mirror of
https://github.com/github/codeql.git
synced 2026-05-30 11:01:24 +02:00
Compare commits
1 Commits
idrissrio/
...
dependabot
| Author | SHA1 | Date | |
|---|---|---|---|
|
c8a4b03917 |
2
.github/workflows/codeql-analysis.yml
vendored
2
.github/workflows/codeql-analysis.yml
vendored
@@ -32,7 +32,7 @@ jobs:
|
||||
|
||||
steps:
|
||||
- name: Setup dotnet
|
||||
uses: actions/setup-dotnet@v4
|
||||
uses: actions/setup-dotnet@v5
|
||||
with:
|
||||
dotnet-version: 9.0.300
|
||||
|
||||
|
||||
2
.github/workflows/csharp-qltest.yml
vendored
2
.github/workflows/csharp-qltest.yml
vendored
@@ -41,7 +41,7 @@ jobs:
|
||||
steps:
|
||||
- uses: actions/checkout@v5
|
||||
- name: Setup dotnet
|
||||
uses: actions/setup-dotnet@v4
|
||||
uses: actions/setup-dotnet@v5
|
||||
with:
|
||||
dotnet-version: 9.0.300
|
||||
- name: Extractor unit tests
|
||||
|
||||
@@ -1,7 +1,3 @@
|
||||
## 0.4.17
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.4.16
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,3 +0,0 @@
|
||||
## 0.4.17
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.4.17
|
||||
lastReleaseVersion: 0.4.16
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/actions-all
|
||||
version: 0.4.17
|
||||
version: 0.4.17-dev
|
||||
library: true
|
||||
warnOnImplicitThis: true
|
||||
dependencies:
|
||||
|
||||
@@ -1,9 +1,3 @@
|
||||
## 0.6.9
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Actions analysis now reports file coverage information on the CodeQL status page.
|
||||
|
||||
## 0.6.8
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,5 +1,4 @@
|
||||
## 0.6.9
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Actions analysis now reports file coverage information on the CodeQL status page.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.6.9
|
||||
lastReleaseVersion: 0.6.8
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/actions-queries
|
||||
version: 0.6.9
|
||||
version: 0.6.9-dev
|
||||
library: false
|
||||
warnOnImplicitThis: true
|
||||
groups: [actions, queries]
|
||||
|
||||
@@ -177,12 +177,6 @@ def insert_overlay_caller_annotations(lines):
|
||||
out_lines.append(line)
|
||||
return out_lines
|
||||
|
||||
explicitly_global = set([
|
||||
"java/ql/lib/semmle/code/java/dispatch/VirtualDispatch.qll",
|
||||
"java/ql/lib/semmle/code/java/dispatch/DispatchFlow.qll",
|
||||
"java/ql/lib/semmle/code/java/dispatch/ObjFlow.qll",
|
||||
"java/ql/lib/semmle/code/java/dispatch/internal/Unification.qll",
|
||||
])
|
||||
|
||||
def annotate_as_appropriate(filename, lines):
|
||||
'''
|
||||
@@ -202,9 +196,6 @@ def annotate_as_appropriate(filename, lines):
|
||||
((filename.endswith("Query.qll") or filename.endswith("Config.qll")) and
|
||||
any("implements DataFlow::ConfigSig" in line for line in lines))):
|
||||
return None
|
||||
elif filename in explicitly_global:
|
||||
# These files are explicitly global and should not be annotated.
|
||||
return None
|
||||
elif not any(line for line in lines if line.strip()):
|
||||
return None
|
||||
|
||||
|
||||
@@ -7,10 +7,12 @@ ql/cpp/ql/src/Diagnostics/ExtractedFiles.ql
|
||||
ql/cpp/ql/src/Diagnostics/ExtractionWarnings.ql
|
||||
ql/cpp/ql/src/Diagnostics/FailedExtractorInvocations.ql
|
||||
ql/cpp/ql/src/Likely Bugs/Arithmetic/BadAdditionOverflowCheck.ql
|
||||
ql/cpp/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql
|
||||
ql/cpp/ql/src/Likely Bugs/Arithmetic/SignedOverflowCheck.ql
|
||||
ql/cpp/ql/src/Likely Bugs/Conversion/CastArrayPointerArithmetic.ql
|
||||
ql/cpp/ql/src/Likely Bugs/Format/SnprintfOverflow.ql
|
||||
ql/cpp/ql/src/Likely Bugs/Format/WrongNumberOfFormatArguments.ql
|
||||
ql/cpp/ql/src/Likely Bugs/Format/WrongTypeFormatArguments.ql
|
||||
ql/cpp/ql/src/Likely Bugs/Memory Management/AllocaInLoop.ql
|
||||
ql/cpp/ql/src/Likely Bugs/Memory Management/PointerOverflow.ql
|
||||
ql/cpp/ql/src/Likely Bugs/Memory Management/ReturnStackAllocatedMemory.ql
|
||||
@@ -28,6 +30,7 @@ ql/cpp/ql/src/Security/CWE/CWE-120/VeryLikelyOverrunWrite.ql
|
||||
ql/cpp/ql/src/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql
|
||||
ql/cpp/ql/src/Security/CWE/CWE-134/UncontrolledFormatString.ql
|
||||
ql/cpp/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql
|
||||
ql/cpp/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql
|
||||
ql/cpp/ql/src/Security/CWE/CWE-191/UnsignedDifferenceExpressionComparedZero.ql
|
||||
ql/cpp/ql/src/Security/CWE/CWE-253/HResultBooleanConversion.ql
|
||||
ql/cpp/ql/src/Security/CWE/CWE-311/CleartextFileWrite.ql
|
||||
@@ -40,6 +43,7 @@ ql/cpp/ql/src/Security/CWE/CWE-367/TOCTOUFilesystemRace.ql
|
||||
ql/cpp/ql/src/Security/CWE/CWE-416/IteratorToExpiredContainer.ql
|
||||
ql/cpp/ql/src/Security/CWE/CWE-416/UseOfStringAfterLifetimeEnds.ql
|
||||
ql/cpp/ql/src/Security/CWE/CWE-416/UseOfUniquePointerAfterLifetimeEnds.ql
|
||||
ql/cpp/ql/src/Security/CWE/CWE-468/SuspiciousAddWithSizeof.ql
|
||||
ql/cpp/ql/src/Security/CWE/CWE-497/ExposedSystemData.ql
|
||||
ql/cpp/ql/src/Security/CWE/CWE-611/XXE.ql
|
||||
ql/cpp/ql/src/Security/CWE/CWE-676/DangerousFunctionOverflow.ql
|
||||
|
||||
@@ -1,13 +1,3 @@
|
||||
## 5.6.0
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
* The predicate `getAContructorCall` in the class `SslContextClass` has been deprecated. Use `getAConstructorCall` instead.
|
||||
|
||||
### New Features
|
||||
|
||||
* Added predicates `getTransitiveNumberOfVlaDimensionStmts`, `getTransitiveVlaDimensionStmt`, and `getParentVlaDecl` to `VlaDeclStmt` for handling `VlaDeclStmt`s whose base type is defined in terms of another `VlaDeclStmt` via a `typedef`.
|
||||
|
||||
## 5.5.0
|
||||
|
||||
### New Features
|
||||
|
||||
4
cpp/ql/lib/change-notes/2025-09-02-vla.md
Normal file
4
cpp/ql/lib/change-notes/2025-09-02-vla.md
Normal file
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: feature
|
||||
---
|
||||
* Added predicates `getTransitiveNumberOfVlaDimensionStmts`, `getTransitiveVlaDimensionStmt`, and `getParentVlaDecl` to `VlaDeclStmt` for handling `VlaDeclStmt`s whose base type defined in terms of an other `VlaDeclStmt` via a `typedef`.
|
||||
4
cpp/ql/lib/change-notes/2025-09-03-rename-api.md
Normal file
4
cpp/ql/lib/change-notes/2025-09-03-rename-api.md
Normal file
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: deprecated
|
||||
---
|
||||
* The predicate `getAContructorCall` in the class `SslContextClass` has been deprecated. Use `getAConstructorCall` instead.
|
||||
@@ -1,9 +0,0 @@
|
||||
## 5.6.0
|
||||
|
||||
### Deprecated APIs
|
||||
|
||||
* The predicate `getAContructorCall` in the class `SslContextClass` has been deprecated. Use `getAConstructorCall` instead.
|
||||
|
||||
### New Features
|
||||
|
||||
* Added predicates `getTransitiveNumberOfVlaDimensionStmts`, `getTransitiveVlaDimensionStmt`, and `getParentVlaDecl` to `VlaDeclStmt` for handling `VlaDeclStmt`s whose base type is defined in terms of another `VlaDeclStmt` via a `typedef`.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 5.6.0
|
||||
lastReleaseVersion: 5.5.0
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/cpp-all
|
||||
version: 5.6.0
|
||||
version: 5.5.1-dev
|
||||
groups: cpp
|
||||
dbscheme: semmlecode.cpp.dbscheme
|
||||
extractor: cpp
|
||||
|
||||
@@ -1,15 +1,3 @@
|
||||
## 1.5.0
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
* The queries `cpp/wrong-type-format-argument`, `cpp/comparison-with-wider-type`, `cpp/integer-multiplication-cast-to-long`, `cpp/implicit-function-declaration` and `cpp/suspicious-add-sizeof` have had their precisions reduced from `high` to `medium`. They will also now give alerts for projects built with `build-mode: none`.
|
||||
* The queries `cpp/wrong-type-format-argument`, `cpp/comparison-with-wider-type`, `cpp/integer-multiplication-cast-to-long` and `cpp/suspicious-add-sizeof` are no longer included in the `code-scanning` suite.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* The predicate `occurenceCount` in the file module `MagicConstants` has been deprecated. Use `occurrenceCount` instead.
|
||||
* The predicate `additionalAdditionOrSubstractionCheckForLeapYear` in the file module `LeapYear` has been deprecated. Use `additionalAdditionOrSubtractionCheckForLeapYear` instead.
|
||||
|
||||
## 1.4.7
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
@@ -4,9 +4,13 @@ private import semmle.code.cpp.controlflow.IRGuards
|
||||
private import semmle.code.cpp.ir.ValueNumbering
|
||||
|
||||
private predicate exprInBooleanContext(Expr e) {
|
||||
exists(IRGuardCondition gc, Instruction i |
|
||||
i.getUnconvertedResultExpression() = e and
|
||||
gc.comparesEq(valueNumber(i).getAUse(), 0, _, _)
|
||||
exists(IRGuardCondition gc |
|
||||
exists(Instruction i |
|
||||
i.getUnconvertedResultExpression() = e and
|
||||
gc.comparesEq(valueNumber(i).getAUse(), 0, _, _)
|
||||
)
|
||||
or
|
||||
gc.getUnconvertedResultExpression() = e
|
||||
)
|
||||
}
|
||||
|
||||
@@ -32,18 +36,20 @@ private string getEofValue() {
|
||||
* Holds if the value of `call` has been checked to not equal `EOF`.
