAndSemicolon();
|
||||
this.parseImportOrExportAssertionAndSemicolon();
|
||||
return null;
|
||||
} else {
|
||||
// `export type Foo = Bar;`
|
||||
|
||||
@@ -14,10 +14,7 @@ public class DynamicImport extends Expression {
|
||||
return source;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the second "argument" provided to the import, such as <code>{ "with": { type: "json" }}
|
||||
* </code>.
|
||||
*/
|
||||
/** Returns the second "argument" provided to the import, such as <code>{ assert: { type: "json" }}</code>. */
|
||||
public Expression getAttributes() {
|
||||
return attributes;
|
||||
}
|
||||
|
||||
@@ -9,20 +9,20 @@ package com.semmle.js.ast;
|
||||
*/
|
||||
public class ExportAllDeclaration extends ExportDeclaration {
|
||||
private final Literal source;
|
||||
private final Expression attributes;
|
||||
private final Expression assertion;
|
||||
|
||||
public ExportAllDeclaration(SourceLocation loc, Literal source, Expression attributes) {
|
||||
public ExportAllDeclaration(SourceLocation loc, Literal source, Expression assertion) {
|
||||
super("ExportAllDeclaration", loc);
|
||||
this.source = source;
|
||||
this.attributes = attributes;
|
||||
this.assertion = assertion;
|
||||
}
|
||||
|
||||
public Literal getSource() {
|
||||
return source;
|
||||
}
|
||||
|
||||
public Expression getAttributes() {
|
||||
return attributes;
|
||||
public Expression getAssertion() {
|
||||
return assertion;
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@@ -15,30 +15,22 @@ public class ExportNamedDeclaration extends ExportDeclaration {
|
||||
private final Statement declaration;
|
||||
private final List<ExportSpecifier> specifiers;
|
||||
private final Literal source;
|
||||
private final Expression attributes;
|
||||
private final Expression assertion;
|
||||
private final boolean hasTypeKeyword;
|
||||
|
||||
public ExportNamedDeclaration(
|
||||
SourceLocation loc,
|
||||
Statement declaration,
|
||||
List<ExportSpecifier> specifiers,
|
||||
Literal source,
|
||||
Expression attributes) {
|
||||
this(loc, declaration, specifiers, source, attributes, false);
|
||||
SourceLocation loc, Statement declaration, List<ExportSpecifier> specifiers, Literal source, Expression assertion) {
|
||||
this(loc, declaration, specifiers, source, assertion, false);
|
||||
}
|
||||
|
||||
public ExportNamedDeclaration(
|
||||
SourceLocation loc,
|
||||
Statement declaration,
|
||||
List<ExportSpecifier> specifiers,
|
||||
Literal source,
|
||||
Expression attributes,
|
||||
boolean hasTypeKeyword) {
|
||||
SourceLocation loc, Statement declaration, List<ExportSpecifier> specifiers, Literal source,
|
||||
Expression assertion, boolean hasTypeKeyword) {
|
||||
super("ExportNamedDeclaration", loc);
|
||||
this.declaration = declaration;
|
||||
this.specifiers = specifiers;
|
||||
this.source = source;
|
||||
this.attributes = attributes;
|
||||
this.assertion = assertion;
|
||||
this.hasTypeKeyword = hasTypeKeyword;
|
||||
}
|
||||
|
||||
@@ -67,12 +59,9 @@ public class ExportNamedDeclaration extends ExportDeclaration {
|
||||
return v.visit(this, c);
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the expression after the <code>with</code> keyword, if any, such as <code>
|
||||
* { type: "json" }</code>.
