mirror of
https://github.com/github/codeql.git
synced 2026-05-27 09:31:30 +02:00
Compare commits
12 Commits
max-schaef
...
calumgrant
| Author | SHA1 | Date | |
|---|---|---|---|
|
2991069649 | ||
|
|
dcd8589967 | ||
|
|
dcc95bb860 | ||
|
|
0dd05ba854 | ||
|
|
17ec5211c4 | ||
|
|
7ea1191f5d | ||
|
|
57eb6c13ed | ||
|
|
b26acadc49 | ||
|
|
c1a281f183 | ||
|
|
5a8af8b533 | ||
|
|
87fdf5f98f | ||
|
|
0775b78275 |
15
.github/workflows/codeql-analysis.yml
vendored
15
.github/workflows/codeql-analysis.yml
vendored
@@ -40,7 +40,7 @@ jobs:
|
||||
uses: github/codeql-action/init@main
|
||||
# Override language selection by uncommenting this and choosing your languages
|
||||
with:
|
||||
languages: csharp
|
||||
languages: csharp, cpp
|
||||
config-file: ./.github/codeql/codeql-config.yml
|
||||
|
||||
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
|
||||
@@ -57,6 +57,19 @@ jobs:
|
||||
|
||||
- run: |
|
||||
dotnet build csharp
|
||||
|
||||
- name: "[Ubuntu] Remove GCC 13 from runner image"
|
||||
shell: bash
|
||||
run: |
|
||||
sudo rm -f /etc/apt/sources.list.d/ubuntu-toolchain-r-ubuntu-test-jammy.list
|
||||
sudo apt-get update
|
||||
sudo apt-get install -y --allow-downgrades libc6=2.35-* libc6-dev=2.35-* libstdc++6=12.3.0-* libgcc-s1=12.3.0-*
|
||||
|
||||
- name: "Build Swift extractor using Bazel"
|
||||
run: |
|
||||
bazel clean --expunge
|
||||
bazel run //swift:create-extractor-pack --nouse_action_cache --noremote_accept_cached --noremote_upload_local_results --spawn_strategy=local --features=-layering_check
|
||||
bazel shutdown
|
||||
|
||||
- name: Perform CodeQL Analysis
|
||||
uses: github/codeql-action/analyze@main
|
||||
|
||||
55
.github/workflows/cpp-swift-analysis.yml
vendored
55
.github/workflows/cpp-swift-analysis.yml
vendored
@@ -1,55 +0,0 @@
|
||||
name: "Code scanning - C++"
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
- 'rc/*'
|
||||
pull_request:
|
||||
branches:
|
||||
- main
|
||||
- 'rc/*'
|
||||
paths:
|
||||
- 'swift/**'
|
||||
- '.github/codeql/**'
|
||||
- '.github/workflows/cpp-swift-analysis.yml'
|
||||
schedule:
|
||||
- cron: '0 9 * * 1'
|
||||
|
||||
jobs:
|
||||
CodeQL-Build:
|
||||
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
security-events: write
|
||||
pull-requests: read
|
||||
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
|
||||
# Initializes the CodeQL tools for scanning.
|
||||
- name: Initialize CodeQL
|
||||
uses: github/codeql-action/init@main
|
||||
# Override language selection by uncommenting this and choosing your languages
|
||||
with:
|
||||
languages: cpp
|
||||
config-file: ./.github/codeql/codeql-config.yml
|
||||
|
||||
- name: "[Ubuntu] Remove GCC 13 from runner image"
|
||||
shell: bash
|
||||
run: |
|
||||
sudo rm -f /etc/apt/sources.list.d/ubuntu-toolchain-r-ubuntu-test-jammy.list
|
||||
sudo apt-get update
|
||||
sudo apt-get install -y --allow-downgrades libc6=2.35-* libc6-dev=2.35-* libstdc++6=12.3.0-* libgcc-s1=12.3.0-*
|
||||
|
||||
- name: "Build Swift extractor using Bazel"
|
||||
run: |
|
||||
bazel clean --expunge
|
||||
bazel run //swift:create-extractor-pack --nouse_action_cache --noremote_accept_cached --noremote_upload_local_results --spawn_strategy=local --features=-layering_check
|
||||
bazel shutdown
|
||||
|
||||
- name: Perform CodeQL Analysis
|
||||
uses: github/codeql-action/analyze@main
|
||||
@@ -1,5 +1,4 @@
|
||||
/cpp/ @github/codeql-c-analysis
|
||||
/cpp/autobuilder/ @github/codeql-c-extractor
|
||||
/csharp/ @github/codeql-csharp
|
||||
/go/ @github/codeql-go
|
||||
/java/ @github/codeql-java
|
||||
|
||||
@@ -18,7 +18,7 @@ bazel_dep(name = "rules_pkg", version = "0.9.1")
|
||||
bazel_dep(name = "rules_nodejs", version = "6.0.3")
|
||||
bazel_dep(name = "rules_python", version = "0.31.0")
|
||||
bazel_dep(name = "bazel_skylib", version = "1.5.0")
|
||||
bazel_dep(name = "abseil-cpp", version = "20240116.0", repo_name = "absl")
|
||||
bazel_dep(name = "abseil-cpp", version = "20240116.1", repo_name = "absl")
|
||||
bazel_dep(name = "nlohmann_json", version = "3.11.3", repo_name = "json")
|
||||
bazel_dep(name = "fmt", version = "10.0.0")
|
||||
|
||||
|
||||
@@ -28,6 +28,7 @@ provide:
|
||||
- "misc/suite-helpers/qlpack.yml"
|
||||
- "ruby/extractor-pack/codeql-extractor.yml"
|
||||
- "swift/extractor-pack/codeql-extractor.yml"
|
||||
- "swift/integration-tests/qlpack.yml"
|
||||
- "ql/extractor-pack/codeql-extractor.yml"
|
||||
- ".github/codeql/extensions/**/codeql-pack.yml"
|
||||
|
||||
|
||||
@@ -1,7 +0,0 @@
|
||||
class Expr extends @expr {
|
||||
string toString() { none() }
|
||||
}
|
||||
|
||||
from Expr reuse, Expr original
|
||||
where expr_reuse(reuse, original, _)
|
||||
select reuse, original
|
||||
@@ -1,22 +0,0 @@
|
||||
class Expr extends @expr {
|
||||
string toString() { none() }
|
||||
}
|
||||
|
||||
class Type extends @type {
|
||||
string toString() { none() }
|
||||
}
|
||||
|
||||
predicate existingType(Expr expr, Type type, int value_category) {
|
||||
expr_types(expr, type, value_category)
|
||||
}
|
||||
|
||||
predicate reuseType(Expr reuse, Type type, int value_category) {
|
||||
exists(Expr original |
|
||||
expr_reuse(reuse, original, value_category) and
|
||||
expr_types(original, type, _)
|
||||
)
|
||||
}
|
||||
|
||||
from Expr expr, Type type, int value_category
|
||||
where existingType(expr, type, value_category) or reuseType(expr, type, value_category)
|
||||
select expr, type, value_category
|
||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@@ -1,4 +0,0 @@
|
||||
description: Add value category to expr_reuse table
|
||||
compatibility: full
|
||||
expr_reuse.rel: run expr_reuse.qlo
|
||||
expr_types.rel: run expr_types.qlo
|
||||
@@ -1,22 +1,3 @@
|
||||
## 0.12.10
|
||||
|
||||
### New Features
|
||||
|
||||
* Added a `TaintInheritingContent` class that can be extended to model taint flowing from a qualifier to a field.
|
||||
* Added a predicate `GuardCondition.comparesEq/4` to query whether an expression is compared to a constant.
|
||||
* Added a predicate `GuardCondition.ensuresEq/4` to query whether a basic block is guarded by an expression being equal to a constant.
|
||||
* Added a predicate `GuardCondition.comparesLt/4` to query whether an expression is compared to a constant.
|
||||
* Added a predicate `GuardCondition.ensuresLt/4` to query whether a basic block is guarded by an expression being less than a constant.
|
||||
* Added a predicate `GuardCondition.valueControls` to query whether a basic block is guarded by a particular `case` of a `switch` statement.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added destructors for temporary objects with extended lifetimes to the intermediate representation.
|
||||
|
||||
## 0.12.9
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.12.8
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: feature
|
||||
---
|
||||
* Added a predicate `GuardCondition.valueControls` to query whether a basic block is guarded by a particular `case` of a `switch` statement.
|
||||
@@ -0,0 +1,5 @@
|
||||
---
|
||||
category: feature
|
||||
---
|
||||
* Added a predicate `GuardCondition.comparesLt/4` to query whether an expression is compared to a constant.
|
||||
* Added a predicate `GuardCondition.ensuresLt/4` to query whether a basic block is guarded by an expression being less than a constant.
|
||||
@@ -0,0 +1,5 @@
|
||||
---
|
||||
category: feature
|
||||
---
|
||||
* Added a predicate `GuardCondition.comparesEq/4` to query whether an expression is compared to a constant.
|
||||
* Added a predicate `GuardCondition.ensuresEq/4` to query whether a basic block is guarded by an expression being equal to a constant.
|
||||
@@ -1,14 +0,0 @@
|
||||
## 0.12.10
|
||||
|
||||
### New Features
|
||||
|
||||
* Added a `TaintInheritingContent` class that can be extended to model taint flowing from a qualifier to a field.
|
||||
* Added a predicate `GuardCondition.comparesEq/4` to query whether an expression is compared to a constant.
|
||||
* Added a predicate `GuardCondition.ensuresEq/4` to query whether a basic block is guarded by an expression being equal to a constant.
|
||||
* Added a predicate `GuardCondition.comparesLt/4` to query whether an expression is compared to a constant.
|
||||
* Added a predicate `GuardCondition.ensuresLt/4` to query whether a basic block is guarded by an expression being less than a constant.
|
||||
* Added a predicate `GuardCondition.valueControls` to query whether a basic block is guarded by a particular `case` of a `switch` statement.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added destructors for temporary objects with extended lifetimes to the intermediate representation.
|
||||
@@ -1,3 +0,0 @@
|
||||
## 0.12.9
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.12.10
|
||||
lastReleaseVersion: 0.12.8
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/cpp-all
|
||||
version: 0.12.10
|
||||
version: 0.12.9-dev
|
||||
groups: cpp
|
||||
dbscheme: semmlecode.cpp.dbscheme
|
||||
extractor: cpp
|
||||
|
||||
@@ -590,33 +590,6 @@ class TemplateVariable extends Variable {
|
||||
Variable getAnInstantiation() { result.isConstructedFrom(this) }
|
||||
}
|
||||
|
||||
/**
|
||||
* A variable that is an instantiation of a template. For example
|
||||
* the instantiation `myTemplateVariable<int>` in the following code:
|
||||
* ```
|
||||
* template<class T>
|
||||
* T myTemplateVariable;
|
||||
*
|
||||
* void caller(int i) {
|
||||
* myTemplateVariable<int> = i;
|
||||
* }
|
||||
* ```
|
||||
*/
|
||||
class VariableTemplateInstantiation extends Variable {
|
||||
TemplateVariable tv;
|
||||
|
||||
VariableTemplateInstantiation() { tv.getAnInstantiation() = this }
|
||||
|
||||
override string getAPrimaryQlClass() { result = "VariableTemplateInstantiation" }
|
||||
|
||||
/**
|
||||
* Gets the variable template from which this instantiation was instantiated.
|
||||
*
|
||||
* Example: For `int x<int>`, returns `T x`.
|
||||
*/
|
||||
TemplateVariable getTemplate() { result = tv }
|
||||
}
|
||||
|
||||
/**
|
||||
* A non-static local variable or parameter that is not part of an
|
||||
* uninstantiated template. Uninstantiated templates are purely syntax, and
|
||||
|
||||
@@ -1340,13 +1340,5 @@ class ReuseExpr extends Expr, @reuseexpr {
|
||||
/**
|
||||
* Gets the expression that is being re-used.
|
||||
*/
|
||||
Expr getReusedExpr() { expr_reuse(underlyingElement(this), unresolveElement(result), _) }
|
||||
|
||||
override Type getType() { result = this.getReusedExpr().getType() }
|
||||
|
||||
override predicate isLValueCategory() { expr_reuse(underlyingElement(this), _, 3) }
|
||||
|
||||
override predicate isXValueCategory() { expr_reuse(underlyingElement(this), _, 2) }
|
||||
|
||||
override predicate isPRValueCategory() { expr_reuse(underlyingElement(this), _, 1) }
|
||||
Expr getReusedExpr() { expr_reuse(underlyingElement(this), unresolveElement(result)) }
|
||||
}
|
||||
|
||||
@@ -1,20 +0,0 @@
|
||||
/**
|
||||
* This file provides an abstract class that can be used to model additional
|
||||
* object-to-field taint-flow.
|
||||
*/
|
||||
|
||||
private import codeql.util.Unit
|
||||
private import semmle.code.cpp.dataflow.new.DataFlow
|
||||
|
||||
/**
|
||||
* A `Content` that should be implicitly regarded as tainted whenever an object with such `Content`
|
||||
* is itself tainted.
|
||||
*
|
||||
* For example, if we had a type `struct Container { int field; }`, then by default a tainted
|
||||
* `Container` and a `Container` with a tainted `int` stored in its `field` are distinct.
|
||||
*
|
||||
* If `any(DataFlow::FieldContent fc | fc.getField().hasQualifiedName("Container", "field"))` was
|
||||
* included in this type however, then a tainted `Container` would imply that its `field` is also
|
||||
* tainted (but not vice versa).