|
||||
*/
|
||||
private predicate checkedForEof(ScanfFunctionCall call) {
|
||||
exists(IRGuardCondition gc, CallInstruction i | i.getUnconvertedResultExpression() = call |
|
||||
exists(int val | gc.comparesEq(valueNumber(i).getAUse(), val, _, _) |
|
||||
// call == EOF
|
||||
val = getEofValue().toInt()
|
||||
exists(IRGuardCondition gc |
|
||||
exists(CallInstruction i | i.getUnconvertedResultExpression() = call |
|
||||
exists(int val | gc.comparesEq(valueNumber(i).getAUse(), val, _, _) |
|
||||
// call == EOF
|
||||
val = getEofValue().toInt()
|
||||
or
|
||||
// call == [any positive number]
|
||||
val > 0
|
||||
)
|
||||
or
|
||||
// call == [any positive number]
|
||||
val > 0
|
||||
)
|
||||
or
|
||||
exists(int val | gc.comparesLt(valueNumber(i).getAUse(), val, true, _) |
|
||||
// call < [any non-negative number] (EOF is guaranteed to be negative)
|
||||
val >= 0
|
||||
exists(int val | gc.comparesLt(valueNumber(i).getAUse(), val, true, _) |
|
||||
// call < [any non-negative number] (EOF is guaranteed to be negative)
|
||||
val >= 0
|
||||
)
|
||||
)
|
||||
)
|
||||
}
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
* @kind problem
|
||||
* @problem.severity warning
|
||||
* @security-severity 8.1
|
||||
* @precision medium
|
||||
* @precision high
|
||||
* @id cpp/integer-multiplication-cast-to-long
|
||||
* @tags reliability
|
||||
* security
|
||||
@@ -179,6 +179,7 @@ predicate overflows(MulExpr me, Type t) {
|
||||
|
||||
from MulExpr me, Type t1, Type t2
|
||||
where
|
||||
not any(Compilation c).buildModeNone() and
|
||||
t1 = me.getType().getUnderlyingType() and
|
||||
t2 = me.getConversion().getType().getUnderlyingType() and
|
||||
t1.getSize() < t2.getSize() and
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
* @kind problem
|
||||
* @problem.severity error
|
||||
* @security-severity 7.5
|
||||
* @precision medium
|
||||
* @precision high
|
||||
* @id cpp/wrong-type-format-argument
|
||||
* @tags reliability
|
||||
* correctness
|
||||
@@ -154,6 +154,7 @@ int sizeof_IntType() { exists(IntType it | result = it.getSize()) }
|
||||
|
||||
from FormattingFunctionCall ffc, int n, Expr arg, Type expected, Type actual
|
||||
where
|
||||
not any(Compilation c).buildModeNone() and
|
||||
(
|
||||
formattingFunctionCallExpectedType(ffc, n, expected) and
|
||||
formattingFunctionCallActualType(ffc, n, arg, actual) and
|
||||
|
||||
@@ -5,7 +5,7 @@
|
||||
* may lead to unpredictable behavior.
|
||||
* @kind problem
|
||||
* @problem.severity warning
|
||||
* @precision medium
|
||||
* @precision high
|
||||
* @id cpp/implicit-function-declaration
|
||||
* @tags correctness
|
||||
* maintainability
|
||||
@@ -38,6 +38,7 @@ predicate isCompiledAsC(File f) {
|
||||
|
||||
from FunctionDeclarationEntry fdeIm, FunctionCall fc
|
||||
where
|
||||
not any(Compilation c).buildModeNone() and
|
||||
isCompiledAsC(fdeIm.getFile()) and
|
||||
not isFromMacroDefinition(fc) and
|
||||
fdeIm.isImplicit() and
|
||||
|
||||
@@ -109,7 +109,7 @@ predicate lessThanOrEqual(IRGuardCondition g, Expr e, boolean branch) {
|
||||
g.comparesEq(left, _, _, true, branch)
|
||||
|
|
||||
interestingLessThanOrEqual(left) and
|
||||
left.getDef().getConvertedResultExpression() = e
|
||||
left.getDef().getUnconvertedResultExpression() = e
|
||||
)
|
||||
}
|
||||
|
||||
|
||||
@@ -6,7 +6,7 @@
|
||||
* @kind problem
|
||||
* @problem.severity warning
|
||||
* @security-severity 7.8
|
||||
* @precision medium
|
||||
* @precision high
|
||||
* @tags reliability
|
||||
* security
|
||||
* external/cwe/cwe-190
|
||||
@@ -51,6 +51,7 @@ int getComparisonSizeAdjustment(Expr e) {
|
||||
|
||||
from Loop l, RelationalOperation rel, VariableAccess small, Expr large
|
||||
where
|
||||
not any(Compilation c).buildModeNone() and
|
||||
small = rel.getLesserOperand() and
|
||||
large = rel.getGreaterOperand() and
|
||||
rel = l.getCondition().getAChild*() and
|
||||
|
||||
@@ -6,7 +6,7 @@
|
||||
* @kind problem
|
||||
* @problem.severity warning
|
||||
* @security-severity 8.8
|
||||
* @precision medium
|
||||
* @precision high
|
||||
* @id cpp/suspicious-add-sizeof
|
||||
* @tags security
|
||||
* external/cwe/cwe-468
|
||||
@@ -24,6 +24,7 @@ private predicate isCharSzPtrExpr(Expr e) {
|
||||
|
||||
from Expr sizeofExpr, Expr e
|
||||
where
|
||||
not any(Compilation c).buildModeNone() and
|
||||
// If we see an addWithSizeof then we expect the type of
|
||||
// the pointer expression to be `char*` or `void*`. Otherwise it
|
||||
// is probably a mistake.
|
||||
|
||||
5
cpp/ql/src/change-notes/2025-09-03-rename-api.md
Normal file
5
cpp/ql/src/change-notes/2025-09-03-rename-api.md
Normal file
@@ -0,0 +1,5 @@
|
||||
---
|
||||
category: fix
|
||||
---
|
||||
* The predicate `occurenceCount` in the file module `MagicConstants` has been deprecated. Use `occurrenceCount` instead.
|
||||
* The predicate `additionalAdditionOrSubstractionCheckForLeapYear` in the file module `LeapYear` has been deprecated. Use `additionalAdditionOrSubtractionCheckForLeapYear` instead.
|
||||
@@ -1,11 +0,0 @@
|
||||
## 1.5.0
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
* The queries `cpp/wrong-type-format-argument`, `cpp/comparison-with-wider-type`, `cpp/integer-multiplication-cast-to-long`, `cpp/implicit-function-declaration` and `cpp/suspicious-add-sizeof` have had their precisions reduced from `high` to `medium`. They will also now give alerts for projects built with `build-mode: none`.
|
||||
* The queries `cpp/wrong-type-format-argument`, `cpp/comparison-with-wider-type`, `cpp/integer-multiplication-cast-to-long` and `cpp/suspicious-add-sizeof` are no longer included in the `code-scanning` suite.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* The predicate `occurenceCount` in the file module `MagicConstants` has been deprecated. Use `occurrenceCount` instead.
|
||||
* The predicate `additionalAdditionOrSubstractionCheckForLeapYear` in the file module `LeapYear` has been deprecated. Use `additionalAdditionOrSubtractionCheckForLeapYear` instead.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.5.0
|
||||
lastReleaseVersion: 1.4.7
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/cpp-queries
|
||||
version: 1.5.0
|
||||
version: 1.4.8-dev
|
||||
groups:
|
||||
- cpp
|
||||
- queries
|
||||
|
||||
@@ -50,21 +50,37 @@ argHasPostUpdate
|
||||
postWithInFlow
|
||||
| BarrierGuard.cpp:49:6:49:6 | x [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| BarrierGuard.cpp:60:7:60:7 | x [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| clang.cpp:22:9:22:20 | sourceArray1 [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| clang.cpp:23:18:23:29 | sourceArray1 [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| clang.cpp:29:22:29:23 | m1 [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| clang.cpp:51:3:51:12 | stackArray [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| clang.cpp:51:3:51:15 | access to array [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| dispatch.cpp:60:3:60:14 | globalBottom [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| dispatch.cpp:61:3:61:14 | globalMiddle [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| dispatch.cpp:78:24:78:37 | call to allocateBottom [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| dispatch.cpp:148:5:148:5 | f [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| dispatch.cpp:168:8:168:8 | f [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| example.c:24:9:24:9 | x [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| example.c:24:20:24:20 | y [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| example.c:26:9:26:9 | x [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| example.c:26:19:26:24 | coords [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| example.c:28:23:28:25 | pos [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| flowOut.cpp:5:5:5:12 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| flowOut.cpp:5:6:5:12 | toTaint [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| flowOut.cpp:8:5:8:12 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| flowOut.cpp:8:6:8:12 | toTaint [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| flowOut.cpp:18:17:18:17 | x [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| flowOut.cpp:30:12:30:12 | x [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| flowOut.cpp:37:5:37:6 | p2 [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| flowOut.cpp:37:5:37:9 | access to array [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| flowOut.cpp:84:3:84:7 | call to deref [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| flowOut.cpp:84:3:84:14 | access to array [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| flowOut.cpp:84:10:84:10 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| flowOut.cpp:90:3:90:4 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| flowOut.cpp:90:4:90:4 | q [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| flowOut.cpp:101:14:101:14 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| flowOut.cpp:168:3:168:10 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| flowOut.cpp:168:4:168:10 | toTaint [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| globals.cpp:13:5:13:19 | flowTestGlobal1 [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| globals.cpp:23:5:23:19 | flowTestGlobal2 [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| lambdas.cpp:23:3:23:14 | v [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
@@ -90,30 +106,57 @@ postWithInFlow
|
||||
| ref.cpp:109:9:109:11 | val [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| ref.cpp:113:11:113:13 | val [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| ref.cpp:115:11:115:13 | val [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| self_parameter_flow.cpp:3:4:3:5 | ps [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| self_parameter_flow.cpp:8:9:8:9 | s [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:91:3:91:9 | source1 [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:115:3:115:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:115:4:115:6 | out [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:120:3:120:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:120:4:120:6 | out [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:125:3:125:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:125:4:125:6 | out [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:333:5:333:13 | globalVar [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:347:5:347:13 | globalVar [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:359:5:359:9 | field [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:373:5:373:9 | field [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:384:10:384:13 | ref arg & ... | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:384:11:384:13 | tmp [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:391:10:391:13 | ref arg & ... | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:391:11:391:13 | tmp [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:400:10:400:13 | ref arg & ... | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:400:11:400:13 | tmp [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:407:10:407:13 | ref arg & ... | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:407:11:407:13 | tmp [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:423:21:423:25 | local [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:441:19:441:23 | local [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:472:3:472:4 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:472:4:472:4 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:477:22:477:22 | x [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:506:3:506:4 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:506:4:506:4 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:512:35:512:35 | x [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:519:3:519:12 | stackArray [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:519:3:519:15 | access to array [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:520:3:520:12 | stackArray [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:520:3:520:15 | access to array [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:526:3:526:4 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:526:4:526:4 | e [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:531:40:531:40 | e [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:537:5:537:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:537:6:537:6 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:542:5:542:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:542:6:542:6 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:548:25:548:25 | x [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:552:25:552:25 | y [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:562:5:562:13 | globalInt [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:576:5:576:13 | globalInt [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:589:19:589:19 | x [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:596:3:596:4 | xs [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:596:3:596:7 | access to array [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:602:3:602:3 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:602:3:602:7 | access to array [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:608:3:608:4 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:608:4:608:4 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:639:3:639:3 | x [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:646:3:646:3 | x [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:652:3:652:3 | x [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
@@ -124,23 +167,40 @@ postWithInFlow
