mirror of
https://github.com/github/codeql.git
synced 2026-07-02 18:15:33 +02:00
Compare commits
4 Commits
temp-dca-p
...
yoff/pytho
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
47d2b05bc5 | ||
|
|
41c9d8b80a | ||
|
|
fbfbbd342a | ||
|
|
872c08148e |
@@ -1,4 +0,0 @@
|
|||||||
---
|
|
||||||
category: deprecated
|
|
||||||
---
|
|
||||||
* Models-as-data flow summaries now use fully qualified field names (for example, `MyNamespace::MyStruct::myField`) instead of unqualified field names such as `myField`. We recommend updating existing flow summaries to use fully qualified field names. Unqualified field names are still supported, but that support will be removed in a future release.
|
|
||||||
@@ -40,24 +40,12 @@ module Input implements InputSig<Location, DataFlowImplSpecific::CppDataFlow> {
|
|||||||
arg = repeatStars(rk.(NormalReturnKind).getIndirectionIndex())
|
arg = repeatStars(rk.(NormalReturnKind).getIndirectionIndex())
|
||||||
}
|
}
|
||||||
|
|
||||||
bindingset[namespace, type, base]
|
|
||||||
private string formatQualifiedName(string namespace, string type, string base) {
|
|
||||||
if namespace = ""
|
|
||||||
then result = type + "::" + base
|
|
||||||
else result = namespace + "::" + type + "::" + base
|
|
||||||
}
|
|
||||||
|
|
||||||
string encodeContent(ContentSet cs, string arg) {
|
string encodeContent(ContentSet cs, string arg) {
|
||||||
exists(FieldContent c, string namespace, string type, string base |
|
exists(FieldContent c |
|
||||||
cs.isSingleton(c) and
|
cs.isSingleton(c) and
|
||||||
// FieldContent indices have 0 for the address, 1 for content, so we need to subtract one.
|
// FieldContent indices have 0 for the address, 1 for content, so we need to subtract one.
|
||||||
result = "Field" and
|
result = "Field" and
|
||||||
c.getField().hasQualifiedName(namespace, type, base)
|
arg = repeatStars(c.getIndirectionIndex() - 1) + c.getField().getName()
|
||||||
|
|
|
||||||
arg = repeatStars(c.getIndirectionIndex() - 1) + formatQualifiedName(namespace, type, base)
|
|
||||||
or
|
|
||||||
// TODO: This disjunct can be removed once we stop supporting unqualified field names.
|
|
||||||
arg = repeatStars(c.getIndirectionIndex() - 1) + base
|
|
||||||
)
|
)
|
||||||
or
|
or
|
||||||
exists(ElementContent ec |
|
exists(ElementContent ec |
|
||||||
|
|||||||
@@ -1378,8 +1378,6 @@ predicate nodeIsHidden(Node n) {
|
|||||||
n instanceof InitialGlobalValue
|
n instanceof InitialGlobalValue
|
||||||
or
|
or
|
||||||
n instanceof SsaSynthNode
|
n instanceof SsaSynthNode
|
||||||
or
|
|
||||||
n.(FlowSummaryNode).getSummaryNode().isHidden()
|
|
||||||
}
|
}
|
||||||
|
|
||||||
predicate neverSkipInPathGraph(Node n) {
|
predicate neverSkipInPathGraph(Node n) {
|
||||||
|
|||||||
@@ -48,20 +48,19 @@ models
|
|||||||
| 47 | Summary: ; ; false; callWithArgument; ; ; Argument[1]; Argument[0].Parameter[0]; value; manual |
|
| 47 | Summary: ; ; false; callWithArgument; ; ; Argument[1]; Argument[0].Parameter[0]; value; manual |
|
||||||
| 48 | Summary: ; ; false; callWithNonTypeTemplate<T>; (const T &); ; Argument[*0]; ReturnValue; value; manual |
|
| 48 | Summary: ; ; false; callWithNonTypeTemplate<T>; (const T &); ; Argument[*0]; ReturnValue; value; manual |
|
||||||
| 49 | Summary: ; ; false; pthread_create; ; ; Argument[@3]; Argument[2].Parameter[@0]; value; manual |
|
| 49 | Summary: ; ; false; pthread_create; ; ; Argument[@3]; Argument[2].Parameter[@0]; value; manual |
|
||||||
| 50 | Summary: ; ; false; read_field_from_struct; ; ; Argument[*0].Field[MyNamespace::MyStructInNamespace::myField]; ReturnValue; value; manual |
|
| 50 | Summary: ; ; false; ymlStepGenerated; ; ; Argument[0]; ReturnValue; taint; df-generated |
|
||||||
| 51 | Summary: ; ; false; read_field_from_struct_2; ; ; Argument[*0].Field[MyGlobalStruct::myField]; ReturnValue; value; manual |
|
| 51 | Summary: ; ; false; ymlStepManual; ; ; Argument[0]; ReturnValue; taint; manual |
|
||||||
| 52 | Summary: ; ; false; ymlStepGenerated; ; ; Argument[0]; ReturnValue; taint; df-generated |
|
| 52 | Summary: ; ; false; ymlStepManual_with_body; ; ; Argument[0]; ReturnValue; taint; manual |
|
||||||
| 53 | Summary: ; ; false; ymlStepManual; ; ; Argument[0]; ReturnValue; taint; manual |
|
| 53 | Summary: ; TemplateClass1; true; templateFunction2<U,V>; (U,V); ; Argument[1]; ReturnValue; value; manual |
|
||||||
| 54 | Summary: ; ; false; ymlStepManual_with_body; ; ; Argument[0]; ReturnValue; taint; manual |
|
| 54 | Summary: ; TemplateClass1<T>; false; templateFunction<U>; (T,U); ; Argument[0]; ReturnValue; value; manual |
|
||||||
| 55 | Summary: ; TemplateClass1; true; templateFunction2<U,V>; (U,V); ; Argument[1]; ReturnValue; value; manual |
|
| 55 | Summary: ; TemplateClass2<T,U>; true; function; (U,T); ; Argument[1]; ReturnValue; value; manual |
|
||||||
| 56 | Summary: ; TemplateClass1<T>; false; templateFunction<U>; (T,U); ; Argument[0]; ReturnValue; value; manual |
|
| 56 | Summary: Azure::Core::IO; BodyStream; true; Read; ; ; Argument[-1]; Argument[*0]; taint; manual |
|
||||||
| 57 | Summary: ; TemplateClass2<T,U>; true; function; (U,T); ; Argument[1]; ReturnValue; value; manual |
|
| 57 | Summary: Azure::Core::IO; BodyStream; true; ReadToCount; ; ; Argument[-1]; Argument[*0]; taint; manual |
|
||||||
| 58 | Summary: Azure::Core::IO; BodyStream; true; Read; ; ; Argument[-1]; Argument[*0]; taint; manual |
|
| 58 | Summary: Azure::Core::IO; BodyStream; true; ReadToEnd; ; ; Argument[-1]; ReturnValue.Element; taint; manual |
|
||||||
| 59 | Summary: Azure::Core::IO; BodyStream; true; ReadToCount; ; ; Argument[-1]; Argument[*0]; taint; manual |
|
| 59 | Summary: Azure; Nullable; true; Value; ; ; Argument[-1]; ReturnValue[*]; taint; manual |
|
||||||
| 60 | Summary: Azure::Core::IO; BodyStream; true; ReadToEnd; ; ; Argument[-1]; ReturnValue.Element; taint; manual |
|
| 60 | Summary: boost::asio; ; false; buffer; ; ; Argument[*0]; ReturnValue; taint; manual |
|
||||||
| 61 | Summary: Azure; Nullable; true; Value; ; ; Argument[-1]; ReturnValue[*]; taint; manual |
|
|
||||||
| 62 | Summary: boost::asio; ; false; buffer; ; ; Argument[*0]; ReturnValue; taint; manual |
|
|
||||||
edges
|
edges
|
||||||
|
| asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | asio_streams.cpp:56:18:56:23 | [summary] to write: ReturnValue in buffer | provenance | MaD:60 |
|
||||||
| asio_streams.cpp:87:34:87:44 | read_until output argument | asio_streams.cpp:91:7:91:17 | recv_buffer | provenance | Src:MaD:32 |
|
| asio_streams.cpp:87:34:87:44 | read_until output argument | asio_streams.cpp:91:7:91:17 | recv_buffer | provenance | Src:MaD:32 |
|
||||||
| asio_streams.cpp:87:34:87:44 | read_until output argument | asio_streams.cpp:93:29:93:39 | *recv_buffer | provenance | Src:MaD:32 Sink:MaD:2 |
|
| asio_streams.cpp:87:34:87:44 | read_until output argument | asio_streams.cpp:93:29:93:39 | *recv_buffer | provenance | Src:MaD:32 Sink:MaD:2 |
|
||||||
| asio_streams.cpp:97:37:97:44 | call to source | asio_streams.cpp:98:7:98:14 | send_str | provenance | TaintFunction |
|
| asio_streams.cpp:97:37:97:44 | call to source | asio_streams.cpp:98:7:98:14 | send_str | provenance | TaintFunction |
|
||||||
@@ -69,16 +68,25 @@ edges
|
|||||||
| asio_streams.cpp:100:44:100:62 | call to buffer | asio_streams.cpp:100:44:100:62 | call to buffer | provenance | |
|
| asio_streams.cpp:100:44:100:62 | call to buffer | asio_streams.cpp:100:44:100:62 | call to buffer | provenance | |
|
||||||
| asio_streams.cpp:100:44:100:62 | call to buffer | asio_streams.cpp:101:7:101:17 | send_buffer | provenance | |
|
| asio_streams.cpp:100:44:100:62 | call to buffer | asio_streams.cpp:101:7:101:17 | send_buffer | provenance | |
|
||||||
| asio_streams.cpp:100:44:100:62 | call to buffer | asio_streams.cpp:103:29:103:39 | *send_buffer | provenance | Sink:MaD:2 |
|
| asio_streams.cpp:100:44:100:62 | call to buffer | asio_streams.cpp:103:29:103:39 | *send_buffer | provenance | Sink:MaD:2 |
|
||||||
| asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:100:44:100:62 | call to buffer | provenance | MaD:62 |
|
| asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | provenance | |
|
||||||
|
| asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:100:44:100:62 | call to buffer | provenance | MaD:60 |
|
||||||
|
| azure.cpp:62:10:62:14 | [summary param] this in Value | azure.cpp:62:10:62:14 | [summary] to write: ReturnValue[*] in Value | provenance | MaD:59 |
|
||||||
|
| azure.cpp:113:16:113:19 | [summary param] this in Read | azure.cpp:113:16:113:19 | [summary param] *0 in Read [Return] | provenance | MaD:56 |
|
||||||
|
| azure.cpp:114:16:114:26 | [summary param] this in ReadToCount | azure.cpp:114:16:114:26 | [summary param] *0 in ReadToCount [Return] | provenance | MaD:57 |
|
||||||
|
| azure.cpp:115:30:115:38 | [summary param] this in ReadToEnd | azure.cpp:115:30:115:38 | [summary] to write: ReturnValue.Element in ReadToEnd | provenance | MaD:58 |
|
||||||
|
| azure.cpp:115:30:115:38 | [summary] to write: ReturnValue.Element in ReadToEnd | azure.cpp:115:30:115:38 | [summary] to write: ReturnValue in ReadToEnd [element] | provenance | |
|
||||||
| azure.cpp:253:48:253:60 | *call to GetBodyStream | azure.cpp:253:48:253:60 | *call to GetBodyStream | provenance | Src:MaD:29 |
|
| azure.cpp:253:48:253:60 | *call to GetBodyStream | azure.cpp:253:48:253:60 | *call to GetBodyStream | provenance | Src:MaD:29 |
|
||||||
| azure.cpp:253:48:253:60 | *call to GetBodyStream | azure.cpp:257:5:257:8 | *resp | provenance | |
|
| azure.cpp:253:48:253:60 | *call to GetBodyStream | azure.cpp:257:5:257:8 | *resp | provenance | |
|
||||||
| azure.cpp:253:48:253:60 | *call to GetBodyStream | azure.cpp:262:5:262:8 | *resp | provenance | |
|
| azure.cpp:253:48:253:60 | *call to GetBodyStream | azure.cpp:262:5:262:8 | *resp | provenance | |
|
||||||
| azure.cpp:253:48:253:60 | *call to GetBodyStream | azure.cpp:266:38:266:41 | *resp | provenance | |
|
| azure.cpp:253:48:253:60 | *call to GetBodyStream | azure.cpp:266:38:266:41 | *resp | provenance | |
|
||||||
| azure.cpp:257:5:257:8 | *resp | azure.cpp:257:16:257:21 | Read output argument | provenance | MaD:58 |
|
| azure.cpp:257:5:257:8 | *resp | azure.cpp:113:16:113:19 | [summary param] this in Read | provenance | |
|
||||||
|
| azure.cpp:257:5:257:8 | *resp | azure.cpp:257:16:257:21 | Read output argument | provenance | MaD:56 |
|
||||||
| azure.cpp:257:16:257:21 | Read output argument | azure.cpp:258:10:258:16 | * ... | provenance | |
|
| azure.cpp:257:16:257:21 | Read output argument | azure.cpp:258:10:258:16 | * ... | provenance | |
|
||||||
| azure.cpp:262:5:262:8 | *resp | azure.cpp:262:23:262:28 | ReadToCount output argument | provenance | MaD:59 |
|
| azure.cpp:262:5:262:8 | *resp | azure.cpp:114:16:114:26 | [summary param] this in ReadToCount | provenance | |
|
||||||
|
| azure.cpp:262:5:262:8 | *resp | azure.cpp:262:23:262:28 | ReadToCount output argument | provenance | MaD:57 |
|
||||||
| azure.cpp:262:23:262:28 | ReadToCount output argument | azure.cpp:263:10:263:16 | * ... | provenance | |
|
| azure.cpp:262:23:262:28 | ReadToCount output argument | azure.cpp:263:10:263:16 | * ... | provenance | |
|
||||||
| azure.cpp:266:38:266:41 | *resp | azure.cpp:266:44:266:52 | call to ReadToEnd [element] | provenance | MaD:60 |
|
| azure.cpp:266:38:266:41 | *resp | azure.cpp:115:30:115:38 | [summary param] this in ReadToEnd | provenance | |
|
||||||
|
| azure.cpp:266:38:266:41 | *resp | azure.cpp:266:44:266:52 | call to ReadToEnd [element] | provenance | MaD:58 |
|
||||||
| azure.cpp:266:44:266:52 | call to ReadToEnd [element] | azure.cpp:266:44:266:52 | call to ReadToEnd [element] | provenance | |
|
| azure.cpp:266:44:266:52 | call to ReadToEnd [element] | azure.cpp:266:44:266:52 | call to ReadToEnd [element] | provenance | |
|
||||||
| azure.cpp:266:44:266:52 | call to ReadToEnd [element] | azure.cpp:267:10:267:12 | vec [element] | provenance | |
|
| azure.cpp:266:44:266:52 | call to ReadToEnd [element] | azure.cpp:267:10:267:12 | vec [element] | provenance | |
|
||||||
| azure.cpp:267:10:267:12 | vec [element] | azure.cpp:267:10:267:12 | vec | provenance | |
|
| azure.cpp:267:10:267:12 | vec [element] | azure.cpp:267:10:267:12 | vec | provenance | |
|
||||||
@@ -94,10 +102,12 @@ edges
|
|||||||
| azure.cpp:278:10:278:13 | body | azure.cpp:278:10:278:13 | body | provenance | |
|
| azure.cpp:278:10:278:13 | body | azure.cpp:278:10:278:13 | body | provenance | |
|
||||||
| azure.cpp:281:68:281:84 | *call to ExtractBodyStream | azure.cpp:281:68:281:84 | *call to ExtractBodyStream | provenance | Src:MaD:26 |
|
| azure.cpp:281:68:281:84 | *call to ExtractBodyStream | azure.cpp:281:68:281:84 | *call to ExtractBodyStream | provenance | Src:MaD:26 |
|
||||||
| azure.cpp:281:68:281:84 | *call to ExtractBodyStream | azure.cpp:282:21:282:23 | *call to get | provenance | |
|
| azure.cpp:281:68:281:84 | *call to ExtractBodyStream | azure.cpp:282:21:282:23 | *call to get | provenance | |
|
||||||
| azure.cpp:282:21:282:23 | *call to get | azure.cpp:282:28:282:36 | call to ReadToEnd [element] | provenance | MaD:60 |
|
| azure.cpp:282:21:282:23 | *call to get | azure.cpp:115:30:115:38 | [summary param] this in ReadToEnd | provenance | |
|
||||||
|
| azure.cpp:282:21:282:23 | *call to get | azure.cpp:282:28:282:36 | call to ReadToEnd [element] | provenance | MaD:58 |
|
||||||
| azure.cpp:282:28:282:36 | call to ReadToEnd [element] | azure.cpp:282:10:282:38 | call to ReadToEnd | provenance | |
|
| azure.cpp:282:28:282:36 | call to ReadToEnd [element] | azure.cpp:282:10:282:38 | call to ReadToEnd | provenance | |
|
||||||
| azure.cpp:282:28:282:36 | call to ReadToEnd [element] | azure.cpp:282:28:282:36 | call to ReadToEnd [element] | provenance | |
|
| azure.cpp:282:28:282:36 | call to ReadToEnd [element] | azure.cpp:282:28:282:36 | call to ReadToEnd [element] | provenance | |
|
||||||
| azure.cpp:289:24:289:56 | call to GetHeader | azure.cpp:289:63:289:65 | call to Value | provenance | MaD:61 |
|
| azure.cpp:289:24:289:56 | call to GetHeader | azure.cpp:62:10:62:14 | [summary param] this in Value | provenance | |
|
||||||
|
| azure.cpp:289:24:289:56 | call to GetHeader | azure.cpp:289:63:289:65 | call to Value | provenance | MaD:59 |
|
||||||
| azure.cpp:289:32:289:40 | call to GetHeader | azure.cpp:289:24:289:56 | call to GetHeader | provenance | |
|
| azure.cpp:289:32:289:40 | call to GetHeader | azure.cpp:289:24:289:56 | call to GetHeader | provenance | |
|
||||||
| azure.cpp:289:32:289:40 | call to GetHeader | azure.cpp:289:32:289:40 | call to GetHeader | provenance | Src:MaD:30 |
|
| azure.cpp:289:32:289:40 | call to GetHeader | azure.cpp:289:32:289:40 | call to GetHeader | provenance | Src:MaD:30 |
|
||||||
| azure.cpp:289:63:289:65 | call to Value | azure.cpp:289:63:289:65 | call to Value | provenance | |
|
| azure.cpp:289:63:289:65 | call to Value | azure.cpp:289:63:289:65 | call to Value | provenance | |
|
||||||
@@ -109,6 +119,9 @@ edges
|
|||||||
| azure.cpp:294:38:294:53 | call to operator[] | azure.cpp:295:10:295:20 | contentType | provenance | |
|
| azure.cpp:294:38:294:53 | call to operator[] | azure.cpp:295:10:295:20 | contentType | provenance | |
|
||||||
| azure.cpp:294:38:294:53 | call to operator[] | azure.cpp:295:10:295:20 | contentType | provenance | |
|
| azure.cpp:294:38:294:53 | call to operator[] | azure.cpp:295:10:295:20 | contentType | provenance | |
|
||||||
| azure.cpp:295:10:295:20 | contentType | azure.cpp:295:10:295:20 | contentType | provenance | |
|
| azure.cpp:295:10:295:20 | contentType | azure.cpp:295:10:295:20 | contentType | provenance | |
|
||||||
|
| test.cpp:4:5:4:17 | [summary param] 0 in ymlStepManual | test.cpp:4:5:4:17 | [summary] to write: ReturnValue in ymlStepManual | provenance | MaD:51 |
|
||||||
|
| test.cpp:5:5:5:20 | [summary param] 0 in ymlStepGenerated | test.cpp:5:5:5:20 | [summary] to write: ReturnValue in ymlStepGenerated | provenance | MaD:50 |
|
||||||
|
| test.cpp:6:5:6:27 | [summary param] 0 in ymlStepManual_with_body | test.cpp:6:5:6:27 | [summary] to write: ReturnValue in ymlStepManual_with_body | provenance | MaD:52 |
|
||||||
| test.cpp:7:47:7:52 | value2 | test.cpp:7:64:7:69 | value2 | provenance | |
|
| test.cpp:7:47:7:52 | value2 | test.cpp:7:64:7:69 | value2 | provenance | |
|
||||||
| test.cpp:7:64:7:69 | value2 | test.cpp:7:5:7:30 | *ymlStepGenerated_with_body | provenance | |
|
| test.cpp:7:64:7:69 | value2 | test.cpp:7:5:7:30 | *ymlStepGenerated_with_body | provenance | |
|
||||||
| test.cpp:10:10:10:18 | call to ymlSource | test.cpp:10:10:10:18 | call to ymlSource | provenance | Src:MaD:25 |
|
| test.cpp:10:10:10:18 | call to ymlSource | test.cpp:10:10:10:18 | call to ymlSource | provenance | Src:MaD:25 |
|
||||||
@@ -119,13 +132,16 @@ edges
|
|||||||
| test.cpp:10:10:10:18 | call to ymlSource | test.cpp:32:41:32:41 | x | provenance | |
|
| test.cpp:10:10:10:18 | call to ymlSource | test.cpp:32:41:32:41 | x | provenance | |
|
||||||
| test.cpp:17:10:17:22 | call to ymlStepManual | test.cpp:17:10:17:22 | call to ymlStepManual | provenance | |
|
| test.cpp:17:10:17:22 | call to ymlStepManual | test.cpp:17:10:17:22 | call to ymlStepManual | provenance | |
|
||||||
| test.cpp:17:10:17:22 | call to ymlStepManual | test.cpp:18:10:18:10 | y | provenance | Sink:MaD:1 |
|
| test.cpp:17:10:17:22 | call to ymlStepManual | test.cpp:18:10:18:10 | y | provenance | Sink:MaD:1 |
|
||||||
| test.cpp:17:24:17:24 | x | test.cpp:17:10:17:22 | call to ymlStepManual | provenance | MaD:53 |
|
| test.cpp:17:24:17:24 | x | test.cpp:4:5:4:17 | [summary param] 0 in ymlStepManual | provenance | |
|
||||||
|
| test.cpp:17:24:17:24 | x | test.cpp:17:10:17:22 | call to ymlStepManual | provenance | MaD:51 |
|
||||||
| test.cpp:21:10:21:25 | call to ymlStepGenerated | test.cpp:21:10:21:25 | call to ymlStepGenerated | provenance | |
|
| test.cpp:21:10:21:25 | call to ymlStepGenerated | test.cpp:21:10:21:25 | call to ymlStepGenerated | provenance | |
|
||||||
| test.cpp:21:10:21:25 | call to ymlStepGenerated | test.cpp:22:10:22:10 | z | provenance | Sink:MaD:1 |
|
| test.cpp:21:10:21:25 | call to ymlStepGenerated | test.cpp:22:10:22:10 | z | provenance | Sink:MaD:1 |
|
||||||
| test.cpp:21:27:21:27 | x | test.cpp:21:10:21:25 | call to ymlStepGenerated | provenance | MaD:52 |
|
| test.cpp:21:27:21:27 | x | test.cpp:5:5:5:20 | [summary param] 0 in ymlStepGenerated | provenance | |
|
||||||
|
| test.cpp:21:27:21:27 | x | test.cpp:21:10:21:25 | call to ymlStepGenerated | provenance | MaD:50 |
|
||||||
| test.cpp:25:11:25:33 | call to ymlStepManual_with_body | test.cpp:25:11:25:33 | call to ymlStepManual_with_body | provenance | |
|
| test.cpp:25:11:25:33 | call to ymlStepManual_with_body | test.cpp:25:11:25:33 | call to ymlStepManual_with_body | provenance | |
|
||||||
| test.cpp:25:11:25:33 | call to ymlStepManual_with_body | test.cpp:26:10:26:11 | y2 | provenance | Sink:MaD:1 |
|
| test.cpp:25:11:25:33 | call to ymlStepManual_with_body | test.cpp:26:10:26:11 | y2 | provenance | Sink:MaD:1 |
|
||||||
| test.cpp:25:35:25:35 | x | test.cpp:25:11:25:33 | call to ymlStepManual_with_body | provenance | MaD:54 |
|
| test.cpp:25:35:25:35 | x | test.cpp:6:5:6:27 | [summary param] 0 in ymlStepManual_with_body | provenance | |
|
||||||
|
| test.cpp:25:35:25:35 | x | test.cpp:25:11:25:33 | call to ymlStepManual_with_body | provenance | MaD:52 |
|
||||||
| test.cpp:32:11:32:36 | call to ymlStepGenerated_with_body | test.cpp:32:11:32:36 | call to ymlStepGenerated_with_body | provenance | |
|
| test.cpp:32:11:32:36 | call to ymlStepGenerated_with_body | test.cpp:32:11:32:36 | call to ymlStepGenerated_with_body | provenance | |
|
||||||
| test.cpp:32:11:32:36 | call to ymlStepGenerated_with_body | test.cpp:33:10:33:11 | z2 | provenance | Sink:MaD:1 |
|
| test.cpp:32:11:32:36 | call to ymlStepGenerated_with_body | test.cpp:33:10:33:11 | z2 | provenance | Sink:MaD:1 |
|
||||||
| test.cpp:32:41:32:41 | x | test.cpp:7:47:7:52 | value2 | provenance | |
|
| test.cpp:32:41:32:41 | x | test.cpp:7:47:7:52 | value2 | provenance | |
|
||||||
@@ -133,10 +149,20 @@ edges
|
|||||||
| test.cpp:46:30:46:32 | *arg [x] | test.cpp:47:12:47:19 | *arg [x] | provenance | |
|
| test.cpp:46:30:46:32 | *arg [x] | test.cpp:47:12:47:19 | *arg [x] | provenance | |
|
||||||
| test.cpp:47:12:47:19 | *arg [x] | test.cpp:48:13:48:13 | *s [x] | provenance | |
|
| test.cpp:47:12:47:19 | *arg [x] | test.cpp:48:13:48:13 | *s [x] | provenance | |
|
||||||
| test.cpp:48:13:48:13 | *s [x] | test.cpp:48:16:48:16 | x | provenance | Sink:MaD:1 |
|
| test.cpp:48:13:48:13 | *s [x] | test.cpp:48:16:48:16 | x | provenance | Sink:MaD:1 |
|
||||||
|
| test.cpp:52:5:52:18 | [summary param] *3 in pthread_create [x] | test.cpp:52:5:52:18 | [summary] to write: Argument[2].Parameter[*0] in pthread_create [x] | provenance | MaD:49 |
|
||||||
|
| test.cpp:52:5:52:18 | [summary] to write: Argument[2].Parameter[*0] in pthread_create [x] | test.cpp:46:30:46:32 | *arg [x] | provenance | |
|
||||||
| test.cpp:56:2:56:2 | *s [post update] [x] | test.cpp:59:55:59:64 | *& ... [x] | provenance | |
|
| test.cpp:56:2:56:2 | *s [post update] [x] | test.cpp:59:55:59:64 | *& ... [x] | provenance | |
|
||||||
| test.cpp:56:2:56:18 | ... = ... | test.cpp:56:2:56:2 | *s [post update] [x] | provenance | |
|
| test.cpp:56:2:56:18 | ... = ... | test.cpp:56:2:56:2 | *s [post update] [x] | provenance | |
|
||||||
| test.cpp:56:8:56:16 | call to ymlSource | test.cpp:56:2:56:18 | ... = ... | provenance | Src:MaD:25 |
|
| test.cpp:56:8:56:16 | call to ymlSource | test.cpp:56:2:56:18 | ... = ... | provenance | Src:MaD:25 |
|
||||||
| test.cpp:59:55:59:64 | *& ... [x] | test.cpp:46:30:46:32 | *arg [x] | provenance | MaD:49 |
|
| test.cpp:59:55:59:64 | *& ... [x] | test.cpp:52:5:52:18 | [summary param] *3 in pthread_create [x] | provenance | |
|
||||||
|
| test.cpp:63:6:63:21 | [summary param] 1 in callWithArgument | test.cpp:63:6:63:21 | [summary] to write: Argument[0].Parameter[0] in callWithArgument | provenance | MaD:47 |
|
||||||
|
| test.cpp:63:6:63:21 | [summary param] 1 in callWithArgument | test.cpp:63:6:63:21 | [summary] to write: Argument[0].Parameter[0] in callWithArgument | provenance | MaD:47 |
|
||||||
|
| test.cpp:63:6:63:21 | [summary param] 1 in callWithArgument | test.cpp:63:6:63:21 | [summary] to write: Argument[0].Parameter[0] in callWithArgument | provenance | MaD:47 |
|
||||||
|
| test.cpp:63:6:63:21 | [summary param] 1 in callWithArgument | test.cpp:63:6:63:21 | [summary] to write: Argument[0].Parameter[0] in callWithArgument | provenance | MaD:47 |
|
||||||
|
| test.cpp:63:6:63:21 | [summary] to write: Argument[0].Parameter[0] in callWithArgument | test.cpp:68:22:68:22 | y | provenance | |
|
||||||
|
| test.cpp:63:6:63:21 | [summary] to write: Argument[0].Parameter[0] in callWithArgument | test.cpp:74:22:74:22 | y | provenance | |
|
||||||
|
| test.cpp:63:6:63:21 | [summary] to write: Argument[0].Parameter[0] in callWithArgument | test.cpp:82:22:82:22 | y | provenance | |
|
||||||
|
| test.cpp:63:6:63:21 | [summary] to write: Argument[0].Parameter[0] in callWithArgument | test.cpp:88:22:88:22 | y | provenance | |
|
||||||
| test.cpp:68:22:68:22 | y | test.cpp:69:11:69:11 | y | provenance | Sink:MaD:1 |
|
| test.cpp:68:22:68:22 | y | test.cpp:69:11:69:11 | y | provenance | Sink:MaD:1 |
|
||||||
| test.cpp:74:22:74:22 | y | test.cpp:75:11:75:11 | y | provenance | Sink:MaD:1 |
|
| test.cpp:74:22:74:22 | y | test.cpp:75:11:75:11 | y | provenance | Sink:MaD:1 |
|
||||||
| test.cpp:82:22:82:22 | y | test.cpp:83:11:83:11 | y | provenance | Sink:MaD:1 |
|
| test.cpp:82:22:82:22 | y | test.cpp:83:11:83:11 | y | provenance | Sink:MaD:1 |
|
||||||
@@ -146,61 +172,69 @@ edges
|
|||||||
| test.cpp:94:10:94:18 | call to ymlSource | test.cpp:101:26:101:26 | x | provenance | |
|
| test.cpp:94:10:94:18 | call to ymlSource | test.cpp:101:26:101:26 | x | provenance | |
|
||||||
| test.cpp:94:10:94:18 | call to ymlSource | test.cpp:103:63:103:63 | x | provenance | |
|
| test.cpp:94:10:94:18 | call to ymlSource | test.cpp:103:63:103:63 | x | provenance | |
|
||||||
| test.cpp:94:10:94:18 | call to ymlSource | test.cpp:104:62:104:62 | x | provenance | |
|
| test.cpp:94:10:94:18 | call to ymlSource | test.cpp:104:62:104:62 | x | provenance | |
|
||||||
| test.cpp:97:26:97:26 | x | test.cpp:68:22:68:22 | y | provenance | MaD:47 |
|
| test.cpp:97:26:97:26 | x | test.cpp:63:6:63:21 | [summary param] 1 in callWithArgument | provenance | |
|
||||||
| test.cpp:101:26:101:26 | x | test.cpp:74:22:74:22 | y | provenance | MaD:47 |
|
| test.cpp:101:26:101:26 | x | test.cpp:63:6:63:21 | [summary param] 1 in callWithArgument | provenance | |
|
||||||
| test.cpp:103:63:103:63 | x | test.cpp:82:22:82:22 | y | provenance | MaD:47 |
|
| test.cpp:103:63:103:63 | x | test.cpp:63:6:63:21 | [summary param] 1 in callWithArgument | provenance | |
|
||||||
| test.cpp:104:62:104:62 | x | test.cpp:88:22:88:22 | y | provenance | MaD:47 |
|
| test.cpp:104:62:104:62 | x | test.cpp:63:6:63:21 | [summary param] 1 in callWithArgument | provenance | |
|
||||||
|
| test.cpp:111:3:111:25 | [summary param] *0 in callWithNonTypeTemplate | test.cpp:111:3:111:25 | [summary] to write: ReturnValue in callWithNonTypeTemplate | provenance | MaD:48 |
|
||||||
| test.cpp:114:10:114:18 | call to ymlSource | test.cpp:114:10:114:18 | call to ymlSource | provenance | Src:MaD:25 |
|
| test.cpp:114:10:114:18 | call to ymlSource | test.cpp:114:10:114:18 | call to ymlSource | provenance | Src:MaD:25 |
|
||||||
| test.cpp:114:10:114:18 | call to ymlSource | test.cpp:118:44:118:44 | *x | provenance | |
|
| test.cpp:114:10:114:18 | call to ymlSource | test.cpp:118:44:118:44 | *x | provenance | |
|
||||||
| test.cpp:118:11:118:42 | call to callWithNonTypeTemplate | test.cpp:118:11:118:42 | call to callWithNonTypeTemplate | provenance | |
|
| test.cpp:118:11:118:42 | call to callWithNonTypeTemplate | test.cpp:118:11:118:42 | call to callWithNonTypeTemplate | provenance | |
|
||||||
| test.cpp:118:11:118:42 | call to callWithNonTypeTemplate | test.cpp:119:10:119:11 | y2 | provenance | Sink:MaD:1 |
|
| test.cpp:118:11:118:42 | call to callWithNonTypeTemplate | test.cpp:119:10:119:11 | y2 | provenance | Sink:MaD:1 |
|
||||||
|
| test.cpp:118:44:118:44 | *x | test.cpp:111:3:111:25 | [summary param] *0 in callWithNonTypeTemplate | provenance | |
|
||||||
| test.cpp:118:44:118:44 | *x | test.cpp:118:11:118:42 | call to callWithNonTypeTemplate | provenance | MaD:48 |
|
| test.cpp:118:44:118:44 | *x | test.cpp:118:11:118:42 | call to callWithNonTypeTemplate | provenance | MaD:48 |
|
||||||
|
| test.cpp:125:5:125:20 | [summary param] 0 in templateFunction | test.cpp:125:5:125:20 | [summary] to write: ReturnValue in templateFunction | provenance | MaD:54 |
|
||||||
|
| test.cpp:128:5:128:21 | [summary param] 1 in templateFunction2 | test.cpp:128:5:128:21 | [summary] to write: ReturnValue in templateFunction2 | provenance | MaD:53 |
|
||||||
| test.cpp:133:10:133:18 | call to ymlSource | test.cpp:133:10:133:18 | call to ymlSource | provenance | Src:MaD:25 |
|
| test.cpp:133:10:133:18 | call to ymlSource | test.cpp:133:10:133:18 | call to ymlSource | provenance | Src:MaD:25 |
|
||||||
| test.cpp:133:10:133:18 | call to ymlSource | test.cpp:134:45:134:45 | x | provenance | |
|
| test.cpp:133:10:133:18 | call to ymlSource | test.cpp:134:45:134:45 | x | provenance | |
|
||||||
| test.cpp:134:13:134:43 | call to templateFunction | test.cpp:134:13:134:43 | call to templateFunction | provenance | |
|
| test.cpp:134:13:134:43 | call to templateFunction | test.cpp:134:13:134:43 | call to templateFunction | provenance | |
|
||||||
| test.cpp:134:13:134:43 | call to templateFunction | test.cpp:135:10:135:10 | y | provenance | Sink:MaD:1 |
|
| test.cpp:134:13:134:43 | call to templateFunction | test.cpp:135:10:135:10 | y | provenance | Sink:MaD:1 |
|
||||||
| test.cpp:134:45:134:45 | x | test.cpp:134:13:134:43 | call to templateFunction | provenance | MaD:56 |
|
| test.cpp:134:45:134:45 | x | test.cpp:125:5:125:20 | [summary param] 0 in templateFunction | provenance | |
|
||||||
|
| test.cpp:134:45:134:45 | x | test.cpp:134:13:134:43 | call to templateFunction | provenance | MaD:54 |
|
||||||
|
| test.cpp:140:4:140:11 | [summary param] 1 in function | test.cpp:140:4:140:11 | [summary] to write: ReturnValue in function | provenance | MaD:55 |
|
||||||
|
| test.cpp:140:4:140:11 | [summary param] 1 in function | test.cpp:140:4:140:11 | [summary] to write: ReturnValue in function | provenance | MaD:55 |
|
||||||
| test.cpp:146:10:146:18 | call to ymlSource | test.cpp:146:10:146:18 | call to ymlSource | provenance | Src:MaD:25 |
|
| test.cpp:146:10:146:18 | call to ymlSource | test.cpp:146:10:146:18 | call to ymlSource | provenance | Src:MaD:25 |
|
||||||
| test.cpp:146:10:146:18 | call to ymlSource | test.cpp:148:26:148:26 | x | provenance | |
|
| test.cpp:146:10:146:18 | call to ymlSource | test.cpp:148:26:148:26 | x | provenance | |
|
||||||
| test.cpp:148:10:148:27 | call to function | test.cpp:148:10:148:27 | call to function | provenance | |
|
| test.cpp:148:10:148:27 | call to function | test.cpp:148:10:148:27 | call to function | provenance | |
|
||||||
| test.cpp:148:10:148:27 | call to function | test.cpp:149:10:149:10 | z | provenance | Sink:MaD:1 |
|
| test.cpp:148:10:148:27 | call to function | test.cpp:149:10:149:10 | z | provenance | Sink:MaD:1 |
|
||||||
| test.cpp:148:26:148:26 | x | test.cpp:148:10:148:27 | call to function | provenance | MaD:57 |
|
| test.cpp:148:26:148:26 | x | test.cpp:140:4:140:11 | [summary param] 1 in function | provenance | |
|
||||||
|
| test.cpp:148:26:148:26 | x | test.cpp:148:10:148:27 | call to function | provenance | MaD:55 |
|
||||||
| test.cpp:155:10:155:18 | call to ymlSource | test.cpp:155:10:155:18 | call to ymlSource | provenance | Src:MaD:25 |
|
| test.cpp:155:10:155:18 | call to ymlSource | test.cpp:155:10:155:18 | call to ymlSource | provenance | Src:MaD:25 |
|
||||||
| test.cpp:155:10:155:18 | call to ymlSource | test.cpp:157:26:157:26 | x | provenance | |
|
| test.cpp:155:10:155:18 | call to ymlSource | test.cpp:157:26:157:26 | x | provenance | |
|
||||||
| test.cpp:157:13:157:20 | call to function | test.cpp:157:13:157:20 | call to function | provenance | |
|
| test.cpp:157:13:157:20 | call to function | test.cpp:157:13:157:20 | call to function | provenance | |
|
||||||
| test.cpp:157:13:157:20 | call to function | test.cpp:158:10:158:10 | z | provenance | Sink:MaD:1 |
|
| test.cpp:157:13:157:20 | call to function | test.cpp:158:10:158:10 | z | provenance | Sink:MaD:1 |
|
||||||
| test.cpp:157:26:157:26 | x | test.cpp:157:13:157:20 | call to function | provenance | MaD:57 |
|
| test.cpp:157:26:157:26 | x | test.cpp:140:4:140:11 | [summary param] 1 in function | provenance | |
|
||||||
|
| test.cpp:157:26:157:26 | x | test.cpp:157:13:157:20 | call to function | provenance | MaD:55 |
|
||||||
| test.cpp:164:34:164:34 | x | test.cpp:165:69:165:69 | x | provenance | |
|
| test.cpp:164:34:164:34 | x | test.cpp:165:69:165:69 | x | provenance | |
|
||||||
| test.cpp:165:12:165:64 | call to templateFunction2 | test.cpp:164:7:164:7 | *templateFunction3 | provenance | |
|
| test.cpp:165:12:165:64 | call to templateFunction2 | test.cpp:164:7:164:7 | *templateFunction3 | provenance | |
|
||||||
| test.cpp:165:12:165:64 | call to templateFunction2 | test.cpp:165:12:165:64 | call to templateFunction2 | provenance | |
|
| test.cpp:165:12:165:64 | call to templateFunction2 | test.cpp:165:12:165:64 | call to templateFunction2 | provenance | |
|
||||||
| test.cpp:165:69:165:69 | x | test.cpp:165:12:165:64 | call to templateFunction2 | provenance | MaD:55 |
|
| test.cpp:165:69:165:69 | x | test.cpp:128:5:128:21 | [summary param] 1 in templateFunction2 | provenance | |
|
||||||
|
| test.cpp:165:69:165:69 | x | test.cpp:165:12:165:64 | call to templateFunction2 | provenance | MaD:53 |
|
||||||
| test.cpp:170:10:170:18 | call to ymlSource | test.cpp:170:10:170:18 | call to ymlSource | provenance | Src:MaD:25 |
|
| test.cpp:170:10:170:18 | call to ymlSource | test.cpp:170:10:170:18 | call to ymlSource | provenance | Src:MaD:25 |
|
||||||
| test.cpp:170:10:170:18 | call to ymlSource | test.cpp:172:51:172:51 | x | provenance | |
|
| test.cpp:170:10:170:18 | call to ymlSource | test.cpp:172:51:172:51 | x | provenance | |
|
||||||
| test.cpp:172:13:172:44 | call to templateFunction3 | test.cpp:172:13:172:44 | call to templateFunction3 | provenance | |
|
| test.cpp:172:13:172:44 | call to templateFunction3 | test.cpp:172:13:172:44 | call to templateFunction3 | provenance | |
|
||||||
| test.cpp:172:13:172:44 | call to templateFunction3 | test.cpp:173:10:173:10 | y | provenance | Sink:MaD:1 |
|
| test.cpp:172:13:172:44 | call to templateFunction3 | test.cpp:173:10:173:10 | y | provenance | Sink:MaD:1 |
|
||||||
| test.cpp:172:51:172:51 | x | test.cpp:164:34:164:34 | x | provenance | |
|
| test.cpp:172:51:172:51 | x | test.cpp:164:34:164:34 | x | provenance | |
|
||||||
| test.cpp:172:51:172:51 | x | test.cpp:172:13:172:44 | call to templateFunction3 | provenance | MaD:55 |
|
| test.cpp:172:51:172:51 | x | test.cpp:172:13:172:44 | call to templateFunction3 | provenance | MaD:53 |
|
||||||
| test.cpp:186:2:186:2 | *s [post update] [myField] | test.cpp:187:33:187:34 | *& ... [myField] | provenance | |
|
| windows.cpp:17:8:17:25 | [summary param] *0 in CommandLineToArgvA | windows.cpp:17:8:17:25 | [summary] to write: ReturnValue[**] in CommandLineToArgvA | provenance | MaD:33 |
|
||||||
| test.cpp:186:2:186:24 | ... = ... | test.cpp:186:2:186:2 | *s [post update] [myField] | provenance | |
|
|
||||||
| test.cpp:186:14:186:22 | call to ymlSource | test.cpp:186:2:186:24 | ... = ... | provenance | Src:MaD:25 |
|
|
||||||
| test.cpp:187:10:187:31 | call to read_field_from_struct | test.cpp:187:10:187:31 | call to read_field_from_struct | provenance | |
|
|
||||||
| test.cpp:187:10:187:31 | call to read_field_from_struct | test.cpp:188:10:188:10 | x | provenance | Sink:MaD:1 |
|
|
||||||
| test.cpp:187:33:187:34 | *& ... [myField] | test.cpp:187:10:187:31 | call to read_field_from_struct | provenance | MaD:50 |
|
|
||||||
| test.cpp:199:2:199:2 | *s [post update] [myField] | test.cpp:200:35:200:36 | *& ... [myField] | provenance | |
|
|
||||||
| test.cpp:199:2:199:24 | ... = ... | test.cpp:199:2:199:2 | *s [post update] [myField] | provenance | |
|
|
||||||
| test.cpp:199:14:199:22 | call to ymlSource | test.cpp:199:2:199:24 | ... = ... | provenance | Src:MaD:25 |
|
|
||||||
| test.cpp:200:10:200:33 | call to read_field_from_struct_2 | test.cpp:200:10:200:33 | call to read_field_from_struct_2 | provenance | |
|
|
||||||
| test.cpp:200:10:200:33 | call to read_field_from_struct_2 | test.cpp:201:10:201:10 | x | provenance | Sink:MaD:1 |
|
|
||||||
| test.cpp:200:35:200:36 | *& ... [myField] | test.cpp:200:10:200:33 | call to read_field_from_struct_2 | provenance | MaD:51 |
|
|
||||||
| windows.cpp:22:15:22:29 | *call to GetCommandLineA | windows.cpp:22:15:22:29 | *call to GetCommandLineA | provenance | Src:MaD:3 |
|
| windows.cpp:22:15:22:29 | *call to GetCommandLineA | windows.cpp:22:15:22:29 | *call to GetCommandLineA | provenance | Src:MaD:3 |
|
||||||
| windows.cpp:22:15:22:29 | *call to GetCommandLineA | windows.cpp:24:8:24:11 | * ... | provenance | |
|
| windows.cpp:22:15:22:29 | *call to GetCommandLineA | windows.cpp:24:8:24:11 | * ... | provenance | |
|
||||||
| windows.cpp:22:15:22:29 | *call to GetCommandLineA | windows.cpp:27:36:27:38 | *cmd | provenance | |
|
| windows.cpp:22:15:22:29 | *call to GetCommandLineA | windows.cpp:27:36:27:38 | *cmd | provenance | |
|
||||||
| windows.cpp:27:17:27:34 | **call to CommandLineToArgvA | windows.cpp:27:17:27:34 | **call to CommandLineToArgvA | provenance | |
|
| windows.cpp:27:17:27:34 | **call to CommandLineToArgvA | windows.cpp:27:17:27:34 | **call to CommandLineToArgvA | provenance | |
|
||||||
| windows.cpp:27:17:27:34 | **call to CommandLineToArgvA | windows.cpp:30:8:30:15 | * ... | provenance | |
|
| windows.cpp:27:17:27:34 | **call to CommandLineToArgvA | windows.cpp:30:8:30:15 | * ... | provenance | |
|
||||||
|
| windows.cpp:27:36:27:38 | *cmd | windows.cpp:17:8:17:25 | [summary param] *0 in CommandLineToArgvA | provenance | |
|
||||||
| windows.cpp:27:36:27:38 | *cmd | windows.cpp:27:17:27:34 | **call to CommandLineToArgvA | provenance | MaD:33 |
|
| windows.cpp:27:36:27:38 | *cmd | windows.cpp:27:17:27:34 | **call to CommandLineToArgvA | provenance | MaD:33 |
|
||||||
| windows.cpp:34:17:34:38 | *call to GetEnvironmentStringsA | windows.cpp:34:17:34:38 | *call to GetEnvironmentStringsA | provenance | Src:MaD:4 |
|
| windows.cpp:34:17:34:38 | *call to GetEnvironmentStringsA | windows.cpp:34:17:34:38 | *call to GetEnvironmentStringsA | provenance | Src:MaD:4 |
|
||||||
| windows.cpp:34:17:34:38 | *call to GetEnvironmentStringsA | windows.cpp:36:10:36:13 | * ... | provenance | |
|
| windows.cpp:34:17:34:38 | *call to GetEnvironmentStringsA | windows.cpp:36:10:36:13 | * ... | provenance | |
|
||||||
| windows.cpp:39:36:39:38 | GetEnvironmentVariableA output argument | windows.cpp:41:10:41:13 | * ... | provenance | Src:MaD:5 |
|
| windows.cpp:39:36:39:38 | GetEnvironmentVariableA output argument | windows.cpp:41:10:41:13 | * ... | provenance | Src:MaD:5 |
|
||||||
|
| windows.cpp:90:6:90:15 | [summary param] *3 in ReadFileEx [*hEvent] | windows.cpp:90:6:90:15 | [summary] read: Argument[*3].Field[*hEvent] in ReadFileEx | provenance | |
|
||||||
|
| windows.cpp:90:6:90:15 | [summary param] *3 in ReadFileEx [hEvent] | windows.cpp:90:6:90:15 | [summary] read: Argument[*3].Field[hEvent] in ReadFileEx | provenance | |
|
||||||
|
| windows.cpp:90:6:90:15 | [summary] read: Argument[*3].Field[*hEvent] in ReadFileEx | windows.cpp:90:6:90:15 | [summary] to write: Argument[4].Parameter[*2].Field[*hEvent] in ReadFileEx | provenance | MaD:37 |
|
||||||
|
| windows.cpp:90:6:90:15 | [summary] read: Argument[*3].Field[hEvent] in ReadFileEx | windows.cpp:90:6:90:15 | [summary] to write: Argument[4].Parameter[*2].Field[hEvent] in ReadFileEx | provenance | MaD:37 |
|
||||||
|
| windows.cpp:90:6:90:15 | [summary] to write: Argument[4].Parameter[*2] in ReadFileEx [*hEvent] | windows.cpp:147:16:147:27 | *lpOverlapped [*hEvent] | provenance | |
|
||||||
|
| windows.cpp:90:6:90:15 | [summary] to write: Argument[4].Parameter[*2] in ReadFileEx [hEvent] | windows.cpp:157:16:157:27 | *lpOverlapped [hEvent] | provenance | |
|
||||||
|
| windows.cpp:90:6:90:15 | [summary] to write: Argument[4].Parameter[*2].Field[*hEvent] in ReadFileEx | windows.cpp:90:6:90:15 | [summary] to write: Argument[4].Parameter[*2] in ReadFileEx [*hEvent] | provenance | |
|
||||||
|
| windows.cpp:90:6:90:15 | [summary] to write: Argument[4].Parameter[*2].Field[hEvent] in ReadFileEx | windows.cpp:90:6:90:15 | [summary] to write: Argument[4].Parameter[*2] in ReadFileEx [hEvent] | provenance | |
|
||||||
| windows.cpp:147:16:147:27 | *lpOverlapped [*hEvent] | windows.cpp:149:42:149:53 | *lpOverlapped [*hEvent] | provenance | |
|
| windows.cpp:147:16:147:27 | *lpOverlapped [*hEvent] | windows.cpp:149:42:149:53 | *lpOverlapped [*hEvent] | provenance | |
|
||||||
| windows.cpp:149:18:149:62 | *hEvent | windows.cpp:149:18:149:62 | *hEvent | provenance | |
|
| windows.cpp:149:18:149:62 | *hEvent | windows.cpp:149:18:149:62 | *hEvent | provenance | |
|
||||||
| windows.cpp:149:18:149:62 | *hEvent | windows.cpp:151:8:151:14 | * ... | provenance | |
|
| windows.cpp:149:18:149:62 | *hEvent | windows.cpp:151:8:151:14 | * ... | provenance | |
|
||||||
@@ -217,11 +251,11 @@ edges
|
|||||||
| windows.cpp:189:21:189:26 | ReadFile output argument | windows.cpp:190:5:190:56 | *... = ... | provenance | Src:MaD:17 |
|
| windows.cpp:189:21:189:26 | ReadFile output argument | windows.cpp:190:5:190:56 | *... = ... | provenance | Src:MaD:17 |
|
||||||
| windows.cpp:190:5:190:14 | *overlapped [post update] [*hEvent] | windows.cpp:192:53:192:63 | *& ... [*hEvent] | provenance | |
|
| windows.cpp:190:5:190:14 | *overlapped [post update] [*hEvent] | windows.cpp:192:53:192:63 | *& ... [*hEvent] | provenance | |
|