|
||||
*/
|
||||
public Expression getAttributes() {
|
||||
return attributes;
|
||||
/** Returns the expression after the <code>assert</code> keyword, if any, such as <code>{ type: "json" }</code>. */
|
||||
public Expression getAssertion() {
|
||||
return assertion;
|
||||
}
|
||||
|
||||
/** Returns true if this is an <code>export type</code> declaration. */
|
||||
|
||||
@@ -1,8 +1,9 @@
|
||||
package com.semmle.js.ast;
|
||||
|
||||
import com.semmle.ts.ast.INodeWithSymbol;
|
||||
import java.util.List;
|
||||
|
||||
import com.semmle.ts.ast.INodeWithSymbol;
|
||||
|
||||
/**
|
||||
* An import declaration, which can be of one of the following forms:
|
||||
*
|
||||
@@ -22,27 +23,21 @@ public class ImportDeclaration extends Statement implements INodeWithSymbol {
|
||||
/** The module from which declarations are imported. */
|
||||
private final Literal source;
|
||||
|
||||
private final Expression attributes;
|
||||
private final Expression assertion;
|
||||
|
||||
private int symbol = -1;
|
||||
|
||||
private boolean hasTypeKeyword;
|
||||
|
||||
public ImportDeclaration(
|
||||
SourceLocation loc, List<ImportSpecifier> specifiers, Literal source, Expression attributes) {
|
||||
this(loc, specifiers, source, attributes, false);
|
||||
public ImportDeclaration(SourceLocation loc, List<ImportSpecifier> specifiers, Literal source, Expression assertion) {
|
||||
this(loc, specifiers, source, assertion, false);
|
||||
}
|
||||
|
||||
public ImportDeclaration(
|
||||
SourceLocation loc,
|
||||
List<ImportSpecifier> specifiers,
|
||||
Literal source,
|
||||
Expression attributes,
|
||||
boolean hasTypeKeyword) {
|
||||
public ImportDeclaration(SourceLocation loc, List<ImportSpecifier> specifiers, Literal source, Expression assertion, boolean hasTypeKeyword) {
|
||||
super("ImportDeclaration", loc);
|
||||
this.specifiers = specifiers;
|
||||
this.source = source;
|
||||
this.attributes = attributes;
|
||||
this.assertion = assertion;
|
||||
this.hasTypeKeyword = hasTypeKeyword;
|
||||
}
|
||||
|
||||
@@ -54,12 +49,9 @@ public class ImportDeclaration extends Statement implements INodeWithSymbol {
|
||||
return specifiers;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the expression after the <code>with</code> keyword, if any, such as <code>
|
||||
* { type: "json" }</code>.
|
||||
*/
|
||||
public Expression getAttributes() {
|
||||
return attributes;
|
||||
/** Returns the expression after the <code>assert</code> keyword, if any, such as <code>{ type: "json" }</code>. */
|
||||
public Expression getAssertion() {
|
||||
return assertion;
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@@ -1,5 +1,8 @@
|
||||
package com.semmle.js.ast;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
import com.semmle.js.ast.jsx.JSXAttribute;
|
||||
import com.semmle.js.ast.jsx.JSXClosingElement;
|
||||
import com.semmle.js.ast.jsx.JSXElement;
|
||||
@@ -39,18 +42,16 @@ import com.semmle.ts.ast.OptionalTypeExpr;
|
||||
import com.semmle.ts.ast.ParenthesizedTypeExpr;
|
||||
import com.semmle.ts.ast.PredicateTypeExpr;
|
||||
import com.semmle.ts.ast.RestTypeExpr;
|
||||
import com.semmle.ts.ast.SatisfiesExpr;
|
||||
import com.semmle.ts.ast.TemplateLiteralTypeExpr;
|
||||
import com.semmle.ts.ast.TupleTypeExpr;
|
||||
import com.semmle.ts.ast.TypeAliasDeclaration;
|
||||
import com.semmle.ts.ast.TypeAssertion;
|
||||
import com.semmle.ts.ast.SatisfiesExpr;
|
||||
import com.semmle.ts.ast.TypeParameter;
|
||||
import com.semmle.ts.ast.TypeofTypeExpr;
|
||||
import com.semmle.ts.ast.UnaryTypeExpr;
|
||||
import com.semmle.ts.ast.UnionTypeExpr;
|
||||