|
||||
| test.cpp:681:3:681:3 | s [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:689:3:689:3 | s [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:690:3:690:3 | s [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:694:4:694:6 | buf [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:704:23:704:25 | buf [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:715:25:715:25 | c [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:728:3:728:4 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:728:4:728:4 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:734:41:734:41 | x [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:808:5:808:21 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:808:6:808:21 | global_indirect1 [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:832:5:832:17 | global_direct [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:931:5:931:18 | global_pointer [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:932:5:932:19 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:932:6:932:19 | global_pointer [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:1045:9:1045:11 | ref arg buf | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:1066:5:1066:5 | i [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:1069:5:1069:5 | i [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:1087:5:1087:11 | content [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:1088:9:1088:9 | a [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:1092:5:1092:7 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:1092:6:1092:7 | pp [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:1098:53:1098:53 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:1108:3:1108:4 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:1108:4:1108:4 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:1109:3:1109:4 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:1109:4:1109:4 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:1138:3:1138:13 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:1138:5:1138:8 | data [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:1139:3:1139:7 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:1139:4:1139:7 | data [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:1153:5:1153:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:1153:6:1153:6 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:1165:5:1165:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:1165:6:1165:6 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:1195:5:1195:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| test.cpp:1195:6:1195:6 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
viableImplInCallContextTooLarge
|
||||
uniqueParameterNodeAtPosition
|
||||
uniqueParameterNodePosition
|
||||
|
||||
@@ -48,6 +48,8 @@ argHasPostUpdate
|
||||
postWithInFlow
|
||||
| A.cpp:25:13:25:13 | c [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| A.cpp:27:28:27:28 | c [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| A.cpp:42:11:42:12 | cc [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| A.cpp:43:11:43:12 | ct [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| A.cpp:100:9:100:9 | a [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| A.cpp:142:10:142:10 | c [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| A.cpp:143:13:143:13 | b [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
@@ -65,9 +67,11 @@ postWithInFlow
|
||||
| D.cpp:44:19:44:22 | elem [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| D.cpp:57:5:57:12 | boxfield [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| D.cpp:58:20:58:23 | elem [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| E.cpp:33:19:33:19 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| aliasing.cpp:9:6:9:7 | m1 [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| aliasing.cpp:13:5:13:6 | m1 [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| aliasing.cpp:17:5:17:6 | m1 [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| aliasing.cpp:25:18:25:19 | s1 [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| aliasing.cpp:37:8:37:9 | m1 [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| aliasing.cpp:42:6:42:7 | m1 [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| aliasing.cpp:49:9:49:10 | m1 [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
@@ -79,31 +83,70 @@ postWithInFlow
|
||||
| aliasing.cpp:92:7:92:8 | m1 [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| aliasing.cpp:98:5:98:6 | m1 [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| aliasing.cpp:106:3:106:5 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| aliasing.cpp:106:4:106:5 | pa [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| aliasing.cpp:111:18:111:19 | m1 [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| aliasing.cpp:126:15:126:16 | xs [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| aliasing.cpp:136:16:136:17 | xs [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| aliasing.cpp:147:16:147:16 | s [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| aliasing.cpp:147:21:147:22 | m1 [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| aliasing.cpp:175:21:175:22 | m1 [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| aliasing.cpp:181:21:181:22 | m1 [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| aliasing.cpp:187:21:187:22 | m1 [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| aliasing.cpp:194:21:194:22 | m1 [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| aliasing.cpp:200:23:200:24 | m1 [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| aliasing.cpp:205:23:205:24 | m1 [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| aliasing.cpp:215:14:215:15 | m1 [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| aliasing.cpp:223:17:223:18 | m1 [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| aliasing.cpp:234:19:234:20 | m1 [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| aliasing.cpp:242:22:242:23 | m1 [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| aliasing.cpp:252:5:252:31 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| aliasing.cpp:252:28:252:31 | data [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| aliasing.cpp:262:5:262:29 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| aliasing.cpp:262:26:262:29 | data [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| arrays.cpp:6:3:6:5 | arr [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| arrays.cpp:6:3:6:8 | access to array [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| arrays.cpp:15:3:15:10 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| arrays.cpp:15:5:15:7 | arr [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| arrays.cpp:36:12:36:14 | arr [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| arrays.cpp:36:19:36:22 | data [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| arrays.cpp:37:17:37:19 | arr [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| arrays.cpp:38:17:38:19 | arr [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| arrays.cpp:42:15:42:17 | arr [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| arrays.cpp:42:22:42:25 | data [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| arrays.cpp:43:20:43:22 | arr [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| arrays.cpp:44:20:44:22 | arr [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| arrays.cpp:48:15:48:17 | ptr [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| arrays.cpp:48:22:48:25 | data [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| arrays.cpp:49:20:49:22 | ptr [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| arrays.cpp:50:20:50:22 | ptr [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| by_reference.cpp:12:8:12:8 | a [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| by_reference.cpp:16:11:16:11 | a [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| by_reference.cpp:68:18:68:18 | s [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| by_reference.cpp:84:10:84:10 | a [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| by_reference.cpp:88:9:88:9 | a [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| by_reference.cpp:92:3:92:5 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| by_reference.cpp:92:4:92:5 | pa [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| by_reference.cpp:96:3:96:4 | pa [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| by_reference.cpp:102:28:102:39 | inner_nested [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| by_reference.cpp:104:22:104:22 | a [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| by_reference.cpp:106:30:106:41 | inner_nested [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| by_reference.cpp:108:24:108:24 | a [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| by_reference.cpp:123:28:123:36 | inner_ptr [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| by_reference.cpp:127:30:127:38 | inner_ptr [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| clearning.cpp:19:3:19:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| clearning.cpp:19:6:19:6 | x [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| clearning.cpp:32:3:32:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| clearning.cpp:32:6:32:6 | x [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| clearning.cpp:39:3:39:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| clearning.cpp:39:6:39:6 | x [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| clearning.cpp:40:5:40:5 | x [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| clearning.cpp:47:5:47:5 | x [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| clearning.cpp:53:3:53:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| clearning.cpp:53:6:53:6 | x [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| clearning.cpp:75:2:75:10 | access to array [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| clearning.cpp:75:4:75:6 | val [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| clearning.cpp:82:2:82:9 | access to array [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| clearning.cpp:82:4:82:6 | val [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| clearning.cpp:83:7:83:9 | val [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| clearning.cpp:97:4:97:6 | val [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| clearning.cpp:124:4:124:6 | val [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
@@ -119,6 +162,7 @@ postWithInFlow
|
||||
| complex.cpp:11:22:11:23 | a_ [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| complex.cpp:12:22:12:23 | b_ [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| conflated.cpp:10:3:10:7 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| conflated.cpp:10:7:10:7 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| conflated.cpp:29:7:29:7 | x [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| conflated.cpp:36:7:36:7 | x [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| conflated.cpp:53:7:53:10 | next [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
@@ -130,11 +174,19 @@ postWithInFlow
|
||||
| qualifiers.cpp:12:56:12:56 | a [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| qualifiers.cpp:13:57:13:57 | a [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| qualifiers.cpp:22:23:22:23 | a [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| qualifiers.cpp:37:26:37:33 | call to getInner [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| qualifiers.cpp:42:13:42:20 | call to getInner [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| qualifiers.cpp:42:25:42:25 | a [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| qualifiers.cpp:47:7:47:11 | outer [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| qualifiers.cpp:47:27:47:27 | a [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| realistic.cpp:49:13:49:15 | bar [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| realistic.cpp:49:20:49:22 | baz [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| realistic.cpp:53:13:53:15 | bar [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| realistic.cpp:53:35:53:43 | bufferLen [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| realistic.cpp:54:20:54:22 | bar [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| realistic.cpp:60:16:60:18 | ref arg dst | PostUpdateNode should not be the target of local flow. |
|
||||
| realistic.cpp:61:25:61:27 | bar [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| realistic.cpp:65:25:65:27 | bar [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| simple.cpp:20:24:20:25 | a_ [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| simple.cpp:21:24:21:25 | b_ [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| simple.cpp:65:7:65:7 | i [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
@@ -142,6 +194,9 @@ postWithInFlow
|
||||
| simple.cpp:92:7:92:7 | i [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| simple.cpp:118:7:118:7 | i [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| simple.cpp:124:5:124:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| simple.cpp:124:6:124:6 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| struct_init.c:24:11:24:12 | ab [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| struct_init.c:36:17:36:24 | nestedAB [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
viableImplInCallContextTooLarge
|
||||
uniqueParameterNodeAtPosition
|
||||
uniqueParameterNodePosition
|
||||
|
||||
@@ -18,6 +18,7 @@ postIsInSameCallable
|
||||
reverseRead
|
||||
argHasPostUpdate
|
||||
postWithInFlow
|
||||
| tests.cpp:436:6:436:25 | [summary] to write: Argument[1] in madCallArg0WithValue | PostUpdateNode should not be the target of local flow. |
|
||||
viableImplInCallContextTooLarge
|
||||