||||||
| windows.cpp:190:5:190:56 | *... = ... | windows.cpp:190:5:190:14 | *overlapped [post update] [*hEvent] | provenance | |
|
| windows.cpp:190:5:190:56 | *... = ... | windows.cpp:190:5:190:14 | *overlapped [post update] [*hEvent] | provenance | |
|
||||||
| windows.cpp:192:53:192:63 | *& ... [*hEvent] | windows.cpp:147:16:147:27 | *lpOverlapped [*hEvent] | provenance | MaD:37 |
|
| windows.cpp:192:53:192:63 | *& ... [*hEvent] | windows.cpp:90:6:90:15 | [summary param] *3 in ReadFileEx [*hEvent] | provenance | |
|
||||||
| windows.cpp:198:21:198:26 | ReadFile output argument | windows.cpp:199:5:199:57 | ... = ... | provenance | Src:MaD:17 |
|
| windows.cpp:198:21:198:26 | ReadFile output argument | windows.cpp:199:5:199:57 | ... = ... | provenance | Src:MaD:17 |
|
||||||
| windows.cpp:199:5:199:14 | *overlapped [post update] [hEvent] | windows.cpp:201:53:201:63 | *& ... [hEvent] | provenance | |
|
| windows.cpp:199:5:199:14 | *overlapped [post update] [hEvent] | windows.cpp:201:53:201:63 | *& ... [hEvent] | provenance | |
|
||||||
| windows.cpp:199:5:199:57 | ... = ... | windows.cpp:199:5:199:14 | *overlapped [post update] [hEvent] | provenance | |
|
| windows.cpp:199:5:199:57 | ... = ... | windows.cpp:199:5:199:14 | *overlapped [post update] [hEvent] | provenance | |
|
||||||
| windows.cpp:201:53:201:63 | *& ... [hEvent] | windows.cpp:157:16:157:27 | *lpOverlapped [hEvent] | provenance | MaD:37 |
|
| windows.cpp:201:53:201:63 | *& ... [hEvent] | windows.cpp:90:6:90:15 | [summary param] *3 in ReadFileEx [hEvent] | provenance | |
|
||||||
| windows.cpp:209:84:209:89 | NtReadFile output argument | windows.cpp:211:10:211:16 | * ... | provenance | Src:MaD:16 |
|
| windows.cpp:209:84:209:89 | NtReadFile output argument | windows.cpp:211:10:211:16 | * ... | provenance | Src:MaD:16 |
|
||||||
| windows.cpp:286:23:286:35 | *call to MapViewOfFile | windows.cpp:286:23:286:35 | *call to MapViewOfFile | provenance | Src:MaD:12 |
|
| windows.cpp:286:23:286:35 | *call to MapViewOfFile | windows.cpp:286:23:286:35 | *call to MapViewOfFile | provenance | Src:MaD:12 |
|
||||||
| windows.cpp:286:23:286:35 | *call to MapViewOfFile | windows.cpp:287:20:287:52 | *pMapView | provenance | |
|
| windows.cpp:286:23:286:35 | *call to MapViewOfFile | windows.cpp:287:20:287:52 | *pMapView | provenance | |
|
||||||
@@ -244,6 +278,12 @@ edges
|
|||||||
| windows.cpp:332:23:332:40 | *call to MapViewOfFileNuma2 | windows.cpp:332:23:332:40 | *call to MapViewOfFileNuma2 | provenance | Src:MaD:15 |
|
| windows.cpp:332:23:332:40 | *call to MapViewOfFileNuma2 | windows.cpp:332:23:332:40 | *call to MapViewOfFileNuma2 | provenance | Src:MaD:15 |
|
||||||
| windows.cpp:332:23:332:40 | *call to MapViewOfFileNuma2 | windows.cpp:333:20:333:52 | *pMapView | provenance | |
|
| windows.cpp:332:23:332:40 | *call to MapViewOfFileNuma2 | windows.cpp:333:20:333:52 | *pMapView | provenance | |
|
||||||
| windows.cpp:333:20:333:52 | *pMapView | windows.cpp:335:10:335:16 | * ... | provenance | |
|
| windows.cpp:333:20:333:52 | *pMapView | windows.cpp:335:10:335:16 | * ... | provenance | |
|
||||||
|
| windows.cpp:349:8:349:19 | [summary param] *3 in CreateThread [x] | windows.cpp:349:8:349:19 | [summary] to write: Argument[2].Parameter[*0] in CreateThread [x] | provenance | MaD:36 |
|
||||||
|
| windows.cpp:349:8:349:19 | [summary] to write: Argument[2].Parameter[*0] in CreateThread [x] | windows.cpp:403:26:403:36 | *lpParameter [x] | provenance | |
|
||||||
|
| windows.cpp:357:8:357:25 | [summary param] *4 in CreateRemoteThread [x] | windows.cpp:357:8:357:25 | [summary] to write: Argument[3].Parameter[*0] in CreateRemoteThread [x] | provenance | MaD:34 |
|
||||||
|
| windows.cpp:357:8:357:25 | [summary] to write: Argument[3].Parameter[*0] in CreateRemoteThread [x] | windows.cpp:410:26:410:36 | *lpParameter [x] | provenance | |
|
||||||
|
| windows.cpp:387:8:387:27 | [summary param] *4 in CreateRemoteThreadEx [x] | windows.cpp:387:8:387:27 | [summary] to write: Argument[3].Parameter[*0] in CreateRemoteThreadEx [x] | provenance | MaD:35 |
|
||||||
|
| windows.cpp:387:8:387:27 | [summary] to write: Argument[3].Parameter[*0] in CreateRemoteThreadEx [x] | windows.cpp:417:26:417:36 | *lpParameter [x] | provenance | |
|
||||||
| windows.cpp:403:26:403:36 | *lpParameter [x] | windows.cpp:405:10:405:25 | *lpParameter [x] | provenance | |
|
| windows.cpp:403:26:403:36 | *lpParameter [x] | windows.cpp:405:10:405:25 | *lpParameter [x] | provenance | |
|
||||||
| windows.cpp:405:10:405:25 | *lpParameter [x] | windows.cpp:406:8:406:8 | *s [x] | provenance | |
|
| windows.cpp:405:10:405:25 | *lpParameter [x] | windows.cpp:406:8:406:8 | *s [x] | provenance | |
|
||||||
| windows.cpp:406:8:406:8 | *s [x] | windows.cpp:406:8:406:11 | x | provenance | |
|
| windows.cpp:406:8:406:8 | *s [x] | windows.cpp:406:8:406:11 | x | provenance | |
|
||||||
@@ -258,9 +298,22 @@ edges
|
|||||||
| windows.cpp:431:3:431:3 | *s [post update] [x] | windows.cpp:464:7:464:8 | *& ... [x] | provenance | |
|
| windows.cpp:431:3:431:3 | *s [post update] [x] | windows.cpp:464:7:464:8 | *& ... [x] | provenance | |
|
||||||
| windows.cpp:431:3:431:16 | ... = ... | windows.cpp:431:3:431:3 | *s [post update] [x] | provenance | |
|
| windows.cpp:431:3:431:16 | ... = ... | windows.cpp:431:3:431:3 | *s [post update] [x] | provenance | |
|
||||||
| windows.cpp:431:9:431:14 | call to source | windows.cpp:431:3:431:16 | ... = ... | provenance | |
|
| windows.cpp:431:9:431:14 | call to source | windows.cpp:431:3:431:16 | ... = ... | provenance | |
|
||||||
| windows.cpp:439:7:439:8 | *& ... [x] | windows.cpp:403:26:403:36 | *lpParameter [x] | provenance | MaD:36 |
|
| windows.cpp:439:7:439:8 | *& ... [x] | windows.cpp:349:8:349:19 | [summary param] *3 in CreateThread [x] | provenance | |
|
||||||
| windows.cpp:451:7:451:8 | *& ... [x] | windows.cpp:410:26:410:36 | *lpParameter [x] | provenance | MaD:34 |
|
| windows.cpp:451:7:451:8 | *& ... [x] | windows.cpp:357:8:357:25 | [summary param] *4 in CreateRemoteThread [x] | provenance | |
|
||||||
| windows.cpp:464:7:464:8 | *& ... [x] | windows.cpp:417:26:417:36 | *lpParameter [x] | provenance | MaD:35 |
|
| windows.cpp:464:7:464:8 | *& ... [x] | windows.cpp:387:8:387:27 | [summary param] *4 in CreateRemoteThreadEx [x] | provenance | |
|
||||||
|
| windows.cpp:473:17:473:37 | [summary param] *1 in RtlCopyVolatileMemory | windows.cpp:473:17:473:37 | [summary param] *0 in RtlCopyVolatileMemory [Return] | provenance | MaD:42 |
|
||||||
|
| windows.cpp:479:17:479:35 | [summary param] *1 in RtlCopyDeviceMemory | windows.cpp:479:17:479:35 | [summary param] *0 in RtlCopyDeviceMemory [Return] | provenance | MaD:38 |
|
||||||
|
| windows.cpp:485:6:485:18 | [summary param] *1 in RtlCopyMemory | windows.cpp:485:6:485:18 | [summary param] *0 in RtlCopyMemory [Return] | provenance | MaD:39 |
|
||||||
|
| windows.cpp:493:6:493:29 | [summary param] *1 in RtlCopyMemoryNonTemporal | windows.cpp:493:6:493:29 | [summary param] *0 in RtlCopyMemoryNonTemporal [Return] | provenance | MaD:40 |
|
||||||
|
| windows.cpp:510:6:510:25 | [summary param] *1 in RtlCopyUnicodeString [*Buffer] | windows.cpp:510:6:510:25 | [summary] read: Argument[*1].Field[*Buffer] in RtlCopyUnicodeString | provenance | |
|
||||||
|
| windows.cpp:510:6:510:25 | [summary] read: Argument[*1].Field[*Buffer] in RtlCopyUnicodeString | windows.cpp:510:6:510:25 | [summary] to write: Argument[*0].Field[*Buffer] in RtlCopyUnicodeString | provenance | MaD:41 |
|
||||||
|
| windows.cpp:510:6:510:25 | [summary] to write: Argument[*0] in RtlCopyUnicodeString [*Buffer] | windows.cpp:510:6:510:25 | [summary param] *0 in RtlCopyUnicodeString [Return] [*Buffer] | provenance | |
|
||||||
|
| windows.cpp:510:6:510:25 | [summary] to write: Argument[*0].Field[*Buffer] in RtlCopyUnicodeString | windows.cpp:510:6:510:25 | [summary] to write: Argument[*0] in RtlCopyUnicodeString [*Buffer] | provenance | |
|
||||||
|
| windows.cpp:515:6:515:18 | [summary param] *1 in RtlMoveMemory | windows.cpp:515:6:515:18 | [summary param] *0 in RtlMoveMemory [Return] | provenance | MaD:44 |
|
||||||
|
| windows.cpp:521:17:521:37 | [summary param] *1 in RtlMoveVolatileMemory | windows.cpp:521:17:521:37 | [summary param] *0 in RtlMoveVolatileMemory [Return] | provenance | MaD:45 |
|
||||||
|
| windows.cpp:527:6:527:25 | [summary param] *1 in RtlInitUnicodeString | windows.cpp:527:6:527:25 | [summary] to write: Argument[*0].Field[*Buffer] in RtlInitUnicodeString | provenance | MaD:43 |
|
||||||
|
| windows.cpp:527:6:527:25 | [summary] to write: Argument[*0] in RtlInitUnicodeString [*Buffer] | windows.cpp:527:6:527:25 | [summary param] *0 in RtlInitUnicodeString [Return] [*Buffer] | provenance | |
|
||||||
|
| windows.cpp:527:6:527:25 | [summary] to write: Argument[*0].Field[*Buffer] in RtlInitUnicodeString | windows.cpp:527:6:527:25 | [summary] to write: Argument[*0] in RtlInitUnicodeString [*Buffer] | provenance | |
|
||||||
| windows.cpp:533:11:533:16 | call to source | windows.cpp:533:11:533:16 | call to source | provenance | |
|
| windows.cpp:533:11:533:16 | call to source | windows.cpp:533:11:533:16 | call to source | provenance | |
|
||||||
| windows.cpp:533:11:533:16 | call to source | windows.cpp:537:40:537:41 | *& ... | provenance | |
|
| windows.cpp:533:11:533:16 | call to source | windows.cpp:537:40:537:41 | *& ... | provenance | |
|
||||||
| windows.cpp:533:11:533:16 | call to source | windows.cpp:542:38:542:39 | *& ... | provenance | |
|
| windows.cpp:533:11:533:16 | call to source | windows.cpp:542:38:542:39 | *& ... | provenance | |
|
||||||
@@ -269,29 +322,37 @@ edges
|
|||||||
| windows.cpp:533:11:533:16 | call to source | windows.cpp:568:32:568:33 | *& ... | provenance | |
|
| windows.cpp:533:11:533:16 | call to source | windows.cpp:568:32:568:33 | *& ... | provenance | |
|
||||||
| windows.cpp:533:11:533:16 | call to source | windows.cpp:573:40:573:41 | *& ... | provenance | |
|
| windows.cpp:533:11:533:16 | call to source | windows.cpp:573:40:573:41 | *& ... | provenance | |
|
||||||
| windows.cpp:537:27:537:37 | RtlCopyVolatileMemory output argument | windows.cpp:538:10:538:23 | access to array | provenance | |
|
| windows.cpp:537:27:537:37 | RtlCopyVolatileMemory output argument | windows.cpp:538:10:538:23 | access to array | provenance | |
|
||||||
|
| windows.cpp:537:40:537:41 | *& ... | windows.cpp:473:17:473:37 | [summary param] *1 in RtlCopyVolatileMemory | provenance | |
|
||||||
| windows.cpp:537:40:537:41 | *& ... | windows.cpp:537:27:537:37 | RtlCopyVolatileMemory output argument | provenance | MaD:42 |
|
| windows.cpp:537:40:537:41 | *& ... | windows.cpp:537:27:537:37 | RtlCopyVolatileMemory output argument | provenance | MaD:42 |
|
||||||
| windows.cpp:542:25:542:35 | RtlCopyDeviceMemory output argument | windows.cpp:543:10:543:23 | access to array | provenance | |
|
| windows.cpp:542:25:542:35 | RtlCopyDeviceMemory output argument | windows.cpp:543:10:543:23 | access to array | provenance | |
|
||||||
|
| windows.cpp:542:38:542:39 | *& ... | windows.cpp:479:17:479:35 | [summary param] *1 in RtlCopyDeviceMemory | provenance | |
|
||||||
| windows.cpp:542:38:542:39 | *& ... | windows.cpp:542:25:542:35 | RtlCopyDeviceMemory output argument | provenance | MaD:38 |
|
| windows.cpp:542:38:542:39 | *& ... | windows.cpp:542:25:542:35 | RtlCopyDeviceMemory output argument | provenance | MaD:38 |
|
||||||
| windows.cpp:547:19:547:29 | RtlCopyMemory output argument | windows.cpp:548:10:548:23 | access to array | provenance | |
|
| windows.cpp:547:19:547:29 | RtlCopyMemory output argument | windows.cpp:548:10:548:23 | access to array | provenance | |
|
||||||
|
| windows.cpp:547:32:547:33 | *& ... | windows.cpp:485:6:485:18 | [summary param] *1 in RtlCopyMemory | provenance | |
|
||||||
| windows.cpp:547:32:547:33 | *& ... | windows.cpp:547:19:547:29 | RtlCopyMemory output argument | provenance | MaD:39 |
|
| windows.cpp:547:32:547:33 | *& ... | windows.cpp:547:19:547:29 | RtlCopyMemory output argument | provenance | MaD:39 |
|
||||||
| windows.cpp:552:30:552:40 | RtlCopyMemoryNonTemporal output argument | windows.cpp:553:10:553:23 | access to array | provenance | |
|
| windows.cpp:552:30:552:40 | RtlCopyMemoryNonTemporal output argument | windows.cpp:553:10:553:23 | access to array | provenance | |
|
||||||
|
| windows.cpp:552:43:552:44 | *& ... | windows.cpp:493:6:493:29 | [summary param] *1 in RtlCopyMemoryNonTemporal | provenance | |
|
||||||
| windows.cpp:552:43:552:44 | *& ... | windows.cpp:552:30:552:40 | RtlCopyMemoryNonTemporal output argument | provenance | MaD:40 |
|
| windows.cpp:552:43:552:44 | *& ... | windows.cpp:552:30:552:40 | RtlCopyMemoryNonTemporal output argument | provenance | MaD:40 |
|
||||||
| windows.cpp:559:5:559:24 | ... = ... | windows.cpp:561:39:561:44 | *buffer | provenance | |
|
| windows.cpp:559:5:559:24 | ... = ... | windows.cpp:561:39:561:44 | *buffer | provenance | |
|
||||||
| windows.cpp:559:17:559:24 | call to source | windows.cpp:559:5:559:24 | ... = ... | provenance | |
|
| windows.cpp:559:17:559:24 | call to source | windows.cpp:559:5:559:24 | ... = ... | provenance | |
|
||||||
| windows.cpp:561:26:561:36 | RtlInitUnicodeString output argument [*Buffer] | windows.cpp:562:10:562:19 | *src_string [*Buffer] | provenance | |
|
| windows.cpp:561:26:561:36 | RtlInitUnicodeString output argument [*Buffer] | windows.cpp:562:10:562:19 | *src_string [*Buffer] | provenance | |
|
||||||
| windows.cpp:561:26:561:36 | RtlInitUnicodeString output argument [*Buffer] | windows.cpp:563:40:563:50 | *& ... [*Buffer] | provenance | |
|
| windows.cpp:561:26:561:36 | RtlInitUnicodeString output argument [*Buffer] | windows.cpp:563:40:563:50 | *& ... [*Buffer] | provenance | |
|
||||||
|
| windows.cpp:561:39:561:44 | *buffer | windows.cpp:527:6:527:25 | [summary param] *1 in RtlInitUnicodeString | provenance | |
|
||||||
| windows.cpp:561:39:561:44 | *buffer | windows.cpp:561:26:561:36 | RtlInitUnicodeString output argument [*Buffer] | provenance | MaD:43 |
|
| windows.cpp:561:39:561:44 | *buffer | windows.cpp:561:26:561:36 | RtlInitUnicodeString output argument [*Buffer] | provenance | MaD:43 |
|
||||||
| windows.cpp:562:10:562:19 | *src_string [*Buffer] | windows.cpp:562:10:562:29 | access to array | provenance | |
|
| windows.cpp:562:10:562:19 | *src_string [*Buffer] | windows.cpp:562:10:562:29 | access to array | provenance | |
|
||||||
| windows.cpp:562:10:562:19 | *src_string [*Buffer] | windows.cpp:562:21:562:26 | *Buffer | provenance | |
|
| windows.cpp:562:10:562:19 | *src_string [*Buffer] | windows.cpp:562:21:562:26 | *Buffer | provenance | |
|
||||||
| windows.cpp:562:21:562:26 | *Buffer | windows.cpp:562:10:562:29 | access to array | provenance | |
|
| windows.cpp:562:21:562:26 | *Buffer | windows.cpp:562:10:562:29 | access to array | provenance | |
|
||||||
| windows.cpp:563:26:563:37 | RtlCopyUnicodeString output argument [*Buffer] | windows.cpp:564:10:564:20 | *dest_string [*Buffer] | provenance | |
|
| windows.cpp:563:26:563:37 | RtlCopyUnicodeString output argument [*Buffer] | windows.cpp:564:10:564:20 | *dest_string [*Buffer] | provenance | |
|
||||||
|
| windows.cpp:563:40:563:50 | *& ... [*Buffer] | windows.cpp:510:6:510:25 | [summary param] *1 in RtlCopyUnicodeString [*Buffer] | provenance | |
|
||||||
| windows.cpp:563:40:563:50 | *& ... [*Buffer] | windows.cpp:563:26:563:37 | RtlCopyUnicodeString output argument [*Buffer] | provenance | MaD:41 |
|
| windows.cpp:563:40:563:50 | *& ... [*Buffer] | windows.cpp:563:26:563:37 | RtlCopyUnicodeString output argument [*Buffer] | provenance | MaD:41 |
|
||||||
| windows.cpp:564:10:564:20 | *dest_string [*Buffer] | windows.cpp:564:10:564:30 | access to array | provenance | |
|
| windows.cpp:564:10:564:20 | *dest_string [*Buffer] | windows.cpp:564:10:564:30 | access to array | provenance | |
|
||||||
| windows.cpp:564:10:564:20 | *dest_string [*Buffer] | windows.cpp:564:22:564:27 | *Buffer | provenance | |
|
| windows.cpp:564:10:564:20 | *dest_string [*Buffer] | windows.cpp:564:22:564:27 | *Buffer | provenance | |
|
||||||
| windows.cpp:564:22:564:27 | *Buffer | windows.cpp:564:10:564:30 | access to array | provenance | |
|
| windows.cpp:564:22:564:27 | *Buffer | windows.cpp:564:10:564:30 | access to array | provenance | |
|
||||||
| windows.cpp:568:19:568:29 | RtlMoveMemory output argument | windows.cpp:569:10:569:23 | access to array | provenance | |
|
| windows.cpp:568:19:568:29 | RtlMoveMemory output argument | windows.cpp:569:10:569:23 | access to array | provenance | |
|
||||||
|
| windows.cpp:568:32:568:33 | *& ... | windows.cpp:515:6:515:18 | [summary param] *1 in RtlMoveMemory | provenance | |
|
||||||
| windows.cpp:568:32:568:33 | *& ... | windows.cpp:568:19:568:29 | RtlMoveMemory output argument | provenance | MaD:44 |
|
| windows.cpp:568:32:568:33 | *& ... | windows.cpp:568:19:568:29 | RtlMoveMemory output argument | provenance | MaD:44 |
|
||||||
| windows.cpp:573:27:573:37 | RtlMoveVolatileMemory output argument | windows.cpp:574:10:574:23 | access to array | provenance | |
|
| windows.cpp:573:27:573:37 | RtlMoveVolatileMemory output argument | windows.cpp:574:10:574:23 | access to array | provenance | |
|
||||||
|
| windows.cpp:573:40:573:41 | *& ... | windows.cpp:521:17:521:37 | [summary param] *1 in RtlMoveVolatileMemory | provenance | |
|
||||||
| windows.cpp:573:40:573:41 | *& ... | windows.cpp:573:27:573:37 | RtlMoveVolatileMemory output argument | provenance | MaD:45 |
|
| windows.cpp:573:40:573:41 | *& ... | windows.cpp:573:27:573:37 | RtlMoveVolatileMemory output argument | provenance | MaD:45 |
|
||||||
| windows.cpp:645:45:645:50 | WinHttpReadData output argument | windows.cpp:647:10:647:16 | * ... | provenance | Src:MaD:23 |
|
| windows.cpp:645:45:645:50 | WinHttpReadData output argument | windows.cpp:647:10:647:16 | * ... | provenance | Src:MaD:23 |
|
||||||
| windows.cpp:652:48:652:53 | WinHttpReadDataEx output argument | windows.cpp:654:10:654:16 | * ... | provenance | Src:MaD:24 |
|
| windows.cpp:652:48:652:53 | WinHttpReadDataEx output argument | windows.cpp:654:10:654:16 | * ... | provenance | Src:MaD:24 |
|
||||||
@@ -299,8 +360,10 @@ edges
|
|||||||
| windows.cpp:669:70:669:79 | WinHttpQueryHeadersEx output argument | windows.cpp:673:10:673:29 | * ... | provenance | Src:MaD:21 |
|
| windows.cpp:669:70:669:79 | WinHttpQueryHeadersEx output argument | windows.cpp:673:10:673:29 | * ... | provenance | Src:MaD:21 |
|
||||||
| windows.cpp:669:82:669:87 | WinHttpQueryHeadersEx output argument | windows.cpp:671:10:671:16 | * ... | provenance | Src:MaD:22 |
|
| windows.cpp:669:82:669:87 | WinHttpQueryHeadersEx output argument | windows.cpp:671:10:671:16 | * ... | provenance | Src:MaD:22 |
|
||||||
| windows.cpp:669:105:669:112 | WinHttpQueryHeadersEx output argument | windows.cpp:675:10:675:27 | * ... | provenance | Src:MaD:20 |
|
| windows.cpp:669:105:669:112 | WinHttpQueryHeadersEx output argument | windows.cpp:675:10:675:27 | * ... | provenance | Src:MaD:20 |
|
||||||
|
| windows.cpp:714:6:714:20 | [summary param] *0 in WinHttpCrackUrl | windows.cpp:714:6:714:20 | [summary param] *3 in WinHttpCrackUrl [Return] | provenance | MaD:46 |
|
||||||
| windows.cpp:728:5:728:28 | ... = ... | windows.cpp:729:35:729:35 | *x | provenance | |
|
| windows.cpp:728:5:728:28 | ... = ... | windows.cpp:729:35:729:35 | *x | provenance | |
|
||||||
| windows.cpp:728:12:728:28 | call to source | windows.cpp:728:5:728:28 | ... = ... | provenance | |
|
| windows.cpp:728:12:728:28 | call to source | windows.cpp:728:5:728:28 | ... = ... | provenance | |
|
||||||
|
| windows.cpp:729:35:729:35 | *x | windows.cpp:714:6:714:20 | [summary param] *0 in WinHttpCrackUrl | provenance | |
|
||||||
| windows.cpp:729:35:729:35 | *x | windows.cpp:729:44:729:57 | WinHttpCrackUrl output argument | provenance | MaD:46 |
|
| windows.cpp:729:35:729:35 | *x | windows.cpp:729:44:729:57 | WinHttpCrackUrl output argument | provenance | MaD:46 |
|
||||||
| windows.cpp:729:44:729:57 | WinHttpCrackUrl output argument | windows.cpp:731:10:731:36 | * ... | provenance | |
|
| windows.cpp:729:44:729:57 | WinHttpCrackUrl output argument | windows.cpp:731:10:731:36 | * ... | provenance | |
|
||||||
| windows.cpp:729:44:729:57 | WinHttpCrackUrl output argument | windows.cpp:733:10:733:35 | * ... | provenance | |
|
| windows.cpp:729:44:729:57 | WinHttpCrackUrl output argument | windows.cpp:733:10:733:35 | * ... | provenance | |
|
||||||
@@ -323,6 +386,8 @@ edges
|
|||||||
| windows.cpp:936:70:936:78 | HttpReceiveClientCertificate output argument | windows.cpp:941:10:941:31 | * ... | provenance | Src:MaD:6 |
|
| windows.cpp:936:70:936:78 | HttpReceiveClientCertificate output argument | windows.cpp:941:10:941:31 | * ... | provenance | Src:MaD:6 |
|
||||||
| windows.cpp:937:15:937:48 | *& ... | windows.cpp:939:10:939:11 | * ... | provenance | |
|
| windows.cpp:937:15:937:48 | *& ... | windows.cpp:939:10:939:11 | * ... | provenance | |
|
||||||
nodes
|
nodes
|
||||||
|
| asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | semmle.label | [summary param] *0 in buffer |
|
||||||
|
| asio_streams.cpp:56:18:56:23 | [summary] to write: ReturnValue in buffer | semmle.label | [summary] to write: ReturnValue in buffer |
|
||||||
| asio_streams.cpp:87:34:87:44 | read_until output argument | semmle.label | read_until output argument |
|
| asio_streams.cpp:87:34:87:44 | read_until output argument | semmle.label | read_until output argument |
|
||||||
| asio_streams.cpp:91:7:91:17 | recv_buffer | semmle.label | recv_buffer |
|
| asio_streams.cpp:91:7:91:17 | recv_buffer | semmle.label | recv_buffer |
|
||||||
| asio_streams.cpp:93:29:93:39 | *recv_buffer | semmle.label | *recv_buffer |
|
| asio_streams.cpp:93:29:93:39 | *recv_buffer | semmle.label | *recv_buffer |
|
||||||
@@ -333,6 +398,15 @@ nodes
|
|||||||
| asio_streams.cpp:100:64:100:71 | *send_str | semmle.label | *send_str |
|
| asio_streams.cpp:100:64:100:71 | *send_str | semmle.label | *send_str |
|
||||||
| asio_streams.cpp:101:7:101:17 | send_buffer | semmle.label | send_buffer |
|
| asio_streams.cpp:101:7:101:17 | send_buffer | semmle.label | send_buffer |
|
||||||
| asio_streams.cpp:103:29:103:39 | *send_buffer | semmle.label | *send_buffer |
|
| asio_streams.cpp:103:29:103:39 | *send_buffer | semmle.label | *send_buffer |
|
||||||
|
| azure.cpp:62:10:62:14 | [summary param] this in Value | semmle.label | [summary param] this in Value |
|
||||||
|
| azure.cpp:62:10:62:14 | [summary] to write: ReturnValue[*] in Value | semmle.label | [summary] to write: ReturnValue[*] in Value |
|
||||||
|
| azure.cpp:113:16:113:19 | [summary param] *0 in Read [Return] | semmle.label | [summary param] *0 in Read [Return] |
|
||||||
|
| azure.cpp:113:16:113:19 | [summary param] this in Read | semmle.label | [summary param] this in Read |
|
||||||
|
| azure.cpp:114:16:114:26 | [summary param] *0 in ReadToCount [Return] | semmle.label | [summary param] *0 in ReadToCount [Return] |
|
||||||
|
| azure.cpp:114:16:114:26 | [summary param] this in ReadToCount | semmle.label | [summary param] this in ReadToCount |
|
||||||
|
| azure.cpp:115:30:115:38 | [summary param] this in ReadToEnd | semmle.label | [summary param] this in ReadToEnd |
|
||||||
|
| azure.cpp:115:30:115:38 | [summary] to write: ReturnValue in ReadToEnd [element] | semmle.label | [summary] to write: ReturnValue in ReadToEnd [element] |
|
||||||
|
| azure.cpp:115:30:115:38 | [summary] to write: ReturnValue.Element in ReadToEnd | semmle.label | [summary] to write: ReturnValue.Element in ReadToEnd |
|
||||||
| azure.cpp:253:48:253:60 | *call to GetBodyStream | semmle.label | *call to GetBodyStream |
|
| azure.cpp:253:48:253:60 | *call to GetBodyStream | semmle.label | *call to GetBodyStream |
|
||||||
| azure.cpp:253:48:253:60 | *call to GetBodyStream | semmle.label | *call to GetBodyStream |
|
| azure.cpp:253:48:253:60 | *call to GetBodyStream | semmle.label | *call to GetBodyStream |
|
||||||
| azure.cpp:257:5:257:8 | *resp | semmle.label | *resp |
|
| azure.cpp:257:5:257:8 | *resp | semmle.label | *resp |
|
||||||
@@ -377,6 +451,12 @@ nodes
|
|||||||
| azure.cpp:295:10:295:20 | contentType | semmle.label | contentType |
|
| azure.cpp:295:10:295:20 | contentType | semmle.label | contentType |
|
||||||
| azure.cpp:295:10:295:20 | contentType | semmle.label | contentType |
|
| azure.cpp:295:10:295:20 | contentType | semmle.label | contentType |
|
||||||
| azure.cpp:295:10:295:20 | contentType | semmle.label | contentType |
|
| azure.cpp:295:10:295:20 | contentType | semmle.label | contentType |
|
||||||
|
| test.cpp:4:5:4:17 | [summary param] 0 in ymlStepManual | semmle.label | [summary param] 0 in ymlStepManual |
|
||||||
|
| test.cpp:4:5:4:17 | [summary] to write: ReturnValue in ymlStepManual | semmle.label | [summary] to write: ReturnValue in ymlStepManual |
|
||||||
|
| test.cpp:5:5:5:20 | [summary param] 0 in ymlStepGenerated | semmle.label | [summary param] 0 in ymlStepGenerated |
|
||||||
|
| test.cpp:5:5:5:20 | [summary] to write: ReturnValue in ymlStepGenerated | semmle.label | [summary] to write: ReturnValue in ymlStepGenerated |
|
||||||
|
| test.cpp:6:5:6:27 | [summary param] 0 in ymlStepManual_with_body | semmle.label | [summary param] 0 in ymlStepManual_with_body |
|
||||||
|
| test.cpp:6:5:6:27 | [summary] to write: ReturnValue in ymlStepManual_with_body | semmle.label | [summary] to write: ReturnValue in ymlStepManual_with_body |
|
||||||
| test.cpp:7:5:7:30 | *ymlStepGenerated_with_body | semmle.label | *ymlStepGenerated_with_body |
|
| test.cpp:7:5:7:30 | *ymlStepGenerated_with_body | semmle.label | *ymlStepGenerated_with_body |
|
||||||
| test.cpp:7:47:7:52 | value2 | semmle.label | value2 |
|
| test.cpp:7:47:7:52 | value2 | semmle.label | value2 |
|
||||||
| test.cpp:7:64:7:69 | value2 | semmle.label | value2 |
|
| test.cpp:7:64:7:69 | value2 | semmle.label | value2 |
|
||||||
@@ -403,10 +483,20 @@ nodes
|
|||||||
| test.cpp:47:12:47:19 | *arg [x] | semmle.label | *arg [x] |
|
| test.cpp:47:12:47:19 | *arg [x] | semmle.label | *arg [x] |
|
||||||
| test.cpp:48:13:48:13 | *s [x] | semmle.label | *s [x] |
|
| test.cpp:48:13:48:13 | *s [x] | semmle.label | *s [x] |
|
||||||
| test.cpp:48:16:48:16 | x | semmle.label | x |
|
| test.cpp:48:16:48:16 | x | semmle.label | x |
|
||||||
|
| test.cpp:52:5:52:18 | [summary param] *3 in pthread_create [x] | semmle.label | [summary param] *3 in pthread_create [x] |
|
||||||
|
| test.cpp:52:5:52:18 | [summary] to write: Argument[2].Parameter[*0] in pthread_create [x] | semmle.label | [summary] to write: Argument[2].Parameter[*0] in pthread_create [x] |
|
||||||
| test.cpp:56:2:56:2 | *s [post update] [x] | semmle.label | *s [post update] [x] |
|
| test.cpp:56:2:56:2 | *s [post update] [x] | semmle.label | *s [post update] [x] |
|
||||||
| test.cpp:56:2:56:18 | ... = ... | semmle.label | ... = ... |
|
| test.cpp:56:2:56:18 | ... = ... | semmle.label | ... = ... |
|
||||||
| test.cpp:56:8:56:16 | call to ymlSource | semmle.label | call to ymlSource |
|
| test.cpp:56:8:56:16 | call to ymlSource | semmle.label | call to ymlSource |
|
||||||
| test.cpp:59:55:59:64 | *& ... [x] | semmle.label | *& ... [x] |
|
| test.cpp:59:55:59:64 | *& ... [x] | semmle.label | *& ... [x] |
|
||||||
|
| test.cpp:63:6:63:21 | [summary param] 1 in callWithArgument | semmle.label | [summary param] 1 in callWithArgument |
|
||||||
|
| test.cpp:63:6:63:21 | [summary param] 1 in callWithArgument | semmle.label | [summary param] 1 in callWithArgument |
|
||||||
|
| test.cpp:63:6:63:21 | [summary param] 1 in callWithArgument | semmle.label | [summary param] 1 in callWithArgument |
|
||||||
|
| test.cpp:63:6:63:21 | [summary param] 1 in callWithArgument | semmle.label | [summary param] 1 in callWithArgument |
|
||||||
|
| test.cpp:63:6:63:21 | [summary] to write: Argument[0].Parameter[0] in callWithArgument | semmle.label | [summary] to write: Argument[0].Parameter[0] in callWithArgument |
|
||||||
|
| test.cpp:63:6:63:21 | [summary] to write: Argument[0].Parameter[0] in callWithArgument | semmle.label | [summary] to write: Argument[0].Parameter[0] in callWithArgument |
|
||||||
|
| test.cpp:63:6:63:21 | [summary] to write: Argument[0].Parameter[0] in callWithArgument | semmle.label | [summary] to write: Argument[0].Parameter[0] in callWithArgument |
|
||||||
|
| test.cpp:63:6:63:21 | [summary] to write: Argument[0].Parameter[0] in callWithArgument | semmle.label | [summary] to write: Argument[0].Parameter[0] in callWithArgument |
|
||||||
| test.cpp:68:22:68:22 | y | semmle.label | y |
|
| test.cpp:68:22:68:22 | y | semmle.label | y |
|
||||||
| test.cpp:69:11:69:11 | y | semmle.label | y |
|
| test.cpp:69:11:69:11 | y | semmle.label | y |
|
||||||
| test.cpp:74:22:74:22 | y | semmle.label | y |
|
| test.cpp:74:22:74:22 | y | semmle.label | y |
|
||||||
@@ -421,18 +511,28 @@ nodes
|
|||||||
| test.cpp:101:26:101:26 | x | semmle.label | x |
|
| test.cpp:101:26:101:26 | x | semmle.label | x |
|
||||||
| test.cpp:103:63:103:63 | x | semmle.label | x |
|
| test.cpp:103:63:103:63 | x | semmle.label | x |
|
||||||
| test.cpp:104:62:104:62 | x | semmle.label | x |
|
| test.cpp:104:62:104:62 | x | semmle.label | x |
|
||||||
|
| test.cpp:111:3:111:25 | [summary param] *0 in callWithNonTypeTemplate | semmle.label | [summary param] *0 in callWithNonTypeTemplate |
|
||||||
|
| test.cpp:111:3:111:25 | [summary] to write: ReturnValue in callWithNonTypeTemplate | semmle.label | [summary] to write: ReturnValue in callWithNonTypeTemplate |
|
||||||
| test.cpp:114:10:114:18 | call to ymlSource | semmle.label | call to ymlSource |
|
| test.cpp:114:10:114:18 | call to ymlSource | semmle.label | call to ymlSource |
|
||||||
| test.cpp:114:10:114:18 | call to ymlSource | semmle.label | call to ymlSource |
|
| test.cpp:114:10:114:18 | call to ymlSource | semmle.label | call to ymlSource |
|
||||||
| test.cpp:118:11:118:42 | call to callWithNonTypeTemplate | semmle.label | call to callWithNonTypeTemplate |
|
| test.cpp:118:11:118:42 | call to callWithNonTypeTemplate | semmle.label | call to callWithNonTypeTemplate |
|
||||||
| test.cpp:118:11:118:42 | call to callWithNonTypeTemplate | semmle.label | call to callWithNonTypeTemplate |
|
| test.cpp:118:11:118:42 | call to callWithNonTypeTemplate | semmle.label | call to callWithNonTypeTemplate |
|
||||||
| test.cpp:118:44:118:44 | *x | semmle.label | *x |
|
| test.cpp:118:44:118:44 | *x | semmle.label | *x |
|
||||||
| test.cpp:119:10:119:11 | y2 | semmle.label | y2 |
|
| test.cpp:119:10:119:11 | y2 | semmle.label | y2 |
|
||||||
|
| test.cpp:125:5:125:20 | [summary param] 0 in templateFunction | semmle.label | [summary param] 0 in templateFunction |
|
||||||
|
| test.cpp:125:5:125:20 | [summary] to write: ReturnValue in templateFunction | semmle.label | [summary] to write: ReturnValue in templateFunction |
|
||||||
|
| test.cpp:128:5:128:21 | [summary param] 1 in templateFunction2 | semmle.label | [summary param] 1 in templateFunction2 |
|
||||||
|
| test.cpp:128:5:128:21 | [summary] to write: ReturnValue in templateFunction2 | semmle.label | [summary] to write: ReturnValue in templateFunction2 |
|
||||||
| test.cpp:133:10:133:18 | call to ymlSource | semmle.label | call to ymlSource |
|
| test.cpp:133:10:133:18 | call to ymlSource | semmle.label | call to ymlSource |
|
||||||
| test.cpp:133:10:133:18 | call to ymlSource | semmle.label | call to ymlSource |
|
| test.cpp:133:10:133:18 | call to ymlSource | semmle.label | call to ymlSource |
|
||||||
| test.cpp:134:13:134:43 | call to templateFunction | semmle.label | call to templateFunction |
|
| test.cpp:134:13:134:43 | call to templateFunction | semmle.label | call to templateFunction |
|
||||||
| test.cpp:134:13:134:43 | call to templateFunction | semmle.label | call to templateFunction |
|
| test.cpp:134:13:134:43 | call to templateFunction | semmle.label | call to templateFunction |
|
||||||
| test.cpp:134:45:134:45 | x | semmle.label | x |
|
| test.cpp:134:45:134:45 | x | semmle.label | x |
|
||||||
| test.cpp:135:10:135:10 | y | semmle.label | y |
|
| test.cpp:135:10:135:10 | y | semmle.label | y |
|
||||||
|
| test.cpp:140:4:140:11 | [summary param] 1 in function | semmle.label | [summary param] 1 in function |
|
||||||
|
| test.cpp:140:4:140:11 | [summary param] 1 in function | semmle.label | [summary param] 1 in function |
|
||||||
|
| test.cpp:140:4:140:11 | [summary] to write: ReturnValue in function | semmle.label | [summary] to write: ReturnValue in function |
|
||||||
|
| test.cpp:140:4:140:11 | [summary] to write: ReturnValue in function | semmle.label | [summary] to write: ReturnValue in function |
|
||||||
| test.cpp:146:10:146:18 | call to ymlSource | semmle.label | call to ymlSource |
|
| test.cpp:146:10:146:18 | call to ymlSource | semmle.label | call to ymlSource |
|
||||||
| test.cpp:146:10:146:18 | call to ymlSource | semmle.label | call to ymlSource |
|
| test.cpp:146:10:146:18 | call to ymlSource | semmle.label | call to ymlSource |
|
||||||
| test.cpp:148:10:148:27 | call to function | semmle.label | call to function |
|
| test.cpp:148:10:148:27 | call to function | semmle.label | call to function |
|
||||||
@@ -456,20 +556,8 @@ nodes
|
|||||||
| test.cpp:172:13:172:44 | call to templateFunction3 | semmle.label | call to templateFunction3 |
|
| test.cpp:172:13:172:44 | call to templateFunction3 | semmle.label | call to templateFunction3 |
|
||||||
| test.cpp:172:51:172:51 | x | semmle.label | x |
|
| test.cpp:172:51:172:51 | x | semmle.label | x |
|
||||||
| test.cpp:173:10:173:10 | y | semmle.label | y |
|
| test.cpp:173:10:173:10 | y | semmle.label | y |
|
||||||
| test.cpp:186:2:186:2 | *s [post update] [myField] | semmle.label | *s [post update] [myField] |
|
| windows.cpp:17:8:17:25 | [summary param] *0 in CommandLineToArgvA | semmle.label | [summary param] *0 in CommandLineToArgvA |
|
||||||
| test.cpp:186:2:186:24 | ... = ... | semmle.label | ... = ... |
|
| windows.cpp:17:8:17:25 | [summary] to write: ReturnValue[**] in CommandLineToArgvA | semmle.label | [summary] to write: ReturnValue[**] in CommandLineToArgvA |
|
||||||
| test.cpp:186:14:186:22 | call to ymlSource | semmle.label | call to ymlSource |
|
|
||||||
| test.cpp:187:10:187:31 | call to read_field_from_struct | semmle.label | call to read_field_from_struct |
|
|
||||||
| test.cpp:187:10:187:31 | call to read_field_from_struct | semmle.label | call to read_field_from_struct |
|
|
||||||
| test.cpp:187:33:187:34 | *& ... [myField] | semmle.label | *& ... [myField] |
|
|
||||||
| test.cpp:188:10:188:10 | x | semmle.label | x |
|
|
||||||
| test.cpp:199:2:199:2 | *s [post update] [myField] | semmle.label | *s [post update] [myField] |
|
|
||||||
| test.cpp:199:2:199:24 | ... = ... | semmle.label | ... = ... |
|
|
||||||
| test.cpp:199:14:199:22 | call to ymlSource | semmle.label | call to ymlSource |
|
|
||||||
| test.cpp:200:10:200:33 | call to read_field_from_struct_2 | semmle.label | call to read_field_from_struct_2 |
|
|
||||||
| test.cpp:200:10:200:33 | call to read_field_from_struct_2 | semmle.label | call to read_field_from_struct_2 |
|
|
||||||
| test.cpp:200:35:200:36 | *& ... [myField] | semmle.label | *& ... [myField] |
|
|
||||||
| test.cpp:201:10:201:10 | x | semmle.label | x |
|
|
||||||
| windows.cpp:22:15:22:29 | *call to GetCommandLineA | semmle.label | *call to GetCommandLineA |
|
| windows.cpp:22:15:22:29 | *call to GetCommandLineA | semmle.label | *call to GetCommandLineA |
|
||||||
| windows.cpp:22:15:22:29 | *call to GetCommandLineA | semmle.label | *call to GetCommandLineA |
|
| windows.cpp:22:15:22:29 | *call to GetCommandLineA | semmle.label | *call to GetCommandLineA |
|
||||||
| windows.cpp:24:8:24:11 | * ... | semmle.label | * ... |
|
| windows.cpp:24:8:24:11 | * ... | semmle.label | * ... |
|
||||||
@@ -482,6 +570,14 @@ nodes
|
|||||||
| windows.cpp:36:10:36:13 | * ... | semmle.label | * ... |
|
| windows.cpp:36:10:36:13 | * ... | semmle.label | * ... |
|
||||||
| windows.cpp:39:36:39:38 | GetEnvironmentVariableA output argument | semmle.label | GetEnvironmentVariableA output argument |
|
| windows.cpp:39:36:39:38 | GetEnvironmentVariableA output argument | semmle.label | GetEnvironmentVariableA output argument |
|
||||||
| windows.cpp:41:10:41:13 | * ... | semmle.label | * ... |
|
| windows.cpp:41:10:41:13 | * ... | semmle.label | * ... |
|
||||||
|
| windows.cpp:90:6:90:15 | [summary param] *3 in ReadFileEx [*hEvent] | semmle.label | [summary param] *3 in ReadFileEx [*hEvent] |
|
||||||
|
| windows.cpp:90:6:90:15 | [summary param] *3 in ReadFileEx [hEvent] | semmle.label | [summary param] *3 in ReadFileEx [hEvent] |
|
||||||
|
| windows.cpp:90:6:90:15 | [summary] read: Argument[*3].Field[*hEvent] in ReadFileEx | semmle.label | [summary] read: Argument[*3].Field[*hEvent] in ReadFileEx |
|
||||||
|
| windows.cpp:90:6:90:15 | [summary] read: Argument[*3].Field[hEvent] in ReadFileEx | semmle.label | [summary] read: Argument[*3].Field[hEvent] in ReadFileEx |
|
||||||
|
| windows.cpp:90:6:90:15 | [summary] to write: Argument[4].Parameter[*2] in ReadFileEx [*hEvent] | semmle.label | [summary] to write: Argument[4].Parameter[*2] in ReadFileEx [*hEvent] |
|
||||||
|
| windows.cpp:90:6:90:15 | [summary] to write: Argument[4].Parameter[*2] in ReadFileEx [hEvent] | semmle.label | [summary] to write: Argument[4].Parameter[*2] in ReadFileEx [hEvent] |
|
||||||
|
| windows.cpp:90:6:90:15 | [summary] to write: Argument[4].Parameter[*2].Field[*hEvent] in ReadFileEx | semmle.label | [summary] to write: Argument[4].Parameter[*2].Field[*hEvent] in ReadFileEx |
|
||||||
|
| windows.cpp:90:6:90:15 | [summary] to write: Argument[4].Parameter[*2].Field[hEvent] in ReadFileEx | semmle.label | [summary] to write: Argument[4].Parameter[*2].Field[hEvent] in ReadFileEx |
|
||||||
| windows.cpp:147:16:147:27 | *lpOverlapped [*hEvent] | semmle.label | *lpOverlapped [*hEvent] |
|
| windows.cpp:147:16:147:27 | *lpOverlapped [*hEvent] | semmle.label | *lpOverlapped [*hEvent] |
|
||||||
| windows.cpp:149:18:149:62 | *hEvent | semmle.label | *hEvent |
|
| windows.cpp:149:18:149:62 | *hEvent | semmle.label | *hEvent |
|
||||||
| windows.cpp:149:18:149:62 | *hEvent | semmle.label | *hEvent |
|
| windows.cpp:149:18:149:62 | *hEvent | semmle.label | *hEvent |
|
||||||
@@ -535,6 +631,12 @@ nodes
|
|||||||
| windows.cpp:332:23:332:40 | *call to MapViewOfFileNuma2 | semmle.label | *call to MapViewOfFileNuma2 |
|
| windows.cpp:332:23:332:40 | *call to MapViewOfFileNuma2 | semmle.label | *call to MapViewOfFileNuma2 |
|
||||||
| windows.cpp:333:20:333:52 | *pMapView | semmle.label | *pMapView |
|
| windows.cpp:333:20:333:52 | *pMapView | semmle.label | *pMapView |
|
||||||
| windows.cpp:335:10:335:16 | * ... | semmle.label | * ... |
|
| windows.cpp:335:10:335:16 | * ... | semmle.label | * ... |
|
||||||
|
| windows.cpp:349:8:349:19 | [summary param] *3 in CreateThread [x] | semmle.label | [summary param] *3 in CreateThread [x] |
|
||||||
|
| windows.cpp:349:8:349:19 | [summary] to write: Argument[2].Parameter[*0] in CreateThread [x] | semmle.label | [summary] to write: Argument[2].Parameter[*0] in CreateThread [x] |
|
||||||
|
| windows.cpp:357:8:357:25 | [summary param] *4 in CreateRemoteThread [x] | semmle.label | [summary param] *4 in CreateRemoteThread [x] |
|
||||||
|
| windows.cpp:357:8:357:25 | [summary] to write: Argument[3].Parameter[*0] in CreateRemoteThread [x] | semmle.label | [summary] to write: Argument[3].Parameter[*0] in CreateRemoteThread [x] |
|
||||||
|
| windows.cpp:387:8:387:27 | [summary param] *4 in CreateRemoteThreadEx [x] | semmle.label | [summary param] *4 in CreateRemoteThreadEx [x] |
|
||||||
|
| windows.cpp:387:8:387:27 | [summary] to write: Argument[3].Parameter[*0] in CreateRemoteThreadEx [x] | semmle.label | [summary] to write: Argument[3].Parameter[*0] in CreateRemoteThreadEx [x] |
|
||||||
| windows.cpp:403:26:403:36 | *lpParameter [x] | semmle.label | *lpParameter [x] |
|
| windows.cpp:403:26:403:36 | *lpParameter [x] | semmle.label | *lpParameter [x] |
|
||||||
| windows.cpp:405:10:405:25 | *lpParameter [x] | semmle.label | *lpParameter [x] |
|
| windows.cpp:405:10:405:25 | *lpParameter [x] | semmle.label | *lpParameter [x] |