import com.semmle.util.data.IntList;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
/** Deep cloning of AST nodes. */
|
||||
public class NodeCopier implements Visitor<Void, INode> {
|
||||
@@ -428,8 +429,7 @@ public class NodeCopier implements Visitor<Void, INode> {
|
||||
|
||||
@Override
|
||||
public TemplateLiteralTypeExpr visit(TemplateLiteralTypeExpr nd, Void q) {
|
||||
return new TemplateLiteralTypeExpr(
|
||||
visit(nd.getLoc()), copy(nd.getExpressions()), copy(nd.getQuasis()));
|
||||
return new TemplateLiteralTypeExpr(visit(nd.getLoc()), copy(nd.getExpressions()), copy(nd.getQuasis()));
|
||||
}
|
||||
|
||||
@Override
|
||||
@@ -523,8 +523,7 @@ public class NodeCopier implements Visitor<Void, INode> {
|
||||
|
||||
@Override
|
||||
public ExportAllDeclaration visit(ExportAllDeclaration nd, Void c) {
|
||||
return new ExportAllDeclaration(
|
||||
visit(nd.getLoc()), copy(nd.getSource()), copy(nd.getAttributes()));
|
||||
return new ExportAllDeclaration(visit(nd.getLoc()), copy(nd.getSource()), copy(nd.getAssertion()));
|
||||
}
|
||||
|
||||
@Override
|
||||
@@ -539,7 +538,7 @@ public class NodeCopier implements Visitor<Void, INode> {
|
||||
copy(nd.getDeclaration()),
|
||||
copy(nd.getSpecifiers()),
|
||||
copy(nd.getSource()),
|
||||
copy(nd.getAttributes()));
|
||||
copy(nd.getAssertion()));
|
||||
}
|
||||
|
||||
@Override
|
||||
@@ -560,11 +559,7 @@ public class NodeCopier implements Visitor<Void, INode> {
|
||||
@Override
|
||||
public ImportDeclaration visit(ImportDeclaration nd, Void c) {
|
||||
return new ImportDeclaration(
|
||||
visit(nd.getLoc()),
|
||||
copy(nd.getSpecifiers()),
|
||||
copy(nd.getSource()),
|
||||
copy(nd.getAttributes()),
|
||||
nd.hasTypeKeyword());
|
||||
visit(nd.getLoc()), copy(nd.getSpecifiers()), copy(nd.getSource()), copy(nd.getAssertion()), nd.hasTypeKeyword());
|
||||
}
|
||||
|
||||
@Override
|
||||
@@ -730,8 +725,7 @@ public class NodeCopier implements Visitor<Void, INode> {
|
||||
|
||||
@Override
|
||||
public INode visit(TupleTypeExpr nd, Void c) {
|
||||
return new TupleTypeExpr(
|
||||
visit(nd.getLoc()), copy(nd.getElementTypes()), copy(nd.getElementNames()));
|
||||
return new TupleTypeExpr(visit(nd.getLoc()), copy(nd.getElementTypes()), copy(nd.getElementNames()));
|
||||
}
|
||||
|
||||
@Override
|
||||
@@ -793,7 +787,9 @@ public class NodeCopier implements Visitor<Void, INode> {
|
||||
@Override
|
||||
public INode visit(SatisfiesExpr nd, Void c) {
|
||||
return new SatisfiesExpr(
|
||||
visit(nd.getLoc()), copy(nd.getExpression()), copy(nd.getTypeAnnotation()));
|
||||
visit(nd.getLoc()),
|
||||
copy(nd.getExpression()),
|
||||
copy(nd.getTypeAnnotation()));
|
||||
}
|
||||
|
||||
@Override
|
||||
@@ -911,8 +907,7 @@ public class NodeCopier implements Visitor<Void, INode> {
|
||||
|
||||
@Override
|
||||
public INode visit(GeneratedCodeExpr nd, Void c) {
|
||||
return new GeneratedCodeExpr(
|
||||
visit(nd.getLoc()), nd.getOpeningDelimiter(), nd.getClosingDelimiter(), nd.getBody());
|
||||
return new GeneratedCodeExpr(visit(nd.getLoc()), nd.getOpeningDelimiter(), nd.getClosingDelimiter(), nd.getBody());
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
@@ -1,5 +1,15 @@
|
||||
package com.semmle.js.extractor;
|
||||
|
||||
import java.nio.file.Path;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collections;
|
||||
import java.util.HashSet;
|
||||
import java.util.Arrays;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
import java.util.Stack;
|
||||
import java.util.regex.Matcher;
|
||||
|
||||
import com.semmle.js.ast.AClass;
|
||||
import com.semmle.js.ast.AFunction;
|
||||