|
||||
*/
|
||||
abstract class TaintInheritingContent extends DataFlow::Content { }
|
||||
@@ -2301,8 +2301,8 @@ private import ContentStars
|
||||
|
||||
/** A reference through a non-union instance field. */
|
||||
class FieldContent extends Content, TFieldContent {
|
||||
private Field f;
|
||||
private int indirectionIndex;
|
||||
Field f;
|
||||
int indirectionIndex;
|
||||
|
||||
FieldContent() { this = TFieldContent(f, indirectionIndex) }
|
||||
|
||||
@@ -2329,9 +2329,9 @@ class FieldContent extends Content, TFieldContent {
|
||||
|
||||
/** A reference through an instance field of a union. */
|
||||
class UnionContent extends Content, TUnionContent {
|
||||
private Union u;
|
||||
private int indirectionIndex;
|
||||
private int bytes;
|
||||
Union u;
|
||||
int indirectionIndex;
|
||||
int bytes;
|
||||
|
||||
UnionContent() { this = TUnionContent(u, bytes, indirectionIndex) }
|
||||
|
||||
|
||||
@@ -6,7 +6,6 @@ private import semmle.code.cpp.models.interfaces.SideEffect
|
||||
private import DataFlowUtil
|
||||
private import DataFlowPrivate
|
||||
private import SsaInternals as Ssa
|
||||
private import semmle.code.cpp.ir.dataflow.FlowSteps
|
||||
|
||||
/**
|
||||
* Holds if taint propagates from `nodeFrom` to `nodeTo` in exactly one local
|
||||
@@ -38,12 +37,6 @@ predicate localAdditionalTaintStep(DataFlow::Node nodeFrom, DataFlow::Node nodeT
|
||||
)
|
||||
or
|
||||
any(Ssa::Indirection ind).isAdditionalTaintStep(nodeFrom, nodeTo)
|
||||
or
|
||||
// object->field conflation for content that is a `TaintInheritingContent`.
|
||||
exists(DataFlow::ContentSet f |
|
||||
readStep(nodeFrom, f, nodeTo) and
|
||||
f.getAReadContent() instanceof TaintInheritingContent
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -130,6 +130,11 @@ private predicate ignoreExprAndDescendants(Expr expr) {
|
||||
or
|
||||
// suppress destructors of temporary variables until proper support is added for them.
|
||||
exists(Expr parent | parent.getAnImplicitDestructorCall() = expr)
|
||||
or
|
||||
exists(Stmt parent |
|
||||
parent.getAnImplicitDestructorCall() = expr and
|
||||
expr.(DestructorCall).getQualifier() instanceof ReuseExpr
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -2769,50 +2769,6 @@ class TranslatedTemporaryObjectExpr extends TranslatedNonConstantExpr,
|
||||
final override Instruction getResult() { result = this.getTargetAddress() }
|
||||
}
|
||||
|
||||
/**
|
||||
* IR translation of a `ReuseExpr`.
|
||||
*
|
||||
* This translation produces a copy of the glvalue instruction holding the (unconverted) result
|
||||
* of the reused expression. In the case where the original expression was a prvalue, the
|
||||
* result will be a copy of the glvalue operand of a `TranslatedLoad`.
|
||||
*/
|
||||
class TranslatedReuseExpr extends TranslatedNonConstantExpr {
|
||||
override ReuseExpr expr;
|
||||
|
||||
override Instruction getFirstInstruction(EdgeKind kind) {
|
||||
result = this.getInstruction(OnlyInstructionTag()) and
|
||||
kind instanceof GotoEdge
|
||||
}
|
||||
|
||||
override predicate hasInstruction(Opcode opcode, InstructionTag tag, CppType resultType) {
|
||||
opcode instanceof Opcode::CopyValue and
|
||||
tag instanceof OnlyInstructionTag and
|
||||
resultType = this.getResultType()
|
||||
}
|
||||
|
||||
override Instruction getResult() { result = this.getInstruction(OnlyInstructionTag()) }
|
||||
|
||||
override Instruction getInstructionSuccessorInternal(InstructionTag tag, EdgeKind kind) {
|
||||
tag = OnlyInstructionTag() and
|
||||
kind instanceof GotoEdge and
|
||||
result = this.getParent().getChildSuccessor(this, kind)
|
||||
}
|
||||
|
||||
override TranslatedElement getChildInternal(int id) { none() }
|
||||
|
||||
override Instruction getALastInstructionInternal() {
|
||||
result = this.getInstruction(OnlyInstructionTag())
|
||||
}
|
||||
|
||||
override Instruction getInstructionRegisterOperand(InstructionTag tag, OperandTag operandTag) {
|
||||
tag = OnlyInstructionTag() and
|
||||
operandTag instanceof UnaryOperandTag and
|
||||
if getTranslatedExpr(expr.getReusedExpr()) instanceof TranslatedLoad
|
||||
then result = getTranslatedExpr(expr.getReusedExpr()).(TranslatedLoad).getOperand().getResult()
|
||||
else result = getTranslatedExpr(expr.getReusedExpr()).getResult()
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* IR translation of a `throw` expression.
|
||||
*/
|
||||
|
||||
@@ -248,9 +248,19 @@ abstract class TranslatedStmt extends TranslatedElement, TTranslatedStmt {
|
||||
final override TranslatedElement getChild(int id) {
|
||||
result = this.getChildInternal(id)
|
||||
or
|
||||
exists(int destructorIndex |
|
||||
exists(int destructorIndex, int tempDestructorCount |
|
||||
result.(TranslatedExpr).getExpr() = stmt.getImplicitDestructorCall(destructorIndex) and
|
||||
id = this.getFirstDestructorCallIndex() + destructorIndex
|
||||
id = this.getFirstDestructorCallIndex() + destructorIndex - tempDestructorCount and
|
||||
// suppress destructors of temporary variables until proper support is added for them.
|
||||
tempDestructorCount =
|
||||
count(DestructorCall call, int tempIndex |
|
||||
stmt.getImplicitDestructorCall(tempIndex) = call and
|
||||
tempIndex < destructorIndex and
|
||||
call.getQualifier() instanceof ReuseExpr
|
||||
|
|
||||
call
|
||||
) and
|
||||
not stmt.getImplicitDestructorCall(destructorIndex).getQualifier() instanceof ReuseExpr
|
||||
)
|
||||
}
|
||||
|
||||
@@ -261,7 +271,11 @@ abstract class TranslatedStmt extends TranslatedElement, TTranslatedStmt {
|
||||
}
|
||||
|
||||
final override predicate hasAnImplicitDestructorCall() {
|
||||
exists(stmt.getAnImplicitDestructorCall())
|
||||
exists(stmt.getAnImplicitDestructorCall()) and
|
||||
// suppress destructors of temporary variables until proper support is added for them.
|
||||
exists(Expr expr | stmt.getAnImplicitDestructorCall().getQualifier() = expr |
|
||||
not expr instanceof ReuseExpr
|
||||
)
|
||||
}
|
||||
|
||||
final override string toString() { result = stmt.toString() }
|
||||
|
||||
@@ -1515,8 +1515,7 @@ exprs(
|
||||
|
||||
expr_reuse(
|
||||
int reuse: @expr ref,
|
||||
int original: @expr ref,
|
||||
int value_category: int ref
|
||||
int original: @expr ref
|
||||
)
|
||||
|
||||
/*
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -1,7 +0,0 @@
|
||||
class Expr extends @expr {
|
||||
string toString() { none() }
|
||||
}
|
||||
|
||||
from Expr reuse, Expr original, int value_category
|
||||
where expr_reuse(reuse, original) and expr_types(original, _, value_category)
|
||||
select reuse, original, value_category
|
||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@@ -1,3 +0,0 @@
|
||||
description: Add value category to expr_reuse table
|
||||
compatibility: full
|
||||
expr_reuse.rel: run expr_reuse.qlo
|
||||
@@ -1,23 +1,3 @@
|
||||
## 0.9.9
|
||||
|
||||
### New Queries
|
||||
|
||||
* Added a new query, `cpp/type-confusion`, to detect casts to invalid types.
|
||||
|
||||
### Query Metadata Changes
|
||||
|
||||
* `@precision medium` metadata was added to the `cpp/boost/tls-settings-misconfiguration` and `cpp/boost/use-of-deprecated-hardcoded-security-protocol` queries, and these queries are now included in the security-extended suite. The `@name` metadata of these queries were also updated.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The "Missing return-value check for a 'scanf'-like function" query (`cpp/missing-check-scanf`) has been converted to a `path-problem` query.
|
||||
* The "Potentially uninitialized local variable" query (`cpp/uninitialized-local`) has been converted to a `path-problem` query.
|
||||
* Added models for `GLib` allocation and deallocation functions.
|
||||
|
||||
## 0.9.8
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.9.7
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: newQuery
|
||||
---
|
||||
* Added a new query, `cpp/type-confusion`, to detect casts to invalid types.
|
||||
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added models for `GLib` allocation and deallocation functions.
|
||||
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The "Potentially uninitialized local variable" query (`cpp/uninitialized-local`) has been converted to a `path-problem` query.
|
||||
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The "Missing return-value check for a 'scanf'-like function" query (`cpp/missing-check-scanf`) has been converted to a `path-problem` query.
|
||||
4
cpp/ql/src/change-notes/2024-03-22-boost-ssl.md
Normal file
4
cpp/ql/src/change-notes/2024-03-22-boost-ssl.md
Normal file
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: queryMetadata
|
||||
---
|
||||
* `@precision medium` metadata was added to the `cpp/boost/tls-settings-misconfiguration` and `cpp/boost/use-of-deprecated-hardcoded-security-protocol` queries, and these queries are now included in the security-extended suite. The `@name` metadata of these queries were also updated.
|
||||
@@ -1,3 +0,0 @@
|
||||
## 0.9.8
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,15 +0,0 @@
|
||||
## 0.9.9
|
||||
|
||||
### New Queries
|
||||
|
||||
* Added a new query, `cpp/type-confusion`, to detect casts to invalid types.
|
||||
|
||||
### Query Metadata Changes
|
||||
|
||||
* `@precision medium` metadata was added to the `cpp/boost/tls-settings-misconfiguration` and `cpp/boost/use-of-deprecated-hardcoded-security-protocol` queries, and these queries are now included in the security-extended suite. The `@name` metadata of these queries were also updated.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The "Missing return-value check for a 'scanf'-like function" query (`cpp/missing-check-scanf`) has been converted to a `path-problem` query.
|
||||
* The "Potentially uninitialized local variable" query (`cpp/uninitialized-local`) has been converted to a `path-problem` query.
|
||||
* Added models for `GLib` allocation and deallocation functions.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.9.9
|
||||
lastReleaseVersion: 0.9.7
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/cpp-queries
|
||||
version: 0.9.9
|
||||
version: 0.9.8-dev
|
||||
groups:
|
||||
- cpp
|
||||
- queries
|
||||
|
||||
@@ -6676,7 +6676,6 @@ WARNING: Module TaintTracking has been deprecated and may be removed in future (
|
||||
| taint.cpp:757:7:757:10 | path | taint.cpp:759:8:759:11 | path | |
|
||||
| taint.cpp:758:21:758:24 | ref arg path | taint.cpp:759:8:759:11 | path | |
|
||||
| taint.cpp:759:8:759:11 | path | taint.cpp:759:7:759:11 | * ... | |
|
||||
| taint.cpp:769:37:769:42 | call to source | taint.cpp:770:7:770:9 | obj | |
|
||||
| vector.cpp:16:43:16:49 | source1 | vector.cpp:17:26:17:32 | source1 | |
|
||||
| vector.cpp:16:43:16:49 | source1 | vector.cpp:31:38:31:44 | source1 | |
|
||||
| vector.cpp:17:21:17:33 | call to vector | vector.cpp:19:14:19:14 | v | |
|
||||
|
||||
@@ -757,15 +757,4 @@ void test_call_sprintf() {
|
||||
char path[10];
|
||||
call_sprintf_twice(path, indirect_source());
|
||||
sink(*path); // $ ast,ir
|
||||
}
|
||||
|
||||
struct TaintInheritingContentObject {
|
||||
int flowFromObject;
|
||||
};
|
||||
|
||||
TaintInheritingContentObject source(bool);
|
||||
|
||||
void test_TaintInheritingContent() {
|
||||
TaintInheritingContentObject obj = source(true);
|
||||
sink(obj.flowFromObject); // $ ir MISSING: ast
|
||||
}
|
||||
@@ -76,24 +76,6 @@ module AstTest {
|
||||
module IRTest {
|
||||
private import semmle.code.cpp.ir.IR
|
||||
private import semmle.code.cpp.ir.dataflow.TaintTracking
|
||||
private import semmle.code.cpp.ir.dataflow.FlowSteps
|
||||
|
||||
/**
|
||||
* Object->field flow when the object is of type
|
||||
* TaintInheritingContentObject and the field is named
|
||||
* flowFromObject
|
||||
*/
|
||||
class TaintInheritingContentTest extends TaintInheritingContent, DataFlow::FieldContent {
|
||||
TaintInheritingContentTest() {
|
||||
exists(Struct o, Field f |
|
||||
this.getField() = f and
|
||||
f = o.getAField() and
|
||||
o.hasGlobalName("TaintInheritingContentObject") and
|
||||
f.hasName("flowFromObject") and
|
||||
this.getIndirectionIndex() = 1
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
/** Common data flow configuration to be used by tests. */
|
||||
module TestAllocationConfig implements DataFlow::ConfigSig {
|
||||
|
||||
@@ -15605,7 +15605,7 @@ ir.cpp:
|
||||
# 1934| Type = [ClassTemplateInstantiation,Struct] Bar2<int>
|
||||
# 1934| ValueCategory = lvalue
|
||||
# 1935| getStmt(2): [ReturnStmt] return ...
|
||||
# 1938| [GlobalVariable,VariableTemplateInstantiation] char global_template<char>
|
||||
# 1938| [GlobalVariable] char global_template<char>
|
||||
# 1938| getInitializer(): [Initializer] initializer for global_template
|
||||
# 1938| getExpr(): [Literal] 42
|
||||
# 1938| Type = [IntType] int
|
||||
@@ -15616,7 +15616,7 @@ ir.cpp:
|
||||
# 1938| Type = [PlainCharType] char
|
||||
# 1938| Value = [CStyleCast] 42
|
||||
# 1938| ValueCategory = prvalue
|
||||
# 1938| [GlobalVariable,VariableTemplateInstantiation] int global_template<int>
|
||||
# 1938| [GlobalVariable] int global_template<int>
|
||||
# 1938| getInitializer(): [Initializer] initializer for global_template
|
||||
# 1938| getExpr(): [Literal] 42
|
||||
# 1938| Type = [IntType] int
|
||||
|
||||
@@ -891,32 +891,24 @@ destructors_for_temps.cpp:
|
||||
|
||||
# 29| void temp_test3()
|
||||
# 29| Block 0
|
||||
# 29| v29_1(void) = EnterFunction :
|
||||
# 29| m29_2(unknown) = AliasedDefinition :
|
||||
# 29| m29_3(unknown) = InitializeNonLocal :
|
||||
# 29| m29_4(unknown) = Chi : total:m29_2, partial:m29_3
|
||||
# 30| r30_1(glval<ClassWithDestructor2 &>) = VariableAddress[rs] :
|
||||
# 30| r30_2(glval<ClassWithDestructor2>) = VariableAddress[#temp30:38] :
|
||||
# 30| r30_3(glval<unknown>) = FunctionAddress[returnValue] :
|
||||
# 30| r30_4(ClassWithDestructor2) = Call[returnValue] : func:r30_3
|
||||
# 30| m30_5(unknown) = ^CallSideEffect : ~m29_4
|
||||
# 30| m30_6(unknown) = Chi : total:m29_4, partial:m30_5
|
||||
# 30| m30_7(ClassWithDestructor2) = Store[#temp30:38] : &:r30_2, r30_4
|
||||
# 30| r30_8(glval<ClassWithDestructor2>) = Convert : r30_2
|
||||
# 30| r30_9(ClassWithDestructor2 &) = CopyValue : r30_8
|
||||
# 30| m30_10(ClassWithDestructor2 &) = Store[rs] : &:r30_1, r30_9
|
||||
# 31| v31_1(void) = NoOp :
|
||||
# 31| r31_2(glval<ClassWithDestructor2>) = CopyValue : r30_2
|
||||
# 31| r31_3(glval<unknown>) = FunctionAddress[~ClassWithDestructor2] :
|
||||
# 31| v31_4(void) = Call[~ClassWithDestructor2] : func:r31_3, this:r31_2
|
||||
# 31| m31_5(unknown) = ^CallSideEffect : ~m30_6
|
||||
# 31| m31_6(unknown) = Chi : total:m30_6, partial:m31_5
|
||||
# 31| v31_7(void) = ^IndirectReadSideEffect[-1] : &:r31_2, m30_7
|
||||
# 31| m31_8(ClassWithDestructor2) = ^IndirectMayWriteSideEffect[-1] : &:r31_2
|
||||
# 31| m31_9(ClassWithDestructor2) = Chi : total:m30_7, partial:m31_8
|
||||
# 29| v29_5(void) = ReturnVoid :
|
||||
# 29| v29_6(void) = AliasedUse : ~m31_6
|
||||
# 29| v29_7(void) = ExitFunction :
|
||||
# 29| v29_1(void) = EnterFunction :
|
||||
# 29| m29_2(unknown) = AliasedDefinition :
|
||||
# 29| m29_3(unknown) = InitializeNonLocal :
|
||||
# 29| m29_4(unknown) = Chi : total:m29_2, partial:m29_3
|
||||
# 30| r30_1(glval<ClassWithDestructor2 &>) = VariableAddress[rs] :
|
||||
# 30| r30_2(glval<ClassWithDestructor2>) = VariableAddress[#temp30:38] :
|
||||
# 30| r30_3(glval<unknown>) = FunctionAddress[returnValue] :
|
||||
# 30| r30_4(ClassWithDestructor2) = Call[returnValue] : func:r30_3
|
||||
# 30| m30_5(unknown) = ^CallSideEffect : ~m29_4
|
||||
# 30| m30_6(unknown) = Chi : total:m29_4, partial:m30_5
|
||||
# 30| m30_7(ClassWithDestructor2) = Store[#temp30:38] : &:r30_2, r30_4
|
||||
# 30| r30_8(glval<ClassWithDestructor2>) = Convert : r30_2
|
||||
# 30| r30_9(ClassWithDestructor2 &) = CopyValue : r30_8
|
||||
# 30| m30_10(ClassWithDestructor2 &) = Store[rs] : &:r30_1, r30_9
|
||||
# 31| v31_1(void) = NoOp :
|
||||
# 29| v29_5(void) = ReturnVoid :
|
||||
# 29| v29_6(void) = AliasedUse : ~m30_6
|
||||
# 29| v29_7(void) = ExitFunction :
|
||||
|
||||
# 33| void temp_test4()
|
||||
# 33| Block 0
|
||||
@@ -943,24 +935,16 @@ destructors_for_temps.cpp:
|
||||
# 35| r35_9(ClassWithDestructor2 &) = CopyValue : r35_8
|
||||
# 35| m35_10(ClassWithDestructor2 &) = Store[rs2] : &:r35_1, r35_9
|
||||
# 36| v36_1(void) = NoOp :
|
||||
# 36| r36_2(glval<ClassWithDestructor2>) = CopyValue : r35_2
|
||||
# 36| r36_2(glval<ClassWithDestructor2>) = VariableAddress[c] :
|
||||
# 36| r36_3(glval<unknown>) = FunctionAddress[~ClassWithDestructor2] :
|
||||
# 36| v36_4(void) = Call[~ClassWithDestructor2] : func:r36_3, this:r36_2
|
||||
# 36| m36_5(unknown) = ^CallSideEffect : ~m35_6
|
||||
# 36| m36_6(unknown) = Chi : total:m35_6, partial:m36_5
|
||||
# 36| v36_7(void) = ^IndirectReadSideEffect[-1] : &:r36_2, m35_7
|
||||
# 36| v36_7(void) = ^IndirectReadSideEffect[-1] : &:r36_2, m34_8
|
||||
# 36| m36_8(ClassWithDestructor2) = ^IndirectMayWriteSideEffect[-1] : &:r36_2
|
||||
# 36| m36_9(ClassWithDestructor2) = Chi : total:m35_7, partial:m36_8
|
||||
# 36| r36_10(glval<ClassWithDestructor2>) = VariableAddress[c] :
|
||||
# 36| r36_11(glval<unknown>) = FunctionAddress[~ClassWithDestructor2] :
|
||||
# 36| v36_12(void) = Call[~ClassWithDestructor2] : func:r36_11, this:r36_10
|
||||
# 36| m36_13(unknown) = ^CallSideEffect : ~m36_6
|
||||
# 36| m36_14(unknown) = Chi : total:m36_6, partial:m36_13
|
||||
# 36| v36_15(void) = ^IndirectReadSideEffect[-1] : &:r36_10, m34_8
|
||||
# 36| m36_16(ClassWithDestructor2) = ^IndirectMayWriteSideEffect[-1] : &:r36_10
|
||||
# 36| m36_17(ClassWithDestructor2) = Chi : total:m34_8, partial:m36_16
|
||||
# 36| m36_9(ClassWithDestructor2) = Chi : total:m34_8, partial:m36_8
|
||||
# 33| v33_5(void) = ReturnVoid :
|
||||
# 33| v33_6(void) = AliasedUse : ~m36_14
|
||||
# 33| v33_6(void) = AliasedUse : ~m36_6
|
||||
# 33| v33_7(void) = ExitFunction :
|
||||
|
||||
# 38| void temp_test5(bool)
|
||||
@@ -8898,24 +8882,16 @@ ir.cpp:
|
||||
# 1425| m1425_5(unknown) = Chi : total:m1423_11, partial:m1425_4
|
||||
# 1425| m1425_6(String) = Store[#temp1425:5] : &:r1425_1, r1425_3
|
||||
# 1426| v1426_1(void) = NoOp :
|
||||
# 1426| r1426_2(glval<String>) = CopyValue : r1416_2
|
||||
# 1426| r1426_2(glval<String>) = VariableAddress[s] :
|
||||
# 1426| r1426_3(glval<unknown>) = FunctionAddress[~String] :
|
||||
# 1426| v1426_4(void) = Call[~String] : func:r1426_3, this:r1426_2
|
||||
# 1426| m1426_5(unknown) = ^CallSideEffect : ~m1425_5
|
||||
# 1426| m1426_6(unknown) = Chi : total:m1425_5, partial:m1426_5
|
||||
# 1426| v1426_7(void) = ^IndirectReadSideEffect[-1] : &:r1426_2, m1416_7
|
||||
# 1426| v1426_7(void) = ^IndirectReadSideEffect[-1] : &:r1426_2, m1415_6
|
||||
# 1426| m1426_8(String) = ^IndirectMayWriteSideEffect[-1] : &:r1426_2
|
||||
# 1426| m1426_9(String) = Chi : total:m1416_7, partial:m1426_8
|
||||
# 1426| r1426_10(glval<String>) = VariableAddress[s] :
|
||||
# 1426| r1426_11(glval<unknown>) = FunctionAddress[~String] :
|
||||
# 1426| v1426_12(void) = Call[~String] : func:r1426_11, this:r1426_10
|
||||
# 1426| m1426_13(unknown) = ^CallSideEffect : ~m1426_6
|
||||
# 1426| m1426_14(unknown) = Chi : total:m1426_6, partial:m1426_13
|
||||
# 1426| v1426_15(void) = ^IndirectReadSideEffect[-1] : &:r1426_10, m1415_6
|
||||
# 1426| m1426_16(String) = ^IndirectMayWriteSideEffect[-1] : &:r1426_10
|
||||
# 1426| m1426_17(String) = Chi : total:m1415_6, partial:m1426_16
|
||||
# 1426| m1426_9(String) = Chi : total:m1415_6, partial:m1426_8
|
||||
# 1414| v1414_5(void) = ReturnVoid :
|
||||
# 1414| v1414_6(void) = AliasedUse : ~m1426_14
|
||||
# 1414| v1414_6(void) = AliasedUse : ~m1426_6
|
||||
# 1414| v1414_7(void) = ExitFunction :
|
||||
|
||||
# 1428| void temporary_destructor_only()
|
||||
@@ -8997,24 +8973,16 @@ ir.cpp:
|
||||
# 1438| v1438_7(void) = ^IndirectReadSideEffect[-1] : &:r1438_2, m1431_2
|
||||
# 1438| m1438_8(destructor_only) = ^IndirectMayWriteSideEffect[-1] : &:r1438_2
|
||||
# 1438| m1438_9(destructor_only) = Chi : total:m1431_2, partial:m1438_8
|
||||
# 1438| r1438_10(glval<destructor_only>) = CopyValue : r1430_2
|
||||
# 1438| r1438_10(glval<destructor_only>) = VariableAddress[d] :
|
||||
# 1438| r1438_11(glval<unknown>) = FunctionAddress[~destructor_only] :
|
||||
# 1438| v1438_12(void) = Call[~destructor_only] : func:r1438_11, this:r1438_10
|
||||
# 1438| m1438_13(unknown) = ^CallSideEffect : ~m1438_6
|
||||
# 1438| m1438_14(unknown) = Chi : total:m1438_6, partial:m1438_13
|
||||
# 1438| v1438_15(void) = ^IndirectReadSideEffect[-1] : &:r1438_10, m1430_7
|
||||
# 1438| v1438_15(void) = ^IndirectReadSideEffect[-1] : &:r1438_10, m1429_6
|
||||
# 1438| m1438_16(destructor_only) = ^IndirectMayWriteSideEffect[-1] : &:r1438_10
|
||||
# 1438| m1438_17(destructor_only) = Chi : total:m1430_7, partial:m1438_16
|
||||
# 1438| r1438_18(glval<destructor_only>) = VariableAddress[d] :
|
||||
# 1438| r1438_19(glval<unknown>) = FunctionAddress[~destructor_only] :
|
||||
# 1438| v1438_20(void) = Call[~destructor_only] : func:r1438_19, this:r1438_18
|
||||
# 1438| m1438_21(unknown) = ^CallSideEffect : ~m1438_14
|
||||
# 1438| m1438_22(unknown) = Chi : total:m1438_14, partial:m1438_21
|
||||
# 1438| v1438_23(void) = ^IndirectReadSideEffect[-1] : &:r1438_18, m1429_6
|
||||
# 1438| m1438_24(destructor_only) = ^IndirectMayWriteSideEffect[-1] : &:r1438_18
|
||||
# 1438| m1438_25(destructor_only) = Chi : total:m1429_6, partial:m1438_24
|
||||
# 1438| m1438_17(destructor_only) = Chi : total:m1429_6, partial:m1438_16
|
||||
# 1428| v1428_5(void) = ReturnVoid :
|
||||
# 1428| v1428_6(void) = AliasedUse : ~m1438_22
|
||||