|
||||||
| windows.cpp:406:8:406:8 | *s [x] | semmle.label | *s [x] |
|
| windows.cpp:406:8:406:8 | *s [x] | semmle.label | *s [x] |
|
||||||
@@ -553,6 +655,27 @@ nodes
|
|||||||
| windows.cpp:439:7:439:8 | *& ... [x] | semmle.label | *& ... [x] |
|
| windows.cpp:439:7:439:8 | *& ... [x] | semmle.label | *& ... [x] |
|
||||||
| windows.cpp:451:7:451:8 | *& ... [x] | semmle.label | *& ... [x] |
|
| windows.cpp:451:7:451:8 | *& ... [x] | semmle.label | *& ... [x] |
|
||||||
| windows.cpp:464:7:464:8 | *& ... [x] | semmle.label | *& ... [x] |
|
| windows.cpp:464:7:464:8 | *& ... [x] | semmle.label | *& ... [x] |
|
||||||
|
| windows.cpp:473:17:473:37 | [summary param] *0 in RtlCopyVolatileMemory [Return] | semmle.label | [summary param] *0 in RtlCopyVolatileMemory [Return] |
|
||||||
|
| windows.cpp:473:17:473:37 | [summary param] *1 in RtlCopyVolatileMemory | semmle.label | [summary param] *1 in RtlCopyVolatileMemory |
|
||||||
|
| windows.cpp:479:17:479:35 | [summary param] *0 in RtlCopyDeviceMemory [Return] | semmle.label | [summary param] *0 in RtlCopyDeviceMemory [Return] |
|
||||||
|
| windows.cpp:479:17:479:35 | [summary param] *1 in RtlCopyDeviceMemory | semmle.label | [summary param] *1 in RtlCopyDeviceMemory |
|
||||||
|
| windows.cpp:485:6:485:18 | [summary param] *0 in RtlCopyMemory [Return] | semmle.label | [summary param] *0 in RtlCopyMemory [Return] |
|
||||||
|
| windows.cpp:485:6:485:18 | [summary param] *1 in RtlCopyMemory | semmle.label | [summary param] *1 in RtlCopyMemory |
|
||||||
|
| windows.cpp:493:6:493:29 | [summary param] *0 in RtlCopyMemoryNonTemporal [Return] | semmle.label | [summary param] *0 in RtlCopyMemoryNonTemporal [Return] |
|
||||||
|
| windows.cpp:493:6:493:29 | [summary param] *1 in RtlCopyMemoryNonTemporal | semmle.label | [summary param] *1 in RtlCopyMemoryNonTemporal |
|
||||||
|
| windows.cpp:510:6:510:25 | [summary param] *0 in RtlCopyUnicodeString [Return] [*Buffer] | semmle.label | [summary param] *0 in RtlCopyUnicodeString [Return] [*Buffer] |
|
||||||
|
| windows.cpp:510:6:510:25 | [summary param] *1 in RtlCopyUnicodeString [*Buffer] | semmle.label | [summary param] *1 in RtlCopyUnicodeString [*Buffer] |
|
||||||
|
| windows.cpp:510:6:510:25 | [summary] read: Argument[*1].Field[*Buffer] in RtlCopyUnicodeString | semmle.label | [summary] read: Argument[*1].Field[*Buffer] in RtlCopyUnicodeString |
|
||||||
|
| windows.cpp:510:6:510:25 | [summary] to write: Argument[*0] in RtlCopyUnicodeString [*Buffer] | semmle.label | [summary] to write: Argument[*0] in RtlCopyUnicodeString [*Buffer] |
|
||||||
|
| windows.cpp:510:6:510:25 | [summary] to write: Argument[*0].Field[*Buffer] in RtlCopyUnicodeString | semmle.label | [summary] to write: Argument[*0].Field[*Buffer] in RtlCopyUnicodeString |
|
||||||
|
| windows.cpp:515:6:515:18 | [summary param] *0 in RtlMoveMemory [Return] | semmle.label | [summary param] *0 in RtlMoveMemory [Return] |
|
||||||
|
| windows.cpp:515:6:515:18 | [summary param] *1 in RtlMoveMemory | semmle.label | [summary param] *1 in RtlMoveMemory |
|
||||||
|
| windows.cpp:521:17:521:37 | [summary param] *0 in RtlMoveVolatileMemory [Return] | semmle.label | [summary param] *0 in RtlMoveVolatileMemory [Return] |
|
||||||
|
| windows.cpp:521:17:521:37 | [summary param] *1 in RtlMoveVolatileMemory | semmle.label | [summary param] *1 in RtlMoveVolatileMemory |
|
||||||
|
| windows.cpp:527:6:527:25 | [summary param] *0 in RtlInitUnicodeString [Return] [*Buffer] | semmle.label | [summary param] *0 in RtlInitUnicodeString [Return] [*Buffer] |
|
||||||
|
| windows.cpp:527:6:527:25 | [summary param] *1 in RtlInitUnicodeString | semmle.label | [summary param] *1 in RtlInitUnicodeString |
|
||||||
|
| windows.cpp:527:6:527:25 | [summary] to write: Argument[*0] in RtlInitUnicodeString [*Buffer] | semmle.label | [summary] to write: Argument[*0] in RtlInitUnicodeString [*Buffer] |
|
||||||
|
| windows.cpp:527:6:527:25 | [summary] to write: Argument[*0].Field[*Buffer] in RtlInitUnicodeString | semmle.label | [summary] to write: Argument[*0].Field[*Buffer] in RtlInitUnicodeString |
|
||||||
| windows.cpp:533:11:533:16 | call to source | semmle.label | call to source |
|
| windows.cpp:533:11:533:16 | call to source | semmle.label | call to source |
|
||||||
| windows.cpp:533:11:533:16 | call to source | semmle.label | call to source |
|
| windows.cpp:533:11:533:16 | call to source | semmle.label | call to source |
|
||||||
| windows.cpp:537:27:537:37 | RtlCopyVolatileMemory output argument | semmle.label | RtlCopyVolatileMemory output argument |
|
| windows.cpp:537:27:537:37 | RtlCopyVolatileMemory output argument | semmle.label | RtlCopyVolatileMemory output argument |
|
||||||
@@ -597,6 +720,8 @@ nodes
|
|||||||
| windows.cpp:671:10:671:16 | * ... | semmle.label | * ... |
|
| windows.cpp:671:10:671:16 | * ... | semmle.label | * ... |
|
||||||
| windows.cpp:673:10:673:29 | * ... | semmle.label | * ... |
|
| windows.cpp:673:10:673:29 | * ... | semmle.label | * ... |
|
||||||
| windows.cpp:675:10:675:27 | * ... | semmle.label | * ... |
|
| windows.cpp:675:10:675:27 | * ... | semmle.label | * ... |
|
||||||
|
| windows.cpp:714:6:714:20 | [summary param] *0 in WinHttpCrackUrl | semmle.label | [summary param] *0 in WinHttpCrackUrl |
|
||||||
|
| windows.cpp:714:6:714:20 | [summary param] *3 in WinHttpCrackUrl [Return] | semmle.label | [summary param] *3 in WinHttpCrackUrl [Return] |
|
||||||
| windows.cpp:728:5:728:28 | ... = ... | semmle.label | ... = ... |
|
| windows.cpp:728:5:728:28 | ... = ... | semmle.label | ... = ... |
|
||||||
| windows.cpp:728:12:728:28 | call to source | semmle.label | call to source |
|
| windows.cpp:728:12:728:28 | call to source | semmle.label | call to source |
|
||||||
| windows.cpp:729:35:729:35 | *x | semmle.label | *x |
|
| windows.cpp:729:35:729:35 | *x | semmle.label | *x |
|
||||||
@@ -625,6 +750,30 @@ nodes
|
|||||||
| windows.cpp:939:10:939:11 | * ... | semmle.label | * ... |
|
| windows.cpp:939:10:939:11 | * ... | semmle.label | * ... |
|
||||||
| windows.cpp:941:10:941:31 | * ... | semmle.label | * ... |
|
| windows.cpp:941:10:941:31 | * ... | semmle.label | * ... |
|
||||||
subpaths
|
subpaths
|
||||||
|
| asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | asio_streams.cpp:56:18:56:23 | [summary] to write: ReturnValue in buffer | asio_streams.cpp:100:44:100:62 | call to buffer |
|
||||||
|
| azure.cpp:257:5:257:8 | *resp | azure.cpp:113:16:113:19 | [summary param] this in Read | azure.cpp:113:16:113:19 | [summary param] *0 in Read [Return] | azure.cpp:257:16:257:21 | Read output argument |
|
||||||
|
| azure.cpp:262:5:262:8 | *resp | azure.cpp:114:16:114:26 | [summary param] this in ReadToCount | azure.cpp:114:16:114:26 | [summary param] *0 in ReadToCount [Return] | azure.cpp:262:23:262:28 | ReadToCount output argument |
|
||||||
|
| azure.cpp:266:38:266:41 | *resp | azure.cpp:115:30:115:38 | [summary param] this in ReadToEnd | azure.cpp:115:30:115:38 | [summary] to write: ReturnValue in ReadToEnd [element] | azure.cpp:266:44:266:52 | call to ReadToEnd [element] |
|
||||||
|
| azure.cpp:282:21:282:23 | *call to get | azure.cpp:115:30:115:38 | [summary param] this in ReadToEnd | azure.cpp:115:30:115:38 | [summary] to write: ReturnValue in ReadToEnd [element] | azure.cpp:282:28:282:36 | call to ReadToEnd [element] |
|
||||||
|
| azure.cpp:289:24:289:56 | call to GetHeader | azure.cpp:62:10:62:14 | [summary param] this in Value | azure.cpp:62:10:62:14 | [summary] to write: ReturnValue[*] in Value | azure.cpp:289:63:289:65 | call to Value |
|
||||||
|
| test.cpp:17:24:17:24 | x | test.cpp:4:5:4:17 | [summary param] 0 in ymlStepManual | test.cpp:4:5:4:17 | [summary] to write: ReturnValue in ymlStepManual | test.cpp:17:10:17:22 | call to ymlStepManual |
|
||||||
|
| test.cpp:21:27:21:27 | x | test.cpp:5:5:5:20 | [summary param] 0 in ymlStepGenerated | test.cpp:5:5:5:20 | [summary] to write: ReturnValue in ymlStepGenerated | test.cpp:21:10:21:25 | call to ymlStepGenerated |
|
||||||
|
| test.cpp:25:35:25:35 | x | test.cpp:6:5:6:27 | [summary param] 0 in ymlStepManual_with_body | test.cpp:6:5:6:27 | [summary] to write: ReturnValue in ymlStepManual_with_body | test.cpp:25:11:25:33 | call to ymlStepManual_with_body |
|
||||||
| test.cpp:32:41:32:41 | x | test.cpp:7:47:7:52 | value2 | test.cpp:7:5:7:30 | *ymlStepGenerated_with_body | test.cpp:32:11:32:36 | call to ymlStepGenerated_with_body |
|
| test.cpp:32:41:32:41 | x | test.cpp:7:47:7:52 | value2 | test.cpp:7:5:7:30 | *ymlStepGenerated_with_body | test.cpp:32:11:32:36 | call to ymlStepGenerated_with_body |
|
||||||
|
| test.cpp:118:44:118:44 | *x | test.cpp:111:3:111:25 | [summary param] *0 in callWithNonTypeTemplate | test.cpp:111:3:111:25 | [summary] to write: ReturnValue in callWithNonTypeTemplate | test.cpp:118:11:118:42 | call to callWithNonTypeTemplate |
|
||||||
|
| test.cpp:134:45:134:45 | x | test.cpp:125:5:125:20 | [summary param] 0 in templateFunction | test.cpp:125:5:125:20 | [summary] to write: ReturnValue in templateFunction | test.cpp:134:13:134:43 | call to templateFunction |
|
||||||
|
| test.cpp:148:26:148:26 | x | test.cpp:140:4:140:11 | [summary param] 1 in function | test.cpp:140:4:140:11 | [summary] to write: ReturnValue in function | test.cpp:148:10:148:27 | call to function |
|
||||||
|
| test.cpp:157:26:157:26 | x | test.cpp:140:4:140:11 | [summary param] 1 in function | test.cpp:140:4:140:11 | [summary] to write: ReturnValue in function | test.cpp:157:13:157:20 | call to function |
|
||||||
|
| test.cpp:165:69:165:69 | x | test.cpp:128:5:128:21 | [summary param] 1 in templateFunction2 | test.cpp:128:5:128:21 | [summary] to write: ReturnValue in templateFunction2 | test.cpp:165:12:165:64 | call to templateFunction2 |
|
||||||
| test.cpp:172:51:172:51 | x | test.cpp:164:34:164:34 | x | test.cpp:164:7:164:7 | *templateFunction3 | test.cpp:172:13:172:44 | call to templateFunction3 |
|
| test.cpp:172:51:172:51 | x | test.cpp:164:34:164:34 | x | test.cpp:164:7:164:7 | *templateFunction3 | test.cpp:172:13:172:44 | call to templateFunction3 |
|
||||||
|
| windows.cpp:27:36:27:38 | *cmd | windows.cpp:17:8:17:25 | [summary param] *0 in CommandLineToArgvA | windows.cpp:17:8:17:25 | [summary] to write: ReturnValue[**] in CommandLineToArgvA | windows.cpp:27:17:27:34 | **call to CommandLineToArgvA |
|
||||||
|
| windows.cpp:537:40:537:41 | *& ... | windows.cpp:473:17:473:37 | [summary param] *1 in RtlCopyVolatileMemory | windows.cpp:473:17:473:37 | [summary param] *0 in RtlCopyVolatileMemory [Return] | windows.cpp:537:27:537:37 | RtlCopyVolatileMemory output argument |
|
||||||
|
| windows.cpp:542:38:542:39 | *& ... | windows.cpp:479:17:479:35 | [summary param] *1 in RtlCopyDeviceMemory | windows.cpp:479:17:479:35 | [summary param] *0 in RtlCopyDeviceMemory [Return] | windows.cpp:542:25:542:35 | RtlCopyDeviceMemory output argument |
|
||||||
|
| windows.cpp:547:32:547:33 | *& ... | windows.cpp:485:6:485:18 | [summary param] *1 in RtlCopyMemory | windows.cpp:485:6:485:18 | [summary param] *0 in RtlCopyMemory [Return] | windows.cpp:547:19:547:29 | RtlCopyMemory output argument |
|
||||||
|
| windows.cpp:552:43:552:44 | *& ... | windows.cpp:493:6:493:29 | [summary param] *1 in RtlCopyMemoryNonTemporal | windows.cpp:493:6:493:29 | [summary param] *0 in RtlCopyMemoryNonTemporal [Return] | windows.cpp:552:30:552:40 | RtlCopyMemoryNonTemporal output argument |
|
||||||
|
| windows.cpp:561:39:561:44 | *buffer | windows.cpp:527:6:527:25 | [summary param] *1 in RtlInitUnicodeString | windows.cpp:527:6:527:25 | [summary param] *0 in RtlInitUnicodeString [Return] [*Buffer] | windows.cpp:561:26:561:36 | RtlInitUnicodeString output argument [*Buffer] |
|
||||||
|
| windows.cpp:563:40:563:50 | *& ... [*Buffer] | windows.cpp:510:6:510:25 | [summary param] *1 in RtlCopyUnicodeString [*Buffer] | windows.cpp:510:6:510:25 | [summary param] *0 in RtlCopyUnicodeString [Return] [*Buffer] | windows.cpp:563:26:563:37 | RtlCopyUnicodeString output argument [*Buffer] |
|
||||||
|
| windows.cpp:568:32:568:33 | *& ... | windows.cpp:515:6:515:18 | [summary param] *1 in RtlMoveMemory | windows.cpp:515:6:515:18 | [summary param] *0 in RtlMoveMemory [Return] | windows.cpp:568:19:568:29 | RtlMoveMemory output argument |
|
||||||
|
| windows.cpp:573:40:573:41 | *& ... | windows.cpp:521:17:521:37 | [summary param] *1 in RtlMoveVolatileMemory | windows.cpp:521:17:521:37 | [summary param] *0 in RtlMoveVolatileMemory [Return] | windows.cpp:573:27:573:37 | RtlMoveVolatileMemory output argument |
|
||||||
|
| windows.cpp:729:35:729:35 | *x | windows.cpp:714:6:714:20 | [summary param] *0 in WinHttpCrackUrl | windows.cpp:714:6:714:20 | [summary param] *3 in WinHttpCrackUrl [Return] | windows.cpp:729:44:729:57 | WinHttpCrackUrl output argument |
|
||||||
testFailures
|
testFailures
|
||||||
|
|||||||
@@ -22,5 +22,3 @@ extensions:
|
|||||||
- ["", "TemplateClass1<T>", False, "templateFunction<U>", "(T,U)", "", "Argument[0]", "ReturnValue", "value", "manual"]
|
- ["", "TemplateClass1<T>", False, "templateFunction<U>", "(T,U)", "", "Argument[0]", "ReturnValue", "value", "manual"]
|
||||||
- ["", "TemplateClass1", True, "templateFunction2<U,V>", "(U,V)", "", "Argument[1]", "ReturnValue", "value", "manual"]
|
- ["", "TemplateClass1", True, "templateFunction2<U,V>", "(U,V)", "", "Argument[1]", "ReturnValue", "value", "manual"]
|
||||||
- ["", "TemplateClass2<T,U>", True, "function", "(U,T)", "", "Argument[1]", "ReturnValue", "value", "manual"]
|
- ["", "TemplateClass2<T,U>", True, "function", "(U,T)", "", "Argument[1]", "ReturnValue", "value", "manual"]
|
||||||
- ["", "", False, "read_field_from_struct", "", "", "Argument[*0].Field[MyNamespace::MyStructInNamespace::myField]", "ReturnValue", "value", "manual"]
|
|
||||||
- ["", "", False, "read_field_from_struct_2", "", "", "Argument[*0].Field[MyGlobalStruct::myField]", "ReturnValue", "value", "manual"]
|
|
||||||
@@ -19,5 +19,3 @@
|
|||||||
| test.cpp:149:10:149:10 | z | test-sink |
|
| test.cpp:149:10:149:10 | z | test-sink |
|
||||||
| test.cpp:158:10:158:10 | z | test-sink |
|
| test.cpp:158:10:158:10 | z | test-sink |
|
||||||
| test.cpp:173:10:173:10 | y | test-sink |
|
| test.cpp:173:10:173:10 | y | test-sink |
|
||||||
| test.cpp:188:10:188:10 | x | test-sink |
|
|
||||||
| test.cpp:201:10:201:10 | x | test-sink |
|
|
||||||
|
|||||||
@@ -13,8 +13,6 @@
|
|||||||
| test.cpp:146:10:146:18 | call to ymlSource | local |
|
| test.cpp:146:10:146:18 | call to ymlSource | local |
|
||||||
| test.cpp:155:10:155:18 | call to ymlSource | local |
|
| test.cpp:155:10:155:18 | call to ymlSource | local |
|
||||||
| test.cpp:170:10:170:18 | call to ymlSource | local |
|
| test.cpp:170:10:170:18 | call to ymlSource | local |
|
||||||
| test.cpp:186:14:186:22 | call to ymlSource | local |
|
|
||||||
| test.cpp:199:14:199:22 | call to ymlSource | local |
|
|
||||||
| windows.cpp:22:15:22:29 | *call to GetCommandLineA | local |
|
| windows.cpp:22:15:22:29 | *call to GetCommandLineA | local |
|
||||||
| windows.cpp:34:17:34:38 | *call to GetEnvironmentStringsA | local |
|
| windows.cpp:34:17:34:38 | *call to GetEnvironmentStringsA | local |
|
||||||
| windows.cpp:39:36:39:38 | GetEnvironmentVariableA output argument | local |
|
| windows.cpp:39:36:39:38 | GetEnvironmentVariableA output argument | local |
|
||||||
|
|||||||
@@ -172,31 +172,3 @@ void test_class1() {
|
|||||||
auto y = c.templateFunction3<unsigned long>(0UL, x);
|
auto y = c.templateFunction3<unsigned long>(0UL, x);
|
||||||
ymlSink(y); // $ ir
|
ymlSink(y); // $ ir
|
||||||
}
|
}
|
||||||
|
|
||||||
namespace MyNamespace {
|
|
||||||
struct MyStructInNamespace {
|
|
||||||
int myField;
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
||||||
int read_field_from_struct(MyNamespace::MyStructInNamespace* s);
|
|
||||||
|
|
||||||
void test_fully_qualified_field_test() {
|
|
||||||
MyNamespace::MyStructInNamespace s;
|
|
||||||
s.myField = ymlSource();
|
|
||||||
int x = read_field_from_struct(&s);
|
|
||||||
ymlSink(x); // $ ir
|
|
||||||
}
|
|
||||||
|
|
||||||
struct MyGlobalStruct {
|
|
||||||
int myField;
|
|
||||||
};
|
|
||||||
|
|
||||||
int read_field_from_struct_2(MyGlobalStruct* s);
|
|
||||||
|
|
||||||
void test_fully_qualified_field_test_2() {
|
|
||||||
MyGlobalStruct s;
|
|
||||||
s.myField = ymlSource();
|
|
||||||
int x = read_field_from_struct_2(&s);
|
|
||||||
ymlSink(x); // $ ir
|
|
||||||
}
|
|
||||||
@@ -321,23 +321,23 @@ flowSummaryNode
|
|||||||
| tests.cpp:155:5:155:28 | [summary param] 2 in madAndImplementedComplex | ParameterNode | madAndImplementedComplex | madAndImplementedComplex |
|
| tests.cpp:155:5:155:28 | [summary param] 2 in madAndImplementedComplex | ParameterNode | madAndImplementedComplex | madAndImplementedComplex |
|
||||||
| tests.cpp:155:5:155:28 | [summary] to write: ReturnValue in madAndImplementedComplex | ReturnNode | madAndImplementedComplex | madAndImplementedComplex |
|
| tests.cpp:155:5:155:28 | [summary] to write: ReturnValue in madAndImplementedComplex | ReturnNode | madAndImplementedComplex | madAndImplementedComplex |
|
||||||
| tests.cpp:160:5:160:24 | [summary param] 0 in madArg0FieldToReturn | ParameterNode | madArg0FieldToReturn | madArg0FieldToReturn |
|
| tests.cpp:160:5:160:24 | [summary param] 0 in madArg0FieldToReturn | ParameterNode | madArg0FieldToReturn | madArg0FieldToReturn |
|
||||||
| tests.cpp:160:5:160:24 | [summary] read: Argument[0].Field[MyContainer::value]/Field[value] in madArg0FieldToReturn | | madArg0FieldToReturn | madArg0FieldToReturn |
|
| tests.cpp:160:5:160:24 | [summary] read: Argument[0].Field[value] in madArg0FieldToReturn | | madArg0FieldToReturn | madArg0FieldToReturn |
|
||||||
| tests.cpp:160:5:160:24 | [summary] to write: ReturnValue in madArg0FieldToReturn | ReturnNode | madArg0FieldToReturn | madArg0FieldToReturn |
|
| tests.cpp:160:5:160:24 | [summary] to write: ReturnValue in madArg0FieldToReturn | ReturnNode | madArg0FieldToReturn | madArg0FieldToReturn |
|
||||||
| tests.cpp:161:5:161:32 | [summary param] *0 in madArg0IndirectFieldToReturn | ParameterNode | madArg0IndirectFieldToReturn | madArg0IndirectFieldToReturn |
|
| tests.cpp:161:5:161:32 | [summary param] *0 in madArg0IndirectFieldToReturn | ParameterNode | madArg0IndirectFieldToReturn | madArg0IndirectFieldToReturn |
|
||||||
| tests.cpp:161:5:161:32 | [summary] read: Argument[*0].Field[MyContainer::value]/Field[value] in madArg0IndirectFieldToReturn | | madArg0IndirectFieldToReturn | madArg0IndirectFieldToReturn |
|
| tests.cpp:161:5:161:32 | [summary] read: Argument[*0].Field[value] in madArg0IndirectFieldToReturn | | madArg0IndirectFieldToReturn | madArg0IndirectFieldToReturn |
|
||||||
| tests.cpp:161:5:161:32 | [summary] to write: ReturnValue in madArg0IndirectFieldToReturn | ReturnNode | madArg0IndirectFieldToReturn | madArg0IndirectFieldToReturn |
|
| tests.cpp:161:5:161:32 | [summary] to write: ReturnValue in madArg0IndirectFieldToReturn | ReturnNode | madArg0IndirectFieldToReturn | madArg0IndirectFieldToReturn |
|
||||||
| tests.cpp:162:5:162:32 | [summary param] 0 in madArg0FieldIndirectToReturn | ParameterNode | madArg0FieldIndirectToReturn | madArg0FieldIndirectToReturn |
|
| tests.cpp:162:5:162:32 | [summary param] 0 in madArg0FieldIndirectToReturn | ParameterNode | madArg0FieldIndirectToReturn | madArg0FieldIndirectToReturn |
|
||||||
| tests.cpp:162:5:162:32 | [summary] read: Argument[0].Field[*MyContainer::ptr]/Field[*ptr] in madArg0FieldIndirectToReturn | | madArg0FieldIndirectToReturn | madArg0FieldIndirectToReturn |
|
| tests.cpp:162:5:162:32 | [summary] read: Argument[0].Field[*ptr] in madArg0FieldIndirectToReturn | | madArg0FieldIndirectToReturn | madArg0FieldIndirectToReturn |
|
||||||
| tests.cpp:162:5:162:32 | [summary] to write: ReturnValue in madArg0FieldIndirectToReturn | ReturnNode | madArg0FieldIndirectToReturn | madArg0FieldIndirectToReturn |
|
| tests.cpp:162:5:162:32 | [summary] to write: ReturnValue in madArg0FieldIndirectToReturn | ReturnNode | madArg0FieldIndirectToReturn | madArg0FieldIndirectToReturn |
|
||||||
| tests.cpp:163:13:163:32 | [summary param] 0 in madArg0ToReturnField | ParameterNode | madArg0ToReturnField | madArg0ToReturnField |
|
| tests.cpp:163:13:163:32 | [summary param] 0 in madArg0ToReturnField | ParameterNode | madArg0ToReturnField | madArg0ToReturnField |
|
||||||
| tests.cpp:163:13:163:32 | [summary] to write: ReturnValue in madArg0ToReturnField | ReturnNode | madArg0ToReturnField | madArg0ToReturnField |
|
| tests.cpp:163:13:163:32 | [summary] to write: ReturnValue in madArg0ToReturnField | ReturnNode | madArg0ToReturnField | madArg0ToReturnField |
|
||||||
| tests.cpp:163:13:163:32 | [summary] to write: ReturnValue.Field[MyContainer::value]/Field[value] in madArg0ToReturnField | | madArg0ToReturnField | madArg0ToReturnField |
|
| tests.cpp:163:13:163:32 | [summary] to write: ReturnValue.Field[value] in madArg0ToReturnField | | madArg0ToReturnField | madArg0ToReturnField |
|
||||||
| tests.cpp:164:14:164:41 | [summary param] 0 in madArg0ToReturnIndirectField | ParameterNode | madArg0ToReturnIndirectField | madArg0ToReturnIndirectField |
|
| tests.cpp:164:14:164:41 | [summary param] 0 in madArg0ToReturnIndirectField | ParameterNode | madArg0ToReturnIndirectField | madArg0ToReturnIndirectField |
|
||||||
| tests.cpp:164:14:164:41 | [summary] to write: ReturnValue[*] in madArg0ToReturnIndirectField | ReturnNode | madArg0ToReturnIndirectField | madArg0ToReturnIndirectField |
|
| tests.cpp:164:14:164:41 | [summary] to write: ReturnValue[*] in madArg0ToReturnIndirectField | ReturnNode | madArg0ToReturnIndirectField | madArg0ToReturnIndirectField |
|
||||||
| tests.cpp:164:14:164:41 | [summary] to write: ReturnValue[*].Field[MyContainer::value]/Field[value] in madArg0ToReturnIndirectField | | madArg0ToReturnIndirectField | madArg0ToReturnIndirectField |
|
| tests.cpp:164:14:164:41 | [summary] to write: ReturnValue[*].Field[value] in madArg0ToReturnIndirectField | | madArg0ToReturnIndirectField | madArg0ToReturnIndirectField |
|
||||||
| tests.cpp:165:13:165:40 | [summary param] 0 in madArg0ToReturnFieldIndirect | ParameterNode | madArg0ToReturnFieldIndirect | madArg0ToReturnFieldIndirect |
|
| tests.cpp:165:13:165:40 | [summary param] 0 in madArg0ToReturnFieldIndirect | ParameterNode | madArg0ToReturnFieldIndirect | madArg0ToReturnFieldIndirect |
|
||||||
| tests.cpp:165:13:165:40 | [summary] to write: ReturnValue in madArg0ToReturnFieldIndirect | ReturnNode | madArg0ToReturnFieldIndirect | madArg0ToReturnFieldIndirect |
|
| tests.cpp:165:13:165:40 | [summary] to write: ReturnValue in madArg0ToReturnFieldIndirect | ReturnNode | madArg0ToReturnFieldIndirect | madArg0ToReturnFieldIndirect |
|
||||||
| tests.cpp:165:13:165:40 | [summary] to write: ReturnValue.Field[*MyContainer::ptr]/Field[*ptr] in madArg0ToReturnFieldIndirect | | madArg0ToReturnFieldIndirect | madArg0ToReturnFieldIndirect |
|
| tests.cpp:165:13:165:40 | [summary] to write: ReturnValue.Field[*ptr] in madArg0ToReturnFieldIndirect | | madArg0ToReturnFieldIndirect | madArg0ToReturnFieldIndirect |
|
||||||
| tests.cpp:284:7:284:19 | [summary param] 0 in madArg0ToSelf | ParameterNode | madArg0ToSelf | madArg0ToSelf |
|
| tests.cpp:284:7:284:19 | [summary param] 0 in madArg0ToSelf | ParameterNode | madArg0ToSelf | madArg0ToSelf |
|
||||||
| tests.cpp:284:7:284:19 | [summary param] this in madArg0ToSelf | ParameterNode | madArg0ToSelf | madArg0ToSelf |
|
| tests.cpp:284:7:284:19 | [summary param] this in madArg0ToSelf | ParameterNode | madArg0ToSelf | madArg0ToSelf |
|
||||||
| tests.cpp:284:7:284:19 | [summary] to write: Argument[this] in madArg0ToSelf | PostUpdateNode | madArg0ToSelf | madArg0ToSelf |
|
| tests.cpp:284:7:284:19 | [summary] to write: Argument[this] in madArg0ToSelf | PostUpdateNode | madArg0ToSelf | madArg0ToSelf |
|
||||||
@@ -346,9 +346,9 @@ flowSummaryNode
|
|||||||
| tests.cpp:287:7:287:20 | [summary param] 0 in madArg0ToField | ParameterNode | madArg0ToField | madArg0ToField |
|
| tests.cpp:287:7:287:20 | [summary param] 0 in madArg0ToField | ParameterNode | madArg0ToField | madArg0ToField |
|
||||||
| tests.cpp:287:7:287:20 | [summary param] this in madArg0ToField | ParameterNode | madArg0ToField | madArg0ToField |
|
| tests.cpp:287:7:287:20 | [summary param] this in madArg0ToField | ParameterNode | madArg0ToField | madArg0ToField |
|
||||||
| tests.cpp:287:7:287:20 | [summary] to write: Argument[this] in madArg0ToField | PostUpdateNode | madArg0ToField | madArg0ToField |
|
| tests.cpp:287:7:287:20 | [summary] to write: Argument[this] in madArg0ToField | PostUpdateNode | madArg0ToField | madArg0ToField |
|
||||||
| tests.cpp:287:7:287:20 | [summary] to write: Argument[this].Field[MyClass::val]/Field[val] in madArg0ToField | | madArg0ToField | madArg0ToField |
|
| tests.cpp:287:7:287:20 | [summary] to write: Argument[this].Field[val] in madArg0ToField | | madArg0ToField | madArg0ToField |
|
||||||
| tests.cpp:288:6:288:21 | [summary param] this in madFieldToReturn | ParameterNode | madFieldToReturn | madFieldToReturn |
|
| tests.cpp:288:6:288:21 | [summary param] this in madFieldToReturn | ParameterNode | madFieldToReturn | madFieldToReturn |
|
||||||
| tests.cpp:288:6:288:21 | [summary] read: Argument[this].Field[MyClass::val]/Field[val] in madFieldToReturn | | madFieldToReturn | madFieldToReturn |
|
| tests.cpp:288:6:288:21 | [summary] read: Argument[this].Field[val] in madFieldToReturn | | madFieldToReturn | madFieldToReturn |
|
||||||
| tests.cpp:288:6:288:21 | [summary] to write: ReturnValue in madFieldToReturn | ReturnNode | madFieldToReturn | madFieldToReturn |
|
| tests.cpp:288:6:288:21 | [summary] to write: ReturnValue in madFieldToReturn | ReturnNode | madFieldToReturn | madFieldToReturn |
|
||||||
| tests.cpp:313:7:313:30 | [summary param] this in namespaceMadSelfToReturn | ParameterNode | namespaceMadSelfToReturn | namespaceMadSelfToReturn |
|
| tests.cpp:313:7:313:30 | [summary param] this in namespaceMadSelfToReturn | ParameterNode | namespaceMadSelfToReturn | namespaceMadSelfToReturn |
|
||||||
| tests.cpp:313:7:313:30 | [summary] to write: ReturnValue in namespaceMadSelfToReturn | ReturnNode | namespaceMadSelfToReturn | namespaceMadSelfToReturn |
|
| tests.cpp:313:7:313:30 | [summary] to write: ReturnValue in namespaceMadSelfToReturn | ReturnNode | namespaceMadSelfToReturn | namespaceMadSelfToReturn |
|
||||||
@@ -362,7 +362,7 @@ flowSummaryNode
|
|||||||
| tests.cpp:435:9:435:38 | [summary] read: Argument[0].ReturnValue in madCallArg0ReturnToReturnFirst | OutNode | madCallArg0ReturnToReturnFirst | madCallArg0ReturnToReturnFirst |
|
| tests.cpp:435:9:435:38 | [summary] read: Argument[0].ReturnValue in madCallArg0ReturnToReturnFirst | OutNode | madCallArg0ReturnToReturnFirst | madCallArg0ReturnToReturnFirst |
|
||||||
| tests.cpp:435:9:435:38 | [summary] to write: Argument[0].Parameter[this pointer] in madCallArg0ReturnToReturnFirst | ArgumentNode | madCallArg0ReturnToReturnFirst | madCallArg0ReturnToReturnFirst |
|
| tests.cpp:435:9:435:38 | [summary] to write: Argument[0].Parameter[this pointer] in madCallArg0ReturnToReturnFirst | ArgumentNode | madCallArg0ReturnToReturnFirst | madCallArg0ReturnToReturnFirst |
|
||||||
| tests.cpp:435:9:435:38 | [summary] to write: ReturnValue in madCallArg0ReturnToReturnFirst | ReturnNode | madCallArg0ReturnToReturnFirst | madCallArg0ReturnToReturnFirst |
|
| tests.cpp:435:9:435:38 | [summary] to write: ReturnValue in madCallArg0ReturnToReturnFirst | ReturnNode | madCallArg0ReturnToReturnFirst | madCallArg0ReturnToReturnFirst |
|
||||||
| tests.cpp:435:9:435:38 | [summary] to write: ReturnValue.Field[first]/Field[intPair::first] in madCallArg0ReturnToReturnFirst | | madCallArg0ReturnToReturnFirst | madCallArg0ReturnToReturnFirst |
|
| tests.cpp:435:9:435:38 | [summary] to write: ReturnValue.Field[first] in madCallArg0ReturnToReturnFirst | | madCallArg0ReturnToReturnFirst | madCallArg0ReturnToReturnFirst |
|
||||||
| tests.cpp:436:6:436:25 | [summary param] 0 in madCallArg0WithValue | ParameterNode | madCallArg0WithValue | madCallArg0WithValue |
|
| tests.cpp:436:6:436:25 | [summary param] 0 in madCallArg0WithValue | ParameterNode | madCallArg0WithValue | madCallArg0WithValue |
|
||||||
| tests.cpp:436:6:436:25 | [summary param] 1 in madCallArg0WithValue | ParameterNode | madCallArg0WithValue | madCallArg0WithValue |
|
| tests.cpp:436:6:436:25 | [summary param] 1 in madCallArg0WithValue | ParameterNode | madCallArg0WithValue | madCallArg0WithValue |
|
||||||
| tests.cpp:436:6:436:25 | [summary] read: Argument[0].Parameter[0] in madCallArg0WithValue | PostUpdateNode | madCallArg0WithValue | madCallArg0WithValue |
|
| tests.cpp:436:6:436:25 | [summary] read: Argument[0].Parameter[0] in madCallArg0WithValue | PostUpdateNode | madCallArg0WithValue | madCallArg0WithValue |
|
||||||
|
|||||||
@@ -11,10 +11,12 @@ edges
|
|||||||
| nested.cpp:86:19:86:46 | *call to __builtin_alloca | nested.cpp:87:18:87:20 | *fmt | provenance | |
|
| nested.cpp:86:19:86:46 | *call to __builtin_alloca | nested.cpp:87:18:87:20 | *fmt | provenance | |
|
||||||
| test.cpp:46:27:46:30 | **argv | test.cpp:130:20:130:26 | *access to array | provenance | |
|
| test.cpp:46:27:46:30 | **argv | test.cpp:130:20:130:26 | *access to array | provenance | |
|
||||||
| test.cpp:167:31:167:34 | *data | test.cpp:170:12:170:14 | *res | provenance | DataFlowFunction |
|
| test.cpp:167:31:167:34 | *data | test.cpp:170:12:170:14 | *res | provenance | DataFlowFunction |
|
||||||
|
| test.cpp:179:6:179:21 | [summary param] *2 in StringCchPrintfW | test.cpp:179:6:179:21 | [summary param] *0 in StringCchPrintfW [Return] | provenance | MaD:403 |
|
||||||
| test.cpp:193:32:193:34 | *str | test.cpp:195:31:195:33 | *str | provenance | |
|
| test.cpp:193:32:193:34 | *str | test.cpp:195:31:195:33 | *str | provenance | |
|
||||||
| test.cpp:193:32:193:34 | *str | test.cpp:195:31:195:33 | *str | provenance | |
|
| test.cpp:193:32:193:34 | *str | test.cpp:195:31:195:33 | *str | provenance | |
|
||||||
| test.cpp:193:32:193:34 | *str | test.cpp:197:11:197:14 | *wstr | provenance | TaintFunction |
|
| test.cpp:193:32:193:34 | *str | test.cpp:197:11:197:14 | *wstr | provenance | TaintFunction |
|
||||||
| test.cpp:195:20:195:23 | StringCchPrintfW output argument | test.cpp:197:11:197:14 | *wstr | provenance | |
|
| test.cpp:195:20:195:23 | StringCchPrintfW output argument | test.cpp:197:11:197:14 | *wstr | provenance | |
|
||||||
|
| test.cpp:195:31:195:33 | *str | test.cpp:179:6:179:21 | [summary param] *2 in StringCchPrintfW | provenance | |
|
||||||
| test.cpp:195:31:195:33 | *str | test.cpp:195:20:195:23 | StringCchPrintfW output argument | provenance | MaD:403 |
|
| test.cpp:195:31:195:33 | *str | test.cpp:195:20:195:23 | StringCchPrintfW output argument | provenance | MaD:403 |
|
||||||
| test.cpp:204:25:204:36 | *call to get_string | test.cpp:204:25:204:36 | *call to get_string | provenance | |
|
| test.cpp:204:25:204:36 | *call to get_string | test.cpp:204:25:204:36 | *call to get_string | provenance | |
|
||||||
| test.cpp:204:25:204:36 | *call to get_string | test.cpp:205:12:205:20 | *... + ... | provenance | |
|
| test.cpp:204:25:204:36 | *call to get_string | test.cpp:205:12:205:20 | *... + ... | provenance | |
|
||||||
@@ -58,6 +60,8 @@ nodes
|
|||||||
| test.cpp:130:20:130:26 | *access to array | semmle.label | *access to array |
|
| test.cpp:130:20:130:26 | *access to array | semmle.label | *access to array |
|
||||||
| test.cpp:167:31:167:34 | *data | semmle.label | *data |
|
| test.cpp:167:31:167:34 | *data | semmle.label | *data |
|
||||||
| test.cpp:170:12:170:14 | *res | semmle.label | *res |
|
| test.cpp:170:12:170:14 | *res | semmle.label | *res |
|
||||||
|
| test.cpp:179:6:179:21 | [summary param] *0 in StringCchPrintfW [Return] | semmle.label | [summary param] *0 in StringCchPrintfW [Return] |
|
||||||
|
| test.cpp:179:6:179:21 | [summary param] *2 in StringCchPrintfW | semmle.label | [summary param] *2 in StringCchPrintfW |
|
||||||
| test.cpp:193:32:193:34 | *str | semmle.label | *str |
|
| test.cpp:193:32:193:34 | *str | semmle.label | *str |
|
||||||
| test.cpp:195:20:195:23 | StringCchPrintfW output argument | semmle.label | StringCchPrintfW output argument |
|
| test.cpp:195:20:195:23 | StringCchPrintfW output argument | semmle.label | StringCchPrintfW output argument |
|
||||||
| test.cpp:195:31:195:33 | *str | semmle.label | *str |
|
| test.cpp:195:31:195:33 | *str | semmle.label | *str |
|
||||||
@@ -93,6 +97,7 @@ nodes
|
|||||||
| test.cpp:245:25:245:36 | *call to get_string | semmle.label | *call to get_string |
|
| test.cpp:245:25:245:36 | *call to get_string | semmle.label | *call to get_string |
|
||||||
| test.cpp:247:12:247:16 | *hello | semmle.label | *hello |
|
| test.cpp:247:12:247:16 | *hello | semmle.label | *hello |
|
||||||
subpaths
|
subpaths
|
||||||
|
| test.cpp:195:31:195:33 | *str | test.cpp:179:6:179:21 | [summary param] *2 in StringCchPrintfW | test.cpp:179:6:179:21 | [summary param] *0 in StringCchPrintfW [Return] | test.cpp:195:20:195:23 | StringCchPrintfW output argument |
|
||||||
#select
|
#select
|
||||||
| NonConstantFormat.c:30:10:30:16 | *access to array | NonConstantFormat.c:28:27:28:30 | **argv | NonConstantFormat.c:30:10:30:16 | *access to array | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | NonConstantFormat.c:30:3:30:8 | call to printf | printf |
|
| NonConstantFormat.c:30:10:30:16 | *access to array | NonConstantFormat.c:28:27:28:30 | **argv | NonConstantFormat.c:30:10:30:16 | *access to array | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | NonConstantFormat.c:30:3:30:8 | call to printf | printf |
|
||||||
| NonConstantFormat.c:41:9:41:45 | *call to any_random_function | NonConstantFormat.c:41:9:41:45 | *call to any_random_function | NonConstantFormat.c:41:9:41:45 | *call to any_random_function | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | NonConstantFormat.c:41:2:41:7 | call to printf | printf |
|
| NonConstantFormat.c:41:9:41:45 | *call to any_random_function | NonConstantFormat.c:41:9:41:45 | *call to any_random_function | NonConstantFormat.c:41:9:41:45 | *call to any_random_function | The format string argument to $@ has a source which cannot be verified to originate from a string literal. | NonConstantFormat.c:41:2:41:7 | call to printf | printf |
|
||||||
|
|||||||
@@ -33,6 +33,7 @@ edges
|
|||||||
| tests2.cpp:111:14:111:15 | *c1 [*ptr] | tests2.cpp:111:14:111:19 | *ptr | provenance | |
|
| tests2.cpp:111:14:111:15 | *c1 [*ptr] | tests2.cpp:111:14:111:19 | *ptr | provenance | |
|
||||||
| tests2.cpp:111:14:111:15 | *c1 [*ptr] | tests2.cpp:111:17:111:19 | *ptr | provenance | |
|
| tests2.cpp:111:14:111:15 | *c1 [*ptr] | tests2.cpp:111:17:111:19 | *ptr | provenance | |
|
||||||
| tests2.cpp:111:17:111:19 | *ptr | tests2.cpp:111:14:111:19 | *ptr | provenance | |
|
| tests2.cpp:111:17:111:19 | *ptr | tests2.cpp:111:14:111:19 | *ptr | provenance | |
|
||||||
|
| tests2.cpp:120:5:120:21 | [summary param] *1 in zmq_msg_init_data | tests2.cpp:120:5:120:21 | [summary param] *0 in zmq_msg_init_data [Return] | provenance | MaD:4 |
|
||||||
| tests2.cpp:134:2:134:30 | *... = ... | tests2.cpp:138:23:138:34 | *message_data | provenance | Sink:MaD:2 |
|
| tests2.cpp:134:2:134:30 | *... = ... | tests2.cpp:138:23:138:34 | *message_data | provenance | Sink:MaD:2 |
|
||||||
| tests2.cpp:134:2:134:30 | *... = ... | tests2.cpp:143:34:143:45 | *message_data | provenance | |
|
| tests2.cpp:134:2:134:30 | *... = ... | tests2.cpp:143:34:143:45 | *message_data | provenance | |
|
||||||
| tests2.cpp:134:17:134:22 | *call to getenv | tests2.cpp:134:2:134:30 | *... = ... | provenance | |
|
| tests2.cpp:134:17:134:22 | *call to getenv | tests2.cpp:134:2:134:30 | *... = ... | provenance | |
|
||||||
@@ -40,6 +41,7 @@ edges
|
|||||||
| tests2.cpp:143:24:143:31 | zmq_msg_init_data output argument | tests2.cpp:147:20:147:27 | *& ... | provenance | Sink:MaD:1 |
|
| tests2.cpp:143:24:143:31 | zmq_msg_init_data output argument | tests2.cpp:147:20:147:27 | *& ... | provenance | Sink:MaD:1 |
|
||||||
| tests2.cpp:143:24:143:31 | zmq_msg_init_data output argument | tests2.cpp:155:32:155:39 | *& ... | provenance | Sink:MaD:3 |
|
| tests2.cpp:143:24:143:31 | zmq_msg_init_data output argument | tests2.cpp:155:32:155:39 | *& ... | provenance | Sink:MaD:3 |
|
||||||
| tests2.cpp:143:24:143:31 | zmq_msg_init_data output argument | tests2.cpp:158:20:158:27 | *& ... | provenance | Sink:MaD:1 |
|
| tests2.cpp:143:24:143:31 | zmq_msg_init_data output argument | tests2.cpp:158:20:158:27 | *& ... | provenance | Sink:MaD:1 |
|
||||||
|
| tests2.cpp:143:34:143:45 | *message_data | tests2.cpp:120:5:120:21 | [summary param] *1 in zmq_msg_init_data | provenance | |
|
||||||
| tests2.cpp:143:34:143:45 | *message_data | tests2.cpp:143:24:143:31 | zmq_msg_init_data output argument | provenance | MaD:4 |
|
| tests2.cpp:143:34:143:45 | *message_data | tests2.cpp:143:24:143:31 | zmq_msg_init_data output argument | provenance | MaD:4 |
|
||||||
| tests_sockets.cpp:26:15:26:20 | *call to getenv | tests_sockets.cpp:26:15:26:20 | *call to getenv | provenance | |
|
| tests_sockets.cpp:26:15:26:20 | *call to getenv | tests_sockets.cpp:26:15:26:20 | *call to getenv | provenance | |
|
||||||
| tests_sockets.cpp:26:15:26:20 | *call to getenv | tests_sockets.cpp:39:19:39:22 | *path | provenance | |
|
| tests_sockets.cpp:26:15:26:20 | *call to getenv | tests_sockets.cpp:39:19:39:22 | *path | provenance | |
|
||||||
@@ -76,6 +78,8 @@ nodes
|
|||||||
| tests2.cpp:111:14:111:15 | *c1 [*ptr] | semmle.label | *c1 [*ptr] |
|
| tests2.cpp:111:14:111:15 | *c1 [*ptr] | semmle.label | *c1 [*ptr] |
|
||||||
| tests2.cpp:111:14:111:19 | *ptr | semmle.label | *ptr |
|
| tests2.cpp:111:14:111:19 | *ptr | semmle.label | *ptr |
|
||||||
| tests2.cpp:111:17:111:19 | *ptr | semmle.label | *ptr |
|
| tests2.cpp:111:17:111:19 | *ptr | semmle.label | *ptr |
|
||||||
|
| tests2.cpp:120:5:120:21 | [summary param] *0 in zmq_msg_init_data [Return] | semmle.label | [summary param] *0 in zmq_msg_init_data [Return] |
|
||||||
|
| tests2.cpp:120:5:120:21 | [summary param] *1 in zmq_msg_init_data | semmle.label | [summary param] *1 in zmq_msg_init_data |
|
||||||
| tests2.cpp:134:2:134:30 | *... = ... | semmle.label | *... = ... |
|
| tests2.cpp:134:2:134:30 | *... = ... | semmle.label | *... = ... |
|
||||||
| tests2.cpp:134:17:134:22 | *call to getenv | semmle.label | *call to getenv |
|
| tests2.cpp:134:17:134:22 | *call to getenv | semmle.label | *call to getenv |
|
||||||
| tests2.cpp:138:23:138:34 | *message_data | semmle.label | *message_data |
|
| tests2.cpp:138:23:138:34 | *message_data | semmle.label | *message_data |
|
||||||
@@ -96,3 +100,4 @@ nodes
|
|||||||
| tests_sysconf.cpp:36:21:36:27 | confstr output argument | semmle.label | confstr output argument |
|
| tests_sysconf.cpp:36:21:36:27 | confstr output argument | semmle.label | confstr output argument |
|
||||||
| tests_sysconf.cpp:39:19:39:25 | *pathbuf | semmle.label | *pathbuf |
|
| tests_sysconf.cpp:39:19:39:25 | *pathbuf | semmle.label | *pathbuf |
|
||||||
subpaths
|
subpaths
|
||||||
|
| tests2.cpp:143:34:143:45 | *message_data | tests2.cpp:120:5:120:21 | [summary param] *1 in zmq_msg_init_data | tests2.cpp:120:5:120:21 | [summary param] *0 in zmq_msg_init_data [Return] | tests2.cpp:143:24:143:31 | zmq_msg_init_data output argument |
|
||||||
|
|||||||
@@ -88,12 +88,12 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
|
|||||||
private IEnumerable<string> GetFeedsFromNugetConfig(string nugetConfigPath) =>
|
private IEnumerable<string> GetFeedsFromNugetConfig(string nugetConfigPath) =>
|
||||||
GetFeeds(() => dotnet.GetNugetFeeds(nugetConfigPath));
|
GetFeeds(() => dotnet.GetNugetFeeds(nugetConfigPath));
|
||||||
|
|
||||||
public string FeedsToRestoreArgument(IEnumerable<string> feeds, string sourceArgumentPrefix)
|
private string FeedsToRestoreArgument(IEnumerable<string> feeds)
|
||||||
{
|
{
|
||||||
// If there are no feeds, we want to override any default feeds that `restore` would use by passing a dummy source argument.