import com.semmle.js.ast.AFunctionExpression;
|
||||
@@ -140,11 +150,11 @@ import com.semmle.ts.ast.OptionalTypeExpr;
|
||||
import com.semmle.ts.ast.ParenthesizedTypeExpr;
|
||||
import com.semmle.ts.ast.PredicateTypeExpr;
|
||||
import com.semmle.ts.ast.RestTypeExpr;
|
||||
import com.semmle.ts.ast.SatisfiesExpr;
|
||||
import com.semmle.ts.ast.TemplateLiteralTypeExpr;
|
||||
import com.semmle.ts.ast.TupleTypeExpr;
|
||||
import com.semmle.ts.ast.TypeAliasDeclaration;
|
||||
import com.semmle.ts.ast.TypeAssertion;
|
||||
import com.semmle.ts.ast.SatisfiesExpr;
|
||||
import com.semmle.ts.ast.TypeExpression;
|
||||
import com.semmle.ts.ast.TypeParameter;
|
||||
import com.semmle.ts.ast.TypeofTypeExpr;
|
||||
@@ -156,13 +166,6 @@ import com.semmle.util.locations.OffsetTranslation;
|
||||
import com.semmle.util.locations.SourceMap;
|
||||
import com.semmle.util.trap.TrapWriter;
|
||||
import com.semmle.util.trap.TrapWriter.Label;
|
||||
import java.nio.file.Path;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
import java.util.Stack;
|
||||
import java.util.regex.Matcher;
|
||||
|
||||
/** Extractor for AST-based information; invoked by the {@link JSExtractor}. */
|
||||
public class ASTExtractor {
|
||||
@@ -384,8 +387,7 @@ public class ASTExtractor {
|
||||
return visit(child, parent, childIndex, IdContext.VAR_BIND, binopOperand);
|
||||
}
|
||||
|
||||
private Label visit(
|
||||
INode child, Label parent, int childIndex, IdContext idContext, boolean binopOperand) {
|
||||
private Label visit(INode child, Label parent, int childIndex, IdContext idContext, boolean binopOperand) {
|
||||
if (child == null) return null;
|
||||
return child.accept(this, new Context(parent, childIndex, idContext, binopOperand));
|
||||
}
|
||||
@@ -588,28 +590,15 @@ public class ASTExtractor {
|
||||
|
||||
trapwriter.addTuple("literals", valueString, source, key);
|
||||
Position start = nd.getLoc().getStart();
|
||||
com.semmle.util.locations.Position startPos =
|
||||
new com.semmle.util.locations.Position(
|
||||
start.getLine(),
|
||||
start.getColumn() + 1 /* Convert from 0-based to 1-based. */,
|
||||
start.getOffset());
|
||||
com.semmle.util.locations.Position startPos = new com.semmle.util.locations.Position(start.getLine(), start.getColumn() + 1 /* Convert from 0-based to 1-based. */, start.getOffset());
|
||||
|
||||
if (nd.isRegExp()) {
|
||||
OffsetTranslation offsets = new OffsetTranslation();
|
||||
offsets.set(0, 1); // skip the initial '/'
|
||||
SourceMap sourceMap =
|
||||
SourceMap.legacyWithStartPos(
|
||||
SourceMap.fromString(nd.getRaw()).offsetBy(0, offsets), startPos);
|
||||
SourceMap sourceMap = SourceMap.legacyWithStartPos(SourceMap.fromString(nd.getRaw()).offsetBy(0, offsets), startPos);
|
||||
regexpExtractor.extract(source.substring(1, source.lastIndexOf('/')), sourceMap, nd, false);
|
||||
} else if (nd.isStringLiteral()
|
||||
&& !c.isInsideType()
|
||||
&& nd.getRaw().length() < 1000
|
||||
&& !c.isBinopOperand()) {
|
||||
SourceMap sourceMap =
|
||||
SourceMap.legacyWithStartPos(
|
||||
SourceMap.fromString(nd.getRaw())
|
||||
.offsetBy(0, makeStringLiteralOffsets(nd.getRaw())),
|
||||
startPos);
|
||||
} else if (nd.isStringLiteral() && !c.isInsideType() && nd.getRaw().length() < 1000 && !c.isBinopOperand()) {
|
||||
SourceMap sourceMap = SourceMap.legacyWithStartPos(SourceMap.fromString(nd.getRaw()).offsetBy(0, makeStringLiteralOffsets(nd.getRaw())), startPos);
|
||||
regexpExtractor.extract(valueString, sourceMap, nd, true);
|
||||
|
||||
// Scan the string for template tags, if we're in a context where such tags are relevant.