uniqueParameterNodeAtPosition
|
||||
uniqueParameterNodePosition
|
||||
|
||||
@@ -48,10 +48,21 @@ argHasPostUpdate
|
||||
| ir.cpp:623:5:623:5 | r | ArgumentNode is missing PostUpdateNode. |
|
||||
| ir.cpp:625:5:625:5 | s | ArgumentNode is missing PostUpdateNode. |
|
||||
postWithInFlow
|
||||
| VacuousDestructorCall.cpp:10:22:10:22 | i [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| allocators.cpp:4:18:4:20 | m_x [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| allocators.cpp:4:24:4:26 | m_y [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| assignexpr.cpp:11:4:11:4 | i [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| builtin.c:34:23:34:31 | staticint [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| builtin.c:39:37:39:45 | carry_out [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| builtin.c:43:41:43:49 | staticint [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| builtin.c:51:30:51:38 | staticint [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| builtin.c:54:29:54:38 | atomic_int [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| condition_decls.cpp:3:5:3:9 | m_ptr [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| condition_decls.cpp:17:11:17:15 | m_ptr [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| condition_decls.cpp:20:11:20:15 | m_ptr [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| condition_decls.cpp:28:11:28:15 | m_ptr [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| condition_decls.cpp:31:11:31:15 | m_ptr [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| condition_decls.cpp:34:9:34:13 | m_ptr [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| conditional_destructors.cpp:6:13:6:15 | val [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| conditional_destructors.cpp:18:13:18:15 | val [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| cpp11.cpp:7:7:7:8 | el [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
@@ -59,16 +70,26 @@ postWithInFlow
|
||||
| cpp11.cpp:82:11:82:14 | call to Val | PostUpdateNode should not be the target of local flow. |
|
||||
| cpp11.cpp:82:45:82:48 | call to Val | PostUpdateNode should not be the target of local flow. |
|
||||
| cpp11.cpp:82:51:82:51 | call to Val | PostUpdateNode should not be the target of local flow. |
|
||||
| ir.cpp:177:5:177:5 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| ir.cpp:177:5:177:8 | access to array [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| ir.cpp:178:5:178:8 | access to array [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| ir.cpp:178:7:178:7 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| ir.cpp:183:5:183:5 | a [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| ir.cpp:183:5:183:8 | access to array [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| ir.cpp:184:5:184:8 | access to array [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| ir.cpp:184:7:184:7 | a [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| ir.cpp:342:5:342:6 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| ir.cpp:342:6:342:6 | p [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| ir.cpp:428:8:428:8 | x [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| ir.cpp:429:8:429:8 | y [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| ir.cpp:644:15:644:17 | m_a [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| ir.cpp:645:11:645:14 | this [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| ir.cpp:645:17:645:19 | m_a [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| ir.cpp:646:9:646:11 | m_a [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| ir.cpp:655:11:655:14 | this [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| ir.cpp:747:8:747:8 | base_s [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| ir.cpp:756:8:756:8 | middle_s [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| ir.cpp:765:8:765:8 | derived_s [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| ir.cpp:811:7:811:13 | call to Base | PostUpdateNode should not be the target of local flow. |
|
||||
| ir.cpp:812:7:812:26 | call to Base | PostUpdateNode should not be the target of local flow. |
|
||||
| ir.cpp:825:7:825:13 | call to Base | PostUpdateNode should not be the target of local flow. |
|
||||
@@ -76,6 +97,7 @@ postWithInFlow
|
||||
| misc.c:130:7:130:7 | i [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| misc.c:131:9:131:9 | i [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| misc.c:220:3:220:5 | * ... [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| misc.c:220:4:220:5 | sp [inner post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| static_init_templates.cpp:3:2:3:4 | ref [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| static_init_templates.cpp:21:2:21:4 | val [post update] | PostUpdateNode should not be the target of local flow. |
|
||||
| try_catch.cpp:7:8:7:8 | call to exception | PostUpdateNode should not be the target of local flow. |
|
||||
|
||||
@@ -1,42 +0,0 @@
|
||||
struct S {
|
||||
int a;
|
||||
int b;
|
||||
int c;
|
||||
unsigned long *d;
|
||||
|
||||
union {
|
||||
struct {
|
||||
const char *e;
|
||||
int f;
|
||||
S *g;
|
||||
const char *h;
|
||||
int i;
|
||||
bool j;
|
||||
bool k;
|
||||
const char *l;
|
||||
char **m;
|
||||
} n;
|
||||
|
||||
struct {
|
||||
bool o;
|
||||
bool p;
|
||||
} q;
|
||||
} r;
|
||||
};
|
||||
|
||||
int too_many_constants_init(S *s);
|
||||
|
||||
char *too_many_constants(const char *h, bool k, int i) {
|
||||
const char *e = "";
|
||||
char l[64] = "";
|
||||
char *m;
|
||||
|
||||
S s[] = {
|
||||
{.a = 0, .c = 0, .d = nullptr, .r = {.n = {.e = e, .f = 1, .g = nullptr, .h = h, .i = i, .j = false, .k = k, .l = l, .m = &m}}},
|
||||
{.a = 0, .c = 0, .d = nullptr, .r = {.q = {.o = true, .p = true}}}
|
||||
};
|
||||
|
||||
too_many_constants_init(s);
|
||||
|
||||
return m; // GOOD - initialized by too_many_constants_init
|
||||
}
|
||||
@@ -1,7 +1,3 @@
|
||||
## 1.7.48
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.7.47
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,3 +0,0 @@
|
||||
## 1.7.48
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.7.48
|
||||
lastReleaseVersion: 1.7.47
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-solorigate-all
|
||||
version: 1.7.48
|
||||
version: 1.7.48-dev
|
||||
groups:
|
||||
- csharp
|
||||
- solorigate
|
||||
|
||||
@@ -1,7 +1,3 @@
|
||||
## 1.7.48
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.7.47
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,3 +0,0 @@
|
||||
## 1.7.48
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.7.48
|
||||
lastReleaseVersion: 1.7.47
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-solorigate-queries
|
||||
version: 1.7.48
|
||||
version: 1.7.48-dev
|
||||
groups:
|
||||
- csharp
|
||||
- solorigate
|
||||
|
||||
@@ -2,9 +2,5 @@ import os
|
||||
|
||||
|
||||
def test(codeql, csharp):
|
||||
# Making sure the reachability test of `nuget.org` succeeds:
|
||||
os.environ["CODEQL_EXTRACTOR_CSHARP_BUILDLESS_NUGET_FEEDS_CHECK_FALLBACK_TIMEOUT"] = "1000"
|
||||
os.environ["CODEQL_EXTRACTOR_CSHARP_BUILDLESS_NUGET_FEEDS_CHECK_FALLBACK_LIMIT"] = "5"
|
||||
|
||||
os.environ["CODEQL_EXTRACTOR_CSHARP_BUILDLESS_EXTRACT_RESOURCES"] = "true"
|
||||
codeql.database.create(build_mode="none")
|
||||
|
||||
@@ -1,9 +1,2 @@
|
||||
import os
|
||||
|
||||
|
||||
def test(codeql, csharp):
|
||||
# Making sure the reachability test of `nuget.org` succeeds:
|
||||
os.environ["CODEQL_EXTRACTOR_CSHARP_BUILDLESS_NUGET_FEEDS_CHECK_FALLBACK_TIMEOUT"] = "1000"
|
||||
os.environ["CODEQL_EXTRACTOR_CSHARP_BUILDLESS_NUGET_FEEDS_CHECK_FALLBACK_LIMIT"] = "5"
|
||||
|
||||
codeql.database.create(build_mode="none")
|
||||
|
||||
@@ -1 +1 @@
|
||||
| test-db/working/missingpackages/newtonsoft.json/13.0.4/lib/net6.0/Newtonsoft.Json.dll:0:0:0:0 | Newtonsoft.Json, Version=13.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed |
|
||||
| test-db/working/missingpackages/newtonsoft.json/13.0.3/lib/net6.0/Newtonsoft.Json.dll:0:0:0:0 | Newtonsoft.Json, Version=13.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed |
|
||||
|
||||
@@ -11,6 +11,6 @@
|
||||
</Target>
|
||||
|
||||
<ItemGroup>
|
||||
<PackageReference Include="Newtonsoft.Json" Version="13.0.4" />
|
||||
<PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
|
||||
</ItemGroup>
|
||||
</Project>
|
||||
|
||||
@@ -1,11 +1,6 @@
|
||||
import os
|
||||
import runs_on
|
||||
|
||||
|
||||
@runs_on.posix
|
||||
def test(codeql, csharp):
|
||||
# Making sure the reachability test of `nuget.org` succeeds:
|
||||
os.environ["CODEQL_EXTRACTOR_CSHARP_BUILDLESS_NUGET_FEEDS_CHECK_FALLBACK_TIMEOUT"] = "1000"
|
||||
os.environ["CODEQL_EXTRACTOR_CSHARP_BUILDLESS_NUGET_FEEDS_CHECK_FALLBACK_LIMIT"] = "5"
|
||||
|
||||
codeql.database.create(build_mode="none")
|
||||
|
||||
@@ -1 +1 @@
|
||||
| test-db/working/missingpackages/newtonsoft.json/13.0.4/lib/net6.0/Newtonsoft.Json.dll:0:0:0:0 | Newtonsoft.Json, Version=13.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed |
|
||||
| test-db/working/missingpackages/newtonsoft.json/13.0.3/lib/net6.0/Newtonsoft.Json.dll:0:0:0:0 | Newtonsoft.Json, Version=13.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed |
|
||||
|
||||
@@ -11,6 +11,6 @@
|
||||
</Target>
|
||||
|
||||
<ItemGroup>
|
||||
<PackageReference Include="Newtonsoft.Json" Version="13.0.4" />
|
||||
<PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
|
||||
</ItemGroup>
|
||||
</Project>
|
||||
|
||||
@@ -1 +1 @@
|
||||
| test-db/working/missingpackages/newtonsoft.json/13.0.4/lib/net6.0/Newtonsoft.Json.dll:0:0:0:0 | Newtonsoft.Json, Version=13.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed |
|
||||
| test-db/working/missingpackages/newtonsoft.json/13.0.3/lib/net6.0/Newtonsoft.Json.dll:0:0:0:0 | Newtonsoft.Json, Version=13.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed |
|
||||
|
||||
@@ -11,6 +11,6 @@
|
||||
</Target>
|
||||
|
||||
<ItemGroup>
|
||||
<PackageReference Include="Newtonsoft.Json" Version="13.0.4" />
|
||||
<PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
|
||||
</ItemGroup>
|
||||
</Project>
|
||||
|
||||
@@ -1,7 +1,3 @@
|
||||
## 5.2.4
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 5.2.3
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
@@ -1,3 +0,0 @@
|
||||
## 5.2.4
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 5.2.4
|
||||
lastReleaseVersion: 5.2.3
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-all
|
||||
version: 5.2.4
|
||||
version: 5.2.4-dev
|
||||
groups: csharp
|
||||
dbscheme: semmlecode.csharp.dbscheme
|
||||
extractor: csharp
|
||||
|
||||
@@ -1,17 +1,3 @@
|
||||
## 1.4.0
|
||||
|
||||
### Deprecated Queries
|
||||
|
||||
* The query `cs/captured-foreach-variable` has been deprecated as the semantics of capturing a 'foreach' variable and using it outside the loop has been stable since C# version 5.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The query `cs/call-to-object-tostring` has been improved to remove false positives for enum types.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* The message for `csharp/diagnostic/database-quality` has been updated to include detailed database health metrics. Additionally, the threshold for reporting database health issues has been lowered from 95% to 85% (if any metric falls below this percentage). These changes are visible on the tool status page.
|
||||
|
||||
## 1.3.4
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,6 +1,4 @@
|
||||
/**
|
||||
* @deprecated This query is no longer relevant as the semantics of capturing a 'foreach' variable
|
||||
* and using it outside the loop has been stable since C# version 5.
|
||||
* @name Capturing a foreach variable
|
||||
* @description Code that captures a 'foreach' variable and uses it outside the loop behaves differently in C# version 4 and C# version 5
|
||||
* @kind problem
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
<example>
|
||||
<p>In this example, we are incrementing/decrementing the current date by one year when creating a new <code>System.DateTime</code> object. This may work most of the time, but on any given February 29th, the resulting value will be invalid.</p>
|
||||
<sample src="UnsafeYearConstructionBad.cs" />
|
||||
<p>To fix this bug, we add/subtract years to the current date by calling <code>AddYears</code> method on it.</p>
|
||||
<p>To fix this bug, we add/substract years to the current date by calling <code>AddYears</code> method on it.</p>
|
||||
<sample src="UnsafeYearConstructionGood.cs" />
|
||||
</example>
|
||||
<references>
|
||||
|
||||
@@ -47,7 +47,6 @@ private predicate alwaysInvokesToString(ParameterRead pr) {
|
||||
*/
|
||||
predicate alwaysDefaultToString(ValueOrRefType t) {
|
||||
not t instanceof TupleType and
|
||||
not t instanceof Enum and
|
||||
exists(ToStringMethod m | t.hasMethod(m) |
|
||||
m.getDeclaringType() instanceof SystemObjectClass or
|
||||
m.getDeclaringType() instanceof SystemValueTypeClass
|
||||
|
||||
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: fix
|
||||
---
|
||||
* The message for `csharp/diagnostic/database-quality` has been updated to include detailed database health metrics. Additionally, the threshold for reporting database health issues has been lowered from 95% to 85% (if any metric falls below this percentage). These changes are visible on the tool status page.
|
||||
@@ -1,13 +0,0 @@
|
||||
## 1.4.0
|
||||
|
||||
### Deprecated Queries
|
||||
|
||||
* The query `cs/captured-foreach-variable` has been deprecated as the semantics of capturing a 'foreach' variable and using it outside the loop has been stable since C# version 5.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The query `cs/call-to-object-tostring` has been improved to remove false positives for enum types.