# 1428| v1428_6(void) = AliasedUse : ~m1438_14
|
||||
# 1428| v1428_7(void) = ExitFunction :
|
||||
|
||||
# 1440| void temporary_copy_constructor()
|
||||
|
||||
@@ -805,7 +805,7 @@
|
||||
| destructors_for_temps.cpp:23:68:23:72 | Unary | r23_27 |
|
||||
| destructors_for_temps.cpp:29:6:29:15 | ChiPartial | partial:m29_3 |
|
||||
| destructors_for_temps.cpp:29:6:29:15 | ChiTotal | total:m29_2 |
|
||||
| destructors_for_temps.cpp:29:6:29:15 | SideEffect | ~m31_6 |
|
||||
| destructors_for_temps.cpp:29:6:29:15 | SideEffect | ~m30_6 |
|
||||
| destructors_for_temps.cpp:30:33:30:34 | Address | &:r30_1 |
|
||||
| destructors_for_temps.cpp:30:38:30:70 | CallTarget | func:r30_3 |
|
||||
| destructors_for_temps.cpp:30:38:30:70 | ChiPartial | partial:m30_5 |
|
||||
@@ -815,21 +815,10 @@
|
||||
| destructors_for_temps.cpp:30:38:30:72 | Address | &:r30_2 |
|
||||
| destructors_for_temps.cpp:30:38:30:72 | StoreValue | r30_9 |
|
||||
| destructors_for_temps.cpp:30:38:30:72 | Unary | r30_2 |
|
||||
| destructors_for_temps.cpp:30:38:30:72 | Unary | r30_2 |
|
||||
| destructors_for_temps.cpp:30:38:30:72 | Unary | r30_8 |
|
||||
| destructors_for_temps.cpp:31:1:31:1 | Address | &:r31_2 |
|
||||
| destructors_for_temps.cpp:31:1:31:1 | Address | &:r31_2 |
|
||||
| destructors_for_temps.cpp:31:1:31:1 | Arg(this) | this:r31_2 |
|
||||
| destructors_for_temps.cpp:31:1:31:1 | CallTarget | func:r31_3 |
|
||||
| destructors_for_temps.cpp:31:1:31:1 | ChiPartial | partial:m31_5 |
|
||||
| destructors_for_temps.cpp:31:1:31:1 | ChiPartial | partial:m31_8 |
|
||||
| destructors_for_temps.cpp:31:1:31:1 | ChiTotal | total:m30_6 |
|
||||
| destructors_for_temps.cpp:31:1:31:1 | ChiTotal | total:m30_7 |
|
||||
| destructors_for_temps.cpp:31:1:31:1 | SideEffect | m30_7 |
|
||||
| destructors_for_temps.cpp:31:1:31:1 | SideEffect | ~m30_6 |
|
||||
| destructors_for_temps.cpp:33:6:33:15 | ChiPartial | partial:m33_3 |
|
||||
| destructors_for_temps.cpp:33:6:33:15 | ChiTotal | total:m33_2 |
|
||||
| destructors_for_temps.cpp:33:6:33:15 | SideEffect | ~m36_14 |
|
||||
| destructors_for_temps.cpp:33:6:33:15 | SideEffect | ~m36_6 |
|
||||
| destructors_for_temps.cpp:34:26:34:26 | Address | &:r34_1 |
|
||||
| destructors_for_temps.cpp:34:26:34:26 | Address | &:r34_1 |
|
||||
| destructors_for_temps.cpp:34:26:34:26 | Arg(this) | this:r34_1 |
|
||||
@@ -848,28 +837,17 @@
|
||||
| destructors_for_temps.cpp:35:39:35:73 | Address | &:r35_2 |
|
||||
| destructors_for_temps.cpp:35:39:35:73 | StoreValue | r35_9 |
|
||||
| destructors_for_temps.cpp:35:39:35:73 | Unary | r35_2 |
|
||||
| destructors_for_temps.cpp:35:39:35:73 | Unary | r35_2 |
|
||||
| destructors_for_temps.cpp:35:39:35:73 | Unary | r35_8 |
|
||||
| destructors_for_temps.cpp:36:1:36:1 | Address | &:r36_2 |
|
||||
| destructors_for_temps.cpp:36:1:36:1 | Address | &:r36_2 |
|
||||
| destructors_for_temps.cpp:36:1:36:1 | Address | &:r36_10 |
|
||||
| destructors_for_temps.cpp:36:1:36:1 | Address | &:r36_10 |
|
||||
| destructors_for_temps.cpp:36:1:36:1 | Arg(this) | this:r36_2 |
|
||||
| destructors_for_temps.cpp:36:1:36:1 | Arg(this) | this:r36_10 |
|
||||
| destructors_for_temps.cpp:36:1:36:1 | CallTarget | func:r36_3 |
|
||||
| destructors_for_temps.cpp:36:1:36:1 | CallTarget | func:r36_11 |
|
||||
| destructors_for_temps.cpp:36:1:36:1 | ChiPartial | partial:m36_5 |
|
||||
| destructors_for_temps.cpp:36:1:36:1 | ChiPartial | partial:m36_8 |
|
||||
| destructors_for_temps.cpp:36:1:36:1 | ChiPartial | partial:m36_13 |
|
||||
| destructors_for_temps.cpp:36:1:36:1 | ChiPartial | partial:m36_16 |
|
||||
| destructors_for_temps.cpp:36:1:36:1 | ChiTotal | total:m34_8 |
|
||||
| destructors_for_temps.cpp:36:1:36:1 | ChiTotal | total:m35_6 |
|
||||
| destructors_for_temps.cpp:36:1:36:1 | ChiTotal | total:m35_7 |
|
||||
| destructors_for_temps.cpp:36:1:36:1 | ChiTotal | total:m36_6 |
|
||||
| destructors_for_temps.cpp:36:1:36:1 | SideEffect | m34_8 |
|
||||
| destructors_for_temps.cpp:36:1:36:1 | SideEffect | m35_7 |
|
||||
| destructors_for_temps.cpp:36:1:36:1 | SideEffect | ~m35_6 |
|
||||
| destructors_for_temps.cpp:36:1:36:1 | SideEffect | ~m36_6 |
|
||||
| destructors_for_temps.cpp:38:6:38:15 | ChiPartial | partial:m38_3 |
|
||||
| destructors_for_temps.cpp:38:6:38:15 | ChiTotal | total:m38_2 |
|
||||
| destructors_for_temps.cpp:38:6:38:15 | SideEffect | ~m39_5 |
|
||||
@@ -7298,7 +7276,7 @@
|
||||
| ir.cpp:1376:5:1376:15 | StoreValue | r1376_2 |
|
||||
| ir.cpp:1414:6:1414:21 | ChiPartial | partial:m1414_3 |
|
||||
| ir.cpp:1414:6:1414:21 | ChiTotal | total:m1414_2 |
|
||||
| ir.cpp:1414:6:1414:21 | SideEffect | ~m1426_14 |
|
||||
| ir.cpp:1414:6:1414:21 | SideEffect | ~m1426_6 |
|
||||
| ir.cpp:1415:12:1415:12 | Address | &:r1415_1 |
|
||||
| ir.cpp:1415:16:1415:34 | CallTarget | func:r1415_2 |
|
||||
| ir.cpp:1415:16:1415:34 | ChiPartial | partial:m1415_4 |
|
||||
@@ -7314,7 +7292,6 @@
|
||||
| ir.cpp:1416:24:1416:44 | Address | &:r1416_2 |
|
||||
| ir.cpp:1416:24:1416:44 | StoreValue | r1416_9 |
|
||||
| ir.cpp:1416:24:1416:44 | Unary | r1416_2 |
|
||||
| ir.cpp:1416:24:1416:44 | Unary | r1416_2 |
|
||||
| ir.cpp:1416:24:1416:44 | Unary | r1416_8 |
|
||||
| ir.cpp:1418:5:1418:13 | CallTarget | func:r1418_1 |
|
||||
| ir.cpp:1418:5:1418:13 | ChiPartial | partial:m1418_6 |
|
||||
@@ -7426,27 +7403,17 @@
|
||||
| ir.cpp:1425:5:1425:30 | Address | &:r1425_1 |
|
||||
| ir.cpp:1426:1:1426:1 | Address | &:r1426_2 |
|
||||
| ir.cpp:1426:1:1426:1 | Address | &:r1426_2 |
|
||||
| ir.cpp:1426:1:1426:1 | Address | &:r1426_10 |
|
||||
| ir.cpp:1426:1:1426:1 | Address | &:r1426_10 |
|
||||
| ir.cpp:1426:1:1426:1 | Arg(this) | this:r1426_2 |
|
||||
| ir.cpp:1426:1:1426:1 | Arg(this) | this:r1426_10 |
|
||||
| ir.cpp:1426:1:1426:1 | CallTarget | func:r1426_3 |
|
||||
| ir.cpp:1426:1:1426:1 | CallTarget | func:r1426_11 |
|
||||
| ir.cpp:1426:1:1426:1 | ChiPartial | partial:m1426_5 |
|
||||
| ir.cpp:1426:1:1426:1 | ChiPartial | partial:m1426_8 |
|
||||
| ir.cpp:1426:1:1426:1 | ChiPartial | partial:m1426_13 |
|
||||
| ir.cpp:1426:1:1426:1 | ChiPartial | partial:m1426_16 |
|
||||
| ir.cpp:1426:1:1426:1 | ChiTotal | total:m1415_6 |
|
||||
| ir.cpp:1426:1:1426:1 | ChiTotal | total:m1416_7 |
|
||||
| ir.cpp:1426:1:1426:1 | ChiTotal | total:m1425_5 |
|
||||
| ir.cpp:1426:1:1426:1 | ChiTotal | total:m1426_6 |
|
||||
| ir.cpp:1426:1:1426:1 | SideEffect | m1415_6 |
|
||||
| ir.cpp:1426:1:1426:1 | SideEffect | m1416_7 |
|
||||
| ir.cpp:1426:1:1426:1 | SideEffect | ~m1425_5 |
|
||||
| ir.cpp:1426:1:1426:1 | SideEffect | ~m1426_6 |
|
||||
| ir.cpp:1428:6:1428:30 | ChiPartial | partial:m1428_3 |
|
||||
| ir.cpp:1428:6:1428:30 | ChiTotal | total:m1428_2 |
|
||||
| ir.cpp:1428:6:1428:30 | SideEffect | ~m1438_22 |
|
||||
| ir.cpp:1428:6:1428:30 | SideEffect | ~m1438_14 |
|
||||
| ir.cpp:1429:21:1429:21 | Address | &:r1429_1 |
|
||||
| ir.cpp:1429:25:1429:52 | CallTarget | func:r1429_2 |
|
||||
| ir.cpp:1429:25:1429:52 | ChiPartial | partial:m1429_4 |
|
||||
@@ -7462,7 +7429,6 @@
|
||||
| ir.cpp:1430:33:1430:62 | Address | &:r1430_2 |
|
||||
| ir.cpp:1430:33:1430:62 | StoreValue | r1430_9 |
|
||||
| ir.cpp:1430:33:1430:62 | Unary | r1430_2 |
|
||||
| ir.cpp:1430:33:1430:62 | Unary | r1430_2 |
|
||||
| ir.cpp:1430:33:1430:62 | Unary | r1430_8 |
|
||||
| ir.cpp:1431:21:1431:22 | Address | &:r1431_1 |
|
||||
| ir.cpp:1432:5:1432:13 | CallTarget | func:r1432_1 |
|
||||
@@ -7523,32 +7489,22 @@
|
||||
| ir.cpp:1438:1:1438:1 | Address | &:r1438_2 |
|
||||
| ir.cpp:1438:1:1438:1 | Address | &:r1438_10 |
|
||||
| ir.cpp:1438:1:1438:1 | Address | &:r1438_10 |
|
||||
| ir.cpp:1438:1:1438:1 | Address | &:r1438_18 |
|
||||
| ir.cpp:1438:1:1438:1 | Address | &:r1438_18 |
|
||||
| ir.cpp:1438:1:1438:1 | Arg(this) | this:r1438_2 |
|
||||
| ir.cpp:1438:1:1438:1 | Arg(this) | this:r1438_10 |
|
||||
| ir.cpp:1438:1:1438:1 | Arg(this) | this:r1438_18 |
|
||||
| ir.cpp:1438:1:1438:1 | CallTarget | func:r1438_3 |
|
||||
| ir.cpp:1438:1:1438:1 | CallTarget | func:r1438_11 |
|
||||
| ir.cpp:1438:1:1438:1 | CallTarget | func:r1438_19 |
|
||||
| ir.cpp:1438:1:1438:1 | ChiPartial | partial:m1438_5 |
|
||||
| ir.cpp:1438:1:1438:1 | ChiPartial | partial:m1438_8 |
|
||||
| ir.cpp:1438:1:1438:1 | ChiPartial | partial:m1438_13 |
|
||||
| ir.cpp:1438:1:1438:1 | ChiPartial | partial:m1438_16 |
|
||||
| ir.cpp:1438:1:1438:1 | ChiPartial | partial:m1438_21 |
|
||||
| ir.cpp:1438:1:1438:1 | ChiPartial | partial:m1438_24 |
|
||||
| ir.cpp:1438:1:1438:1 | ChiTotal | total:m1429_6 |
|
||||
| ir.cpp:1438:1:1438:1 | ChiTotal | total:m1430_7 |
|
||||
| ir.cpp:1438:1:1438:1 | ChiTotal | total:m1431_2 |
|
||||
| ir.cpp:1438:1:1438:1 | ChiTotal | total:m1437_5 |
|
||||
| ir.cpp:1438:1:1438:1 | ChiTotal | total:m1438_6 |
|
||||
| ir.cpp:1438:1:1438:1 | ChiTotal | total:m1438_14 |
|
||||
| ir.cpp:1438:1:1438:1 | SideEffect | m1429_6 |
|
||||
| ir.cpp:1438:1:1438:1 | SideEffect | m1430_7 |
|
||||
| ir.cpp:1438:1:1438:1 | SideEffect | m1431_2 |
|
||||
| ir.cpp:1438:1:1438:1 | SideEffect | ~m1437_5 |
|
||||
| ir.cpp:1438:1:1438:1 | SideEffect | ~m1438_6 |
|
||||
| ir.cpp:1438:1:1438:1 | SideEffect | ~m1438_14 |
|
||||
| ir.cpp:1440:6:1440:31 | ChiPartial | partial:m1440_3 |
|
||||
| ir.cpp:1440:6:1440:31 | ChiTotal | total:m1440_2 |
|
||||
| ir.cpp:1440:6:1440:31 | SideEffect | ~m1450_6 |
|
||||
|
||||
@@ -849,28 +849,22 @@ destructors_for_temps.cpp:
|
||||
|
||||
# 29| void temp_test3()
|
||||
# 29| Block 0
|
||||
# 29| v29_1(void) = EnterFunction :
|
||||
# 29| mu29_2(unknown) = AliasedDefinition :
|
||||
# 29| mu29_3(unknown) = InitializeNonLocal :
|
||||
# 30| r30_1(glval<ClassWithDestructor2 &>) = VariableAddress[rs] :
|
||||
# 30| r30_2(glval<ClassWithDestructor2>) = VariableAddress[#temp30:38] :
|
||||
# 30| r30_3(glval<unknown>) = FunctionAddress[returnValue] :
|
||||
# 30| r30_4(ClassWithDestructor2) = Call[returnValue] : func:r30_3
|
||||
# 30| mu30_5(unknown) = ^CallSideEffect : ~m?
|
||||
# 30| mu30_6(ClassWithDestructor2) = Store[#temp30:38] : &:r30_2, r30_4
|
||||
# 30| r30_7(glval<ClassWithDestructor2>) = Convert : r30_2
|
||||
# 30| r30_8(ClassWithDestructor2 &) = CopyValue : r30_7
|
||||
# 30| mu30_9(ClassWithDestructor2 &) = Store[rs] : &:r30_1, r30_8
|
||||
# 31| v31_1(void) = NoOp :
|
||||
# 31| r31_2(glval<ClassWithDestructor2>) = CopyValue : r30_2
|
||||
# 31| r31_3(glval<unknown>) = FunctionAddress[~ClassWithDestructor2] :
|
||||
# 31| v31_4(void) = Call[~ClassWithDestructor2] : func:r31_3, this:r31_2
|
||||
# 31| mu31_5(unknown) = ^CallSideEffect : ~m?
|
||||
# 31| v31_6(void) = ^IndirectReadSideEffect[-1] : &:r31_2, ~m?
|
||||
# 31| mu31_7(ClassWithDestructor2) = ^IndirectMayWriteSideEffect[-1] : &:r31_2
|
||||
# 29| v29_4(void) = ReturnVoid :
|
||||
# 29| v29_5(void) = AliasedUse : ~m?
|
||||
# 29| v29_6(void) = ExitFunction :
|
||||
# 29| v29_1(void) = EnterFunction :
|
||||
# 29| mu29_2(unknown) = AliasedDefinition :
|
||||
# 29| mu29_3(unknown) = InitializeNonLocal :
|
||||
# 30| r30_1(glval<ClassWithDestructor2 &>) = VariableAddress[rs] :
|
||||
# 30| r30_2(glval<ClassWithDestructor2>) = VariableAddress[#temp30:38] :
|
||||
# 30| r30_3(glval<unknown>) = FunctionAddress[returnValue] :
|
||||
# 30| r30_4(ClassWithDestructor2) = Call[returnValue] : func:r30_3
|
||||
# 30| mu30_5(unknown) = ^CallSideEffect : ~m?
|
||||
# 30| mu30_6(ClassWithDestructor2) = Store[#temp30:38] : &:r30_2, r30_4
|
||||
# 30| r30_7(glval<ClassWithDestructor2>) = Convert : r30_2
|
||||
# 30| r30_8(ClassWithDestructor2 &) = CopyValue : r30_7
|
||||
# 30| mu30_9(ClassWithDestructor2 &) = Store[rs] : &:r30_1, r30_8
|
||||
# 31| v31_1(void) = NoOp :
|
||||
# 29| v29_4(void) = ReturnVoid :
|
||||
# 29| v29_5(void) = AliasedUse : ~m?
|
||||
# 29| v29_6(void) = ExitFunction :
|
||||
|
||||
# 33| void temp_test4()
|
||||
# 33| Block 0
|
||||
@@ -893,18 +887,12 @@ destructors_for_temps.cpp:
|
||||
# 35| r35_8(ClassWithDestructor2 &) = CopyValue : r35_7
|
||||
# 35| mu35_9(ClassWithDestructor2 &) = Store[rs2] : &:r35_1, r35_8
|
||||
# 36| v36_1(void) = NoOp :
|
||||
# 36| r36_2(glval<ClassWithDestructor2>) = CopyValue : r35_2
|
||||
# 36| r36_2(glval<ClassWithDestructor2>) = VariableAddress[c] :
|
||||
# 36| r36_3(glval<unknown>) = FunctionAddress[~ClassWithDestructor2] :
|
||||
# 36| v36_4(void) = Call[~ClassWithDestructor2] : func:r36_3, this:r36_2
|
||||
# 36| mu36_5(unknown) = ^CallSideEffect : ~m?
|
||||
# 36| v36_6(void) = ^IndirectReadSideEffect[-1] : &:r36_2, ~m?
|
||||
# 36| mu36_7(ClassWithDestructor2) = ^IndirectMayWriteSideEffect[-1] : &:r36_2
|
||||
# 36| r36_8(glval<ClassWithDestructor2>) = VariableAddress[c] :
|
||||
# 36| r36_9(glval<unknown>) = FunctionAddress[~ClassWithDestructor2] :
|
||||
# 36| v36_10(void) = Call[~ClassWithDestructor2] : func:r36_9, this:r36_8
|
||||
# 36| mu36_11(unknown) = ^CallSideEffect : ~m?
|
||||
# 36| v36_12(void) = ^IndirectReadSideEffect[-1] : &:r36_8, ~m?
|
||||
# 36| mu36_13(ClassWithDestructor2) = ^IndirectMayWriteSideEffect[-1] : &:r36_8
|
||||
# 33| v33_4(void) = ReturnVoid :
|
||||
# 33| v33_5(void) = AliasedUse : ~m?
|
||||
# 33| v33_6(void) = ExitFunction :
|
||||
@@ -8333,18 +8321,12 @@ ir.cpp:
|
||||
# 1425| mu1425_4(unknown) = ^CallSideEffect : ~m?
|
||||
# 1425| mu1425_5(String) = Store[#temp1425:5] : &:r1425_1, r1425_3
|
||||
# 1426| v1426_1(void) = NoOp :
|
||||
# 1426| r1426_2(glval<String>) = CopyValue : r1416_2
|
||||
# 1426| r1426_2(glval<String>) = VariableAddress[s] :
|
||||
# 1426| r1426_3(glval<unknown>) = FunctionAddress[~String] :
|
||||
# 1426| v1426_4(void) = Call[~String] : func:r1426_3, this:r1426_2
|
||||
# 1426| mu1426_5(unknown) = ^CallSideEffect : ~m?
|
||||
# 1426| v1426_6(void) = ^IndirectReadSideEffect[-1] : &:r1426_2, ~m?
|
||||
# 1426| mu1426_7(String) = ^IndirectMayWriteSideEffect[-1] : &:r1426_2
|
||||
# 1426| r1426_8(glval<String>) = VariableAddress[s] :
|
||||
# 1426| r1426_9(glval<unknown>) = FunctionAddress[~String] :
|
||||
# 1426| v1426_10(void) = Call[~String] : func:r1426_9, this:r1426_8
|
||||
# 1426| mu1426_11(unknown) = ^CallSideEffect : ~m?
|
||||
# 1426| v1426_12(void) = ^IndirectReadSideEffect[-1] : &:r1426_8, ~m?
|
||||
# 1426| mu1426_13(String) = ^IndirectMayWriteSideEffect[-1] : &:r1426_8
|
||||
# 1414| v1414_4(void) = ReturnVoid :
|
||||
# 1414| v1414_5(void) = AliasedUse : ~m?
|
||||
# 1414| v1414_6(void) = ExitFunction :
|
||||
@@ -8415,18 +8397,12 @@ ir.cpp:
|
||||
# 1438| mu1438_5(unknown) = ^CallSideEffect : ~m?
|
||||
# 1438| v1438_6(void) = ^IndirectReadSideEffect[-1] : &:r1438_2, ~m?
|
||||
# 1438| mu1438_7(destructor_only) = ^IndirectMayWriteSideEffect[-1] : &:r1438_2
|
||||
# 1438| r1438_8(glval<destructor_only>) = CopyValue : r1430_2
|
||||
# 1438| r1438_8(glval<destructor_only>) = VariableAddress[d] :
|
||||
# 1438| r1438_9(glval<unknown>) = FunctionAddress[~destructor_only] :
|
||||
# 1438| v1438_10(void) = Call[~destructor_only] : func:r1438_9, this:r1438_8
|
||||
# 1438| mu1438_11(unknown) = ^CallSideEffect : ~m?
|
||||
# 1438| v1438_12(void) = ^IndirectReadSideEffect[-1] : &:r1438_8, ~m?
|
||||
# 1438| mu1438_13(destructor_only) = ^IndirectMayWriteSideEffect[-1] : &:r1438_8
|
||||
# 1438| r1438_14(glval<destructor_only>) = VariableAddress[d] :
|
||||
# 1438| r1438_15(glval<unknown>) = FunctionAddress[~destructor_only] :
|
||||
# 1438| v1438_16(void) = Call[~destructor_only] : func:r1438_15, this:r1438_14
|
||||
# 1438| mu1438_17(unknown) = ^CallSideEffect : ~m?
|
||||
# 1438| v1438_18(void) = ^IndirectReadSideEffect[-1] : &:r1438_14, ~m?
|
||||
# 1438| mu1438_19(destructor_only) = ^IndirectMayWriteSideEffect[-1] : &:r1438_14
|
||||
# 1428| v1428_4(void) = ReturnVoid :
|
||||
# 1428| v1428_5(void) = AliasedUse : ~m?
|
||||
# 1428| v1428_6(void) = ExitFunction :
|
||||
|
||||
@@ -51,9 +51,7 @@ namespace Semmle.Autobuild.CSharp
|
||||
break;
|
||||
case CSharpBuildStrategy.Buildless:
|
||||
// No need to check that the extractor has been executed in buildless mode
|
||||
attempt = BuildScript.Bind(
|
||||
AddBuildlessStartedDiagnostic() & new StandaloneBuildRule().Analyse(this, false),
|
||||
AddBuildlessEndedDiagnostic);
|
||||
attempt = new StandaloneBuildRule().Analyse(this, false);
|
||||
break;
|
||||
case CSharpBuildStrategy.MSBuild:
|
||||
attempt = new MsBuildRule().Analyse(this, false) & CheckExtractorRun(true);
|
||||
@@ -88,52 +86,6 @@ namespace Semmle.Autobuild.CSharp
|
||||
return 1;
|
||||
});
|
||||
|
||||
private BuildScript AddBuildlessStartedDiagnostic()
|
||||
{
|
||||
return BuildScript.Create(actions =>
|
||||
{
|
||||
AddDiagnostic(new DiagnosticMessage(
|
||||
Options.Language,
|
||||
"buildless/mode-active",
|
||||
"C# with build-mode set to 'none'",
|
||||
visibility: new DiagnosticMessage.TspVisibility(statusPage: true, cliSummaryTable: true, telemetry: true),
|
||||
markdownMessage: "C# with build-mode set to 'none'. This means that all C# source in the working directory will be scanned, with build tools, such as Nuget and Dotnet CLIs, only contributing information about external dependencies.",
|
||||
severity: DiagnosticMessage.TspSeverity.Note
|
||||
));
|
||||
return 0;
|
||||
});
|
||||
}
|
||||
|
||||
private BuildScript AddBuildlessEndedDiagnostic(int buildResult)
|
||||
{
|
||||
return BuildScript.Create(actions =>
|
||||
{
|
||||
if (buildResult == 0)
|
||||
{
|
||||
AddDiagnostic(new DiagnosticMessage(
|
||||
Options.Language,
|
||||
"buildless/complete",
|
||||
"C# analysis with build-mode 'none' completed",
|
||||
visibility: new DiagnosticMessage.TspVisibility(statusPage: false, cliSummaryTable: true, telemetry: true),
|
||||
markdownMessage: "C# analysis with build-mode 'none' completed.",
|
||||
severity: DiagnosticMessage.TspSeverity.Unknown
|
||||
));
|
||||
}
|
||||
else
|
||||
{
|
||||
AddDiagnostic(new DiagnosticMessage(
|
||||
Options.Language,
|
||||
"buildless/failed",
|
||||
"C# analysis with build-mode 'none' failed",
|
||||
visibility: new DiagnosticMessage.TspVisibility(statusPage: true, cliSummaryTable: true, telemetry: true),
|
||||
markdownMessage: "C# analysis with build-mode 'none' failed.",
|
||||
severity: DiagnosticMessage.TspSeverity.Error
|
||||
));
|
||||
}
|
||||
return buildResult;
|
||||
});
|
||||
}
|
||||
|
||||
protected override void AutobuildFailureDiagnostic()
|
||||
{
|
||||
// if `ScriptPath` is not null here, the `BuildCommandAuto` rule was
|
||||
|
||||
@@ -728,11 +728,6 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
|
||||
/// </summary>
|
||||
public IEnumerable<string> GeneratedSourceFiles => generatedSources;
|
||||
|
||||
/// <summary>
|
||||
/// All of the non-generated source files in the source directory.