|
||||
@@ -632,8 +621,8 @@ public class ASTExtractor {
|
||||
}
|
||||
|
||||
/**
|
||||
* Constant-folds simple string concatenations in `exp` while keeping an offset translation that
|
||||
* tracks back to the original source.
|
||||
* Constant-folds simple string concatenations in `exp` while keeping an offset translation
|
||||
* that tracks back to the original source.
|
||||
*/
|
||||
private Pair<String, OffsetTranslation> getStringConcatResult(Expression exp) {
|
||||
if (exp instanceof BinaryExpression) {
|
||||
@@ -649,9 +638,7 @@ public class ASTExtractor {
|
||||
return null;
|
||||
}
|
||||
|
||||
int delta =
|
||||
be.getRight().getLoc().getStart().getOffset()
|
||||
- be.getLeft().getLoc().getStart().getOffset();
|
||||
int delta = be.getRight().getLoc().getStart().getOffset() - be.getLeft().getLoc().getStart().getOffset();
|
||||
int offset = left.fst().length();
|
||||
return Pair.make(str, left.snd().append(right.snd(), offset, delta));
|
||||
}
|
||||
@@ -761,9 +748,7 @@ public class ASTExtractor {
|
||||
visit(nd.getProperty(), key, 1, IdContext.TYPE_LABEL);
|
||||
} else {
|
||||
IdContext baseIdContext =
|
||||
(c.idcontext == IdContext.EXPORT || c.idcontext == IdContext.EXPORT_BASE)
|
||||
? IdContext.EXPORT_BASE
|
||||
: IdContext.VAR_BIND;
|
||||
(c.idcontext == IdContext.EXPORT || c.idcontext == IdContext.EXPORT_BASE) ? IdContext.EXPORT_BASE : IdContext.VAR_BIND;
|
||||
visit(nd.getObject(), key, 0, baseIdContext);
|
||||
visit(nd.getProperty(), key, 1, nd.isComputed() ? IdContext.VAR_BIND : IdContext.LABEL);
|
||||
}
|
||||
@@ -863,11 +848,8 @@ public class ASTExtractor {
|
||||
@Override
|
||||
public Label visit(BinaryExpression nd, Context c) {
|
||||
Label key = super.visit(nd, c);
|
||||
if (nd.getOperator().equals("in")
|
||||
&& nd.getLeft() instanceof Identifier
|
||||
&& ((Identifier) nd.getLeft()).getName().startsWith("#")) {
|
||||
// this happens with Ergonomic brand checks for Private Fields (see
|
||||
// https://github.com/tc39/proposal-private-fields-in-in).
|
||||
if (nd.getOperator().equals("in") && nd.getLeft() instanceof Identifier && ((Identifier)nd.getLeft()).getName().startsWith("#")) {
|
||||
// this happens with Ergonomic brand checks for Private Fields (see https://github.com/tc39/proposal-private-fields-in-in).
|
||||
// it's the only case where private field identifiers are used not as a field.