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* The message for `csharp/diagnostic/database-quality` has been updated to include detailed database health metrics. Additionally, the threshold for reporting database health issues has been lowered from 95% to 85% (if any metric falls below this percentage). These changes are visible on the tool status page.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.4.0
|
||||
lastReleaseVersion: 1.3.4
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-queries
|
||||
version: 1.4.0
|
||||
version: 1.3.5-dev
|
||||
groups:
|
||||
- csharp
|
||||
- queries
|
||||
|
||||
@@ -18,7 +18,7 @@
|
||||
.NET 5, .NET 6, .NET 7, .NET 8, .NET 9","``.sln``, ``.csproj``, ``.cs``, ``.cshtml``, ``.xaml``"
|
||||
GitHub Actions,"Not applicable",Not applicable,"``.github/workflows/*.yml``, ``.github/workflows/*.yaml``, ``**/action.yml``, ``**/action.yaml``"
|
||||
Go (aka Golang), "Go up to 1.25", "Go 1.11 or more recent", ``.go``
|
||||
Java,"Java 7 to 25 [6]_","javac (OpenJDK and Oracle JDK),
|
||||
Java,"Java 7 to 24 [6]_","javac (OpenJDK and Oracle JDK),
|
||||
|
||||
Eclipse compiler for Java (ECJ) [7]_",``.java``
|
||||
Kotlin,"Kotlin 1.6.0 to 2.2.2\ *x*","kotlinc",``.kt``
|
||||
@@ -36,7 +36,7 @@
|
||||
.. [3] Objective-C, Objective-C++, C++/CLI, and C++/CX are not supported.
|
||||
.. [4] Support for the clang-cl compiler is preliminary.
|
||||
.. [5] Support for the Arm Compiler (armcc) is preliminary.
|
||||
.. [6] Builds that execute on Java 7 to 25 can be analyzed. The analysis understands standard language features in Java 8 to 25; "preview" and "incubator" features are not supported. Source code using Java language versions older than Java 8 are analyzed as Java 8 code.
|
||||
.. [6] Builds that execute on Java 7 to 24 can be analyzed. The analysis understands standard language features in Java 8 to 24; "preview" and "incubator" features are not supported. Source code using Java language versions older than Java 8 are analyzed as Java 8 code.
|
||||
.. [7] ECJ is supported when the build invokes it via the Maven Compiler plugin or the Takari Lifecycle plugin.
|
||||
.. [8] JSX and Flow code, YAML, JSON, HTML, and XML files may also be analyzed with JavaScript files.
|
||||
.. [9] The extractor requires Python 3 to run. To analyze Python 2.7 you should install both versions of Python.
|
||||
|
||||
@@ -2,8 +2,8 @@
|
||||
|
||||
Queries and libraries outside [the `experimental` directories](experimental.md) are _supported_ by GitHub, allowing our users to rely on their continued existence and functionality in the future:
|
||||
|
||||
1. Once a query has appeared in a stable release, a one-year deprecation period is required before we can remove it.
|
||||
2. Major changes to supported queries and libraries are always announced in the change notes for stable releases.
|
||||
1. Once a query or library has appeared in a stable release, a one-year deprecation period is required before we can remove it. There can be exceptions to this when it's not technically possible to mark it as deprecated.
|
||||
2. Major changes to supported queries and libraries are always announced in the [change notes for stable releases](../change-notes/).
|
||||
3. We will do our best to address user reports of false positives or false negatives.
|
||||
|
||||
Because of these commitments, we set a high bar for accepting new supported queries. The requirements are detailed in the rest of this document.
|
||||
|
||||
@@ -10,7 +10,7 @@ toolchain go1.25.0
|
||||
// bazel mod tidy
|
||||
require (
|
||||
golang.org/x/mod v0.28.0
|
||||
golang.org/x/tools v0.37.0
|
||||
golang.org/x/tools v0.36.0
|
||||
)
|
||||
|
||||
require golang.org/x/sync v0.17.0 // indirect
|
||||
require golang.org/x/sync v0.16.0 // indirect
|
||||
|
||||
@@ -2,7 +2,7 @@ github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
|
||||
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
|
||||
golang.org/x/mod v0.28.0 h1:gQBtGhjxykdjY9YhZpSlZIsbnaE2+PgjfLWUQTnoZ1U=
|
||||
golang.org/x/mod v0.28.0/go.mod h1:yfB/L0NOf/kmEbXjzCPOx1iK1fRutOydrCMsqRhEBxI=
|
||||
golang.org/x/sync v0.17.0 h1:l60nONMj9l5drqw6jlhIELNv9I0A4OFgRsG9k2oT9Ug=
|
||||
golang.org/x/sync v0.17.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
|
||||
golang.org/x/tools v0.37.0 h1:DVSRzp7FwePZW356yEAChSdNcQo6Nsp+fex1SUW09lE=
|
||||
golang.org/x/tools v0.37.0/go.mod h1:MBN5QPQtLMHVdvsbtarmTNukZDdgwdwlO5qGacAzF0w=
|
||||
golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw=
|
||||
golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
|
||||
golang.org/x/tools v0.36.0 h1:kWS0uv/zsvHEle1LbV5LE8QujrxB3wfQyxHfhOk0Qkg=
|
||||
golang.org/x/tools v0.36.0/go.mod h1:WBDiHKJK8YgLHlcQPYQzNCkUxUypCaa5ZegCVutKm+s=
|
||||
|
||||
@@ -1,7 +1,3 @@
|
||||
## 1.0.31
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.0.30
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,3 +0,0 @@
|
||||
## 1.0.31
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.0.31
|
||||
lastReleaseVersion: 1.0.30
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql-go-consistency-queries
|
||||
version: 1.0.31
|
||||
version: 1.0.31-dev
|
||||
groups:
|
||||
- go
|
||||
- queries
|
||||
|
||||
@@ -1,19 +1,10 @@
|
||||
## 4.3.4
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The second argument of the `CreateTemp` function, from the `os` package, is no longer a path-injection sink due to proper sanitization by Go.
|
||||
* The query "Uncontrolled data used in path expression" (`go/path-injection`) now detects sanitizing a path by adding `os.PathSeparator` or `\` to the beginning.
|
||||
|
||||
## 4.3.3
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 4.3.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Go 1.25 is now supported.
|
||||
No user-facing changes.
|
||||
|
||||
## 4.3.1
|
||||
|
||||
|
||||
@@ -1,6 +1,5 @@
|
||||
## 4.3.4
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The second argument of the `CreateTemp` function, from the `os` package, is no longer a path-injection sink due to proper sanitization by Go.
|
||||
* The query "Uncontrolled data used in path expression" (`go/path-injection`) now detects sanitizing a path by adding `os.PathSeparator` or `\` to the beginning.
|
||||
* The query "Uncontrolled data used in path expression" (`go/path-injection`) now detects sanitizing a path by adding `os.PathSeparator` or `\` to the beginning.
|
||||
@@ -1,5 +1,3 @@
|
||||
## 4.3.2
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Go 1.25 is now supported.
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 4.3.4
|
||||
lastReleaseVersion: 4.3.3
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/go-all
|
||||
version: 4.3.4
|
||||
version: 4.3.4-dev
|
||||
groups: go
|
||||
dbscheme: go.dbscheme
|
||||
extractor: go
|
||||
|
||||
@@ -1,7 +1,3 @@
|
||||
## 1.4.5
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.4.4
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,3 +0,0 @@
|
||||
## 1.4.5
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.4.5
|
||||
lastReleaseVersion: 1.4.4
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/go-queries
|
||||
version: 1.4.5
|
||||
version: 1.4.5-dev
|
||||
groups:
|
||||
- go
|
||||
- queries
|
||||
|
||||
@@ -1,26 +1,15 @@
|
||||
| file://:0:0:0:0 | [summary] to write: Argument[0] in copy | file://:0:0:0:0 | [summary param] 0 in copy |
|
||||
| test.go:22:2:22:2 | definition of a | test.go:23:2:23:2 | a |
|
||||
| test.go:22:2:22:2 | definition of a | test.go:24:2:24:2 | a |
|
||||
| test.go:22:2:22:2 | definition of a | test.go:25:2:25:2 | a |
|
||||
| test.go:22:2:22:2 | definition of a | test.go:26:2:26:2 | a |
|
||||
| test.go:22:2:22:2 | definition of a | test.go:29:6:29:6 | a |
|
||||
| test.go:22:2:22:2 | definition of a | test.go:30:7:30:7 | a |
|
||||
| test.go:22:2:22:2 | definition of a | test.go:35:4:35:4 | a |
|
||||
| test.go:22:2:22:2 | definition of a | test.go:36:5:36:5 | a |
|
||||
| test.go:23:11:23:14 | &... | test.go:23:11:23:14 | &... |
|
||||
| test.go:23:12:23:14 | selection of b | test.go:23:12:23:14 | selection of b |
|
||||
| test.go:24:2:24:5 | selection of bs | test.go:24:2:24:5 | selection of bs |
|
||||
| test.go:24:2:24:8 | index expression | test.go:24:2:24:8 | index expression |
|
||||
| test.go:24:17:24:20 | &... | test.go:24:17:24:20 | &... |
|
||||
| test.go:24:18:24:20 | struct literal | test.go:24:18:24:20 | struct literal |
|
||||
| test.go:25:2:25:5 | selection of bs | test.go:25:2:25:5 | selection of bs |
|
||||
| test.go:25:2:25:8 | index expression | test.go:25:2:25:8 | index expression |
|
||||
| test.go:25:2:25:13 | implicit dereference | test.go:25:2:25:13 | implicit dereference |
|
||||
| test.go:25:2:25:13 | selection of cptr | test.go:25:2:25:13 | selection of cptr |
|
||||
| test.go:26:2:26:7 | implicit dereference | test.go:26:2:26:7 | implicit dereference |
|
||||
| test.go:26:2:26:7 | selection of bptr | test.go:26:2:26:7 | selection of bptr |
|
||||
| test.go:26:2:26:12 | implicit dereference | test.go:26:2:26:12 | implicit dereference |
|
||||
| test.go:26:2:26:12 | selection of cptr | test.go:26:2:26:12 | selection of cptr |
|
||||
| test.go:28:2:28:2 | definition of c | test.go:29:2:29:2 | c |