|
||||
/// </summary>
|
||||
public IEnumerable<string> NonGeneratedSourcesFiles => nonGeneratedSources;
|
||||
|
||||
/// <summary>
|
||||
/// All of the source files in the source directory.
|
||||
/// </summary>
|
||||
|
||||
@@ -146,7 +146,7 @@ namespace Semmle.Extraction.CSharp.Standalone
|
||||
logger.Log(Severity.Info, "Extracting C# in buildless mode");
|
||||
using var dependencyManager = new DependencyManager(options.SrcDir, logger);
|
||||
|
||||
if (!dependencyManager.NonGeneratedSourcesFiles.Any())
|
||||
if (!dependencyManager.AllSourceFiles.Any())
|
||||
{
|
||||
logger.Log(Severity.Error, "No source files found");
|
||||
return ExitCode.Errors;
|
||||
|
||||
@@ -46,7 +46,6 @@ namespace Semmle.Util
|
||||
[JsonConverter(typeof(StringEnumConverter), typeof(CamelCaseNamingStrategy))]
|
||||
public enum TspSeverity
|
||||
{
|
||||
Unknown,
|
||||
Note,
|
||||
Warning,
|
||||
Error
|
||||
|
||||
@@ -1,11 +1,3 @@
|
||||
## 1.7.13
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.7.12
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.7.11
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,3 +0,0 @@
|
||||
## 1.7.12
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,3 +0,0 @@
|
||||
## 1.7.13
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.7.13
|
||||
lastReleaseVersion: 1.7.11
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-solorigate-all
|
||||
version: 1.7.13
|
||||
version: 1.7.12-dev
|
||||
groups:
|
||||
- csharp
|
||||
- solorigate
|
||||
|
||||
@@ -1,11 +1,3 @@
|
||||
## 1.7.13
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.7.12
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 1.7.11
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -1,3 +0,0 @@
|
||||
## 1.7.12
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,3 +0,0 @@
|
||||
## 1.7.13
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 1.7.13
|
||||
lastReleaseVersion: 1.7.11
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-solorigate-queries
|
||||
version: 1.7.13
|
||||
version: 1.7.12-dev
|
||||
groups:
|
||||
- csharp
|
||||
- solorigate
|
||||
|
||||
@@ -1,28 +0,0 @@
|
||||
{
|
||||
"markdownMessage": "C# analysis with build-mode 'none' completed.",
|
||||
"severity": "unknown",
|
||||
"source": {
|
||||
"extractorName": "csharp",
|
||||
"id": "csharp/autobuilder/buildless/complete",
|
||||
"name": "C# analysis with build-mode 'none' completed"
|
||||
},
|
||||
"visibility": {
|
||||
"cliSummaryTable": true,
|
||||
"statusPage": false,
|
||||
"telemetry": true
|
||||
}
|
||||
}
|
||||
{
|
||||
"markdownMessage": "C# with build-mode set to 'none'. This means that all C# source in the working directory will be scanned, with build tools, such as Nuget and Dotnet CLIs, only contributing information about external dependencies.",
|
||||
"severity": "note",
|
||||
"source": {
|
||||
"extractorName": "csharp",
|
||||
"id": "csharp/autobuilder/buildless/mode-active",
|
||||
"name": "C# with build-mode set to 'none'"
|
||||
},
|
||||
"visibility": {
|
||||
"cliSummaryTable": true,
|
||||
"statusPage": true,
|
||||
"telemetry": true
|
||||
}
|
||||
}
|
||||
@@ -1,9 +1,6 @@
|
||||
import os
|
||||
from create_database_utils import *
|
||||
from diagnostics_test_utils import *
|
||||
|
||||
os.environ['CODEQL_EXTRACTOR_CSHARP_OPTION_COMPILER_DIAGNOSTIC_LIMIT'] = '2'
|
||||
os.environ['CODEQL_EXTRACTOR_CSHARP_OPTION_MESSAGE_LIMIT'] = '5'
|
||||
run_codeql_database_create([], lang="csharp", extra_args=["--build-mode=none"])
|
||||
|
||||
check_diagnostics()
|
||||
@@ -1,28 +0,0 @@
|
||||
{
|
||||
"markdownMessage": "C# analysis with build-mode 'none' failed.",
|
||||
"severity": "error",
|
||||
"source": {
|
||||
"extractorName": "csharp",
|
||||
"id": "csharp/autobuilder/buildless/failed",
|
||||
"name": "C# analysis with build-mode 'none' failed"
|
||||
},
|
||||
"visibility": {
|
||||
"cliSummaryTable": true,
|
||||
"statusPage": true,
|
||||
"telemetry": true
|
||||
}
|
||||
}
|
||||
{
|
||||
"markdownMessage": "C# with build-mode set to 'none'. This means that all C# source in the working directory will be scanned, with build tools, such as Nuget and Dotnet CLIs, only contributing information about external dependencies.",
|
||||
"severity": "note",
|
||||
"source": {
|
||||
"extractorName": "csharp",
|
||||
"id": "csharp/autobuilder/buildless/mode-active",
|
||||
"name": "C# with build-mode set to 'none'"
|
||||
},
|
||||
"visibility": {
|
||||
"cliSummaryTable": true,
|
||||
"statusPage": true,
|
||||
"telemetry": true
|
||||
}
|
||||
}
|
||||
@@ -1,14 +0,0 @@
|
||||
<Project Sdk="Microsoft.NET.Sdk">
|
||||
|
||||
<PropertyGroup>
|
||||
<OutputType>Exe</OutputType>
|
||||
<TargetFramework>net8.0</TargetFramework>
|
||||
<ImplicitUsings>enable</ImplicitUsings>
|
||||
<Nullable>enable</Nullable>
|
||||
</PropertyGroup>
|
||||
|
||||
<Target Name="DeleteBinObjFolders" BeforeTargets="Clean">
|
||||
<RemoveDir Directories=".\bin" />
|
||||
<RemoveDir Directories=".\obj" />
|
||||
</Target>
|
||||
</Project>
|
||||
@@ -1,6 +0,0 @@
|
||||
from create_database_utils import *
|
||||
from diagnostics_test_utils import *
|
||||
|
||||
run_codeql_database_create([], db=None, lang="csharp", extra_args=["--build-mode=none"], runFunction=runUnsuccessfully)
|
||||
|
||||
check_diagnostics()
|
||||
@@ -1,25 +1,3 @@
|
||||
## 0.9.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
* The CIL extractor has been deleted and the corresponding extractor option `cil` has been removed. It is no longer possible to do CIL extraction.
|
||||
* The QL library C# classes no longer extend their corresponding `DotNet` classes. Furthermore, CIL related data flow functionality has been deleted and all `DotNet` and `CIL` related classes have been deprecated. This effectively means that it no longer has any effect to enable CIL extraction.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added new source models for the `Dapper` package. These models can be enabled by enabling the `database` threat model.
|
||||
* Additional models have been added for `System.IO`. These are primarily source models with the `file` threat model, and summaries related to reading from a file or stream.
|
||||
* Support for C# 12 / .NET8.
|
||||
* Added the `windows-registry` source kind and threat model to represent values which come from the registry on Windows.
|
||||
* The models for `System.Net.Http.HttpRequestMessage` have been modified to better model the flow of tainted URIs.
|
||||
* The .NET standard libraries APIs for accessing command line arguments and environment variables have been modeled using the `commandargs` and `environment` threat models.
|
||||
* The `cs/assembly-path-injection` query has been modified so that it's sources rely on `ThreatModelFlowSource`. In order to restore results from command line arguments, you should enable the `commandargs` threat model.
|
||||
* The models for `System.IO.TextReader` have been modified to better model the flow of tainted text from a `TextReader`.
|
||||
|
||||
## 0.8.12
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.8.11
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: breaking
|
||||
---
|
||||
* The QL library C# classes no longer extend their corresponding `DotNet` classes. Furthermore, CIL related data flow functionality has been deleted and all `DotNet` and `CIL` related classes have been deprecated. This effectively means that it no longer has any effect to enable CIL extraction.
|
||||
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The models for `System.IO.TextReader` have been modified to better model the flow of tainted text from a `TextReader`.
|
||||
@@ -0,0 +1,5 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The .NET standard libraries APIs for accessing command line arguments and environment variables have been modeled using the `commandargs` and `environment` threat models.
|
||||
* The `cs/assembly-path-injection` query has been modified so that it's sources rely on `ThreatModelFlowSource`. In order to restore results from command line arguments, you should enable the `commandargs` threat model.
|
||||
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: breaking
|
||||
---
|
||||
* The CIL extractor has been deleted and the corresponding extractor option `cil` has been removed. It is no longer possible to do CIL extraction.
|
||||
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The models for `System.Net.Http.HttpRequestMessage` have been modified to better model the flow of tainted URIs.
|
||||
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Support for C# 12 / .NET8.
|
||||
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added the `windows-registry` source kind and threat model to represent values which come from the registry on Windows.
|
||||
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Additional models have been added for `System.IO`. These are primarily source models with the `file` threat model, and summaries related to reading from a file or stream.
|
||||
@@ -1,3 +0,0 @@
|
||||
## 0.8.12
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,17 +0,0 @@
|
||||
## 0.9.0
|
||||
|
||||
### Breaking Changes
|
||||
|
||||
* The CIL extractor has been deleted and the corresponding extractor option `cil` has been removed. It is no longer possible to do CIL extraction.
|
||||
* The QL library C# classes no longer extend their corresponding `DotNet` classes. Furthermore, CIL related data flow functionality has been deleted and all `DotNet` and `CIL` related classes have been deprecated. This effectively means that it no longer has any effect to enable CIL extraction.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* Added new source models for the `Dapper` package. These models can be enabled by enabling the `database` threat model.
|
||||
* Additional models have been added for `System.IO`. These are primarily source models with the `file` threat model, and summaries related to reading from a file or stream.
|
||||
* Support for C# 12 / .NET8.
|
||||
* Added the `windows-registry` source kind and threat model to represent values which come from the registry on Windows.
|
||||
* The models for `System.Net.Http.HttpRequestMessage` have been modified to better model the flow of tainted URIs.
|
||||
* The .NET standard libraries APIs for accessing command line arguments and environment variables have been modeled using the `commandargs` and `environment` threat models.
|
||||
* The `cs/assembly-path-injection` query has been modified so that it's sources rely on `ThreatModelFlowSource`. In order to restore results from command line arguments, you should enable the `commandargs` threat model.