|
// If there are no feeds, we want to override any default feeds that `dotnet restore` would use by passing a dummy source argument.
|
||||||
if (!feeds.Any())
|
if (!feeds.Any())
|
||||||
{
|
{
|
||||||
return $" {sourceArgumentPrefix} \"{emptyPackageDirectory.DirInfo.FullName}\"";
|
return $" -s \"{emptyPackageDirectory.DirInfo.FullName}\"";
|
||||||
}
|
}
|
||||||
|
|
||||||
// Add package sources. If any are present, they override all sources specified in
|
// Add package sources. If any are present, they override all sources specified in
|
||||||
@@ -101,7 +101,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
|
|||||||
var feedArgs = new StringBuilder();
|
var feedArgs = new StringBuilder();
|
||||||
foreach (var feed in feeds)
|
foreach (var feed in feeds)
|
||||||
{
|
{
|
||||||
feedArgs.Append($" {sourceArgumentPrefix} \"{feed}\"");
|
feedArgs.Append($" -s \"{feed}\"");
|
||||||
}
|
}
|
||||||
|
|
||||||
return feedArgs.ToString();
|
return feedArgs.ToString();
|
||||||
@@ -112,11 +112,17 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
|
|||||||
/// (1) Use the feeds we get from `dotnet nuget list source`
|
/// (1) Use the feeds we get from `dotnet nuget list source`
|
||||||
/// (2) Use private registries, if they are configured
|
/// (2) Use private registries, if they are configured
|
||||||
/// </summary>
|
/// </summary>
|
||||||
/// <param name="path">Path to project/solution/packages.config</param>
|
/// <param name="path">Path to project/solution</param>
|
||||||
/// <param name="reachableFeeds">The set of reachable NuGet feeds.</param>
|
/// <param name="reachableFeeds">The set of reachable NuGet feeds.</param>
|
||||||
/// <returns>The list of NuGet feeds to use for this restore.</returns>
|
/// <returns>A string representing the NuGet sources argument for the restore command.</returns>
|
||||||
public IEnumerable<string> FeedsToUse(string path, HashSet<string> reachableFeeds)
|
public string? MakeRestoreSourcesArgument(string path, HashSet<string> reachableFeeds)
|
||||||
{
|
{
|
||||||
|
// Do not construct a set of explicit NuGet sources to use for restore.
|
||||||
|
if (!CheckNugetFeedResponsiveness && !HasPrivateRegistryFeeds)
|
||||||
|
{
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
// Find the path specific feeds.
|
// Find the path specific feeds.
|
||||||
var folder = GetDirectoryName(path);
|
var folder = GetDirectoryName(path);
|
||||||
var feedsToConsider = folder is not null ? GetFeedsFromFolder(folder).ToHashSet() : new HashSet<string>();
|
var feedsToConsider = folder is not null ? GetFeedsFromFolder(folder).ToHashSet() : new HashSet<string>();
|
||||||
@@ -130,28 +136,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
|
|||||||
? feedsToConsider.Where(reachableFeeds.Contains)
|
? feedsToConsider.Where(reachableFeeds.Contains)
|
||||||
: feedsToConsider;
|
: feedsToConsider;
|
||||||
|
|
||||||
return feedsToUse;
|
return FeedsToRestoreArgument(feedsToUse);
|
||||||
}
|
|
||||||
|
|
||||||
/// <summary>
|
|
||||||
/// Constructs the list of NuGet sources to use for dotnet restore.
|
|
||||||
/// (1) Use the feeds we get from `dotnet nuget list source`
|
|
||||||
/// (2) Use private registries, if they are configured
|
|
||||||
/// </summary>
|
|
||||||
/// <param name="path">Path to project/solution</param>
|
|
||||||
/// <param name="reachableFeeds">The set of reachable NuGet feeds.</param>
|
|
||||||
/// <returns>A string representing the NuGet sources argument for the restore command.</returns>
|
|
||||||
public string? MakeDotnetRestoreSourcesArgument(string path, HashSet<string> reachableFeeds)
|
|
||||||
{
|
|
||||||
// Do not construct a set of explicit NuGet sources to use for restore.
|
|
||||||
if (!CheckNugetFeedResponsiveness && !HasPrivateRegistryFeeds)
|
|
||||||
{
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
|
|
||||||
var feedsToUse = FeedsToUse(path, reachableFeeds);
|
|
||||||
|
|
||||||
return FeedsToRestoreArgument(feedsToUse, "-s");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private (int initialTimeout, int tryCount) GetFeedRequestSettings(bool isFallback)
|
private (int initialTimeout, int tryCount) GetFeedRequestSettings(bool isFallback)
|
||||||
|
|||||||
@@ -110,55 +110,58 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
|
|||||||
logger.LogInfo($"Checking NuGet feed responsiveness: {feedManager.CheckNugetFeedResponsiveness}");
|
logger.LogInfo($"Checking NuGet feed responsiveness: {feedManager.CheckNugetFeedResponsiveness}");
|
||||||
compilationInfoContainer.CompilationInfos.Add(("NuGet feed responsiveness checked", feedManager.CheckNugetFeedResponsiveness ? "1" : "0"));
|
compilationInfoContainer.CompilationInfos.Add(("NuGet feed responsiveness checked", feedManager.CheckNugetFeedResponsiveness ? "1" : "0"));
|
||||||
|
|
||||||
|
HashSet<string> explicitFeeds = [];
|
||||||
HashSet<string> reachableFeeds = [];
|
HashSet<string> reachableFeeds = [];
|
||||||
|
|
||||||
EmitNugetConfigDiagnostics();
|
|
||||||
|
|
||||||
// Find feeds that are configured in NuGet.config files and divide them into ones that
|
|
||||||
// are explicitly configured for the project or by a private registry, and "all feeds"
|
|
||||||
// (including inherited ones) from other locations on the host outside of the working directory.
|
|
||||||
(var explicitFeeds, var allFeeds) = feedManager.GetAllFeeds();
|
|
||||||
|
|
||||||
if (feedManager.CheckNugetFeedResponsiveness)
|
|
||||||
{
|
|
||||||
var inheritedFeeds = allFeeds.Except(explicitFeeds).ToHashSet();
|
|
||||||
|
|
||||||
if (inheritedFeeds.Count > 0)
|
|
||||||
{
|
|
||||||
compilationInfoContainer.CompilationInfos.Add(("Inherited NuGet feed count", inheritedFeeds.Count.ToString()));
|
|
||||||
}
|
|
||||||
|
|
||||||
var timeout = feedManager.CheckSpecifiedFeeds(explicitFeeds, out var reachableExplicitFeeds);
|
|
||||||
reachableFeeds.UnionWith(reachableExplicitFeeds);
|
|
||||||
|
|
||||||
var allExplicitReachable = explicitFeeds.Count == reachableExplicitFeeds.Count;
|
|
||||||
EmitUnreachableFeedsDiagnostics(allExplicitReachable);
|
|
||||||
|
|
||||||
if (timeout)
|
|
||||||
{
|
|
||||||
// If we experience a timeout, we use this fallback.
|
|
||||||
// todo: we could also check the reachability of the inherited nuget feeds, but to use those in the fallback we would need to handle authentication too.
|
|
||||||
var unresponsiveMissingPackageLocation = DownloadMissingPackagesFromSpecificFeeds([], explicitFeeds);
|
|
||||||
return unresponsiveMissingPackageLocation is null
|
|
||||||
? []
|
|
||||||
: [unresponsiveMissingPackageLocation];
|
|
||||||
}
|
|
||||||
|
|
||||||
// Inherited feeds should only be used, if they are indeed reachable (as they may be environment specific).
|
|
||||||
feedManager.CheckSpecifiedFeeds(inheritedFeeds, out var reachableInheritedFeeds);
|
|
||||||
reachableFeeds.UnionWith(reachableInheritedFeeds);
|
|
||||||
}
|
|
||||||
|
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
var packagesConfigRestore = PackagesConfigRestoreFactory.Create(fileProvider, legacyPackageDirectory, logger, feedManager, reachableFeeds);
|
EmitNugetConfigDiagnostics();
|
||||||
var count = packagesConfigRestore.InstallPackages();
|
|
||||||
if (packagesConfigRestore.PackageCount > 0)
|
// Find feeds that are configured in NuGet.config files and divide them into ones that
|
||||||
|
// are explicitly configured for the project or by a private registry, and "all feeds"
|
||||||
|
// (including inherited ones) from other locations on the host outside of the working directory.
|
||||||
|
(explicitFeeds, var allFeeds) = feedManager.GetAllFeeds();
|
||||||
|
|
||||||
|
if (feedManager.CheckNugetFeedResponsiveness)
|
||||||
{
|
{
|
||||||
compilationInfoContainer.CompilationInfos.Add(("packages.config files", packagesConfigRestore.PackageCount.ToString()));
|
var inheritedFeeds = allFeeds.Except(explicitFeeds).ToHashSet();
|
||||||
compilationInfoContainer.CompilationInfos.Add(("Successfully restored packages.config files", count.ToString()));
|
|
||||||
|
if (inheritedFeeds.Count > 0)
|
||||||
|
{
|
||||||
|
compilationInfoContainer.CompilationInfos.Add(("Inherited NuGet feed count", inheritedFeeds.Count.ToString()));
|
||||||
|
}
|
||||||
|
|
||||||
|
var timeout = feedManager.CheckSpecifiedFeeds(explicitFeeds, out var reachableExplicitFeeds);
|
||||||
|
reachableFeeds.UnionWith(reachableExplicitFeeds);
|
||||||
|
|
||||||
|
var allExplicitReachable = explicitFeeds.Count == reachableExplicitFeeds.Count;
|
||||||
|
EmitUnreachableFeedsDiagnostics(allExplicitReachable);
|
||||||
|
|
||||||
|
if (timeout)
|
||||||
|
{
|
||||||
|
// If we experience a timeout, we use this fallback.
|
||||||
|
// todo: we could also check the reachability of the inherited nuget feeds, but to use those in the fallback we would need to handle authentication too.
|
||||||
|
var unresponsiveMissingPackageLocation = DownloadMissingPackagesFromSpecificFeeds([], explicitFeeds);
|
||||||
|
return unresponsiveMissingPackageLocation is null
|
||||||
|
? []
|
||||||
|
: [unresponsiveMissingPackageLocation];
|
||||||
|
}
|
||||||
|
|
||||||
|
// Inherited feeds should only be used, if they are indeed reachable (as they may be environment specific).
|
||||||
|
feedManager.CheckSpecifiedFeeds(inheritedFeeds, out var reachableInheritedFeeds);
|
||||||
|
reachableFeeds.UnionWith(reachableInheritedFeeds);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
using (var packagesConfigRestore = PackagesConfigRestoreFactory.Create(fileProvider, legacyPackageDirectory, logger, feedManager.IsDefaultFeedReachable))
|
||||||
|
{
|
||||||
|
var count = packagesConfigRestore.InstallPackages();
|
||||||
|
|
||||||
|
if (packagesConfigRestore.PackageCount > 0)
|
||||||
|
{
|
||||||
|
compilationInfoContainer.CompilationInfos.Add(("packages.config files", packagesConfigRestore.PackageCount.ToString()));
|
||||||
|
compilationInfoContainer.CompilationInfos.Add(("Successfully restored packages.config files", count.ToString()));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
var nugetPackageDlls = legacyPackageDirectory.DirInfo.GetFiles("*.dll", new EnumerationOptions { RecurseSubdirectories = true });
|
var nugetPackageDlls = legacyPackageDirectory.DirInfo.GetFiles("*.dll", new EnumerationOptions { RecurseSubdirectories = true });
|
||||||
var nugetPackageDllPaths = nugetPackageDlls.Select(f => f.FullName).ToHashSet();
|
var nugetPackageDllPaths = nugetPackageDlls.Select(f => f.FullName).ToHashSet();
|
||||||
@@ -236,7 +239,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
|
|||||||
var projects = fileProvider.Solutions.SelectMany(solution =>
|
var projects = fileProvider.Solutions.SelectMany(solution =>
|
||||||
{
|
{
|
||||||
logger.LogInfo($"Restoring solution {solution}...");
|
logger.LogInfo($"Restoring solution {solution}...");
|
||||||
var nugetSources = feedManager.MakeDotnetRestoreSourcesArgument(solution, reachableFeeds);
|
var nugetSources = feedManager.MakeRestoreSourcesArgument(solution, reachableFeeds);
|
||||||
var res = dotnet.Restore(new(solution, PackageDirectory.DirInfo.FullName, ForceDotnetRefAssemblyFetching: true, NugetSources: nugetSources, TargetWindows: isWindows));
|
var res = dotnet.Restore(new(solution, PackageDirectory.DirInfo.FullName, ForceDotnetRefAssemblyFetching: true, NugetSources: nugetSources, TargetWindows: isWindows));
|
||||||
if (res.Success)
|
if (res.Success)
|
||||||
{
|
{
|
||||||
@@ -285,7 +288,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
|
|||||||
foreach (var project in projectGroup)
|
foreach (var project in projectGroup)
|
||||||
{
|
{
|
||||||
logger.LogInfo($"Restoring project {project}...");
|
logger.LogInfo($"Restoring project {project}...");
|
||||||
var nugetSources = feedManager.MakeDotnetRestoreSourcesArgument(project, reachableFeeds);
|
var nugetSources = feedManager.MakeRestoreSourcesArgument(project, reachableFeeds);
|
||||||
var res = dotnet.Restore(new(project, PackageDirectory.DirInfo.FullName, ForceDotnetRefAssemblyFetching: true, NugetSources: nugetSources, TargetWindows: isWindows));
|
var res = dotnet.Restore(new(project, PackageDirectory.DirInfo.FullName, ForceDotnetRefAssemblyFetching: true, NugetSources: nugetSources, TargetWindows: isWindows));
|
||||||
assets.AddDependenciesRange(res.AssetsFilePaths);
|
assets.AddDependenciesRange(res.AssetsFilePaths);
|
||||||
lock (sync)
|
lock (sync)
|
||||||
|
|||||||
@@ -7,7 +7,7 @@ using Semmle.Util;
|
|||||||
|
|
||||||
namespace Semmle.Extraction.CSharp.DependencyFetching
|
namespace Semmle.Extraction.CSharp.DependencyFetching
|
||||||
{
|
{
|
||||||
internal interface IPackagesConfigRestore
|
internal interface IPackagesConfigRestore : IDisposable
|
||||||
{
|
{
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// The number of packages.config files found in the source tree.
|
/// The number of packages.config files found in the source tree.
|
||||||
@@ -33,11 +33,11 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
|
|||||||
/// </summary>
|
/// </summary>
|
||||||
internal class PackagesConfigRestoreFactory
|
internal class PackagesConfigRestoreFactory
|
||||||
{
|
{
|
||||||
public static IPackagesConfigRestore Create(FileProvider fileProvider, DependencyDirectory packageDirectory, Semmle.Util.Logging.ILogger logger, FeedManager feedManager, HashSet<string> reachableFeeds)
|
public static IPackagesConfigRestore Create(FileProvider fileProvider, DependencyDirectory packageDirectory, Semmle.Util.Logging.ILogger logger, Func<bool> useDefaultFeed)
|
||||||
{
|
{
|
||||||
if (SystemBuildActions.Instance.IsWindows() || SystemBuildActions.Instance.IsMonoInstalled())
|
if (SystemBuildActions.Instance.IsWindows() || SystemBuildActions.Instance.IsMonoInstalled())
|
||||||
{
|
{
|
||||||
return new NugetExeWrapper(fileProvider, packageDirectory, logger, feedManager, reachableFeeds);
|
return new NugetExeWrapper(fileProvider, packageDirectory, logger, useDefaultFeed);
|
||||||
}
|
}
|
||||||
|
|
||||||
return new NoOpPackagesConfig(fileProvider.PackagesConfigs, logger);
|
return new NoOpPackagesConfig(fileProvider.PackagesConfigs, logger);
|
||||||
@@ -55,6 +55,8 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
|
|||||||
|
|
||||||
public int PackageCount => fileProvider.PackagesConfigs.Count;
|
public int PackageCount => fileProvider.PackagesConfigs.Count;
|
||||||
|
|
||||||
|
private readonly string? backupNugetConfig;
|
||||||
|
private readonly string? nugetConfigPath;
|
||||||
private readonly FileProvider fileProvider;
|
private readonly FileProvider fileProvider;
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
@@ -63,30 +65,57 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
|
|||||||
/// so as to not trample the source tree.
|
/// so as to not trample the source tree.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
private readonly DependencyDirectory packageDirectory;
|
private readonly DependencyDirectory packageDirectory;
|
||||||
private readonly FeedManager feedManager;
|
|
||||||
private readonly HashSet<string> reachableFeeds;
|
|
||||||
|
|
||||||
private bool IsWindows => SystemBuildActions.Instance.IsWindows();
|
private bool IsWindows => SystemBuildActions.Instance.IsWindows();
|
||||||
|
|
||||||
private bool? isDefaultFeedReachable;
|
|
||||||
private bool IsDefaultFeedReachable =>
|
|
||||||
isDefaultFeedReachable ??= feedManager.IsDefaultFeedReachable();
|
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Create the package manager for a specified source tree.
|
/// Create the package manager for a specified source tree.
|
||||||
/// </summary>
|
/// </summary>
|
||||||
public NugetExeWrapper(FileProvider fileProvider, DependencyDirectory packageDirectory, Semmle.Util.Logging.ILogger logger, FeedManager feedManager, HashSet<string> reachableFeeds)
|
public NugetExeWrapper(FileProvider fileProvider, DependencyDirectory packageDirectory, Semmle.Util.Logging.ILogger logger, Func<bool> useDefaultFeed)
|
||||||
{
|
{
|
||||||
this.fileProvider = fileProvider;
|
this.fileProvider = fileProvider;
|
||||||
this.packageDirectory = packageDirectory;
|
this.packageDirectory = packageDirectory;
|
||||||
this.logger = logger;
|
this.logger = logger;
|
||||||
this.feedManager = feedManager;
|
|
||||||
this.reachableFeeds = reachableFeeds;
|
|
||||||
|
|
||||||
if (fileProvider.PackagesConfigs.Count > 0)
|
if (fileProvider.PackagesConfigs.Count > 0)
|
||||||
{
|
{
|
||||||
logger.LogInfo($"Found packages.config files, trying to use nuget.exe for package restore");
|
logger.LogInfo($"Found packages.config files, trying to use nuget.exe for package restore");
|
||||||
nugetExe = ResolveNugetExe();
|
nugetExe = ResolveNugetExe();
|
||||||
|
if (!HasPackageSource() && useDefaultFeed())
|
||||||
|
{
|
||||||
|
// We only modify or add a top level nuget.config file
|
||||||
|
nugetConfigPath = Path.Join(fileProvider.SourceDir.FullName, "nuget.config");
|
||||||
|
try
|
||||||
|
{
|
||||||
|
if (File.Exists(nugetConfigPath))
|
||||||
|
{
|
||||||
|
var tempFolderPath = FileUtils.GetTemporaryWorkingDirectory(out _);
|
||||||
|
|
||||||
|
do
|
||||||
|
{
|
||||||
|
backupNugetConfig = Path.Join(tempFolderPath, Path.GetRandomFileName());
|
||||||
|
}
|
||||||
|
while (File.Exists(backupNugetConfig));
|
||||||
|
File.Copy(nugetConfigPath, backupNugetConfig, true);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
File.WriteAllText(nugetConfigPath,
|
||||||
|
"""
|
||||||
|
<?xml version="1.0" encoding="utf-8"?>
|
||||||
|
<configuration>
|
||||||
|
<packageSources>
|
||||||
|
</packageSources>
|
||||||
|
</configuration>
|
||||||
|
""");
|
||||||
|
}
|
||||||
|
AddDefaultPackageSource(nugetConfigPath);
|
||||||
|
}
|
||||||
|
catch (Exception e)
|
||||||
|
{
|
||||||
|
logger.LogError($"Failed to add default package source to {nugetConfigPath}: {e}");
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -169,21 +198,6 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
|
|||||||
{
|
{
|
||||||
logger.LogInfo($"Restoring file \"{packagesConfig}\"...");
|
logger.LogInfo($"Restoring file \"{packagesConfig}\"...");
|
||||||
|
|
||||||
var sourcesArgument = "";
|
|
||||||
var feedsToUse = feedManager.FeedsToUse(packagesConfig, reachableFeeds).ToList();
|
|
||||||
var useDefaultFeed = feedsToUse.Count == 0 && IsDefaultFeedReachable;
|
|
||||||
|
|
||||||
// Explicitly construct the sources to be used for the restore command when checking feed
|
|
||||||
// responsiveness, using private registries, or falling back to nuget.org.
|
|
||||||
if (feedManager.CheckNugetFeedResponsiveness || feedManager.HasPrivateRegistryFeeds || useDefaultFeed)
|
|
||||||
{
|
|
||||||
if (useDefaultFeed)
|
|
||||||
{
|
|
||||||
feedsToUse.Add(FeedManager.PublicNugetOrgFeed);
|
|
||||||
}
|
|
||||||
sourcesArgument = feedManager.FeedsToRestoreArgument(feedsToUse, "-Source");
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Use nuget.exe to install a package.
|
/* Use nuget.exe to install a package.
|
||||||
* Note that there is a clutch of NuGet assemblies which could be used to
|
* Note that there is a clutch of NuGet assemblies which could be used to
|
||||||
* invoke this directly, which would arguably be nicer. However they are
|
* invoke this directly, which would arguably be nicer. However they are
|
||||||
@@ -194,12 +208,12 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
|
|||||||
if (RunWithMono)
|
if (RunWithMono)
|
||||||
{
|
{
|
||||||
exe = "mono";
|
exe = "mono";
|
||||||
args = $"\"{nugetExe}\" install -OutputDirectory \"{packageDirectory}\" {sourcesArgument} \"{packagesConfig}\"";
|
args = $"\"{nugetExe}\" install -OutputDirectory \"{packageDirectory}\" \"{packagesConfig}\"";
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
exe = nugetExe!;
|
exe = nugetExe!;
|
||||||
args = $"install -OutputDirectory \"{packageDirectory}\" {sourcesArgument} \"{packagesConfig}\"";
|
args = $"install -OutputDirectory \"{packageDirectory}\" \"{packagesConfig}\"";
|
||||||
}
|
}
|
||||||
|
|
||||||
var pi = new ProcessStartInfo(exe, args)
|
var pi = new ProcessStartInfo(exe, args)
|
||||||
@@ -232,6 +246,98 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
|
|||||||
{
|
{
|
||||||
return fileProvider.PackagesConfigs.Count(TryRestoreNugetPackage);
|
return fileProvider.PackagesConfigs.Count(TryRestoreNugetPackage);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private bool HasPackageSource()
|
||||||
|
{
|
||||||
|
if (IsWindows)
|
||||||
|
{
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
try
|
||||||
|
{
|
||||||
|
logger.LogInfo("Checking if default package source is available...");
|
||||||
|
RunMonoNugetCommand("sources list -ForceEnglishOutput", out var stdout);
|
||||||
|
if (stdout.All(line => line != "No sources found."))
|
||||||
|
{
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
catch (Exception e)
|
||||||
|
{
|
||||||
|
logger.LogWarning($"Failed to check if default package source is added: {e}");
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private void RunMonoNugetCommand(string command, out IList<string> stdout)
|
||||||
|
{
|
||||||
|
string exe, args;
|
||||||
|
if (RunWithMono)
|
||||||
|
{
|
||||||
|
exe = "mono";
|
||||||
|
args = $"\"{nugetExe}\" {command}";
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
exe = nugetExe!;
|
||||||
|
args = command;
|
||||||
|
}
|
||||||
|
|
||||||
|
var pi = new ProcessStartInfo(exe, args)
|
||||||
|
{
|
||||||
|
RedirectStandardOutput = true,
|
||||||
|
RedirectStandardError = true,
|
||||||
|
UseShellExecute = false
|
||||||
|
};
|
||||||
|
|
||||||
|
var threadId = Environment.CurrentManagedThreadId;
|
||||||
|
void onOut(string s) => logger.LogDebug(s, threadId);
|
||||||
|
void onError(string s) => logger.LogError(s, threadId);
|
||||||
|
pi.ReadOutput(out stdout, onOut, onError);
|
||||||
|
}
|
||||||
|
|
||||||
|
private void AddDefaultPackageSource(string nugetConfig)
|
||||||
|
{
|
||||||
|
logger.LogInfo("Adding default package source...");
|
||||||
|
RunMonoNugetCommand($"sources add -Name DefaultNugetOrg -Source {FeedManager.PublicNugetOrgFeed} -ConfigFile \"{nugetConfig}\"", out _);
|
||||||
|
}
|
||||||
|
|
||||||
|
public void Dispose()
|
||||||
|
{
|
||||||
|
if (nugetConfigPath is null)
|
||||||
|
{
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
try
|
||||||
|
{
|
||||||
|
if (backupNugetConfig is null)
|
||||||
|
{
|
||||||
|
logger.LogInfo("Removing nuget.config file");
|
||||||
|
File.Delete(nugetConfigPath);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
logger.LogInfo("Reverting nuget.config file content");
|
||||||
|
// The content of the original nuget.config file is reverted without changing the file's attributes or casing:
|
||||||
|
using (var backup = File.OpenRead(backupNugetConfig))
|
||||||
|
using (var current = File.OpenWrite(nugetConfigPath))
|
||||||
|
{
|
||||||
|
current.SetLength(0); // Truncate file
|
||||||
|
backup.CopyTo(current); // Restore original content
|
||||||
|
}
|
||||||
|
|
||||||
|
logger.LogInfo("Deleting backup nuget.config file");
|
||||||
|
File.Delete(backupNugetConfig);
|
||||||
|
}
|
||||||
|
catch (Exception exc)
|
||||||
|
{
|
||||||
|
logger.LogError($"Failed to restore original nuget.config file: {exc}");
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private class NoOpPackagesConfig : IPackagesConfigRestore
|
private class NoOpPackagesConfig : IPackagesConfigRestore
|
||||||
@@ -255,6 +361,8 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
|
|||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public void Dispose() { }
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,4 +0,0 @@
|
|||||||
---
|
|
||||||
category: majorAnalysis
|
|
||||||
---
|
|
||||||
* Simplified and streamlined the use of NuGet sources when downloading dependencies via `[mono] nuget.exe` in `build-mode: none`: NuGet sources are now supplied via the `-Source` flag instead of moving or creating `nuget.config` files in the checked-out repository, private registries are used if configured, and only reachable feeds are used when NuGet feed checking is enabled (the default).
|
|
||||||
@@ -1,4 +0,0 @@
|
|||||||
---
|
|
||||||
category: minorAnalysis
|
|
||||||
---
|
|
||||||
* Improved models for the `log/slog` package (Go 1.21+), including `*slog.Logger` methods, `With`/`WithGroup`, and `Attr`/`Value` helpers, improving coverage for the `go/log-injection` and `go/clear-text-logging` queries.
|
|
||||||
@@ -27,27 +27,3 @@ extensions:
|
|||||||
- ["log/slog", "Logger", True, "ErrorContext", "", "", "Argument[1..2]", "log-injection", "manual"]
|
- ["log/slog", "Logger", True, "ErrorContext", "", "", "Argument[1..2]", "log-injection", "manual"]
|
||||||
- ["log/slog", "Logger", True, "Log", "", "", "Argument[2..3]", "log-injection", "manual"]
|
- ["log/slog", "Logger", True, "Log", "", "", "Argument[2..3]", "log-injection", "manual"]
|
||||||
- ["log/slog", "Logger", True, "LogAttrs", "", "", "Argument[2..3]", "log-injection", "manual"]
|
- ["log/slog", "Logger", True, "LogAttrs", "", "", "Argument[2..3]", "log-injection", "manual"]
|
||||||
# With/WithGroup add attributes that are included in every subsequent log call.
|
|
||||||
- ["log/slog", "", False, "With", "", "", "Argument[0]", "log-injection", "manual"]
|
|
||||||
- ["log/slog", "Logger", True, "With", "", "", "Argument[0]", "log-injection", "manual"]
|
|
||||||
- ["log/slog", "Logger", True, "WithGroup", "", "", "Argument[0]", "log-injection", "manual"]
|
|
||||||
- addsTo:
|
|
||||||
pack: codeql/go-all
|
|
||||||
extensible: summaryModel
|
|
||||||
data:
|
|
||||||
# Constructors for Attr that can carry a tainted string into the result.
|
|
||||||
- ["log/slog", "", False, "Any", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
|
|
||||||
- ["log/slog", "", False, "Group", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
|
||||||
- ["log/slog", "", False, "Group", "", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "manual"]
|
|
||||||
- ["log/slog", "", False, "GroupAttrs", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
|
||||||
- ["log/slog", "", False, "GroupAttrs", "", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "manual"]
|
|
||||||
- ["log/slog", "", False, "String", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
|
|
||||||
# Constructors for Value that can carry a tainted string into the result.
|
|
||||||
- ["log/slog", "", False, "AnyValue", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
|
||||||
- ["log/slog", "", False, "GroupValue", "", "", "Argument[0].ArrayElement", "ReturnValue", "taint", "manual"]
|
|
||||||
- ["log/slog", "", False, "StringValue", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
|
||||||
# Methods that read a string back out of an Attr or Value.
|
|
||||||
- ["log/slog", "Attr", True, "String", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
|
|
||||||
- ["log/slog", "Value", True, "Any", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
|
|
||||||
- ["log/slog", "Value", True, "Group", "", "", "Argument[receiver]", "ReturnValue.ArrayElement", "taint", "manual"]
|
|
||||||
- ["log/slog", "Value", True, "String", "", "", "Argument[receiver]", "ReturnValue", "taint", "manual"]
|
|
||||||
|
|||||||
@@ -37,9 +37,4 @@ func slogTest() {
|
|||||||
slog.InfoContext(ctx, text, key, v) // $ logger=text logger=key logger=v
|
slog.InfoContext(ctx, text, key, v) // $ logger=text logger=key logger=v
|
||||||
slog.Log(ctx, slog.LevelInfo, text, key, v) // $ logger=text logger=key logger=v
|
slog.Log(ctx, slog.LevelInfo, text, key, v) // $ logger=text logger=key logger=v
|
||||||
slog.LogAttrs(ctx, slog.LevelInfo, text, attr) // $ logger=text logger=attr
|
slog.LogAttrs(ctx, slog.LevelInfo, text, attr) // $ logger=text logger=attr
|
||||||
|
|
||||||
// With/WithGroup add attributes that are included in every subsequent log call.
|
|
||||||
logger.With(key, v) // $ logger=key logger=v
|
|
||||||
logger.WithGroup(text) // $ logger=text
|
|
||||||
slog.With(key, v) // $ logger=key logger=v
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,2 +0,0 @@
|
|||||||
reverseRead
|
|
||||||
| test.go:114:21:114:33 | call to Group | Origin of readStep is missing a PostUpdateNode. |
|
|
||||||
@@ -1,2 +0,0 @@
|
|||||||
invalidModelRow
|
|
||||||
testFailures
|
|
||||||
@@ -1,14 +0,0 @@
|
|||||||
import go
|
|
||||||
import semmle.go.dataflow.ExternalFlow
|
|
||||||
import ModelValidation
|
|
||||||
import utils.test.InlineFlowTest
|
|
||||||
|
|
||||||
module Config implements DataFlow::ConfigSig {
|
|
||||||
predicate isSource(DataFlow::Node source) {
|
|
||||||
source.(DataFlow::CallNode).getTarget().getName() = ["getUntrustedData", "getUntrustedString"]
|
|
||||||
}
|
|
||||||
|
|
||||||
predicate isSink(DataFlow::Node sink) { sink = any(LoggerCall log).getAMessageComponent() }
|
|
||||||
}
|
|
||||||
|
|
||||||
import FlowTest<Config, Config>
|
|
||||||
@@ -1,3 +0,0 @@
|
|||||||
module codeql-go-tests/frameworks/slog
|
|
||||||
|
|
||||||
go 1.26
|
|
||||||
@@ -1,115 +0,0 @@
|
|||||||
package main
|
|
||||||
|
|
||||||
import (
|
|
||||||
"context"
|
|
||||||
"log/slog"
|
|
||||||
)
|
|
||||||
|
|
||||||
func main() {}
|
|
||||||
|
|
||||||
func getUntrustedData() interface{} { return nil }
|
|
||||||
|
|
||||||
func getUntrustedString() string {
|
|
||||||
return "tainted string"
|
|
||||||
}
|
|
||||||
|
|
||||||
// Package-level convenience functions.