|
||||
| test.go:28:2:28:2 | definition of c | test.go:30:2:30:2 | c |
|
||||
| test.go:28:7:28:10 | struct literal | test.go:28:7:28:10 | struct literal |
|
||||
| test.go:19:2:19:2 | definition of a |
|
||||
| test.go:20:11:20:14 | &... |
|
||||
| test.go:20:12:20:14 | selection of b |
|
||||
| test.go:21:2:21:5 | selection of bs |
|
||||
| test.go:21:2:21:8 | index expression |
|
||||
| test.go:21:17:21:20 | &... |
|
||||
| test.go:21:18:21:20 | struct literal |
|
||||
| test.go:22:2:22:5 | selection of bs |
|
||||
| test.go:22:2:22:8 | index expression |
|
||||
| test.go:22:2:22:13 | implicit dereference |
|
||||
| test.go:22:2:22:13 | selection of cptr |
|
||||
| test.go:23:2:23:7 | implicit dereference |
|
||||
| test.go:23:2:23:7 | selection of bptr |
|
||||
| test.go:23:2:23:12 | implicit dereference |
|
||||
| test.go:23:2:23:12 | selection of cptr |
|
||||
|
||||
@@ -4,9 +4,6 @@ type C struct {
|
||||
field int
|
||||
}
|
||||
|
||||
func (c C) m(a A) {}
|
||||
func (c *C) mp(a A) {}
|
||||
|
||||
type B struct {
|
||||
cptr *C
|
||||
}
|
||||
@@ -25,13 +22,4 @@ func f() {
|
||||
a.bs[3].cptr.field = 100
|
||||
a.bptr.cptr.field = 101
|
||||
|
||||
c := C{0}
|
||||
c.m(a)
|
||||
c.mp(a)
|
||||
|
||||
// Indirect method calls - missing post-update nodes for the receivers
|
||||
f := c.m
|
||||
fp := c.mp
|
||||
f(a)
|
||||
fp(a)
|
||||
}
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
import go
|
||||
|
||||
from DataFlow::PostUpdateNode pun
|
||||
select pun, pun.getPreUpdateNode()
|
||||
select pun
|
||||
|
||||
@@ -85,7 +85,7 @@ java.applet,,,11,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,11,
|
||||
java.awt,1,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,3
|
||||
java.beans,1,,177,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,82,95
|
||||
java.io,66,1,225,,,,,,,,,22,,,,,,,,,,,,,,,44,,,,,,,,,,,,,,,,,,,,,,,1,,202,23
|
||||
java.lang,38,3,790,,13,,,,,,1,,,,,,,,,,,,8,,,,11,,,4,,,1,,,,,,,,,,,,,,,,3,,,510,280
|
||||
java.lang,38,3,783,,13,,,,,,1,,,,,,,,,,,,8,,,,11,,,4,,,1,,,,,,,,,,,,,,,,3,,,506,277
|
||||
java.math,,,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9
|
||||
java.net,23,3,347,,,,1,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,21,,,,,,,,,,,,,,,3,248,99
|
||||
java.nio,47,,499,,,,,,,,,5,,,,,,,,,,,,,,,41,,,,,,,,,1,,,,,,,,,,,,,,,,302,197
|
||||
@@ -99,7 +99,7 @@ javafx.scene.web,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,
|
||||
javax.accessibility,,,63,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,28,35
|
||||
javax.activation,2,,7,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,1,,,,,,,,,,,,,,,,7,
|
||||
javax.annotation.processing,,,28,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,25,3
|
||||
javax.crypto,19,,140,,,12,3,,2,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,76,64
|
||||
javax.crypto,19,,114,,,12,3,,2,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,61,53
|
||||
javax.faces.context,4,7,,,,,,,,,,,,,,2,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,7,,
|
||||
javax.imageio,1,,304,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,138,166
|
||||
javax.jms,,9,57,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,57,
|
||||
|
||||
|
@@ -18,10 +18,10 @@ Java framework & library support
|
||||
`Google Guava <https://guava.dev/>`_,``com.google.common.*``,,730,43,9,,,,,
|
||||
JBoss Logging,``org.jboss.logging``,,,324,,,,,,
|
||||
`JSON-java <https://github.com/stleary/JSON-java>`_,``org.json``,,236,,,,,,,
|
||||
Java Standard Library,``java.*``,10,4628,260,99,,9,,,26
|
||||
Java extensions,"``javax.*``, ``jakarta.*``",87,4185,90,10,4,2,1,1,4
|
||||
Java Standard Library,``java.*``,10,4621,260,99,,9,,,26
|
||||
Java extensions,"``javax.*``, ``jakarta.*``",87,4159,90,10,4,2,1,1,4
|
||||
Kotlin Standard Library,``kotlin*``,,1849,16,14,,,,,2
|
||||
`Spring <https://spring.io/>`_,``org.springframework.*``,38,486,143,26,,28,14,,35
|
||||
Others,"``actions.osgi``, ``antlr``, ``ch.ethz.ssh2``, ``cn.hutool.core.codec``, ``com.alibaba.com.caucho.hessian.io``, ``com.alibaba.druid.sql``, ``com.alibaba.fastjson2``, ``com.amazonaws.auth``, ``com.auth0.jwt.algorithms``, ``com.azure.identity``, ``com.caucho.burlap.io``, ``com.caucho.hessian.io``, ``com.cedarsoftware.util.io``, ``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.esotericsoftware.yamlbeans``, ``com.fasterxml.jackson.core``, ``com.fasterxml.jackson.databind``, ``com.google.gson``, ``com.hubspot.jinjava``, ``com.jcraft.jsch``, ``com.microsoft.sqlserver.jdbc``, ``com.mitchellbosecke.pebble``, ``com.mongodb``, ``com.opensymphony.xwork2``, ``com.rabbitmq.client``, ``com.sshtools.j2ssh.authentication``, ``com.sun.crypto.provider``, ``com.sun.jndi.ldap``, ``com.sun.net.httpserver``, ``com.sun.net.ssl``, ``com.sun.rowset``, ``com.sun.security.auth.module``, ``com.sun.security.ntlm``, ``com.sun.security.sasl.digest``, ``com.thoughtworks.xstream``, ``com.trilead.ssh2``, ``com.unboundid.ldap.sdk``, ``com.zaxxer.hikari``, ``flexjson``, ``freemarker.cache``, ``freemarker.template``, ``groovy.lang``, ``groovy.text``, ``groovy.util``, ``hudson``, ``io.jsonwebtoken``, ``io.netty.bootstrap``, ``io.netty.buffer``, ``io.netty.channel``, ``io.netty.handler.codec``, ``io.netty.handler.ssl``, ``io.netty.handler.stream``, ``io.netty.resolver``, ``io.netty.util``, ``io.undertow.server.handlers.resource``, ``javafx.scene.web``, ``jenkins``, ``jodd.json``, ``liquibase.database.jvm``, ``liquibase.statement.core``, ``net.lingala.zip4j``, ``net.schmizz.sshj``, ``net.sf.json``, ``net.sf.saxon.s9api``, ``ognl``, ``okhttp3``, ``org.acegisecurity``, ``org.antlr.runtime``, ``org.apache.commons.codec``, ``org.apache.commons.compress.archivers.tar``, ``org.apache.commons.exec``, ``org.apache.commons.httpclient.util``, ``org.apache.commons.jelly``, ``org.apache.commons.jexl2``, ``org.apache.commons.jexl3``, ``org.apache.commons.lang``, ``org.apache.commons.logging``, ``org.apache.commons.net``, ``org.apache.commons.ognl``, ``org.apache.cxf.catalog``, ``org.apache.cxf.common.classloader``, ``org.apache.cxf.common.jaxb``, ``org.apache.cxf.common.logging``, ``org.apache.cxf.configuration.jsse``, ``org.apache.cxf.helpers``, ``org.apache.cxf.resource``, ``org.apache.cxf.staxutils``, ``org.apache.cxf.tools.corba.utils``, ``org.apache.cxf.tools.util``, ``org.apache.cxf.transform``, ``org.apache.directory.ldap.client.api``, ``org.apache.hadoop.fs``, ``org.apache.hadoop.hive.metastore``, ``org.apache.hadoop.hive.ql.exec``, ``org.apache.hadoop.hive.ql.metadata``, ``org.apache.hc.client5.http.async.methods``, ``org.apache.hc.client5.http.classic.methods``, ``org.apache.hc.client5.http.fluent``, ``org.apache.hive.hcatalog.templeton``, ``org.apache.ibatis.jdbc``, ``org.apache.ibatis.mapping``, ``org.apache.log4j``, ``org.apache.shiro.authc``, ``org.apache.shiro.codec``, ``org.apache.shiro.jndi``, ``org.apache.shiro.mgt``, ``org.apache.sshd.client.session``, ``org.apache.struts.beanvalidation.validation.interceptor``, ``org.apache.struts2``, ``org.apache.tools.ant``, ``org.apache.tools.zip``, ``org.apache.velocity.app``, ``org.apache.velocity.runtime``, ``org.codehaus.cargo.container.installer``, ``org.codehaus.groovy.control``, ``org.dom4j``, ``org.eclipse.jetty.client``, ``org.exolab.castor.xml``, ``org.fusesource.leveldbjni``, ``org.geogebra.web.full.main``, ``org.gradle.api.file``, ``org.hibernate``, ``org.ho.yaml``, ``org.influxdb``, ``org.jabsorb``, ``org.jboss.vfs``, ``org.jdbi.v3.core``, ``org.jenkins.ui.icon``, ``org.jenkins.ui.symbol``, ``org.jooq``, ``org.keycloak.models.map.storage``, ``org.kohsuke.stapler``, ``org.lastaflute.web``, ``org.mvel2``, ``org.openjdk.jmh.runner.options``, ``org.owasp.esapi``, ``org.pac4j.jwt.config.encryption``, ``org.pac4j.jwt.config.signature``, ``org.scijava.log``, ``org.slf4j``, ``org.thymeleaf``, ``org.xml.sax``, ``org.xmlpull.v1``, ``org.yaml.snakeyaml``, ``play.libs.ws``, ``play.mvc``, ``ratpack.core.form``, ``ratpack.core.handling``, ``ratpack.core.http``, ``ratpack.exec``, ``ratpack.form``, ``ratpack.func``, ``ratpack.handling``, ``ratpack.http``, ``ratpack.util``, ``retrofit2``, ``software.amazon.awssdk.transfer.s3.model``, ``sun.jvmstat.perfdata.monitor.protocol.local``, ``sun.jvmstat.perfdata.monitor.protocol.rmi``, ``sun.misc``, ``sun.net.ftp``, ``sun.net.www.protocol.http``, ``sun.security.acl``, ``sun.security.jgss.krb5``, ``sun.security.krb5``, ``sun.security.pkcs``, ``sun.security.pkcs11``, ``sun.security.provider``, ``sun.security.ssl``, ``sun.security.x509``, ``sun.tools.jconsole``",133,10525,927,140,6,22,18,,208
|
||||
Totals,,330,26361,2656,404,16,128,33,1,409
|
||||
Totals,,330,26328,2656,404,16,128,33,1,409
|
||||
|
||||
|
||||
@@ -1,18 +1,3 @@
|
||||
## 7.7.0
|
||||
|
||||
### New Features
|
||||
|
||||
* The Java extractor and QL libraries now support Java 25.
|
||||
* Added support for Java 25 compact source files (JEP 512). The new predicate `Class.isImplicit()` identifies classes that are implicitly declared when using compact source files, and the new predicate `CompilationUnit.isCompactSourceFile()` identifies compilation units that contain compact source files.
|
||||
* Added support for Java 25 module import declarations.