|
||||
visit(nd.getLeft(), key, 0, IdContext.LABEL, true);
|
||||
} else {
|
||||
@@ -893,14 +875,8 @@ public class ASTExtractor {
|
||||
}
|
||||
OffsetTranslation offsets = concatResult.snd();
|
||||
Position start = nd.getLoc().getStart();
|
||||
com.semmle.util.locations.Position startPos =
|
||||
new com.semmle.util.locations.Position(
|
||||
start.getLine(),
|
||||
start.getColumn() + 1 /* Convert from 0-based to 1-based. */,
|
||||
start.getOffset());
|
||||
SourceMap sourceMap =
|
||||
SourceMap.legacyWithStartPos(
|
||||
SourceMap.fromString(nd.getLoc().getSource()).offsetBy(0, offsets), startPos);
|
||||
com.semmle.util.locations.Position startPos = new com.semmle.util.locations.Position(start.getLine(), start.getColumn() + 1 /* Convert from 0-based to 1-based. */, start.getOffset());
|
||||
SourceMap sourceMap = SourceMap.legacyWithStartPos(SourceMap.fromString(nd.getLoc().getSource()).offsetBy(0, offsets), startPos);
|
||||
regexpExtractor.extract(foldedString, sourceMap, nd, true);
|
||||
return;
|
||||
}
|
||||
@@ -1783,7 +1759,7 @@ public class ASTExtractor {
|
||||
public Label visit(ExportAllDeclaration nd, Context c) {
|
||||
Label lbl = super.visit(nd, c);
|
||||
visit(nd.getSource(), lbl, 0);
|
||||
visit(nd.getAttributes(), lbl, -10);
|
||||
visit(nd.getAssertion(), lbl, -10);
|
||||
return lbl;
|
||||
}
|
||||
|
||||
@@ -1799,7 +1775,7 @@ public class ASTExtractor {
|
||||
Label lbl = super.visit(nd, c);
|
||||
visit(nd.getDeclaration(), lbl, -1);
|
||||
visit(nd.getSource(), lbl, -2);
|
||||
visit(nd.getAttributes(), lbl, -10);
|
||||
visit(nd.getAssertion(), lbl, -10);
|
||||
IdContext childContext =
|
||||
nd.hasSource()
|
||||
? IdContext.LABEL
|
||||
@@ -1823,7 +1799,7 @@ public class ASTExtractor {
|
||||
public Label visit(ImportDeclaration nd, Context c) {
|
||||
Label lbl = super.visit(nd, c);
|
||||
visit(nd.getSource(), lbl, -1);
|
||||
visit(nd.getAttributes(), lbl, -10);
|
||||
visit(nd.getAssertion(), lbl, -10);
|
||||
IdContext childContext =
|
||||
nd.hasTypeKeyword()
|
||||
? IdContext.TYPE_ONLY_IMPORT
|
||||
|
||||
@@ -153,7 +153,7 @@ import com.semmle.util.trap.TrapWriter;
|
||||
* <li>All JavaScript files, that is, files with one of the extensions supported by {@link
|
||||
* FileType#JS} (currently ".js", ".jsx", ".mjs", ".cjs", ".es6", ".es").
|
||||
* <li>All HTML files, that is, files with with one of the extensions supported by {@link
|
||||
* FileType#HTML} (currently ".htm", ".html", ".xhtm", ".xhtml", ".vue", ".html.erb", ".jsp").
|
||||
* FileType#HTML} (currently ".htm", ".html", ".xhtm", ".xhtml", ".vue", ".html.erb").
|
||||
* <li>All YAML files, that is, files with one of the extensions supported by {@link
|
||||
* FileType#YAML} (currently ".raml", ".yaml", ".yml").
|
||||
* <li>Files with base name "package.json" or "tsconfig.json", and files whose base name
|
||||
|
||||
@@ -103,7 +103,7 @@ public class FileExtractor {
|
||||
|
||||
/** Information about supported file types. */
|
||||
public static enum FileType {
|
||||
HTML(".htm", ".html", ".xhtm", ".xhtml", ".vue", ".hbs", ".ejs", ".njk", ".erb", ".jsp") {
|
||||
HTML(".htm", ".html", ".xhtm", ".xhtml", ".vue", ".hbs", ".ejs", ".njk", ".erb") {
|
||||
@Override
|
||||
public IExtractor mkExtractor(ExtractorConfig config, ExtractorState state) {
|
||||
return new HTMLExtractor(config, state);
|
||||
|
||||
@@ -41,7 +41,7 @@ public class Main {
|
||||
* A version identifier that should be updated every time the extractor changes in such a way that
|
||||
* it may produce different tuples for the same file under the same {@link ExtractorConfig}.
|
||||
*/
|
||||
public static final String EXTRACTOR_VERSION = "2023-10-13";
|
||||
public static final String EXTRACTOR_VERSION = "2023-08-10";
|
||||
|
||||
public static final Pattern NEWLINE = Pattern.compile("\n");
|
||||
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user