|
|
||||||
|
|
||||||
func testSlogDebug() {
|
|
||||||
slog.Debug(getUntrustedString()) // $ hasValueFlow="call to getUntrustedString"
|
|
||||||
slog.Debug("msg", "key", getUntrustedData()) // $ hasValueFlow="call to getUntrustedData"
|
|
||||||
slog.Debug("msg", slog.String("key", getUntrustedString())) // $ hasTaintFlow="call to String"
|
|
||||||
}
|
|
||||||
|
|
||||||
func testSlogInfo() {
|
|
||||||
slog.Info(getUntrustedString()) // $ hasValueFlow="call to getUntrustedString"
|
|
||||||
slog.Info("msg", slog.Any("key", getUntrustedData())) // $ hasTaintFlow="call to Any"
|
|
||||||
slog.Info("msg", slog.String("key", getUntrustedString())) // $ hasTaintFlow="call to String"
|
|
||||||
}
|
|
||||||
|
|
||||||
func testSlogWarn() {
|
|
||||||
slog.Warn(getUntrustedString()) // $ hasValueFlow="call to getUntrustedString"
|
|
||||||
slog.Warn("msg", slog.String("key", getUntrustedString())) // $ hasTaintFlow="call to String"
|
|
||||||
}
|
|
||||||
|
|
||||||
func testSlogError() {
|
|
||||||
slog.Error(getUntrustedString()) // $ hasValueFlow="call to getUntrustedString"
|
|
||||||
slog.Error("msg", slog.String("key", getUntrustedString())) // $ hasTaintFlow="call to String"
|
|
||||||
}
|
|
||||||
|
|
||||||
func testSlogContextVariants(ctx context.Context) {
|
|
||||||
slog.DebugContext(ctx, getUntrustedString()) // $ hasValueFlow="call to getUntrustedString"
|
|
||||||
slog.InfoContext(ctx, getUntrustedString()) // $ hasValueFlow="call to getUntrustedString"
|
|
||||||
slog.WarnContext(ctx, getUntrustedString()) // $ hasValueFlow="call to getUntrustedString"
|
|
||||||
slog.ErrorContext(ctx, getUntrustedString()) // $ hasValueFlow="call to getUntrustedString"
|
|
||||||
slog.InfoContext(ctx, "msg", slog.String("key", getUntrustedString())) // $ hasTaintFlow="call to String"
|
|
||||||
}
|
|
||||||
|
|
||||||
func testSlogLog(ctx context.Context) {
|
|
||||||
slog.Log(ctx, slog.LevelInfo, getUntrustedString()) // $ hasValueFlow="call to getUntrustedString"
|
|
||||||
slog.Log(ctx, slog.LevelInfo, "msg", slog.String("key", getUntrustedString())) // $ hasTaintFlow="call to String"
|
|
||||||
slog.LogAttrs(ctx, slog.LevelInfo, getUntrustedString()) // $ hasValueFlow="call to getUntrustedString"
|
|
||||||
slog.LogAttrs(ctx, slog.LevelInfo, "msg", slog.String("key", getUntrustedString())) // $ hasTaintFlow="call to String"
|
|
||||||
}
|
|
||||||
|
|
||||||
// Methods on *slog.Logger.
|
|
||||||
|
|
||||||
func testLoggerMethods(logger *slog.Logger, ctx context.Context) {
|
|
||||||
logger.Debug(getUntrustedString()) // $ hasValueFlow="call to getUntrustedString"
|
|
||||||
logger.Info(getUntrustedString()) // $ hasValueFlow="call to getUntrustedString"
|
|
||||||
logger.Warn(getUntrustedString()) // $ hasValueFlow="call to getUntrustedString"
|
|
||||||
logger.Error(getUntrustedString()) // $ hasValueFlow="call to getUntrustedString"
|
|
||||||
logger.Info("msg", slog.Any("key", getUntrustedData())) // $ hasTaintFlow="call to Any"
|
|
||||||
logger.InfoContext(ctx, getUntrustedString()) // $ hasValueFlow="call to getUntrustedString"
|
|
||||||
logger.Log(ctx, slog.LevelInfo, getUntrustedString()) // $ hasValueFlow="call to getUntrustedString"
|
|
||||||
logger.LogAttrs(ctx, slog.LevelInfo, "msg", slog.String("key", getUntrustedString())) // $ hasTaintFlow="call to String"
|
|
||||||
}
|
|
||||||
|
|
||||||
// With, Logger.With and Logger.WithGroup. Note that for ease of modeling we make these functions
|
|
||||||
// sinks, although strictly speaking we should consider logging functions called on the returned
|
|
||||||
// loggers as the sinks.
|
|
||||||
|
|
||||||
func testWith(logger *slog.Logger) {
|
|
||||||
logger1 := logger.With(slog.String("key", getUntrustedString())) // $ hasTaintFlow="call to String"
|
|
||||||
logger1.Info("hello world")
|
|
||||||
logger2 := logger.With(slog.Any(getUntrustedString(), nil)) // $ hasTaintFlow="call to Any"
|
|
||||||
logger2.Info("hello world")
|
|
||||||
logger.With("key", getUntrustedData()).Info("hello world") // $ hasValueFlow="call to getUntrustedData"
|
|
||||||
}
|
|
||||||
|
|
||||||
func testPackageWith() {
|
|
||||||
logger := slog.With(slog.String("key", getUntrustedString())) // $ hasTaintFlow="call to String"
|
|
||||||
logger.Info("hello world")
|
|
||||||
slog.With("key", getUntrustedData()).Info("hello world") // $ hasValueFlow="call to getUntrustedData"
|
|
||||||
}
|
|
||||||
|
|
||||||
func testWithGroup(logger *slog.Logger) {
|
|
||||||
grouped := logger.WithGroup(getUntrustedString()) // $ hasValueFlow="call to getUntrustedString"
|
|
||||||
grouped.Info("hello world")
|
|
||||||
}
|
|
||||||
|
|
||||||
// Summary models: functions relating to Attr/Value that propagate strings.
|
|
||||||
|
|
||||||
func testAttrConstructors(logger *slog.Logger) {
|
|
||||||
logger.Info("msg", slog.Group("group", slog.String("key", getUntrustedString()))) // $ hasTaintFlow="call to Group"
|
|
||||||
logger.Info("msg", slog.GroupAttrs("group", slog.String("key", getUntrustedString()))) // $ hasTaintFlow="call to GroupAttrs"
|
|
||||||
}
|
|
||||||
|
|
||||||
func testValueConstructors(logger *slog.Logger) {
|
|
||||||
logger.Info("msg", "key", slog.AnyValue(getUntrustedString())) // $ hasTaintFlow="call to AnyValue"
|
|
||||||
logger.Info("msg", "key", slog.StringValue(getUntrustedString())) // $ hasTaintFlow="call to StringValue"
|
|
||||||
attr := slog.String("key", getUntrustedString())
|
|
||||||
logger.Info("msg", "key", slog.GroupValue(attr)) // $ hasTaintFlow="call to GroupValue"
|
|
||||||
}
|
|
||||||
|
|
||||||
func testAttrAndValueAccessors(logger *slog.Logger) {
|
|
||||||
attr := slog.String("key", getUntrustedString())
|
|
||||||
logger.Info("msg", "key", attr.String()) // $ hasTaintFlow="call to String"
|
|
||||||
|
|
||||||
v := slog.AnyValue(getUntrustedString())
|
|
||||||
logger.Info("msg", "key", v.Any()) // $ hasTaintFlow="call to Any"
|
|
||||||
logger.Info("msg", "key", v.String()) // $ hasTaintFlow="call to String"
|
|
||||||
|
|
||||||
group := slog.GroupValue(slog.String("key", getUntrustedString()))
|
|
||||||
logger.Info("msg", group.Group()[0]) // $ hasTaintFlow="index expression"
|
|
||||||
}
|
|
||||||
@@ -29,3 +29,8 @@ nodes
|
|||||||
| BadMacUse.java:146:48:146:57 | ciphertext : byte[] | semmle.label | ciphertext : byte[] |
|
| BadMacUse.java:146:48:146:57 | ciphertext : byte[] | semmle.label | ciphertext : byte[] |
|
||||||
| BadMacUse.java:152:42:152:51 | ciphertext | semmle.label | ciphertext |
|
| BadMacUse.java:152:42:152:51 | ciphertext | semmle.label | ciphertext |
|
||||||
subpaths
|
subpaths
|
||||||
|
testFailures
|
||||||
|
| BadMacUse.java:50:56:50:66 | // $ Source | Missing result: Source |
|
||||||
|
| BadMacUse.java:63:118:63:128 | // $ Source | Missing result: Source |
|
||||||
|
| BadMacUse.java:92:31:92:35 | bytes : byte[] | Unexpected result: Source |
|
||||||
|
| BadMacUse.java:146:95:146:105 | // $ Source | Missing result: Source |
|
||||||
|
|||||||
@@ -30,3 +30,8 @@ nodes
|
|||||||
| BadMacUse.java:118:83:118:84 | iv : byte[] | semmle.label | iv : byte[] |
|
| BadMacUse.java:118:83:118:84 | iv : byte[] | semmle.label | iv : byte[] |
|
||||||
| BadMacUse.java:124:42:124:51 | ciphertext | semmle.label | ciphertext |
|
| BadMacUse.java:124:42:124:51 | ciphertext | semmle.label | ciphertext |
|
||||||
subpaths
|
subpaths
|
||||||
|
testFailures
|
||||||
|
| BadMacUse.java:63:118:63:128 | // $ Source | Missing result: Source |
|
||||||
|
| BadMacUse.java:92:16:92:36 | doFinal(...) : byte[] | Unexpected result: Source |
|
||||||
|
| BadMacUse.java:124:42:124:51 | ciphertext | Unexpected result: Alert |
|
||||||
|
| BadMacUse.java:146:95:146:105 | // $ Source | Missing result: Source |
|
||||||
|
|||||||
@@ -44,3 +44,8 @@ nodes
|
|||||||
| BadMacUse.java:146:48:146:57 | ciphertext : byte[] [[]] : Object | semmle.label | ciphertext : byte[] [[]] : Object |
|
| BadMacUse.java:146:48:146:57 | ciphertext : byte[] [[]] : Object | semmle.label | ciphertext : byte[] [[]] : Object |
|
||||||
| BadMacUse.java:152:42:152:51 | ciphertext | semmle.label | ciphertext |
|
| BadMacUse.java:152:42:152:51 | ciphertext | semmle.label | ciphertext |
|
||||||
subpaths
|
subpaths
|
||||||
|
testFailures
|
||||||
|
| BadMacUse.java:50:56:50:66 | // $ Source | Missing result: Source |
|
||||||
|
| BadMacUse.java:139:79:139:90 | input : byte[] | Unexpected result: Source |
|
||||||
|
| BadMacUse.java:146:95:146:105 | // $ Source | Missing result: Source |
|
||||||
|
| BadMacUse.java:152:42:152:51 | ciphertext | Unexpected result: Alert |
|
||||||
|
|||||||
@@ -47,7 +47,7 @@ class BadMacUse {
|
|||||||
SecretKey encryptionKey = new SecretKeySpec(encryptionKeyBytes, "AES");
|
SecretKey encryptionKey = new SecretKeySpec(encryptionKeyBytes, "AES");
|
||||||
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
|
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
|
||||||
cipher.init(Cipher.DECRYPT_MODE, encryptionKey, new SecureRandom());
|
cipher.init(Cipher.DECRYPT_MODE, encryptionKey, new SecureRandom());
|
||||||
byte[] plaintext = cipher.doFinal(ciphertext); // $ Source[java/quantum/examples/bad-mac-order-decrypt-to-mac]
|
byte[] plaintext = cipher.doFinal(ciphertext); // $ Source
|
||||||
|
|
||||||
// Now verify MAC (too late)
|
// Now verify MAC (too late)
|
||||||
SecretKey macKey = new SecretKeySpec(macKeyBytes, "HmacSHA256");
|
SecretKey macKey = new SecretKeySpec(macKeyBytes, "HmacSHA256");
|
||||||
@@ -60,7 +60,7 @@ class BadMacUse {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public void BadMacOnPlaintext(byte[] encryptionKeyBytes, byte[] macKeyBytes, byte[] plaintext) throws Exception {// $ Source[java/quantum/examples/bad-mac-order-encrypt-plaintext-also-in-mac]
|
public void BadMacOnPlaintext(byte[] encryptionKeyBytes, byte[] macKeyBytes, byte[] plaintext) throws Exception {// $ Source
|
||||||
// Create keys directly from provided byte arrays
|
// Create keys directly from provided byte arrays
|
||||||
SecretKey encryptionKey = new SecretKeySpec(encryptionKeyBytes, "AES");
|
SecretKey encryptionKey = new SecretKeySpec(encryptionKeyBytes, "AES");
|
||||||
SecretKey macKey = new SecretKeySpec(macKeyBytes, "HmacSHA256");
|
SecretKey macKey = new SecretKeySpec(macKeyBytes, "HmacSHA256");
|
||||||
@@ -89,7 +89,7 @@ class BadMacUse {
|
|||||||
|
|
||||||
IvParameterSpec ivParameterSpec = new IvParameterSpec(iv);
|
IvParameterSpec ivParameterSpec = new IvParameterSpec(iv);
|
||||||
cipher.init(mode, secretKeySpec, ivParameterSpec);
|
cipher.init(mode, secretKeySpec, ivParameterSpec);
|
||||||
return cipher.doFinal(bytes); // $ Source[java/quantum/examples/bad-mac-order-decrypt-then-mac] Source[java/quantum/examples/bad-mac-order-decrypt-to-mac]
|
return cipher.doFinal(bytes);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -121,7 +121,7 @@ class BadMacUse {
|
|||||||
SecretKey macKey = new SecretKeySpec(macKeyBytes, "HmacSHA256");
|
SecretKey macKey = new SecretKeySpec(macKeyBytes, "HmacSHA256");
|
||||||
Mac mac = Mac.getInstance("HmacSHA256");
|
Mac mac = Mac.getInstance("HmacSHA256");
|
||||||
mac.init(macKey);
|
mac.init(macKey);
|
||||||
byte[] computedMac = mac.doFinal(ciphertext); // $ SPURIOUS: Alert[java/quantum/examples/bad-mac-order-decrypt-to-mac]
|
byte[] computedMac = mac.doFinal(ciphertext); // False Positive
|
||||||
|
|
||||||
// Concatenate ciphertext and MAC
|
// Concatenate ciphertext and MAC
|
||||||
byte[] output = new byte[ciphertext.length + computedMac.length];
|
byte[] output = new byte[ciphertext.length + computedMac.length];
|
||||||
@@ -136,20 +136,20 @@ class BadMacUse {
|
|||||||
* The function decrypts THEN computes the MAC on the plaintext.
|
* The function decrypts THEN computes the MAC on the plaintext.
|
||||||
* It should have the MAC computed on the ciphertext first.
|
* It should have the MAC computed on the ciphertext first.
|
||||||
*/
|
*/
|
||||||
public void decryptThenMac(byte[] encryptionKeyBytes, byte[] macKeyBytes, byte[] input) throws Exception { // $ SPURIOUS: Source[java/quantum/examples/bad-mac-order-encrypt-plaintext-also-in-mac]
|
public void decryptThenMac(byte[] encryptionKeyBytes, byte[] macKeyBytes, byte[] input) throws Exception {
|
||||||
// Split input into ciphertext and MAC
|
// Split input into ciphertext and MAC
|
||||||
int macLength = 32; // HMAC-SHA256 output length
|
int macLength = 32; // HMAC-SHA256 output length
|
||||||
byte[] ciphertext = Arrays.copyOfRange(input, 0, input.length - macLength);
|
byte[] ciphertext = Arrays.copyOfRange(input, 0, input.length - macLength);
|
||||||
byte[] receivedMac = Arrays.copyOfRange(input, input.length - macLength, input.length);
|
byte[] receivedMac = Arrays.copyOfRange(input, input.length - macLength, input.length);
|
||||||
|
|
||||||
// Decrypt first (unsafe)
|
// Decrypt first (unsafe)
|
||||||
byte[] plaintext = decryptUsingWrapper(ciphertext, encryptionKeyBytes, new byte[16]);
|
byte[] plaintext = decryptUsingWrapper(ciphertext, encryptionKeyBytes, new byte[16]); // $ Source
|
||||||
|
|
||||||
// Now verify MAC (too late)
|
// Now verify MAC (too late)
|
||||||
SecretKey macKey = new SecretKeySpec(macKeyBytes, "HmacSHA256");
|
SecretKey macKey = new SecretKeySpec(macKeyBytes, "HmacSHA256");
|
||||||
Mac mac = Mac.getInstance("HmacSHA256");
|
Mac mac = Mac.getInstance("HmacSHA256");
|
||||||
mac.init(macKey);
|
mac.init(macKey);
|
||||||
byte[] computedMac = mac.doFinal(ciphertext); // $ Alert[java/quantum/examples/bad-mac-order-decrypt-then-mac] SPURIOUS: Alert[java/quantum/examples/bad-mac-order-encrypt-plaintext-also-in-mac]
|
byte[] computedMac = mac.doFinal(ciphertext); // $ Alert[java/quantum/examples/bad-mac-order-decrypt-then-mac], False positive for Plaintext reuse
|
||||||
|
|
||||||
if (!MessageDigest.isEqual(receivedMac, computedMac)) {
|
if (!MessageDigest.isEqual(receivedMac, computedMac)) {
|
||||||
throw new SecurityException("MAC verification failed");
|
throw new SecurityException("MAC verification failed");
|
||||||
|
|||||||
@@ -126,3 +126,5 @@ nodes
|
|||||||
| InsecureIVorNonceSource.java:202:54:202:55 | iv : byte[] | semmle.label | iv : byte[] |
|
| InsecureIVorNonceSource.java:202:54:202:55 | iv : byte[] | semmle.label | iv : byte[] |
|
||||||
| InsecureIVorNonceSource.java:206:51:206:56 | ivSpec | semmle.label | ivSpec |
|
| InsecureIVorNonceSource.java:206:51:206:56 | ivSpec | semmle.label | ivSpec |
|
||||||
subpaths
|
subpaths
|
||||||
|
testFailures
|
||||||
|
| InsecureIVorNonceSource.java:42:21:42:21 | 1 : Number | Unexpected result: Source |
|
||||||
|
|||||||
@@ -39,7 +39,7 @@ public class InsecureIVorNonceSource {
|
|||||||
public byte[] encryptWithStaticIvByteArray(byte[] key, byte[] plaintext) throws Exception {
|
public byte[] encryptWithStaticIvByteArray(byte[] key, byte[] plaintext) throws Exception {
|
||||||
byte[] iv = new byte[16];
|
byte[] iv = new byte[16];
|
||||||
for (byte i = 0; i < iv.length; i++) {
|
for (byte i = 0; i < iv.length; i++) {
|
||||||
iv[i] = 1; // $ Source[java/quantum/examples/insecure-iv-or-nonce]
|
iv[i] = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
IvParameterSpec ivSpec = new IvParameterSpec(iv);
|
IvParameterSpec ivSpec = new IvParameterSpec(iv);
|
||||||
|
|||||||
@@ -40,11 +40,11 @@ public class Test {
|
|||||||
* SAST/CBOM: - Parent: PBKDF2. - Iteration count is only 10, which is far
|
* SAST/CBOM: - Parent: PBKDF2. - Iteration count is only 10, which is far
|
||||||
* below acceptable security standards. - Flagged as insecure.
|
* below acceptable security standards. - Flagged as insecure.
|
||||||
*/
|
*/
|
||||||
public void pbkdf2LowIteration(String password, int iterationCount) throws Exception { // $ Source[java/quantum/examples/unknown-kdf-iteration-count]
|
public void pbkdf2LowIteration(String password, int iterationCount) throws Exception { // $ Source
|
||||||
byte[] salt = generateSalt(16);
|
byte[] salt = generateSalt(16);
|
||||||
PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, iterationCount, 256);
|
PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, iterationCount, 256); // $ Alert[java/quantum/examples/unknown-kdf-iteration-count]
|
||||||
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
|
SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
|
||||||
byte[] key = factory.generateSecret(spec).getEncoded(); // $ Alert[java/quantum/examples/unknown-kdf-iteration-count]
|
byte[] key = factory.generateSecret(spec).getEncoded();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@@ -1 +1,5 @@
|
|||||||
|
#select
|
||||||
| Test.java:47:22:47:49 | KeyDerivation | Key derivation operation with unknown iteration: $@ | Test.java:43:53:43:70 | iterationCount | iterationCount |
|
| Test.java:47:22:47:49 | KeyDerivation | Key derivation operation with unknown iteration: $@ | Test.java:43:53:43:70 | iterationCount | iterationCount |
|
||||||
|
testFailures
|
||||||
|
| Test.java:45:94:45:154 | // $ Alert[java/quantum/examples/unknown-kdf-iteration-count] | Missing result: Alert[java/quantum/examples/unknown-kdf-iteration-count] |
|
||||||
|
| Test.java:47:22:47:49 | Key derivation operation with unknown iteration: $@ | Unexpected result: Alert |
|
||||||
|
|||||||
@@ -12,3 +12,5 @@ nodes
|
|||||||
| Test.java:58:30:58:38 | 1_000_000 : Number | semmle.label | 1_000_000 : Number |
|
| Test.java:58:30:58:38 | 1_000_000 : Number | semmle.label | 1_000_000 : Number |
|
||||||
| Test.java:59:72:59:85 | iterationCount | semmle.label | iterationCount |
|
| Test.java:59:72:59:85 | iterationCount | semmle.label | iterationCount |
|
||||||
subpaths
|
subpaths
|
||||||
|
testFailures
|
||||||
|
| Test.java:43:92:43:102 | // $ Source | Missing result: Source |
|
||||||
|
|||||||
2
python/ql/consistency-queries/CfgConsistency.ql
Normal file
2
python/ql/consistency-queries/CfgConsistency.ql
Normal file
@@ -0,0 +1,2 @@
|
|||||||
|
import semmle.python.controlflow.internal.AstNodeImpl
|
||||||
|
import ControlFlow::Consistency
|
||||||
@@ -36,6 +36,8 @@ private module Input implements InputSig<Location, PythonDataFlow> {
|
|||||||
// parameter, but dataflow-consistency queries should _not_ complain about there not
|
// parameter, but dataflow-consistency queries should _not_ complain about there not
|
||||||
// being a post-update node for the synthetic `**kwargs` parameter.
|
// being a post-update node for the synthetic `**kwargs` parameter.
|
||||||
n instanceof SynthDictSplatParameterNode
|
n instanceof SynthDictSplatParameterNode
|
||||||
|
or
|
||||||
|
Private::Conversions::readStep(n, _, _)
|
||||||
}
|
}
|
||||||
|
|
||||||
predicate uniqueParameterNodePositionExclude(DataFlowCallable c, ParameterPosition pos, Node p) {
|
predicate uniqueParameterNodePositionExclude(DataFlowCallable c, ParameterPosition pos, Node p) {
|
||||||
|
|||||||
4
python/ql/lib/change-notes/2026-05-19-add-shared-cfg.md
Normal file
4
python/ql/lib/change-notes/2026-05-19-add-shared-cfg.md
Normal file
@@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
category: minorAnalysis
|
||||||
|
---
|
||||||
|
* A new Python control flow graph implementation has been added under `semmle.python.controlflow.internal.Cfg` (backed by `AstNodeImpl.qll`), built on the shared `codeql.controlflow.ControlFlowGraph` library. It is not yet used by the dataflow library or any production query; the legacy CFG in `semmle/python/Flow.qll` remains the default. The new library is exposed for tests and for upcoming migrations.
|
||||||
@@ -0,0 +1,4 @@
|
|||||||
|
---
|
||||||
|
category: minorAnalysis
|
||||||
|
---
|
||||||
|
* The new (shared-CFG-based) Python control flow graph now visits parameter and return type annotations as CFG nodes for function definitions, matching the legacy CFG. This restores annotation-based type tracking through framework models such as FastAPI's `Depends()`, Pydantic request models, Starlette `WebSocket` handlers, and any other models that flow a class reference through `Parameter.getAnnotation()` to identify instances of the annotated class.
|
||||||
@@ -1,5 +0,0 @@
|
|||||||
---
|
|
||||||
category: minorAnalysis
|
|
||||||
---
|
|
||||||
|
|
||||||
- Temporarily disabled the `instanceFieldStep` disjunct of the internal `TypeTrackingInput::levelStepCall` predicate, which was introduced in 7.2.0 and caused catastrophic query slowdowns on some OOP-heavy Python codebases (e.g. `mypy` and `dask`).
|
|
||||||
42
python/ql/lib/ide-contextual-queries/printCfg.ql
Normal file
42
python/ql/lib/ide-contextual-queries/printCfg.ql
Normal file
@@ -0,0 +1,42 @@
|
|||||||
|
/**
|
||||||
|
* @name Print CFG
|
||||||
|
* @description Produces a representation of a file's Control Flow Graph.
|
||||||
|
* This query is used by the VS Code extension.
|
||||||
|
* @id py/print-cfg
|
||||||
|
* @kind graph
|
||||||
|
* @tags ide-contextual-queries/print-cfg
|
||||||
|
*/
|
||||||
|
|
||||||
|
import semmle.python.Files as Files
|
||||||
|
// import semmle.python.Scope
|
||||||
|
import semmle.python.controlflow.internal.AstNodeImpl
|
||||||
|
|
||||||
|
external string selectedSourceFile();
|
||||||
|
|
||||||
|
private predicate selectedSourceFileAlias = selectedSourceFile/0;
|
||||||
|
|
||||||
|
external int selectedSourceLine();
|
||||||
|
|
||||||
|
private predicate selectedSourceLineAlias = selectedSourceLine/0;
|
||||||
|
|
||||||
|
external int selectedSourceColumn();
|
||||||
|
|
||||||
|
private predicate selectedSourceColumnAlias = selectedSourceColumn/0;
|
||||||
|
|
||||||
|
module ViewCfgQueryInput implements ControlFlow::ViewCfgQueryInputSig<Files::File> {
|
||||||
|
predicate selectedSourceFile = selectedSourceFileAlias/0;
|
||||||
|
|
||||||
|
predicate selectedSourceLine = selectedSourceLineAlias/0;
|
||||||
|
|
||||||
|
predicate selectedSourceColumn = selectedSourceColumnAlias/0;
|
||||||
|
|
||||||
|
predicate cfgScopeSpan(
|
||||||
|
Ast::Callable scope, Files::File file, int startLine, int startColumn, int endLine,
|
||||||
|
int endColumn
|
||||||
|
) {
|
||||||
|
file = scope.getLocation().getFile() and
|
||||||
|
scope.getLocation().hasLocationInfo(_, startLine, startColumn, endLine, endColumn)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
import ControlFlow::ViewCfgQuery<Files::File, ViewCfgQueryInput>
|
||||||
1771
python/ql/lib/semmle/python/controlflow/internal/AstNodeImpl.qll
Normal file
1771
python/ql/lib/semmle/python/controlflow/internal/AstNodeImpl.qll
Normal file
File diff suppressed because it is too large
Load Diff
1025
python/ql/lib/semmle/python/controlflow/internal/Cfg.qll
Normal file
1025
python/ql/lib/semmle/python/controlflow/internal/Cfg.qll
Normal file
File diff suppressed because it is too large
Load Diff
@@ -753,7 +753,7 @@ predicate jumpStepNotSharedWithTypeTracker(Node nodeFrom, Node nodeTo) {
|
|||||||
* As of 2024-04-02 the type-tracking library only supports precise content, so there is
|
* As of 2024-04-02 the type-tracking library only supports precise content, so there is
|
||||||
* no reason to include steps for list content right now.
|
* no reason to include steps for list content right now.
|
||||||
*/
|
*/
|
||||||
predicate storeStepCommon(Node nodeFrom, ContentSet c, Node nodeTo) {
|
predicate storeStepCommon(Node nodeFrom, Content c, Node nodeTo) {
|
||||||
tupleStoreStep(nodeFrom, c, nodeTo)
|
tupleStoreStep(nodeFrom, c, nodeTo)
|
||||||
or
|
or
|
||||||
dictStoreStep(nodeFrom, c, nodeTo)
|
dictStoreStep(nodeFrom, c, nodeTo)
|
||||||
@@ -767,29 +767,31 @@ predicate storeStepCommon(Node nodeFrom, ContentSet c, Node nodeTo) {
|
|||||||
* Holds if data can flow from `nodeFrom` to `nodeTo` via an assignment to
|
* Holds if data can flow from `nodeFrom` to `nodeTo` via an assignment to
|
||||||
* content `c`.
|
* content `c`.
|
||||||
*/
|
*/
|
||||||
predicate storeStep(Node nodeFrom, ContentSet c, Node nodeTo) {
|
predicate storeStep(Node nodeFrom, ContentSet cs, Node nodeTo) {
|
||||||
storeStepCommon(nodeFrom, c, nodeTo)
|
exists(Content c | cs = singleton(c) |
|
||||||
|
storeStepCommon(nodeFrom, c, nodeTo)
|
||||||
|
or
|
||||||
|
listStoreStep(nodeFrom, c, nodeTo)
|
||||||
|
or
|
||||||
|
setStoreStep(nodeFrom, c, nodeTo)
|
||||||
|
or
|
||||||
|
attributeStoreStep(nodeFrom, c, nodeTo)
|
||||||
|
or
|
||||||
|
matchStoreStep(nodeFrom, c, nodeTo)
|
||||||
|
or
|
||||||
|
any(Orm::AdditionalOrmSteps es).storeStep(nodeFrom, c, nodeTo)
|
||||||
|
or
|
||||||
|
synthStarArgsElementParameterNodeStoreStep(nodeFrom, c, nodeTo)
|
||||||
|
or
|
||||||
|
synthDictSplatArgumentNodeStoreStep(nodeFrom, c, nodeTo)
|
||||||
|
or
|
||||||
|
yieldStoreStep(nodeFrom, c, nodeTo)
|
||||||
|
or
|
||||||
|
VariableCapture::storeStep(nodeFrom, c, nodeTo)
|
||||||
|
)
|
||||||
or
|
or
|
||||||
listStoreStep(nodeFrom, c, nodeTo)
|
FlowSummaryImpl::Private::Steps::summaryStoreStep(nodeFrom.(FlowSummaryNode).getSummaryNode(), cs,
|
||||||
or
|
|
||||||
setStoreStep(nodeFrom, c, nodeTo)
|
|
||||||
or
|
|
||||||
attributeStoreStep(nodeFrom, c, nodeTo)
|
|
||||||
or
|
|
||||||
matchStoreStep(nodeFrom, c, nodeTo)
|
|
||||||
or
|
|
||||||
any(Orm::AdditionalOrmSteps es).storeStep(nodeFrom, c, nodeTo)
|
|
||||||
or
|
|
||||||
FlowSummaryImpl::Private::Steps::summaryStoreStep(nodeFrom.(FlowSummaryNode).getSummaryNode(), c,
|
|
||||||
nodeTo.(FlowSummaryNode).getSummaryNode())
|
nodeTo.(FlowSummaryNode).getSummaryNode())
|
||||||
or
|
|
||||||
synthStarArgsElementParameterNodeStoreStep(nodeFrom, c, nodeTo)
|
|
||||||
or
|
|
||||||
synthDictSplatArgumentNodeStoreStep(nodeFrom, c, nodeTo)
|
|
||||||
or
|
|
||||||
yieldStoreStep(nodeFrom, c, nodeTo)
|
|
||||||
or
|
|
||||||
VariableCapture::storeStep(nodeFrom, c, nodeTo)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -985,7 +987,7 @@ predicate attributeStoreStep(Node nodeFrom, AttributeContent c, Node nodeTo) {
|
|||||||
/**
|
/**
|
||||||
* Subset of `readStep` that should be shared with type-tracking.
|
* Subset of `readStep` that should be shared with type-tracking.
|
||||||
*/
|
*/
|
||||||
predicate readStepCommon(Node nodeFrom, ContentSet c, Node nodeTo) {
|
predicate readStepCommon(Node nodeFrom, Content c, Node nodeTo) {
|
||||||
subscriptReadStep(nodeFrom, c, nodeTo)
|
subscriptReadStep(nodeFrom, c, nodeTo)
|
||||||
or
|
or
|
||||||
iterableUnpackingReadStep(nodeFrom, c, nodeTo)
|
iterableUnpackingReadStep(nodeFrom, c, nodeTo)
|
||||||
@@ -994,21 +996,25 @@ predicate readStepCommon(Node nodeFrom, ContentSet c, Node nodeTo) {
|
|||||||
/**
|
/**
|
||||||
* Holds if data can flow from `nodeFrom` to `nodeTo` via a read of content `c`.
|
* Holds if data can flow from `nodeFrom` to `nodeTo` via a read of content `c`.
|
||||||
*/
|
*/
|
||||||
predicate readStep(Node nodeFrom, ContentSet c, Node nodeTo) {
|
predicate readStep(Node nodeFrom, ContentSet cs, Node nodeTo) {
|
||||||
readStepCommon(nodeFrom, c, nodeTo)
|
exists(Content c | cs = singleton(c) |
|
||||||
|
readStepCommon(nodeFrom, c, nodeTo)
|
||||||
|
or
|
||||||
|
matchReadStep(nodeFrom, c, nodeTo)
|
||||||
|
or
|
||||||
|
forReadStep(nodeFrom, c, nodeTo)
|
||||||
|
or
|
||||||
|
attributeReadStep(nodeFrom, c, nodeTo)
|
||||||
|
or
|
||||||
|
synthDictSplatParameterNodeReadStep(nodeFrom, c, nodeTo)
|
||||||
|
or
|
||||||
|
VariableCapture::readStep(nodeFrom, c, nodeTo)
|
||||||
|
)
|
||||||
or
|
or
|
||||||
matchReadStep(nodeFrom, c, nodeTo)
|
FlowSummaryImpl::Private::Steps::summaryReadStep(nodeFrom.(FlowSummaryNode).getSummaryNode(), cs,
|
||||||
or
|
|
||||||
forReadStep(nodeFrom, c, nodeTo)
|
|
||||||
or
|
|
||||||
attributeReadStep(nodeFrom, c, nodeTo)
|
|
||||||
or
|
|
||||||
FlowSummaryImpl::Private::Steps::summaryReadStep(nodeFrom.(FlowSummaryNode).getSummaryNode(), c,
|
|
||||||
nodeTo.(FlowSummaryNode).getSummaryNode())
|
nodeTo.(FlowSummaryNode).getSummaryNode())
|
||||||
or
|
or
|
||||||
synthDictSplatParameterNodeReadStep(nodeFrom, c, nodeTo)
|
Conversions::readStep(nodeFrom, cs, nodeTo)
|
||||||
or
|
|
||||||
VariableCapture::readStep(nodeFrom, c, nodeTo)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Data flows from a sequence to a subscript of the sequence. */
|
/** Data flows from a sequence to a subscript of the sequence. */
|
||||||
@@ -1064,23 +1070,68 @@ predicate attributeReadStep(Node nodeFrom, AttributeContent c, AttrRead nodeTo)
|
|||||||
nodeTo.accesses(nodeFrom, c.getAttribute())
|
nodeTo.accesses(nodeFrom, c.getAttribute())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
module Conversions {
|
||||||
|
private import semmle.python.Concepts
|
||||||
|
|
||||||
|
predicate decoderReadStep(Node nodeFrom, ContentSet c, Node nodeTo) {
|
||||||
|
exists(Decoding decoding |
|
||||||
|
nodeFrom = decoding.getAnInput() and
|
||||||
|
nodeTo = decoding.getOutput()
|
||||||
|
) and
|
||||||
|
c.isAnyTupleOrDictionaryElement()
|
||||||
|
}
|
||||||
|
|
||||||
|
predicate encoderReadStep(Node nodeFrom, ContentSet c, Node nodeTo) {
|
||||||
|
exists(Encoding encoding |
|
||||||
|
nodeFrom = encoding.getAnInput() and
|
||||||
|
nodeTo = encoding.getOutput()
|
||||||
|
) and
|
||||||
|
c.isAnyTupleOrDictionaryElement()
|
||||||
|
}
|
||||||
|
|
||||||
|
predicate formatReadStep(Node nodeFrom, ContentSet c, Node nodeTo) {
|
||||||
|
// % formatting
|
||||||
|
exists(BinaryExprNode fmt | fmt = nodeTo.asCfgNode() |
|
||||||
|
fmt.getOp() instanceof Mod and
|
||||||
|
fmt.getRight() = nodeFrom.asCfgNode()
|
||||||
|
) and
|
||||||
|
c.isAnyTupleElement()
|
||||||
|
or
|
||||||
|
// format_map
|
||||||
|
// see https://docs.python.org/3/library/stdtypes.html#str.format_map
|
||||||
|
nodeTo.(MethodCallNode).calls(_, "format_map") and
|
||||||
|
nodeTo.(MethodCallNode).getArg(0) = nodeFrom and
|
||||||
|
c.isAnyDictionaryElement()
|
||||||
|
}
|
||||||
|
|
||||||
|
predicate readStep(Node nodeFrom, ContentSet c, Node nodeTo) {
|
||||||
|
decoderReadStep(nodeFrom, c, nodeTo)
|
||||||
|
or
|
||||||
|
encoderReadStep(nodeFrom, c, nodeTo)
|
||||||
|
or
|
||||||
|
formatReadStep(nodeFrom, c, nodeTo)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Holds if values stored inside content `c` are cleared at node `n`. For example,
|
* Holds if values stored inside content `c` are cleared at node `n`. For example,
|
||||||
* any value stored inside `f` is cleared at the pre-update node associated with `x`
|
* any value stored inside `f` is cleared at the pre-update node associated with `x`
|
||||||
* in `x.f = newValue`.
|
* in `x.f = newValue`.
|
||||||
*/
|
*/
|
||||||
predicate clearsContent(Node n, ContentSet c) {
|
predicate clearsContent(Node n, ContentSet cs) {
|
||||||
matchClearStep(n, c)
|
exists(Content c | cs = singleton(c) |
|
||||||
|
matchClearStep(n, c)
|
||||||
|
or
|
||||||
|
attributeClearStep(n, c)
|
||||||
|
or
|
||||||
|
dictClearStep(n, c)
|
||||||
|
or
|
||||||
|
dictSplatParameterNodeClearStep(n, c)
|
||||||
|
or
|
||||||
|
VariableCapture::clearsContent(n, c)
|
||||||
|
)
|
||||||
or
|
or
|
||||||
attributeClearStep(n, c)
|
FlowSummaryImpl::Private::Steps::summaryClearsContent(n.(FlowSummaryNode).getSummaryNode(), cs)
|
||||||
or
|
|
||||||
dictClearStep(n, c)
|
|
||||||
or
|
|
||||||
FlowSummaryImpl::Private::Steps::summaryClearsContent(n.(FlowSummaryNode).getSummaryNode(), c)
|
|
||||||
or
|
|
||||||
dictSplatParameterNodeClearStep(n, c)
|
|
||||||
or
|
|
||||||
VariableCapture::clearsContent(n, c)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -1198,12 +1249,65 @@ predicate allowParameterReturnInSelf(ParameterNode p) {
|
|||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
bindingset[s]
|
||||||
|
private string getFirstChar(string s) {
|
||||||
|
result =
|
||||||
|
min(int i, string c |
|
||||||
|
c = s.charAt(i) and c != "_"
|
||||||
|
or
|
||||||
|
c = "" and i = s.length()
|
||||||
|
|
|
||||||
|
c order by i
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
private string getAttributeContentFirstChar(AttributeContent ac) {
|
||||||
|
result = getFirstChar(ac.getAttribute())
|
||||||
|
}
|
||||||
|
|
||||||
|
private string getDictionaryElementContentKeyFirstChar(DictionaryElementContent dec) {
|
||||||
|
result = getFirstChar(dec.getKey())
|
||||||
|
}
|
||||||
|
|
||||||
|
private newtype TContentApprox =
|
||||||
|
TListElementContentApprox() or
|
||||||
|
TSetElementContentApprox() or
|
||||||
|
TTupleElementContentApprox() or
|
||||||
|
TDictionaryElementContentApprox(string first) {
|
||||||
|
first = "" // for `TDictionaryElementAnyContent`
|
||||||
|
or
|
||||||
|
first = getDictionaryElementContentKeyFirstChar(_)
|
||||||
|
} or
|
||||||
|
TAttributeContentApprox(string first) { first = getAttributeContentFirstChar(_) } or
|
||||||
|
TCapturedVariableContentApprox()
|
||||||
|
|
||||||
/** An approximated `Content`. */
|
/** An approximated `Content`. */
|
||||||
class ContentApprox = Unit;
|
class ContentApprox extends TContentApprox {
|
||||||
|
/** Gets a textual representation of this element. */
|
||||||
|
string toString() { result = "" }
|
||||||
|
}
|
||||||
|
|
||||||
/** Gets an approximated value for content `c`. */
|
/** Gets an approximated value for content `c`. */
|
||||||
pragma[inline]
|
ContentApprox getContentApprox(Content c) {
|
||||||
ContentApprox getContentApprox(Content c) { any() }
|
c = TListElementContent() and
|
||||||
|
result = TListElementContentApprox()
|
||||||
|
or
|
||||||
|
c = TSetElementContent() and
|
||||||
|
result = TSetElementContentApprox()
|
||||||
|
or
|
||||||
|
c = TTupleElementContent(_) and
|
||||||
|
result = TTupleElementContentApprox()
|
||||||
|
or
|
||||||
|
result = TDictionaryElementContentApprox(getDictionaryElementContentKeyFirstChar(c))
|
||||||
|
or
|
||||||
|
c = TDictionaryElementAnyContent() and
|
||||||
|
result = TDictionaryElementContentApprox("")
|
||||||
|
or
|
||||||
|
result = TAttributeContentApprox(getAttributeContentFirstChar(c))
|
||||||
|
or
|
||||||
|
c = TCapturedVariableContent(_) and
|
||||||
|
result = TCapturedVariableContentApprox()
|
||||||
|
}
|
||||||
|
|
||||||
/** Helper for `.getEnclosingCallable`. */
|
/** Helper for `.getEnclosingCallable`. */
|
||||||
DataFlowCallable getCallableScope(Scope s) {
|
DataFlowCallable getCallableScope(Scope s) {
|
||||||
|
|||||||
@@ -898,19 +898,78 @@ class CapturedVariableContent extends Content, TCapturedVariableContent {
|
|||||||
override string getMaDRepresentation() { none() }
|
override string getMaDRepresentation() { none() }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* An entity that represents a set of `Content`s.
|
||||||
|
*
|
||||||
|
* Most `ContentSet`s are singletons (i.e. they consist of a single `Content`),
|
||||||
|
* but `AnyDictionaryElement` and `AnyTupleElement` act as wildcards on the
|
||||||
|
* read side: a read at such a `ContentSet` matches any specific dictionary
|
||||||
|
* key / tuple index store, as well as (for dictionaries) the
|
||||||
|
* "unknown-bucket" Content `DictionaryElementAnyContent`.
|
||||||
|
*
|
||||||
|
* Keeping these as wildcard `ContentSet`s (rather than enumerating one
|
||||||
|
* `ContentSet` per key/index) keeps the dataflow `readSetEx` relation small
|
||||||
|
* when implicit reads are used (e.g. at sinks via `defaultImplicitTaintRead`).
|
||||||
|
*/
|
||||||
|
private newtype TContentSet =
|
||||||
|
TSingletonContent(Content c) or
|
||||||
|
TAnyTupleElement() or
|
||||||
|
TAnyDictionaryElement() or
|
||||||
|
TAnyTupleOrDictionaryElement()
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* An entity that represents a set of `Content`s.
|
* An entity that represents a set of `Content`s.
|
||||||
*
|
*
|
||||||
* The set may be interpreted differently depending on whether it is
|
* The set may be interpreted differently depending on whether it is
|
||||||
* stored into (`getAStoreContent`) or read from (`getAReadContent`).
|
* stored into (`getAStoreContent`) or read from (`getAReadContent`).
|
||||||
*/
|
*/
|
||||||
class ContentSet instanceof Content {
|
class ContentSet extends TContentSet {
|
||||||
|
/** Holds if this content set is the singleton `{c}`. */
|
||||||
|
predicate isSingleton(Content c) { this = TSingletonContent(c) }
|
||||||
|
|
||||||
|
/** Holds if this content set is the wildcard for all tuple elements. */
|
||||||
|
predicate isAnyTupleElement() { this = TAnyTupleElement() }
|
||||||
|
|
||||||
|
/** Holds if this content set is the wildcard for all dictionary elements. */
|
||||||
|
predicate isAnyDictionaryElement() { this = TAnyDictionaryElement() }
|
||||||
|
|
||||||
|
/** Holds if this content set is the wildcard for all tuple elements or dictionary elements. */
|
||||||
|
predicate isAnyTupleOrDictionaryElement() { this = TAnyTupleOrDictionaryElement() }
|
||||||
|
|
||||||
/** Gets a content that may be stored into when storing into this set. */
|
/** Gets a content that may be stored into when storing into this set. */
|
||||||
Content getAStoreContent() { result = this }
|
Content getAStoreContent() { this = TSingletonContent(result) }
|
||||||
|
|
||||||
/** Gets a content that may be read from when reading from this set. */
|
/** Gets a content that may be read from when reading from this set. */
|
||||||
Content getAReadContent() { result = this }
|
Content getAReadContent() {
|
||||||
|
this = TSingletonContent(result)
|
||||||
|
or
|
||||||
|
// Wildcard expansion: a read at "any tuple element" matches a store at any
|
||||||
|
// specific tuple index. (Stores always target a specific index, so we don't
|
||||||
|
// need a `TupleElementAnyContent` Content kind here.)