|
||||
* Add `ModuleImportDeclaration` class.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Improved support for various assertion libraries, in particular JUnit. This affects the control-flow graph slightly, and in turn affects several queries (mainly quality queries). Most queries should see improved precision (new true positives and fewer false positives), in particular `java/constant-comparison`, `java/index-out-of-bounds`, `java/dereferenced-value-may-be-null`, and `java/useless-null-check`. Some medium precision queries like `java/toctou-race-condition` and `java/unreleased-lock` may see mixed result changes (both slight improvements and slight regressions).
|
||||
* Added taint flow model for `java.crypto.KDF`.
|
||||
* Added taint flow model for `java.lang.ScopedValue`.
|
||||
|
||||
## 7.6.1
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -0,0 +1,5 @@
|
||||
---
|
||||
category: feature
|
||||
---
|
||||
* Added support for Java 25 module import declarations.
|
||||
* Add `ModuleImportDeclaration` class.
|
||||
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: feature
|
||||
---
|
||||
* Added support for Java 25 compact source files (JEP 512). The new predicate `Class.isImplicit()` identifies classes that are implicitly declared when using compact source files, and the new predicate `CompilationUnit.isCompactSourceFile()` identifies compilation units that contain compact source files.
|
||||
4
java/ql/lib/change-notes/2025-09-02-kdf-api.md
Normal file
4
java/ql/lib/change-notes/2025-09-02-kdf-api.md
Normal file
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added taint flow model for `java.crypto.KDF`.
|
||||
4
java/ql/lib/change-notes/2025-09-02-scoped-values.md
Normal file
4
java/ql/lib/change-notes/2025-09-02-scoped-values.md
Normal file
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added taint flow model for `java.lang.ScopedValue`.
|
||||
@@ -1,14 +0,0 @@
|
||||
## 7.7.0
|
||||
|
||||
### New Features
|
||||
|
||||
* The Java extractor and QL libraries now support Java 25.
|
||||
* Added support for Java 25 compact source files (JEP 512). The new predicate `Class.isImplicit()` identifies classes that are implicitly declared when using compact source files, and the new predicate `CompilationUnit.isCompactSourceFile()` identifies compilation units that contain compact source files.
|
||||
* Added support for Java 25 module import declarations.
|
||||
* Add `ModuleImportDeclaration` class.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Improved support for various assertion libraries, in particular JUnit. This affects the control-flow graph slightly, and in turn affects several queries (mainly quality queries). Most queries should see improved precision (new true positives and fewer false positives), in particular `java/constant-comparison`, `java/index-out-of-bounds`, `java/dereferenced-value-may-be-null`, and `java/useless-null-check`. Some medium precision queries like `java/toctou-race-condition` and `java/unreleased-lock` may see mixed result changes (both slight improvements and slight regressions).
|
||||
* Added taint flow model for `java.crypto.KDF`.
|
||||
* Added taint flow model for `java.lang.ScopedValue`.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 7.7.0
|
||||
lastReleaseVersion: 7.6.1
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -1,5 +1,5 @@
|
||||
name: codeql/java-all
|
||||
version: 7.7.0
|
||||
version: 7.6.2-dev
|
||||
groups: java
|
||||
dbscheme: config/semmlecode.dbscheme
|
||||
extractor: java
|
||||
|
||||
@@ -82,7 +82,6 @@ module;
|
||||
*/
|
||||
|
||||
import java
|
||||
private import codeql.controlflow.SuccessorType
|
||||
private import codeql.util.Boolean
|
||||
private import Completion
|
||||
private import controlflow.internal.Preconditions
|
||||
@@ -125,28 +124,6 @@ module ControlFlow {
|
||||
result = succ(this, NormalCompletion())
|
||||
}
|
||||
|
||||
/** Gets an immediate successor of this node of a given type, if any. */
|
||||
Node getASuccessor(SuccessorType t) {
|
||||
result = branchSuccessor(this, t.(BooleanSuccessor).getValue())
|
||||
or
|
||||
exists(Completion completion |
|
||||
result = succ(this, completion) and
|
||||
not result = branchSuccessor(this, _)
|
||||
|
|
||||
completion = NormalCompletion() and t instanceof DirectSuccessor
|
||||
or
|
||||
completion = ReturnCompletion() and t instanceof ReturnSuccessor
|
||||
or
|
||||
completion = BreakCompletion(_) and t instanceof BreakSuccessor
|
||||
or
|
||||
completion = YieldCompletion(_) and t instanceof BreakSuccessor
|
||||
or
|
||||
completion = ContinueCompletion(_) and t instanceof ContinueSuccessor
|
||||
or
|
||||
completion = ThrowCompletion(_) and t instanceof ExceptionSuccessor
|
||||
)
|
||||
}
|
||||
|
||||
/** Gets the basic block that contains this node. */
|
||||
BasicBlock getBasicBlock() { result.getANode() = this }
|
||||
|
||||
@@ -388,10 +365,10 @@ private module ControlFlowGraphImpl {
|
||||
* Bind `t` to an unchecked exception that may occur in a precondition check or guard wrapper.
|
||||
*/
|
||||
private predicate uncheckedExceptionFromMethod(MethodCall ma, ThrowableType t) {
|
||||
(methodCallChecksArgument(ma) or methodCallUnconditionallyThrows(ma)) and
|
||||
conditionCheckArgument(ma, _, _) and
|
||||
(t instanceof TypeError or t instanceof TypeRuntimeException)
|
||||
or
|
||||
methodMayThrow(ma.getMethod().getSourceDeclaration(), t)
|
||||
methodMayThrow(ma.getMethod(), t)
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -609,7 +586,6 @@ private module ControlFlowGraphImpl {
|
||||
* Gets a `MethodCall` that always throws an exception or calls `exit`.
|
||||
*/
|
||||
private MethodCall nonReturningMethodCall() {
|
||||
methodCallUnconditionallyThrows(result) or
|
||||
result.getMethod().getSourceDeclaration() = nonReturningMethod() or
|
||||
result = likelyNonReturningMethod().getAnAccess()
|
||||
}
|
||||
|
||||
@@ -22,8 +22,20 @@ private module Input implements BB::InputSig<Location> {
|
||||
/** Gets the CFG scope in which this node occurs. */
|
||||
CfgScope nodeGetCfgScope(Node node) { node.getEnclosingCallable() = result }
|
||||
|
||||
private Node getASpecificSuccessor(Node node, SuccessorType t) {
|
||||
node.(ConditionNode).getABranchSuccessor(t.(BooleanSuccessor).getValue()) = result
|
||||
or
|
||||
node.getAnExceptionSuccessor() = result and t instanceof ExceptionSuccessor
|
||||
}
|
||||
|
||||
/** Gets an immediate successor of this node. */
|
||||
Node nodeGetASuccessor(Node node, SuccessorType t) { result = node.getASuccessor(t) }
|
||||
Node nodeGetASuccessor(Node node, SuccessorType t) {
|
||||
result = getASpecificSuccessor(node, t)
|
||||
or
|
||||
node.getASuccessor() = result and
|
||||
t instanceof DirectSuccessor and
|
||||
not result = getASpecificSuccessor(node, _)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `node` represents an entry node to be used when calculating
|
||||
|
||||
@@ -1,60 +0,0 @@
|
||||
/**
|
||||
* Provides an implementation of local (intraprocedural) control flow reachability.
|
||||
*/
|
||||
overlay[local?]
|
||||
module;
|
||||
|
||||
import java
|
||||
private import codeql.controlflow.ControlFlow
|
||||
private import semmle.code.java.dataflow.SSA as SSA
|
||||
private import semmle.code.java.controlflow.Guards as Guards
|
||||
|
||||
private module ControlFlowInput implements InputSig<Location, ControlFlowNode, BasicBlock> {
|
||||
private import java as J
|
||||
|
||||
AstNode getEnclosingAstNode(ControlFlowNode node) { node.getAstNode() = result }
|
||||
|
||||
class AstNode = ExprParent;
|
||||
|
||||
AstNode getParent(AstNode node) {
|
||||
result = node.(Expr).getParent() or
|
||||
result = node.(Stmt).getParent()
|
||||
}
|
||||
|
||||
class FinallyBlock extends AstNode {
|
||||
FinallyBlock() { any(TryStmt try).getFinally() = this }
|
||||
}
|
||||
|
||||
class Expr = J::Expr;
|
||||
|
||||
class SourceVariable = SSA::SsaSourceVariable;
|
||||
|
||||
class SsaDefinition = SSA::SsaVariable;
|
||||
|
||||
class SsaWriteDefinition extends SsaDefinition instanceof SSA::SsaExplicitUpdate {
|
||||
Expr getDefinition() {
|
||||
super.getDefiningExpr().(VariableAssign).getSource() = result or
|
||||
super.getDefiningExpr().(AssignOp) = result
|
||||
}
|
||||
}
|
||||
|
||||
class SsaPhiNode = SSA::SsaPhiNode;
|
||||
|
||||
class SsaUncertainDefinition extends SsaDefinition instanceof SSA::SsaUncertainImplicitUpdate {
|
||||
SsaDefinition getPriorDefinition() { result = super.getPriorDef() }
|
||||
}
|
||||
|
||||
class GuardValue = Guards::GuardValue;
|
||||
|
||||
predicate ssaControlsBranchEdge(SsaDefinition def, BasicBlock bb1, BasicBlock bb2, GuardValue v) {
|
||||
Guards::Guards_v3::ssaControlsBranchEdge(def, bb1, bb2, v)
|
||||
}
|
||||
|
||||
predicate ssaControls(SsaDefinition def, BasicBlock bb, GuardValue v) {
|
||||
Guards::Guards_v3::ssaControls(def, bb, v)
|
||||
}
|
||||
|
||||
import Guards::Guards_v3::InternalUtil
|
||||
}
|
||||
|
||||
module ControlFlow = Make<Location, Cfg, ControlFlowInput>;
|
||||
@@ -395,13 +395,11 @@ private module LogicInputCommon {
|
||||
predicate additionalImpliesStep(
|
||||
GuardsImpl::PreGuard g1, GuardValue v1, GuardsImpl::PreGuard g2, GuardValue v2
|
||||
) {
|
||||
exists(MethodCall check |
|
||||
exists(MethodCall check, int argIndex |
|
||||
g1 = check and
|
||||
v1.getDualValue().isThrowsException()
|
||||
|
|
||||
methodCallChecksBoolean(check, g2, v2.asBooleanValue())
|
||||
or
|
||||
methodCallChecksNotNull(check, g2) and v2.isNonNullValue()
|
||||
v1.getDualValue().isThrowsException() and
|
||||
conditionCheckArgument(check, argIndex, v2.asBooleanValue()) and
|
||||
g2 = check.getArgument(argIndex)
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/**
|
||||
* Provides predicates for identifying precondition and assertion checks like
|
||||
* Provides predicates for identifying precondition checks like
|
||||
* `com.google.common.base.Preconditions` and
|
||||
* `org.apache.commons.lang3.Validate`.
|
||||
*/
|
||||
@@ -9,150 +9,99 @@ module;
|
||||
import java
|
||||
|
||||
/**
|
||||
* Holds if `m` is a method that checks that its argument at position `arg` is
|
||||
* equal to true and throws otherwise.
|
||||
*/
|
||||
private predicate methodCheckTrue(Method m, int arg) {
|
||||
arg = 0 and
|
||||
(
|
||||
m.hasQualifiedName("com.google.common.base", "Preconditions", ["checkArgument", "checkState"]) or
|
||||
m.hasQualifiedName("com.google.common.base", "Verify", "verify") or
|
||||
m.hasQualifiedName("org.apache.commons.lang3", "Validate", ["isTrue", "validState"]) or
|
||||
m.hasQualifiedName("org.junit.jupiter.api", "Assertions", "assertTrue") or
|
||||
m.hasQualifiedName("org.junit.jupiter.api", "Assumptions", "assumeTrue") or
|
||||
m.hasQualifiedName("org.testng", "Assert", "assertTrue")
|
||||
)
|
||||
or
|
||||
m.getParameter(arg).getType() instanceof BooleanType and
|
||||
(
|
||||
m.hasQualifiedName("org.junit", "Assert", "assertTrue") or
|
||||
m.hasQualifiedName("org.junit", "Assume", "assumeTrue") or
|
||||
m.hasQualifiedName("junit.framework", _, "assertTrue")
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `m` is a method that checks that its argument at position `arg` is
|
||||
* equal to false and throws otherwise.
|
||||
*/
|
||||
private predicate methodCheckFalse(Method m, int arg) {
|
||||
arg = 0 and
|
||||
(
|
||||
m.hasQualifiedName("org.junit.jupiter.api", "Assertions", "assertFalse") or
|
||||
m.hasQualifiedName("org.junit.jupiter.api", "Assumptions", "assumeFalse") or
|
||||
m.hasQualifiedName("org.testng", "Assert", "assertFalse")
|
||||
)
|
||||
or
|
||||
m.getParameter(arg).getType() instanceof BooleanType and
|
||||
(
|
||||
m.hasQualifiedName("org.junit", "Assert", "assertFalse") or
|
||||
m.hasQualifiedName("org.junit", "Assume", "assumeFalse") or
|
||||
m.hasQualifiedName("junit.framework", _, "assertFalse")
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `m` is a method that checks that its argument at position `arg` is
|
||||
* not null and throws otherwise.
|
||||
*/
|
||||
private predicate methodCheckNotNull(Method m, int arg) {
|
||||
arg = 0 and
|
||||
(
|
||||
m.hasQualifiedName("com.google.common.base", "Preconditions", "checkNotNull") or
|
||||
m.hasQualifiedName("com.google.common.base", "Verify", "verifyNotNull") or
|
||||
m.hasQualifiedName("org.apache.commons.lang3", "Validate", "notNull") or
|
||||
m.hasQualifiedName("java.util", "Objects", "requireNonNull") or
|
||||
m.hasQualifiedName("org.junit.jupiter.api", "Assertions", "assertNotNull") or
|
||||
m.hasQualifiedName("org.junit", "Assume", "assumeNotNull") or // vararg
|
||||
m.hasQualifiedName("org.testng", "Assert", "assertNotNull")
|
||||
)
|
||||
or
|
||||
arg = m.getNumberOfParameters() - 1 and
|
||||
(
|
||||
m.hasQualifiedName("org.junit", "Assert", "assertNotNull") or
|
||||
m.hasQualifiedName("junit.framework", _, "assertNotNull")
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `m` is a method that checks that its argument at position `arg`
|
||||
* satisfies a property specified by another argument and throws otherwise.
|
||||
*/
|
||||
private predicate methodCheckThat(Method m, int arg) {
|
||||
m.getParameter(arg).getType().getErasure() instanceof TypeObject and
|
||||
(
|
||||
m.hasQualifiedName("org.hamcrest", "MatcherAssert", "assertThat") or
|
||||
m.hasQualifiedName("org.junit", "Assert", "assertThat") or
|
||||
m.hasQualifiedName("org.junit", "Assume", "assumeThat")
|
||||
)
|
||||
}
|
||||
|
||||
/** Holds if `m` is a method that unconditionally throws. */
|
||||
private predicate methodUnconditionallyThrows(Method m) {
|
||||
m.hasQualifiedName("org.junit.jupiter.api", "Assertions", "fail") or
|
||||
m.hasQualifiedName("org.junit", "Assert", "fail") or
|
||||
m.hasQualifiedName("junit.framework", _, "fail") or
|
||||
m.hasQualifiedName("org.testng", "Assert", "fail")
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `mc` is a call to a method that checks that its argument `arg` is
|
||||
* equal to `checkTrue` and throws otherwise.
|
||||
*/
|
||||
predicate methodCallChecksBoolean(MethodCall mc, Expr arg, boolean checkTrue) {
|
||||
exists(int pos | mc.getArgument(pos) = arg |
|
||||
methodCheckTrue(mc.getMethod().getSourceDeclaration(), pos) and checkTrue = true
|
||||
or
|
||||
methodCheckFalse(mc.getMethod().getSourceDeclaration(), pos) and checkTrue = false
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `mc` is a call to a method that checks that its argument `arg` is
|
||||
* not null and throws otherwise.
|
||||
*/
|
||||
predicate methodCallChecksNotNull(MethodCall mc, Expr arg) {
|
||||
exists(int pos | mc.getArgument(pos) = arg |
|
||||
methodCheckNotNull(mc.getMethod().getSourceDeclaration(), pos)
|
||||
or
|
||||
methodCheckThat(mc.getMethod().getSourceDeclaration(), pos) and
|
||||
mc.getAnArgument().(MethodCall).getMethod().getName() = "notNullValue"
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `mc` is a call to a method that checks one of its arguments in some
|
||||
* way and possibly throws.
|
||||
*/
|
||||
predicate methodCallChecksArgument(MethodCall mc) {
|
||||
methodCallChecksBoolean(mc, _, _) or
|
||||
methodCallChecksNotNull(mc, _)
|
||||
}
|
||||
|
||||
/** Holds if `mc` is a call to a method that unconditionally throws. */
|
||||
predicate methodCallUnconditionallyThrows(MethodCall mc) {
|
||||
methodUnconditionallyThrows(mc.getMethod().getSourceDeclaration()) or
|
||||
exists(BooleanLiteral b | methodCallChecksBoolean(mc, b, b.getBooleanValue().booleanNot()))
|
||||
}
|
||||
|
||||
/**
|
||||
* DEPRECATED: Use `methodCallChecksBoolean` instead.
|
||||
*
|
||||
* Holds if `m` is a non-overridable method that checks that its zero-indexed `argument`
|
||||
* is equal to `checkTrue` and throws otherwise.
|
||||
*/
|
||||
deprecated predicate conditionCheckMethodArgument(Method m, int argument, boolean checkTrue) {
|
||||
methodCheckTrue(m, argument) and checkTrue = true
|
||||
predicate conditionCheckMethodArgument(Method m, int argument, boolean checkTrue) {
|
||||
condtionCheckMethodGooglePreconditions(m, checkTrue) and argument = 0
|
||||
or
|
||||
methodCheckFalse(m, argument) and checkTrue = false
|
||||
conditionCheckMethodApacheCommonsLang3Validate(m, checkTrue) and argument = 0
|
||||
or
|
||||
condtionCheckMethodTestingFramework(m, argument, checkTrue)
|
||||
or
|
||||
exists(Parameter p, MethodCall ma, int argIndex, boolean ct, Expr arg |
|
||||
p = m.getParameter(argument) and
|
||||
not m.isOverridable() and
|
||||
m.getBody().getStmt(0).(ExprStmt).getExpr() = ma and
|
||||
conditionCheckArgument(ma, argIndex, ct) and
|
||||
ma.getArgument(argIndex) = arg and
|
||||
(
|
||||
arg.(LogNotExpr).getExpr().(VarAccess).getVariable() = p and
|
||||
checkTrue = ct.booleanNot()
|
||||
or
|
||||
arg.(VarAccess).getVariable() = p and checkTrue = ct
|
||||
)
|
||||
)
|
||||
or
|
||||
exists(Parameter p, IfStmt ifstmt, Expr cond |
|
||||
p = m.getParameter(argument) and
|
||||
not m.isOverridable() and
|
||||
p.getType() instanceof BooleanType and
|
||||
m.getBody().getStmt(0) = ifstmt and
|
||||
ifstmt.getCondition() = cond and
|
||||
(
|
||||
cond.(LogNotExpr).getExpr().(VarAccess).getVariable() = p and checkTrue = true
|
||||
or
|
||||
cond.(VarAccess).getVariable() = p and checkTrue = false
|
||||
) and
|
||||
(
|
||||
ifstmt.getThen() instanceof ThrowStmt or
|
||||
ifstmt.getThen().(SingletonBlock).getStmt() instanceof ThrowStmt
|
||||
)
|
||||
)
|
||||
}
|
||||
|
||||
private predicate condtionCheckMethodGooglePreconditions(Method m, boolean checkTrue) {
|
||||
m.getDeclaringType().hasQualifiedName("com.google.common.base", "Preconditions") and
|
||||
checkTrue = true and
|
||||
(m.hasName("checkArgument") or m.hasName("checkState"))
|
||||
}
|
||||
|
||||
private predicate conditionCheckMethodApacheCommonsLang3Validate(Method m, boolean checkTrue) {
|
||||
m.getDeclaringType().hasQualifiedName("org.apache.commons.lang3", "Validate") and
|
||||
checkTrue = true and
|
||||
(m.hasName("isTrue") or m.hasName("validState"))
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `m` is a non-overridable testing framework method that checks that its first argument
|
||||
* is equal to `checkTrue` and throws otherwise.
|
||||
*/
|
||||
private predicate condtionCheckMethodTestingFramework(Method m, int argument, boolean checkTrue) {
|
||||
argument = 0 and
|
||||
(
|
||||
m.getDeclaringType().hasQualifiedName("org.junit", "Assume") and
|
||||
checkTrue = true and
|
||||
m.hasName("assumeTrue")
|
||||
or
|
||||
m.getDeclaringType().hasQualifiedName("org.junit.jupiter.api", "Assertions") and
|
||||
(
|
||||
checkTrue = true and m.hasName("assertTrue")
|
||||
or
|
||||
checkTrue = false and m.hasName("assertFalse")
|
||||
)
|
||||
or
|
||||
m.getDeclaringType().hasQualifiedName("org.junit.jupiter.api", "Assumptions") and
|
||||
(
|
||||
checkTrue = true and m.hasName("assumeTrue")
|
||||
or
|
||||
checkTrue = false and m.hasName("assumeFalse")
|
||||
)
|
||||
)
|
||||
or
|
||||
m.getDeclaringType().hasQualifiedName(["org.junit", "org.testng"], "Assert") and
|
||||
m.getParameter(argument).getType() instanceof BooleanType and
|
||||
(
|
||||
checkTrue = true and m.hasName("assertTrue")
|
||||
or
|
||||
checkTrue = false and m.hasName("assertFalse")
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* DEPRECATED: Use `methodCallChecksBoolean` instead.
|
||||
*
|
||||
* Holds if `ma` is an access to a non-overridable method that checks that its
|
||||
* zero-indexed `argument` is equal to `checkTrue` and throws otherwise.
|
||||
*/
|
||||
deprecated predicate conditionCheckArgument(MethodCall ma, int argument, boolean checkTrue) {
|
||||
predicate conditionCheckArgument(MethodCall ma, int argument, boolean checkTrue) {
|
||||
conditionCheckMethodArgument(ma.getMethod().getSourceDeclaration(), argument, checkTrue)
|
||||
}
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user