|
||||
* The models for `System.IO.TextReader` have been modified to better model the flow of tainted text from a `TextReader`.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.9.0
|
||||
lastReleaseVersion: 0.8.11
|
||||
|
||||
@@ -58,54 +58,3 @@ extensions:
|
||||
- ["Dapper", "SqlMapper", False, "QuerySingleOrDefaultAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
|
||||
- ["Dapper", "SqlMapper", False, "QuerySingleOrDefaultAsync", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[2]", "sql-injection", "manual"]
|
||||
- ["Dapper", "SqlMapper", False, "QuerySingleOrDefaultAsync<T>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
|
||||
- addsTo:
|
||||
pack: codeql/csharp-all
|
||||
extensible: sourceModel
|
||||
data:
|
||||
- ["Dapper", "SqlMapper", False, "ExecuteReader", "", "", "ReturnValue", "database", "manual"]
|
||||
- ["Dapper", "SqlMapper", False, "ExecuteReaderAsync", "", "", "ReturnValue", "database", "manual"]
|
||||
- ["Dapper", "SqlMapper", False, "ExecuteScalar", "", "", "ReturnValue", "database", "manual"]
|
||||
- ["Dapper", "SqlMapper", False, "ExecuteScalar<T>", "", "", "ReturnValue", "database", "manual"]
|
||||
- ["Dapper", "SqlMapper", False, "ExecuteScalarAsync", "", "", "ReturnValue", "database", "manual"]
|
||||
- ["Dapper", "SqlMapper", False, "ExecuteScalarAsync<T>", "", "", "ReturnValue", "database", "manual"]
|
||||
- ["Dapper", "SqlMapper", False, "Query", "", "", "ReturnValue", "database", "manual"]
|
||||
- ["Dapper", "SqlMapper", False, "Query<T>", "", "", "ReturnValue", "database", "manual"]
|
||||
- ["Dapper", "SqlMapper", False, "Query<TFirst,TSecond,TReturn>", "", "", "ReturnValue", "database", "manual"]
|
||||
- ["Dapper", "SqlMapper", False, "Query<TFirst,TSecond,TThird,TFourth,TFifth,TReturn>", "", "", "ReturnValue", "database", "manual"]
|
||||
- ["Dapper", "SqlMapper", False, "Query<TFirst,TSecond,TThird,TFourth,TFifth,TSixth,TReturn>", "", "", "ReturnValue", "database", "manual"]
|
||||
- ["Dapper", "SqlMapper", False, "Query<TFirst,TSecond,TThird,TFourth,TFifth,TSixth,TSeventh,TReturn>", "", "", "ReturnValue", "database", "manual"]
|
||||
- ["Dapper", "SqlMapper", False, "Query<TFirst,TSecond,TThird,TFourth,TReturn>", "", "", "ReturnValue", "database", "manual"]
|
||||
- ["Dapper", "SqlMapper", False, "Query<TFirst,TSecond,TThird,TReturn>", "", "", "ReturnValue", "database", "manual"]
|
||||
- ["Dapper", "SqlMapper", False, "Query<TReturn>", "", "", "ReturnValue", "database", "manual"]
|
||||
- ["Dapper", "SqlMapper", False, "QueryAsync", "", "", "ReturnValue", "database", "manual"]
|
||||
- ["Dapper", "SqlMapper", False, "QueryAsync<T>", "", "", "ReturnValue", "database", "manual"]
|
||||
- ["Dapper", "SqlMapper", False, "QueryAsync<TFirst,TSecond,TReturn>", "", "", "ReturnValue", "database", "manual"]
|
||||
- ["Dapper", "SqlMapper", False, "QueryAsync<TFirst,TSecond,TThird,TFourth,TFifth,TReturn>", "", "", "ReturnValue", "database", "manual"]
|
||||
- ["Dapper", "SqlMapper", False, "QueryAsync<TFirst,TSecond,TThird,TFourth,TFifth,TSixth,TReturn>", "", "", "ReturnValue", "database", "manual"]
|
||||
- ["Dapper", "SqlMapper", False, "QueryAsync<TFirst,TSecond,TThird,TFourth,TFifth,TSixth,TSeventh,TReturn>", "", "", "ReturnValue", "database", "manual"]
|
||||
- ["Dapper", "SqlMapper", False, "QueryAsync<TFirst,TSecond,TThird,TFourth,TReturn>", "", "", "ReturnValue", "database", "manual"]
|
||||
- ["Dapper", "SqlMapper", False, "QueryAsync<TFirst,TSecond,TThird,TReturn>", "", "", "ReturnValue", "database", "manual"]
|
||||
- ["Dapper", "SqlMapper", False, "QueryAsync<TReturn>", "", "", "ReturnValue", "database", "manual"]
|
||||
- ["Dapper", "SqlMapper", False, "QueryFirst", "", "", "ReturnValue", "database", "manual"]
|
||||
- ["Dapper", "SqlMapper", False, "QueryFirst<T>", "", "", "ReturnValue", "database", "manual"]
|
||||
- ["Dapper", "SqlMapper", False, "QueryFirstAsync", "", "", "ReturnValue", "database", "manual"]
|
||||
- ["Dapper", "SqlMapper", False, "QueryFirstAsync<T>", "", "", "ReturnValue", "database", "manual"]
|
||||
- ["Dapper", "SqlMapper", False, "QueryFirstOrDefault", "", "", "ReturnValue", "database", "manual"]
|
||||
- ["Dapper", "SqlMapper", False, "QueryFirstOrDefault<T>", "", "", "ReturnValue", "database", "manual"]
|
||||
- ["Dapper", "SqlMapper", False, "QueryFirstOrDefaultAsync", "", "", "ReturnValue", "database", "manual"]
|
||||
- ["Dapper", "SqlMapper", False, "QueryFirstOrDefaultAsync<T>", "", "", "ReturnValue", "database", "manual"]
|
||||
- ["Dapper", "SqlMapper", False, "QueryMultiple", "", "", "ReturnValue", "database", "manual"]
|
||||
- ["Dapper", "SqlMapper", False, "QueryMultipleAsync", "", "", "ReturnValue", "database", "manual"]
|
||||
- ["Dapper", "SqlMapper", False, "QuerySingle", "", "", "ReturnValue", "database", "manual"]
|
||||
- ["Dapper", "SqlMapper", False, "QuerySingle<T>", "", "", "ReturnValue", "database", "manual"]
|
||||
- ["Dapper", "SqlMapper", False, "QuerySingleAsync", "", "", "ReturnValue", "database", "manual"]
|
||||
- ["Dapper", "SqlMapper", False, "QuerySingleAsync<T>", "", "", "ReturnValue", "database", "manual"]
|
||||
- ["Dapper", "SqlMapper", False, "QuerySingleOrDefault", "", "", "ReturnValue", "database", "manual"]
|
||||
- ["Dapper", "SqlMapper", False, "QuerySingleOrDefault<T>", "", "", "ReturnValue", "database", "manual"]
|
||||
- ["Dapper", "SqlMapper", False, "QuerySingleOrDefaultAsync", "", "", "ReturnValue", "database", "manual"]
|
||||
- ["Dapper", "SqlMapper", False, "QuerySingleOrDefaultAsync<T>", "", "", "ReturnValue", "database", "manual"]
|
||||
- addsTo:
|
||||
pack: codeql/csharp-all
|
||||
extensible: summaryModel
|
||||
data:
|
||||
- ["Dapper", "SqlMapper", False, "AsList<T>", "(System.Collections.Generic.IEnumerable<T>)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-all
|
||||
version: 0.9.0
|
||||
version: 0.8.12-dev
|
||||
groups: csharp
|
||||
dbscheme: semmlecode.csharp.dbscheme
|
||||
extractor: csharp
|
||||
|
||||
@@ -1,18 +1,3 @@
|
||||
## 0.8.13
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
* The `Stored` variants of some queries (`cs/stored-command-line-injection`, `cs/web/stored-xss`, `cs/stored-ldap-injection`, `cs/xml/stored-xpath-injection`, `cs/second-order-sql-injection`) have been removed. If you were using these queries, their results can be restored by enabling the `file` and `database` threat models in your threat model configuration.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The alert message of `cs/wrong-compareto-signature` has been changed to remove unnecessary element references.
|
||||
* Data flow queries that track flow from *local* flow sources now use the current *threat model* configuration instead. This may lead to changes in the produced alerts if the threat model configuration only uses *remote* flow sources. The changed queries are `cs/code-injection`, `cs/resource-injection`, `cs/sql-injection`, and `cs/uncontrolled-format-string`.
|
||||
|
||||
## 0.8.12
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
## 0.8.11
|
||||
|
||||
No user-facing changes.
|
||||
|
||||
@@ -0,0 +1,5 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Data flow queries that track flow from *local* flow sources now use the current *threat model* configuration instead. This may lead to changes in the produced alerts if the threat model configuration only uses *remote* flow sources. The changed queries are `cs/code-injection`, `cs/resource-injection`, `cs/sql-injection`, and `cs/uncontrolled-format-string`.
|
||||
|
||||
@@ -0,0 +1,5 @@
|
||||
---
|
||||
category: majorAnalysis
|
||||
---
|
||||
* The `Stored` variants of some queries (`cs/stored-command-line-injection`, `cs/web/stored-xss`, `cs/stored-ldap-injection`, `cs/xml/stored-xpath-injection`, `cs/second-order-sql-injection`) have been removed. If you were using these queries, their results can be restored by enabling the `file` and `database` threat models in your threat model configuration.
|
||||
|
||||
@@ -0,0 +1,5 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The alert message of `cs/wrong-compareto-signature` has been changed to remove unnecessary element references.
|
||||
|
||||
@@ -1,3 +0,0 @@
|
||||
## 0.8.12
|
||||
|
||||
No user-facing changes.
|
||||
@@ -1,10 +0,0 @@
|
||||
## 0.8.13
|
||||
|
||||
### Major Analysis Improvements
|
||||
|
||||
* The `Stored` variants of some queries (`cs/stored-command-line-injection`, `cs/web/stored-xss`, `cs/stored-ldap-injection`, `cs/xml/stored-xpath-injection`, `cs/second-order-sql-injection`) have been removed. If you were using these queries, their results can be restored by enabling the `file` and `database` threat models in your threat model configuration.
|
||||
|
||||
### Minor Analysis Improvements
|
||||
|
||||
* The alert message of `cs/wrong-compareto-signature` has been changed to remove unnecessary element references.
|
||||
* Data flow queries that track flow from *local* flow sources now use the current *threat model* configuration instead. This may lead to changes in the produced alerts if the threat model configuration only uses *remote* flow sources. The changed queries are `cs/code-injection`, `cs/resource-injection`, `cs/sql-injection`, and `cs/uncontrolled-format-string`.
|
||||
@@ -1,2 +1,2 @@
|
||||
---
|
||||
lastReleaseVersion: 0.8.13
|
||||
lastReleaseVersion: 0.8.11
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
name: codeql/csharp-queries
|
||||
version: 0.8.13
|
||||
version: 0.8.12-dev
|
||||
groups:
|
||||
- csharp
|
||||
- queries
|
||||
|
||||
@@ -1,7 +0,0 @@
|
||||
extensions:
|
||||
|
||||
- addsTo:
|
||||
pack: codeql/threat-models
|
||||
extensible: threatModelConfiguration
|
||||
data:
|
||||
- ["database", true, 0]
|
||||
@@ -1,12 +0,0 @@
|
||||
import csharp
|
||||
import semmle.code.csharp.security.dataflow.flowsources.FlowSources
|
||||
import TestUtilities.InlineFlowTest
|
||||
import TaintFlowTest<DatabaseConfig>
|
||||
|
||||
module DatabaseConfig implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
|
||||
|
||||
predicate isSink(DataFlow::Node sink) {
|
||||
exists(MethodCall mc | mc.getTarget().hasName("Sink") | sink.asExpr() = mc.getArgument(0))
|
||||
}
|
||||
}
|
||||
@@ -1,50 +0,0 @@
|
||||
using System;
|
||||
using System.Data;
|
||||
using System.Data.Entity;
|
||||
using System.Data.SqlClient;
|
||||
using System.Threading.Tasks;
|
||||
using Dapper;
|
||||
|
||||
namespace Test
|
||||
{
|
||||
class UseDapper
|
||||
{
|
||||
public static void Bad01(string connectionString, string query)
|
||||
{
|
||||
using (var connection = new SqlConnection(connectionString))
|
||||
{
|
||||
var result = connection.Query<object>(query);
|
||||
Sink(result); // $ hasTaintFlow=line:16
|
||||
}
|
||||
}
|
||||
|
||||
public static async Task Bad02(string connectionString, string query)
|
||||
{
|
||||
using (var connection = new SqlConnection(connectionString))
|
||||
{
|
||||
var result = await connection.QueryAsync<object>(query);
|
||||
Sink(result); // $ hasTaintFlow=line:25
|
||||
}
|
||||
}
|
||||
|
||||
public static void Bad03(string connectionString, string query)
|
||||
{
|
||||
using (var connection = new SqlConnection(connectionString))
|
||||
{
|
||||
var result = connection.QueryFirst(query);
|
||||
Sink(result); // $ hasTaintFlow=line:34
|
||||
}
|
||||
}
|
||||
|
||||
public static void Bad04(string connectionString, string query)
|
||||
{
|
||||
using (var connection = new SqlConnection(connectionString))
|
||||
{
|
||||
var results = connection.Query<object>(query).AsList();
|
||||
Sink(results[0]); // $ hasTaintFlow=line:43
|
||||
}
|
||||
}
|
||||
|
||||
public static void Sink(object o) { }
|
||||
}
|
||||
}
|
||||
@@ -1,5 +0,0 @@
|
||||
semmle-extractor-options: /nostdlib /noconfig
|
||||
semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../../../resources/stubs/Dapper/2.1.24/Dapper.csproj
|
||||
semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../../../resources/stubs/System.Data.SqlClient/4.8.5/System.Data.SqlClient.csproj
|
||||
semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../../../resources/stubs/System.Data.SQLite/1.0.118/System.Data.SQLite.csproj
|
||||
semmle-extractor-options: ${testdir}/../../../../../../resources/stubs/System.Windows.cs
|
||||
@@ -1,95 +1,4 @@
|
||||
source
|
||||
| Dapper;SqlMapper;false;ExecuteReader;(System.Data.IDbConnection,Dapper.CommandDefinition);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;ExecuteReader;(System.Data.IDbConnection,Dapper.CommandDefinition,System.Data.CommandBehavior);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;ExecuteReader;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;ExecuteReaderAsync;(System.Data.Common.DbConnection,Dapper.CommandDefinition);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;ExecuteReaderAsync;(System.Data.Common.DbConnection,Dapper.CommandDefinition,System.Data.CommandBehavior);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;ExecuteReaderAsync;(System.Data.Common.DbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;ExecuteReaderAsync;(System.Data.IDbConnection,Dapper.CommandDefinition);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;ExecuteReaderAsync;(System.Data.IDbConnection,Dapper.CommandDefinition,System.Data.CommandBehavior);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;ExecuteReaderAsync;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;ExecuteScalar;(System.Data.IDbConnection,Dapper.CommandDefinition);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;ExecuteScalar;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;ExecuteScalar<T>;(System.Data.IDbConnection,Dapper.CommandDefinition);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;ExecuteScalar<T>;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;ExecuteScalarAsync;(System.Data.IDbConnection,Dapper.CommandDefinition);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;ExecuteScalarAsync;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;ExecuteScalarAsync<T>;(System.Data.IDbConnection,Dapper.CommandDefinition);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;ExecuteScalarAsync<T>;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;Query;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Boolean,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;Query;(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Boolean,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;Query<T>;(System.Data.IDbConnection,Dapper.CommandDefinition);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;Query<T>;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Boolean,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;Query<TFirst,TSecond,TReturn>;(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;Query<TFirst,TSecond,TThird,TFourth,TFifth,TReturn>;(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TFourth,TFifth,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;Query<TFirst,TSecond,TThird,TFourth,TFifth,TSixth,TReturn>;(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TFourth,TFifth,TSixth,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;Query<TFirst,TSecond,TThird,TFourth,TFifth,TSixth,TSeventh,TReturn>;(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TFourth,TFifth,TSixth,TSeventh,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;Query<TFirst,TSecond,TThird,TFourth,TReturn>;(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TFourth,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;Query<TFirst,TSecond,TThird,TReturn>;(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;Query<TReturn>;(System.Data.IDbConnection,System.String,System.Type[],System.Func<System.Object[],TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QueryAsync;(System.Data.IDbConnection,Dapper.CommandDefinition);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QueryAsync;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QueryAsync;(System.Data.IDbConnection,System.Type,Dapper.CommandDefinition);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QueryAsync;(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QueryAsync<T>;(System.Data.IDbConnection,Dapper.CommandDefinition);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QueryAsync<T>;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QueryAsync<TFirst,TSecond,TReturn>;(System.Data.IDbConnection,Dapper.CommandDefinition,System.Func<TFirst,TSecond,TReturn>,System.String);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QueryAsync<TFirst,TSecond,TReturn>;(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QueryAsync<TFirst,TSecond,TThird,TFourth,TFifth,TReturn>;(System.Data.IDbConnection,Dapper.CommandDefinition,System.Func<TFirst,TSecond,TThird,TFourth,TFifth,TReturn>,System.String);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QueryAsync<TFirst,TSecond,TThird,TFourth,TFifth,TReturn>;(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TFourth,TFifth,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QueryAsync<TFirst,TSecond,TThird,TFourth,TFifth,TSixth,TReturn>;(System.Data.IDbConnection,Dapper.CommandDefinition,System.Func<TFirst,TSecond,TThird,TFourth,TFifth,TSixth,TReturn>,System.String);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QueryAsync<TFirst,TSecond,TThird,TFourth,TFifth,TSixth,TReturn>;(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TFourth,TFifth,TSixth,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QueryAsync<TFirst,TSecond,TThird,TFourth,TFifth,TSixth,TSeventh,TReturn>;(System.Data.IDbConnection,Dapper.CommandDefinition,System.Func<TFirst,TSecond,TThird,TFourth,TFifth,TSixth,TSeventh,TReturn>,System.String);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QueryAsync<TFirst,TSecond,TThird,TFourth,TFifth,TSixth,TSeventh,TReturn>;(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TFourth,TFifth,TSixth,TSeventh,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QueryAsync<TFirst,TSecond,TThird,TFourth,TReturn>;(System.Data.IDbConnection,Dapper.CommandDefinition,System.Func<TFirst,TSecond,TThird,TFourth,TReturn>,System.String);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QueryAsync<TFirst,TSecond,TThird,TFourth,TReturn>;(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TFourth,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QueryAsync<TFirst,TSecond,TThird,TReturn>;(System.Data.IDbConnection,Dapper.CommandDefinition,System.Func<TFirst,TSecond,TThird,TReturn>,System.String);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QueryAsync<TFirst,TSecond,TThird,TReturn>;(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QueryAsync<TReturn>;(System.Data.IDbConnection,System.String,System.Type[],System.Func<System.Object[],TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QueryFirst;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QueryFirst;(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QueryFirst<T>;(System.Data.IDbConnection,Dapper.CommandDefinition);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QueryFirst<T>;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QueryFirstAsync;(System.Data.IDbConnection,Dapper.CommandDefinition);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QueryFirstAsync;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QueryFirstAsync;(System.Data.IDbConnection,System.Type,Dapper.CommandDefinition);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QueryFirstAsync;(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QueryFirstAsync<T>;(System.Data.IDbConnection,Dapper.CommandDefinition);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QueryFirstAsync<T>;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QueryFirstOrDefault;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QueryFirstOrDefault;(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QueryFirstOrDefault<T>;(System.Data.IDbConnection,Dapper.CommandDefinition);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QueryFirstOrDefault<T>;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QueryFirstOrDefaultAsync;(System.Data.IDbConnection,Dapper.CommandDefinition);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QueryFirstOrDefaultAsync;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QueryFirstOrDefaultAsync;(System.Data.IDbConnection,System.Type,Dapper.CommandDefinition);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QueryFirstOrDefaultAsync;(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QueryFirstOrDefaultAsync<T>;(System.Data.IDbConnection,Dapper.CommandDefinition);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QueryFirstOrDefaultAsync<T>;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QueryMultiple;(System.Data.IDbConnection,Dapper.CommandDefinition);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QueryMultiple;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QueryMultipleAsync;(System.Data.IDbConnection,Dapper.CommandDefinition);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QueryMultipleAsync;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QuerySingle;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QuerySingle;(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QuerySingle<T>;(System.Data.IDbConnection,Dapper.CommandDefinition);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QuerySingle<T>;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QuerySingleAsync;(System.Data.IDbConnection,Dapper.CommandDefinition);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QuerySingleAsync;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QuerySingleAsync;(System.Data.IDbConnection,System.Type,Dapper.CommandDefinition);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QuerySingleAsync;(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QuerySingleAsync<T>;(System.Data.IDbConnection,Dapper.CommandDefinition);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QuerySingleAsync<T>;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QuerySingleOrDefault;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QuerySingleOrDefault;(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QuerySingleOrDefault<T>;(System.Data.IDbConnection,Dapper.CommandDefinition);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QuerySingleOrDefault<T>;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QuerySingleOrDefaultAsync;(System.Data.IDbConnection,Dapper.CommandDefinition);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QuerySingleOrDefaultAsync;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QuerySingleOrDefaultAsync;(System.Data.IDbConnection,System.Type,Dapper.CommandDefinition);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QuerySingleOrDefaultAsync;(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QuerySingleOrDefaultAsync<T>;(System.Data.IDbConnection,Dapper.CommandDefinition);;ReturnValue;database;manual |
|
||||
| Dapper;SqlMapper;false;QuerySingleOrDefaultAsync<T>;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;ReturnValue;database;manual |
|
||||
| Microsoft.Extensions.Configuration;EnvironmentVariablesExtensions;false;AddEnvironmentVariables;(Microsoft.Extensions.Configuration.IConfigurationBuilder);;Argument[0];environment;manual |
|
||||
| Microsoft.Extensions.Configuration;EnvironmentVariablesExtensions;false;AddEnvironmentVariables;(Microsoft.Extensions.Configuration.IConfigurationBuilder);;ReturnValue;environment;manual |
|
||||
| Microsoft.Extensions.Configuration;EnvironmentVariablesExtensions;false;AddEnvironmentVariables;(Microsoft.Extensions.Configuration.IConfigurationBuilder,System.Action<Microsoft.Extensions.Configuration.EnvironmentVariables.EnvironmentVariablesConfigurationSource>);;Argument[0];environment;manual |
|
||||
@@ -736,7 +645,6 @@ summary
|
||||
| Dapper;SqlMapper+GridReader;false;Read<TFirst,TSecond,TThird,TFourth,TReturn>;(System.Func<TFirst,TSecond,TThird,TFourth,TReturn>,System.String,System.Boolean);;Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated |
|
||||
| Dapper;SqlMapper+GridReader;false;Read<TFirst,TSecond,TThird,TReturn>;(System.Func<TFirst,TSecond,TThird,TReturn>,System.String,System.Boolean);;Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated |
|
||||
| Dapper;SqlMapper+GridReader;false;Read<TReturn>;(System.Type[],System.Func<System.Object[],TReturn>,System.String,System.Boolean);;Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated |
|
||||
| Dapper;SqlMapper;false;AsList<T>;(System.Collections.Generic.IEnumerable<T>);;Argument[0].Element;ReturnValue.Element;value;manual |
|
||||
| Dapper;SqlMapper;false;Query<TFirst,TSecond,TReturn>;(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated |
|
||||
| Dapper;SqlMapper;false;Query<TFirst,TSecond,TThird,TFourth,TFifth,TReturn>;(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TFourth,TFifth,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated |
|
||||
| Dapper;SqlMapper;false;Query<TFirst,TSecond,TThird,TFourth,TFifth,TSixth,TReturn>;(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TFourth,TFifth,TSixth,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated |
|
||||
|
||||
@@ -8,7 +8,6 @@
|
||||
| Dapper;SqlMapper+GridReader;false;Read<TFirst,TSecond,TThird,TFourth,TReturn>;(System.Func<TFirst,TSecond,TThird,TFourth,TReturn>,System.String,System.Boolean);;Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated |
|
||||
| Dapper;SqlMapper+GridReader;false;Read<TFirst,TSecond,TThird,TReturn>;(System.Func<TFirst,TSecond,TThird,TReturn>,System.String,System.Boolean);;Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated |
|
||||
| Dapper;SqlMapper+GridReader;false;Read<TReturn>;(System.Type[],System.Func<System.Object[],TReturn>,System.String,System.Boolean);;Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated |
|
||||
| Dapper;SqlMapper;false;AsList<T>;(System.Collections.Generic.IEnumerable<T>);;Argument[0].Element;ReturnValue.Element;value;manual |
|
||||
| Dapper;SqlMapper;false;Query<TFirst,TSecond,TReturn>;(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated |
|
||||
| Dapper;SqlMapper;false;Query<TFirst,TSecond,TThird,TFourth,TFifth,TReturn>;(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TFourth,TFifth,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated |
|
||||
| Dapper;SqlMapper;false;Query<TFirst,TSecond,TThird,TFourth,TFifth,TSixth,TReturn>;(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TFourth,TFifth,TSixth,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>);;Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated |
|
||||
|
||||
@@ -17,7 +17,6 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat
|
||||
using-type-tracking-for-api-modeling
|
||||
abstract-syntax-tree-classes-for-working-with-javascript-and-typescript-programs
|
||||
data-flow-cheat-sheet-for-javascript
|
||||
customizing-library-models-for-javascript
|
||||
|
||||
- :doc:`Basic query for JavaScript and TypeScript code <basic-query-for-javascript-code>`: Learn to write and run a simple CodeQL query.
|
||||
|
||||
@@ -34,5 +33,3 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat
|
||||
- :doc:`Abstract syntax tree classes for working with JavaScript and TypeScript programs <abstract-syntax-tree-classes-for-working-with-javascript-and-typescript-programs>`: CodeQL has a large selection of classes for representing the abstract syntax tree of JavaScript and TypeScript programs.
|
||||
|
||||
- :doc:`Data flow cheat sheet for JavaScript <data-flow-cheat-sheet-for-javascript>`: This article describes parts of the JavaScript libraries commonly used for variant analysis and in data flow queries.
|
||||
|
||||
- :doc:`Customizing library models for JavaScript <customizing-library-models-for-javascript>`: You can model frameworks and libraries that your codebase depends on using data extensions and publish them as CodeQL model packs.
|
||||
|
||||
@@ -13,7 +13,6 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat
|
||||
abstract-syntax-tree-classes-for-working-with-ruby-programs
|
||||
analyzing-data-flow-in-ruby
|
||||
using-api-graphs-in-ruby
|
||||
customizing-library-models-for-ruby
|
||||
|
||||
- :doc:`Basic query for Ruby code <basic-query-for-ruby-code>`: Learn to write and run a simple CodeQL query.
|
||||
|
||||
@@ -24,5 +23,3 @@ Experiment and learn how to write effective and efficient queries for CodeQL dat
|
||||
- :doc:`Using API graphs in Ruby <using-api-graphs-in-ruby>`: API graphs are a uniform interface for referring to functions, classes, and methods defined in external libraries.
|
||||
|
||||
- :doc:`Abstract syntax tree classes for working with Ruby programs <abstract-syntax-tree-classes-for-working-with-ruby-programs>`: CodeQL has a large selection of classes for representing the abstract syntax tree of Ruby programs.
|
||||
|
||||
- :doc:`Customizing library models for Ruby <customizing-library-models-for-ruby>`: You can model frameworks and libraries that your codebase depends on using data extensions and publish them as CodeQL model packs.
|
||||
|
||||
@@ -1,5 +1,8 @@
|
||||
.. _customizing-library-models-for-javascript:
|
||||
|
||||
:orphan:
|
||||
:nosearch:
|
||||
|
||||
Customizing Library Models for JavaScript
|
||||
=========================================
|
||||
|
||||
@@ -27,6 +30,8 @@ The CodeQL library for JavaScript exposes the following extensible predicates:
|
||||
- **typeModel**\(type1, type2, path)
|
||||
- **summaryModel**\(type, path, input, output, kind)
|
||||
|
||||
See the `CLI documentation for how to load and use data extensions in a CodeQL evaluation run <https://docs.google.com/document/d/14IYCHX8wWuU-HTvJ2gPSdXQKHKYbWCHQKOgn8oLaa80/edit#heading=h.m0v53lpi6w2n>`__ (internal access required).
|
||||
|
||||
We'll explain how to use these using a few examples, and provide some reference material at the end of this article.
|
||||
|
||||
Example: Taint sink in the 'execa' package
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user