|
||||||
|
this = TAnyTupleElement() and result instanceof TupleElementContent
|
||||||
|
or
|
||||||
|
this = TAnyDictionaryElement() and
|
||||||
|
(result instanceof DictionaryElementContent or result instanceof DictionaryElementAnyContent)
|
||||||
|
or
|
||||||
|
this = TAnyTupleOrDictionaryElement() and
|
||||||
|
(
|
||||||
|
result instanceof TupleElementContent or
|
||||||
|
result instanceof DictionaryElementContent or
|
||||||
|
result instanceof DictionaryElementAnyContent
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
/** Gets a textual representation of this content set. */
|
/** Gets a textual representation of this content set. */
|
||||||
string toString() { result = super.toString() }
|
string toString() {
|
||||||
|
exists(Content c | this = TSingletonContent(c) | result = c.toString())
|
||||||
|
or
|
||||||
|
this = TAnyTupleElement() and result = "Any tuple element"
|
||||||
|
or
|
||||||
|
this = TAnyDictionaryElement() and result = "Any dictionary element"
|
||||||
|
or
|
||||||
|
this = TAnyTupleOrDictionaryElement() and result = "Any tuple or dictionary element"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/** Gets the singleton `ContentSet` wrapping the `Content` `c`. */
|
||||||
|
ContentSet singleton(Content c) { result = TSingletonContent(c) }
|
||||||
|
|||||||
@@ -66,21 +66,29 @@ module Input implements InputSig<Location, DataFlowImplSpecific::PythonDataFlow>
|
|||||||
}
|
}
|
||||||
|
|
||||||
string encodeContent(ContentSet cs, string arg) {
|
string encodeContent(ContentSet cs, string arg) {
|
||||||
cs = TListElementContent() and result = "ListElement" and arg = ""
|
exists(Content c | cs.isSingleton(c) |
|
||||||
or
|
c = TListElementContent() and result = "ListElement" and arg = ""
|
||||||
cs = TSetElementContent() and result = "SetElement" and arg = ""
|
or
|
||||||
or
|
c = TSetElementContent() and result = "SetElement" and arg = ""
|
||||||
exists(int index |
|
or
|
||||||
cs = TTupleElementContent(index) and result = "TupleElement" and arg = index.toString()
|
exists(int index |
|
||||||
|
c = TTupleElementContent(index) and result = "TupleElement" and arg = index.toString()
|
||||||
|
)
|
||||||
|
or
|
||||||
|
exists(string key |
|
||||||
|
c = TDictionaryElementContent(key) and result = "DictionaryElement" and arg = key
|
||||||
|
)
|
||||||
|
or
|
||||||
|
c = TDictionaryElementAnyContent() and result = "DictionaryElementAny" and arg = ""
|
||||||
|
or
|
||||||
|
exists(string attr | c = TAttributeContent(attr) and result = "Attribute" and arg = attr)
|
||||||
)
|
)
|
||||||
or
|
or
|
||||||
exists(string key |
|
cs.isAnyTupleElement() and result = "AnyTupleElement" and arg = ""
|
||||||
cs = TDictionaryElementContent(key) and result = "DictionaryElement" and arg = key
|
|
||||||
)
|
|
||||||
or
|
or
|
||||||
cs = TDictionaryElementAnyContent() and result = "DictionaryElementAny" and arg = ""
|
cs.isAnyDictionaryElement() and result = "AnyDictionaryElement" and arg = ""
|
||||||
or
|
or
|
||||||
exists(string attr | cs = TAttributeContent(attr) and result = "Attribute" and arg = attr)
|
cs.isAnyTupleOrDictionaryElement() and result = "AnyTupleOrDictionaryElement" and arg = ""
|
||||||
}
|
}
|
||||||
|
|
||||||
bindingset[token]
|
bindingset[token]
|
||||||
@@ -139,27 +147,29 @@ module Private {
|
|||||||
predicate withContent = SC::withContent/1;
|
predicate withContent = SC::withContent/1;
|
||||||
|
|
||||||
/** Gets a summary component that represents a list element. */
|
/** Gets a summary component that represents a list element. */
|
||||||
SummaryComponent listElement() { result = content(any(ListElementContent c)) }
|
SummaryComponent listElement() { result = content(singleton(any(ListElementContent c))) }
|
||||||
|
|
||||||
/** Gets a summary component that represents a set element. */
|
/** Gets a summary component that represents a set element. */
|
||||||
SummaryComponent setElement() { result = content(any(SetElementContent c)) }
|
SummaryComponent setElement() { result = content(singleton(any(SetElementContent c))) }
|
||||||
|
|
||||||
/** Gets a summary component that represents a tuple element. */
|
/** Gets a summary component that represents a tuple element. */
|
||||||
SummaryComponent tupleElement(int index) {
|
SummaryComponent tupleElement(int index) {
|
||||||
exists(TupleElementContent c | c.getIndex() = index and result = content(c))
|
exists(TupleElementContent c | c.getIndex() = index and result = content(singleton(c)))
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Gets a summary component that represents a dictionary element. */
|
/** Gets a summary component that represents a dictionary element. */
|
||||||
SummaryComponent dictionaryElement(string key) {
|
SummaryComponent dictionaryElement(string key) {
|
||||||
exists(DictionaryElementContent c | c.getKey() = key and result = content(c))
|
exists(DictionaryElementContent c | c.getKey() = key and result = content(singleton(c)))
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Gets a summary component that represents a dictionary element at any key. */
|
/** Gets a summary component that represents a dictionary element at any key. */
|
||||||
SummaryComponent dictionaryElementAny() { result = content(any(DictionaryElementAnyContent c)) }
|
SummaryComponent dictionaryElementAny() {
|
||||||
|
result = content(singleton(any(DictionaryElementAnyContent c)))
|
||||||
|
}
|
||||||
|
|
||||||
/** Gets a summary component that represents an attribute element. */
|
/** Gets a summary component that represents an attribute element. */
|
||||||
SummaryComponent attribute(string attr) {
|
SummaryComponent attribute(string attr) {
|
||||||
exists(AttributeContent c | c.getAttribute() = attr and result = content(c))
|
exists(AttributeContent c | c.getAttribute() = attr and result = content(singleton(c)))
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Gets a summary component that represents the return value of a call. */
|
/** Gets a summary component that represents the return value of a call. */
|
||||||
|
|||||||
@@ -11,12 +11,34 @@ private import semmle.python.ApiGraphs
|
|||||||
*/
|
*/
|
||||||
predicate defaultTaintSanitizer(DataFlow::Node node) { none() }
|
predicate defaultTaintSanitizer(DataFlow::Node node) { none() }
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Holds if default taint tracking should read content `contentSet` implicitly and
|
||||||
|
* propagate taint from a container to reads of that content.
|
||||||
|
*/
|
||||||
|
private predicate defaultTaintReadContent(DataFlow::ContentSet contentSet) {
|
||||||
|
// Tuple and dictionary content is precise, so use wildcard content sets to avoid
|
||||||
|
// blowing up the size of `Stage1::readSetEx` (otherwise this predicate would
|
||||||
|
// expand to one row per (node, distinct key or index) and the framework's
|
||||||
|
// read-set relation grows quadratically). `ContentSet.getAReadContent` expands
|
||||||
|
// these wildcards back to the specific contents when matching against stores.
|
||||||
|
contentSet.isAnyTupleOrDictionaryElement()
|
||||||
|
or
|
||||||
|
// List and set element content is already imprecise, so no wildcard expansion is
|
||||||
|
// needed.
|
||||||
|
contentSet.getAStoreContent() instanceof DataFlow::ListElementContent
|
||||||
|
or
|
||||||
|
contentSet.getAStoreContent() instanceof DataFlow::SetElementContent
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Holds if default `TaintTracking::Configuration`s should allow implicit reads
|
* Holds if default `TaintTracking::Configuration`s should allow implicit reads
|
||||||
* of `c` at sinks and inputs to additional taint steps.
|
* of `c` at sinks and inputs to additional taint steps.
|
||||||
*/
|
*/
|
||||||
bindingset[node]
|
bindingset[node]
|
||||||
predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::ContentSet c) { none() }
|
predicate defaultImplicitTaintRead(DataFlow::Node node, DataFlow::ContentSet c) {
|
||||||
|
exists(node) and
|
||||||
|
defaultTaintReadContent(c)
|
||||||
|
}
|
||||||
|
|
||||||
private module Cached {
|
private module Cached {
|
||||||
/**
|
/**
|
||||||
@@ -128,11 +150,6 @@ predicate stringManipulation(DataFlow::CfgNode nodeFrom, DataFlow::CfgNode nodeT
|
|||||||
nodeFrom.getNode() = object and
|
nodeFrom.getNode() = object and
|
||||||
method_name in ["partition", "rpartition", "rsplit", "split", "splitlines"]
|
method_name in ["partition", "rpartition", "rsplit", "split", "splitlines"]
|
||||||
or
|
or
|
||||||
// Iterable[str] -> str
|
|
||||||
// TODO: check if these should be handled differently in regards to content
|
|
||||||
method_name = "join" and
|
|
||||||
nodeFrom.getNode() = call.getArg(0)
|
|
||||||
or
|
|
||||||
// Mapping[str, Any] -> str
|
// Mapping[str, Any] -> str
|
||||||
method_name = "format_map" and
|
method_name = "format_map" and
|
||||||
nodeFrom.getNode() = call.getArg(0)
|
nodeFrom.getNode() = call.getArg(0)
|
||||||
@@ -161,32 +178,21 @@ predicate stringManipulation(DataFlow::CfgNode nodeFrom, DataFlow::CfgNode nodeT
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Holds if taint can flow from `nodeFrom` to `nodeTo` with a step related to containers
|
* Holds if taint can flow from `nodeFrom` to `nodeTo` with a step related to reading
|
||||||
* (lists/sets/dictionaries): literals, constructor invocation, methods. Note that this
|
* content from containers (lists/sets/dictionaries/tuples): subscripts, iteration,
|
||||||
* is currently very imprecise, as an example, since we model `dict.get`, we treat any
|
* constructor invocation, methods.
|
||||||
* `<tainted object>.get(<arg>)` will be tainted, whether it's true or not.
|
|
||||||
*/
|
*/
|
||||||
predicate containerStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
|
predicate containerStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
|
||||||
// construction by literal
|
exists(DataFlow::ContentSet contentSet |
|
||||||
//
|
DataFlowPrivate::readStep(nodeFrom, contentSet, nodeTo) and
|
||||||
// TODO: once we have proper flow-summary modeling, we might not need this step any
|
exists(DataFlow::Content c | c = contentSet.getAReadContent() |
|
||||||
// longer -- but there needs to be a matching read-step for the store-step, and we
|
c instanceof DataFlow::TupleElementContent or
|
||||||
// don't provide that right now.
|
c instanceof DataFlow::DictionaryElementContent or
|
||||||
DataFlowPrivate::listStoreStep(nodeFrom, _, nodeTo)
|
c instanceof DataFlow::DictionaryElementAnyContent or
|
||||||
or
|
c instanceof DataFlow::ListElementContent or
|
||||||
DataFlowPrivate::setStoreStep(nodeFrom, _, nodeTo)
|
c instanceof DataFlow::SetElementContent
|
||||||
or
|
)
|
||||||
DataFlowPrivate::tupleStoreStep(nodeFrom, _, nodeTo)
|
)
|
||||||
or
|
|
||||||
DataFlowPrivate::dictStoreStep(nodeFrom, _, nodeTo)
|
|
||||||
or
|
|
||||||
// comprehension, so there is taint-flow from `x` in `[x for x in xs]` to the
|
|
||||||
// resulting list of the list-comprehension.
|
|
||||||
//
|
|
||||||
// TODO: once we have proper flow-summary modeling, we might not need this step any
|
|
||||||
// longer -- but there needs to be a matching read-step for the store-step, and we
|
|
||||||
// don't provide that right now.
|
|
||||||
DataFlowPrivate::yieldStoreStep(nodeFrom, _, nodeTo)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@@ -170,13 +170,7 @@ module TypeTrackingInput implements Shared::TypeTrackingInput<Location> {
|
|||||||
|
|
||||||
/** Holds if there is a level step from `nodeFrom` to `nodeTo`, which may depend on the call graph. */
|
/** Holds if there is a level step from `nodeFrom` to `nodeTo`, which may depend on the call graph. */
|
||||||
predicate levelStepCall(Node nodeFrom, LocalSourceNode nodeTo) {
|
predicate levelStepCall(Node nodeFrom, LocalSourceNode nodeTo) {
|
||||||
// HOTFIX: `instanceFieldStep` is temporarily disabled (via `and none()`).
|
instanceFieldStep(nodeFrom, nodeTo)
|
||||||
// It uses `classInstanceTracker(cls)` -- itself a type-tracker run --
|
|
||||||
// from inside `levelStepCall`, creating a structural mutual recursion
|
|
||||||
// that causes catastrophic query slowdowns on some OOP-heavy Python
|
|
||||||
// codebases (e.g. mypy and dask). The `and none()` should be removed
|
|
||||||
// once that recursion is redesigned.
|
|
||||||
instanceFieldStep(nodeFrom, nodeTo) and none()
|
|
||||||
or
|
or
|
||||||
inheritedFieldStep(nodeFrom, nodeTo)
|
inheritedFieldStep(nodeFrom, nodeTo)
|
||||||
}
|
}
|
||||||
@@ -255,7 +249,7 @@ module TypeTrackingInput implements Shared::TypeTrackingInput<Location> {
|
|||||||
// is only fed set/list content)
|
// is only fed set/list content)
|
||||||
not nodeFrom instanceof DataFlowPublic::IterableElementNode
|
not nodeFrom instanceof DataFlowPublic::IterableElementNode
|
||||||
or
|
or
|
||||||
TypeTrackerSummaryFlow::basicStoreStep(nodeFrom, nodeTo, content)
|
TypeTrackerSummaryFlow::basicStoreStep(nodeFrom, nodeTo, DataFlowPublic::singleton(content))
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@@ -286,14 +280,15 @@ module TypeTrackingInput implements Shared::TypeTrackingInput<Location> {
|
|||||||
nodeFrom.asCfgNode() instanceof SequenceNode
|
nodeFrom.asCfgNode() instanceof SequenceNode
|
||||||
)
|
)
|
||||||
or
|
or
|
||||||
TypeTrackerSummaryFlow::basicLoadStep(nodeFrom, nodeTo, content)
|
TypeTrackerSummaryFlow::basicLoadStep(nodeFrom, nodeTo, DataFlowPublic::singleton(content))
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Holds if the `loadContent` of `nodeFrom` is stored in the `storeContent` of `nodeTo`.
|
* Holds if the `loadContent` of `nodeFrom` is stored in the `storeContent` of `nodeTo`.
|
||||||
*/
|
*/
|
||||||
predicate loadStoreStep(Node nodeFrom, Node nodeTo, Content loadContent, Content storeContent) {
|
predicate loadStoreStep(Node nodeFrom, Node nodeTo, Content loadContent, Content storeContent) {
|
||||||
TypeTrackerSummaryFlow::basicLoadStoreStep(nodeFrom, nodeTo, loadContent, storeContent)
|
TypeTrackerSummaryFlow::basicLoadStoreStep(nodeFrom, nodeTo,
|
||||||
|
DataFlowPublic::singleton(loadContent), DataFlowPublic::singleton(storeContent))
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@@ -4245,6 +4245,7 @@ module StdlibPrivate {
|
|||||||
)
|
)
|
||||||
// TODO: Once we have DictKeyContent, we need to transform that into ListElementContent
|
// TODO: Once we have DictKeyContent, we need to transform that into ListElementContent
|
||||||
) and
|
) and
|
||||||
|
// Element content is mutated into list element content
|
||||||
output = "ReturnValue.ListElement" and
|
output = "ReturnValue.ListElement" and
|
||||||
preservesValue = true
|
preservesValue = true
|
||||||
or
|
or
|
||||||
@@ -4271,11 +4272,9 @@ module StdlibPrivate {
|
|||||||
preservesValue = true
|
preservesValue = true
|
||||||
)
|
)
|
||||||
or
|
or
|
||||||
// TODO: We need to also translate iterable content such as list element
|
input = "Argument[0].ListElement" and
|
||||||
// but we currently lack TupleElementAny
|
|
||||||
input = "Argument[0]" and
|
|
||||||
output = "ReturnValue" and
|
output = "ReturnValue" and
|
||||||
preservesValue = false
|
preservesValue = true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -4970,6 +4969,26 @@ module StdlibPrivate {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/** A flow summary for `str.join`. */
|
||||||
|
class StrJoinSummary extends SummarizedCallable::Range {
|
||||||
|
StrJoinSummary() { this = "str.join" }
|
||||||
|
|
||||||
|
override DataFlow::CallCfgNode getACall() { result.(DataFlow::MethodCallNode).calls(_, "join") }
|
||||||
|
|
||||||
|
override DataFlow::ArgumentNode getACallback() {
|
||||||
|
result.(DataFlow::AttrRead).getAttributeName() = "join"
|
||||||
|
}
|
||||||
|
|
||||||
|
override predicate propagatesFlow(string input, string output, boolean preservesValue) {
|
||||||
|
(
|
||||||
|
// For code like `" ".join([name])`
|
||||||
|
input = "Argument[0,iterable:].ListElement" and
|
||||||
|
preservesValue = true
|
||||||
|
) and
|
||||||
|
output = "ReturnValue"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// ---------------------------------------------------------------------------
|
// ---------------------------------------------------------------------------
|
||||||
// asyncio
|
// asyncio
|
||||||
// ---------------------------------------------------------------------------
|
// ---------------------------------------------------------------------------
|
||||||
|
|||||||
6
python/ql/lib/semmle/python/frameworks/lxml.model.yml
Normal file
6
python/ql/lib/semmle/python/frameworks/lxml.model.yml
Normal file
@@ -0,0 +1,6 @@
|
|||||||
|
extensions:
|
||||||
|
- addsTo:
|
||||||
|
pack: codeql/python-all
|
||||||
|
extensible: summaryModel
|
||||||
|
data:
|
||||||
|
- ['lxml', 'Member[etree].Member[fromstringlist]', 'Argument[0,strings:].ListElement', 'ReturnValue', 'taint']
|
||||||
6
python/ql/lib/semmle/python/frameworks/xml.model.yml
Normal file
6
python/ql/lib/semmle/python/frameworks/xml.model.yml
Normal file
@@ -0,0 +1,6 @@
|
|||||||
|
extensions:
|
||||||
|
- addsTo:
|
||||||
|
pack: codeql/python-all
|
||||||
|
extensible: summaryModel
|
||||||
|
data:
|
||||||
|
- ['xml', 'Member[etree].Member[fromstringlist]', 'Argument[0,strings:].ListElement', 'ReturnValue', 'taint']
|
||||||
@@ -61,10 +61,11 @@ module EscapingCaptureFlowConfig implements DataFlow::ConfigSig {
|
|||||||
predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet cs) {
|
predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet cs) {
|
||||||
isSink(node) and
|
isSink(node) and
|
||||||
(
|
(
|
||||||
cs.(DataFlow::TupleElementContent).getIndex() in [0 .. 10] or
|
cs.isAnyTupleOrDictionaryElement()
|
||||||
cs instanceof DataFlow::ListElementContent or
|
or
|
||||||
cs instanceof DataFlow::SetElementContent or
|
cs.getAStoreContent() instanceof DataFlow::ListElementContent
|
||||||
cs instanceof DataFlow::DictionaryElementAnyContent
|
or
|
||||||
|
cs.getAStoreContent() instanceof DataFlow::SetElementContent
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -3,11 +3,15 @@ edges
|
|||||||
| TarSlipImprov.py:15:7:15:39 | ControlFlowNode for Attribute() | TarSlipImprov.py:15:1:15:3 | ControlFlowNode for tar | provenance | |
|
| TarSlipImprov.py:15:7:15:39 | ControlFlowNode for Attribute() | TarSlipImprov.py:15:1:15:3 | ControlFlowNode for tar | provenance | |
|
||||||
| TarSlipImprov.py:17:5:17:10 | ControlFlowNode for member | TarSlipImprov.py:20:19:20:24 | ControlFlowNode for member | provenance | |
|
| TarSlipImprov.py:17:5:17:10 | ControlFlowNode for member | TarSlipImprov.py:20:19:20:24 | ControlFlowNode for member | provenance | |
|
||||||
| TarSlipImprov.py:20:5:20:10 | [post] ControlFlowNode for result | TarSlipImprov.py:22:35:22:40 | ControlFlowNode for result | provenance | |
|
| TarSlipImprov.py:20:5:20:10 | [post] ControlFlowNode for result | TarSlipImprov.py:22:35:22:40 | ControlFlowNode for result | provenance | |
|
||||||
|
| TarSlipImprov.py:20:5:20:10 | [post] ControlFlowNode for result [List element] | TarSlipImprov.py:22:35:22:40 | ControlFlowNode for result | provenance | |
|
||||||
| TarSlipImprov.py:20:19:20:24 | ControlFlowNode for member | TarSlipImprov.py:20:5:20:10 | [post] ControlFlowNode for result | provenance | list.append |
|
| TarSlipImprov.py:20:19:20:24 | ControlFlowNode for member | TarSlipImprov.py:20:5:20:10 | [post] ControlFlowNode for result | provenance | list.append |
|
||||||
|
| TarSlipImprov.py:20:19:20:24 | ControlFlowNode for member | TarSlipImprov.py:20:5:20:10 | [post] ControlFlowNode for result [List element] | provenance | list.append |
|
||||||
| TarSlipImprov.py:26:21:26:27 | ControlFlowNode for tarfile | TarSlipImprov.py:28:9:28:14 | ControlFlowNode for member | provenance | |
|
| TarSlipImprov.py:26:21:26:27 | ControlFlowNode for tarfile | TarSlipImprov.py:28:9:28:14 | ControlFlowNode for member | provenance | |
|
||||||
| TarSlipImprov.py:28:9:28:14 | ControlFlowNode for member | TarSlipImprov.py:35:23:35:28 | ControlFlowNode for member | provenance | |
|
| TarSlipImprov.py:28:9:28:14 | ControlFlowNode for member | TarSlipImprov.py:35:23:35:28 | ControlFlowNode for member | provenance | |
|
||||||
| TarSlipImprov.py:35:9:35:14 | [post] ControlFlowNode for result | TarSlipImprov.py:36:12:36:17 | ControlFlowNode for result | provenance | |
|
| TarSlipImprov.py:35:9:35:14 | [post] ControlFlowNode for result | TarSlipImprov.py:36:12:36:17 | ControlFlowNode for result | provenance | |
|
||||||
|
| TarSlipImprov.py:35:9:35:14 | [post] ControlFlowNode for result [List element] | TarSlipImprov.py:36:12:36:17 | ControlFlowNode for result [List element] | provenance | |
|
||||||
| TarSlipImprov.py:35:23:35:28 | ControlFlowNode for member | TarSlipImprov.py:35:9:35:14 | [post] ControlFlowNode for result | provenance | list.append |
|
| TarSlipImprov.py:35:23:35:28 | ControlFlowNode for member | TarSlipImprov.py:35:9:35:14 | [post] ControlFlowNode for result | provenance | list.append |
|
||||||
|
| TarSlipImprov.py:35:23:35:28 | ControlFlowNode for member | TarSlipImprov.py:35:9:35:14 | [post] ControlFlowNode for result [List element] | provenance | list.append |
|
||||||
| TarSlipImprov.py:38:1:38:3 | ControlFlowNode for tar | TarSlipImprov.py:39:65:39:67 | ControlFlowNode for tar | provenance | |
|
| TarSlipImprov.py:38:1:38:3 | ControlFlowNode for tar | TarSlipImprov.py:39:65:39:67 | ControlFlowNode for tar | provenance | |
|
||||||
| TarSlipImprov.py:38:7:38:39 | ControlFlowNode for Attribute() | TarSlipImprov.py:38:1:38:3 | ControlFlowNode for tar | provenance | |
|
| TarSlipImprov.py:38:7:38:39 | ControlFlowNode for Attribute() | TarSlipImprov.py:38:1:38:3 | ControlFlowNode for tar | provenance | |
|
||||||
| TarSlipImprov.py:39:65:39:67 | ControlFlowNode for tar | TarSlipImprov.py:26:21:26:27 | ControlFlowNode for tarfile | provenance | |
|
| TarSlipImprov.py:39:65:39:67 | ControlFlowNode for tar | TarSlipImprov.py:26:21:26:27 | ControlFlowNode for tarfile | provenance | |
|
||||||
@@ -34,16 +38,19 @@ edges
|
|||||||
| TarSlipImprov.py:142:9:142:13 | ControlFlowNode for entry | TarSlipImprov.py:143:36:143:40 | ControlFlowNode for entry | provenance | |
|
| TarSlipImprov.py:142:9:142:13 | ControlFlowNode for entry | TarSlipImprov.py:143:36:143:40 | ControlFlowNode for entry | provenance | |
|
||||||
| TarSlipImprov.py:151:14:151:50 | ControlFlowNode for closing() | TarSlipImprov.py:151:55:151:56 | ControlFlowNode for tf | provenance | |
|
| TarSlipImprov.py:151:14:151:50 | ControlFlowNode for closing() | TarSlipImprov.py:151:55:151:56 | ControlFlowNode for tf | provenance | |
|
||||||
| TarSlipImprov.py:151:22:151:49 | ControlFlowNode for Attribute() | TarSlipImprov.py:151:14:151:50 | ControlFlowNode for closing() | provenance | Config |
|
| TarSlipImprov.py:151:22:151:49 | ControlFlowNode for Attribute() | TarSlipImprov.py:151:14:151:50 | ControlFlowNode for closing() | provenance | Config |
|
||||||
| TarSlipImprov.py:151:55:151:56 | ControlFlowNode for tf | TarSlipImprov.py:152:13:152:20 | ControlFlowNode for Yield | provenance | |
|
|
||||||
| TarSlipImprov.py:151:55:151:56 | ControlFlowNode for tf | TarSlipImprov.py:152:19:152:20 | ControlFlowNode for tf | provenance | |
|
| TarSlipImprov.py:151:55:151:56 | ControlFlowNode for tf | TarSlipImprov.py:152:19:152:20 | ControlFlowNode for tf | provenance | |
|
||||||
| TarSlipImprov.py:152:13:152:20 | ControlFlowNode for Yield | TarSlipImprov.py:157:18:157:40 | ControlFlowNode for py2_tarxz() | provenance | |
|
| TarSlipImprov.py:152:13:152:20 | ControlFlowNode for Yield [List element] | TarSlipImprov.py:157:18:157:40 | ControlFlowNode for py2_tarxz() [List element] | provenance | |
|
||||||
|
| TarSlipImprov.py:152:19:152:20 | ControlFlowNode for tf | TarSlipImprov.py:152:13:152:20 | ControlFlowNode for Yield [List element] | provenance | |
|
||||||
| TarSlipImprov.py:152:19:152:20 | ControlFlowNode for tf | TarSlipImprov.py:157:18:157:40 | ControlFlowNode for py2_tarxz() | provenance | |
|
| TarSlipImprov.py:152:19:152:20 | ControlFlowNode for tf | TarSlipImprov.py:157:18:157:40 | ControlFlowNode for py2_tarxz() | provenance | |
|
||||||
| TarSlipImprov.py:157:9:157:14 | ControlFlowNode for tar_cm | TarSlipImprov.py:162:20:162:23 | ControlFlowNode for tarc | provenance | |
|
| TarSlipImprov.py:157:9:157:14 | ControlFlowNode for tar_cm | TarSlipImprov.py:162:20:162:23 | ControlFlowNode for tarc | provenance | |
|
||||||
|
| TarSlipImprov.py:157:9:157:14 | ControlFlowNode for tar_cm [List element] | TarSlipImprov.py:162:20:162:23 | ControlFlowNode for tarc [List element] | provenance | |
|
||||||
| TarSlipImprov.py:157:18:157:40 | ControlFlowNode for py2_tarxz() | TarSlipImprov.py:157:9:157:14 | ControlFlowNode for tar_cm | provenance | |
|
| TarSlipImprov.py:157:18:157:40 | ControlFlowNode for py2_tarxz() | TarSlipImprov.py:157:9:157:14 | ControlFlowNode for tar_cm | provenance | |
|
||||||
|
| TarSlipImprov.py:157:18:157:40 | ControlFlowNode for py2_tarxz() [List element] | TarSlipImprov.py:157:9:157:14 | ControlFlowNode for tar_cm [List element] | provenance | |
|
||||||
| TarSlipImprov.py:159:9:159:14 | ControlFlowNode for tar_cm | TarSlipImprov.py:162:20:162:23 | ControlFlowNode for tarc | provenance | |
|
| TarSlipImprov.py:159:9:159:14 | ControlFlowNode for tar_cm | TarSlipImprov.py:162:20:162:23 | ControlFlowNode for tarc | provenance | |
|
||||||
| TarSlipImprov.py:159:18:159:52 | ControlFlowNode for closing() | TarSlipImprov.py:159:9:159:14 | ControlFlowNode for tar_cm | provenance | |
|
| TarSlipImprov.py:159:18:159:52 | ControlFlowNode for closing() | TarSlipImprov.py:159:9:159:14 | ControlFlowNode for tar_cm | provenance | |
|
||||||
| TarSlipImprov.py:159:26:159:51 | ControlFlowNode for Attribute() | TarSlipImprov.py:159:18:159:52 | ControlFlowNode for closing() | provenance | Config |
|
| TarSlipImprov.py:159:26:159:51 | ControlFlowNode for Attribute() | TarSlipImprov.py:159:18:159:52 | ControlFlowNode for closing() | provenance | Config |
|
||||||
| TarSlipImprov.py:162:20:162:23 | ControlFlowNode for tarc | TarSlipImprov.py:169:9:169:12 | ControlFlowNode for tarc | provenance | |
|
| TarSlipImprov.py:162:20:162:23 | ControlFlowNode for tarc | TarSlipImprov.py:169:9:169:12 | ControlFlowNode for tarc | provenance | |
|
||||||
|
| TarSlipImprov.py:162:20:162:23 | ControlFlowNode for tarc [List element] | TarSlipImprov.py:169:9:169:12 | ControlFlowNode for tarc | provenance | |
|
||||||
| TarSlipImprov.py:176:6:176:31 | ControlFlowNode for Attribute() | TarSlipImprov.py:176:36:176:38 | ControlFlowNode for tar | provenance | |
|
| TarSlipImprov.py:176:6:176:31 | ControlFlowNode for Attribute() | TarSlipImprov.py:176:36:176:38 | ControlFlowNode for tar | provenance | |
|
||||||
| TarSlipImprov.py:176:36:176:38 | ControlFlowNode for tar | TarSlipImprov.py:177:9:177:13 | ControlFlowNode for entry | provenance | |
|
| TarSlipImprov.py:176:36:176:38 | ControlFlowNode for tar | TarSlipImprov.py:177:9:177:13 | ControlFlowNode for entry | provenance | |
|
||||||
| TarSlipImprov.py:177:9:177:13 | ControlFlowNode for entry | TarSlipImprov.py:178:36:178:40 | ControlFlowNode for entry | provenance | |
|
| TarSlipImprov.py:177:9:177:13 | ControlFlowNode for entry | TarSlipImprov.py:178:36:178:40 | ControlFlowNode for entry | provenance | |
|
||||||
@@ -60,7 +67,9 @@ edges
|
|||||||
| TarSlipImprov.py:231:43:231:52 | ControlFlowNode for corpus_tar | TarSlipImprov.py:233:9:233:9 | ControlFlowNode for f | provenance | |
|
| TarSlipImprov.py:231:43:231:52 | ControlFlowNode for corpus_tar | TarSlipImprov.py:233:9:233:9 | ControlFlowNode for f | provenance | |
|
||||||
| TarSlipImprov.py:233:9:233:9 | ControlFlowNode for f | TarSlipImprov.py:235:28:235:28 | ControlFlowNode for f | provenance | |
|
| TarSlipImprov.py:233:9:233:9 | ControlFlowNode for f | TarSlipImprov.py:235:28:235:28 | ControlFlowNode for f | provenance | |
|
||||||
| TarSlipImprov.py:235:13:235:19 | [post] ControlFlowNode for members | TarSlipImprov.py:236:44:236:50 | ControlFlowNode for members | provenance | |
|
| TarSlipImprov.py:235:13:235:19 | [post] ControlFlowNode for members | TarSlipImprov.py:236:44:236:50 | ControlFlowNode for members | provenance | |
|
||||||
|
| TarSlipImprov.py:235:13:235:19 | [post] ControlFlowNode for members [List element] | TarSlipImprov.py:236:44:236:50 | ControlFlowNode for members | provenance | |
|
||||||
| TarSlipImprov.py:235:28:235:28 | ControlFlowNode for f | TarSlipImprov.py:235:13:235:19 | [post] ControlFlowNode for members | provenance | list.append |
|
| TarSlipImprov.py:235:28:235:28 | ControlFlowNode for f | TarSlipImprov.py:235:13:235:19 | [post] ControlFlowNode for members | provenance | list.append |
|
||||||
|
| TarSlipImprov.py:235:28:235:28 | ControlFlowNode for f | TarSlipImprov.py:235:13:235:19 | [post] ControlFlowNode for members [List element] | provenance | list.append |
|
||||||
| TarSlipImprov.py:258:6:258:26 | ControlFlowNode for Attribute() | TarSlipImprov.py:258:31:258:33 | ControlFlowNode for tar | provenance | |
|
| TarSlipImprov.py:258:6:258:26 | ControlFlowNode for Attribute() | TarSlipImprov.py:258:31:258:33 | ControlFlowNode for tar | provenance | |
|
||||||
| TarSlipImprov.py:258:31:258:33 | ControlFlowNode for tar | TarSlipImprov.py:259:9:259:13 | ControlFlowNode for entry | provenance | |
|
| TarSlipImprov.py:258:31:258:33 | ControlFlowNode for tar | TarSlipImprov.py:259:9:259:13 | ControlFlowNode for entry | provenance | |
|
||||||
| TarSlipImprov.py:259:9:259:13 | ControlFlowNode for entry | TarSlipImprov.py:261:25:261:29 | ControlFlowNode for entry | provenance | |
|
| TarSlipImprov.py:259:9:259:13 | ControlFlowNode for entry | TarSlipImprov.py:261:25:261:29 | ControlFlowNode for entry | provenance | |
|
||||||
@@ -85,19 +94,24 @@ edges
|
|||||||
| TarSlipImprov.py:304:7:304:39 | ControlFlowNode for Attribute() | TarSlipImprov.py:304:1:304:3 | ControlFlowNode for tar | provenance | |
|
| TarSlipImprov.py:304:7:304:39 | ControlFlowNode for Attribute() | TarSlipImprov.py:304:1:304:3 | ControlFlowNode for tar | provenance | |
|
||||||
| TarSlipImprov.py:306:5:306:10 | ControlFlowNode for member | TarSlipImprov.py:309:19:309:24 | ControlFlowNode for member | provenance | |
|
| TarSlipImprov.py:306:5:306:10 | ControlFlowNode for member | TarSlipImprov.py:309:19:309:24 | ControlFlowNode for member | provenance | |
|
||||||
| TarSlipImprov.py:309:5:309:10 | [post] ControlFlowNode for result | TarSlipImprov.py:310:49:310:54 | ControlFlowNode for result | provenance | |
|
| TarSlipImprov.py:309:5:309:10 | [post] ControlFlowNode for result | TarSlipImprov.py:310:49:310:54 | ControlFlowNode for result | provenance | |
|
||||||
|
| TarSlipImprov.py:309:5:309:10 | [post] ControlFlowNode for result [List element] | TarSlipImprov.py:310:49:310:54 | ControlFlowNode for result | provenance | |
|
||||||
| TarSlipImprov.py:309:19:309:24 | ControlFlowNode for member | TarSlipImprov.py:309:5:309:10 | [post] ControlFlowNode for result | provenance | list.append |
|
| TarSlipImprov.py:309:19:309:24 | ControlFlowNode for member | TarSlipImprov.py:309:5:309:10 | [post] ControlFlowNode for result | provenance | list.append |
|
||||||
|
| TarSlipImprov.py:309:19:309:24 | ControlFlowNode for member | TarSlipImprov.py:309:5:309:10 | [post] ControlFlowNode for result [List element] | provenance | list.append |
|
||||||
nodes
|
nodes
|
||||||
| TarSlipImprov.py:15:1:15:3 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
|
| TarSlipImprov.py:15:1:15:3 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
|
||||||
| TarSlipImprov.py:15:7:15:39 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
|
| TarSlipImprov.py:15:7:15:39 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
|
||||||
| TarSlipImprov.py:17:5:17:10 | ControlFlowNode for member | semmle.label | ControlFlowNode for member |
|
| TarSlipImprov.py:17:5:17:10 | ControlFlowNode for member | semmle.label | ControlFlowNode for member |
|
||||||
| TarSlipImprov.py:20:5:20:10 | [post] ControlFlowNode for result | semmle.label | [post] ControlFlowNode for result |
|
| TarSlipImprov.py:20:5:20:10 | [post] ControlFlowNode for result | semmle.label | [post] ControlFlowNode for result |
|
||||||
|
| TarSlipImprov.py:20:5:20:10 | [post] ControlFlowNode for result [List element] | semmle.label | [post] ControlFlowNode for result [List element] |
|
||||||
| TarSlipImprov.py:20:19:20:24 | ControlFlowNode for member | semmle.label | ControlFlowNode for member |
|
| TarSlipImprov.py:20:19:20:24 | ControlFlowNode for member | semmle.label | ControlFlowNode for member |
|
||||||
| TarSlipImprov.py:22:35:22:40 | ControlFlowNode for result | semmle.label | ControlFlowNode for result |
|
| TarSlipImprov.py:22:35:22:40 | ControlFlowNode for result | semmle.label | ControlFlowNode for result |
|
||||||
| TarSlipImprov.py:26:21:26:27 | ControlFlowNode for tarfile | semmle.label | ControlFlowNode for tarfile |
|
| TarSlipImprov.py:26:21:26:27 | ControlFlowNode for tarfile | semmle.label | ControlFlowNode for tarfile |
|
||||||
| TarSlipImprov.py:28:9:28:14 | ControlFlowNode for member | semmle.label | ControlFlowNode for member |
|
| TarSlipImprov.py:28:9:28:14 | ControlFlowNode for member | semmle.label | ControlFlowNode for member |
|
||||||
| TarSlipImprov.py:35:9:35:14 | [post] ControlFlowNode for result | semmle.label | [post] ControlFlowNode for result |
|
| TarSlipImprov.py:35:9:35:14 | [post] ControlFlowNode for result | semmle.label | [post] ControlFlowNode for result |
|
||||||
|
| TarSlipImprov.py:35:9:35:14 | [post] ControlFlowNode for result [List element] | semmle.label | [post] ControlFlowNode for result [List element] |
|
||||||
| TarSlipImprov.py:35:23:35:28 | ControlFlowNode for member | semmle.label | ControlFlowNode for member |
|
| TarSlipImprov.py:35:23:35:28 | ControlFlowNode for member | semmle.label | ControlFlowNode for member |
|
||||||
| TarSlipImprov.py:36:12:36:17 | ControlFlowNode for result | semmle.label | ControlFlowNode for result |
|
| TarSlipImprov.py:36:12:36:17 | ControlFlowNode for result | semmle.label | ControlFlowNode for result |
|
||||||
|
| TarSlipImprov.py:36:12:36:17 | ControlFlowNode for result [List element] | semmle.label | ControlFlowNode for result [List element] |
|
||||||
| TarSlipImprov.py:38:1:38:3 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
|
| TarSlipImprov.py:38:1:38:3 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
|
||||||
| TarSlipImprov.py:38:7:38:39 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
|
| TarSlipImprov.py:38:7:38:39 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
|
||||||
| TarSlipImprov.py:39:49:39:68 | ControlFlowNode for members_filter1() | semmle.label | ControlFlowNode for members_filter1() |
|
| TarSlipImprov.py:39:49:39:68 | ControlFlowNode for members_filter1() | semmle.label | ControlFlowNode for members_filter1() |
|
||||||
@@ -133,14 +147,17 @@ nodes
|
|||||||
| TarSlipImprov.py:151:14:151:50 | ControlFlowNode for closing() | semmle.label | ControlFlowNode for closing() |
|
| TarSlipImprov.py:151:14:151:50 | ControlFlowNode for closing() | semmle.label | ControlFlowNode for closing() |
|
||||||
| TarSlipImprov.py:151:22:151:49 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
|
| TarSlipImprov.py:151:22:151:49 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
|
||||||
| TarSlipImprov.py:151:55:151:56 | ControlFlowNode for tf | semmle.label | ControlFlowNode for tf |
|
| TarSlipImprov.py:151:55:151:56 | ControlFlowNode for tf | semmle.label | ControlFlowNode for tf |
|
||||||
| TarSlipImprov.py:152:13:152:20 | ControlFlowNode for Yield | semmle.label | ControlFlowNode for Yield |
|
| TarSlipImprov.py:152:13:152:20 | ControlFlowNode for Yield [List element] | semmle.label | ControlFlowNode for Yield [List element] |
|
||||||
| TarSlipImprov.py:152:19:152:20 | ControlFlowNode for tf | semmle.label | ControlFlowNode for tf |
|
| TarSlipImprov.py:152:19:152:20 | ControlFlowNode for tf | semmle.label | ControlFlowNode for tf |
|
||||||
| TarSlipImprov.py:157:9:157:14 | ControlFlowNode for tar_cm | semmle.label | ControlFlowNode for tar_cm |
|
| TarSlipImprov.py:157:9:157:14 | ControlFlowNode for tar_cm | semmle.label | ControlFlowNode for tar_cm |
|
||||||
|
| TarSlipImprov.py:157:9:157:14 | ControlFlowNode for tar_cm [List element] | semmle.label | ControlFlowNode for tar_cm [List element] |
|
||||||
| TarSlipImprov.py:157:18:157:40 | ControlFlowNode for py2_tarxz() | semmle.label | ControlFlowNode for py2_tarxz() |
|
| TarSlipImprov.py:157:18:157:40 | ControlFlowNode for py2_tarxz() | semmle.label | ControlFlowNode for py2_tarxz() |
|
||||||
|
| TarSlipImprov.py:157:18:157:40 | ControlFlowNode for py2_tarxz() [List element] | semmle.label | ControlFlowNode for py2_tarxz() [List element] |
|
||||||
| TarSlipImprov.py:159:9:159:14 | ControlFlowNode for tar_cm | semmle.label | ControlFlowNode for tar_cm |
|
| TarSlipImprov.py:159:9:159:14 | ControlFlowNode for tar_cm | semmle.label | ControlFlowNode for tar_cm |
|
||||||
| TarSlipImprov.py:159:18:159:52 | ControlFlowNode for closing() | semmle.label | ControlFlowNode for closing() |
|
| TarSlipImprov.py:159:18:159:52 | ControlFlowNode for closing() | semmle.label | ControlFlowNode for closing() |
|
||||||
| TarSlipImprov.py:159:26:159:51 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
|
| TarSlipImprov.py:159:26:159:51 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
|
||||||
| TarSlipImprov.py:162:20:162:23 | ControlFlowNode for tarc | semmle.label | ControlFlowNode for tarc |
|
| TarSlipImprov.py:162:20:162:23 | ControlFlowNode for tarc | semmle.label | ControlFlowNode for tarc |
|
||||||
|
| TarSlipImprov.py:162:20:162:23 | ControlFlowNode for tarc [List element] | semmle.label | ControlFlowNode for tarc [List element] |
|
||||||
| TarSlipImprov.py:169:9:169:12 | ControlFlowNode for tarc | semmle.label | ControlFlowNode for tarc |
|
| TarSlipImprov.py:169:9:169:12 | ControlFlowNode for tarc | semmle.label | ControlFlowNode for tarc |
|
||||||
| TarSlipImprov.py:176:6:176:31 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
|
| TarSlipImprov.py:176:6:176:31 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
|
||||||
| TarSlipImprov.py:176:36:176:38 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
|
| TarSlipImprov.py:176:36:176:38 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
|
||||||
@@ -163,6 +180,7 @@ nodes
|
|||||||
| TarSlipImprov.py:231:43:231:52 | ControlFlowNode for corpus_tar | semmle.label | ControlFlowNode for corpus_tar |
|
| TarSlipImprov.py:231:43:231:52 | ControlFlowNode for corpus_tar | semmle.label | ControlFlowNode for corpus_tar |
|
||||||
| TarSlipImprov.py:233:9:233:9 | ControlFlowNode for f | semmle.label | ControlFlowNode for f |
|
| TarSlipImprov.py:233:9:233:9 | ControlFlowNode for f | semmle.label | ControlFlowNode for f |
|
||||||
| TarSlipImprov.py:235:13:235:19 | [post] ControlFlowNode for members | semmle.label | [post] ControlFlowNode for members |
|
| TarSlipImprov.py:235:13:235:19 | [post] ControlFlowNode for members | semmle.label | [post] ControlFlowNode for members |
|
||||||
|
| TarSlipImprov.py:235:13:235:19 | [post] ControlFlowNode for members [List element] | semmle.label | [post] ControlFlowNode for members [List element] |
|
||||||
| TarSlipImprov.py:235:28:235:28 | ControlFlowNode for f | semmle.label | ControlFlowNode for f |
|
| TarSlipImprov.py:235:28:235:28 | ControlFlowNode for f | semmle.label | ControlFlowNode for f |
|
||||||
| TarSlipImprov.py:236:44:236:50 | ControlFlowNode for members | semmle.label | ControlFlowNode for members |
|
| TarSlipImprov.py:236:44:236:50 | ControlFlowNode for members | semmle.label | ControlFlowNode for members |
|
||||||
| TarSlipImprov.py:254:1:254:31 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
|
| TarSlipImprov.py:254:1:254:31 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
|
||||||
@@ -198,11 +216,13 @@ nodes
|
|||||||
| TarSlipImprov.py:304:7:304:39 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
|
| TarSlipImprov.py:304:7:304:39 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
|
||||||
| TarSlipImprov.py:306:5:306:10 | ControlFlowNode for member | semmle.label | ControlFlowNode for member |
|
| TarSlipImprov.py:306:5:306:10 | ControlFlowNode for member | semmle.label | ControlFlowNode for member |
|
||||||
| TarSlipImprov.py:309:5:309:10 | [post] ControlFlowNode for result | semmle.label | [post] ControlFlowNode for result |
|
| TarSlipImprov.py:309:5:309:10 | [post] ControlFlowNode for result | semmle.label | [post] ControlFlowNode for result |
|
||||||
|
| TarSlipImprov.py:309:5:309:10 | [post] ControlFlowNode for result [List element] | semmle.label | [post] ControlFlowNode for result [List element] |
|
||||||
| TarSlipImprov.py:309:19:309:24 | ControlFlowNode for member | semmle.label | ControlFlowNode for member |
|
| TarSlipImprov.py:309:19:309:24 | ControlFlowNode for member | semmle.label | ControlFlowNode for member |
|
||||||
| TarSlipImprov.py:310:49:310:54 | ControlFlowNode for result | semmle.label | ControlFlowNode for result |
|
| TarSlipImprov.py:310:49:310:54 | ControlFlowNode for result | semmle.label | ControlFlowNode for result |
|
||||||
| TarSlipImprov.py:316:1:316:46 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
|
| TarSlipImprov.py:316:1:316:46 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
|
||||||
subpaths
|
subpaths
|
||||||
| TarSlipImprov.py:39:65:39:67 | ControlFlowNode for tar | TarSlipImprov.py:26:21:26:27 | ControlFlowNode for tarfile | TarSlipImprov.py:36:12:36:17 | ControlFlowNode for result | TarSlipImprov.py:39:49:39:68 | ControlFlowNode for members_filter1() |
|
| TarSlipImprov.py:39:65:39:67 | ControlFlowNode for tar | TarSlipImprov.py:26:21:26:27 | ControlFlowNode for tarfile | TarSlipImprov.py:36:12:36:17 | ControlFlowNode for result | TarSlipImprov.py:39:49:39:68 | ControlFlowNode for members_filter1() |
|
||||||
|
| TarSlipImprov.py:39:65:39:67 | ControlFlowNode for tar | TarSlipImprov.py:26:21:26:27 | ControlFlowNode for tarfile | TarSlipImprov.py:36:12:36:17 | ControlFlowNode for result [List element] | TarSlipImprov.py:39:49:39:68 | ControlFlowNode for members_filter1() |
|
||||||
#select
|
#select
|
||||||
| TarSlipImprov.py:22:35:22:40 | ControlFlowNode for result | TarSlipImprov.py:15:7:15:39 | ControlFlowNode for Attribute() | TarSlipImprov.py:22:35:22:40 | ControlFlowNode for result | Extraction of tarfile from $@ to a potentially untrusted source $@. | TarSlipImprov.py:15:7:15:39 | ControlFlowNode for Attribute() | ControlFlowNode for Attribute() | TarSlipImprov.py:22:35:22:40 | ControlFlowNode for result | ControlFlowNode for result |
|
| TarSlipImprov.py:22:35:22:40 | ControlFlowNode for result | TarSlipImprov.py:15:7:15:39 | ControlFlowNode for Attribute() | TarSlipImprov.py:22:35:22:40 | ControlFlowNode for result | Extraction of tarfile from $@ to a potentially untrusted source $@. | TarSlipImprov.py:15:7:15:39 | ControlFlowNode for Attribute() | ControlFlowNode for Attribute() | TarSlipImprov.py:22:35:22:40 | ControlFlowNode for result | ControlFlowNode for result |
|
||||||
| TarSlipImprov.py:39:49:39:68 | ControlFlowNode for members_filter1() | TarSlipImprov.py:38:7:38:39 | ControlFlowNode for Attribute() | TarSlipImprov.py:39:49:39:68 | ControlFlowNode for members_filter1() | Extraction of tarfile from $@ to a potentially untrusted source $@. | TarSlipImprov.py:38:7:38:39 | ControlFlowNode for Attribute() | ControlFlowNode for Attribute() | TarSlipImprov.py:39:49:39:68 | ControlFlowNode for members_filter1() | ControlFlowNode for members_filter1() |
|
| TarSlipImprov.py:39:49:39:68 | ControlFlowNode for members_filter1() | TarSlipImprov.py:38:7:38:39 | ControlFlowNode for Attribute() | TarSlipImprov.py:39:49:39:68 | ControlFlowNode for members_filter1() | Extraction of tarfile from $@ to a potentially untrusted source $@. | TarSlipImprov.py:38:7:38:39 | ControlFlowNode for Attribute() | ControlFlowNode for Attribute() | TarSlipImprov.py:39:49:39:68 | ControlFlowNode for members_filter1() | ControlFlowNode for members_filter1() |
|
||||||
|
|||||||
@@ -93,7 +93,9 @@ edges
|
|||||||
| UnsafeUnpack.py:163:23:163:28 | ControlFlowNode for member | UnsafeUnpack.py:166:37:166:42 | ControlFlowNode for member | provenance | |
|
| UnsafeUnpack.py:163:23:163:28 | ControlFlowNode for member | UnsafeUnpack.py:166:37:166:42 | ControlFlowNode for member | provenance | |
|
||||||
| UnsafeUnpack.py:163:33:163:35 | ControlFlowNode for tar | UnsafeUnpack.py:163:23:163:28 | ControlFlowNode for member | provenance | |
|
| UnsafeUnpack.py:163:33:163:35 | ControlFlowNode for tar | UnsafeUnpack.py:163:23:163:28 | ControlFlowNode for member | provenance | |
|
||||||
| UnsafeUnpack.py:166:23:166:28 | [post] ControlFlowNode for result | UnsafeUnpack.py:167:67:167:72 | ControlFlowNode for result | provenance | |
|
| UnsafeUnpack.py:166:23:166:28 | [post] ControlFlowNode for result | UnsafeUnpack.py:167:67:167:72 | ControlFlowNode for result | provenance | |
|
||||||
|
| UnsafeUnpack.py:166:23:166:28 | [post] ControlFlowNode for result [List element] | UnsafeUnpack.py:167:67:167:72 | ControlFlowNode for result | provenance | |
|
||||||
| UnsafeUnpack.py:166:37:166:42 | ControlFlowNode for member | UnsafeUnpack.py:166:23:166:28 | [post] ControlFlowNode for result | provenance | list.append |
|
| UnsafeUnpack.py:166:37:166:42 | ControlFlowNode for member | UnsafeUnpack.py:166:23:166:28 | [post] ControlFlowNode for result | provenance | list.append |
|
||||||
|
| UnsafeUnpack.py:166:37:166:42 | ControlFlowNode for member | UnsafeUnpack.py:166:23:166:28 | [post] ControlFlowNode for result [List element] | provenance | list.append |
|
||||||
| UnsafeUnpack.py:171:1:171:8 | ControlFlowNode for response | UnsafeUnpack.py:174:15:174:22 | ControlFlowNode for response | provenance | |
|
| UnsafeUnpack.py:171:1:171:8 | ControlFlowNode for response | UnsafeUnpack.py:174:15:174:22 | ControlFlowNode for response | provenance | |
|
||||||
| UnsafeUnpack.py:171:12:171:50 | ControlFlowNode for Attribute() | UnsafeUnpack.py:171:1:171:8 | ControlFlowNode for response | provenance | |
|
| UnsafeUnpack.py:171:12:171:50 | ControlFlowNode for Attribute() | UnsafeUnpack.py:171:1:171:8 | ControlFlowNode for response | provenance | |
|
||||||
| UnsafeUnpack.py:173:11:173:17 | ControlFlowNode for tarpath | UnsafeUnpack.py:176:17:176:23 | ControlFlowNode for tarpath | provenance | |
|
| UnsafeUnpack.py:173:11:173:17 | ControlFlowNode for tarpath | UnsafeUnpack.py:176:17:176:23 | ControlFlowNode for tarpath | provenance | |
|
||||||
@@ -189,6 +191,7 @@ nodes
|
|||||||
| UnsafeUnpack.py:163:23:163:28 | ControlFlowNode for member | semmle.label | ControlFlowNode for member |
|
| UnsafeUnpack.py:163:23:163:28 | ControlFlowNode for member | semmle.label | ControlFlowNode for member |
|
||||||
| UnsafeUnpack.py:163:33:163:35 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
|
| UnsafeUnpack.py:163:33:163:35 | ControlFlowNode for tar | semmle.label | ControlFlowNode for tar |
|
||||||
| UnsafeUnpack.py:166:23:166:28 | [post] ControlFlowNode for result | semmle.label | [post] ControlFlowNode for result |
|
| UnsafeUnpack.py:166:23:166:28 | [post] ControlFlowNode for result | semmle.label | [post] ControlFlowNode for result |
|
||||||
|
| UnsafeUnpack.py:166:23:166:28 | [post] ControlFlowNode for result [List element] | semmle.label | [post] ControlFlowNode for result [List element] |
|
||||||
| UnsafeUnpack.py:166:37:166:42 | ControlFlowNode for member | semmle.label | ControlFlowNode for member |
|
| UnsafeUnpack.py:166:37:166:42 | ControlFlowNode for member | semmle.label | ControlFlowNode for member |
|
||||||
| UnsafeUnpack.py:167:67:167:72 | ControlFlowNode for result | semmle.label | ControlFlowNode for result |
|
| UnsafeUnpack.py:167:67:167:72 | ControlFlowNode for result | semmle.label | ControlFlowNode for result |
|
||||||
| UnsafeUnpack.py:171:1:171:8 | ControlFlowNode for response | semmle.label | ControlFlowNode for response |
|
| UnsafeUnpack.py:171:1:171:8 | ControlFlowNode for response | semmle.label | ControlFlowNode for response |
|
||||||
|
|||||||
@@ -3,8 +3,10 @@ edges
|
|||||||
| Netmiko.py:18:16:18:18 | ControlFlowNode for cmd | Netmiko.py:20:45:20:47 | ControlFlowNode for cmd | provenance | |
|
| Netmiko.py:18:16:18:18 | ControlFlowNode for cmd | Netmiko.py:20:45:20:47 | ControlFlowNode for cmd | provenance | |
|
||||||
| Netmiko.py:18:16:18:18 | ControlFlowNode for cmd | Netmiko.py:21:52:21:54 | ControlFlowNode for cmd | provenance | |
|
| Netmiko.py:18:16:18:18 | ControlFlowNode for cmd | Netmiko.py:21:52:21:54 | ControlFlowNode for cmd | provenance | |
|
||||||
| Netmiko.py:18:16:18:18 | ControlFlowNode for cmd | Netmiko.py:22:52:22:54 | ControlFlowNode for cmd | provenance | |
|
| Netmiko.py:18:16:18:18 | ControlFlowNode for cmd | Netmiko.py:22:52:22:54 | ControlFlowNode for cmd | provenance | |
|
||||||
| Netmiko.py:18:16:18:18 | ControlFlowNode for cmd | Netmiko.py:23:41:23:57 | ControlFlowNode for List | provenance | |
|
| Netmiko.py:18:16:18:18 | ControlFlowNode for cmd | Netmiko.py:23:43:23:45 | ControlFlowNode for cmd | provenance | |
|
||||||
| Netmiko.py:18:16:18:18 | ControlFlowNode for cmd | Netmiko.py:24:48:24:50 | ControlFlowNode for cmd | provenance | |
|
| Netmiko.py:18:16:18:18 | ControlFlowNode for cmd | Netmiko.py:24:48:24:50 | ControlFlowNode for cmd | provenance | |
|
||||||
|
| Netmiko.py:23:42:23:56 | ControlFlowNode for List [List element] | Netmiko.py:23:41:23:57 | ControlFlowNode for List | provenance | |
|
||||||
|
| Netmiko.py:23:43:23:45 | ControlFlowNode for cmd | Netmiko.py:23:42:23:56 | ControlFlowNode for List [List element] | provenance | |
|
||||||
| Pexpect.py:15:16:15:18 | ControlFlowNode for cmd | Pexpect.py:16:14:16:16 | ControlFlowNode for cmd | provenance | |
|
| Pexpect.py:15:16:15:18 | ControlFlowNode for cmd | Pexpect.py:16:14:16:16 | ControlFlowNode for cmd | provenance | |
|
||||||
| Pexpect.py:15:16:15:18 | ControlFlowNode for cmd | Pexpect.py:18:18:18:20 | ControlFlowNode for cmd | provenance | |
|
| Pexpect.py:15:16:15:18 | ControlFlowNode for cmd | Pexpect.py:18:18:18:20 | ControlFlowNode for cmd | provenance | |
|
||||||
| Scrapli.py:13:16:13:18 | ControlFlowNode for cmd | Scrapli.py:24:42:24:44 | ControlFlowNode for cmd | provenance | |
|
| Scrapli.py:13:16:13:18 | ControlFlowNode for cmd | Scrapli.py:24:42:24:44 | ControlFlowNode for cmd | provenance | |
|
||||||
@@ -32,6 +34,8 @@ nodes
|
|||||||
| Netmiko.py:21:52:21:54 | ControlFlowNode for cmd | semmle.label | ControlFlowNode for cmd |
|
| Netmiko.py:21:52:21:54 | ControlFlowNode for cmd | semmle.label | ControlFlowNode for cmd |
|
||||||
| Netmiko.py:22:52:22:54 | ControlFlowNode for cmd | semmle.label | ControlFlowNode for cmd |
|
| Netmiko.py:22:52:22:54 | ControlFlowNode for cmd | semmle.label | ControlFlowNode for cmd |
|
||||||
| Netmiko.py:23:41:23:57 | ControlFlowNode for List | semmle.label | ControlFlowNode for List |
|
| Netmiko.py:23:41:23:57 | ControlFlowNode for List | semmle.label | ControlFlowNode for List |
|
||||||
|
| Netmiko.py:23:42:23:56 | ControlFlowNode for List [List element] | semmle.label | ControlFlowNode for List [List element] |
|
||||||
|
| Netmiko.py:23:43:23:45 | ControlFlowNode for cmd | semmle.label | ControlFlowNode for cmd |
|
||||||
| Netmiko.py:24:48:24:50 | ControlFlowNode for cmd | semmle.label | ControlFlowNode for cmd |
|
| Netmiko.py:24:48:24:50 | ControlFlowNode for cmd | semmle.label | ControlFlowNode for cmd |
|
||||||
| Pexpect.py:15:16:15:18 | ControlFlowNode for cmd | semmle.label | ControlFlowNode for cmd |
|
| Pexpect.py:15:16:15:18 | ControlFlowNode for cmd | semmle.label | ControlFlowNode for cmd |
|
||||||
| Pexpect.py:16:14:16:16 | ControlFlowNode for cmd | semmle.label | ControlFlowNode for cmd |
|
| Pexpect.py:16:14:16:16 | ControlFlowNode for cmd | semmle.label | ControlFlowNode for cmd |
|
||||||
|
|||||||
@@ -14,6 +14,7 @@ edges
|
|||||||
| xslt.py:10:17:10:43 | ControlFlowNode for Attribute() | xslt.py:10:5:10:13 | ControlFlowNode for xsltQuery | provenance | |
|
| xslt.py:10:17:10:43 | ControlFlowNode for Attribute() | xslt.py:10:5:10:13 | ControlFlowNode for xsltQuery | provenance | |
|
||||||
| xslt.py:11:5:11:13 | ControlFlowNode for xslt_root | xslt.py:14:29:14:37 | ControlFlowNode for xslt_root | provenance | |
|
| xslt.py:11:5:11:13 | ControlFlowNode for xslt_root | xslt.py:14:29:14:37 | ControlFlowNode for xslt_root | provenance | |
|
||||||
| xslt.py:11:17:11:36 | ControlFlowNode for Attribute() | xslt.py:11:5:11:13 | ControlFlowNode for xslt_root | provenance | |
|
| xslt.py:11:17:11:36 | ControlFlowNode for Attribute() | xslt.py:11:5:11:13 | ControlFlowNode for xslt_root | provenance | |
|
||||||
|
| xslt.py:11:27:11:35 | ControlFlowNode for xsltQuery | xslt.py:11:17:11:36 | ControlFlowNode for Attribute() | provenance | |
|
||||||
| xslt.py:11:27:11:35 | ControlFlowNode for xsltQuery | xslt.py:11:17:11:36 | ControlFlowNode for Attribute() | provenance | Config |
|
| xslt.py:11:27:11:35 | ControlFlowNode for xsltQuery | xslt.py:11:17:11:36 | ControlFlowNode for Attribute() | provenance | Config |
|
||||||
| xslt.py:11:27:11:35 | ControlFlowNode for xsltQuery | xslt.py:11:17:11:36 | ControlFlowNode for Attribute() | provenance | Decoding-XML |
|
| xslt.py:11:27:11:35 | ControlFlowNode for xsltQuery | xslt.py:11:17:11:36 | ControlFlowNode for Attribute() | provenance | Decoding-XML |
|
||||||
| xsltInjection.py:3:26:3:32 | ControlFlowNode for ImportMember | xsltInjection.py:3:26:3:32 | ControlFlowNode for request | provenance | |
|
| xsltInjection.py:3:26:3:32 | ControlFlowNode for ImportMember | xsltInjection.py:3:26:3:32 | ControlFlowNode for request | provenance | |
|
||||||
@@ -28,6 +29,7 @@ edges
|
|||||||
| xsltInjection.py:10:17:10:43 | ControlFlowNode for Attribute() | xsltInjection.py:10:5:10:13 | ControlFlowNode for xsltQuery | provenance | |
|
| xsltInjection.py:10:17:10:43 | ControlFlowNode for Attribute() | xsltInjection.py:10:5:10:13 | ControlFlowNode for xsltQuery | provenance | |
|
||||||
| xsltInjection.py:11:5:11:13 | ControlFlowNode for xslt_root | xsltInjection.py:12:28:12:36 | ControlFlowNode for xslt_root | provenance | |
|
| xsltInjection.py:11:5:11:13 | ControlFlowNode for xslt_root | xsltInjection.py:12:28:12:36 | ControlFlowNode for xslt_root | provenance | |
|
||||||
| xsltInjection.py:11:17:11:36 | ControlFlowNode for Attribute() | xsltInjection.py:11:5:11:13 | ControlFlowNode for xslt_root | provenance | |
|
| xsltInjection.py:11:17:11:36 | ControlFlowNode for Attribute() | xsltInjection.py:11:5:11:13 | ControlFlowNode for xslt_root | provenance | |
|
||||||
|
| xsltInjection.py:11:27:11:35 | ControlFlowNode for xsltQuery | xsltInjection.py:11:17:11:36 | ControlFlowNode for Attribute() | provenance | |
|
||||||
| xsltInjection.py:11:27:11:35 | ControlFlowNode for xsltQuery | xsltInjection.py:11:17:11:36 | ControlFlowNode for Attribute() | provenance | Config |
|
| xsltInjection.py:11:27:11:35 | ControlFlowNode for xsltQuery | xsltInjection.py:11:17:11:36 | ControlFlowNode for Attribute() | provenance | Config |
|
||||||
| xsltInjection.py:11:27:11:35 | ControlFlowNode for xsltQuery | xsltInjection.py:11:17:11:36 | ControlFlowNode for Attribute() | provenance | Decoding-XML |
|
| xsltInjection.py:11:27:11:35 | ControlFlowNode for xsltQuery | xsltInjection.py:11:17:11:36 | ControlFlowNode for Attribute() | provenance | Decoding-XML |
|
||||||
| xsltInjection.py:17:5:17:13 | ControlFlowNode for xsltQuery | xsltInjection.py:18:27:18:35 | ControlFlowNode for xsltQuery | provenance | |
|
| xsltInjection.py:17:5:17:13 | ControlFlowNode for xsltQuery | xsltInjection.py:18:27:18:35 | ControlFlowNode for xsltQuery | provenance | |
|
||||||
@@ -36,6 +38,7 @@ edges
|
|||||||
| xsltInjection.py:17:17:17:43 | ControlFlowNode for Attribute() | xsltInjection.py:17:5:17:13 | ControlFlowNode for xsltQuery | provenance | |
|
| xsltInjection.py:17:17:17:43 | ControlFlowNode for Attribute() | xsltInjection.py:17:5:17:13 | ControlFlowNode for xsltQuery | provenance | |
|
||||||
| xsltInjection.py:18:5:18:13 | ControlFlowNode for xslt_root | xsltInjection.py:21:29:21:37 | ControlFlowNode for xslt_root | provenance | |
|
| xsltInjection.py:18:5:18:13 | ControlFlowNode for xslt_root | xsltInjection.py:21:29:21:37 | ControlFlowNode for xslt_root | provenance | |
|
||||||
| xsltInjection.py:18:17:18:36 | ControlFlowNode for Attribute() | xsltInjection.py:18:5:18:13 | ControlFlowNode for xslt_root | provenance | |
|
| xsltInjection.py:18:17:18:36 | ControlFlowNode for Attribute() | xsltInjection.py:18:5:18:13 | ControlFlowNode for xslt_root | provenance | |
|
||||||
|
| xsltInjection.py:18:27:18:35 | ControlFlowNode for xsltQuery | xsltInjection.py:18:17:18:36 | ControlFlowNode for Attribute() | provenance | |
|
||||||
| xsltInjection.py:18:27:18:35 | ControlFlowNode for xsltQuery | xsltInjection.py:18:17:18:36 | ControlFlowNode for Attribute() | provenance | Config |
|
| xsltInjection.py:18:27:18:35 | ControlFlowNode for xsltQuery | xsltInjection.py:18:17:18:36 | ControlFlowNode for Attribute() | provenance | Config |
|
||||||
| xsltInjection.py:18:27:18:35 | ControlFlowNode for xsltQuery | xsltInjection.py:18:17:18:36 | ControlFlowNode for Attribute() | provenance | Decoding-XML |
|
| xsltInjection.py:18:27:18:35 | ControlFlowNode for xsltQuery | xsltInjection.py:18:17:18:36 | ControlFlowNode for Attribute() | provenance | Decoding-XML |
|
||||||
| xsltInjection.py:26:5:26:13 | ControlFlowNode for xsltQuery | xsltInjection.py:27:27:27:35 | ControlFlowNode for xsltQuery | provenance | |
|
| xsltInjection.py:26:5:26:13 | ControlFlowNode for xsltQuery | xsltInjection.py:27:27:27:35 | ControlFlowNode for xsltQuery | provenance | |
|
||||||
@@ -44,6 +47,7 @@ edges
|
|||||||
| xsltInjection.py:26:17:26:43 | ControlFlowNode for Attribute() | xsltInjection.py:26:5:26:13 | ControlFlowNode for xsltQuery | provenance | |
|
| xsltInjection.py:26:17:26:43 | ControlFlowNode for Attribute() | xsltInjection.py:26:5:26:13 | ControlFlowNode for xsltQuery | provenance | |
|
||||||
| xsltInjection.py:27:5:27:13 | ControlFlowNode for xslt_root | xsltInjection.py:31:24:31:32 | ControlFlowNode for xslt_root | provenance | |
|
| xsltInjection.py:27:5:27:13 | ControlFlowNode for xslt_root | xsltInjection.py:31:24:31:32 | ControlFlowNode for xslt_root | provenance | |
|
||||||
| xsltInjection.py:27:17:27:36 | ControlFlowNode for Attribute() | xsltInjection.py:27:5:27:13 | ControlFlowNode for xslt_root | provenance | |
|
| xsltInjection.py:27:17:27:36 | ControlFlowNode for Attribute() | xsltInjection.py:27:5:27:13 | ControlFlowNode for xslt_root | provenance | |
|
||||||
|
| xsltInjection.py:27:27:27:35 | ControlFlowNode for xsltQuery | xsltInjection.py:27:17:27:36 | ControlFlowNode for Attribute() | provenance | |
|
||||||
| xsltInjection.py:27:27:27:35 | ControlFlowNode for xsltQuery | xsltInjection.py:27:17:27:36 | ControlFlowNode for Attribute() | provenance | Config |
|
| xsltInjection.py:27:27:27:35 | ControlFlowNode for xsltQuery | xsltInjection.py:27:17:27:36 | ControlFlowNode for Attribute() | provenance | Config |
|
||||||
| xsltInjection.py:27:27:27:35 | ControlFlowNode for xsltQuery | xsltInjection.py:27:17:27:36 | ControlFlowNode for Attribute() | provenance | Decoding-XML |
|
| xsltInjection.py:27:27:27:35 | ControlFlowNode for xsltQuery | xsltInjection.py:27:17:27:36 | ControlFlowNode for Attribute() | provenance | Decoding-XML |
|
||||||
| xsltInjection.py:35:5:35:13 | ControlFlowNode for xsltQuery | xsltInjection.py:36:34:36:42 | ControlFlowNode for xsltQuery | provenance | |
|
| xsltInjection.py:35:5:35:13 | ControlFlowNode for xsltQuery | xsltInjection.py:36:34:36:42 | ControlFlowNode for xsltQuery | provenance | |
|
||||||
@@ -52,17 +56,22 @@ edges
|
|||||||
| xsltInjection.py:35:17:35:43 | ControlFlowNode for Attribute() | xsltInjection.py:35:5:35:13 | ControlFlowNode for xsltQuery | provenance | |
|
| xsltInjection.py:35:17:35:43 | ControlFlowNode for Attribute() | xsltInjection.py:35:5:35:13 | ControlFlowNode for xsltQuery | provenance | |
|
||||||
| xsltInjection.py:36:5:36:13 | ControlFlowNode for xslt_root | xsltInjection.py:40:24:40:32 | ControlFlowNode for xslt_root | provenance | |
|
| xsltInjection.py:36:5:36:13 | ControlFlowNode for xslt_root | xsltInjection.py:40:24:40:32 | ControlFlowNode for xslt_root | provenance | |
|
||||||
| xsltInjection.py:36:17:36:43 | ControlFlowNode for Attribute() | xsltInjection.py:36:5:36:13 | ControlFlowNode for xslt_root | provenance | |
|
| xsltInjection.py:36:17:36:43 | ControlFlowNode for Attribute() | xsltInjection.py:36:5:36:13 | ControlFlowNode for xslt_root | provenance | |
|
||||||
|
| xsltInjection.py:36:34:36:42 | ControlFlowNode for xsltQuery | xsltInjection.py:36:17:36:43 | ControlFlowNode for Attribute() | provenance | |
|
||||||
| xsltInjection.py:36:34:36:42 | ControlFlowNode for xsltQuery | xsltInjection.py:36:17:36:43 | ControlFlowNode for Attribute() | provenance | Config |
|
| xsltInjection.py:36:34:36:42 | ControlFlowNode for xsltQuery | xsltInjection.py:36:17:36:43 | ControlFlowNode for Attribute() | provenance | Config |
|
||||||
| xsltInjection.py:36:34:36:42 | ControlFlowNode for xsltQuery | xsltInjection.py:36:17:36:43 | ControlFlowNode for Attribute() | provenance | Decoding-XML |
|
| xsltInjection.py:36:34:36:42 | ControlFlowNode for xsltQuery | xsltInjection.py:36:17:36:43 | ControlFlowNode for Attribute() | provenance | Decoding-XML |
|
||||||
| xsltInjection.py:44:5:44:13 | ControlFlowNode for xsltQuery | xsltInjection.py:45:5:45:15 | ControlFlowNode for xsltStrings | provenance | |
|
| xsltInjection.py:44:5:44:13 | ControlFlowNode for xsltQuery | xsltInjection.py:45:20:45:28 | ControlFlowNode for xsltQuery | provenance | |
|
||||||
| xsltInjection.py:44:17:44:23 | ControlFlowNode for request | xsltInjection.py:44:17:44:28 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
|
| xsltInjection.py:44:17:44:23 | ControlFlowNode for request | xsltInjection.py:44:17:44:28 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
|
||||||
| xsltInjection.py:44:17:44:28 | ControlFlowNode for Attribute | xsltInjection.py:44:17:44:43 | ControlFlowNode for Attribute() | provenance | dict.get |
|
| xsltInjection.py:44:17:44:28 | ControlFlowNode for Attribute | xsltInjection.py:44:17:44:43 | ControlFlowNode for Attribute() | provenance | dict.get |
|
||||||
| xsltInjection.py:44:17:44:43 | ControlFlowNode for Attribute() | xsltInjection.py:44:5:44:13 | ControlFlowNode for xsltQuery | provenance | |
|
| xsltInjection.py:44:17:44:43 | ControlFlowNode for Attribute() | xsltInjection.py:44:5:44:13 | ControlFlowNode for xsltQuery | provenance | |
|
||||||
| xsltInjection.py:45:5:45:15 | ControlFlowNode for xsltStrings | xsltInjection.py:46:38:46:48 | ControlFlowNode for xsltStrings | provenance | |
|
| xsltInjection.py:45:5:45:15 | ControlFlowNode for xsltStrings [List element] | xsltInjection.py:46:38:46:48 | ControlFlowNode for xsltStrings [List element] | provenance | |
|
||||||
|
| xsltInjection.py:45:19:45:44 | ControlFlowNode for List [List element] | xsltInjection.py:45:5:45:15 | ControlFlowNode for xsltStrings [List element] | provenance | |
|
||||||
|
| xsltInjection.py:45:20:45:28 | ControlFlowNode for xsltQuery | xsltInjection.py:45:19:45:44 | ControlFlowNode for List [List element] | provenance | |
|
||||||
| xsltInjection.py:46:5:46:13 | ControlFlowNode for xslt_root | xsltInjection.py:50:24:50:32 | ControlFlowNode for xslt_root | provenance | |
|
| xsltInjection.py:46:5:46:13 | ControlFlowNode for xslt_root | xsltInjection.py:50:24:50:32 | ControlFlowNode for xslt_root | provenance | |
|
||||||
| xsltInjection.py:46:17:46:49 | ControlFlowNode for Attribute() | xsltInjection.py:46:5:46:13 | ControlFlowNode for xslt_root | provenance | |
|
| xsltInjection.py:46:17:46:49 | ControlFlowNode for Attribute() | xsltInjection.py:46:5:46:13 | ControlFlowNode for xslt_root | provenance | |
|
||||||
| xsltInjection.py:46:38:46:48 | ControlFlowNode for xsltStrings | xsltInjection.py:46:17:46:49 | ControlFlowNode for Attribute() | provenance | Config |
|
| xsltInjection.py:46:38:46:48 | ControlFlowNode for xsltStrings [List element] | xsltInjection.py:46:17:46:49 | ControlFlowNode for Attribute() | provenance | |
|
||||||
| xsltInjection.py:46:38:46:48 | ControlFlowNode for xsltStrings | xsltInjection.py:46:17:46:49 | ControlFlowNode for Attribute() | provenance | Decoding-XML |
|
| xsltInjection.py:46:38:46:48 | ControlFlowNode for xsltStrings [List element] | xsltInjection.py:46:17:46:49 | ControlFlowNode for Attribute() | provenance | Config |
|
||||||
|
| xsltInjection.py:46:38:46:48 | ControlFlowNode for xsltStrings [List element] | xsltInjection.py:46:17:46:49 | ControlFlowNode for Attribute() | provenance | Decoding-XML |
|
||||||
|
| xsltInjection.py:46:38:46:48 | ControlFlowNode for xsltStrings [List element] | xsltInjection.py:46:17:46:49 | ControlFlowNode for Attribute() | provenance | MaD:58660 |
|
||||||
nodes
|
nodes
|
||||||
| xslt.py:3:26:3:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
|
| xslt.py:3:26:3:32 | ControlFlowNode for ImportMember | semmle.label | ControlFlowNode for ImportMember |
|
||||||
| xslt.py:3:26:3:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
|
| xslt.py:3:26:3:32 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
|
||||||
@@ -112,9 +121,11 @@ nodes
|
|||||||
| xsltInjection.py:44:17:44:23 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
|
| xsltInjection.py:44:17:44:23 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
|
||||||
| xsltInjection.py:44:17:44:28 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
|
| xsltInjection.py:44:17:44:28 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
|
||||||
| xsltInjection.py:44:17:44:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
|
| xsltInjection.py:44:17:44:43 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
|
||||||
| xsltInjection.py:45:5:45:15 | ControlFlowNode for xsltStrings | semmle.label | ControlFlowNode for xsltStrings |
|
| xsltInjection.py:45:5:45:15 | ControlFlowNode for xsltStrings [List element] | semmle.label | ControlFlowNode for xsltStrings [List element] |
|
||||||
|
| xsltInjection.py:45:19:45:44 | ControlFlowNode for List [List element] | semmle.label | ControlFlowNode for List [List element] |
|
||||||
|
| xsltInjection.py:45:20:45:28 | ControlFlowNode for xsltQuery | semmle.label | ControlFlowNode for xsltQuery |
|
||||||
| xsltInjection.py:46:5:46:13 | ControlFlowNode for xslt_root | semmle.label | ControlFlowNode for xslt_root |
|
| xsltInjection.py:46:5:46:13 | ControlFlowNode for xslt_root | semmle.label | ControlFlowNode for xslt_root |
|
||||||
| xsltInjection.py:46:17:46:49 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
|
| xsltInjection.py:46:17:46:49 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
|
||||||
| xsltInjection.py:46:38:46:48 | ControlFlowNode for xsltStrings | semmle.label | ControlFlowNode for xsltStrings |
|
| xsltInjection.py:46:38:46:48 | ControlFlowNode for xsltStrings [List element] | semmle.label | ControlFlowNode for xsltStrings [List element] |
|
||||||
| xsltInjection.py:50:24:50:32 | ControlFlowNode for xslt_root | semmle.label | ControlFlowNode for xslt_root |
|
| xsltInjection.py:50:24:50:32 | ControlFlowNode for xslt_root | semmle.label | ControlFlowNode for xslt_root |
|
||||||
subpaths
|
subpaths
|
||||||
|
|||||||
@@ -32,11 +32,13 @@ edges
|
|||||||
| agent_instructions.py:7:5:7:9 | ControlFlowNode for input | agent_instructions.py:9:50:9:89 | ControlFlowNode for BinaryExpr | provenance | Sink:MaD:11 |
|
| agent_instructions.py:7:5:7:9 | ControlFlowNode for input | agent_instructions.py:9:50:9:89 | ControlFlowNode for BinaryExpr | provenance | Sink:MaD:11 |
|
||||||
| agent_instructions.py:7:13:7:19 | ControlFlowNode for request | agent_instructions.py:7:13:7:24 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
|
| agent_instructions.py:7:13:7:19 | ControlFlowNode for request | agent_instructions.py:7:13:7:24 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
|
||||||
| agent_instructions.py:7:13:7:24 | ControlFlowNode for Attribute | agent_instructions.py:7:13:7:37 | ControlFlowNode for Attribute() | provenance | dict.get |
|
| agent_instructions.py:7:13:7:24 | ControlFlowNode for Attribute | agent_instructions.py:7:13:7:37 | ControlFlowNode for Attribute() | provenance | dict.get |
|
||||||
|
| agent_instructions.py:7:13:7:24 | ControlFlowNode for Attribute | agent_instructions.py:7:13:7:37 | ControlFlowNode for Attribute() | provenance | dict.get(input) |
|
||||||
| agent_instructions.py:7:13:7:37 | ControlFlowNode for Attribute() | agent_instructions.py:7:5:7:9 | ControlFlowNode for input | provenance | |
|
| agent_instructions.py:7:13:7:37 | ControlFlowNode for Attribute() | agent_instructions.py:7:5:7:9 | ControlFlowNode for input | provenance | |
|
||||||
| agent_instructions.py:17:5:17:9 | ControlFlowNode for input | agent_instructions.py:25:28:25:32 | ControlFlowNode for input | provenance | |
|
| agent_instructions.py:17:5:17:9 | ControlFlowNode for input | agent_instructions.py:25:28:25:32 | ControlFlowNode for input | provenance | |
|
||||||
| agent_instructions.py:17:5:17:9 | ControlFlowNode for input | agent_instructions.py:35:28:35:32 | ControlFlowNode for input | provenance | |
|
| agent_instructions.py:17:5:17:9 | ControlFlowNode for input | agent_instructions.py:35:28:35:32 | ControlFlowNode for input | provenance | |
|
||||||
| agent_instructions.py:17:13:17:19 | ControlFlowNode for request | agent_instructions.py:17:13:17:24 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
|
| agent_instructions.py:17:13:17:19 | ControlFlowNode for request | agent_instructions.py:17:13:17:24 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
|
||||||
| agent_instructions.py:17:13:17:24 | ControlFlowNode for Attribute | agent_instructions.py:17:13:17:37 | ControlFlowNode for Attribute() | provenance | dict.get |
|
| agent_instructions.py:17:13:17:24 | ControlFlowNode for Attribute | agent_instructions.py:17:13:17:37 | ControlFlowNode for Attribute() | provenance | dict.get |
|
||||||
|
| agent_instructions.py:17:13:17:24 | ControlFlowNode for Attribute | agent_instructions.py:17:13:17:37 | ControlFlowNode for Attribute() | provenance | dict.get(input) |
|
||||||
| agent_instructions.py:17:13:17:37 | ControlFlowNode for Attribute() | agent_instructions.py:17:5:17:9 | ControlFlowNode for input | provenance | |
|
| agent_instructions.py:17:13:17:37 | ControlFlowNode for Attribute() | agent_instructions.py:17:5:17:9 | ControlFlowNode for input | provenance | |
|
||||||
| anthropic_test.py:2:26:2:32 | ControlFlowNode for ImportMember | anthropic_test.py:2:26:2:32 | ControlFlowNode for request | provenance | |
|
| anthropic_test.py:2:26:2:32 | ControlFlowNode for ImportMember | anthropic_test.py:2:26:2:32 | ControlFlowNode for request | provenance | |
|
||||||
| anthropic_test.py:2:26:2:32 | ControlFlowNode for request | anthropic_test.py:11:15:11:21 | ControlFlowNode for request | provenance | |
|
| anthropic_test.py:2:26:2:32 | ControlFlowNode for request | anthropic_test.py:11:15:11:21 | ControlFlowNode for request | provenance | |
|
||||||
@@ -61,7 +63,7 @@ edges
|
|||||||
| openai_test.py:2:26:2:32 | ControlFlowNode for request | openai_test.py:13:13:13:19 | ControlFlowNode for request | provenance | |
|
| openai_test.py:2:26:2:32 | ControlFlowNode for request | openai_test.py:13:13:13:19 | ControlFlowNode for request | provenance | |
|
||||||
| openai_test.py:12:5:12:11 | ControlFlowNode for persona | openai_test.py:17:22:17:46 | ControlFlowNode for BinaryExpr | provenance | Sink:MaD:10 |
|
| openai_test.py:12:5:12:11 | ControlFlowNode for persona | openai_test.py:17:22:17:46 | ControlFlowNode for BinaryExpr | provenance | Sink:MaD:10 |
|
||||||
| openai_test.py:12:5:12:11 | ControlFlowNode for persona | openai_test.py:22:22:22:46 | ControlFlowNode for BinaryExpr | provenance | Sink:MaD:10 |
|
| openai_test.py:12:5:12:11 | ControlFlowNode for persona | openai_test.py:22:22:22:46 | ControlFlowNode for BinaryExpr | provenance | Sink:MaD:10 |
|
||||||
| openai_test.py:12:5:12:11 | ControlFlowNode for persona | openai_test.py:23:15:37:9 | ControlFlowNode for List | provenance | Sink:MaD:9 |
|
| openai_test.py:12:5:12:11 | ControlFlowNode for persona | openai_test.py:26:28:26:51 | ControlFlowNode for BinaryExpr | provenance | |
|
||||||
| openai_test.py:12:5:12:11 | ControlFlowNode for persona | openai_test.py:26:28:26:51 | ControlFlowNode for BinaryExpr | provenance | |
|
| openai_test.py:12:5:12:11 | ControlFlowNode for persona | openai_test.py:26:28:26:51 | ControlFlowNode for BinaryExpr | provenance | |
|
||||||
| openai_test.py:12:5:12:11 | ControlFlowNode for persona | openai_test.py:41:22:41:46 | ControlFlowNode for BinaryExpr | provenance | Sink:MaD:10 |
|
| openai_test.py:12:5:12:11 | ControlFlowNode for persona | openai_test.py:41:22:41:46 | ControlFlowNode for BinaryExpr | provenance | Sink:MaD:10 |
|
||||||
| openai_test.py:12:5:12:11 | ControlFlowNode for persona | openai_test.py:63:28:63:51 | ControlFlowNode for BinaryExpr | provenance | Sink:MaD:8 |
|
| openai_test.py:12:5:12:11 | ControlFlowNode for persona | openai_test.py:63:28:63:51 | ControlFlowNode for BinaryExpr | provenance | Sink:MaD:8 |
|
||||||
@@ -72,7 +74,7 @@ edges
|
|||||||
| openai_test.py:12:15:12:26 | ControlFlowNode for Attribute | openai_test.py:12:15:12:41 | ControlFlowNode for Attribute() | provenance | dict.get |
|
| openai_test.py:12:15:12:26 | ControlFlowNode for Attribute | openai_test.py:12:15:12:41 | ControlFlowNode for Attribute() | provenance | dict.get |
|
||||||
| openai_test.py:12:15:12:41 | ControlFlowNode for Attribute() | openai_test.py:12:5:12:11 | ControlFlowNode for persona | provenance | |
|
| openai_test.py:12:15:12:41 | ControlFlowNode for Attribute() | openai_test.py:12:5:12:11 | ControlFlowNode for persona | provenance | |
|
||||||
| openai_test.py:13:5:13:9 | ControlFlowNode for query | openai_test.py:18:15:18:19 | ControlFlowNode for query | provenance | Sink:MaD:9 |
|
| openai_test.py:13:5:13:9 | ControlFlowNode for query | openai_test.py:18:15:18:19 | ControlFlowNode for query | provenance | Sink:MaD:9 |
|
||||||
| openai_test.py:13:5:13:9 | ControlFlowNode for query | openai_test.py:23:15:37:9 | ControlFlowNode for List | provenance | Sink:MaD:9 |
|
| openai_test.py:13:5:13:9 | ControlFlowNode for query | openai_test.py:33:33:33:37 | ControlFlowNode for query | provenance | |
|
||||||
| openai_test.py:13:5:13:9 | ControlFlowNode for query | openai_test.py:33:33:33:37 | ControlFlowNode for query | provenance | |
|
| openai_test.py:13:5:13:9 | ControlFlowNode for query | openai_test.py:33:33:33:37 | ControlFlowNode for query | provenance | |
|
||||||
| openai_test.py:13:5:13:9 | ControlFlowNode for query | openai_test.py:42:15:42:19 | ControlFlowNode for query | provenance | Sink:MaD:9 |
|
| openai_test.py:13:5:13:9 | ControlFlowNode for query | openai_test.py:42:15:42:19 | ControlFlowNode for query | provenance | Sink:MaD:9 |
|
||||||
| openai_test.py:13:5:13:9 | ControlFlowNode for query | openai_test.py:53:33:53:37 | ControlFlowNode for query | provenance | |
|
| openai_test.py:13:5:13:9 | ControlFlowNode for query | openai_test.py:53:33:53:37 | ControlFlowNode for query | provenance | |
|
||||||
@@ -82,6 +84,14 @@ edges
|
|||||||
| openai_test.py:13:13:13:19 | ControlFlowNode for request | openai_test.py:13:13:13:24 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
|
| openai_test.py:13:13:13:19 | ControlFlowNode for request | openai_test.py:13:13:13:24 | ControlFlowNode for Attribute | provenance | AdditionalTaintStep |
|
||||||
| openai_test.py:13:13:13:24 | ControlFlowNode for Attribute | openai_test.py:13:13:13:37 | ControlFlowNode for Attribute() | provenance | dict.get |
|
| openai_test.py:13:13:13:24 | ControlFlowNode for Attribute | openai_test.py:13:13:13:37 | ControlFlowNode for Attribute() | provenance | dict.get |
|
||||||
| openai_test.py:13:13:13:37 | ControlFlowNode for Attribute() | openai_test.py:13:5:13:9 | ControlFlowNode for query | provenance | |
|
| openai_test.py:13:13:13:37 | ControlFlowNode for Attribute() | openai_test.py:13:5:13:9 | ControlFlowNode for query | provenance | |
|
||||||
|
| openai_test.py:24:13:27:13 | ControlFlowNode for Dict [Dictionary element at key content] | openai_test.py:23:15:37:9 | ControlFlowNode for List | provenance | Sink:MaD:9 Sink:MaD:9 |
|
||||||
|
| openai_test.py:26:28:26:51 | ControlFlowNode for BinaryExpr | openai_test.py:24:13:27:13 | ControlFlowNode for Dict [Dictionary element at key content] | provenance | |
|
||||||
|
| openai_test.py:28:13:36:13 | ControlFlowNode for Dict [Dictionary element at key content, List element, Dictionary element at key text] | openai_test.py:23:15:37:9 | ControlFlowNode for List | provenance | Sink:MaD:9 Sink:MaD:9 |
|
||||||
|
| openai_test.py:28:13:36:13 | ControlFlowNode for Dict [Dictionary element at key content, List element, Dictionary element at key text] | openai_test.py:23:15:37:9 | ControlFlowNode for List | provenance | Sink:MaD:9 Sink:MaD:9 Sink:MaD:9 |
|
||||||
|
| openai_test.py:28:13:36:13 | ControlFlowNode for Dict [Dictionary element at key content, List element, Dictionary element at key text] | openai_test.py:23:15:37:9 | ControlFlowNode for List | provenance | Sink:MaD:9 Sink:MaD:9 Sink:MaD:9 Sink:MaD:9 |
|
||||||
|
| openai_test.py:30:28:35:17 | ControlFlowNode for List [List element, Dictionary element at key text] | openai_test.py:28:13:36:13 | ControlFlowNode for Dict [Dictionary element at key content, List element, Dictionary element at key text] | provenance | |
|
||||||
|
| openai_test.py:31:21:34:21 | ControlFlowNode for Dict [Dictionary element at key text] | openai_test.py:30:28:35:17 | ControlFlowNode for List [List element, Dictionary element at key text] | provenance | |
|
||||||
|
| openai_test.py:33:33:33:37 | ControlFlowNode for query | openai_test.py:31:21:34:21 | ControlFlowNode for Dict [Dictionary element at key text] | provenance | |
|
||||||
models
|
models
|
||||||
| 1 | Sink: Anthropic; Member[beta].Member[messages].Member[create].Argument[messages:].ListElement.DictionaryElement[content]; prompt-injection |
|
| 1 | Sink: Anthropic; Member[beta].Member[messages].Member[create].Argument[messages:].ListElement.DictionaryElement[content]; prompt-injection |
|
||||||
| 2 | Sink: Anthropic; Member[beta].Member[messages].Member[create].Argument[system:]; prompt-injection |
|
| 2 | Sink: Anthropic; Member[beta].Member[messages].Member[create].Argument[system:]; prompt-injection |
|
||||||
@@ -140,7 +150,13 @@ nodes
|
|||||||
| openai_test.py:18:15:18:19 | ControlFlowNode for query | semmle.label | ControlFlowNode for query |
|
| openai_test.py:18:15:18:19 | ControlFlowNode for query | semmle.label | ControlFlowNode for query |
|
||||||
| openai_test.py:22:22:22:46 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr |
|
| openai_test.py:22:22:22:46 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr |
|
||||||
| openai_test.py:23:15:37:9 | ControlFlowNode for List | semmle.label | ControlFlowNode for List |
|
| openai_test.py:23:15:37:9 | ControlFlowNode for List | semmle.label | ControlFlowNode for List |
|
||||||
|
| openai_test.py:24:13:27:13 | ControlFlowNode for Dict [Dictionary element at key content] | semmle.label | ControlFlowNode for Dict [Dictionary element at key content] |
|
||||||
| openai_test.py:26:28:26:51 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr |
|
| openai_test.py:26:28:26:51 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr |
|
||||||
|
| openai_test.py:26:28:26:51 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr |
|
||||||
|
| openai_test.py:28:13:36:13 | ControlFlowNode for Dict [Dictionary element at key content, List element, Dictionary element at key text] | semmle.label | ControlFlowNode for Dict [Dictionary element at key content, List element, Dictionary element at key text] |
|
||||||
|
| openai_test.py:30:28:35:17 | ControlFlowNode for List [List element, Dictionary element at key text] | semmle.label | ControlFlowNode for List [List element, Dictionary element at key text] |
|
||||||
|
| openai_test.py:31:21:34:21 | ControlFlowNode for Dict [Dictionary element at key text] | semmle.label | ControlFlowNode for Dict [Dictionary element at key text] |
|
||||||
|
| openai_test.py:33:33:33:37 | ControlFlowNode for query | semmle.label | ControlFlowNode for query |
|
||||||
| openai_test.py:33:33:33:37 | ControlFlowNode for query | semmle.label | ControlFlowNode for query |
|
| openai_test.py:33:33:33:37 | ControlFlowNode for query | semmle.label | ControlFlowNode for query |
|
||||||
| openai_test.py:41:22:41:46 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr |
|
| openai_test.py:41:22:41:46 | ControlFlowNode for BinaryExpr | semmle.label | ControlFlowNode for BinaryExpr |
|
||||||
| openai_test.py:42:15:42:19 | ControlFlowNode for query | semmle.label | ControlFlowNode for query |
|
| openai_test.py:42:15:42:19 | ControlFlowNode for query | semmle.label | ControlFlowNode for query |
|
||||||
|
|||||||
@@ -0,0 +1,4 @@
|
|||||||
|
consistencyOverview
|
||||||
|
| deadEnd | 1 |
|
||||||
|
deadEnd
|
||||||
|
| without_loop.py:7:5:7:9 | Break |
|
||||||
@@ -0,0 +1,32 @@
|
|||||||
|
/**
|
||||||
|
* Phase -1 of the dataflow CFG migration: verifies that every variable
|
||||||
|
* binding visible to the AST (`Name.defines(v)`) corresponds to a CFG node
|
||||||
|
* in the new CFG (`semmle.python.controlflow.internal.AstNodeImpl`).
|
||||||
|
*
|
||||||
|
* The expected tag is `cfgdefines=<name>`. Each binding annotation in the
|
||||||
|
* test sources looks like `# $ cfgdefines=x` for a binding currently
|
||||||
|
* covered by the new CFG, or `# $ MISSING: cfgdefines=x` for a binding
|
||||||
|
* that is known to be uncovered (a "red" test case that should be
|
||||||
|
* green-flipped once the corresponding `cfg-ext-*` extension lands).
|
||||||
|
*/
|
||||||
|
|
||||||
|
import python
|
||||||
|
import semmle.python.controlflow.internal.AstNodeImpl as CfgImpl
|
||||||
|
import utils.test.InlineExpectationsTest
|
||||||
|
|
||||||
|
module CfgBindingsTest implements TestSig {
|
||||||
|
string getARelevantTag() { result = "cfgdefines" }
|
||||||
|
|
||||||
|
predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||||
|
exists(Name n, Variable v, CfgImpl::ControlFlowNode cfg |
|
||||||
|
n.defines(v) and
|
||||||
|
cfg.getAstNode().asExpr() = n and
|
||||||
|
location = n.getLocation() and
|
||||||
|
element = n.toString() and
|
||||||
|
tag = "cfgdefines" and
|
||||||
|
value = v.getId()
|
||||||
|
)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
import MakeTest<CfgBindingsTest>
|
||||||
@@ -0,0 +1,13 @@
|
|||||||
|
# Annotated assignment (PEP 526). Both with and without an initializer.
|
||||||
|
|
||||||
|
a: int = 1 # $ cfgdefines=a
|
||||||
|
b: str = "hi" # $ cfgdefines=b
|
||||||
|
|
||||||
|
# Annotation without value: the AST records `c` as defined,
|
||||||
|
# and the new CFG now visits it via the AnnAssignStmt wrapper.
|
||||||
|
c: int # $ cfgdefines=c
|
||||||
|
|
||||||
|
class K: # $ cfgdefines=K
|
||||||
|
field: int = 0 # $ cfgdefines=field
|
||||||
|
|
||||||
|
|
||||||
@@ -0,0 +1,14 @@
|
|||||||
|
# Compound (tuple/list) assignment targets — actually wired in the new CFG.
|
||||||
|
|
||||||
|
a, b = (1, 2) # $ cfgdefines=a cfgdefines=b
|
||||||
|
[c, d] = [3, 4] # $ cfgdefines=c cfgdefines=d
|
||||||
|
|
||||||
|
# Nested unpacking.
|
||||||
|
(e, (f, g)) = (1, (2, 3)) # $ cfgdefines=e cfgdefines=f cfgdefines=g
|
||||||
|
|
||||||
|
# Star unpacking.
|
||||||
|
h, *i = [1, 2, 3] # $ cfgdefines=h cfgdefines=i
|
||||||
|
|
||||||
|
# Chained assignment with compound target.
|
||||||
|
j = k, l = (5, 6) # $ cfgdefines=j cfgdefines=k cfgdefines=l
|
||||||
|
|
||||||
@@ -0,0 +1,21 @@
|
|||||||
|
# Comprehension and `for` loop targets — wired in the new CFG.
|
||||||
|
# Comprehensions are nested function scopes with a synthetic `.0` parameter
|
||||||
|
# bound to the iterable.
|
||||||
|
|
||||||
|
# Bare-name `for` target.
|
||||||
|
for i in range(3): # $ cfgdefines=i
|
||||||
|
pass
|
||||||
|
|
||||||
|
# Compound `for` target.
|
||||||
|
for k, v in [(1, 2)]: # $ cfgdefines=k cfgdefines=v
|
||||||
|
pass
|
||||||
|
|
||||||
|
# Comprehension targets.
|
||||||
|
_ = [x for x in range(3)] # $ cfgdefines=_ cfgdefines=x cfgdefines=.0
|
||||||
|
_ = {y: z for y, z in []} # $ cfgdefines=_ cfgdefines=y cfgdefines=z cfgdefines=.0
|
||||||
|
_ = (a for a in []) # $ cfgdefines=_ cfgdefines=a cfgdefines=.0
|
||||||
|
|
||||||
|
# Nested comprehensions.
|
||||||
|
_ = [b for c in [] for b in c] # $ cfgdefines=_ cfgdefines=c cfgdefines=b cfgdefines=.0
|
||||||
|
|
||||||
|
|
||||||
@@ -0,0 +1,53 @@
|
|||||||
|
# Reachability of code following a try whose body always returns.
|
||||||
|
#
|
||||||
|
# The new CFG models exception edges for raise-prone expressions when
|
||||||
|
# they appear inside a `try` (or `with`) statement, mirroring Java's
|
||||||
|
# `mayThrow`. This means the body of a `try` has both a normal
|
||||||
|
# completion edge and an exception edge to its handlers, so code
|
||||||
|
# following the try-statement is reachable via the except-handler path
|
||||||
|
# even when the try-body would otherwise always return.
|
||||||
|
#
|
||||||
|
# Code that is not reachable under either normal or exception flow
|
||||||
|
# (for example, the `else` clause of a try whose body unconditionally
|
||||||
|
# raises) remains correctly classified as dead.
|
||||||
|
|
||||||
|
|
||||||
|
def f(obj): # $ cfgdefines=f cfgdefines=obj
|
||||||
|
try:
|
||||||
|
return len(obj)
|
||||||
|
except TypeError:
|
||||||
|
pass
|
||||||
|
|
||||||
|
# The try-body always returns, but `len(obj)` can raise (it is
|
||||||
|
# inside the try, so we model its exception edge). The
|
||||||
|
# `except TypeError: pass` handler falls through to here, making
|
||||||
|
# the code below reachable.
|
||||||
|
try:
|
||||||
|
hint = type(obj).__length_hint__ # $ cfgdefines=hint
|
||||||
|
except AttributeError:
|
||||||
|
return None
|
||||||
|
return hint
|
||||||
|
|
||||||
|
|
||||||
|
def g(): # $ cfgdefines=g
|
||||||
|
try:
|
||||||
|
raise Exception("inner")
|
||||||
|
except:
|
||||||
|
raise Exception("outer")
|
||||||
|
else:
|
||||||
|
# Unreachable: the inner try body always raises (via an explicit
|
||||||
|
# `raise`, which is modelled unconditionally), so the `else:`
|
||||||
|
# clause never runs.
|
||||||
|
hit_inner_else = True
|
||||||
|
|
||||||
|
|
||||||
|
def h(cache, key): # $ cfgdefines=h cfgdefines=cache cfgdefines=key
|
||||||
|
try:
|
||||||
|
return cache[key]
|
||||||
|
except KeyError:
|
||||||
|
pass
|
||||||
|
|
||||||
|
# Same pattern as `f`: reachable via the except-handler fall-through.
|
||||||
|
value = compute(key) # $ cfgdefines=value
|
||||||
|
cache[key] = value
|
||||||
|
return value
|
||||||
@@ -0,0 +1,30 @@
|
|||||||
|
# Decorated `def`/`class` — wired in the new CFG.
|
||||||
|
|
||||||
|
|
||||||
|
def deco(f): # $ cfgdefines=deco cfgdefines=f
|
||||||
|
return f
|
||||||
|
|
||||||
|
|
||||||
|
@deco
|
||||||
|
def decorated_func(): # $ cfgdefines=decorated_func
|
||||||
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
@deco
|
||||||
|
class DecoratedClass: # $ cfgdefines=DecoratedClass
|
||||||
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
# Stacked decorators.
|
||||||
|
@deco
|
||||||
|
@deco
|
||||||
|
def doubly(): # $ cfgdefines=doubly
|
||||||
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
# Inside a class body.
|
||||||
|
class Outer: # $ cfgdefines=Outer
|
||||||
|
@staticmethod
|
||||||
|
def inner(): # $ cfgdefines=inner
|
||||||
|
pass
|
||||||
|
|
||||||
@@ -0,0 +1,19 @@
|
|||||||
|
# Exception-handler name bindings. These are already wired in the new
|
||||||
|
# CFG provided the try body can raise; `raise` statements are reliably
|
||||||
|
# treated as exception sources.
|
||||||
|
|
||||||
|
try:
|
||||||
|
raise ValueError("oops")
|
||||||
|
except ValueError as e: # $ cfgdefines=e
|
||||||
|
pass
|
||||||
|
|
||||||
|
try:
|
||||||
|
raise TypeError("oops")
|
||||||
|
except (TypeError, KeyError) as err: # $ cfgdefines=err
|
||||||
|
pass
|
||||||
|
|
||||||
|
# Exception groups (Python 3.11+).
|
||||||
|
try:
|
||||||
|
raise ValueError("oops")
|
||||||
|
except* ValueError as eg: # $ cfgdefines=eg
|
||||||
|
pass
|
||||||
14
python/ql/test/library-tests/ControlFlow/bindings/imports.py
Normal file
14
python/ql/test/library-tests/ControlFlow/bindings/imports.py
Normal file
@@ -0,0 +1,14 @@
|
|||||||
|
# Import aliases — all bound names below are now reachable via the new
|
||||||
|
# CFG's `ImportStmt` wrapper.
|
||||||
|
|
||||||
|
import os # $ cfgdefines=os
|
||||||
|
import os.path # $ cfgdefines=os
|
||||||
|
import os as o # $ cfgdefines=o
|
||||||
|
from os import path # $ cfgdefines=path
|
||||||
|
from os import path as p # $ cfgdefines=p
|
||||||
|
from os import sep, linesep # $ cfgdefines=sep cfgdefines=linesep
|
||||||
|
from os import (
|
||||||
|
getcwd, # $ cfgdefines=getcwd
|
||||||
|
getcwdb, # $ cfgdefines=getcwdb
|
||||||
|
)
|
||||||
|
|
||||||
@@ -0,0 +1,24 @@
|
|||||||
|
# Match-statement pattern bindings — wired in the new CFG.
|
||||||
|
|
||||||
|
def f(subject): # $ cfgdefines=f cfgdefines=subject
|
||||||
|
match subject:
|
||||||
|
case x: # $ cfgdefines=x
|
||||||
|
pass
|
||||||
|
case [a, b]: # $ cfgdefines=a cfgdefines=b
|
||||||
|
pass
|
||||||
|
case {"k": v}: # $ cfgdefines=v
|
||||||
|
pass
|
||||||
|
case Point(p, q): # $ cfgdefines=p cfgdefines=q
|
||||||
|
pass
|
||||||
|
case [_, *rest]: # $ cfgdefines=rest
|
||||||
|
pass
|
||||||
|
case (1 | 2) as n: # $ cfgdefines=n
|
||||||
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
class Point: # $ cfgdefines=Point
|
||||||
|
__match_args__ = ("x", "y") # $ cfgdefines=__match_args__
|
||||||
|
x: int # $ cfgdefines=x
|
||||||
|
y: int # $ cfgdefines=y
|
||||||
|
|
||||||
|
|
||||||
@@ -0,0 +1,42 @@
|
|||||||
|
# Function parameters.
|
||||||
|
|
||||||
|
def positional(a, b): # $ cfgdefines=positional cfgdefines=a cfgdefines=b
|
||||||
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
def with_default(x=1, y=2): # $ cfgdefines=with_default cfgdefines=x cfgdefines=y
|
||||||
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
def with_vararg(*args): # $ cfgdefines=with_vararg cfgdefines=args
|
||||||
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
def with_kwarg(**kwargs): # $ cfgdefines=with_kwarg cfgdefines=kwargs
|
||||||
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
def with_kwonly(*, k1, k2=5): # $ cfgdefines=with_kwonly cfgdefines=k1 cfgdefines=k2
|
||||||
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
def kitchen_sink(a, b=2, *args, k1, k2=5, **kw): # $ cfgdefines=kitchen_sink cfgdefines=a cfgdefines=b cfgdefines=args cfgdefines=k1 cfgdefines=k2 cfgdefines=kw
|
||||||
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
# Methods get `self` / `cls`.
|
||||||
|
class C: # $ cfgdefines=C
|
||||||
|
def method(self, x): # $ cfgdefines=method cfgdefines=self cfgdefines=x
|
||||||
|
pass
|
||||||
|
|
||||||
|
@classmethod
|
||||||
|
def cmethod(cls, x): # $ cfgdefines=cmethod cfgdefines=cls cfgdefines=x
|
||||||
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
# Lambda parameter.
|
||||||
|
_ = lambda p: p + 1 # $ cfgdefines=_ cfgdefines=p
|
||||||
|
|
||||||
|
# PEP 570 positional-only.
|
||||||
|
def pos_only(a, b, /, c): # $ cfgdefines=pos_only cfgdefines=a cfgdefines=b cfgdefines=c
|
||||||
|
pass
|
||||||
14
python/ql/test/library-tests/ControlFlow/bindings/simple.py
Normal file
14
python/ql/test/library-tests/ControlFlow/bindings/simple.py
Normal file
@@ -0,0 +1,14 @@
|
|||||||
|
# Simple bindings that should already work in the new CFG.
|
||||||
|
# No MISSING annotations expected.
|
||||||
|
|
||||||
|
x = 1 # $ cfgdefines=x
|
||||||
|
y = x + 1 # $ cfgdefines=y
|
||||||
|
|
||||||
|
def f(): # $ cfgdefines=f
|
||||||
|
pass
|
||||||
|
|
||||||
|
class C: # $ cfgdefines=C
|
||||||
|
pass
|
||||||
|
|
||||||
|
# Re-assignment.
|
||||||
|
x = 2 # $ cfgdefines=x
|
||||||
@@ -0,0 +1,21 @@
|
|||||||
|
# PEP 695 type parameters (Python 3.12+).
|
||||||
|
|
||||||
|
# PEP 695 type-param names on `def`/`class` bind in an annotation scope
|
||||||
|
# that nests the function/class body — they have no CFG node in the
|
||||||
|
# enclosing scope (matching the legacy CFG).
|
||||||
|
def func[T](x: T) -> T: # $ cfgdefines=func cfgdefines=x
|
||||||
|
return x
|
||||||
|
|
||||||
|
|
||||||
|
class Box[T]: # $ cfgdefines=Box
|
||||||
|
item: T # $ cfgdefines=item
|
||||||
|
|
||||||
|
|
||||||
|
# Multi-parameter, with bound and variadics.
|
||||||
|
def multi[T: int, *Ts, **P](x: T, *args: *Ts, **kwargs: P.kwargs) -> T: # $ cfgdefines=multi cfgdefines=x cfgdefines=args cfgdefines=kwargs
|
||||||
|
return x
|
||||||
|
|
||||||
|
|
||||||
|
# `type` statement (PEP 695).
|
||||||
|
type Alias[T] = list[T] # $ cfgdefines=Alias cfgdefines=T
|
||||||
|
|
||||||
@@ -0,0 +1,14 @@
|
|||||||
|
# Walrus and starred-target edge cases — wired in the new CFG.
|
||||||
|
|
||||||
|
# Walrus in expression context.
|
||||||
|
if (y := 5) > 0: # $ cfgdefines=y
|
||||||
|
pass
|
||||||
|
|
||||||
|
# Walrus in a comprehension. The comprehension introduces a synthetic
|
||||||
|
# `.0` parameter bound to the iterable.
|
||||||
|
_ = [w for _ in range(3) if (w := 1)] # $ cfgdefines=_ cfgdefines=w cfgdefines=.0
|
||||||
|
|
||||||
|
# Starred target in a Tuple LHS.
|
||||||
|
*head, tail = [1, 2, 3] # $ cfgdefines=head cfgdefines=tail
|
||||||
|
|
||||||
|
|
||||||
@@ -0,0 +1,21 @@
|
|||||||
|
# `with cm() as x:` bindings — wired in the new CFG.
|
||||||
|
|
||||||
|
class CM: # $ cfgdefines=CM
|
||||||
|
def __enter__(self): return self # $ cfgdefines=__enter__ cfgdefines=self
|
||||||
|
def __exit__(self, *a): pass # $ cfgdefines=__exit__ cfgdefines=self cfgdefines=a
|
||||||
|
|
||||||
|
with CM() as x: # $ cfgdefines=x
|
||||||
|
pass
|
||||||
|
|
||||||
|
# Multiple items.
|
||||||
|
with CM() as a, CM() as b: # $ cfgdefines=a cfgdefines=b
|
||||||
|
pass
|
||||||
|
|
||||||
|
# Parenthesised form (Python 3.10+).
|
||||||
|
with (CM() as p, CM() as q): # $ cfgdefines=p cfgdefines=q
|
||||||
|
pass
|
||||||
|
|
||||||
|
# Compound target in `with`.
|
||||||
|
with CM() as (m, n): # $ cfgdefines=m cfgdefines=n
|
||||||
|
pass
|
||||||
|
|
||||||
@@ -0,0 +1,14 @@
|
|||||||
|
/** New-CFG version of AllLiveReachable. */
|
||||||
|
|
||||||
|
import python
|
||||||
|
import TimerUtils
|
||||||
|
import NewCfgImpl
|
||||||
|
|
||||||
|
private module Utils = EvalOrderCfgUtils<NewCfg>;
|
||||||
|
|
||||||
|
private import Utils
|
||||||
|
private import Utils::CfgTests
|
||||||
|
|
||||||
|
from TimerCfgNode a, TestFunction f
|
||||||
|
where allLiveReachable(a, f)
|
||||||
|
select a, "Unreachable live annotation; entry of $@ does not reach this node", f, f.getName()
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
|
||||||
@@ -0,0 +1,18 @@
|
|||||||
|
/**
|
||||||
|
* New-CFG version of AnnotationHasCfgNode.
|
||||||
|
*
|
||||||
|
* Checks that every timer annotation has a corresponding CFG node.
|
||||||
|
*/
|
||||||
|
|
||||||
|
import python
|
||||||
|
import TimerUtils
|
||||||
|
import NewCfgImpl
|
||||||
|
|
||||||
|
private module Utils = EvalOrderCfgUtils<NewCfg>;
|
||||||
|
|
||||||
|
private import Utils::CfgTests
|
||||||
|
|
||||||
|
from TimerAnnotation ann
|
||||||
|
where annotationWithoutCfgNode(ann)
|
||||||
|
select ann, "Annotation in $@ has no CFG node", ann.getTestFunction(),
|
||||||
|
ann.getTestFunction().getName()
|
||||||
@@ -0,0 +1,26 @@
|
|||||||
|
/**
|
||||||
|
* New-CFG version of BasicBlockAnnotationGap.
|
||||||
|
*
|
||||||
|
* Original:
|
||||||
|
* Checks that within a basic block, if a node is annotated then its
|
||||||
|
* successor is also annotated (or excluded). A gap in annotations
|
||||||
|
* within a basic block indicates a missing annotation, since there
|
||||||
|
* are no branches to justify the gap.
|
||||||
|
*
|
||||||
|
* Nodes with exceptional successors are excluded, as the exception
|
||||||
|
* edge leaves the basic block and the normal successor may be dead.
|
||||||
|
*/
|
||||||
|
|
||||||
|
import python
|
||||||
|
import TimerUtils
|
||||||
|
import NewCfgImpl
|
||||||
|
|
||||||
|
private module Utils = EvalOrderCfgUtils<NewCfg>;
|
||||||
|
|
||||||
|
private import Utils
|
||||||
|
private import Utils::CfgTests
|
||||||
|
|
||||||
|
from TimerCfgNode a, CfgNode succ
|
||||||
|
where basicBlockAnnotationGap(a, succ)
|
||||||
|
select a, "Annotated node followed by unannotated $@ in the same basic block", succ,
|
||||||
|
succ.getNode().toString()
|
||||||
@@ -0,0 +1,21 @@
|
|||||||
|
/**
|
||||||
|
* New-CFG version of BasicBlockOrdering.
|
||||||
|
*
|
||||||
|
* Original:
|
||||||
|
* Checks that within a single basic block, annotations appear in
|
||||||
|
* increasing minimum-timestamp order.
|
||||||
|
*/
|
||||||
|
|
||||||
|
import python
|
||||||
|
import TimerUtils
|
||||||
|
import NewCfgImpl
|
||||||
|
|
||||||
|
private module Utils = EvalOrderCfgUtils<NewCfg>;
|
||||||
|
|
||||||
|
private import Utils
|
||||||
|
private import Utils::CfgTests
|
||||||
|
|
||||||
|
from TimerCfgNode a, TimerCfgNode b, int minA, int minB
|
||||||
|
where basicBlockOrdering(a, b, minA, minB)
|
||||||
|
select a, "Basic block ordering: $@ appears before $@", a.getTimestampExpr(minA),
|
||||||
|
"timestamp " + minA, b.getTimestampExpr(minB), "timestamp " + minB
|
||||||
@@ -0,0 +1,80 @@
|
|||||||
|
/**
|
||||||
|
* New-CFG version of BranchTimestamps.
|
||||||
|
*
|
||||||
|
* Checks that when a node has both a true and false successor, the
|
||||||
|
* live timestamps on one branch are marked as dead on the other.
|
||||||
|
* This ensures that boolean branches are fully annotated with dead()
|
||||||
|
* markers for the paths not taken.
|
||||||
|
*
|
||||||
|
* Limitation: the `@ t[ts, ...]` / `dead(ts)` annotation scheme can only
|
||||||
|
* model branch-dead-ness for plain boolean control flow that reconverges
|
||||||
|
* linearly after the split — i.e. `if`-with-else and `if`-expression.
|
||||||
|
* It cannot model:
|
||||||
|
*
|
||||||
|
* * loops (`while` / `for`): body timestamps repeat across iterations,
|
||||||
|
* so the loop-exit annotation can't list them as dead;
|
||||||
|
* * `match` statements: each `case` body is a syntactically distinct
|
||||||
|
* sub-tree, and the branches don't reconverge through a common
|
||||||
|
* annotation point in the timeline;
|
||||||
|
* * `try` / `with` and `raise` / `assert`: exception edges are modelled
|
||||||
|
* as true/false but flow to syntactically distinct handlers, with no
|
||||||
|
* reconvergence in the linear annotation order;
|
||||||
|
* * short-circuit `and` / `or` (`BoolExpr`): the branches reconverge at
|
||||||
|
* the BoolExpr's after-node, so timestamps on one branch are live
|
||||||
|
* downstream of the other rather than dead;
|
||||||
|
* * `if` without an `else` clause, and `if`/`elif` chains: the false
|
||||||
|
* branch reconverges with the true branch at the post-if statement
|
||||||
|
* (no-else) or fans out across multiple elif-test annotations,
|
||||||
|
* neither of which fit the binary annotation scheme.
|
||||||
|
*
|
||||||
|
* Branch nodes inside those constructs are therefore whitelisted out
|
||||||
|
* below. The check still fires (and is useful) for plain `if`/`else`
|
||||||
|
* and conditional-expression branching.
|
||||||
|
*/
|
||||||
|
|
||||||
|
import python
|
||||||
|
import TimerUtils
|
||||||
|
import NewCfgImpl
|
||||||
|
|
||||||
|
private module Utils = EvalOrderCfgUtils<NewCfg>;
|
||||||
|
|
||||||
|
private import Utils
|
||||||
|
private import Utils::CfgTests
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Holds if `f` contains a construct whose branches the linear-timestamp
|
||||||
|
* annotation scheme cannot describe (see file-level comment).
|
||||||
|
*/
|
||||||
|
private predicate hasUnmodellableBranching(Function f) {
|
||||||
|
exists(AstNode bad |
|
||||||
|
bad.getScope() = f and
|
||||||
|
(
|
||||||
|
bad instanceof While
|
||||||
|
or
|
||||||
|
bad instanceof For
|
||||||
|
or
|
||||||
|
bad instanceof MatchStmt
|
||||||
|
or
|
||||||
|
bad instanceof Try
|
||||||
|
or
|
||||||
|
bad instanceof With
|
||||||
|
or
|
||||||
|
bad instanceof Raise
|
||||||
|
or
|
||||||
|
bad instanceof Assert
|
||||||
|
or
|
||||||
|
bad instanceof BoolExpr
|
||||||
|
or
|
||||||
|
bad instanceof If and
|
||||||
|
(not exists(bad.(If).getAnOrelse()) or bad.(If).isElif())
|
||||||
|
)
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
from TimerCfgNode node, int ts, string branch
|
||||||
|
where
|
||||||
|
missingBranchTimestamp(node, ts, branch) and
|
||||||
|
not hasUnmodellableBranching(node.getTestFunction())
|
||||||
|
select node,
|
||||||
|
"Timestamp " + ts + " on true/false branch is missing a dead() annotation on the " + branch +
|
||||||
|
" successor in $@", node.getTestFunction(), node.getTestFunction().getName()
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
|
||||||
@@ -0,0 +1,22 @@
|
|||||||
|
/**
|
||||||
|
* New-CFG version of ConsecutivePredecessorTimestamps.
|
||||||
|
*
|
||||||
|
* Checks that each annotated node (except the minimum timestamp) has
|
||||||
|
* a predecessor annotation with timestamp `a - 1`. This is the reverse
|
||||||
|
* of ConsecutiveTimestamps: it catches nodes that are reachable but
|
||||||
|
* arrived at from the wrong place (skipping an intermediate node).
|
||||||
|
*/
|
||||||
|
|
||||||
|
import python
|
||||||
|
import TimerUtils
|
||||||
|
import NewCfgImpl
|
||||||
|
|
||||||
|
private module Utils = EvalOrderCfgUtils<NewCfg>;
|
||||||
|
|
||||||
|
private import Utils
|
||||||
|
private import Utils::CfgTests
|
||||||
|
|
||||||
|
from TimerAnnotation ann, int a
|
||||||
|
where consecutivePredecessorTimestamps(ann, a)
|
||||||
|
select ann, "$@ in $@ has no consecutive predecessor (expected " + (a - 1) + ")",
|
||||||
|
ann.getTimestampExpr(a), "Timestamp " + a, ann.getTestFunction(), ann.getTestFunction().getName()
|
||||||
@@ -0,0 +1,29 @@
|
|||||||
|
/**
|
||||||
|
* New-CFG version of ConsecutiveTimestamps.
|
||||||
|
*
|
||||||
|
* Original:
|
||||||
|
* Checks that consecutive annotated nodes have consecutive timestamps:
|
||||||
|
* for each annotation with timestamp `a`, some CFG node for that annotation
|
||||||
|
* must have a next annotation containing `a + 1`.
|
||||||
|
*
|
||||||
|
* Handles CFG splitting (e.g., finally blocks duplicated for normal/exceptional
|
||||||
|
* flow) by checking that at least one split has the required successor.
|
||||||
|
*
|
||||||
|
* Only applies to functions where all annotations are in the function's
|
||||||
|
* own scope (excludes tests with generators, async, comprehensions, or
|
||||||
|
* lambdas that have annotations in nested scopes).
|
||||||
|
*/
|
||||||
|
|
||||||
|
import python
|
||||||
|
import TimerUtils
|
||||||
|
import NewCfgImpl
|
||||||
|
|
||||||
|
private module Utils = EvalOrderCfgUtils<NewCfg>;
|
||||||
|
|
||||||
|
private import Utils
|
||||||
|
private import Utils::CfgTests
|
||||||
|
|
||||||
|
from TimerAnnotation ann, int a
|
||||||
|
where consecutiveTimestamps(ann, a)
|
||||||
|
select ann, "$@ in $@ has no consecutive successor (expected " + (a + 1) + ")",
|
||||||
|
ann.getTimestampExpr(a), "Timestamp " + a, ann.getTestFunction(), ann.getTestFunction().getName()
|
||||||
@@ -0,0 +1,120 @@
|
|||||||
|
/**
|
||||||
|
* Implementation of the evaluation-order CFG signature using the new
|
||||||
|
* shared control flow graph from AstNodeImpl.
|
||||||
|
*/
|
||||||
|
|
||||||
|
private import python as Py
|
||||||
|
import TimerUtils
|
||||||
|
private import semmle.python.controlflow.internal.AstNodeImpl as CfgImpl
|
||||||
|
private import codeql.controlflow.SuccessorType
|
||||||
|
|
||||||
|
private class NewControlFlowNode = CfgImpl::ControlFlowNode;
|
||||||
|
|
||||||
|
private class NewBasicBlock = CfgImpl::BasicBlock;
|
||||||
|
|
||||||
|
/** New (shared) CFG implementation of the evaluation-order signature. */
|
||||||
|
module NewCfg implements EvalOrderCfgSig {
|
||||||
|
class CfgNode instanceof NewControlFlowNode {
|
||||||
|
// We must pick a *unique* representative CFG node for each AST node. The
|
||||||
|
// shared CFG has several nodes per AST node (before / in-post-order / after
|
||||||
|
// / after-value splits), but the timer test framework keys annotations on
|
||||||
|
// `getNode()` and assumes one CFG node per annotated AST node. Without a
|
||||||
|
// filter, an annotated `f()` would map to both `f()` and `After f()`, which
|
||||||
|
// breaks two framework invariants: (1) the "no shared reachable" check
|
||||||
|
// requires that two distinct nodes sharing a timestamp be mutually
|
||||||
|
// unreachable (true/false branches of a condition), but `Before f()`,
|
||||||
|
// `f()` and `After f()` share the annotation's timestamp *and* lie on one
|
||||||
|
// linear path; and (2) the annotation walk (`nextTimerAnnotation`) halts at
|
||||||
|
// the first reachable representative, so a second node for the same AST
|
||||||
|
// node would stall the walk on the same timestamp instead of advancing to
|
||||||
|
// the next evaluation event.
|
||||||
|
//
|
||||||
|
// We use the "after" node (`isAfter`) rather than the canonical `injects`
|
||||||
|
// node, because `injects` represents short-circuit / conditional
|
||||||
|
// expressions (`and`/`or`/`not`/ternary) by their *before* node, placing
|
||||||
|
// them ahead of their operands — wrong for evaluation order. `isAfter`
|
||||||
|
// instead picks the post-evaluation node: the merged before/after node for
|
||||||
|
// simple leaves, the `TAfterNode` for post-order expressions, and the
|
||||||
|
// `AfterValueNode`(s) for pre-order conditionals, all positioned after the
|
||||||
|
// operands. The two value-split nodes of a conditional are genuinely
|
||||||
|
// distinct evaluation outcomes (handled by `getATrueSuccessor` /
|
||||||
|
// `getAFalseSuccessor`), so they do not violate the uniqueness assumption.
|
||||||
|
CfgNode() { NewControlFlowNode.super.isAfter(_) }
|
||||||
|
|
||||||
|
string toString() { result = NewControlFlowNode.super.toString() }
|
||||||
|
|
||||||
|
Py::Location getLocation() { result = NewControlFlowNode.super.getLocation() }
|
||||||
|
|
||||||
|
Py::AstNode getNode() {
|
||||||
|
result = CfgImpl::astNodeToPyNode(NewControlFlowNode.super.getAstNode())
|
||||||
|
}
|
||||||
|
|
||||||
|
CfgNode getASuccessor() { nextCfgNode(this, result) }
|
||||||
|
|
||||||
|
CfgNode getATrueSuccessor() {
|
||||||
|
NewControlFlowNode.super.isAfterTrue(_) and
|
||||||
|
// Only where there's also a false branch (true boolean split)
|
||||||
|
exists(NewControlFlowNode other | other.isAfterFalse(NewControlFlowNode.super.getAstNode())) and
|
||||||
|
nextCfgNodeFrom(this, result)
|
||||||
|
}
|
||||||
|
|
||||||
|
CfgNode getAFalseSuccessor() {
|
||||||
|
NewControlFlowNode.super.isAfterFalse(_) and
|
||||||
|
// Only where there's also a true branch (true boolean split)
|
||||||
|
exists(NewControlFlowNode other | other.isAfterTrue(NewControlFlowNode.super.getAstNode())) and
|
||||||
|
nextCfgNodeFrom(this, result)
|
||||||
|
}
|
||||||
|
|
||||||
|
CfgNode getAnExceptionalSuccessor() {
|
||||||
|
exists(NewControlFlowNode mid |
|
||||||
|
mid = NewControlFlowNode.super.getAnExceptionSuccessor() and
|
||||||
|
nextCfgNodeFrom(mid, result)
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
Py::Scope getScope() { result = NewControlFlowNode.super.getEnclosingCallable().asScope() }
|
||||||
|
|
||||||
|
BasicBlock getBasicBlock() {
|
||||||
|
exists(NewBasicBlock bb, int i | bb.getNode(i) = this and result = bb)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Holds if `next` is the nearest CfgNode reachable from `n` via
|
||||||
|
* one or more raw CFG successor edges, skipping non-CfgNode intermediaries.
|
||||||
|
*/
|
||||||
|
private predicate nextCfgNodeFrom(NewControlFlowNode n, CfgNode next) {
|
||||||
|
next = n.getASuccessor()
|
||||||
|
or
|
||||||
|
exists(NewControlFlowNode mid |
|
||||||
|
mid = n.getASuccessor() and
|
||||||
|
not mid instanceof CfgNode and
|
||||||
|
nextCfgNodeFrom(mid, next)
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Holds if `next` is the nearest CfgNode successor of `n`,
|
||||||
|
* skipping synthetic intermediate nodes.
|
||||||
|
*/
|
||||||
|
private predicate nextCfgNode(CfgNode n, CfgNode next) { nextCfgNodeFrom(n, next) }
|
||||||
|
|
||||||
|
class BasicBlock instanceof NewBasicBlock {
|
||||||
|
string toString() { result = NewBasicBlock.super.toString() }
|
||||||
|
|
||||||
|
CfgNode getNode(int n) { result = NewBasicBlock.super.getNode(n) }
|
||||||
|
|
||||||
|
predicate reaches(BasicBlock bb) { this = bb or this.strictlyReaches(bb) }
|
||||||
|
|
||||||
|
predicate strictlyReaches(BasicBlock bb) { NewBasicBlock.super.getASuccessor+() = bb }
|
||||||
|
|
||||||
|
predicate strictlyDominates(BasicBlock bb) { NewBasicBlock.super.strictlyDominates(bb) }
|
||||||
|
}
|
||||||
|
|
||||||
|
CfgNode scopeGetEntryNode(Py::Scope s) {
|
||||||
|
exists(CfgImpl::ControlFlow::EntryNode entry |
|
||||||
|
entry.getEnclosingCallable().asScope() = s and
|
||||||
|
nextCfgNodeFrom(entry, result)
|
||||||
|
)
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -0,0 +1,21 @@
|
|||||||
|
/**
|
||||||
|
* New-CFG version of NeverReachable.
|
||||||
|
*
|
||||||
|
* Original:
|
||||||
|
* Checks that expressions annotated with `t.never` either have no CFG
|
||||||
|
* node, or if they do, that the node is not reachable from its scope's
|
||||||
|
* entry (including within the same basic block).
|
||||||
|
*/
|
||||||
|
|
||||||
|
import python
|
||||||
|
import TimerUtils
|
||||||
|
import NewCfgImpl
|
||||||
|
|
||||||
|
private module Utils = EvalOrderCfgUtils<NewCfg>;
|
||||||
|
|
||||||
|
private import Utils::CfgTests
|
||||||
|
|
||||||
|
from TimerAnnotation ann
|
||||||
|
where neverReachable(ann)
|
||||||
|
select ann, "Node annotated with t.never is reachable in $@", ann.getTestFunction(),
|
||||||
|
ann.getTestFunction().getName()
|
||||||
@@ -0,0 +1,22 @@
|
|||||||
|
/**
|
||||||
|
* New-CFG version of NoBackwardFlow.
|
||||||
|
*
|
||||||
|
* Original:
|
||||||
|
* Checks that time never flows backward between consecutive timer annotations
|
||||||
|
* in the CFG. For each pair of consecutive annotated nodes (A -> B), there must
|
||||||
|
* exist timestamps a in A and b in B with a < b.
|
||||||
|
*/
|
||||||
|
|
||||||
|
import python
|
||||||
|
import TimerUtils
|
||||||
|
import NewCfgImpl
|
||||||
|
|
||||||
|
private module Utils = EvalOrderCfgUtils<NewCfg>;
|
||||||
|
|
||||||
|
private import Utils
|
||||||
|
private import Utils::CfgTests
|
||||||
|
|
||||||
|
from TimerCfgNode a, TimerCfgNode b, int minA, int maxB
|
||||||
|
where noBackwardFlow(a, b, minA, maxB)
|
||||||
|
select a, "Backward flow: $@ flows to $@ (max timestamp $@)", a.getTimestampExpr(minA),
|
||||||
|
minA.toString(), b, b.getNode().toString(), b.getTimestampExpr(maxB), maxB.toString()
|
||||||
@@ -0,0 +1 @@
|
|||||||
|
|
||||||
@@ -0,0 +1,18 @@
|
|||||||
|
/**
|
||||||
|
* New-CFG version of NoBasicBlock.
|
||||||
|
*
|
||||||
|
* Checks that every annotated CFG node belongs to a basic block.
|
||||||
|
*/
|
||||||
|
|
||||||
|
import python
|
||||||
|
import TimerUtils
|
||||||
|
import NewCfgImpl
|
||||||
|
|
||||||
|
private module Utils = EvalOrderCfgUtils<NewCfg>;
|
||||||
|
|
||||||
|
private import Utils
|
||||||
|
private import Utils::CfgTests
|
||||||
|
|
||||||
|
from CfgNode n, TestFunction f
|
||||||
|
where noBasicBlock(n, f)
|
||||||
|
select n, "CFG node in $@ does not belong to any basic block", f, f.getName()
|
||||||
@@ -0,0 +1,21 @@
|
|||||||
|
/**
|
||||||
|
* New-CFG version of NoSharedReachable.
|
||||||
|
*
|
||||||
|
* Original:
|
||||||
|
* Checks that two annotations sharing a timestamp value are on
|
||||||
|
* mutually exclusive CFG paths (neither can reach the other).
|
||||||
|
*/
|
||||||
|
|
||||||
|
import python
|
||||||
|
import TimerUtils
|
||||||
|
import NewCfgImpl
|
||||||
|
|
||||||
|
private module Utils = EvalOrderCfgUtils<NewCfg>;
|
||||||
|
|
||||||
|
private import Utils
|
||||||
|
private import Utils::CfgTests
|
||||||
|
|
||||||
|
from TimerCfgNode a, TimerCfgNode b, int ts
|
||||||
|
where noSharedReachable(a, b, ts)
|
||||||
|
select a, "Shared timestamp $@ but this node reaches $@", a.getTimestampExpr(ts), ts.toString(), b,
|
||||||
|
b.getNode().toString()
|
||||||
@@ -0,0 +1,22 @@
|
|||||||
|
/**
|
||||||
|
* New-CFG version of StrictForward.
|
||||||
|
*
|
||||||
|
* Original:
|
||||||
|
* Stronger version of NoBackwardFlow: for consecutive annotated nodes
|
||||||
|
* A -> B that both have a single timestamp (non-loop code) and B does
|
||||||
|
* NOT dominate A (forward edge), requires max(A) < min(B).
|
||||||
|
*/
|
||||||
|
|
||||||
|
import python
|
||||||
|
import TimerUtils
|
||||||
|
import NewCfgImpl
|
||||||
|
|
||||||
|
private module Utils = EvalOrderCfgUtils<NewCfg>;
|
||||||
|
|
||||||
|
private import Utils
|
||||||
|
private import Utils::CfgTests
|
||||||
|
|
||||||
|
from TimerCfgNode a, TimerCfgNode b, int maxA, int minB
|
||||||
|
where strictForward(a, b, maxA, minB)
|
||||||
|
select a, "Strict forward violation: $@ flows to $@", a.getTimestampExpr(maxA), "timestamp " + maxA,
|
||||||
|
b.getTimestampExpr(minB), "timestamp " + minB
|
||||||
@@ -3,14 +3,14 @@
|
|||||||
* Python control flow graph.
|
* Python control flow graph.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
private import python as PY
|
private import python as Py
|
||||||
import TimerUtils
|
import TimerUtils
|
||||||
|
|
||||||
/** Existing Python CFG implementation of the evaluation-order signature. */
|
/** Existing Python CFG implementation of the evaluation-order signature. */
|
||||||
module OldCfg implements EvalOrderCfgSig {
|
module OldCfg implements EvalOrderCfgSig {
|
||||||
class CfgNode = PY::ControlFlowNode;
|
class CfgNode = Py::ControlFlowNode;
|
||||||
|
|
||||||
class BasicBlock = PY::BasicBlock;
|
class BasicBlock = Py::BasicBlock;
|
||||||
|
|
||||||
CfgNode scopeGetEntryNode(PY::Scope s) { result = s.getEntryNode() }
|
CfgNode scopeGetEntryNode(Py::Scope s) { result = s.getEntryNode() }
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -85,7 +85,7 @@ def test_nested_if_else(t):
|
|||||||
else:
|
else:
|
||||||
z = 2 @ t[dead(4)]
|
z = 2 @ t[dead(4)]
|
||||||
else:
|
else:
|
||||||
z = 3 @ t[dead(4)]
|
z = 3 @ t[dead(3), dead(4)]
|
||||||
w = 0 @ t[5]
|
w = 0 @ t[5]
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@@ -0,0 +1,41 @@
|
|||||||
|
/**
|
||||||
|
* Inline-expectations test for the store/load/delete/parameter
|
||||||
|
* classification predicates on the new-CFG facade.
|
||||||
|
*
|
||||||
|
* Each tag fires when the corresponding predicate (`isLoad`,
|
||||||
|
* `isStore`, `isDelete`, `isParameter`, `isAugLoad`, `isAugStore`)
|
||||||
|
* holds on the canonical CFG node wrapping a `Py::Name` with the
|
||||||
|
* given identifier. Subscript and attribute stores are not covered
|
||||||
|
* by these tags — only the `Name`-typed targets/loads they involve.
|
||||||
|
*/
|
||||||
|
|
||||||
|
import python
|
||||||
|
import semmle.python.controlflow.internal.Cfg as Cfg
|
||||||
|
import utils.test.InlineExpectationsTest
|
||||||
|
|
||||||
|
module StoreLoadTest implements TestSig {
|
||||||
|
string getARelevantTag() { result = ["load", "store", "delete", "param", "augload", "augstore"] }
|
||||||
|
|
||||||
|
predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||||
|
exists(Cfg::NameNode n |
|
||||||
|
location = n.getLocation() and
|
||||||
|
element = n.toString() and
|
||||||
|
value = n.getId() and
|
||||||
|
(
|
||||||
|
n.isLoad() and not n.isAugLoad() and tag = "load"
|
||||||
|
or
|
||||||
|
n.isStore() and not n.isAugStore() and tag = "store"
|
||||||
|
or
|
||||||
|
n.isDelete() and tag = "delete"
|
||||||
|
or
|
||||||
|
n.isParameter() and tag = "param"
|
||||||
|
or
|
||||||
|
n.isAugLoad() and tag = "augload"
|
||||||
|
or
|
||||||
|
n.isAugStore() and tag = "augstore"
|
||||||
|
)
|
||||||
|
)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
import MakeTest<StoreLoadTest>
|
||||||
56
python/ql/test/library-tests/ControlFlow/store-load/test.py
Normal file
56
python/ql/test/library-tests/ControlFlow/store-load/test.py
Normal file
@@ -0,0 +1,56 @@
|
|||||||
|
# Store/load/delete/parameter classification on the new-CFG facade.
|
||||||
|
#
|
||||||
|
# Each annotated location carries the (sorted, deduplicated) set of
|
||||||
|
# kinds the CFG facade reports there. Comparing against the legacy
|
||||||
|
# 'semmle.python.Flow' classification is done by the comparison query
|
||||||
|
# 'StoreLoadParity.ql' — annotations here are only the positive
|
||||||
|
# assertions for the new facade.
|
||||||
|
#
|
||||||
|
# Tags:
|
||||||
|
# load=<id> -- isLoad() fires on the Name
|
||||||
|
# store=<id> -- isStore() fires
|
||||||
|
# delete=<id> -- isDelete() fires
|
||||||
|
# param=<id> -- isParameter() fires
|
||||||
|
# augload=<id> -- isAugLoad() fires (the LHS of x += ... when read)
|
||||||
|
# augstore=<id> -- isAugStore() fires (the LHS of x += ... when written)
|
||||||
|
|
||||||
|
|
||||||
|
# --- plain load / store / delete ---
|
||||||
|
|
||||||
|
x = 1 # $ store=x
|
||||||
|
y = x + 1 # $ store=y load=x
|
||||||
|
print(y) # $ load=print load=y
|
||||||
|
del x # $ delete=x
|
||||||
|
|
||||||
|
|
||||||
|
# --- function definitions (parameters) ---
|
||||||
|
|
||||||
|
def f(a, b=2, *args, c, **kwargs): # $ store=f param=a param=b param=args param=c param=kwargs
|
||||||
|
return a + b + c # $ load=a load=b load=c
|
||||||
|
|
||||||
|
|
||||||
|
# --- augmented assignment splits one Name into load + store halves ---
|
||||||
|
|
||||||
|
def aug(): # $ store=aug
|
||||||
|
n = 0 # $ store=n
|
||||||
|
n += 1 # $ augload=n augstore=n
|
||||||
|
return n # $ load=n
|
||||||
|
|
||||||
|
|
||||||
|
# --- subscript / attribute stores ---
|
||||||
|
|
||||||
|
class C: # $ store=C
|
||||||
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
def stores(obj, container, idx): # $ store=stores param=obj param=container param=idx
|
||||||
|
obj.attr = 1 # $ load=obj
|
||||||
|
container[idx] = 2 # $ load=container load=idx
|
||||||
|
return obj # $ load=obj
|
||||||
|
|
||||||
|
|
||||||
|
# --- tuple unpacking ---
|
||||||
|
|
||||||
|
def unpack(pair): # $ store=unpack param=pair
|
||||||
|
a, b = pair # $ store=a store=b load=pair
|
||||||
|
return a + b # $ load=a load=b
|
||||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user